From ccd671a4cc56b3782e29bea851f00894e6c66831 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 5 Feb 2013 17:44:24 +0100 Subject: [PATCH] Initial commit --- createlinks | 14 +++++ .../e-smith/db/accounts/defaults/openupload/type | 1 + .../e-smith/db/configuration/defaults/grr/DbName | 1 + .../e-smith/db/configuration/defaults/grr/DbUser | 1 + .../db/configuration/defaults/grr/RequireSSL | 1 + .../e-smith/db/configuration/defaults/grr/access | 1 + .../e-smith/db/configuration/defaults/grr/status | 1 + .../etc/e-smith/db/configuration/defaults/grr/type | 1 + .../e-smith/db/configuration/migrate/grr-database | 33 ++++++++++++ .../templates.metadata/etc/e-smith/sql/init/grrdb | 1 + .../usr/share/grr/include/config_ldap.inc.php | 3 ++ .../usr/share/grr/include/connect.inc.php | 3 ++ .../e-smith/templates/etc/e-smith/sql/init/grrdb | 61 ++++++++++++++++++++++ .../templates/etc/httpd/conf/httpd.conf/98Grr | 41 +++++++++++++++ .../httpd/conf/httpd.conf/VirtualHosts/61RedirGrr | 14 +++++ .../share/grr/include/config_ldap.inc.php/10LDAP | 18 +++++++ .../share/grr/include/connect.inc.php/10Database | 17 ++++++ smeserver-grr.spec | 52 ++++++++++++++++++ 18 files changed, 264 insertions(+) create mode 100644 createlinks create mode 100644 root/etc/e-smith/db/accounts/defaults/openupload/type create mode 100644 root/etc/e-smith/db/configuration/defaults/grr/DbName create mode 100644 root/etc/e-smith/db/configuration/defaults/grr/DbUser create mode 100644 root/etc/e-smith/db/configuration/defaults/grr/RequireSSL create mode 100644 root/etc/e-smith/db/configuration/defaults/grr/access create mode 100644 root/etc/e-smith/db/configuration/defaults/grr/status create mode 100644 root/etc/e-smith/db/configuration/defaults/grr/type create mode 100644 root/etc/e-smith/db/configuration/migrate/grr-database create mode 100644 root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/grrdb create mode 100644 root/etc/e-smith/templates.metadata/usr/share/grr/include/config_ldap.inc.php create mode 100644 root/etc/e-smith/templates.metadata/usr/share/grr/include/connect.inc.php create mode 100644 root/etc/e-smith/templates/etc/e-smith/sql/init/grrdb create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Grr create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61RedirGrr create mode 100644 root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/10LDAP create mode 100644 root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/10Database create mode 100644 smeserver-grr.spec diff --git a/createlinks b/createlinks new file mode 100644 index 0000000..f977814 --- /dev/null +++ b/createlinks @@ -0,0 +1,14 @@ +#!/usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +# Templates to expand +templates2events("/etc/e-smith/sql/init/grrdb", qw(bootstrap-console-save webapps-update)); +templates2events("/usr/share/grr/include/connect.inc.php", qw(bootstrap-console-save webapps-update)); +templates2events("/usr/share/grr/include/config_ldap.inc.php", qw(bootstrap-console-save webapps-update)); + +# PHP header and footer +safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/template-begin"); +safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/template-end"); +safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/template-begin"); +safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/template-end"); diff --git a/root/etc/e-smith/db/accounts/defaults/openupload/type b/root/etc/e-smith/db/accounts/defaults/openupload/type new file mode 100644 index 0000000..96cdd3b --- /dev/null +++ b/root/etc/e-smith/db/accounts/defaults/openupload/type @@ -0,0 +1 @@ +url diff --git a/root/etc/e-smith/db/configuration/defaults/grr/DbName b/root/etc/e-smith/db/configuration/defaults/grr/DbName new file mode 100644 index 0000000..e86b7d6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/grr/DbName @@ -0,0 +1 @@ +grrdb diff --git a/root/etc/e-smith/db/configuration/defaults/grr/DbUser b/root/etc/e-smith/db/configuration/defaults/grr/DbUser new file mode 100644 index 0000000..36e5616 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/grr/DbUser @@ -0,0 +1 @@ +grruser diff --git a/root/etc/e-smith/db/configuration/defaults/grr/RequireSSL b/root/etc/e-smith/db/configuration/defaults/grr/RequireSSL new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/grr/RequireSSL @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/grr/access b/root/etc/e-smith/db/configuration/defaults/grr/access new file mode 100644 index 0000000..a48cf0d --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/grr/access @@ -0,0 +1 @@ +public diff --git a/root/etc/e-smith/db/configuration/defaults/grr/status b/root/etc/e-smith/db/configuration/defaults/grr/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/grr/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/grr/type b/root/etc/e-smith/db/configuration/defaults/grr/type new file mode 100644 index 0000000..1b93c9e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/grr/type @@ -0,0 +1 @@ +webapp diff --git a/root/etc/e-smith/db/configuration/migrate/grr-database b/root/etc/e-smith/db/configuration/migrate/grr-database new file mode 100644 index 0000000..9d2d530 --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/grr-database @@ -0,0 +1,33 @@ +{ + my $rec = $DB->get('grr') + || $DB->new_record('grr', {type => 'webapp'}); + my $pw = $rec->prop('DbPassword'); + if (not $pw or length($pw) < 57) + { + use MIME::Base64 qw(encode_base64); + + $pw = "not set due to error"; + if ( open( RANDOM, "/dev/urandom" ) ) + { + my $buf; + # 57 bytes is a full line of Base64 coding, and contains + # 456 bits of randomness - given a perfectly random /dev/random + if ( read( RANDOM, $buf, 57 ) != 57 ) + { + warn("Short read from /dev/random: $!"); + } + else + { + $pw = encode_base64($buf); + chomp $pw; + } + close RANDOM; + } + else + { + warn "Could not open /dev/urandom: $!"; + } + $rec->set_prop('DbPassword', $pw); + } +} + diff --git a/root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/grrdb b/root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/grrdb new file mode 100644 index 0000000..940dcf3 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/grrdb @@ -0,0 +1 @@ +PERMS=0750 diff --git a/root/etc/e-smith/templates.metadata/usr/share/grr/include/config_ldap.inc.php b/root/etc/e-smith/templates.metadata/usr/share/grr/include/config_ldap.inc.php new file mode 100644 index 0000000..b916d35 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/usr/share/grr/include/config_ldap.inc.php @@ -0,0 +1,3 @@ +UID="root" +GID="www" +PERMS=0640 diff --git a/root/etc/e-smith/templates.metadata/usr/share/grr/include/connect.inc.php b/root/etc/e-smith/templates.metadata/usr/share/grr/include/connect.inc.php new file mode 100644 index 0000000..b916d35 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/usr/share/grr/include/connect.inc.php @@ -0,0 +1,3 @@ +UID="root" +GID="www" +PERMS=0640 diff --git a/root/etc/e-smith/templates/etc/e-smith/sql/init/grrdb b/root/etc/e-smith/templates/etc/e-smith/sql/init/grrdb new file mode 100644 index 0000000..1c13b60 --- /dev/null +++ b/root/etc/e-smith/templates/etc/e-smith/sql/init/grrdb @@ -0,0 +1,61 @@ +{ +my $db = ${'grr'}{'DbName'} || 'grrdb'; +my $user = ${'grr'}{'DbUser'} || 'grruser'; +my $pass = ${'grr'}{'DbPassword'} || 'secret'; + +my $dbstruct = `rpm -ql grr | grep tables.my.sql`; + + +$OUT .= <<"END"; +#! /bin/sh +if [ ! -d /var/lib/mysql/$db ]; then + /usr/bin/mysql -e 'create database $db' + /usr/bin/mysql $db < $dbstruct +fi + +/usr/bin/mysql < + AllowOverride None + $requiressl + AddType application/x-httpd-php .php + php_admin_value open_basedir /usr/share/grr:/tmp + php_admin_flag file_uploads on + php_admin_value memory_limit 64M + php_admin_value max_execution_time 300 + order deny,allow + deny from all + allow from $allow + Satisfy all + + Order allow,deny + Deny from all + + + +END +} +else{ + $OUT .= "# GRR is disabled\n"; +} +} diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61RedirGrr b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61RedirGrr new file mode 100644 index 0000000..df66377 --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61RedirGrr @@ -0,0 +1,14 @@ +{ +my $sslport = $modSSL{'TCPPort'} || '443'; +my $alias = $grr{'AliasOnPrimary'} || 'enabled'; +my $requiressl = $grr{'RequireSSL'} || 'yes'; + +if (($port ne $sslport) && ($requiressl ne 'no') && ($alias ne 'disabled')){ + + ## Redirect Web Address to Secure Address + $OUT .= " RewriteEngine on\n"; + $OUT .= " RewriteRule ^/grr(/.*|\$) https://%{HTTP_HOST}/grr\$1 \[L,R\]\n"; + +} +} + diff --git a/root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/10LDAP b/root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/10LDAP new file mode 100644 index 0000000..13efb3c --- /dev/null +++ b/root/etc/e-smith/templates/usr/share/grr/include/config_ldap.inc.php/10LDAP @@ -0,0 +1,18 @@ +{ + +use esmith::util; +my $base = esmith::util::ldapBase($DomainName); +my $port = $ldap{'TCPPort'} || '389'; + +$OUT .=<<"EOF"; + +\$ldap_adresse='localhost'; +\$ldap_port='$port'; +\$ldap_login=''; +\$ldap_pwd=''; +\$ldap_base='ou=Users,$base'; +\$ldap_filter='(objectClass=sambaSamAccount)'; +\$use_tls=FALSE; + +EOF +} diff --git a/root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/10Database b/root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/10Database new file mode 100644 index 0000000..e41e971 --- /dev/null +++ b/root/etc/e-smith/templates/usr/share/grr/include/connect.inc.php/10Database @@ -0,0 +1,17 @@ +{ + +my $dbname = $grr{'DbName'} || 'grrdb'; +my $dbuser = $grr{'DbUser'} || 'grruser'; +my $dbpass = $grr{'DbPassword'} || 'secret'; + +$OUT .=<<"EOF"; + +\$dbHost="localhost"; +\$dbDb="$dbname"; +\$dbUser="$dbuser"; +\$dbPass="$dbpass"; +\$table_prefix="grr"; + +EOF + +} diff --git a/smeserver-grr.spec b/smeserver-grr.spec new file mode 100644 index 0000000..4d91f23 --- /dev/null +++ b/smeserver-grr.spec @@ -0,0 +1,52 @@ +# Authority: vip-ire +# Name: Daniel Berteaud + +%define name smeserver-grr +%define version 0.1.0 +%define release 1 +Summary: sme server integration of grr +Name: %{name} +Version: %{version} +Release: %{release}%{?dist} +License: GNU GPL version 2 +URL: http://grr.mutualibre.org/ +Group: SMEserver/addon +Source: %{name}-%{version}.tar.gz + +BuildArchitectures: noarch +BuildRequires: e-smith-devtools +BuildRoot: /var/tmp/%{name}-%{version} +Requires: e-smith-base +Requires: grr +Requires: smeserver-webapps-common +AutoReqProv: no + +%description +smserver integration of GRR + +%changelog +* Tue Mar 09 2010 Daniel Berteaud 0.1.0-1 +- initial release + +%prep +%setup + +%build +perl ./createlinks + +%install +rm -rf $RPM_BUILD_ROOT +(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) +rm -f %{name}-%{version}-filelist +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + > %{name}-%{version}-filelist + +%files -f %{name}-%{version}-filelist +%defattr(-,root,root) + +%clean +rm -rf $RPM_BUILD_ROOT + + +%postun +