def post(self):
data = request.get_json()["api_key"]
key = genAPIKey()
key = {"key": key, "user": data["user"], "comment": data["comment"]}
secrets.append("api-keys", key)
secrets.save()
return jsonify(api_key=key)
def delete(self, id):
data = secrets.get_all("api-keys")
for x in data:
if x["key"] == id:
data.remove(x)
secrets.save()
break
return Response(status=204)
def revoke(key):
"""Revoke an API key."""
try:
data = secrets.get_all("api-keys")
for x in data:
if x["key"] == key:
data.remove(x)
secrets.save()
break
logger.info('ctl:keys:revoke', 'API key revoked')
except Exception as e:
raise CLIException(str(e))
def create(user, comment):
"""Create a new API key."""
try:
key = genAPIKey()
kdata = {"key": key, "user": user, "comment": comment}
secrets.append("api-keys", kdata)
secrets.save()
smsg = "Added new API key for {} with comment {}".format(user, comment)
logger.success('ctl:keys:create', smsg)
logger.info('ctl:keys:create', key)
except Exception as e:
raise CLIException(str(e))
def change_admin_passwd(self):
try:
s = services.get("mysqld")
if s.state != "running":
s.start()
except:
return ""
new_passwd = random_string()[:16]
secrets.set("mysql", new_passwd)
secrets.save()
c = MySQLdb.connect('localhost', 'root', '', 'mysql')
c.query('UPDATE user SET password=PASSWORD("'+new_passwd+'") WHERE User=\'root\'')
c.query('FLUSH PRIVILEGES')
c.commit()
return new_passwd
def change_admin_passwd(self):
try:
s = services.get("mysqld")
if s.state != "running":
s.start()
except:
return ""
new_passwd = random_string()[:16]
secrets.set("mysql", new_passwd)
secrets.save()
c = MySQLdb.connect('localhost', 'root', '', 'mysql')
c.query("UPDATE user SET password=PASSWORD(\"{0}\") "
"WHERE User='******'".format(new_passwd))
c.query('FLUSH PRIVILEGES')
c.commit()
return new_passwd
def redis():
"""Initialize distribution Redis integration."""
paths = ["arkos-redis.service", "arkos-redis.conf"]
for x in paths:
if not os.path.exists(os.path.join("/usr/share/arkos/redis", x)):
raise CLIException(
"Template files could not be found. Your installation may "
"be corrupted. Please reinstall the `arkos-configs` package.")
logger.debug('ctl:init:redis', 'Stopping daemon if exists: arkos-redis')
shell("systemctl stop arkos-redis")
logger.info('ctl:init:redis', 'Copying files')
ruid, rgid = pwd.getpwnam("redis").pw_uid, grp.getgrnam("redis").gr_gid
shutil.copy("/usr/share/arkos/redis/arkos-redis.conf",
"/etc/arkos-redis.conf")
os.chown("/etc/arkos-redis.conf", ruid, rgid)
os.chmod("/etc/arkos-redis.conf", 0o660)
shutil.copy("/usr/share/arkos/redis/arkos-redis.service",
"/usr/lib/systemd/system/arkos-redis.service")
os.chmod("/usr/lib/systemd/system/arkos-redis.service", 0o644)
if not os.path.exists("/var/lib/arkos-redis"):
os.makedirs("/var/lib/arkos-redis")
os.chmod("/var/lib/arkos-redis", 0o700)
os.chown("/var/lib/arkos-redis", ruid, rgid)
logger.info('ctl:init:redis', 'Setting admin password')
redis_passwd = random_string(16)
with open("/etc/arkos-redis.conf", "r") as f:
data = f.read()
data = data.replace("%REDISPASS%", redis_passwd)
with open("/etc/arkos-redis.conf", "w") as f:
f.write(data)
secrets.set("redis", redis_passwd)
secrets.save()
logger.debug('ctl:init:redis', 'Starting daemon: arkos-redis')
shell("systemctl daemon-reload")
shell("systemctl enable arkos-redis")
shell("systemctl start arkos-redis")
logger.success('ctl:init:redis', 'Complete')
def ldap():
"""Initialize distribution copy of OpenLDAP."""
paths = ["slapd.conf", "ldap.conf", "base.ldif"]
for x in paths:
if not os.path.exists(os.path.join("/usr/share/arkos/openldap", x)):
raise CLIException(
"Template files could not be found. Your installation may "
"be corrupted. Please reinstall the `arkos-configs` package.")
logger.debug('ctl:init:ldap', 'Stopping daemon: slapd')
s = shell("systemctl stop slapd")
if s["code"] != 0:
raise click.ClickException(s["stderr"].decode())
logger.info('ctl:init:ldap', 'Cleaning up old LDAP database')
if os.path.exists("/etc/openldap/slapd.ldif"):
os.unlink("/etc/openldap/slapd.ldif")
slapdir = "/etc/openldap/slapd.d"
for x in os.listdir(slapdir):
fpath = os.path.join(slapdir, x)
if os.path.isdir(fpath):
shutil.rmtree(fpath)
else:
os.unlink(fpath)
logger.info('ctl:init:ldap', 'Installing initial configuration')
shutil.copy("/usr/share/arkos/openldap/slapd.conf",
"/etc/openldap/slapd.conf")
shutil.copy("/usr/share/arkos/openldap/ldap.conf",
"/etc/openldap/ldap.conf")
if os.path.exists("/usr/share/doc/sudo/schema.OpenLDAP"):
shutil.copy("/usr/share/doc/sudo/schema.OpenLDAP",
"/etc/openldap/schema/sudo.schema")
shutil.copy("/usr/share/arkos/openldap/mailserver.schema",
"/etc/openldap/schema/mailserver.schema")
shutil.copy("/usr/share/arkos/openldap/samba.schema",
"/etc/openldap/schema/samba.schema")
logger.info('ctl:init:ldap', 'Setting admin password')
ldap_passwd = random_string(16)
ldap_pwhash = ldap_sha512_crypt.encrypt(ldap_passwd)
with open("/etc/openldap/slapd.conf", "r") as f:
data = f.read()
data = data.replace("%ROOTPW%", ldap_pwhash)
with open("/etc/openldap/slapd.conf", "w") as f:
f.write(data)
secrets.set("ldap", ldap_passwd)
secrets.save()
logger.info('ctl:init:ldap', 'Generating new LDAP database')
logger.debug('ctl:init:ldap', 'slapadd slapd.conf')
shell("slapadd -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/",
stdin="")
logger.debug('ctl:init:ldap', 'slaptest')
shell("slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/")
luid, lgid = pwd.getpwnam("ldap").pw_uid, grp.getgrnam("ldap").gr_gid
for r, d, f in os.walk("/etc/openldap/slapd.d"):
for x in d:
os.chown(os.path.join(r, x), luid, lgid)
for x in f:
os.chown(os.path.join(r, x), luid, lgid)
logger.debug('ctl:init:ldap', 'slapindex')
shell("slapindex")
logger.debug('ctl:init:ldap', 'slapadd base.ldif')
shell("slapadd -l /usr/share/arkos/openldap/base.ldif")
for r, d, f in os.walk("/var/lib/openldap/openldap-data"):
for x in d:
os.chown(os.path.join(r, x), luid, lgid)
for x in f:
os.chown(os.path.join(r, x), luid, lgid)
logger.debug('ctl:init:ldap', 'Restarting daemon: slapd')
shell("systemctl enable slapd")
shell("systemctl restart slapd")
logger.success('ctl:init:ldap', 'Complete')