Merge branch 'argonaut-0.9.6-fixes'

7328605e · Mortier Benoit · d870fa92 · f4c00573 · 7328605e · 7328605e
Commit 7328605e authored Jul 12, 2016 by Mortier Benoit
--- a/AUTHORS
+++ b/AUTHORS
@@ -19,3 +19,6 @@ documentation and additional help.
  
 * Jonathan Swaelens <jonathan@opensides.be>
  QA, Testing, Systemd units  
+
+* Sean Thatcher papertray3@gmail.com
+  Corrected Argonaut systemd units
--- a/Changelog
+++ b/Changelog
 Argonaut changelog
 ==================

+* Argonaut 0.9.7
+
+[Fix] Bugs #4691: the systemd unit files have a syntax error
+[Feature] Bugs #4864: migrate the script for user-reminder to the argonaut-framework
+[Feature] Bugs #4865: create argonaut-clean-audit to remove old audit entries from ldap
+
 * Argonaut 0.9.6

 [Feature] Bugs #4493: It would be nice to accept more than one reverse zone with argonaut-ldap2zone

--- a/argonaut-client/lib/systemd/system/argonaut-client.service
+++ b/argonaut-client/lib/systemd/system/argonaut-client.service
@@ -8,5 +8,5 @@ ExecStart=/usr/sbin/argonaut-client
 PIDFile=/var/run/argonaut/argonaut-client.pid

 [Install]
-WantedBy=muli-user.target
+WantedBy=multi-user.target

--- a/argonaut-client/man/argonaut-client.1
+++ b/argonaut-client/man/argonaut-client.1
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ARGONAUT-CLIENT 1"
-.TH ARGONAUT-CLIENT 1 "2016-01-06" "Argonaut 0.9.6" "Argonaut Documentation"
+.TH ARGONAUT-CLIENT 1 "2016-01-06" "Argonaut 0.9.7" "Argonaut Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

--- a/argonaut-fai-mirror/man/argonaut-debconf-crawler.1
+++ b/argonaut-fai-mirror/man/argonaut-debconf-crawler.1
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ARGONAUT-DEBCONF-CRAWLER 1"
-.TH ARGONAUT-DEBCONF-CRAWLER 1 "2016-01-06" "Argonaut 0.9.6" "Argonaut Documentation"
+.TH ARGONAUT-DEBCONF-CRAWLER 1 "2016-01-06" "Argonaut 0.9.7" "Argonaut Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

--- a/argonaut-fai-mirror/man/argonaut-repository.1
+++ b/argonaut-fai-mirror/man/argonaut-repository.1
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ARGONAUT-REPOSITORY 1"
-.TH ARGONAUT-REPOSITORY 1 "2016-01-06" "Argonaut 0.9.6" "Argonaut Documentation"
+.TH ARGONAUT-REPOSITORY 1 "2016-01-06" "Argonaut 0.9.7" "Argonaut Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

--- a/argonaut-fai-monitor/lib/systemd/system/argonaut-fai-monitor.service
+++ b/argonaut-fai-monitor/lib/systemd/system/argonaut-fai-monitor.service
@@ -8,5 +8,5 @@ ExecStart=/usr/sbin/argonaut-fai-monitor
 PIDFile=/var/run/argonaut/argonaut-fai-monitor.pid

 [Install]
-WantedBy=muli-user.target
+WantedBy=multi-user.target

--- a/argonaut-fai-monitor/man/argonaut-fai-monitor.1
+++ b/argonaut-fai-monitor/man/argonaut-fai-monitor.1
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ARGONAUT-FAI-MONITOR 1"
-.TH ARGONAUT-FAI-MONITOR 1 "2016-01-06" "Argonaut 0.9.6" "Argonaut Documentation"
+.TH ARGONAUT-FAI-MONITOR 1 "2016-01-06" "Argonaut 0.9.7" "Argonaut Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

--- a/argonaut-fai-nfsroot/man/argonaut-ldap2fai.1
+++ b/argonaut-fai-nfsroot/man/argonaut-ldap2fai.1
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ARGONAUT-LDAP2FAI 1"
-.TH ARGONAUT-LDAP2FAI 1 "2016-01-06" "Argonaut 0.9.6" "Argonaut Documentation"
+.TH ARGONAUT-LDAP2FAI 1 "2016-01-06" "Argonaut 0.9.7" "Argonaut Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

--- a/argonaut-fai-server/man/fai2ldif.1
+++ b/argonaut-fai-server/man/fai2ldif.1
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "FAI2LDIF 1"
-.TH FAI2LDIF 1 "2016-01-06" "Argonaut 0.9.6" "Argonaut Documentation"
+.TH FAI2LDIF 1 "2016-01-06" "Argonaut 0.9.7" "Argonaut Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

--- a/argonaut-fai-server/man/yumgroup2yumi.1
+++ b/argonaut-fai-server/man/yumgroup2yumi.1
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "YUMGROUP2YUMI 1"
-.TH YUMGROUP2YUMI 1 "2016-01-06" "Argonaut 0.9.6" "Argonaut Documentation"
+.TH YUMGROUP2YUMI 1 "2016-01-06" "Argonaut 0.9.7" "Argonaut Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

--- a/argonaut-fuse/lib/systemd/system/argonaut-fuse.service
+++ b/argonaut-fuse/lib/systemd/system/argonaut-fuse.service
@@ -10,5 +10,5 @@ ExecStop=/bin/sh -c "/bin/fusermount -u $(cat /var/log/argonaut/argonaut-fuse.lo
 PIDFile=/var/run/argonaut/argonaut-fuse.pid

 [Install]
-WantedBy=muli-user.target
+WantedBy=multi-user.target

--- a/argonaut-fuse/man/argonaut-fuse.1
+++ b/argonaut-fuse/man/argonaut-fuse.1
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ARGONAUT-FUSE 1"
-.TH ARGONAUT-FUSE 1 "2016-01-06" "Argonaut 0.9.6" "Argonaut Documentation"
+.TH ARGONAUT-FUSE 1 "2016-01-06" "Argonaut 0.9.7" "Argonaut Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

--- a/argonaut-fusiondirectory/bin/argonaut-clean-audit
+++ b/argonaut-fusiondirectory/bin/argonaut-clean-audit
+#!/usr/bin/perl
+
+#######################################################################
+#
+# Cleaning old audit entries
+#
+# Copyright (C) 2015-2016 FusionDirectory project
+#
+# Author: Côme BERNIGAUD
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+#######################################################################
+
+use strict;
+use warnings;
+
+use 5.008;
+
+use Argonaut::Libraries::Common qw(:ldap :config);
+
+my $verbose = 0;
+
+sub print_usage
+{
+  print "Usage : argonaut-clean-audit [--verbose]\n";
+  exit(0);
+}
+
+foreach my $arg ( @ARGV ) {
+  if (lc($arg) eq "--verbose") {
+    $verbose = 1;
+  } else {
+    print_usage();
+  }
+}
+
+my $config = argonaut_read_config;
+my ($ldap,$ldap_base) = argonaut_ldap_handle($config);
+
+my $mesg = $ldap->search( # Search for plugin configuration
+  base   => $ldap_base,
+  filter => "(&(objectClass=fdAuditPluginConf)(fdAuditRotationDelay=*))",
+  attrs => [ 'fdAuditRotationDelay' ]
+);
+if ($mesg->code != 0) {
+  die "LDAP error: " . $mesg->error . "(" . $mesg->code . ")\n";
+}
+if ($mesg->count == 0) {
+  die "Could not find fdAuditRotationDelay setting in the LDAP\n";
+}
+
+my $delay = ($mesg->entries)[0]->get_value("fdAuditRotationDelay");
+my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime(time() - $delay * 24 * 60 * 60);
+my $date = sprintf("%04d%02d%02d%02d%02d%02dZ", 1900 + $year, 1 + $mon, $mday, $hour, $min, $sec);
+
+$mesg = $ldap->search( # list obsolete audit events
+  base   => $ldap_base,
+  filter => "(&(objectClass=fdAuditEvent)(fdAuditDateTime<=$date))",
+  attrs => [ 'dn' ]
+);
+if ($mesg->code != 0) {
+  die "LDAP error: " . $mesg->error . "(" . $mesg->code . ")\n";
+}
+
+my $count = 0;
+foreach my $entry ($mesg->entries()) {
+  $mesg = $ldap->delete($entry);
+  if ($mesg->is_error()) {
+    print "Error: " . $mesg->error . "(" . $mesg->code . ")\n";
+  } else {
+    $count++;
+  }
+}
+print "Deleted $count audit event entries\n";
+
+__END__
+
+=head1 NAME
+
+argonaut-clean-audit - delete old audit entries from the LDAP
+
+=head1 SYNOPSIS
+
+argonaut-clean-audit [--verbose]
+
+=head1 DESCRIPTION
+
+argonaut-clean-audit is a program used to delete old audit entries from the LDAP.
+It reads the delay before deletion from LDAP in fdAuditRotationDelay.
+
+=head1 OPTIONS
+
+=over 3
+
+=item B<--verbose>
+
+be verbose
+
+=back
+
+=head1 BUGS
+
+Please report any bugs, or post any suggestions, to the fusiondirectory mailing list fusiondirectory-users or to
+<https://forge.fusiondirectory.org/projects/argonaut-agents/issues/new>
+
+=head1 AUTHORS
+
+Come Bernigaud
+
+=head1 LICENCE AND COPYRIGHT
+
+This code is part of Argonaut Project <https://www.argonaut-project.org/>
+
+=over 1
+
+=item Copyright (C) 2015-2016 FusionDirectory project
+
+=back
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+=cut
--- a/argonaut-fusiondirectory/bin/argonaut-user-reminder
+++ b/argonaut-fusiondirectory/bin/argonaut-user-reminder
+#!/usr/bin/perl
+
+########################################################################
+#
+#  argonaut-user-reminder
+#
+#  Check for expired users and send them a mail allowing to postpone expiration
+#
+#  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
+#  Copyright (C) 2016  FusionDirectory
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+########################################################################
+
+use strict;
+use warnings;
+use 5.008;
+
+use Digest::SHA qw(sha256_base64);
+
+use Argonaut::Libraries::Common qw(:ldap :string :config);
+
+# first, create your message
+use Email::MIME;
+
+# send the message
+use Email::Sender::Simple qw(sendmail);
+
+my $die_endl = "\n"; # Change to "" to have verbose dies
+
+my $config;
+
+$config = argonaut_read_config;
+$config->{'config_rdn'}  = 'cn=config,ou=fusiondirectory';
+$config->{'fd_rdn'}      = 'ou=fusiondirectory,';
+
+my $verbose = 0;
+
+sub print_usage
+{
+  print "Usage : argonaut-user-reminder [--verbose]\n";
+  exit(0);
+}
+
+foreach my $arg ( @ARGV ) {
+  if (lc($arg) eq "--verbose") {
+    $verbose = 1;
+  } else {
+    print_usage();
+  }
+}
+
+check_expired_users();
+
+exit 0;
+
+##########################################################################################
+
+# Die on all LDAP error except for «No such object»
+sub die_on_ldap_errors
+{
+  my ($mesg) = @_;
+  if (($mesg->code != 0) && ($mesg->code != 32)) {
+    die $mesg->error;
+  }
+}
+
+#############################################################
+
+sub create_branch {
+  my ($ldap, $base, $ou) = @_;
+  $ou =~ m/^ou=([^,]*),?$/ or die "Can’t create branch of unknown type $ou\n";
+  my $branch_add = $ldap->add( "$ou,$base",
+    attr => [
+      'ou'  => $1,
+      'objectClass' =>  'organizationalUnit'
+      ]
+  );
+
+  $branch_add->code && die "! failed to add LDAP's $ou,$base branch: ".$branch_add->error."\n";
+}
+
+sub branch_exists {
+  my ($ldap, $branch) = @_;
+
+  # search for branch
+  my $branch_mesg = $ldap->search (base => $branch, filter => '(objectClass=*)', scope => 'base');
+  if ($branch_mesg->code == 32) {
+    return 0;
+  }
+  $branch_mesg->code && die $branch_mesg->error;
+
+  my @entries = $branch_mesg->entries;
+  return (defined ($entries[0]));
+}
+
+# Read FD config in the LDAP
+sub read_ldap_config {
+  my ($ldap) = @_;
+
+  my $mesg = $ldap->search (base => $config->{'config_rdn'}.','.$config->{'ldap_base'}, filter => '(objectClass=fusionDirectoryConf)', scope => 'base');
+  die_on_ldap_errors($mesg);
+
+
+  # Days before expiration to send the first mail
+  $config->{'alert_delay'}       = 15;
+  # Days after first mail to send a new one
+  $config->{'resend_delay'}      = 7;
+  # Should alert mails be forwarded to the manager
+  $config->{'forward_alert'}     = 1;
+
+  $config->{'user_rdn'}  = 'ou=people,';
+  $config->{'token_rdn'} = 'ou=tokens,';
+
+  if ($mesg->count > 0) {
+    if (($mesg->entries)[0]->exists('fdUserRDN')) {
+      $config->{'user_rdn'} = ($mesg->entries)[0]->get_value('fdUserRDN');
+    }
+    if (($mesg->entries)[0]->exists('fdTokenRDN')) {
+      $config->{'token_rdn'} = ($mesg->entries)[0]->get_value('fdTokenRDN');
+    }
+    if (($mesg->entries)[0]->exists('fdUserReminderAlertDelay')) {
+      $config->{'alert_delay'} = ($mesg->entries)[0]->get_value('fdUserReminderAlertDelay');
+    }
+    if (($mesg->entries)[0]->exists('fdUserReminderResendDelay')) {
+      $config->{'resend_delay'} = ($mesg->entries)[0]->get_value('fdUserReminderResendDelay');
+    }
+    if (($mesg->entries)[0]->exists('fdUserReminderForwardAlert')) {
+      $config->{'forward_alert'} = (($mesg->entries)[0]->get_value('fdUserReminderForwardAlert') eq "TRUE");
+    }
+    $config->{'alert_mailsubject'}  = ($mesg->entries)[0]->get_value('fdUserReminderAlertSubject');
+    $config->{'alert_mailbody'}     = ($mesg->entries)[0]->get_value('fdUserReminderAlertBody');
+    $config->{'alert_mailaddress'}  = ($mesg->entries)[0]->get_value('fdUserReminderEmail');
+  } else {
+    die "Could not find configuration node in the LDAP".$die_endl;
+  }
+
+  return ($mesg->entries)[0];
+}
+
+sub check_expired_users {
+  my ($ldap,$ldap_base) = argonaut_ldap_handle($config);
+  $config->{'ldap_base'} = $ldap_base;
+  read_ldap_config($ldap);
+
+  my $today = int(time() / 86400); # 24 * 60 * 60
+
+  my $next_expired_date = ($today + $config->{'alert_delay'});
+
+  my $filter = '(&(objectClass=person)(shadowExpire=*))';
+  my $mesg = $ldap->search(
+    base    => $config->{'ldap_base'},
+    filter  => $filter,
+    scope   => 'subtree'
+  );
+  die_on_ldap_errors($mesg);
+
+  foreach my $entry ($mesg->entries()) {
+    my $cn = $entry->get_value('cn');
+    if ($entry->get_value('shadowExpire') <= $today) {
+      print "$cn is Expired\n";
+    } elsif ($entry->get_value('shadowExpire') <= $next_expired_date) {
+      #~ Check if we have a mail address for this user.
+      my $mail_address = $entry->get_value('mail');
+      if (not defined $mail_address) {
+        print "User $cn has no mail address, skipping…\n";
+        next;
+      }
+      my ($token_hash, $token_date) = get_ldap_token($ldap, $entry->get_value('uid'));
+      #~ Check if we already sent an email.
+      if ((defined $token_date) && ($token_date + $config->{'resend_delay'} > $today)) {
+        print "User $cn was already sent a mail, not resending yet.\n";
+        next;
+      }
+      my ($manager_cn, $manager_mail);
+      if ($config->{'forward_alert'}) {
+        #~ Find the manager
+        my $manager_dn = $entry->get_value('manager');
+        if (not defined $manager_dn) {
+          my $ou = $entry->dn;
+          $ou =~ s/^[^,]+,$config->{'user_rdn'}//;
+          my $manager_mesg = $ldap->search(
+            base    => $ou,
+            filter  => '(objectClass=*)',
+            scope   => 'base'
+          );
+          if ($manager_mesg->count() > 0) {
+            $manager_dn = ($manager_mesg->entries)[0]->get_value('manager');
+          }
+        }
+        if (not defined $manager_dn) {
+          print "No manager found for $cn\n";
+        }
+        my $manager_mesg = $ldap->search(
+          base    => $manager_dn,
+          filter  => '(objectClass=*)',
+          scope   => 'base'
+        );
+        if ($manager_mesg->count() > 0) {
+          $manager_cn   = ($manager_mesg->entries)[0]->get_value('cn');
+          $manager_mail = ($manager_mesg->entries)[0]->get_value('mail');
+        }
+      }
+      send_alert_mail($ldap, $entry->get_value('uid'), $today, $cn, $mail_address, $manager_cn, $manager_mail);
+    }
+  }
+}
+
+sub send_alert_mail
+{
+  my ($ldap, $uid, $date, $user_cn, $user_mail, $manager_cn, $manager_mail) = @_;
+  my $token = store_ldap_token($ldap, $uid, $date);
+  print "Sending mail to $user_cn<$user_mail>";
+  my $cc = "";
+  if (defined $manager_mail) {
+    print ", copy to $manager_cn<$manager_mail>";
+    $cc = "$manager_cn<$manager_mail>";
+  }
+  print " with token $token\n";
+  my $message = Email::MIME->create(
+    header_str => [
+      From    => $config->{'alert_mailaddress'},
+      To      => "$user_cn<$user_mail>",
+      Cc      => $cc,
+      Subject => $config->{'alert_mailsubject'},
+    ],
+    attributes => {
+      encoding => 'quoted-printable',
+      charset  => 'UTF-8',
+    },
+    body_str => sprintf($config->{'alert_mailbody'},$user_cn,$uid,$token),
+  );
+  sendmail($message);
+}
+
+sub get_ldap_token
+{
+  my ($ldap, $uid) = @_;
+
+  my $dn = "ou=$uid,".$config->{'token_rdn'}.$config->{'fd_rdn'}.$config->{'ldap_base'};
+
+  my $mesg = $ldap->search(
+    base    => $dn,
+    filter  => "(ou=$uid)",
+    scope   => 'base'
+  );
+
+  if ($mesg->count()) {
+    return (($mesg->entries)[0]->get_value('userPassword'), ($mesg->entries)[0]->get_value('description'));
+  } else {
+    return ();
+  }
+}
+
+sub store_ldap_token
+{
+  my ($ldap, $uid, $date) = @_;
+
+  my $token_password  = argonaut_gen_random_str(48);
+  my $token_hash      = sha256_base64('expired'.$token_password);
+  while (length($token_hash) % 4) {
+    $token_hash .= '=';
+  }
+  $token_hash = "{SHA}".$token_hash;
+
+  my $dn = "ou=$uid,".$config->{'token_rdn'}.$config->{'fd_rdn'}.$config->{'ldap_base'};
+
+  if (!branch_exists($ldap, $config->{'token_rdn'}.$config->{'fd_rdn'}.$config->{'ldap_base'})) {
+    create_branch($ldap, $config->{'fd_rdn'}.$config->{'ldap_base'}, $config->{'token_rdn'});
+  }
+
+  my $mesg = $ldap->add(
+    $dn,
+    attr => [
+      'ou'            => $uid,
+      'objectClass'   => 'organizationalUnit',
+      'userPassword'  => $token_hash,
+      'description'   => $date
+    ]
+  );
+
+  $mesg->code && die "! failed to add LDAP's $dn token: ".$mesg->error."\n";
+
+  return $token_password;
+}
+
+__END__
+
+=head1 NAME
+
+argonaut-user-reminder - read account expiration date from ldap and send emails reminders
+
+=head1 SYNOPSIS
+
+argonaut-user-reminder [--verbose]
+
+=head1 DESCRIPTION
+
+argonaut-user-reminder is a program used to read account expiration dates from the LDAP.
+It reads the delay before expiration from the LDAP and send emails for user to postpone
+expiration date.
+
+=head1 OPTIONS
+
+=over 3
+
+=item B<--verbose>
+
+be verbose
+
+=back
+
+=head1 BUGS
+
+Please report any bugs, or post any suggestions, to the fusiondirectory mailing list fusiondirectory-users or to
+<https://forge.fusiondirectory.org/projects/argonaut-agents/issues/new>
+
+=head1 AUTHORS
+
+Come Bernigaud
+
+=head1 LICENCE AND COPYRIGHT
+