Beispiel #1
0
def set_sys_user_version(username, version):
    """
    Modify a system user's path so that a specific version of php is used by
    default for that user.

    Args:
        username - The username of the system user
        version - The PHP version to use
    """
    user_info = pwd.getpwnam(username)
    os.setegid(user_info.pw_gid)
    os.seteuid(user_info.pw_uid)
    try:
        target = user.home_dir(username) + '.bashrc'
        new_content = ''
        file_filter.UpdateSection(
            target, '# START PHP VERSION PATH', '# END PHP VERSION PATH',
            'export PATH=/opt/php-' + version + '/bin' + os.pathsep +
            '$PATH').run()
        link_dir = '/home/' + username + '/.local/bin/'
        link_path = link_dir + 'php'
        target_path = '/opt/php-' + version + '/bin/php'
        if os.path.exists(link_path):
            os.unlink(link_path)
        if not os.path.exists(link_dir):
            os.makedirs(link_dir)
        os.symlink(target_path, link_path)
    finally:
        os.setegid(0)
        os.seteuid(0)
Beispiel #2
0
def get_keyfile_name(username, home_dir=False):
    """
    Get the file used to hold authorized ssh keys.

    Args:
        username - The local sytem user
        home_dir - (optional) The local system user's home directory
    """
    if not home_dir:
        home_dir = user.home_dir(username)
    return home_dir + '.ssh/authorized_keys'
Beispiel #3
0
def mail_directory(domain, email_user, sys_user=False):
    """
    Get the directory used to store email messages for an email address.

    Args:
        domain - The domain of the email address
        email_user - The email username exluding the "@" and domain
        sys_user - (optional) The system user's username
    """
    if sys_user == False:
        sys_user = get_account_from_domain(domain)
    return user.home_dir(sys_user) + 'mail/' + domain + '/' + email_user + '/'
Beispiel #4
0
def set_config_value(name, value, sys_user, path):
    """
    Update a text value in a WordPress installation's configuraiton file.

    Args:
        sys_user - The system user that the WorpPress site is stored in
        db_name - The new database name
        db_user - The new database user
        db_password - The new database password
        path - (optional) the webroot for the WordPress installation
    """
    if path == False:
        path = user.home_dir(sys_user) + 'public_html/'
    os.system('sudo -u "' + sys_user + '" -i wp config set ' + ' --path="' +
              path + '" "' + name + '" "' + value + '"')
Beispiel #5
0
def remove_local_certificates(domain):
    """
    Remove any certificates that were deployed to the matching user's ~/cert
    folder.

    Args:
        domain - The domain to unregister
    """
    domain = domain.strip()
    username = nginx.user_from_domain(domain)
    target_dir = user.home_dir(username) + 'certs/'
    count = 0
    for file in glob.glob(target_dir + '*.pem'):
        os.remove(file)
        count += 1
    return count
Beispiel #6
0
def deploy_locals():
    """
    Deploy certificates to local system users' "cert" folder
    """
    count = 0
    for domain in get_local_deploy_domains():
        username = nginx.user_from_domain(domain)
        target_dir = user.home_dir(username) + 'certs/'
        uid = getpwnam(username).pw_uid
        gid = getgrnam(username).gr_gid
        if not os.path.exists(target_dir):
            os.mkdir(target_dir)
        if deploy('/etc/letsencrypt/live/' + domain + '/', target_dir, uid,
                  gid):
            print('Deployed ' + username + ' certificate to ~/certs/')
            count += 1
    return count
Beispiel #7
0
def update_config(sys_user, db_name, db_user, db_password, path=False):
    """
    Update the database name, user and password for a WordPress installation.

    Args:
        sys_user - The system user that the WorpPress site is stored in
        db_name - The new database name
        db_user - The new database user
        db_password - The new database password
        path - (optional) the webroot for the WordPress installation
    """
    if path == False:
        path = user.home_dir(sys_user) + 'public_html/'

    set_config_value('DB_USER', db_user, sys_user, path)
    set_config_value('DB_PASSWORD', db_password, sys_user, path)
    set_config_value('DB_NAME', db_name, sys_user, path)
Beispiel #8
0
def make_vhost(username, domain, template_name='php', template_fields=False):
    """
    Create a new vhost file for a given domain.

    Args:
        username - The system username that stores the sitesfiles
        domain - The domain associated with the new vhost file
        template_name - The name of the nginx vhost template to use
    """
    modsec = get_modsec_path(domain)
    home = user.home_dir(username)
    dash_domain = domain.replace('.', '-', 100)
    under_domain = domain.replace('.', '_', 100)
    vhost_path = get_vhost_path(domain)
    local_ip = settings.get('local_ip')
    public_ip = settings.get('public_ip')
    read_path = template_path(template_name)
    fields = get_vhost_headers(read_path)[0]
    if not template_fields:
        template_fields = []
        for key, value in fields:
            value = input_util.prompt_value(key, value)
            template_fields.append([key, value])
    if not os.path.exists(modsec_exception_dir):
        os.makedirs(modsec_exception_dir)
    if not os.path.exists(vhost_dir):
        os.makedirs(vhost_dir)
    with open(modsec, 'a+'):
        pass
    with open(read_path) as template:
        with open(vhost_path, 'w') as host:
            for line in template:
                line = line.replace('DOMAINNAMEE', domain, 10000)
                line = line.replace('USERNAMEE', username, 10000)
                line = line.replace('DASHDOMAINN', dash_domain, 10000)
                line = line.replace('UNDERDOMAINN', under_domain, 10000)
                line = line.replace('HOMEDIRR', home, 10000)
                line = line.replace('LOCALIPP', local_ip, 10000)
                line = line.replace('PUBLICIPP', public_ip, 10000)
                line = line.replace('MODSECC', modsec, 10000)
                for key, value in template_fields:
                    line = line.replace(key, value, 10000)
                host.write(line)
    print('Created ' + vhost_path)
    reload()
Beispiel #9
0
def create_account(email_user, domain):
    """
    Register a new email address in the mail system.

    Args:
        user - The email username exluding the "@" and domain
        domain - The domain of the email address
    """
    sys_user = get_account_from_domain(domain)
    pwd_user = pwd.getpwnam(sys_user)
    shadow_line = email_user + "@" + domain + '::'
    shadow_line += str(pwd_user.pw_uid) + ':' + str(
        pwd_user.pw_gid) + '::' + user.home_dir(sys_user) + '::'
    shadow_line += 'userdb_mail=maildir:~/mail/%Ld/%Ln\n'
    with open(settings.get('mail_shadow_file'), 'a+') as shadow:
        shadow.write(shadow_line)
    user.make_user_dir(configuration_directory(domain, email_user, sys_user),
                       pwd_user.pw_uid, pwd_user.pw_gid)  # for filters
    user.make_user_dir(mail_directory(domain, email_user, sys_user),
                       pwd_user.pw_uid, pwd_user.pw_gid)  # for maildir
Beispiel #10
0
def ensure_keyfile_exists(username):
    """
    Create the file used to hold authorized ssh keys if it does not already
    exist.

    Args:
        username - The local sytem user
    """
    home = user.home_dir(username)
    keyfile_name = get_keyfile_name(username, home)
    uid = getpwnam(username).pw_uid
    gid = getgrnam(username).gr_gid
    if not os.path.isdir(home + '.ssh'):
        os.mkdir(home + '.ssh')
        os.chown(home + '.ssh', uid, gid)
        os.chmod(home + '.ssh', 0o700)

    if not os.path.exists(keyfile_name):
        with open(keyfile_name, 'a+') as ak:
            pass
        os.chown(keyfile_name, uid, gid)
        os.chmod(keyfile_name, 0o600)
    return home + '.ssh/authorized_keys'
Beispiel #11
0
def install_files(sys_user, db_name, db_user, db_password, path=False):
    """
    Download Wordpress for a given system user. Then set the database name, user
    and password for the new WordPress installation.

    Args:
        sys_user - The system user that the WorpPress site is stored in
        db_name - The existing  database name
        db_user - The existing database user
        db_password - The existing database password
        path - (optional) the webroot for the WordPress installation
    """
    if path == False:
        path = user.home_dir(sys_user) + 'public_html/'

    # Set environment
    pwd = os.getcwd()
    whoami = os.geteuid()
    os.seteuid(getpwnam(sys_user).pw_uid)
    os.chdir(path)

    # Download WordPress
    os.system("su - '" + sys_user + "' -c \"wp core download --path='" + path +
              "'\"")
    # Configure WordPress
    command = "su - '" + sys_user + "' -c \"wp config create --skip-check" + \
            " --path='" + path + "'" + \
            " --dbname='" + db_name + "'" + \
            " --dbuser='******'" + \
            " --dbpass='******'" + \
            "\""
    print(command)
    os.system(command)

    # Reset environment
    os.seteuid(whoami)
    os.chdir(pwd)
Beispiel #12
0
def create_le_certs(domains, username):
    """
    Create a certificate for the given array of domains, using the given user's
    public_html folder for validation.

    Args:
        domains - An array of domains that will be covered by the new
            certificate
        username - The system user assigned to the domain
    """
    domain_string = ''
    for dom in domains:
        domain_string += ' -d ' + dom.lower().strip()
    command = 'letsencrypt certonly --noninteractive --webroot' + domain_string + ' --webroot-path "' + user.home_dir(
        username.strip()) + '/public_html/"'
    print(command)
    return 0 == os.system(command)
Beispiel #13
0
def add_ssl_to_site_hosts(domain):
    """
    Replace a non-SSL nginx vhost configuration file with it's corresponding
    SSL-enabled version. If there are already SSL configuration lines detected
    in the file, it will not be modified.

    Args:
        domain - The domain associated with the nginx vhost file
    """
    full_file = get_vhost_path(domain)
    local_ip = settings.get('local_ip')
    public_ip = settings.get('public_ip')
    modsec = get_modsec_path(domain)
    fields, username, domain, template = get_vhost_headers(full_file)
    dash_domain = domain.replace('.', '-')
    under_domain = domain.replace('.', '_')
    field_needle = re.compile('^# Field')

    home = user.home_dir(username)

    if not (template.endswith('-ssl') or template.endswith('-hsts')):
        template += '-ssl'
    template_path = settings.get(
        'install_path') + 'etc/nginx-templates/' + template

    if not os.path.exists(template_path):
        print('Unable to find template: ' + template)
        return False

    with open(template_path) as template_file:
        with open(full_file, 'w') as vhost:
            for line in template_file:
                if field_needle.search(line) != None:
                    field_fiedles = field_header_extract.search(line)
                    key = field_fiedles.group(2)
                    value = ''
                    for entry in fields:
                        if key == entry[0]:
                            value = entry[1]
                            break
                    line = field_fiedles.group(1) + \
                        key + \
                        field_fiedles.group(3) + \
                        value
                else:
                    line = line.replace('DOMAINNAMEE', domain, 100)
                    line = line.replace('USERNAMEE', username, 100)
                    line = line.replace('DASHDOMAINN', dash_domain, 100)
                    line = line.replace('UNDERDOMAINN', under_domain, 100)
                    line = line.replace('HOMEDIRR', home, 10000)
                    line = line.replace('LOCALIPP', local_ip, 10000)
                    line = line.replace('PUBLICIPP', public_ip, 10000)
                    line = line.replace('MODSECC', modsec, 10000)
                    for field in fields:
                        key, value = field
                        line = line.replace(key, value, 100)
                    vhost.write(line)

    reload()
    print('Updated ' + full_file)
    return True