Daniel Berteaud
12 years ago
commit
ccd671a4cc
18 changed files with 264 additions and 0 deletions
@ -0,0 +1,14 @@ |
||||
#!/usr/bin/perl -w |
||||
|
||||
use esmith::Build::CreateLinks qw(:all); |
||||
|
||||
# Templates to expand |
||||
templates2events("/etc/e-smith/sql/init/grrdb", qw(bootstrap-console-save webapps-update)); |
||||
templates2events("/usr/share/grr/include/connect.inc.php", qw(bootstrap-console-save webapps-update)); |
||||
templates2events("/usr/share/grr/include/config_ldap.inc.php", qw(bootstrap-console-save webapps-update)); |
||||
|
||||
# PHP header and footer |
||||
safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/template-begin"); |
||||
safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/template-end"); |
||||
safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/template-begin"); |
||||
safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/template-end"); |
||||
@ -0,0 +1 @@ |
||||
url |
||||
@ -0,0 +1 @@ |
||||
grrdb |
||||
@ -0,0 +1 @@ |
||||
grruser |
||||
@ -0,0 +1 @@ |
||||
yes |
||||
@ -0,0 +1 @@ |
||||
public |
||||
@ -0,0 +1 @@ |
||||
enabled |
||||
@ -0,0 +1 @@ |
||||
webapp |
||||
@ -0,0 +1,33 @@ |
||||
{ |
||||
my $rec = $DB->get('grr') |
||||
|| $DB->new_record('grr', {type => 'webapp'}); |
||||
my $pw = $rec->prop('DbPassword'); |
||||
if (not $pw or length($pw) < 57) |
||||
{ |
||||
use MIME::Base64 qw(encode_base64); |
||||
|
||||
$pw = "not set due to error"; |
||||
if ( open( RANDOM, "/dev/urandom" ) ) |
||||
{ |
||||
my $buf; |
||||
# 57 bytes is a full line of Base64 coding, and contains |
||||
# 456 bits of randomness - given a perfectly random /dev/random |
||||
if ( read( RANDOM, $buf, 57 ) != 57 ) |
||||
{ |
||||
warn("Short read from /dev/random: $!"); |
||||
} |
||||
else |
||||
{ |
||||
$pw = encode_base64($buf); |
||||
chomp $pw; |
||||
} |
||||
close RANDOM; |
||||
} |
||||
else |
||||
{ |
||||
warn "Could not open /dev/urandom: $!"; |
||||
} |
||||
$rec->set_prop('DbPassword', $pw); |
||||
} |
||||
} |
||||
|
||||
@ -0,0 +1 @@ |
||||
PERMS=0750 |
||||
@ -0,0 +1,3 @@ |
||||
UID="root" |
||||
GID="www" |
||||
PERMS=0640 |
||||
@ -0,0 +1,3 @@ |
||||
UID="root" |
||||
GID="www" |
||||
PERMS=0640 |
||||
@ -0,0 +1,61 @@ |
||||
{ |
||||
my $db = ${'grr'}{'DbName'} || 'grrdb'; |
||||
my $user = ${'grr'}{'DbUser'} || 'grruser'; |
||||
my $pass = ${'grr'}{'DbPassword'} || 'secret'; |
||||
|
||||
my $dbstruct = `rpm -ql grr | grep tables.my.sql`; |
||||
|
||||
|
||||
$OUT .= <<"END"; |
||||
#! /bin/sh |
||||
if [ ! -d /var/lib/mysql/$db ]; then |
||||
/usr/bin/mysql -e 'create database $db' |
||||
/usr/bin/mysql $db < $dbstruct |
||||
fi |
||||
|
||||
/usr/bin/mysql <<EOF |
||||
USE mysql; |
||||
|
||||
REPLACE INTO user ( |
||||
host, |
||||
user, |
||||
password) |
||||
VALUES ( |
||||
'localhost', |
||||
'$user', |
||||
PASSWORD ('$pass')); |
||||
|
||||
|
||||
REPLACE INTO db ( |
||||
host, |
||||
db, |
||||
user, |
||||
select_priv, insert_priv, update_priv, delete_priv, |
||||
create_priv, alter_priv, index_priv, drop_priv, create_tmp_table_priv, |
||||
grant_priv, lock_tables_priv, references_priv) |
||||
VALUES ( |
||||
'localhost', |
||||
'$db', |
||||
'$user', |
||||
'Y', 'Y', 'Y', 'Y', |
||||
'Y', 'Y', 'Y', 'Y', 'Y', |
||||
'N', 'Y', 'Y'); |
||||
|
||||
FLUSH PRIVILEGES; |
||||
|
||||
USE $db; |
||||
|
||||
# Enable LDAP auth |
||||
INSERT IGNORE into grr_setting (NAME, VALUE) VALUES |
||||
('ldap_statut', 'utilisateur'); |
||||
|
||||
# mark the admin user as an administrator in GRR |
||||
INSERT IGNORE INTO grr_utilisateurs (login,statut,etat,source) VALUES |
||||
('admin','administrateur','actif','ext'); |
||||
|
||||
# Remove the default local admin |
||||
DELETE FROM grr_utilisateurs where login='administrateur' and source='local'; |
||||
|
||||
EOF |
||||
END |
||||
} |
||||
@ -0,0 +1,41 @@ |
||||
{ |
||||
my $access = $grr{'access'} || 'private'; |
||||
my $allow = ($access eq 'public')?'all':"$localAccess $externalSSLAccess"; |
||||
|
||||
my $requiressl = (($grr{'RequireSSL'} || 'yes') eq 'yes') ? |
||||
"SSLRequireSSL on":"# RequireSSL is disabled"; |
||||
|
||||
my $alias = (($grr{'AliasOnPrimary'} || 'enabled') eq 'enabled') ? |
||||
'Alias /grr /usr/share/grr' : ''; |
||||
|
||||
if ($grr{'status'} eq 'enabled'){ |
||||
|
||||
$OUT .=<<"END" |
||||
|
||||
# OpenUpload Configuration |
||||
$alias |
||||
|
||||
<Directory /usr/share/grr> |
||||
AllowOverride None |
||||
$requiressl |
||||
AddType application/x-httpd-php .php |
||||
php_admin_value open_basedir /usr/share/grr:/tmp |
||||
php_admin_flag file_uploads on |
||||
php_admin_value memory_limit 64M |
||||
php_admin_value max_execution_time 300 |
||||
order deny,allow |
||||
deny from all |
||||
allow from $allow |
||||
Satisfy all |
||||
<FilesMatch "tables.my.sql"> |
||||
Order allow,deny |
||||
Deny from all |
||||
</FilesMatch> |
||||
</Directory> |
||||
|
||||
END |
||||
} |
||||
else{ |
||||
$OUT .= "# GRR is disabled\n"; |
||||
} |
||||
} |
||||
@ -0,0 +1,14 @@ |
||||
{ |
||||
my $sslport = $modSSL{'TCPPort'} || '443'; |
||||
my $alias = $grr{'AliasOnPrimary'} || 'enabled'; |
||||
my $requiressl = $grr{'RequireSSL'} || 'yes'; |
||||
|
||||
if (($port ne $sslport) && ($requiressl ne 'no') && ($alias ne 'disabled')){ |
||||
|
||||
## Redirect Web Address to Secure Address |
||||
$OUT .= " RewriteEngine on\n"; |
||||
$OUT .= " RewriteRule ^/grr(/.*|\$) https://%{HTTP_HOST}/grr\$1 \[L,R\]\n"; |
||||
|
||||
} |
||||
} |
||||
|
||||
@ -0,0 +1,18 @@ |
||||
{ |
||||
|
||||
use esmith::util; |
||||
my $base = esmith::util::ldapBase($DomainName); |
||||
my $port = $ldap{'TCPPort'} || '389'; |
||||
|
||||
$OUT .=<<"EOF"; |
||||
|
||||
\$ldap_adresse='localhost'; |
||||
\$ldap_port='$port'; |
||||
\$ldap_login=''; |
||||
\$ldap_pwd=''; |
||||
\$ldap_base='ou=Users,$base'; |
||||
\$ldap_filter='(objectClass=sambaSamAccount)'; |
||||
\$use_tls=FALSE; |
||||
|
||||
EOF |
||||
} |
||||
@ -0,0 +1,17 @@ |
||||
{ |
||||
|
||||
my $dbname = $grr{'DbName'} || 'grrdb'; |
||||
my $dbuser = $grr{'DbUser'} || 'grruser'; |
||||
my $dbpass = $grr{'DbPassword'} || 'secret'; |
||||
|
||||
$OUT .=<<"EOF"; |
||||
|
||||
\$dbHost="localhost"; |
||||
\$dbDb="$dbname"; |
||||
\$dbUser="$dbuser"; |
||||
\$dbPass="$dbpass"; |
||||
\$table_prefix="grr"; |
||||
|
||||
EOF |
||||
|
||||
} |
||||
@ -0,0 +1,52 @@ |
||||
# Authority: vip-ire |
||||
# Name: Daniel Berteaud |
||||
|
||||
%define name smeserver-grr |
||||
%define version 0.1.0 |
||||
%define release 1 |
||||
Summary: sme server integration of grr |
||||
Name: %{name} |
||||
Version: %{version} |
||||
Release: %{release}%{?dist} |
||||
License: GNU GPL version 2 |
||||
URL: http://grr.mutualibre.org/ |
||||
Group: SMEserver/addon |
||||
Source: %{name}-%{version}.tar.gz |
||||
|
||||
BuildArchitectures: noarch |
||||
BuildRequires: e-smith-devtools |
||||
BuildRoot: /var/tmp/%{name}-%{version} |
||||
Requires: e-smith-base |
||||
Requires: grr |
||||
Requires: smeserver-webapps-common |
||||
AutoReqProv: no |
||||
|
||||
%description |
||||
smserver integration of GRR |
||||
|
||||
%changelog |
||||
* Tue Mar 09 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1.0-1 |
||||
- initial release |
||||
|
||||
%prep |
||||
%setup |
||||
|
||||
%build |
||||
perl ./createlinks |
||||
|
||||
%install |
||||
rm -rf $RPM_BUILD_ROOT |
||||
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) |
||||
rm -f %{name}-%{version}-filelist |
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ |
||||
> %{name}-%{version}-filelist |
||||
|
||||
%files -f %{name}-%{version}-filelist |
||||
%defattr(-,root,root) |
||||
|
||||
%clean |
||||
rm -rf $RPM_BUILD_ROOT |
||||
|
||||
|
||||
%postun |
||||
|
||||
Loading…
Reference in new issue