def upload_certificate(d):
"""Upload information passed in the dict into a cert filename also specified in the dict."""
try:
pki_dir, err = config.get_pki_dir()
if err:
raise Exception(err)
path = '%s/%s' % (pki_dir, d['name'])
if os.path.exists(path):
raise Exception('A key of that name already exists')
os.mkdir(path)
with open('%s/%s.cert' % (path, d['name']), 'w') as f:
f.write('-----BEGIN PRIVATE KEY-----\n')
key_lines = d['private_key'].split()
if key_lines:
for line in key_lines:
f.write('%s\n' % line)
f.write('-----END PRIVATE KEY-----\n')
f.write('-----BEGIN CERTIFICATE-----\n')
cert_lines = d['certificate'].split()
if cert_lines:
for line in cert_lines:
f.write('%s\n' % line)
f.write('-----END CERTIFICATE-----\n')
except Exception, e:
return False, 'Error uploading certificate : %s' % str(e)
def get_certificates():
"""Get a list of certificates dicts for stored certs."""
cert_list = []
try:
certificates_dir, err = config.get_pki_dir()
if err:
raise Exception(err)
if not certificates_dir:
raise Exception('No certificates location defined')
if not os.path.exists(certificates_dir):
raise Exception('Certificates location does not exist')
for dirname, dirnames, filenames in os.walk(certificates_dir):
for subdirname in dirnames:
cert_path = '%s/%s.cert' % (os.path.join(
dirname, subdirname), subdirname)
key_path = '%s/%s.key' % (os.path.join(dirname,
subdirname), subdirname)
if not os.path.exists(cert_path):
continue
cert_info, err = get_certificate(cert_path)
if err:
continue
d = {}
d['name'] = subdirname
d['certificate'] = cert_info
cert_list.append(d)
except Exception, e:
return None, 'Error loading certificates : %s' % str(e)
def get_certificates():
"""Get a list of certificates dicts for stored certs."""
cert_list = []
try:
certificates_dir, err = config.get_pki_dir()
if err:
raise Exception(err)
if not certificates_dir:
raise Exception('No certificates location defined')
if not os.path.exists(certificates_dir):
raise Exception('Certificates location does not exist')
for dirname, dirnames, filenames in os.walk(certificates_dir):
for subdirname in dirnames:
cert_path = '%s/%s.cert' % (os.path.join(dirname,
subdirname), subdirname)
key_path = '%s/%s.key' % (os.path.join(dirname,
subdirname), subdirname)
if not os.path.exists(cert_path):
continue
cert_info, err = get_certificate(cert_path)
if err:
continue
d = {}
d['name'] = subdirname
d['certificate'] = cert_info
cert_list.append(d)
except Exception, e:
return None, 'Error loading certificates : %s' % str(e)
def upload_certificate(d):
"""Upload information passed in the dict into a cert filename also specified in the dict."""
try:
pki_dir, err = config.get_pki_dir()
if err:
raise Exception(err)
path = '%s/%s' % (pki_dir, d['name'])
if os.path.exists(path):
raise Exception('A key of that name already exists')
os.mkdir(path)
with open('%s/%s.cert' % (path, d['name']), 'w') as f:
f.write('-----BEGIN PRIVATE KEY-----\n')
key_lines = d['private_key'].split()
if key_lines:
for line in key_lines:
f.write('%s\n' % line)
f.write('-----END PRIVATE KEY-----\n')
f.write('-----BEGIN CERTIFICATE-----\n')
cert_lines = d['certificate'].split()
if cert_lines:
for line in cert_lines:
f.write('%s\n' % line)
f.write('-----END CERTIFICATE-----\n')
except Exception, e:
return False, 'Error uploading certificate : %s' % str(e)
def delete_ssl_certificate(name):
try:
pki_dir, err = config.get_pki_dir()
if err:
raise Exception(err)
path = '%s/%s' % (pki_dir, name)
if not os.path.exists(path):
raise Exception('Specified certificate name does not exist')
shutil.rmtree(path)
except Exception, e:
return False, 'Error deleting certificate : %s' % str(e)
def delete_certificate(name):
"""Delete a cert with the specified cert file name."""
try:
pki_dir, err = config.get_pki_dir()
if err:
raise Exception(err)
path = '%s/%s' % (pki_dir, name)
if not os.path.exists(path):
raise Exception('Specified certificate name does not exist')
shutil.rmtree(path)
except Exception, e:
return False, 'Error deleting certificate : %s' % str(e)
def generate_self_signed_certificate(d):
"""Generate a self signed cert with the parameters specified in the passed dict."""
try:
pki_dir, err = config.get_pki_dir()
if err:
raise Exception(err)
path = '%s/%s' % (pki_dir, d['name'])
if os.path.exists(path):
raise Exception('A key of that name already exists')
cmd = 'openssl req -new -newkey rsa:'
if 'key_length' in d:
key_length = int(d['key_length'])
else:
key_length = 1024
cmd = '%s%d' % (cmd, key_length)
if 'days' in d:
cmd = '%s -days %d' % (cmd, int(d['days']))
subj = ''
if 'country' in d:
subj = '%s/C=%s' % (subj, d['country'])
if 'state' in d:
subj = '%s/ST=%s' % (subj, d['state'])
if 'location' in d:
subj = '%s/L=%s' % (subj, d['location'])
if 'o' in d:
subj = '%s/O=%s' % (subj, d['o'])
if 'ou' in d:
subj = '%s/OU=%s' % (subj, d['ou'])
if 'cn' in d:
subj = '%s/CN=%s' % (subj, d['cn'])
if 'email' in d:
subj = '%s/emailAddress=%s' % (subj, d['email'])
cmd += ' -nodes -x509 -subj %s -keyout %s/%s.cert -out %s/%s.cert' % (
subj, path, d['name'], path, d['name'])
# print cmd
os.mkdir(path)
lines, err = command.get_command_output(cmd)
if err:
if os.path.exists(path):
shutil.rmtree(path)
raise Exception(err)
except Exception, e:
return False, 'Error generating self signed certificate : %s' % str(e)
def generate_self_signed_certificate(d):
"""Generate a self signed cert with the parameters specified in the passed dict."""
try:
pki_dir, err = config.get_pki_dir()
if err:
raise Exception(err)
path = '%s/%s' % (pki_dir, d['name'])
if os.path.exists(path):
raise Exception('A key of that name already exists')
cmd = 'openssl req -new -newkey rsa:'
if 'key_length' in d:
key_length = int(d['key_length'])
else:
key_length = 1024
cmd = '%s%d' % (cmd, key_length)
if 'days' in d:
cmd = '%s -days %d' % (cmd, int(d['days']))
subj = ''
if 'country' in d:
subj = '%s/C=%s' % (subj, d['country'])
if 'state' in d:
subj = '%s/ST=%s' % (subj, d['state'])
if 'location' in d:
subj = '%s/L=%s' % (subj, d['location'])
if 'o' in d:
subj = '%s/O=%s' % (subj, d['o'])
if 'ou' in d:
subj = '%s/OU=%s' % (subj, d['ou'])
if 'cn' in d:
subj = '%s/CN=%s' % (subj, d['cn'])
if 'email' in d:
subj = '%s/emailAddress=%s' % (subj, d['email'])
cmd += ' -nodes -x509 -subj %s -keyout %s/%s.cert -out %s/%s.cert' % (
subj, path, d['name'], path, d['name'])
# print cmd
os.mkdir(path)
lines, err = command.get_command_output(cmd)
if err:
if os.path.exists(path):
shutil.rmtree(path)
raise Exception(err)
except Exception, e:
return False, 'Error generating self signed certificate : %s' % str(e)
def update_ftp_config(config):
try:
pki_dir, err = integralstor_config.get_pki_dir()
if err:
raise Exception(err)
with open('/tmp/vsftpd.conf', 'w') as f:
f.write(
"# AutoGenerated by IntegralStor. Do not change this file manually \n")
f.write('anonymous_enable=NO\n')
f.write('local_enable=YES\n')
f.write('listen=YES\n')
f.write('local_umask=022\n')
f.write('dirmessage_enable=YES\n')
f.write('connect_from_port_20=YES\n')
f.write('xferlog_enable=YES\n')
f.write('xferlog_file=/var/log/xferlog\n')
f.write('xferlog_std_format=YES\n')
f.write('ftpd_banner=Welcome to the IntegralStor FTP service.\n')
f.write('chroot_local_user=YES\n')
# f.write('user_config_dir=/etc/vsftpd/users\n')
f.write('local_root=/%s/$USER\n' % config['dataset'])
f.write('user_sub_token=$USER\n')
f.write('dirlist_enable=YES\n')
f.write('download_enable=YES\n')
f.write('write_enable=YES\n')
f.write('pam_service_name=vsftpd\n')
f.write('userlist_enable=YES\n')
f.write('tcp_wrappers=YES\n')
if config['ssl_enabled']:
f.write('ssl_enable=yes\n')
f.write('rsa_cert_file=%s/%s/%s.cert\n' %
(pki_dir, config['cert_name'], config['cert_name']))
f.write('rsa_private_key_file=%s/%s/%s.cert\n' %
(pki_dir, config['cert_name'], config['cert_name']))
f.write('allow_anon_ssl=NO\n')
f.write('force_local_data_ssl=YES\n')
f.write('force_local_logins_ssl=YES\n')
f.write('ssl_tlsv1=YES\n')
f.write('ssl_sslv2=NO\n')
f.write('ssl_sslv3=NO\n')
f.write('require_ssl_reuse=NO\n')
f.write('ssl_ciphers=HIGH\n')
else:
f.write('ssl_enable=no\n')
shutil.move('/tmp/vsftpd.conf', '/etc/vsftpd/vsftpd.conf')
ret, err = services_management.update_service_status(
'vsftpd', 'restart')
if err:
raise Exception(err)
except Exception, e:
return False, 'Error updating FTP configuration files : %s' % str(e)
def update_https_mode(request):
return_dict = {}
try:
ret, err = django_utils.get_request_parameter_values(
request, ['change_to'])
if err:
raise Exception(err)
if 'change_to' not in ret:
raise Exception("Invalid request, please use the menus.")
change_to = ret['change_to']
return_dict['change_to'] = change_to
cert_list, err = certificates.get_certificates()
if err:
raise Exception(err)
if not cert_list:
raise Exception(
'No certificates have been created. Please create a certificate/key pair before you change the access method'
)
if request.method == "GET":
if change_to == 'secure':
form = pki_forms.SetHttpsModeForm(cert_list=cert_list)
return_dict['form'] = form
return django.shortcuts.render_to_response(
"update_https_mode.html",
return_dict,
context_instance=django.template.context.RequestContext(
request))
else:
return_dict[
'conf_message'] = 'Are you sure you want to disable the secure access mode for IntegralView?'
return django.shortcuts.render_to_response(
"update_http_mode_conf.html",
return_dict,
context_instance=django.template.context.RequestContext(
request))
else:
if change_to == 'secure':
form = pki_forms.SetHttpsModeForm(request.POST,
cert_list=cert_list)
return_dict['form'] = form
if not form.is_valid():
return django.shortcuts.render_to_response(
"update_https_mode.html",
return_dict,
context_instance=django.template.context.
RequestContext(request))
cd = form.cleaned_data
if change_to == 'secure':
pki_dir, err = config.get_pki_dir()
if err:
raise Exception(err)
cert_loc = '%s/%s/%s.cert' % (pki_dir, cd['cert_name'],
cd['cert_name'])
if not os.path.exists(cert_loc):
raise Exception('Error locating certificate')
ret, err = nginx.generate_nginx_conf(True, cert_loc, cert_loc)
if err:
raise Exception(err)
else:
ret, err = nginx.generate_nginx_conf(False)
if err:
raise Exception(err)
audit_str = "Changed the IntegralView access mode to '%s'" % change_to
audit.audit("set_https_mode", audit_str, request)
redirect_url = "https://" if change_to == "secure" else "http://"
redirect_url = redirect_url + \
request.META["HTTP_HOST"] + \
"/view_https_mode?ack=set_to_%s" % change_to
restart, err = scheduler_utils.create_task(
'Chaging IntegralView access mode',
[{
'Restarting Web Server': 'service nginx restart'
}], 2)
if err:
raise Exception(err)
return django.http.HttpResponseRedirect(redirect_url)
except Exception, e:
return_dict['base_template'] = "admin_base.html"
return_dict["page_title"] = 'Set Integralview access mode'
return_dict['tab'] = 'https_tab'
return_dict["error"] = 'Error setting IntegralView access mode'
return_dict["error_details"] = str(e)
return django.shortcuts.render_to_response(
"logged_in_error.html",
return_dict,
context_instance=django.template.context.RequestContext(request))