mirror of
https://github.com/outbackdingo/sysadm.git
synced 2026-01-27 10:20:26 +00:00
Fix up all the file paths and such needed for sysadm-bridge to function. Now it should be usable when run either as root or as a user.
This commit is contained in:
Ken Moore
@@ -52,7 +52,7 @@ void BridgeServer::sendMessage(QString toID, QString msg){
|
||||
bool BridgeServer::setupWebSocket(quint16 port){
|
||||
//SSL Configuration
|
||||
QSslConfiguration config = QSslConfiguration::defaultConfiguration();
|
||||
QFile CF( QStringLiteral(SSLCERTFILE) );
|
||||
QFile CF( SSLFILEDIR +"/"+SSLCERTFILE );
|
||||
if(CF.open(QIODevice::ReadOnly) ){
|
||||
QSslCertificate CERT(&CF,QSsl::Pem);
|
||||
config.setLocalCertificate( CERT );
|
||||
@@ -60,7 +60,7 @@ bool BridgeServer::setupWebSocket(quint16 port){
|
||||
}else{
|
||||
qWarning() << "Could not read WS certificate file:" << CF.fileName();
|
||||
}
|
||||
QFile KF( QStringLiteral(SSLKEYFILE));
|
||||
QFile KF( SSLFILEDIR +"/"+SSLKEYFILE );
|
||||
if(KF.open(QIODevice::ReadOnly) ){
|
||||
QSslKey KEY(&KF, QSsl::Rsa, QSsl::Pem);
|
||||
config.setPrivateKey( KEY );
|
||||
|
||||
@@ -32,8 +32,8 @@
|
||||
|
||||
// SSL Version/File defines
|
||||
#define SSLVERSION QSsl::TlsV1_0OrLater
|
||||
#define SSLCERTFILE "/usr/local/etc/sysadm/bridgeserver.crt"
|
||||
#define SSLKEYFILE "/usr/local/etc/sysadm/bridgeserver.key"
|
||||
#define SSLCERTFILE QString("bridgeserver.crt")
|
||||
#define SSLKEYFILE QString("bridgeserver.key")
|
||||
|
||||
#define SETTINGSFILE "/var/db/sysadm-bridge.ini"
|
||||
|
||||
@@ -42,4 +42,4 @@
|
||||
|
||||
extern QSettings* CONFIG;
|
||||
extern AuthorizationManager* AUTHSYSTEM;
|
||||
|
||||
extern QString SSLFILEDIR;
|
||||
|
||||
@@ -14,8 +14,9 @@
|
||||
#define USELOG 1 //turn this to "0" for dumping all output to the CLI (for debugging)
|
||||
|
||||
//Create any global classes/settings
|
||||
QSettings *CONFIG = new QSettings("sysadm","bridge");
|
||||
QSettings *CONFIG = 0;
|
||||
AuthorizationManager *AUTHSYSTEM = new AuthorizationManager();
|
||||
QString SSLFILEDIR;
|
||||
|
||||
//Create the default logfile
|
||||
QFile logfile;
|
||||
@@ -61,7 +62,9 @@ qDebug() << " \"blacklist/fails_to_block\" (integer): Number of times a syste
|
||||
|
||||
int main( int argc, char ** argv )
|
||||
{
|
||||
qDebug() << "Using Config file:" << CONFIG->fileName();
|
||||
if(getuid() != 0){ CONFIG = new QSettings("sysadm","bridge"); SSLFILEDIR=CONFIG->fileName().section("/",0,-2); }
|
||||
else{ CONFIG = new QSettings("/var/db/sysadm-bridge.ini", QSettings::IniFormat); SSLFILEDIR="/usr/local/etc/sysadm"; }
|
||||
qDebug() << "Using Config file:" << CONFIG->fileName() << "SSL FILE DIR:" << SSLFILEDIR;
|
||||
//Evaluate input arguments
|
||||
quint16 port = 12149; //port number
|
||||
bool settingchange = false;
|
||||
@@ -84,11 +87,13 @@ int main( int argc, char ** argv )
|
||||
else if( QString(argv[i])=="-import_ssl_file" && i+2<argc){
|
||||
i++; QString id = QString(argv[i]);
|
||||
i++; QFile file(argv[i]);
|
||||
settingchange=true;
|
||||
if(!file.open(QIODevice::ReadOnly)){ qDebug() << "Could not open file:" << file.fileName(); }
|
||||
else{
|
||||
QString enc_key;
|
||||
if(file.fileName().endsWith(".crt")){ QSslCertificate cert(&file); enc_key = QString(cert.publicKey().toPem().toBase64()); }
|
||||
else if(file.fileName().endsWith(".key")){ QSslKey key(&file); enc_key = QString(key.toPem().toBase64()); }
|
||||
file.close();
|
||||
if(enc_key.isEmpty()){ qDebug() << "Could not read key (need .crt or .key file)"; }
|
||||
else{
|
||||
qDebug() << "Registered Key:" << id << enc_key << "(base64)";
|
||||
@@ -97,7 +102,7 @@ int main( int argc, char ** argv )
|
||||
CONFIG->setValue("RegisteredCerts/"+id+"/"+enc_key, "Date Registered: "+QDateTime::currentDateTime().toString(Qt::ISODate) );
|
||||
}
|
||||
}
|
||||
settingchange=true;
|
||||
|
||||
// -------------------------
|
||||
}else if( QString(argv[i])=="-import_ssl_pubkey" && i+2<argc){
|
||||
i++; QString id = QString(argv[i]);
|
||||
@@ -133,8 +138,8 @@ int main( int argc, char ** argv )
|
||||
|
||||
//Setup the log file
|
||||
if(USELOG){
|
||||
logfile.setFileName("/var/log/sysadm-bridge.log");
|
||||
if(DEBUG){ qDebug() << "Log File:" << logfile.fileName(); }
|
||||
logfile.setFileName(SSLFILEDIR+"/sysadm-bridge.log");
|
||||
qDebug() << "Log File:" << logfile.fileName();
|
||||
if(QFile::exists(logfile.fileName()+".old")){ QFile::remove(logfile.fileName()+".old"); }
|
||||
if(logfile.exists()){ QFile::rename(logfile.fileName(), logfile.fileName()+".old"); }
|
||||
//Make sure the parent directory exists
|
||||
|
||||
@@ -4,12 +4,20 @@
|
||||
|
||||
ssl_keygen()
|
||||
{
|
||||
if [ ! -d "/usr/local/etc/sysadm" ] ; then
|
||||
mkdir -p /usr/local/etc/sysadm
|
||||
#Determine where the files should be placed (based on user)
|
||||
if [ `id -u` != "0" ] ; then
|
||||
DIR="${XDG_CONFIG_HOME}/sysadm"
|
||||
else
|
||||
DIR="/usr/local/etc/sysadm"
|
||||
fi
|
||||
#Now ensure the dir exists
|
||||
if [ ! -d "${DIR}" ] ; then
|
||||
mkdir -p ${DIR}
|
||||
fi
|
||||
#Now create the key/crt files
|
||||
openssl req -x509 -nodes -newkey rsa:2048 \
|
||||
-keyout /usr/local/etc/sysadm/bridgeserver.key \
|
||||
-out /usr/local/etc/sysadm/bridgeserver.crt -days 1024 \
|
||||
-keyout ${DIR}/bridgeserver.key \
|
||||
-out ${DIR}/bridgeserver.crt -days 1024 \
|
||||
-subj "/C=US/ST=MY/L=NULL/O=SysAdm/OU=SysAdm/CN=SysAdm/emailAddress=none@example.org" 2>/dev/null
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user