koozali
/
smeserver-grr
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial commit

This commit is contained in:
Daniel Berteaud 2013-02-05 17:44:24 +01:00
commit ccd671a4cc
18 changed files with 264 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
createlinks Normal file
View File

@ -0,0 +1,14 @@
#!/usr/bin/perl -w
use esmith::Build::CreateLinks qw(:all);
# Templates to expand
templates2events("/etc/e-smith/sql/init/grrdb", qw(bootstrap-console-save webapps-update));
templates2events("/usr/share/grr/include/connect.inc.php", qw(bootstrap-console-save webapps-update));
templates2events("/usr/share/grr/include/config_ldap.inc.php", qw(bootstrap-console-save webapps-update));
# PHP header and footer
safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/template-begin");
safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/template-end");
safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/template-begin");
safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/template-end");

1
root/etc/e-smith/db/accounts/defaults/openupload/type Normal file
View File

@ -0,0 +1 @@
url

1
root/etc/e-smith/db/configuration/defaults/grr/DbName Normal file
View File

@ -0,0 +1 @@
grrdb

1
root/etc/e-smith/db/configuration/defaults/grr/DbUser Normal file
View File

@ -0,0 +1 @@
grruser

1
root/etc/e-smith/db/configuration/defaults/grr/RequireSSL Normal file
View File

@ -0,0 +1 @@
yes

1
root/etc/e-smith/db/configuration/defaults/grr/access Normal file
View File

@ -0,0 +1 @@
public

1
root/etc/e-smith/db/configuration/defaults/grr/status Normal file
View File

@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/grr/type Normal file
View File

@ -0,0 +1 @@
webapp

33
root/etc/e-smith/db/configuration/migrate/grr-database Normal file
View File

@ -0,0 +1,33 @@
{
my $rec = $DB->get('grr')
|| $DB->new_record('grr', {type => 'webapp'});
my $pw = $rec->prop('DbPassword');
if (not $pw or length($pw) < 57)
{
use MIME::Base64 qw(encode_base64);
$pw = "not set due to error";
if ( open( RANDOM, "/dev/urandom" ) )
{
my $buf;
# 57 bytes is a full line of Base64 coding, and contains
# 456 bits of randomness - given a perfectly random /dev/random
if ( read( RANDOM, $buf, 57 ) != 57 )
{
warn("Short read from /dev/random: $!");
}
else
{
$pw = encode_base64($buf);
chomp $pw;
}
close RANDOM;
}
else
{
warn "Could not open /dev/urandom: $!";
}
$rec->set_prop('DbPassword', $pw);
}
}

1
root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/grrdb Normal file
View File

@ -0,0 +1 @@
PERMS=0750

3
root/etc/e-smith/templates.metadata/usr/share/grr/include/config_ldap.inc.php Normal file
View File

@ -0,0 +1,3 @@
UID="root"
GID="www"
PERMS=0640

3
root/etc/e-smith/templates.metadata/usr/share/grr/include/connect.inc.php Normal file
View File

@ -0,0 +1,3 @@
UID="root"
GID="www"
PERMS=0640

61
root/etc/e-smith/templates/etc/e-smith/sql/init/grrdb Normal file
View File

@ -0,0 +1,61 @@
{
my $db = ${'grr'}{'DbName'} || 'grrdb';
my $user = ${'grr'}{'DbUser'} || 'grruser';
my $pass = ${'grr'}{'DbPassword'} || 'secret';
my $dbstruct = `rpm -ql grr | grep tables.my.sql`;
$OUT .= <<"END";
#! /bin/sh
if [ ! -d /var/lib/mysql/$db ]; then
/usr/bin/mysql -e 'create database $db'
/usr/bin/mysql $db < $dbstruct
fi
/usr/bin/mysql <<EOF
USE mysql;
REPLACE INTO user (
host,
user,
password)
VALUES (
'localhost',
'$user',
PASSWORD ('$pass'));
REPLACE INTO db (
host,
db,
user,
select_priv, insert_priv, update_priv, delete_priv,
create_priv, alter_priv, index_priv, drop_priv, create_tmp_table_priv,
grant_priv, lock_tables_priv, references_priv)
VALUES (
'localhost',
'$db',
'$user',
'Y', 'Y', 'Y', 'Y',
'Y', 'Y', 'Y', 'Y', 'Y',
'N', 'Y', 'Y');
FLUSH PRIVILEGES;
USE $db;
# Enable LDAP auth
INSERT IGNORE into grr_setting (NAME, VALUE) VALUES
('ldap_statut', 'utilisateur');
# mark the admin user as an administrator in GRR
INSERT IGNORE INTO grr_utilisateurs (login,statut,etat,source) VALUES
('admin','administrateur','actif','ext');
# Remove the default local admin
DELETE FROM grr_utilisateurs where login='administrateur' and source='local';
EOF
END
}

41
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Grr Normal file
View File

@ -0,0 +1,41 @@
{
my $access = $grr{'access'} || 'private';
my $allow = ($access eq 'public')?'all':"$localAccess $externalSSLAccess";
my $requiressl = (($grr{'RequireSSL'} || 'yes') eq 'yes') ?
"SSLRequireSSL on":"# RequireSSL is disabled";
my $alias = (($grr{'AliasOnPrimary'} || 'enabled') eq 'enabled') ?
'Alias /grr /usr/share/grr' : '';
if ($grr{'status'} eq 'enabled'){
$OUT .=<<"END"
# OpenUpload Configuration
$alias
<Directory /usr/share/grr>
AllowOverride None
$requiressl
AddType application/x-httpd-php .php
php_admin_value open_basedir /usr/share/grr:/tmp
php_admin_flag file_uploads on
php_admin_value memory_limit 64M
php_admin_value max_execution_time 300
order deny,allow
deny from all
allow from $allow
Satisfy all
<FilesMatch "tables.my.sql">
Order allow,deny
Deny from all
</FilesMatch>
</Directory>
END
}
else{
$OUT .= "# GRR is disabled\n";
}
}

14
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61RedirGrr Normal file
View File

@ -0,0 +1,14 @@
{
my $sslport = $modSSL{'TCPPort'} || '443';
my $alias = $grr{'AliasOnPrimary'} || 'enabled';
my $requiressl = $grr{'RequireSSL'} || 'yes';
if (($port ne $sslport) && ($requiressl ne 'no') && ($alias ne 'disabled')){
## Redirect Web Address to Secure Address
$OUT .= " RewriteEngine on\n";
$OUT .= " RewriteRule ^/grr(/.*|\$) https://%{HTTP_HOST}/grr\$1 \[L,R\]\n";
}
}

18
root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/10LDAP Normal file
View File

@ -0,0 +1,18 @@
{
use esmith::util;
my $base = esmith::util::ldapBase($DomainName);
my $port = $ldap{'TCPPort'} || '389';
$OUT .=<<"EOF";
\$ldap_adresse='localhost';
\$ldap_port='$port';
\$ldap_login='';
\$ldap_pwd='';
\$ldap_base='ou=Users,$base';
\$ldap_filter='(objectClass=sambaSamAccount)';
\$use_tls=FALSE;
EOF
}

17
root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/10Database Normal file
View File

@ -0,0 +1,17 @@
{
my $dbname = $grr{'DbName'} || 'grrdb';
my $dbuser = $grr{'DbUser'} || 'grruser';
my $dbpass = $grr{'DbPassword'} || 'secret';
$OUT .=<<"EOF";
\$dbHost="localhost";
\$dbDb="$dbname";
\$dbUser="$dbuser";
\$dbPass="$dbpass";
\$table_prefix="grr";
EOF
}

52
smeserver-grr.spec Normal file
View File

@ -0,0 +1,52 @@
# Authority: vip-ire
# Name: Daniel Berteaud
%define name smeserver-grr
%define version 0.1.0
%define release 1
Summary: sme server integration of grr
Name: %{name}
Version: %{version}
Release: %{release}%{?dist}
License: GNU GPL version 2
URL: http://grr.mutualibre.org/
Group: SMEserver/addon
Source: %{name}-%{version}.tar.gz
BuildArchitectures: noarch
BuildRequires: e-smith-devtools
BuildRoot: /var/tmp/%{name}-%{version}
Requires: e-smith-base
Requires: grr
Requires: smeserver-webapps-common
AutoReqProv: no
%description
smserver integration of GRR
%changelog
* Tue Mar 09 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1.0-1
- initial release
%prep
%setup
%build
perl ./createlinks
%install
rm -rf $RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
> %{name}-%{version}-filelist
%files -f %{name}-%{version}-filelist
%defattr(-,root,root)
%clean
rm -rf $RPM_BUILD_ROOT
%postun