sambadomain = setup.get('setup', 'sambadomain') serverip = setup.get('setup', 'serverip') servername = setup.get('setup', 'servername') firewallip = setup.get('setup', 'firewallip') domainname = setup.get('setup', 'domainname') basedn = setup.get('setup', 'basedn') printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # generate ad admin password msg = 'Generating AD admin password ' printScript(msg, '', False, False, True) try: adadminpw = randomPassword(16) with open(constants.ADADMINSECRET, 'w') as secret: secret.write(adadminpw) subProc('chmod 600 ' + constants.ADADMINSECRET, logfile) # symlink for sophomorix subProc( 'ln -sf ' + constants.ADADMINSECRET + ' ' + constants.SOPHOSYSDIR + '/sophomorix-samba.secret', logfile) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # alte smb.conf löschen smbconf = '/etc/samba/smb.conf' if os.path.isfile(smbconf):
subProc( 'sophomorix-admin --create-school-admin pgmadmin --school ' + schoolname + ' --password "' + adminpw + '"', logfile) subProc( 'sophomorix-user --user pgmadmin --comment "' + sophomorix_comment + '"', logfile) printScript(' Success!', '', True, True, False, len(msg)) except Exception as error: printScript(error, '', True, True, False, len(msg)) sys.exit(1) # create dns-admin account msg = 'Creating samba account for dns-admin ' printScript(msg, '', False, False, True) try: dnspw = randomPassword(16) desc = 'Unprivileged user for DNS updates via DHCP server' sambaTool( 'user create dns-admin ' + dnspw + ' --description="' + desc + '"', logfile) sambaTool('user setexpiry dns-admin --noexpiry', logfile) sambaTool('group addmembers DnsAdmins dns-admin', logfile) rc, writeTextfile(constants.DNSADMINSECRET, dnspw, 'w') os.system('chgrp dhcpd ' + constants.DNSADMINSECRET) os.system('chmod 440 ' + constants.DNSADMINSECRET) printScript(' Success!', '', True, True, False, len(msg)) except Exception as error: printScript(error, '', True, True, False, len(msg)) sys.exit(1) # add firewall as dns forwarder
def main(): # get setup various values serverip = setup.get('setup', 'serverip') bitmask = setup.get('setup', 'bitmask') firewallip = setup.get('setup', 'firewallip') servername = setup.get('setup', 'servername') domainname = setup.get('setup', 'domainname') basedn = setup.get('setup', 'basedn') opsiip = setup.get('setup', 'opsiip') dockerip = setup.get('setup', 'dockerip') network = setup.get('setup', 'network') adminpw = setup.get('setup', 'adminpw') # get timezone rc, timezone = readTextfile('/etc/timezone') timezone = timezone.replace('\n', '') # get binduser password rc, binduserpw = readTextfile(constants.BINDUSERSECRET) # firewall config files now = datetime.datetime.now().strftime('%Y%m%d%H%M%S') fwconftmp = constants.FWCONFLOCAL fwconfbak = fwconftmp.replace('.xml', '-' + now + '.xml') fwconftpl = constants.FWOSCONFTPL # dummy ip addresses if not isValidHostIpv4(opsiip): opsiip = serverip.split('.')[0] + '.' + serverip.split( '.')[1] + '.' + serverip.split('.')[2] + '.2' if not isValidHostIpv4(dockerip): dockerip = serverip.split('.')[0] + '.' + serverip.split( '.')[1] + '.' + serverip.split('.')[2] + '.3' # get current config rc = getFwConfig(firewallip, constants.ROOTPW) if not rc: sys.exit(1) # backup config msg = '* Backing up ' printScript(msg, '', False, False, True) try: shutil.copy(fwconftmp, fwconfbak) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # get root password hash msg = '* Reading current config ' printScript(msg, '', False, False, True) try: rc, content = readTextfile(fwconftmp) soup = BeautifulSoup(content, 'lxml') # save interface configuration wanconfig = str(soup.findAll('wan')[0]) lanconfig = str(soup.findAll('lan')[0]) # save gateway configuration try: gwconfig = str(soup.findAll('gateways')[0]) except: gwconfig = '' # save dnsserver configuration try: dnsconfig = str(soup.findAll('dnsserver')[0]) except: dnsconfig = '' # save opt1 configuration if present try: opt1config = str(soup.findAll('opt1')[0]) except: opt1config = '' printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # get base64 encoded certs msg = '* Reading certificates & ssh key ' printScript(msg, '', False, False, True) try: rc, cacertb64 = readTextfile(constants.CACERTB64) rc, fwcertb64 = readTextfile(constants.SSLDIR + '/firewall.cert.pem.b64') rc, fwkeyb64 = readTextfile(constants.SSLDIR + '/firewall.key.pem.b64') rc, authorizedkey = readTextfile(constants.SSHPUBKEYB64) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # create new firewall configuration msg = '* Creating xml configuration file ' printScript(msg, '', False, False, True) try: # create password hash for new firewall password hashedpw = bcrypt.hashpw(str.encode(adminpw), bcrypt.gensalt(10)) fwrootpw_hashed = hashedpw.decode() apikey = randomPassword(80) apisecret = randomPassword(80) hashedpw = bcrypt.hashpw(str.encode(apisecret), bcrypt.gensalt(10)) apisecret_hashed = hashedpw.decode() # read template rc, content = readTextfile(fwconftpl) # replace placeholders with values content = content.replace('@@servername@@', servername) content = content.replace('@@domainname@@', domainname) content = content.replace('@@basedn@@', basedn) content = content.replace('@@wanconfig@@', wanconfig) content = content.replace('@@dnsconfig@@', dnsconfig) content = content.replace('@@gwconfig@@', gwconfig) content = content.replace('@@lanconfig@@', lanconfig) content = content.replace('@@opt1config@@', opt1config) content = content.replace('@@serverip@@', serverip) content = content.replace('@@firewallip@@', firewallip) content = content.replace('@@network@@', network) content = content.replace('@@bitmask@@', bitmask) content = content.replace('@@opsiip@@', opsiip) content = content.replace('@@dockerip@@', dockerip) content = content.replace('@@fwrootpw_hashed@@', fwrootpw_hashed) content = content.replace('@@authorizedkey@@', authorizedkey) content = content.replace('@@apikey@@', apikey) content = content.replace('@@apisecret_hashed@@', apisecret_hashed) content = content.replace('@@binduserpw@@', binduserpw) content = content.replace('@@timezone@@', timezone) content = content.replace('@@cacertb64@@', cacertb64) content = content.replace('@@fwcertb64@@', fwcertb64) content = content.replace('@@fwkeyb64@@', fwkeyb64) # write new configfile rc = writeTextfile(fwconftmp, content, 'w') printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # create api credentials ini file msg = '* Saving api credentials ' printScript(msg, '', False, False, True) try: rc = modIni(constants.FWAPIKEYS, 'api', 'key', apikey) rc = modIni(constants.FWAPIKEYS, 'api', 'secret', apisecret) os.system('chmod 400 ' + constants.FWAPIKEYS) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # upload new configfile rc = putFwConfig(firewallip, constants.ROOTPW) if not rc: sys.exit(1) # remove temporary files #os.unlink(fwconftmp) # reboot firewall rc = sshExec(firewallip, 'configctl firmware reboot', adminpw) if not rc: sys.exit(1)
def main(): # get setup various values serverip = setup.get('setup', 'serverip') bitmask = setup.get('setup', 'bitmask') firewallip = setup.get('setup', 'firewallip') servername = setup.get('setup', 'servername') domainname = setup.get('setup', 'domainname') basedn = setup.get('setup', 'basedn') opsiip = setup.get('setup', 'opsiip') dockerip = setup.get('setup', 'dockerip') network = setup.get('setup', 'network') adminpw = setup.get('setup', 'adminpw') # get timezone rc, timezone = readTextfile('/etc/timezone') timezone = timezone.replace('\n', '') # get binduser password rc, binduserpw = readTextfile(constants.BINDUSERSECRET) # firewall config files now = datetime.datetime.now().strftime('%Y%m%d%H%M%S') fwconftmp = constants.FWCONFLOCAL fwconfbak = fwconftmp.replace('.xml', '-' + now + '.xml') fwconftpl = constants.FWOSCONFTPL # dummy ip addresses if not isValidHostIpv4(opsiip): opsiip = serverip.split('.')[0] + '.' + serverip.split( '.')[1] + '.' + serverip.split('.')[2] + '.2' if not isValidHostIpv4(dockerip): dockerip = serverip.split('.')[0] + '.' + serverip.split( '.')[1] + '.' + serverip.split('.')[2] + '.3' # get current config rc = getFwConfig(firewallip, constants.ROOTPW) if not rc: sys.exit(1) # backup config msg = '* Backing up ' printScript(msg, '', False, False, True) try: shutil.copy(fwconftmp, fwconfbak) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # get root password hash msg = '* Reading current config ' printScript(msg, '', False, False, True) try: rc, content = readTextfile(fwconftmp) soup = BeautifulSoup(content, 'lxml') # save certain configuration values for later use sysctl = str(soup.findAll('sysctl')[0]) # get already configured interfaces for item in soup.findAll('interfaces'): if '<lan>' in str(item): interfaces = str(item) # save language information try: language = str(soup.findAll('language')[0]) except: language = '' # second try get language from locale settings if language == '': try: lang = os.environ['LANG'].split('.')[0] except: lang = 'en_US' language = '<language>' + lang + '</language>' # save gateway configuration try: gwconfig = str(soup.findAll('gateways')[0]) gwconfig = gwconfig.replace('<gateways>', '').replace('</gateways>', '') except: gwconfig = '' # save dnsserver configuration try: dnsconfig = str(soup.findAll('dnsserver')[0]) except: dnsconfig = '' # add server as dnsserver dnsserver = '<dnsserver>' + serverip + '</dnsserver>' if dnsconfig == '': dnsconfig = dnsserver else: dnsconfig = dnsserver + '\n ' + dnsconfig # save opt1 configuration if present try: opt1config = str(soup.findAll('opt1')[0]) except: opt1config = '' printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # get base64 encoded certs msg = '* Reading certificates & ssh key ' printScript(msg, '', False, False, True) try: rc, cacertb64 = readTextfile(constants.CACERTB64) rc, fwcertb64 = readTextfile(constants.SSLDIR + '/firewall.cert.pem.b64') rc, fwkeyb64 = readTextfile(constants.SSLDIR + '/firewall.key.pem.b64') rc, authorizedkey = readTextfile(constants.SSHPUBKEYB64) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # create list of first ten network ips for aliascontent (NoProxy group in firewall) aliascontent = '' netpre = network.split('.')[0] + '.' + network.split( '.')[1] + '.' + network.split('.')[2] + '.' c = 0 max = 10 while c < max: c = c + 1 aliasip = netpre + str(c) if aliascontent == '': aliascontent = aliasip else: aliascontent = aliascontent + ' ' + aliasip # add server ips if not already collected for aliasip in [serverip, opsiip, dockerip]: if not aliasip in aliascontent: aliascontent = aliascontent + '\n' + aliasip # create new firewall configuration msg = '* Creating xml configuration file ' printScript(msg, '', False, False, True) try: # create password hash for new firewall password hashedpw = bcrypt.hashpw(str.encode(adminpw), bcrypt.gensalt(10)) fwrootpw_hashed = hashedpw.decode() apikey = randomPassword(80) apisecret = randomPassword(80) hashedpw = bcrypt.hashpw(str.encode(apisecret), bcrypt.gensalt(10)) apisecret_hashed = hashedpw.decode() # read template rc, content = readTextfile(fwconftpl) # replace placeholders with values content = content.replace('@@sysctl@@', sysctl) content = content.replace('@@servername@@', servername) content = content.replace('@@domainname@@', domainname) content = content.replace('@@basedn@@', basedn) content = content.replace('@@interfaces@@', interfaces) content = content.replace('@@dnsconfig@@', dnsconfig) content = content.replace('@@gwconfig@@', gwconfig) content = content.replace('@@serverip@@', serverip) content = content.replace('@@dockerip@@', dockerip) content = content.replace('@@firewallip@@', firewallip) content = content.replace('@@network@@', network) content = content.replace('@@bitmask@@', bitmask) content = content.replace('@@aliascontent@@', aliascontent) content = content.replace('@@gw_lan@@', constants.GW_LAN) content = content.replace('@@fwrootpw_hashed@@', fwrootpw_hashed) content = content.replace('@@authorizedkey@@', authorizedkey) content = content.replace('@@apikey@@', apikey) content = content.replace('@@apisecret_hashed@@', apisecret_hashed) content = content.replace('@@binduserpw@@', binduserpw) content = content.replace('@@language@@', language) content = content.replace('@@timezone@@', timezone) content = content.replace('@@cacertb64@@', cacertb64) content = content.replace('@@fwcertb64@@', fwcertb64) content = content.replace('@@fwkeyb64@@', fwkeyb64) # write new configfile rc = writeTextfile(fwconftmp, content, 'w') printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # create api credentials ini file msg = '* Saving api credentials ' printScript(msg, '', False, False, True) try: rc = modIni(constants.FWAPIKEYS, 'api', 'key', apikey) rc = modIni(constants.FWAPIKEYS, 'api', 'secret', apisecret) os.system('chmod 400 ' + constants.FWAPIKEYS) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # upload new configfile rc = putFwConfig(firewallip, constants.ROOTPW) if not rc: sys.exit(1) # remove temporary files #os.unlink(fwconftmp) # reboot firewall rc = sshExec(firewallip, 'configctl firmware reboot', adminpw) if not rc: sys.exit(1)
printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # key & cert files to create certlist = [servername, 'firewall', 'mail', 'docker', 'opsi'] # basic subject string subjbase = '-subj /O="' + schoolname + '"/OU=' + sambadomain + '/CN=' # substring with sha and validation duration shadays = ' -sha256 -days 3650' # ca key password & string cakeypw = randomPassword(16) passin = ' -passin pass:'******'Creating private CA key & certificate ' subj = subjbase + realm + '/subjectAltName=' + realm + '/' printScript(msg, '', False, False, True) try: with open(constants.CAKEYSECRET, 'w') as secret: secret.write(cakeypw) subProc('chmod 400 ' + constants.CAKEYSECRET, logfile) subProc( 'openssl genrsa -out ' + constants.CAKEY + ' -aes128 -passout pass:'******' 2048', logfile) subProc( 'openssl req -batch -x509 ' + subj + ' -new -nodes ' + passin +
setupini = constants.SETUPINI try: setup = configparser.ConfigParser(inline_comment_prefixes=('#', ';')) setup.read(setupini) adminpw = setup.get('setup', 'adminpw') domainname = setup.get('setup', 'domainname') printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # create sophomorix admin user msg = 'Calculating random passwords ' printScript(msg, '', False, False, True) try: binduserpw = randomPassword(16) with open(constants.BINDUSERSECRET, 'w') as secret: secret.write(binduserpw) subProc('chmod 400 ' + constants.SECRETDIR + '/*', logfile) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # samba backup msg = 'Backing up samba ' printScript(msg, '', False, False, True) try: subProc('sophomorix-samba --backup-samba without-users', logfile) printScript(' Success!', '', True, True, False, len(msg)) except:
def main(): # get various setup values msg = 'Reading setup data ' printScript(msg, '', False, False, True) try: serverip = getSetupValue('serverip') bitmask = getSetupValue('bitmask') firewallip = getSetupValue('firewallip') servername = getSetupValue('servername') domainname = getSetupValue('domainname') basedn = getSetupValue('basedn') opsiip = getSetupValue('opsiip') dockerip = getSetupValue('dockerip') network = getSetupValue('network') adminpw = getSetupValue('adminpw') printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # get timezone rc, timezone = readTextfile('/etc/timezone') timezone = timezone.replace('\n', '') # get binduser password rc, binduserpw = readTextfile(constants.BINDUSERSECRET) # get firewall root password provided by linuxmuster-opnsense-reset pwfile = '/tmp/linuxmuster-opnsense-reset' if os.path.isfile(pwfile): # firewall reset after setup, given password is current password rc, rolloutpw = readTextfile(pwfile) productionpw = rolloutpw os.unlink(pwfile) else: # initial setup, rollout root password is standardized rolloutpw = constants.ROOTPW # new root production password provided by setup productionpw = adminpw # create and save radius secret msg = 'Calculating radius secret ' printScript(msg, '', False, False, True) try: radiussecret = randomPassword(16) with open(constants.RADIUSSECRET, 'w') as secret: secret.write(radiussecret) subProc('chmod 400 ' + constants.RADIUSSECRET, logfile) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # firewall config files now = datetime.datetime.now().strftime('%Y%m%d%H%M%S') fwconftmp = constants.FWCONFLOCAL fwconfbak = fwconftmp.replace('.xml', '-' + now + '.xml') fwconftpl = constants.FWOSCONFTPL # dummy ip addresses if not isValidHostIpv4(opsiip): opsiip = serverip.split('.')[0] + '.' + serverip.split('.')[1] + '.' + serverip.split('.')[2] + '.2' if not isValidHostIpv4(dockerip): dockerip = serverip.split('.')[0] + '.' + serverip.split('.')[1] + '.' + serverip.split('.')[2] + '.3' # get current config rc = getFwConfig(firewallip, rolloutpw) if not rc: sys.exit(1) # backup config msg = '* Backing up ' printScript(msg, '', False, False, True) try: shutil.copy(fwconftmp, fwconfbak) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # get root password hash msg = '* Reading current config ' printScript(msg, '', False, False, True) try: rc, content = readTextfile(fwconftmp) soup = BeautifulSoup(content, 'lxml') # save certain configuration values for later use sysctl = str(soup.findAll('sysctl')[0]) # get already configured interfaces for item in soup.findAll('interfaces'): if '<lan>' in str(item): interfaces = str(item) # save language information try: language = str(soup.findAll('language')[0]) except: language = '' # second try get language from locale settings if language == '': try: lang = os.environ['LANG'].split('.')[0] except: lang = 'en_US' language = '<language>' + lang + '</language>' # save gateway configuration try: gwconfig = str(soup.findAll('gateways')[0]) gwconfig = gwconfig.replace('<gateways>', '').replace('</gateways>', '') except: gwconfig = '' # save dnsserver configuration try: dnsconfig = str(soup.findAll('dnsserver')[0]) except: dnsconfig = '' # add server as dnsserver dnsserver = '<dnsserver>' + serverip + '</dnsserver>' if dnsconfig == '': dnsconfig = dnsserver else: dnsconfig = dnsserver + '\n ' + dnsconfig # save opt1 configuration if present try: opt1config = str(soup.findAll('opt1')[0]) except: opt1config = '' printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # get base64 encoded certs msg = '* Reading certificates & ssh key ' printScript(msg, '', False, False, True) try: rc, cacertb64 = readTextfile(constants.CACERTB64) rc, fwcertb64 = readTextfile(constants.SSLDIR + '/firewall.cert.pem.b64') rc, fwkeyb64 = readTextfile(constants.SSLDIR + '/firewall.key.pem.b64') rc, authorizedkey = readTextfile(constants.SSHPUBKEYB64) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # create list of first ten network ips for aliascontent (NoProxy group in firewall) aliascontent = '' netpre = network.split('.')[0] + '.' + network.split('.')[1] + '.' + network.split('.')[2] + '.' c = 0 max = 10 while c < max: c = c + 1 aliasip = netpre + str(c) if aliascontent == '': aliascontent = aliasip else: aliascontent = aliascontent + ' ' + aliasip # add server ips if not already collected for aliasip in [serverip, opsiip, dockerip]: if not aliasip in aliascontent: aliascontent = aliascontent + '\n' + aliasip # create new firewall configuration msg = '* Creating xml configuration file ' printScript(msg, '', False, False, True) try: # create password hash for new firewall password hashedpw = bcrypt.hashpw(str.encode(productionpw), bcrypt.gensalt(10)) fwrootpw_hashed = hashedpw.decode() apikey = randomPassword(80) apisecret = randomPassword(80) hashedpw = bcrypt.hashpw(str.encode(apisecret), bcrypt.gensalt(10)) apisecret_hashed = hashedpw.decode() # read template rc, content = readTextfile(fwconftpl) # replace placeholders with values content = content.replace('@@sysctl@@', sysctl) content = content.replace('@@servername@@', servername) content = content.replace('@@domainname@@', domainname) content = content.replace('@@basedn@@', basedn) content = content.replace('@@interfaces@@', interfaces) content = content.replace('@@dnsconfig@@', dnsconfig) content = content.replace('@@gwconfig@@', gwconfig) content = content.replace('@@serverip@@', serverip) content = content.replace('@@dockerip@@', dockerip) content = content.replace('@@firewallip@@', firewallip) content = content.replace('@@network@@', network) content = content.replace('@@bitmask@@', bitmask) content = content.replace('@@aliascontent@@', aliascontent) content = content.replace('@@gw_lan@@', constants.GW_LAN) content = content.replace('@@fwrootpw_hashed@@', fwrootpw_hashed) content = content.replace('@@authorizedkey@@', authorizedkey) content = content.replace('@@apikey@@', apikey) content = content.replace('@@apisecret_hashed@@', apisecret_hashed) content = content.replace('@@binduserpw@@', binduserpw) content = content.replace('@@radiussecret@@', radiussecret) content = content.replace('@@language@@', language) content = content.replace('@@timezone@@', timezone) content = content.replace('@@cacertb64@@', cacertb64) content = content.replace('@@fwcertb64@@', fwcertb64) content = content.replace('@@fwkeyb64@@', fwkeyb64) # write new configfile rc = writeTextfile(fwconftmp, content, 'w') printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # create api credentials ini file msg = '* Saving api credentials ' printScript(msg, '', False, False, True) try: rc = modIni(constants.FWAPIKEYS, 'api', 'key', apikey) rc = modIni(constants.FWAPIKEYS, 'api', 'secret', apisecret) os.system('chmod 400 ' + constants.FWAPIKEYS) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # upload config files # upload modified main config.xml rc = putFwConfig(firewallip, rolloutpw) if not rc: sys.exit(1) # upload modified auth config file for web-proxy sso (#83) printScript('Creating web proxy sso auth config file') subProc(constants.FWSHAREDIR + '/create-auth-config.py', logfile) conftmp = '/tmp/' + os.path.basename(constants.FWAUTHCFG) if not os.path.isfile(conftmp): sys.exit(1) rc, content = readTextfile(conftmp) fwpath = content.split('\n')[0].partition(' ')[2] rc = putSftp(firewallip, conftmp, fwpath, productionpw) if not rc: sys.exit(1) # remove temporary files os.unlink(conftmp) # reboot firewall printScript('Installing extensions and rebooting firewall') fwsetup_local = constants.FWSHAREDIR + '/fwsetup.sh' fwsetup_remote = '/tmp/fwsetup.sh' rc = putSftp(firewallip, fwsetup_local, fwsetup_remote, productionpw) rc = sshExec(firewallip, 'chmod +x ' + fwsetup_remote, productionpw) rc = sshExec(firewallip, fwsetup_remote, productionpw) if not rc: sys.exit(1)
setupini = constants.SETUPINI try: setup = configparser.ConfigParser(inline_comment_prefixes=('#', ';')) setup.read(setupini) adminpw = setup.get('setup', 'adminpw') domainname = setup.get('setup', 'domainname') printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # create sophomorix admin user msg = 'Calculating random passwords ' printScript(msg, '', False, False, True) try: sophadminpw = randomPassword(16) with open(constants.SOPHADMINSECRET, 'w') as secret: secret.write(sophadminpw) binduserpw = randomPassword(16) with open(constants.BINDUSERSECRET, 'w') as secret: secret.write(binduserpw) subProc('chmod 400 ' + constants.SECRETDIR + '/*', logfile) printScript(' Success!', '', True, True, False, len(msg)) except: printScript(' Failed!', '', True, True, False, len(msg)) sys.exit(1) # samba backup msg = 'Backing up samba ' printScript(msg, '', False, False, True) try: