|
|
|
|
@ -409,6 +409,26 @@ in a sambaDomainName',
|
|
|
|
|
'544',
|
|
|
|
|
'Admin samba user')}
|
|
|
|
|
|
|
|
|
|
def getUserUidAndGid(self, userName, groupName=""):
|
|
|
|
|
"""Находит в системе uid и gid пользователя
|
|
|
|
|
|
|
|
|
|
userName - имя пользователя и имя группы пользователя
|
|
|
|
|
"""
|
|
|
|
|
if not groupName:
|
|
|
|
|
groupName = userName
|
|
|
|
|
import pwd
|
|
|
|
|
try:
|
|
|
|
|
uid = pwd.getpwnam(userName)[2]
|
|
|
|
|
except:
|
|
|
|
|
self.printERROR(_("Can not found user %s in this system")%userName)
|
|
|
|
|
return ()
|
|
|
|
|
try:
|
|
|
|
|
import grp
|
|
|
|
|
gid = grp.getgrnam(groupName)[2]
|
|
|
|
|
except:
|
|
|
|
|
self.printERROR(_("Can not found user %s in this system")%groupName)
|
|
|
|
|
return ()
|
|
|
|
|
return (uid, gid)
|
|
|
|
|
|
|
|
|
|
def genSleep(self):
|
|
|
|
|
"""Генератор задержек"""
|
|
|
|
|
@ -1767,6 +1787,90 @@ This command is not allowed."))
|
|
|
|
|
else:
|
|
|
|
|
return self.dialogYesNo(message)
|
|
|
|
|
|
|
|
|
|
def createCertificate(self, sslCountry="US",
|
|
|
|
|
sslState="California",
|
|
|
|
|
sslLocality="Santa Barbara",
|
|
|
|
|
sslOrganization="SSL Server",
|
|
|
|
|
sslUnit="For Testing Purposes Only",
|
|
|
|
|
sslCommonName="localhost",
|
|
|
|
|
sslEmail="root@localhost",
|
|
|
|
|
nsCertType="server",
|
|
|
|
|
sslDays=730,
|
|
|
|
|
sslBits=1024,
|
|
|
|
|
userName="root",groupName="root",
|
|
|
|
|
certFile="/tmp/server.pem",
|
|
|
|
|
certFileMode=0400,
|
|
|
|
|
keyFile="/tmp/server.key",
|
|
|
|
|
keyFileMode=0400):
|
|
|
|
|
"""Создает сертификат"""
|
|
|
|
|
certAndKeyFiles = [certFile, keyFile]
|
|
|
|
|
foundCertFiles = filter(lambda x: os.path.exists(x), certAndKeyFiles)
|
|
|
|
|
if len(foundCertFiles)==2:
|
|
|
|
|
return True
|
|
|
|
|
# Удаляем файл сертификата
|
|
|
|
|
map(lambda x: os.remove(x), foundCertFiles)
|
|
|
|
|
uidAndGid = self.getUserUidAndGid(userName, groupName)
|
|
|
|
|
if not uidAndGid:
|
|
|
|
|
return False
|
|
|
|
|
uid, gid = uidAndGid
|
|
|
|
|
textCnf="""[ req ]
|
|
|
|
|
prompt = no
|
|
|
|
|
default_bits = %s
|
|
|
|
|
distinguished_name = req_dn
|
|
|
|
|
|
|
|
|
|
[ req_dn ]
|
|
|
|
|
C = %s
|
|
|
|
|
ST = %s
|
|
|
|
|
L = %s
|
|
|
|
|
O = %s
|
|
|
|
|
OU = %s
|
|
|
|
|
CN = %s
|
|
|
|
|
emailAddress = %s
|
|
|
|
|
|
|
|
|
|
[ cert_type ]
|
|
|
|
|
nsCertType = %s
|
|
|
|
|
"""%(sslBits, sslCountry, sslState, sslLocality, sslOrganization, sslUnit,
|
|
|
|
|
sslCommonName, sslEmail, nsCertType)
|
|
|
|
|
# генерируем название файла конфигурации
|
|
|
|
|
strData = time.strftime("%Y%m%d%H%M%S",time.localtime(time.time()))
|
|
|
|
|
cnfFile = "/tmp/%s.cnf" %strData
|
|
|
|
|
sslFile = "/usr/bin/openssl"
|
|
|
|
|
if not os.path.exists(sslFile):
|
|
|
|
|
self.printERROR(_("Can not found %s")%sslFile)
|
|
|
|
|
return False
|
|
|
|
|
# Cоздание директорий
|
|
|
|
|
for fileName in certAndKeyFiles:
|
|
|
|
|
dirName = os.path.split(fileName)[0]
|
|
|
|
|
if not os.path.exists(dirName):
|
|
|
|
|
self.createUserDir(0, 0, dirName, 0644)
|
|
|
|
|
# Создание конфигурационного файла
|
|
|
|
|
self.createUserFile(cnfFile, textCnf, 0, 0, 0600)
|
|
|
|
|
# Создание сертификата
|
|
|
|
|
textLine = self.execProg(\
|
|
|
|
|
"%s req -new -x509 -nodes -config %s -days %s -out %s -keyout %s"\
|
|
|
|
|
%(sslFile, cnfFile, sslDays, certFile, keyFile))
|
|
|
|
|
# Удаление конфигурационного файла
|
|
|
|
|
if os.path.exists(cnfFile):
|
|
|
|
|
os.remove(cnfFile)
|
|
|
|
|
# Меняем права
|
|
|
|
|
if os.path.exists(certFile):
|
|
|
|
|
os.chown(certFile, uid,gid)
|
|
|
|
|
os.chmod(certFile, certFileMode)
|
|
|
|
|
if os.path.exists(keyFile):
|
|
|
|
|
os.chown(keyFile, uid,gid)
|
|
|
|
|
os.chmod(keyFile, keyFileMode)
|
|
|
|
|
if textLine == False:
|
|
|
|
|
self.printERROR(_("Can not create certificate %s")%certFile)
|
|
|
|
|
return False
|
|
|
|
|
# Проверка сертификата
|
|
|
|
|
textLine = self.execProg("%s x509 -subject -fingerprint -noout -in %s"\
|
|
|
|
|
%(sslFile, certFile))
|
|
|
|
|
if textLine == False:
|
|
|
|
|
self.printERROR(_("Can not create certificate %s")%certFile)
|
|
|
|
|
return False
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def createClVars(self, clVars=False, returnImportVar=False):
|
|
|
|
|
"""Создает объект Vars"""
|
|
|
|
|
# Словарь импортируемых переменных из ini Файлов
|
|
|
|
|
@ -4640,6 +4744,12 @@ if you want to continue to run the program again"))
|
|
|
|
|
self.clVars.Set("sr_mail_crypt", mailCrypt, True)
|
|
|
|
|
if not self.applyProfilesFromService('mail'):
|
|
|
|
|
return False
|
|
|
|
|
# Создаем сертификат для Dovecot
|
|
|
|
|
if not self.createCertificate(sslOrganization="Dovecot IMAP Server",
|
|
|
|
|
userName="dovecot", groupName="mail",
|
|
|
|
|
certFile="/etc/ssl/dovecot/server.pem",
|
|
|
|
|
keyFile="/etc/ssl/dovecot/server.key"):
|
|
|
|
|
return False
|
|
|
|
|
# Проверим запущен ли ldap
|
|
|
|
|
if not self.getRunService("ldap"):
|
|
|
|
|
# Запускаем LDAP сервер
|
|
|
|
|
@ -20580,26 +20690,6 @@ network %s")%net)
|
|
|
|
|
return []
|
|
|
|
|
return [self.getIPinNumber(minIpRanges),self.getIPinNumber(maxIpRanges)]
|
|
|
|
|
|
|
|
|
|
def getUserUidAndGid(self, userName):
|
|
|
|
|
"""Находит в системе uid и gid пользователя
|
|
|
|
|
|
|
|
|
|
userName - имя пользователя и имя группы пользователя
|
|
|
|
|
"""
|
|
|
|
|
groupName = userName
|
|
|
|
|
import pwd
|
|
|
|
|
try:
|
|
|
|
|
uid = pwd.getpwnam(userName)[2]
|
|
|
|
|
except:
|
|
|
|
|
self.printERROR(_("Can not found user %s in this system")%userName)
|
|
|
|
|
return ()
|
|
|
|
|
try:
|
|
|
|
|
import grp
|
|
|
|
|
gid = grp.getgrnam(groupName)[2]
|
|
|
|
|
except:
|
|
|
|
|
self.printERROR(_("Can not found user %s in this system")%groupName)
|
|
|
|
|
return ()
|
|
|
|
|
return (uid, gid)
|
|
|
|
|
|
|
|
|
|
def createLogFile(self):
|
|
|
|
|
"""Создание файла лога или если нужно изменение владельца файла лога"""
|
|
|
|
|
import cl_log
|
|
|
|
|
|
Самоукин Алексей
15 years ago