Merge pull request #20 from VultureProject/dev

Release 1.78
VultureProject · Feb 23, 2021 · 5d73c4c · 5d73c4c
2 parents 1122812 + 14985a9
commit 5d73c4c
Show file tree

Hide file tree

Showing 9 changed files with 147 additions and 7 deletions.
diff --git a/gui/models/application_settings.py b/gui/models/application_settings.py
@@ -2172,7 +2172,14 @@ def delete_sso_profile(self, login):
         """ Delete SSOProfiles associated to a login and to the principal repository 
         Can raise an exception if failure
         """
-        sso_profiles_app = json.loads(self.sso_profile)
+        if self.sso_forward == "basic":
+            sso_profiles_app = [{'type': "learn", 'name': "basic_username;vlt;", 'asked_name': "username"},
+                                {'type': "learn_secret", 'name': "basic_password;vlt;", 'asked_name': "password"}]
+        elif self.sso_forward == "kerberos":
+            sso_profiles_app = [{'type': "learn", 'name': "kerberos_username;vlt;", 'asked_name': "username"},
+                                {'type': "learn_secret", 'name': "kerberos_password;vlt;", 'asked_name': "password"}]
+        else:
+            sso_profiles_app = json.loads(self.sso_profile)
         auth_backend = self.getAuthBackend()
         for sso_profile_app in sso_profiles_app:
             if sso_profile_app['type'] in ("learn", "learn_secret"):

diff --git a/gui/models/ssl_certificate.py b/gui/models/ssl_certificate.py
@@ -268,7 +268,7 @@ def write_certificate(self):
                     f.write(rsa_key)
 
                 with open("%shaproxy/Certificate-%s.pem" % (settings.CONF_DIR, self.id), 'w') as f:
-                    f.write(rsa_key)
+                    f.write(str(self.key))
                     f.write('\n')
                     f.write(self.cert)
                     # FIXME

diff --git a/gui/views/application.py b/gui/views/application.py
@@ -664,6 +664,13 @@ def edit(request, object_id=None):
             if application.type == "balanced":
                 application.private_uri = "{}://{}".format(application.proxy_balancer.members[0].uri_type, application.proxy_balancer.members[0].uri)
 
+            if application.sso_enabled:
+                if application.sso_forward == "basic":
+                    application.sso_profile = json.dumps([{'type': "learn", 'name': "basic_username;vlt;", 'asked_name': "username"},
+                                {'type': "learn_secret", 'name': "basic_password;vlt;", 'asked_name': "password"}])
+                elif application.sso_forward == "kerberos":
+                    application.sso_profile = json.dumps([{'type': "learn", 'name': "kerberos_username;vlt;", 'asked_name': "username"},
+                                {'type': "learn_secret", 'name': "kerberos_password;vlt;", 'asked_name': "password"}])
 
             # Check if api_call to reload rsyslogd is needed
             if old_app:

diff --git a/vulture_toolkit/auth/ldap_client.py b/vulture_toolkit/auth/ldap_client.py
@@ -671,10 +671,11 @@ def test_group_search(self, group_name):
             group_info = self.search_group(group_name)
             if group_info:
                 for group in group_info:
-                    response['groups'].append({
-                        'group_dn': group[0],
-                        'group_members': group[1].get(self.group_member_attr.lower(), [])
-                    })
+                    if group[0]:
+                        response['groups'].append({
+                            'group_dn': group[0],
+                            'group_members': group[1].get(self.group_member_attr.lower(), [])
+                        })
             response['status'] = True
         except Exception as e:
             logger.exception(e)

diff --git a/vulture_toolkit/log/log_utils.py b/vulture_toolkit/log/log_utils.py
@@ -227,5 +227,5 @@ def delete_logs(self):
         self.client.delete_logs(lastDate)
 
         lastDate = (datetime.datetime.now() - datetime.timedelta(days=30))
-        [m.delete() for m in Monitor.objects.get(time__lt=lastDate)]
+        [m.delete() for m in Monitor.objects(time__lt=lastDate)]
         return True
diff --git a/vulture_toolkit/update_api/update_scripts/GUI-1.78/0_reload_haproy_certs.py b/vulture_toolkit/update_api/update_scripts/GUI-1.78/0_reload_haproy_certs.py
@@ -0,0 +1,51 @@
+#!/home/vlt-gui/env/bin/python
+# coding:utf-8
+
+"""This file is part of Vulture 3.
+
+Vulture 3 is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Vulture 3 is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with Vulture 3.  If not, see http://www.gnu.org/licenses/.
+"""
+__author__ = "Kevin Guillemot"
+__credits__ = []
+__license__ = "GPLv3"
+__version__ = "3.0.0"
+__maintainer__ = "Vulture Project"
+__email__ = "[email protected]"
+__doc__ = """This migration script rewrite HAProxy certificates on disk """
+
+import os
+import sys
+
+sys.path.append('/home/vlt-gui/vulture')
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", 'vulture.settings')
+
+import django
+django.setup()
+
+from gui.models.network_settings import Loadbalancer
+from gui.models.ssl_certificate import SSLCertificate
+
+
+if __name__ == '__main__':
+
+    # If HAProxy used
+    if Loadbalancer.objects.count() == 0:
+        print("No load-balancer configured.")
+        sys.exit(0)
+
+    for cert in SSLCertificate.objects():
+        cert.write_certificate()
+        print("Cert {} reloaded".format(cert.name))
+
+    print("Certificates reloaded")
diff --git a/vulture_toolkit/update_api/update_scripts/GUI-1.78/1_maj_haproxy.sh b/vulture_toolkit/update_api/update_scripts/GUI-1.78/1_maj_haproxy.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# This migration script install newest Vulture-LIBS package
+#
+#
+
+. /etc/rc.conf
+
+if [ "$http_proxy" != "" ]
+then
+    export https_proxy="http://$http_proxy"
+    export http_proxy="http://$http_proxy"
+fi
+
+/usr/sbin/pkg upgrade -y haproxy || echo "[!] Failed to upgrade HAProxy - Please do this manually using 'pkg upgrade -y haproxy'"
diff --git a/vulture_toolkit/update_api/update_scripts/GUI-1.78/fix_mongodb_crontab.sh b/vulture_toolkit/update_api/update_scripts/GUI-1.78/fix_mongodb_crontab.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# This migration script install newest Vulture-LIBS package
+#
+#
+
+. /etc/rc.conf
+
+cat - << EOF > /etc/rc.conf.d/mongod
+mongod_poststart()
+{
+    if [ -f \${pidfile} ]; then
+        (chgrp vlt-sys \${pidfile} && chmod g+r \${pidfile})  || return 1
+    fi
+    return 0
+}
+start_postcmd="mongod_poststart"
+EOF
+
+echo "[+] Restarting Mongodb to take changes ..."
+/usr/sbin/service mongod restart
+echo "[*] Done"
diff --git a/vulture_toolkit/update_api/update_scripts/GUI-1.78/maj_vulture-LIBS.sh b/vulture_toolkit/update_api/update_scripts/GUI-1.78/maj_vulture-LIBS.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# This migration script install newest Vulture-LIBS package
+#
+#
+
+. /etc/rc.conf
+
+if [ "$http_proxy" != "" ]
+then
+    export https_proxy="http://$http_proxy"
+    export http_proxy="http://$http_proxy"
+fi
+
+cd /tmp
+
+/bin/echo "[+] Updating Vulture-LIBS from branch \"$1\"..."
+/bin/rm -f /tmp/Vulture-LIBS.tar.gz
+
+bsd_version=$(/usr/bin/uname -r | /usr/bin/cut -d '-' -f 1)
+url="https://download.vultureproject.org/v3/$bsd_version$1/Vulture-LIBS.tar.gz"
+
+/bin/echo -n "[+] Downloading from '$url' ..."
+/usr/local/bin/wget --no-check-certificate $url >>/tmp/installation.log 2>&1
+/bin/echo "DONE"
+
+cd /home/vlt-gui
+/bin/rm -rf ./env
+/usr/bin/tar xf /tmp/Vulture-LIBS.tar.gz
+/usr/sbin/chown -R vlt-gui:vlt-gui /home/vlt-gui/
+
+/bin/echo -n "[+] Installing Vulture libraries ..."
+/bin/sh "/home/vlt-gui/lib-$bsd_version/install.sh"
+/bin/echo "OK"
+
+/bin/echo "[*] Update of Vulture-LIBS ended"
+