public DomainControllerModule()
{
this.RequiresAuthentication();
Post["/dc/setup"] = x => {
foreach (var dir in _directories)
{
var mntDir = Mount.GetDirsPath(dir);
Terminal.Execute($"mkdir -p {mntDir}");
Terminal.Execute($"cp /mnt/livecd{dir} {mntDir}");
Mount.Dir(dir);
}
var domainName = (string)Request.Form.DomainName;
var domainRealmname = (string)Request.Form.DomainRealmname;
var domainHostname = (string)Request.Form.DomainHostname;
var domainHostip = (string)Request.Form.DomainHostip;
var domainAdminPassword = (string)Request.Form.DomainAdminPassword;
if (string.IsNullOrEmpty(domainName) || string.IsNullOrEmpty(domainRealmname) ||
string.IsNullOrEmpty(domainHostname) || string.IsNullOrEmpty(domainHostip) ||
string.IsNullOrEmpty(domainAdminPassword))
{
return(Response.AsText("error: a value is missing. go back."));
}
Terminal.Execute($"samba-tool domain provision --option=\"interfaces = lo br0\" --option=\"bind interfaces only = yes\" --use-rfc2307 --domain={domainName} --realm={domainRealmname} --host-name={domainHostname} --host-ip={domainHostip} --adminpass={domainAdminPassword} --dns-backend=SAMBA_INTERNAL --server-role=dc");
ConsoleLogger.Log($"domain {domainName} created");
if (!Mount.IsAlreadyMounted("/etc/hosts"))
{
Mount.File("/etc/hosts");
}
Terminal.Execute("echo 127.0.0.1 localhost.localdomain localhost > /etc/hosts");
Terminal.Execute($"echo {domainHostip} {domainHostname}.{domainRealmname} {domainHostname} >> /etc/hosts");
if (!Mount.IsAlreadyMounted("/etc/resolv.conf"))
{
Mount.File("/etc/resolv.conf");
}
Terminal.Execute(!File.Exists("/etc/resolv.conf")
? $"echo nameserver {domainHostip} > /etc/resolv.conf"
: $"echo nameserver {domainHostip} >> /etc/resolv.conf");
Terminal.Execute($"echo search {domainRealmname} >> /etc/resolv.conf");
Terminal.Execute($"echo domain {domainRealmname} >> /etc/resolv.conf");
const string sambaRealConf = "/etc/samba/smb.conf";
var sambaConf = $"{Parameter.Resources}/smb.conf.template";
const string workgroup = "$workgroup$";
const string realm = "$realm$";
const string netbiosName = "$netbiosName$";
const string netlogonPath = "$netlogonPath$";
var lowerRealm = domainRealmname.ToLower();
var sambaCnfText = File.ReadAllText(sambaConf)
.Replace(workgroup, domainName.ToUpper())
.Replace(realm, domainRealmname.ToUpper())
.Replace(netbiosName, domainHostname.ToUpper())
.Replace(netlogonPath, $"/var/lib/samba/sysvol/{lowerRealm}/scripts");
if (File.Exists(sambaRealConf))
{
File.Delete(sambaRealConf);
}
File.WriteAllText(sambaRealConf, sambaCnfText);
Terminal.Execute("systemctl restart samba");
Terminal.Execute("mkdir -p /var/lib/samba/private");
var krbConf = $"{Parameter.Resources}/krb5.conf.template";
const string realmAlt = "$realmalt$";
var krbCnfText = File.ReadAllText(krbConf)
.Replace(realmAlt, lowerRealm)
.Replace(realm, domainRealmname.ToUpper());
const string krbRealConf = "/etc/krb5.conf";
if (File.Exists(krbRealConf))
{
File.Delete(krbRealConf);
}
File.WriteAllText(krbRealConf, krbCnfText);
const string krbRealConfSamba = "/var/lib/samba/private/krb5.conf";
if (File.Exists(krbRealConfSamba))
{
File.Delete(krbRealConfSamba);
}
File.WriteAllText(krbRealConfSamba, krbCnfText);
ConsoleLogger.Log($"{domainName} references updated");
return(Response.AsRedirect("/"));
};
Post["/dc/adduser"] = x => {
var domainName = (string)Request.Form.DomainName;
var username = (string)Request.Form.Username;
var userPassword = (string)Request.Form.UserPassword;
if (string.IsNullOrEmpty(domainName) || string.IsNullOrEmpty(userPassword) || string.IsNullOrEmpty(username))
{
return(Response.AsText("error: a value is missing. go back."));
}
Terminal.Execute($"samba-tool user create {username} --password={userPassword} --username={username} --mail-address={username}@{domainName} --given-name={username}");
return(Response.AsRedirect("/"));
};
Post["/dc/cert"] = x => {
var domControllerGuid = (string)Request.Form.DomainControllerGuid;
var domDnsName = (string)Request.Form.DomainDnsName;
var domCrlDistributionPoint = (string)Request.Form.DomainCrlDistributionPoint;
var domCaCountry = (string)Request.Form.DomainCaCountry;
var domCaProvince = (string)Request.Form.DomainCaProvince;
var domCaLocality = (string)Request.Form.DomainCaLocality;
var domCaOrganization = (string)Request.Form.DomainCaOrganization;
var domCaOrganizationalUnit = (string)Request.Form.DomainCaOrganizationalUnit;
var domCaCommonName = (string)Request.Form.DomainCaCommonName;
var domCaEmail = (string)Request.Form.DomainCaEmail;
var domCaPassphrase = (string)Request.Form.DomainCaPassphrase;
CertificateAuthority.DomainControllerCertificate.Create(domCrlDistributionPoint, domControllerGuid, domDnsName, domCaCountry, domCaProvince, domCaLocality, domCaOrganization, domCaOrganizationalUnit, domCaCommonName, domCaEmail, domCaPassphrase);
return(Response.AsRedirect("/"));
};
Post["/sc/cert"] = x => {
var userPrincipalName = (string)Request.Form.UserPrincipalName;
var domainCrlDistributionPoint = (string)Request.Form.DomainCrlDistributionPoint;
var smartCardCaCountry = (string)Request.Form.SmartCardCaCountry;
var smartCardCaProvince = (string)Request.Form.SmartCardCaProvince;
var smartCardCaLocality = (string)Request.Form.SmartCardCaLocality;
var smartCardCaOrganization = (string)Request.Form.SmartCardCaOrganization;
var smartCardCaOrganizationalUnit = (string)Request.Form.SmartCardCaOrganizationalUnit;
var smartCardCaPassphrase = (string)Request.Form.SmartCardCaPassphrase;
CertificateAuthority.SmartCardCertificate.Create(domainCrlDistributionPoint, userPrincipalName, smartCardCaCountry, smartCardCaProvince, smartCardCaLocality, smartCardCaOrganization, smartCardCaOrganizationalUnit, smartCardCaPassphrase);
return(Response.AsRedirect("/"));
};
Post["/ca/cert"] = x => {
var certAssignment = (string)Request.Form.CertAssignment.Value;
var certCountry = (string)Request.Form.CertCountry;
var certProvince = (string)Request.Form.CertProvince;
var certLocality = (string)Request.Form.CertLocality;
var certOrganization = (string)Request.Form.CertOrganization;
var certOrganizationalUnit = (string)Request.Form.CertOrganizationalUnit;
var certCommonName = (string)Request.Form.CertCommonName;
var certEmailAddress = (string)Request.Form.CertEmailAddress;
var certPassphrase = (string)Request.Form.CertPassphrase;
var certKeyLength = (string)Request.Form.CertKeyLength;
var certUserAssignedGuid = (string)Request.Form.CertUserAssignedGuid;
var certServiceAssignedGuid = (string)Request.Form.CertServiceAssignedGuid;
var certServiceAssignedName = (string)Request.Form.CertServiceAssignedName;
CertificateAuthority.Certificate.Create(certCountry, certProvince, certLocality, certOrganization, certOrganizationalUnit, certCommonName, certEmailAddress, certPassphrase, CertificateAssignmentType.Detect(certAssignment), certKeyLength, certUserAssignedGuid, certServiceAssignedGuid, certServiceAssignedName);
return(Response.AsRedirect("/"));
};
}
public CertificateAuthorityModule()
{
this.RequiresAuthentication();
Get["/ca/ssl/status"] = x => Response.AsJson(ApplicationSetting.Ssl());
Post["/ca/ssl/toggle"] = x => {
if (ApplicationSetting.Ssl() == "yes")
{
ApplicationSetting.DisableSsl();
return(Response.AsJson(true));
}
ApplicationSetting.EnableSsl();
return(Response.AsJson(true));
};
Post["/ca/ssl/enable"] = x => {
ApplicationSetting.EnableSsl();
return(Response.AsJson(true));
};
Post["/ca/ssl/disable"] = x => {
ApplicationSetting.DisableSsl();
return(Response.AsJson(true));
};
Post["/ca/setup"] = x => {
var caDirectory = (string)Request.Form.CaDirectory;
var caCountry = (string)Request.Form.CaCountry;
var caProvince = (string)Request.Form.CaProvince;
var caLocality = (string)Request.Form.CaLocality;
var caOrganization = (string)Request.Form.CaOrganization;
var caOrganizationalUnit = (string)Request.Form.CaOrganizationalUnit;
var caCommonName = (string)Request.Form.CaCommonName;
var caEmail = (string)Request.Form.CaEmail;
var caPassphrase = (string)Request.Form.CaPassphrase;
CertificateAuthority.Setup(caDirectory, caPassphrase, caCountry, caProvince, caLocality, caOrganization, caOrganizationalUnit, caCommonName, caEmail);
return(Response.AsJson(true));
};
Post["/ca/certificate/new"] = x => {
var countryName = ((string)Request.Form.CountryName).Length < 1 ? "." : (string)Request.Form.CountryName;
if (countryName.Length > 2)
{
countryName = countryName.Substring(0, 2).ToUpper();
}
var stateProvinceName = ((string)Request.Form.StateProvinceName).Length < 1 ? "." : (string)Request.Form.StateProvinceName;
var localityName = ((string)Request.Form.LocalityName).Length < 1 ? "." : (string)Request.Form.LocalityName;
var organizationName = ((string)Request.Form.OrganizationName).Length < 1 ? "." : (string)Request.Form.OrganizationName;
var organizationalUnitName = ((string)Request.Form.OrganizationalUnitName).Length < 1 ? "." : (string)Request.Form.OrganizationalUnitName;
var commonName = ((string)Request.Form.CommonName).Length < 1 ? "*" : (string)Request.Form.CommonName;
var emailAddress = ((string)Request.Form.EmailAddress).Length < 1 ? "." : (string)Request.Form.EmailAddress;
var password = ((string)Request.Form.Password).Length < 1 ? "" : (string)Request.Form.Password;
var bytesLength = ((string)Request.Form.BytesLength).Length < 1 ? "2048" : (string)Request.Form.BytesLength;
var assignment = ((string)Request.Form.Assignment.Value).Length < 1 ? CertificateAssignment.User : CertificateAssignmentType.Detect((string)Request.Form.Assignment.Value);
var userGuid = ((string)Request.Form.UserGuid).Length < 1 ? "" : (string)Request.Form.UserGuid;
var serviceGuid = ((string)Request.Form.ServiceGuid).Length < 1 ? "" : (string)Request.Form.ServiceGuid;
var serviceAlias = ((string)Request.Form.ServiceAlias).Length < 1 ? "" : (string)Request.Form.ServiceAlias;
CertificateAuthority.Certificate.Create(countryName, stateProvinceName, localityName, organizationName, organizationalUnitName, commonName, emailAddress, password, assignment, bytesLength, userGuid, serviceGuid, serviceAlias);
return(Response.AsRedirect("/"));
};
Get["/ca/certificate/download/{format}/{guid}"] = x => {
var guid = (string)x.guid;
var certificate = CertificateRepository.GetByGuid(guid);
if (certificate == null)
{
return(HttpStatusCode.InternalServerError);
}
string path;
var format = (string)x.format;
switch (format)
{
case "der":
path = certificate.CertificateDerPath;
break;
case "pfx":
path = certificate.CertificatePfxPath;
break;
default:
path = certificate.CertificatePath;
break;
}
var file = new FileStream(path, FileMode.Open);
var fileName = Path.GetFileName(certificate.CertificatePath);
var response = new StreamResponse(() => file, MimeTypes.GetMimeType(fileName));
return(response.AsAttachment(fileName));
};
}
