From 8b8b511237ee3390a73dd918310898307c006619 Mon Sep 17 00:00:00 2001 From: Serghei MIHAI Date: Tue, 24 Mar 2015 00:43:52 +0100 Subject: [PATCH] initial debian packaging --- changelog | 5 + compat | 1 + control | 24 +++++ debian_config.py | 24 +++++ nginx-example.conf | 58 ++++++++++++ python-u-auth.dirs | 1 + python-u-auth.docs | 2 + python-u-auth.install | 2 + rules | 7 ++ schema/radius.ldif | 214 ++++++++++++++++++++++++++++++++++++++++++ settings.py | 17 ++++ source/format | 1 + u-auth-manage | 25 +++++ u-auth.dirs | 7 ++ u-auth.docs | 3 + u-auth.init | 193 +++++++++++++++++++++++++++++++++++++ u-auth.install | 4 + u-auth.postinst | 45 +++++++++ 18 files changed, 633 insertions(+) create mode 100644 changelog create mode 100644 compat create mode 100644 control create mode 100644 debian_config.py create mode 100644 nginx-example.conf create mode 100644 python-u-auth.dirs create mode 100644 python-u-auth.docs create mode 100644 python-u-auth.install create mode 100755 rules create mode 100644 schema/radius.ldif create mode 100644 settings.py create mode 100644 source/format create mode 100644 u-auth-manage create mode 100644 u-auth.dirs create mode 100644 u-auth.docs create mode 100644 u-auth.init create mode 100644 u-auth.install create mode 100644 u-auth.postinst diff --git a/changelog b/changelog new file mode 100644 index 0000000..570291c --- /dev/null +++ b/changelog @@ -0,0 +1,5 @@ +uauth (0.0.1-1) unstable; urgency=low + + * source package automatically created by stdeb 0.8.2 + + -- Serghei Mihai Tue, 24 Mar 2015 00:42:56 +0100 diff --git a/compat b/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +9 diff --git a/control b/control new file mode 100644 index 0000000..c0054d9 --- /dev/null +++ b/control @@ -0,0 +1,24 @@ +Source: u-auth +Maintainer: Serghei Mihai +Section: python +Priority: optional +Build-Depends: python-setuptools (>= 0.6b3), python-all (>= 2.6.6-3), debhelper (>= 9) +Standards-Version: 3.9.1 +X-Python-Version: >= 2.7 + +Package: python-u-auth +Architecture: all +Depends: ${misc:Depends}, ${python:Depends}, + python-requests, + python-gadjo, python-ldap, + python-django (>=1.7), + python-unidecode, python-django-mellon +Description: Captive portal in the Cloud (Python-module) + +Package: u-auth +Architecture: all +Depends: ${misc:Depends}, + python-u-auth (= ${binary:Version}), + gunicorn +Recommends: nginx, postgresql +Description: Captive potail in the Cloud diff --git a/debian_config.py b/debian_config.py new file mode 100644 index 0000000..bc8f2c2 --- /dev/null +++ b/debian_config.py @@ -0,0 +1,24 @@ +# This file is sourced by "execfile" from u-auth.settings + +import os + +from django.conf import global_settings + +DEBUG = False +TEMPLATE_DEBUG = False + +PROJECT_NAME = 'u-auth' + +EMAIL_SUBJECT_PREFIX = '[%s] ' % PROJECT_NAME + +ETC_DIR = '/etc/%s' % PROJECT_NAME +VAR_DIR = '/var/lib/%s' % PROJECT_NAME + +# collecstatic destination +STATIC_ROOT = os.path.join(VAR_DIR, 'collectstatic') + +SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') + +SECRET_KEY = file('/etc/%s/secret' % PROJECT_NAME).read() + +execfile(os.path.join(ETC_DIR, 'settings.py')) diff --git a/nginx-example.conf b/nginx-example.conf new file mode 100644 index 0000000..37a51a8 --- /dev/null +++ b/nginx-example.conf @@ -0,0 +1,58 @@ +server { + listen 443; + server_name u-auth.example.org; + + ssl on; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + + access_log /var/log/nginx/u-auth.example.org-access.log combined; + error_log /var/log/nginx/u-auth.example.org-error.log; + + location ~ ^/static/(.+)$ { + root /; + try_files /var/lib/u-auth/static/$1 + /var/lib/u-auth/collectstatic/$1 + =404; + } + + location ~ ^/media/(.+)$ { + alias /var/lib/u-auth/media/$1; + } + + location / { + proxy_pass http://unix:/var/run/u-auth/u-auth.sock; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Protocol ssl; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + +server { + listen 80; + server_name u-auth.example.org; + + access_log /var/log/nginx/u-auth.example.org-access.log combined; + error_log /var/log/nginx/u-auth.example.org-error.log; + + location ~ ^/static/(.+)$ { + root /; + try_files /var/lib/u-auth/static/$1 + /var/lib/u-auth/collectstatic/$1 + =404; + } + + location ~ ^/media/(.+)$ { + alias /var/lib/u-auth/media/$1; + } + + location / { + proxy_pass http://unix:/var/run/u-auth/u-auth.sock; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} \ No newline at end of file diff --git a/python-u-auth.dirs b/python-u-auth.dirs new file mode 100644 index 0000000..a08cbbc --- /dev/null +++ b/python-u-auth.dirs @@ -0,0 +1 @@ +/usr/lib/u-auth diff --git a/python-u-auth.docs b/python-u-auth.docs new file mode 100644 index 0000000..ccea8df --- /dev/null +++ b/python-u-auth.docs @@ -0,0 +1,2 @@ +COPYING +README \ No newline at end of file diff --git a/python-u-auth.install b/python-u-auth.install new file mode 100644 index 0000000..dfc926c --- /dev/null +++ b/python-u-auth.install @@ -0,0 +1,2 @@ +usr/bin/manage.py /usr/lib/u-auth +usr/lib/python2*/*-packages diff --git a/rules b/rules new file mode 100755 index 0000000..263a654 --- /dev/null +++ b/rules @@ -0,0 +1,7 @@ +#!/usr/bin/make -f + +# This file was automatically generated by stdeb 0.8.2 at +# Tue, 24 Mar 2015 00:42:56 +0100 +%: + dh $@ --with python2 + diff --git a/schema/radius.ldif b/schema/radius.ldif new file mode 100644 index 0000000..c0152bb --- /dev/null +++ b/schema/radius.ldif @@ -0,0 +1,214 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 283edc8d +# Put this file to /etc/ldap/schema/ and then execute the following +# comand to add this schema: +# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/radius.ldif +dn: cn=radius,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: radius +olcAttributeTypes: {0}( 1.3.6.1.4.1.3317.4.3.1.1 NAME 'radiusArapFeatures' D + ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN + GLE-VALUE ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.3317.4.3.1.2 NAME 'radiusArapSecurity' D + ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN + GLE-VALUE ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.3317.4.3.1.3 NAME 'radiusArapZoneAccess' + DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S + INGLE-VALUE ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.3317.4.3.1.44 NAME 'radiusAuthType' DESC + 'checkItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {4}( 1.3.6.1.4.1.3317.4.3.1.4 NAME 'radiusCallbackId' DES + C 'replyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {5}( 1.3.6.1.4.1.3317.4.3.1.5 NAME 'radiusCallbackNumber' + DESC 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {6}( 1.3.6.1.4.1.3317.4.3.1.6 NAME 'radiusCalledStationId + ' DESC 'checkItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {7}( 1.3.6.1.4.1.3317.4.3.1.7 NAME 'radiusCallingStationI + d' DESC 'checkItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {8}( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' DESC 're + plyItem: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 ) +olcAttributeTypes: {9}( 1.3.6.1.4.1.3317.4.3.1.45 NAME 'radiusClientIPAddres + s' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) +olcAttributeTypes: {10}( 1.3.6.1.4.1.3317.4.3.1.9 NAME 'radiusFilterId' DESC + 'replyItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 ) +olcAttributeTypes: {11}( 1.3.6.1.4.1.3317.4.3.1.10 NAME 'radiusFramedAppleTa + lkLink' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {12}( 1.3.6.1.4.1.3317.4.3.1.11 NAME 'radiusFramedAppleTa + lkNetwork' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA + 5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {13}( 1.3.6.1.4.1.3317.4.3.1.12 NAME 'radiusFramedAppleTa + lkZone' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {14}( 1.3.6.1.4.1.3317.4.3.1.13 NAME 'radiusFramedCompres + sion' DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {15}( 1.3.6.1.4.1.3317.4.3.1.14 NAME 'radiusFramedIPAddre + ss' DESC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {16}( 1.3.6.1.4.1.3317.4.3.1.15 NAME 'radiusFramedIPNetma + sk' DESC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {17}( 1.3.6.1.4.1.3317.4.3.1.16 NAME 'radiusFramedIPXNetw + ork' DESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {18}( 1.3.6.1.4.1.3317.4.3.1.17 NAME 'radiusFramedMTU' DE + SC 'replyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {19}( 1.3.6.1.4.1.3317.4.3.1.18 NAME 'radiusFramedProtoco + l' DESC 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {20}( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute' + DESC 'replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 ) +olcAttributeTypes: {21}( 1.3.6.1.4.1.3317.4.3.1.20 NAME 'radiusFramedRouting + ' DESC 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {22}( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName' DE + SC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {23}( 1.3.6.1.4.1.3317.4.3.1.47 NAME 'radiusHint' DESC '' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA + LUE ) +olcAttributeTypes: {24}( 1.3.6.1.4.1.3317.4.3.1.48 NAME 'radiusHuntgroupName + ' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +olcAttributeTypes: {25}( 1.3.6.1.4.1.3317.4.3.1.21 NAME 'radiusIdleTimeout' + DESC 'replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {26}( 1.3.6.1.4.1.3317.4.3.1.22 NAME 'radiusLoginIPHost' + DESC 'replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 ) +olcAttributeTypes: {27}( 1.3.6.1.4.1.3317.4.3.1.23 NAME 'radiusLoginLATGroup + ' DESC 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {28}( 1.3.6.1.4.1.3317.4.3.1.24 NAME 'radiusLoginLATNode' + DESC 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {29}( 1.3.6.1.4.1.3317.4.3.1.25 NAME 'radiusLoginLATPort' + DESC 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {30}( 1.3.6.1.4.1.3317.4.3.1.26 NAME 'radiusLoginLATServi + ce' DESC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {31}( 1.3.6.1.4.1.3317.4.3.1.27 NAME 'radiusLoginService' + DESC 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {32}( 1.3.6.1.4.1.3317.4.3.1.28 NAME 'radiusLoginTCPPort' + DESC 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {33}( 1.3.6.1.4.1.3317.4.3.1.29 NAME 'radiusPasswordRetry + ' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) +olcAttributeTypes: {34}( 1.3.6.1.4.1.3317.4.3.1.30 NAME 'radiusPortLimit' DE + SC 'replyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {35}( 1.3.6.1.4.1.3317.4.3.1.49 NAME 'radiusProfileDn' DE + SC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE ) +olcAttributeTypes: {36}( 1.3.6.1.4.1.3317.4.3.1.31 NAME 'radiusPrompt' DESC + '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- + VALUE ) +olcAttributeTypes: {37}( 1.3.6.1.4.1.3317.4.3.1.50 NAME 'radiusProxyToRealm' + DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S + INGLE-VALUE ) +olcAttributeTypes: {38}( 1.3.6.1.4.1.3317.4.3.1.51 NAME 'radiusReplicateToRe + alm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 SINGLE-VALUE ) +olcAttributeTypes: {39}( 1.3.6.1.4.1.3317.4.3.1.52 NAME 'radiusRealm' DESC ' + ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V + ALUE ) +olcAttributeTypes: {40}( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType' + DESC 'replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {41}( 1.3.6.1.4.1.3317.4.3.1.33 NAME 'radiusSessionTimeou + t' DESC 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {42}( 1.3.6.1.4.1.3317.4.3.1.34 NAME 'radiusTerminationAc + tion' DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {43}( 1.3.6.1.4.1.3317.4.3.1.35 NAME 'radiusTunnelAssignm + entId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26 ) +olcAttributeTypes: {44}( 1.3.6.1.4.1.3317.4.3.1.36 NAME 'radiusTunnelMediumT + ype' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +olcAttributeTypes: {45}( 1.3.6.1.4.1.3317.4.3.1.37 NAME 'radiusTunnelPasswor + d' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) +olcAttributeTypes: {46}( 1.3.6.1.4.1.3317.4.3.1.38 NAME 'radiusTunnelPrefere + nce' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +olcAttributeTypes: {47}( 1.3.6.1.4.1.3317.4.3.1.39 NAME 'radiusTunnelPrivate + GroupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26 ) +olcAttributeTypes: {48}( 1.3.6.1.4.1.3317.4.3.1.40 NAME 'radiusTunnelServerE + ndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26 ) +olcAttributeTypes: {49}( 1.3.6.1.4.1.3317.4.3.1.41 NAME 'radiusTunnelType' D + ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {50}( 1.3.6.1.4.1.3317.4.3.1.42 NAME 'radiusVSA' DESC '' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {51}( 1.3.6.1.4.1.3317.4.3.1.43 NAME 'radiusTunnelClientE + ndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26 ) +olcAttributeTypes: {52}( 1.3.6.1.4.1.3317.4.3.1.53 NAME 'radiusSimultaneousU + se' DESC 'checkItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +olcAttributeTypes: {53}( 1.3.6.1.4.1.3317.4.3.1.54 NAME 'radiusLoginTime' DE + SC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING + LE-VALUE ) +olcAttributeTypes: {54}( 1.3.6.1.4.1.3317.4.3.1.55 NAME 'radiusUserCategory' + DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S + INGLE-VALUE ) +olcAttributeTypes: {55}( 1.3.6.1.4.1.3317.4.3.1.56 NAME 'radiusStripUserName + ' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {56}( 1.3.6.1.4.1.3317.4.3.1.57 NAME 'dialupAccess' DESC + '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- + VALUE ) +olcAttributeTypes: {57}( 1.3.6.1.4.1.3317.4.3.1.58 NAME 'radiusExpiration' D + ESC 'checkItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {58}( 1.3.6.1.4.1.3317.4.3.1.59 NAME 'radiusCheckItem' DE + SC 'checkItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.26 ) +olcAttributeTypes: {59}( 1.3.6.1.4.1.3317.4.3.1.60 NAME 'radiusReplyItem' DE + SC 'replyItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.26 ) +olcAttributeTypes: {60}( 1.3.6.1.4.1.3317.4.3.1.61 NAME 'radiusNASIpAddress' + DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S + INGLE-VALUE ) +olcAttributeTypes: {61}( 1.3.6.1.4.1.3317.4.3.1.62 NAME 'radiusReplyMessage' + DESC 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 ) +olcObjectClasses: {0}( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' DESC '' + SUP top AUXILIARY MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $ + radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNu + mber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiu + sClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFrame + dAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ r + adiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ rad + iusFramedMTU $ radiusFramedProtocol $ radiusCheckItem $ radiusReplyItem $ r + adiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupNam + e $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGr + oup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ rad + iusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetr + y $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ rad + iusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStri + pUserName $ radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusPr + ofileDn $ radiusSimultaneousUse $ radiusTunnelAssignmentId $ radiusTunnelMe + diumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPriv + ateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCate + gory $ radiusVSA $ radiusExpiration $ dialupAccess $ radiusNASIpAddress $ r + adiusReplyMessage ) ) +olcObjectClasses: {1}( 1.3.6.1.4.1.3317.4.3.2.2 NAME 'radiusObjectProfile' D + ESC 'A Container Objectclass to be used for creating radius profile object' + SUP top STRUCTURAL MUST cn MAY ( uid $ userPassword $ description ) ) + diff --git a/settings.py b/settings.py new file mode 100644 index 0000000..c44906e --- /dev/null +++ b/settings.py @@ -0,0 +1,17 @@ +DEBUG = False +TEMPLATE_DEBUG = False + +ALLOWED_HOSTS = [ + '*', +] + +LANGUAGE_CODE = 'fr-fr' +TIME_ZONE = 'Europe/Paris' + +# LDAP_CONF = { +# 'url': 'ldap://localhost', +# 'bind_dn': 'cn=admin,dc=dev,dc=entrouvert,dc=org', +# 'options': {}, +# 'bind_passwd': 'changeme', +# 'dn': 'ou=users,dc=dev,dc=entrouvert,dc=org', +# } diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/u-auth-manage b/u-auth-manage new file mode 100644 index 0000000..df24db4 --- /dev/null +++ b/u-auth-manage @@ -0,0 +1,25 @@ +#!/bin/sh + +NAME=u-auth +MANAGE=/usr/lib/$NAME/manage.py + +# load Debian default configuration +export COMBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py + +# check user +if test x$1 = x"--forceuser" +then + shift +elif test $(id -un) != "$NAME" +then + echo "error: must use $0 with user ${NAME}" + exit 1 +fi + +if test $# -eq 0 +then + python ${MANAGE} help + exit 1 +fi + +python ${MANAGE} "$@" \ No newline at end of file diff --git a/u-auth.dirs b/u-auth.dirs new file mode 100644 index 0000000..8cd65ed --- /dev/null +++ b/u-auth.dirs @@ -0,0 +1,7 @@ +/etc/u-auth +/usr/lib/u-auth +/var/lib/u-auth/collectstatic +/var/lib/u-auth/static +/var/lib/u-auth/templates +/var/lib/u-auth/media +/var/log/u-auth \ No newline at end of file diff --git a/u-auth.docs b/u-auth.docs new file mode 100644 index 0000000..68b8457 --- /dev/null +++ b/u-auth.docs @@ -0,0 +1,3 @@ +COPYING +README +debian/nginx-example.conf diff --git a/u-auth.init b/u-auth.init new file mode 100644 index 0000000..c65c99a --- /dev/null +++ b/u-auth.init @@ -0,0 +1,193 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: u-auth +# Required-Start: $network $local_fs +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Captive portal in the Cloud +# Description: Captive portal in the Cloud +### END INIT INFO + +# Author: Entr'ouvert + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Captive portal in the Cloud" +NAME=u-auth +DAEMON=/usr/bin/gunicorn +RUN_DIR=/run/$NAME +PIDFILE=$RUN_DIR/$NAME.pid +LOG_DIR=/var/log/$NAME +SCRIPTNAME=/etc/init.d/$NAME +BIND=unix:$RUN_DIR/$NAME.sock +WORKERS=5 +TIMEOUT=30 + +UAUTH_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py +MANAGE_SCRIPT="/usr/bin/$NAME-manage" + +USER=$NAME +GROUP=$NAME + +# Exit if the package is not installed +[ -x $MANAGE_SCRIPT ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +DAEMON_ARGS=${DAEMON_ARGS:-"--pid $PIDFILE \ +--user $USER --group $GROUP \ +--daemon \ +--access-logfile $LOG_DIR/gunicorn-access.log \ +--log-file $LOG_DIR/gunicorn-error.log \ +--bind=$BIND \ +--workers=$WORKERS \ +--worker-class=sync \ +--timeout=$TIMEOUT \ +--name $NAME \ +$NAME.wsgi:application"} + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# Create /run directory +if [ ! -d $RUN_DIR ]; then + install -d -m 755 -o $USER -g $GROUP $RUN_DIR +fi + +# environment for wsgi +export UAUTH_SETTINGS_FILE + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON` + return 0 +} + +do_migrate() { + log_action_msg "Applying migrations (migrate_schemas).." + su $USER -p -c "$MANAGE_SCRIPT migrate_schemas" + log_action_msg "done" +} + +do_collectstatic() { + log_action_msg "Collect static files (collectstatic).." + su $USER -p -c "$MANAGE_SCRIPT collectstatic --noinput" + log_action_msg "done" +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC " "$NAME" + do_migrate + do_collectstatic + do_start + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + log_daemon_msg "Reloading $DESC" "$NAME" + do_collectstatic + do_migrate + do_reload + log_end_msg $? + ;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_migrate + do_collectstatic + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac \ No newline at end of file diff --git a/u-auth.install b/u-auth.install new file mode 100644 index 0000000..2f56b91 --- /dev/null +++ b/u-auth.install @@ -0,0 +1,4 @@ +debian/u-auth-manage /usr/bin +debian/settings.py /etc/u-auth +debian/debian_config.py /usr/lib/u-auth +debian/schema /usr/lib/u-auth \ No newline at end of file diff --git a/u-auth.postinst b/u-auth.postinst new file mode 100644 index 0000000..0aa67ca --- /dev/null +++ b/u-auth.postinst @@ -0,0 +1,45 @@ +#! /bin/sh + +set -e + +NAME="u-auth" +USER=$NAME +GROUP=$NAME +CONFIG_DIR="/etc/$NAME" + +case "$1" in + configure) + + # make sure the administrative user exists + if ! getent passwd $USER >/dev/null; then + adduser --disabled-password --quiet --system \ + --no-create-home --home /var/lib/$NAME \ + --gecos "$NAME user" --group $USER + fi + # ensure dirs ownership + chown $USER:$GROUP /var/log/$NAME + chown $USER:$GROUP /var/lib/$NAME/collectstatic + chown $USER:$GROUP /var/lib/$NAME/static + chown $USER:$GROUP /var/lib/$NAME/media + # create a secret file + SECRET_FILE=$CONFIG_DIR/secret + if [ ! -f $SECRET_FILE ]; then + echo -n "Generating Django secret..." >&2 + cat /dev/urandom | tr -dc [:alnum:]-_\!\%\^:\; | head -c70 > $SECRET_FILE + chown root:$GROUP $SECRET_FILE + chmod 0440 $SECRET_FILE + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 \ No newline at end of file