diff --git a/actions/xmpp b/actions/xmpp index 10667b857..0b5a5125b 100755 --- a/actions/xmpp +++ b/actions/xmpp @@ -50,6 +50,30 @@ def parse_arguments(): # Setup jwchat apache conf subparsers.add_parser('setup', help='Setup jwchat apache conf') + # Get whether LDAP authentication is enabled + subparsers.add_parser('is-ldap-enabled', + help='Get whether LDAP authentication is enabled') + + # Enable LDAP authentication + subparsers.add_parser('enable-ldap', + help='Enable LDAP authentication') + + # Disable LDAP authentication + subparsers.add_parser('disable-ldap', + help='Disable LDAP authentication') + + # Get whether inband registration is enabled + subparsers.add_parser('is-inband-enabled', + help='Get whether inband registration is enabled') + + # Enable inband registration + subparsers.add_parser('enable-inband', + help='Enable inband registration') + + # Disable inband registration + subparsers.add_parser('disable-inband', + help='Disable inband registration') + # Prepare ejabberd for hostname change pre_hostname_change = subparsers.add_parser( 'pre-change-hostname', @@ -113,6 +137,93 @@ def subcommand_setup(_): subprocess.call(['service', 'apache2', 'reload']) +def subcommand_is_ldap_enabled(_): + """Get whether LDAP authentication is enabled""" + conffile = open(EJABBERD_CONFIG, 'r') + conf = yaml.safe_load(conffile) + print('ldap' in conf['auth_method']) + + +def subcommand_enable_ldap(_): + """Enable LDAP authentication""" + with open(EJABBERD_CONFIG, 'r') as conffile: + lines = conffile.readlines() + with open(EJABBERD_CONFIG, 'w') as conffile: + for line in lines: + if 'auth_method: internal' in line: + conffile.write('## ' + line) + elif '## auth_method: ldap' in line: + conffile.write('auth_method: ldap\n') + elif '## ldap_servers:' in line: + conffile.write('ldap_servers:\n') + conffile.write(' - "localhost"\n') + elif '## ldap_base:' in line: + conffile.write('ldap_base: "ou=users,dc=thisbox"\n') + else: + conffile.write(line) + try: + subprocess.check_output(['ejabberdctl', 'restart']) + except subprocess.CalledProcessError as err: + print('Failed to restart ejabberd with new configuration: %s', err) + + +def subcommand_disable_ldap(_): + """Disable LDAP authentication""" + with open(EJABBERD_CONFIG, 'r') as conffile: + lines = conffile.readlines() + with open(EJABBERD_CONFIG, 'w') as conffile: + for line in lines: + if '## auth_method: internal' in line: + conffile.write('auth_method: internal\n') + elif 'auth_method: ldap' in line: + conffile.write('## auth_method: ldap\n') + else: + conffile.write(line) + try: + subprocess.check_output(['ejabberdctl', 'restart']) + except subprocess.CalledProcessError as err: + print('Failed to restart ejabberd with new configuration: %s', err) + + +def subcommand_is_inband_enabled(_): + """Get whether inband registration is enabled""" + conffile = open(EJABBERD_CONFIG, 'r') + conf = yaml.safe_load(conffile) + print('all' in conf['modules']['mod_register']['ip_access']) + + +def subcommand_enable_inband(_): + """Enable inband registration""" + with open(EJABBERD_CONFIG, 'r') as conffile: + lines = conffile.readlines() + with open(EJABBERD_CONFIG, 'w') as conffile: + for line in lines: + if 'ip_access' in line: + conffile.write(line.replace('trusted_network', 'all')) + else: + conffile.write(line) + try: + subprocess.check_output(['ejabberdctl', 'restart']) + except subprocess.CalledProcessError as err: + print('Failed to restart ejabberd with new configuration: %s', err) + + +def subcommand_disable_inband(_): + """Disable inband registration""" + with open(EJABBERD_CONFIG, 'r') as conffile: + lines = conffile.readlines() + with open(EJABBERD_CONFIG, 'w') as conffile: + for line in lines: + if 'ip_access' in line: + conffile.write(line.replace('all', 'trusted_network')) + else: + conffile.write(line) + try: + subprocess.check_output(['ejabberdctl', 'restart']) + except subprocess.CalledProcessError as err: + print('Failed to restart ejabberd with new configuration: %s', err) + + def subcommand_pre_change_hostname(arguments): """Prepare ejabberd for hostname change""" old_hostname = arguments.old_hostname diff --git a/actions/xmpp-setup b/actions/xmpp-setup deleted file mode 100755 index 1e269dfca..000000000 --- a/actions/xmpp-setup +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/sh -# -# This file is part of Plinth. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# - -if grep --quiet "ip_access: all" /etc/ejabberd/ejabberd.yml; then - xmpp_inband_enable=true -else - xmpp_inband_enable=false -fi -xmpp_inband_enable_cur=$xmpp_inband_enable -export xmpp_inband_enable - -if grep --quiet "^auth_method: ldap" /etc/ejabberd/ejabberd.yml; then - ldap_enable=true -else - ldap_enable=false -fi -ldap_enable_cur=$ldap_enable -export ldap_enable - -while [ "$1" ] ; do - arg="$1" - shift - case "$arg" in - inband_enable|noinband_enable) # Not using disable for consistency with other options - if [ 'inband_enable' = "$arg" ] ; then - xmpp_inband_enable=true - else - xmpp_inband_enable=false - fi - export xmpp_inband_enable - ;; - ldap_enable|noldap_enable) - if [ 'ldap_enable' = "$arg" ] ; then - ldap_enable=true - else - ldap_enable=false - fi - export ldap_enable - ;; - status) - printstatus() { - if "$2" ; then - echo "$1" - else - echo no"$1" - fi - } - printstatus inband_enable $xmpp_inband_enable_cur - printstatus ldap_enable $ldap_enable_cur - exit 0 - ;; - *) - ;; - esac -done - -if [ "$xmpp_inband_enable" != "$xmpp_inband_enable_cur" ] ; then - if $xmpp_inband_enable ; then - sed -i s/"ip_access: trusted_network"/"ip_access: all"/ /etc/ejabberd/ejabberd.yml - else - sed -i s/"ip_access: all"/"ip_access: trusted_network"/ /etc/ejabberd/ejabberd.yml - fi - ejabberdctl restart || echo "Failed to restart ejabberd with new configuration." -fi - -if [ "$ldap_enable" != "$ldap_enable_cur" ] ; then - if $ldap_enable ; then - sed -i 's/^auth_method: internal/## auth_method: internal/' /etc/ejabberd/ejabberd.yml - sed -i 's/^## auth_method: ldap/auth_method: ldap/' /etc/ejabberd/ejabberd.yml - sed -i 's/^## ldap_servers:/ldap_servers:\ - - "localhost"/' /etc/ejabberd/ejabberd.yml - sed -i 's/^## ldap_base: .*/ldap_base: "ou=users,dc=thisbox"/' /etc/ejabberd/ejabberd.yml - else - sed -i 's/^## auth_method: internal/auth_method: internal/' /etc/ejabberd/ejabberd.yml - sed -i 's/^auth_method: ldap/## auth_method: ldap/' /etc/ejabberd/ejabberd.yml - fi - ejabberdctl restart || echo "Failed to restart ejabberd with new configuration." -fi diff --git a/plinth/modules/xmpp/xmpp.py b/plinth/modules/xmpp/xmpp.py index 4aa4c5330..dcbba9e3c 100644 --- a/plinth/modules/xmpp/xmpp.py +++ b/plinth/modules/xmpp/xmpp.py @@ -91,7 +91,7 @@ class ConfigureForm(forms.Form): # pylint: disable-msg=W0232 ldap_enabled = forms.BooleanField( label=_('Use LDAP for authentication'), required=False, help_text=_('When enabled, only LDAP users will be able to login to \ -the server')) +the XMPP service')) inband_enabled = forms.BooleanField( label=_('Allow In-Band Registration'), required=False, help_text=_('When enabled, anyone who can reach this server will be \ @@ -123,50 +123,62 @@ def configure(request): def get_status(): """Return the current status""" - output = actions.run('xmpp-setup', ['status']) - return {'inband_enabled': 'inband_enable' in output.split(), - 'ldap_enabled': 'ldap_enable' in output.split()} + output = actions.run('xmpp', ['is-ldap-enabled']) + ldap_enabled = 'True' in output.split() + output = actions.run('xmpp', ['is-inband-enabled']) + inband_enabled = 'True' in output.split() + return {'ldap_enabled': ldap_enabled, + 'inband_enabled': inband_enabled} def _apply_changes(request, old_status, new_status): """Apply the form changes""" logger.info('Status - %s, %s', old_status, new_status) - if old_status['inband_enabled'] == new_status['inband_enabled'] \ - and old_status['ldap_enabled'] == new_status['ldap_enabled']: + setting_changed = False + + if not old_status['ldap_enabled'] and new_status['ldap_enabled']: + setting_changed = True + output = actions.superuser_run('xmpp', ['enable-ldap']) + if 'Failed' in output: + messages.error(request, + _('Error when configuring XMPP server: %s') % + output) + else: + messages.success(request, _('LDAP authentication enabled')) + + elif old_status['ldap_enabled'] and not new_status['ldap_enabled']: + setting_changed = True + output = actions.superuser_run('xmpp', ['disable-ldap']) + if 'Failed' in output: + messages.error(request, + _('Error when configuring XMPP server: %s') % + output) + else: + messages.success(request, _('LDAP authentication disabled')) + + if not old_status['inband_enabled'] and new_status['inband_enabled']: + setting_changed = True + output = actions.superuser_run('xmpp', ['enable-inband']) + if 'Failed' in output: + messages.error(request, + _('Error when configuring XMPP server: %s') % + output) + else: + messages.success(request, _('Inband registration enabled')) + + elif old_status['inband_enabled'] and not new_status['inband_enabled']: + setting_changed = True + output = actions.superuser_run('xmpp', ['disable-inband']) + if 'Failed' in output: + messages.error(request, + _('Error when configuring XMPP server: %s') % + output) + else: + messages.success(request, _('Inband registration disabled')) + + if not setting_changed: messages.info(request, _('Setting unchanged')) - return - - options = [] - - if new_status['inband_enabled']: - options.append('inband_enable') - else: - options.append('noinband_enable') - - if new_status['ldap_enabled']: - options.append('ldap_enable') - else: - options.append('noldap_enable') - - logger.info('Option - %s', options) - output = actions.superuser_run('xmpp-setup', options) - - if 'Failed' in output: - messages.error(request, - _('Error when configuring XMPP server: %s') % - output) - return - - if 'inband_enable' in options: - messages.success(request, _('Inband registration enabled')) - else: - messages.success(request, _('Inband registration disabled')) - - if 'ldap_enable' in options: - messages.success(request, _('LDAP authentication enabled')) - else: - messages.success(request, _('LDAP authentication disabled')) class RegisterForm(forms.Form): # pylint: disable-msg=W0232