def post(self): data = request.get_json()["api_key"] key = genAPIKey() key = {"key": key, "user": data["user"], "comment": data["comment"]} secrets.append("api-keys", key) secrets.save() return jsonify(api_key=key)
def delete(self, id): data = secrets.get_all("api-keys") for x in data: if x["key"] == id: data.remove(x) secrets.save() break return Response(status=204)
def revoke(key): """Revoke an API key.""" try: data = secrets.get_all("api-keys") for x in data: if x["key"] == key: data.remove(x) secrets.save() break logger.info('ctl:keys:revoke', 'API key revoked') except Exception as e: raise CLIException(str(e))
def create(user, comment): """Create a new API key.""" try: key = genAPIKey() kdata = {"key": key, "user": user, "comment": comment} secrets.append("api-keys", kdata) secrets.save() smsg = "Added new API key for {} with comment {}".format(user, comment) logger.success('ctl:keys:create', smsg) logger.info('ctl:keys:create', key) except Exception as e: raise CLIException(str(e))
def change_admin_passwd(self): try: s = services.get("mysqld") if s.state != "running": s.start() except: return "" new_passwd = random_string()[:16] secrets.set("mysql", new_passwd) secrets.save() c = MySQLdb.connect('localhost', 'root', '', 'mysql') c.query('UPDATE user SET password=PASSWORD("'+new_passwd+'") WHERE User=\'root\'') c.query('FLUSH PRIVILEGES') c.commit() return new_passwd
def change_admin_passwd(self): try: s = services.get("mysqld") if s.state != "running": s.start() except: return "" new_passwd = random_string()[:16] secrets.set("mysql", new_passwd) secrets.save() c = MySQLdb.connect('localhost', 'root', '', 'mysql') c.query("UPDATE user SET password=PASSWORD(\"{0}\") " "WHERE User='******'".format(new_passwd)) c.query('FLUSH PRIVILEGES') c.commit() return new_passwd
def redis(): """Initialize distribution Redis integration.""" paths = ["arkos-redis.service", "arkos-redis.conf"] for x in paths: if not os.path.exists(os.path.join("/usr/share/arkos/redis", x)): raise CLIException( "Template files could not be found. Your installation may " "be corrupted. Please reinstall the `arkos-configs` package.") logger.debug('ctl:init:redis', 'Stopping daemon if exists: arkos-redis') shell("systemctl stop arkos-redis") logger.info('ctl:init:redis', 'Copying files') ruid, rgid = pwd.getpwnam("redis").pw_uid, grp.getgrnam("redis").gr_gid shutil.copy("/usr/share/arkos/redis/arkos-redis.conf", "/etc/arkos-redis.conf") os.chown("/etc/arkos-redis.conf", ruid, rgid) os.chmod("/etc/arkos-redis.conf", 0o660) shutil.copy("/usr/share/arkos/redis/arkos-redis.service", "/usr/lib/systemd/system/arkos-redis.service") os.chmod("/usr/lib/systemd/system/arkos-redis.service", 0o644) if not os.path.exists("/var/lib/arkos-redis"): os.makedirs("/var/lib/arkos-redis") os.chmod("/var/lib/arkos-redis", 0o700) os.chown("/var/lib/arkos-redis", ruid, rgid) logger.info('ctl:init:redis', 'Setting admin password') redis_passwd = random_string(16) with open("/etc/arkos-redis.conf", "r") as f: data = f.read() data = data.replace("%REDISPASS%", redis_passwd) with open("/etc/arkos-redis.conf", "w") as f: f.write(data) secrets.set("redis", redis_passwd) secrets.save() logger.debug('ctl:init:redis', 'Starting daemon: arkos-redis') shell("systemctl daemon-reload") shell("systemctl enable arkos-redis") shell("systemctl start arkos-redis") logger.success('ctl:init:redis', 'Complete')
def ldap(): """Initialize distribution copy of OpenLDAP.""" paths = ["slapd.conf", "ldap.conf", "base.ldif"] for x in paths: if not os.path.exists(os.path.join("/usr/share/arkos/openldap", x)): raise CLIException( "Template files could not be found. Your installation may " "be corrupted. Please reinstall the `arkos-configs` package.") logger.debug('ctl:init:ldap', 'Stopping daemon: slapd') s = shell("systemctl stop slapd") if s["code"] != 0: raise click.ClickException(s["stderr"].decode()) logger.info('ctl:init:ldap', 'Cleaning up old LDAP database') if os.path.exists("/etc/openldap/slapd.ldif"): os.unlink("/etc/openldap/slapd.ldif") slapdir = "/etc/openldap/slapd.d" for x in os.listdir(slapdir): fpath = os.path.join(slapdir, x) if os.path.isdir(fpath): shutil.rmtree(fpath) else: os.unlink(fpath) logger.info('ctl:init:ldap', 'Installing initial configuration') shutil.copy("/usr/share/arkos/openldap/slapd.conf", "/etc/openldap/slapd.conf") shutil.copy("/usr/share/arkos/openldap/ldap.conf", "/etc/openldap/ldap.conf") if os.path.exists("/usr/share/doc/sudo/schema.OpenLDAP"): shutil.copy("/usr/share/doc/sudo/schema.OpenLDAP", "/etc/openldap/schema/sudo.schema") shutil.copy("/usr/share/arkos/openldap/mailserver.schema", "/etc/openldap/schema/mailserver.schema") shutil.copy("/usr/share/arkos/openldap/samba.schema", "/etc/openldap/schema/samba.schema") logger.info('ctl:init:ldap', 'Setting admin password') ldap_passwd = random_string(16) ldap_pwhash = ldap_sha512_crypt.encrypt(ldap_passwd) with open("/etc/openldap/slapd.conf", "r") as f: data = f.read() data = data.replace("%ROOTPW%", ldap_pwhash) with open("/etc/openldap/slapd.conf", "w") as f: f.write(data) secrets.set("ldap", ldap_passwd) secrets.save() logger.info('ctl:init:ldap', 'Generating new LDAP database') logger.debug('ctl:init:ldap', 'slapadd slapd.conf') shell("slapadd -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/", stdin="") logger.debug('ctl:init:ldap', 'slaptest') shell("slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/") luid, lgid = pwd.getpwnam("ldap").pw_uid, grp.getgrnam("ldap").gr_gid for r, d, f in os.walk("/etc/openldap/slapd.d"): for x in d: os.chown(os.path.join(r, x), luid, lgid) for x in f: os.chown(os.path.join(r, x), luid, lgid) logger.debug('ctl:init:ldap', 'slapindex') shell("slapindex") logger.debug('ctl:init:ldap', 'slapadd base.ldif') shell("slapadd -l /usr/share/arkos/openldap/base.ldif") for r, d, f in os.walk("/var/lib/openldap/openldap-data"): for x in d: os.chown(os.path.join(r, x), luid, lgid) for x in f: os.chown(os.path.join(r, x), luid, lgid) logger.debug('ctl:init:ldap', 'Restarting daemon: slapd') shell("systemctl enable slapd") shell("systemctl restart slapd") logger.success('ctl:init:ldap', 'Complete')