install script

Author: alainabbas

.github/workflows/release.yml

@@ -23,16 +23,18 @@ jobs:
           cp src/config.yml .debpkg/var/lib/sesame-daemon/backends-modules/ad
           cp README.md .debpkg/var/lib/sesame-daemon/backends-modules/ad
           cp install.sh .debpkg/var/lib/sesame-daemon/backends-modules/ad
-          cp requirements.txt .debpkg/var/lib/sesame-daemon/backends-modules/ad
+          cp copy_ssh_key.py .debpkg/var/lib/sesame-daemon/backends-modules/ad
           chmod 700 .debpkg/var/lib/sesame-daemon/backends-modules/ad/install.sh
+          chmod 700 .debpkg/var/lib/sesame-daemon/backends-modules/ad/copy_ssh_key.py
+          cp requirements.txt .debpkg/var/lib/sesame-daemon/backends-modules/ad
       - uses: jiro4989/build-deb-action@v3
         with:
            package: sesame-backend-ad
            package_root: .debpkg
            maintainer: Libertech
            version: ${{ github.ref }} # refs/tags/v*.*.*
            arch: 'amd64'
-           depends: 'python3, python3-jinja2, python3-paramiko, sesame-daemon'
+           depends: 'python3, python3-jinja2, python3-paramiko, sesame-daemon, openssh-client'
            desc: 'AD backend for sesame-daemon'
            homepage: 'https://github.com/Libertech-FR/sesame-backend-ad'
       - uses: svenstaro/upload-release-action@v2

copy_ssh_key.py

@@ -0,0 +1,30 @@
+#!/usr//bin/python3 -u
+import paramiko
+import argparse
+parser = argparse.ArgumentParser(
+                    prog='ProgramName',
+                    description='What the program does',
+                    epilog='Text at the bottom of help')
+parser.add_argument('-s', '--server')
+parser.add_argument('-u', '--user')      # option that takes a value
+parser.add_argument('-p', '--password')
+parser.add_argument('-k', '--keyfile')
+args = parser.parse_args()
+
+client = paramiko.SSHClient()
+policy = paramiko.AutoAddPolicy()
+client.set_missing_host_key_policy(policy)
+try:
+    client.connect(hostname=args.server, username=args.user, password=args.password)
+    sshfile = client.open_sftp()
+    with open(args.keyfile) as f: new_key = f.read()
+    ## ouverture sur windows du authorized_Keys
+    with sshfile.open(".ssh/authorized_keys", mode="a") as message:
+        message.write(new_key)
+        message.close()
+    del client
+except paramiko.ssh_exception.SSHException as e:
+        e_dict = e.args[0]
+        print("Erreur d'authentification")
+        exit(1)
+

install.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-echo "Deploiment du module LDAP"
+echo "Deploiment du module AD"
 echo "La position determinera l'ordre d'execution des backends (comme dans init.d)"
 read -p "Numero de demarrage du module (2 positions):" NUM
 echo "installation dans backends/${NUM}openldap"
@@ -22,13 +22,16 @@ PWD=`pwd`
 cp ./lib/__init__.py $INSTALL/lib
 ln -s $PWD/lib/backend_utils.py $INSTALL/lib/backend_utils.py
 ln -s $PWD/lib/ad_utils.py $INSTALL/lib/ad_utils.py
+mkdir $INSTALL/ps1_templates
+cp ./ps1_templates/* $INSTALL/ps1_templates
 cp config.yml $INSTALL
 
 echo "Le backend a été installé dans $INSTALL"
 echo "Configuration"
-read -p "Url du serveur AD  : " HOST
-read -p "Utilisateur (doit avoir les droits d'ecriture) : " DN
-read -p "Mot de passe : " PASSWORD
+read -p "Adresse du serveur AD primaire : " HOST
+read -p "Utilisateur (doit avoir les droits d'administration) : " USER
+read -s -p "Mot de passe : " PASSWORD
+echo ""
 read -p "Base ldap AD : " BASE
 read -p "Domaine pour UserPrincipalName : " DOMAIN
 echo "Génération du fichier de configuration"
@@ -40,6 +43,16 @@ echo "base=${BASE}" >> ${CONFFILE}
 echo "domain=${DOMAIN}" >> ${CONFFILE}
 echo "backendFor=adm,etd,esn" >> ${CONFFILE}
 chmod 600 ${CONFFILE}
+echo "Generation d'une clé ssh"
+mkdir $INSTALL/.ssh
+ssh-keygen -t ed25519 -f ${INSTALL}/.ssh/id_ed25519 -N ''
+./copy_ssh_key.py --server=${HOST} --user=${USER} --password="${PASSWORD}" --keyfile=${INSTALL}/.ssh/id_ed25519.pub
+OK=$?
+if [ $OK -ne 0 ];then
+  echo "Impossible de copier la clé sur le serveur  windows. Verifier que l'utilisateur a les droits d'administration"
+  echo "Installation avortée"
+  exit 1
+fi
 systemctl restart sesame-daemon
 echo "Vous pouvez completer le fichier de configuration avec les parametres optionnels (voir README.md)"
 echo "Merci "

src/bin/changepwd.py

@@ -1,5 +1,5 @@
 import sys
-sys.path.insert(0, '../lib')
+sys.path.append('../lib')
 import ad_utils as ad
 import backend_utils as u
 

src/bin/ping.py

@@ -1,9 +1,9 @@
 import sys
-sys.path.insert(0, '../lib')
+sys.path.append('../lib')
 import ad_utils as ad
 import backend_utils as u
 
-entity=u.readjsoninput()
 config=u.read_config('../etc/config.conf')
 ad.set_config(config)
-## test connection
+## test connection
+ad.test_conn()

src/bin/resetpwd.py

@@ -1,5 +1,5 @@
 import sys
-sys.path.insert(0, '../lib')
+sys.path.append('../lib')
 import ad_utils as ad
 import backend_utils as u
 

src/bin/upsertidentity.py

@@ -1,5 +1,5 @@
 import sys
-sys.path.insert(0, '../lib')
+sys.path.append('../lib')
 import ad_utils as ad
 import backend_utils as u
 

src/lib/ad_utils.py

@@ -1,7 +1,9 @@
 import os.path
+import sys
+sys.path.append('.')
 import paramiko
 from jinja2 import FileSystemLoader
-import src.lib.backend_utils as u
+import backend_utils as u
 import jinja2
 
 __DEBUG__=0
@@ -32,7 +34,11 @@ def exec_cmd(command):
     return content
 
 def compose_dn(entity):
+
     rdnValue=u.find_key(entity,'cn')
+    x=type(rdnValue)
+    if rdnValue is None:
+        rdnValue='test'
     branchAttr=u.config('branchAttr','')
     branch  = ''
     if branchAttr != '':
@@ -56,6 +62,28 @@ def dn_superior(dn):
    return ','.join(tab)
 
 
+def test_conn():
+    environment = jinja2.Environment(loader=FileSystemLoader("../ps1_templates/"))
+    template = environment.get_template('ping.template')
+    content=template.render({})
+    scriptName='ping.ps1'
+    client = open_ssh_conn()
+    sshfile = client.open_sftp()
+    with sshfile.open(scriptName, mode="w") as message:
+        message.write(content)
+    ##execution du script
+    chan = client.get_transport().open_session()
+    chan.exec_command('powershell -ExecutionPolicy Bypass -NonInteractive -File ping.ps1')
+    exitCode = chan.recv_exit_status()
+    content = chan.recv(4096).decode('utf-8')
+    del client
+    if exitCode == 0:
+        print(u.returncode(0, content.rstrip("\n")))
+        exit(0)
+    else:
+        print(u.returncode(1, content.rstrip("\n")))
+        exit(1)
+
 def gen_script_from_template(entity,template):
     data={
         'domain' :u.config('domain'),