Skip to content

Commit

Permalink
Authentication improved, JWT support added, CentOs 7 issues fixed in …
Browse files Browse the repository at this point in the history 
…RPM, Update and delete issue fixed for user, security keys added, Vendor folder added to gitignore
  • Loading branch information
@nasirbest
nasirbest committed Dec 16, 2017
1 parent 34c9e2e commit 7eb3d38
Show file tree
Hide file tree
Showing 17 changed files with 597 additions and 77 deletions.
14 changes: 14 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# personal notes
/WORKLOG.md
/TODO.md

# dependencies
/vendor

# IDEs and editors
/.idea
/.vscode

# System Files
.DS_Store
Thumbs.db
31 changes: 29 additions & 2 deletions .spec/ictcore.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -351,19 +351,29 @@ setfacl -d -m g::rw %{core_home}/cache
# enable event support in mysql
grep 'event-scheduler=ON' /etc/my.cnf || sed -i "s/\[mysqld\]/[mysqld]\nevent-scheduler=ON/" /etc/my.cnf
# enable and start cron service
%if %{rhel} < 7
/sbin/chkconfig crond on
/sbin/service crond restart
%else
/usr/bin/systemctl enable crond.service
/usr/bin/systemctl restart crond.service
%endif
# enable and start mysql or mariadb server
%if %{rhel} < 7
/sbin/chkconfig mysqld on
/sbin/service mysqld start
%else
/bin/systemctl enable mariadb.service
/bin/systemctl start mariadb.service
/usr/bin/systemctl enable mariadb.service
/usr/bin/systemctl start mariadb.service
%endif
# enable and start apache server
%if %{rhel} < 7
/sbin/chkconfig httpd on
/sbin/service httpd restart
%else
/usr/bin/systemctl enable httpd.service
/usr/bin/systemctl restart httpd.service
%endif
# configure firewall for web
%if %{rhel} < 7
/sbin/iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT # web
Expand All @@ -374,6 +384,8 @@ grep 'event-scheduler=ON' /etc/my.cnf || sed -i "s/\[mysqld\]/[mysqld]\nevent-sc
/bin/firewall-cmd --zone=public --add-port=443/tcp --permanent # ssl web
/bin/firewall-cmd --reload
%endif
# Finally generate security keys for ictcore
bash /usr/ictcore/bin/keygen

%post voice
# all new data files must be writable for group users
Expand All @@ -398,8 +410,13 @@ setfacl -d -m g::rw %{core_home}/etc/freeswitch/sip_profiles/provider
sed -i 's/<!-- <load module="mod_curl"\/> -->/<load module="mod_curl"\/>/g' \
/etc/freeswitch/autoload_configs/modules.conf.xml
# enable and start freeswitch server
%if %{rhel} < 7
/sbin/chkconfig freeswitch on
/sbin/service freeswitch restart
%else
/usr/bin/systemctl enable freeswitch.service
/usr/bin/systemctl restart freeswitch.service
%endif
# alter firewall for sip
%if %{rhel} < 7
# sip internal profile
Expand Down Expand Up @@ -458,8 +475,13 @@ fi
/bin/firewall-cmd --zone=public --add-port=2775/tcp --permanent # smpp
/bin/firewall-cmd --reload
%endif
%if %{rhel} < 7
/sbin/chkconfig kannel on
/sbin/service kannel restart
%else
/usr/bin/systemctl enable kannel.service
/usr/bin/systemctl restart kannel.service
%endif

%post sendmail
# enable sendmail on public ip address
Expand All @@ -474,8 +496,13 @@ echo "apache" >> /etc/mail/trusted-users
# apply configuration
/etc/mail/make
# enable and start sendmail server
%if %{rhel} < 7
/sbin/chkconfig sendmail on
/sbin/service sendmail restart
%else
/usr/bin/systemctl enable sendmail.service
/usr/bin/systemctl restart sendmail.service
%endif
# alter firewall for smtp
%if %{rhel} < 7
/sbin/iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT # smtp
Expand Down
198 changes: 198 additions & 0 deletions bin/bash-ini-parser
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,198 @@
#
# based on http://theoldschooldevops.com/2008/02/09/bash-ini-parser/
#

PREFIX="cfg_section_"

function debug {
return #abort debug
echo $*
echo --start--
echo "${ini[*]}"
echo --end--
echo
}

function cfg_parser {
shopt -p extglob &> /dev/null
CHANGE_EXTGLOB=$?
if [ $CHANGE_EXTGLOB = 1 ]
then
shopt -s extglob
fi
ini="$(<$1)" # read the file
ini=${ini//$'\r'/} # remove linefeed i.e dos2unix
ini="${ini//[/\\[}" # escape [
debug
ini="${ini//]/\\]}" # escape ]
debug
IFS=$'\n' && ini=( ${ini} ) # convert to line-array
debug
ini=( ${ini[*]//;*/} ) # remove comments with ;
debug
ini=( ${ini[*]/#+([[:space:]])/} ) # remove init whitespace
debug "whitespace around"
ini=( ${ini[*]/*([[:space:]])=*([[:space:]])/=} ) # remove whitespace around =
debug
ini=( ${ini[*]/#\\[/\}$'\n'"$PREFIX"} ) # set section prefix
debug
ini=( ${ini[*]/%\\]/ \(} ) # convert text2function (1)
debug
ini=( ${ini[*]/=/=\( } ) # convert item to array
debug
ini=( ${ini[*]/%/ \)} ) # close array parenthesis
debug
ini=( ${ini[*]/%\\ \)/ \\} ) # the multiline trick
debug
ini=( ${ini[*]/%\( \)/\(\) \{} ) # convert text2function (2)
debug
ini=( ${ini[*]/%\} \)/\}} ) # remove extra parenthesis
ini=( ${ini[*]/%\{/\{$'\n''cfg_unset ${FUNCNAME/#'$PREFIX'}'$'\n'} ) # clean previous definition of section
debug
ini[0]="" # remove first element
debug
ini[${#ini[*]} + 1]='}' # add the last brace
debug
eval "$(echo "${ini[*]}")" # eval the result
EVAL_STATUS=$?
if [ $CHANGE_EXTGLOB = 1 ]
then
shopt -u extglob
fi
return $EVAL_STATUS
}

function cfg_writer {
SECTION=$1
OLDIFS="$IFS"
IFS=' '$'\n'
if [ -z "$SECTION" ]
then
fun="$(declare -F)"
else
fun="$(declare -F $PREFIX$SECTION)"
if [ -z "$fun" ]
then
echo "section $SECTION not found" >2
exit 1
fi
fi
fun="${fun//declare -f/}"
for f in $fun; do
[ "${f#$PREFIX}" == "${f}" ] && continue
item="$(declare -f ${f})"
item="${item##*\{}" # remove function definition
item="${item##*FUNCNAME*$PREFIX\};}" # remove clear section
item="${item/\}}" # remove function close
item="${item%)*}" # remove everything after parenthesis
item="${item});" # add close parenthesis
vars=""
while [ "$item" != "" ]
do
newvar="${item%%=*}" # get item name
vars="$vars $newvar" # add name to collection
item="${item#*;}" # remove readed line
done
eval $f
echo "[${f#$PREFIX}]" # output section
for var in $vars; do
eval 'local length=${#'$var'[*]}' # test if var is an array
if [ $length == 1 ]
then
echo $var=\"${!var}\" #output var
else
echo ";$var is an array" # add comment denoting var is an array
eval 'echo $var=\"${'$var'[*]}\"' # output array var
fi
done
done
IFS="$OLDIFS"
}

function cfg_unset {
SECTION=$1
OLDIFS="$IFS"
IFS=' '$'\n'
if [ -z "$SECTION" ]
then
fun="$(declare -F)"
else
fun="$(declare -F $PREFIX$SECTION)"
if [ -z "$fun" ]
then
echo "section $SECTION not found" >2
return
fi
fi
fun="${fun//declare -f/}"
for f in $fun; do
[ "${f#$PREFIX}" == "${f}" ] && continue
item="$(declare -f ${f})"
item="${item##*\{}" # remove function definition
item="${item##*FUNCNAME*$PREFIX\};}" # remove clear section
item="${item/\}}" # remove function close
item="${item%)*}" # remove everything after parenthesis
item="${item});" # add close parenthesis
vars=""
while [ "$item" != "" ]
do
newvar="${item%%=*}" # get item name
vars="$vars $newvar" # add name to collection
item="${item#*;}" # remove readed line
done
for var in $vars; do
unset $var
done
done
IFS="$OLDIFS"
}

function cfg_clear {
SECTION=$1
OLDIFS="$IFS"
IFS=' '$'\n'
if [ -z "$SECTION" ]
then
fun="$(declare -F)"
else
fun="$(declare -F $PREFIX$SECTION)"
if [ -z "$fun" ]
then
echo "section $SECTION not found" >2
exit 1
fi
fi
fun="${fun//declare -f/}"
for f in $fun; do
[ "${f#$PREFIX}" == "${f}" ] && continue
unset -f ${f}
done
IFS="$OLDIFS"
}

function cfg_update {
SECTION=$1
VAR=$2
OLDIFS="$IFS"
IFS=' '$'\n'
fun="$(declare -F $PREFIX$SECTION)"
if [ -z "$fun" ]
then
echo "section $SECTION not found" >2
exit 1
fi
fun="${fun//declare -f/}"
item="$(declare -f ${fun})"
#item="${item##* $VAR=*}" # remove var declaration
item="${item/\}}" # remove function close
item="${item}
$VAR=(${!VAR})
"
item="${item}
}" # close function again

eval "function $item"
}


# vim: filetype=sh
48 changes: 48 additions & 0 deletions bin/keygen
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#!/usr/bin/env bash


#** Configure Internal security keys *
#**********************************************************

# generate a security key pair for internal use (between nodes)
cd /usr/ictcore/etc/ssh
if [ -f ib_node ]; then
echo "ICTCore security keys already exist! skipping."
exit 0
fi
# rm -rf ib_node ib_node.pub ib_node.crt ib_node.pem

#** Load configurations for ICTCore *
#**********************************************************
source ../../bin/bash-ini-parser
cfg_parser ../ictcore.conf
cfg_section_company
company_name=$name
cfg_section_website
company_host=$host

cat > ib_node.cfg <<EOF
[req]
distinguished_name = req_distinguished_name
prompt = no
[req_distinguished_name]
CN=$company_host
O=$company_name
[ext]
basicConstraints=CA:TRUE
EOF

openssl genrsa -out ib_node 1024 > /dev/null
openssl rsa -in ib_node -pubout -out ib_node.pub >> /dev/null
openssl req -batch -new -config ib_node.cfg -key ib_node -out ib_node.csr > /dev/null
openssl x509 -req -days 365 -in ib_node.csr -signkey ib_node -out ib_node.crt > /dev/null
cat ib_node > ib_node.pem
cat ib_node.crt >> ib_node.pem
rm -rf ib_node.csr ib_node.cfg

# repeat next command for each available node to store ssh identity of all nodes into known_hosts
ssh-keyscan -H localhost >> known_hosts
chown -R ictcore:ictcore /usr/ictcore/etc/ssh
chmod 700 /usr/ictcore/etc/ssh
chmod 600 /usr/ictcore/etc/ssh/*
4 changes: 4 additions & 0 deletions cache/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Ignore everything in this directory
*
# Except this file
!.gitignore
3 changes: 2 additions & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@
"nategood/httpful": "^0.2.20",
"aza/thread": "^1.1",
"twig/twig": "^1.35",
"jacwright/restserver": "dev-master"
"jacwright/restserver": "dev-master",
"firebase/php-jwt": "^5.0"
},
"autoload": {
"psr-4": {
Expand Down
Loading

0 comments on commit 7eb3d38

Please sign in to comment.