diff --git a/gui/models/application_settings.py b/gui/models/application_settings.py index 703a0d8..384c5b5 100644 --- a/gui/models/application_settings.py +++ b/gui/models/application_settings.py @@ -2172,7 +2172,14 @@ def delete_sso_profile(self, login): """ Delete SSOProfiles associated to a login and to the principal repository Can raise an exception if failure """ - sso_profiles_app = json.loads(self.sso_profile) + if self.sso_forward == "basic": + sso_profiles_app = [{'type': "learn", 'name': "basic_username;vlt;", 'asked_name': "username"}, + {'type': "learn_secret", 'name': "basic_password;vlt;", 'asked_name': "password"}] + elif self.sso_forward == "kerberos": + sso_profiles_app = [{'type': "learn", 'name': "kerberos_username;vlt;", 'asked_name': "username"}, + {'type': "learn_secret", 'name': "kerberos_password;vlt;", 'asked_name': "password"}] + else: + sso_profiles_app = json.loads(self.sso_profile) auth_backend = self.getAuthBackend() for sso_profile_app in sso_profiles_app: if sso_profile_app['type'] in ("learn", "learn_secret"): diff --git a/gui/models/ssl_certificate.py b/gui/models/ssl_certificate.py index c43c2d6..cf682b2 100644 --- a/gui/models/ssl_certificate.py +++ b/gui/models/ssl_certificate.py @@ -268,7 +268,7 @@ def write_certificate(self): f.write(rsa_key) with open("%shaproxy/Certificate-%s.pem" % (settings.CONF_DIR, self.id), 'w') as f: - f.write(rsa_key) + f.write(str(self.key)) f.write('\n') f.write(self.cert) # FIXME diff --git a/gui/views/application.py b/gui/views/application.py index 77b55cb..51a6205 100644 --- a/gui/views/application.py +++ b/gui/views/application.py @@ -664,6 +664,13 @@ def edit(request, object_id=None): if application.type == "balanced": application.private_uri = "{}://{}".format(application.proxy_balancer.members[0].uri_type, application.proxy_balancer.members[0].uri) + if application.sso_enabled: + if application.sso_forward == "basic": + application.sso_profile = json.dumps([{'type': "learn", 'name': "basic_username;vlt;", 'asked_name': "username"}, + {'type': "learn_secret", 'name': "basic_password;vlt;", 'asked_name': "password"}]) + elif application.sso_forward == "kerberos": + application.sso_profile = json.dumps([{'type': "learn", 'name': "kerberos_username;vlt;", 'asked_name': "username"}, + {'type': "learn_secret", 'name': "kerberos_password;vlt;", 'asked_name': "password"}]) # Check if api_call to reload rsyslogd is needed if old_app: diff --git a/vulture_toolkit/auth/ldap_client.py b/vulture_toolkit/auth/ldap_client.py index e93d3a2..7dc11ba 100644 --- a/vulture_toolkit/auth/ldap_client.py +++ b/vulture_toolkit/auth/ldap_client.py @@ -671,10 +671,11 @@ def test_group_search(self, group_name): group_info = self.search_group(group_name) if group_info: for group in group_info: - response['groups'].append({ - 'group_dn': group[0], - 'group_members': group[1].get(self.group_member_attr.lower(), []) - }) + if group[0]: + response['groups'].append({ + 'group_dn': group[0], + 'group_members': group[1].get(self.group_member_attr.lower(), []) + }) response['status'] = True except Exception as e: logger.exception(e) diff --git a/vulture_toolkit/log/log_utils.py b/vulture_toolkit/log/log_utils.py index d39108d..f0b28e9 100644 --- a/vulture_toolkit/log/log_utils.py +++ b/vulture_toolkit/log/log_utils.py @@ -227,5 +227,5 @@ def delete_logs(self): self.client.delete_logs(lastDate) lastDate = (datetime.datetime.now() - datetime.timedelta(days=30)) - [m.delete() for m in Monitor.objects.get(time__lt=lastDate)] + [m.delete() for m in Monitor.objects(time__lt=lastDate)] return True diff --git a/vulture_toolkit/update_api/update_scripts/GUI-1.78/0_reload_haproy_certs.py b/vulture_toolkit/update_api/update_scripts/GUI-1.78/0_reload_haproy_certs.py new file mode 100755 index 0000000..68b8067 --- /dev/null +++ b/vulture_toolkit/update_api/update_scripts/GUI-1.78/0_reload_haproy_certs.py @@ -0,0 +1,51 @@ +#!/home/vlt-gui/env/bin/python +# coding:utf-8 + +"""This file is part of Vulture 3. + +Vulture 3 is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Vulture 3 is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with Vulture 3. If not, see http://www.gnu.org/licenses/. +""" +__author__ = "Kevin Guillemot" +__credits__ = [] +__license__ = "GPLv3" +__version__ = "3.0.0" +__maintainer__ = "Vulture Project" +__email__ = "contact@vultureproject.org" +__doc__ = """This migration script rewrite HAProxy certificates on disk """ + +import os +import sys + +sys.path.append('/home/vlt-gui/vulture') +os.environ.setdefault("DJANGO_SETTINGS_MODULE", 'vulture.settings') + +import django +django.setup() + +from gui.models.network_settings import Loadbalancer +from gui.models.ssl_certificate import SSLCertificate + + +if __name__ == '__main__': + + # If HAProxy used + if Loadbalancer.objects.count() == 0: + print("No load-balancer configured.") + sys.exit(0) + + for cert in SSLCertificate.objects(): + cert.write_certificate() + print("Cert {} reloaded".format(cert.name)) + + print("Certificates reloaded") diff --git a/vulture_toolkit/update_api/update_scripts/GUI-1.78/1_maj_haproxy.sh b/vulture_toolkit/update_api/update_scripts/GUI-1.78/1_maj_haproxy.sh new file mode 100755 index 0000000..a0602c5 --- /dev/null +++ b/vulture_toolkit/update_api/update_scripts/GUI-1.78/1_maj_haproxy.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# +# This migration script install newest Vulture-LIBS package +# +# + +. /etc/rc.conf + +if [ "$http_proxy" != "" ] +then + export https_proxy="http://$http_proxy" + export http_proxy="http://$http_proxy" +fi + +/usr/sbin/pkg upgrade -y haproxy || echo "[!] Failed to upgrade HAProxy - Please do this manually using 'pkg upgrade -y haproxy'" diff --git a/vulture_toolkit/update_api/update_scripts/GUI-1.78/fix_mongodb_crontab.sh b/vulture_toolkit/update_api/update_scripts/GUI-1.78/fix_mongodb_crontab.sh new file mode 100755 index 0000000..0c82dc9 --- /dev/null +++ b/vulture_toolkit/update_api/update_scripts/GUI-1.78/fix_mongodb_crontab.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# +# This migration script install newest Vulture-LIBS package +# +# + +. /etc/rc.conf + +cat - << EOF > /etc/rc.conf.d/mongod +mongod_poststart() +{ + if [ -f \${pidfile} ]; then + (chgrp vlt-sys \${pidfile} && chmod g+r \${pidfile}) || return 1 + fi + return 0 +} +start_postcmd="mongod_poststart" +EOF + +echo "[+] Restarting Mongodb to take changes ..." +/usr/sbin/service mongod restart +echo "[*] Done" diff --git a/vulture_toolkit/update_api/update_scripts/GUI-1.78/maj_vulture-LIBS.sh b/vulture_toolkit/update_api/update_scripts/GUI-1.78/maj_vulture-LIBS.sh new file mode 100755 index 0000000..2c2be12 --- /dev/null +++ b/vulture_toolkit/update_api/update_scripts/GUI-1.78/maj_vulture-LIBS.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# +# This migration script install newest Vulture-LIBS package +# +# + +. /etc/rc.conf + +if [ "$http_proxy" != "" ] +then + export https_proxy="http://$http_proxy" + export http_proxy="http://$http_proxy" +fi + +cd /tmp + +/bin/echo "[+] Updating Vulture-LIBS from branch \"$1\"..." +/bin/rm -f /tmp/Vulture-LIBS.tar.gz + +bsd_version=$(/usr/bin/uname -r | /usr/bin/cut -d '-' -f 1) +url="https://download.vultureproject.org/v3/$bsd_version$1/Vulture-LIBS.tar.gz" + +/bin/echo -n "[+] Downloading from '$url' ..." +/usr/local/bin/wget --no-check-certificate $url >>/tmp/installation.log 2>&1 +/bin/echo "DONE" + +cd /home/vlt-gui +/bin/rm -rf ./env +/usr/bin/tar xf /tmp/Vulture-LIBS.tar.gz +/usr/sbin/chown -R vlt-gui:vlt-gui /home/vlt-gui/ + +/bin/echo -n "[+] Installing Vulture libraries ..." +/bin/sh "/home/vlt-gui/lib-$bsd_version/install.sh" +/bin/echo "OK" + +/bin/echo "[*] Update of Vulture-LIBS ended" +