def assign(self, name, assign):
# Assign a certificate to plugins/webapps as listed
cfg = ConfigParser.ConfigParser()
cfg.read('/etc/ssl/certs/genesis/' + name + '.gcinfo')
alist = cfg.get('cert', 'assign').split('\n')
for i in alist:
if i == '':
alist.remove(i)
for x in assign:
if x[0] == 'genesis':
self.app.gconfig.set('genesis', 'cert_file',
'/etc/ssl/certs/genesis/' + name + '.crt')
self.app.gconfig.set(
'genesis', 'cert_key',
'/etc/ssl/private/genesis/' + name + '.key')
self.app.gconfig.set('genesis', 'ssl', '1')
alist.append('Genesis SSL')
self.app.gconfig.save()
elif x[0] == 'webapp':
WebappControl(self.app).ssl_enable(
x[1], '/etc/ssl/certs/genesis/' + name + '.crt',
'/etc/ssl/private/genesis/' + name + '.key')
alist.append(x[1].name + ' (' + x[1].stype + ')')
WebappControl(self.app).nginx_reload()
elif x[0] == 'plugin':
x[1].enable_ssl('/etc/ssl/certs/genesis/' + name + '.crt',
'/etc/ssl/private/genesis/' + name + '.key')
alist.append(x[1].text)
cfg.set('cert', 'assign', '\n'.join(alist))
cfg.write(open('/etc/ssl/certs/genesis/' + name + '.gcinfo', 'w'))
def remove(self, cert):
# Remove cert, key and control file for associated name
wal, pal = self.get_ssl_capable()
for y in cert['assign']:
for x in wal:
if y['type'] == 'website' and y['name'] == x.name:
WebappControl(self.app).ssl_disable(x)
WebappControl(self.app).nginx_reload()
break
for x in pal:
if y['type'] == 'plugin' and y['id'] == x.pid:
x.disable_ssl()
break
if y['type'] == 'genesis':
self.app.gconfig.set('genesis', 'cert_file', '')
self.app.gconfig.set('genesis', 'cert_key', '')
self.app.gconfig.set('genesis', 'ssl', '0')
self.app.gconfig.save()
try:
os.unlink('/etc/ssl/certs/genesis/' + cert['name'] + '.crt')
except:
pass
try:
os.unlink('/etc/ssl/private/genesis/' + cert['name'] + '.key')
except:
pass
def unassign(self, assign):
if assign == 'genesis':
self.app.gconfig.set('genesis', 'cert_file', '')
self.app.gconfig.set('genesis', 'cert_key', '')
self.app.gconfig.set('genesis', 'ssl', '0')
self.app.gconfig.save()
elif assign[0] == 'website':
WebappControl(self.app).ssl_disable(assign[1])
WebappControl(self.app).nginx_reload()
elif assign[0] == 'plugin':
self.app.gconfig.set('ssl_' + assign[1].pid, 'cert', '')
self.app.gconfig.save()
assign[1].disable_ssl()
def setup(self, addr, port):
# Make sure Radicale is installed and ready
pyctl = apis.langassist(self.app).get_interface('Python')
users = UsersBackend(self.app)
if not pyctl.is_installed('Radicale'):
pyctl.install('radicale')
# due to packaging bugs, make extra sure perms are readable
st = os.stat('/usr/lib/python2.7/site-packages/radicale')
for r, d, f in os.walk('/usr/lib/python2.7/site-packages/radicale'):
for x in d:
os.chmod(os.path.join(r, x),
st.st_mode & stat.S_IROTH & stat.S_IRGRP)
for x in f:
os.chmod(os.path.join(r, x),
st.st_mode & stat.S_IROTH & stat.S_IRGRP)
if not os.path.exists('/etc/radicale/config'):
if not os.path.isdir('/etc/radicale'):
os.mkdir('/etc/radicale')
open('/etc/radicale/config', 'w').write(self.default_config)
if not os.path.isdir('/usr/lib/radicale'):
os.mkdir('/usr/lib/radicale')
# Add the site process
users.add_user('radicale')
users.add_group('radicale')
users.add_to_group('radicale', 'radicale')
wsgi_file = 'import radicale\n'
wsgi_file += 'radicale.log.start()\n'
wsgi_file += 'application = radicale.Application()\n'
open('/etc/radicale/radicale.wsgi', 'w').write(wsgi_file)
os.chmod('/etc/radicale/radicale.wsgi', 0766)
s = apis.orders(self.app).get_interface('supervisor')
if s:
s[0].order('new', 'radicale', 'program', [
('directory', '/etc/radicale'), ('user', 'radicale'),
('command',
'uwsgi -s /tmp/radicale.sock -C --plugin python2 --wsgi-file radicale.wsgi'
), ('stdout_logfile', '/var/log/radicale.log'),
('stderr_logfile', '/var/log/radicale.log')
])
block = [
nginx.Location(
'/',
nginx.Key('auth_basic',
'"Genesis Calendar Server (Radicale)"'),
nginx.Key('auth_basic_user_file', '/etc/radicale/users'),
nginx.Key('include', 'uwsgi_params'),
nginx.Key('uwsgi_pass', 'unix:///tmp/radicale.sock'),
)
]
if not os.path.exists('/etc/radicale/users'):
open('/etc/radicale/users', 'w').write('')
os.chmod('/etc/radicale/users', 0766)
WebappControl(self.app).add_reverse_proxy('radicale',
'/usr/lib/radicale', addr,
port, block)
apis.networkcontrol(self.app).add_webapp(
('radicale', 'ReverseProxy', port))
c = self.app.get_config(RadicaleConfig(self.app))
c.first_run_complete = True
c.save()
def remove(self, name):
# Remove cert, key and control file for associated name
cfg = ConfigParser.ConfigParser()
cfg.read('/etc/ssl/certs/genesis/' + name + '.gcinfo')
alist = cfg.get('cert', 'assign').split('\n')
wal, pal = self.get_ssl_capable()
for x in wal:
if (x.name + ' (' + x.stype + ')') in alist:
WebappControl(self.app).ssl_disable(x)
for y in pal:
if y.text in alist:
y.disable_ssl()
if 'Genesis SSL' in alist:
self.app.gconfig.set('genesis', 'cert_file', '')
self.app.gconfig.set('genesis', 'cert_key', '')
self.app.gconfig.set('genesis', 'ssl', '0')
self.app.gconfig.save()
os.unlink('/etc/ssl/certs/genesis/' + name + '.gcinfo')
try:
os.unlink('/etc/ssl/certs/genesis/' + name + '.crt')
except:
pass
try:
os.unlink('/etc/ssl/private/genesis/' + name + '.key')
except:
pass
def assign(self, name, assign):
# Assign a certificate to plugins/webapps as listed
for x in assign:
if x[0] == 'genesis':
self.app.gconfig.set('genesis', 'cert_file',
'/etc/ssl/certs/genesis/' + name + '.crt')
self.app.gconfig.set(
'genesis', 'cert_key',
'/etc/ssl/private/genesis/' + name + '.key')
self.app.gconfig.set('genesis', 'ssl', '1')
self.app.gconfig.save()
elif x[0] == 'website':
WebappControl(self.app).ssl_enable(
x[1], name, '/etc/ssl/certs/genesis/' + name + '.crt',
'/etc/ssl/private/genesis/' + name + '.key')
WebappControl(self.app).nginx_reload()
elif x[0] == 'plugin':
self.app.gconfig.set('ssl_' + x[1].pid, 'cert', name)
self.app.gconfig.save()
x[1].enable_ssl('/etc/ssl/certs/genesis/' + name + '.crt',
'/etc/ssl/private/genesis/' + name + '.key')
def unassign(self, name, assign):
cfg = ConfigParser.ConfigParser()
cfg.read('/etc/ssl/certs/genesis/' + name + '.gcinfo')
alist = cfg.get('cert', 'assign').split('\n')
for i in alist:
if i == '':
alist.remove(i)
for x in assign:
if x[0] == 'genesis':
self.app.gconfig.set('genesis', 'cert_file', '')
self.app.gconfig.set('genesis', 'cert_key', '')
self.app.gconfig.set('genesis', 'ssl', '0')
alist.remove('Genesis SSL')
self.app.gconfig.save()
elif x[0] == 'webapp':
WebappControl(self.app).ssl_disable(x[1])
alist.remove(x[1].name + ' (' + x[1].stype + ')')
WebappControl(self.app).nginx_reload()
elif x[0] == 'plugin':
x[1].disable_ssl()
alist.remove(x[1].text)
cfg.set('cert', 'assign', '\n'.join(alist))
cfg.write(open('/etc/ssl/certs/genesis/' + name + '.gcinfo', 'w'))
elif self.site.ssl and hostport == '80':
self.put_message('err',
'Cannot set an HTTPS site to port 80')
elif not self.site.ssl and hostport == '443':
self.put_message(
'err', 'Cannot set an HTTP-only site to port 443')
else:
w = Webapp()
w.name = self.site.name
w.stype = self.site.stype
w.path = self.site.path
w.addr = hostname
w.port = hostport
w.ssl = self.site.ssl
w.php = False
WebappControl(self.app).nginx_edit(self.site, w)
apis.networkcontrol(self.app).change_webapp(self.site, w)
self.put_message('success', 'Site edited successfully')
self._editsrv = None
if params[0] == 'dlgChpasswd':
passwd = vars.getvalue('chpasswd', '')
if vars.getvalue('action', '') == 'OK':
if not passwd:
self.put_message('err', 'Must choose a password')
elif passwd != vars.getvalue('chpasswdb', ''):
self.put_message('err', 'Passwords must match')
else:
try:
self._rc.edit_user(self._edit, passwd)
self.put_message('success',
'Password changed successfully')