Merge branch 'master' of https://github.com/LibrIT/passhport

LibrIT · Jun 28, 2019 · 342fe78 · 342fe78
2 parents 3e416ba + cdd49e4
commit 342fe78
Show file tree

Hide file tree

Showing 6 changed files with 80 additions and 90 deletions.
diff --git a/docs/installation-and-configuration/installation-on-debian.rst b/docs/installation-and-configuration/installation-on-debian.rst
@@ -1,17 +1,17 @@
-Installation on Debian 8 or 9
-=============================
+Installation on Debian 8, 9 or 10
+=================================
 
-The followings shows you how to install and run PaSSHport on Debian 8 (Jessie) or 9 (Stretch). We start from a minimal installation of Debian (available `here <http://www.debian.org>`__), **with openssh-server and curl** packages installed.
+The followings shows you how to install and run PaSSHport on Debian 8 (Jessie), 9 (Stretch) or 10 (Buster). We start from a minimal installation of Debian (available `here <http://www.debian.org>`__), **with openssh-server and curl** packages installed.
 
 The easy, automated way
 -----------------------
-You can review the installation script `here <https://raw.githubusercontent.com/Raphux/passhport/master/tools/passhport-install-script-debian-8-9.sh>`__.
+You can review the installation script `here <https://raw.githubusercontent.com/LibrIT/passhport/master/tools/passhport-install-script-debian.sh>`__.
 
 You can run it directly from command line ( please ensure that curl is installed : ``apt install curl`` ):
 
 .. code-block:: none
 
-  root@debian9:~# bash <(curl -s https://raw.githubusercontent.com/librit/passhport/master/tools/passhport-install-script-debian-8-9.sh)
+  root@debian:~# bash <(curl -s https://raw.githubusercontent.com/librit/passhport/master/tools/passhport-install-script-debian.sh)
 
 Once finished, you can go to the `Getting Started <getting-started.html>`_ chapter.
 
@@ -25,84 +25,73 @@ First of all, we’ll need to update your repositories :
 
 .. code-block:: none
 
-  root@debian9:~# apt update
+  root@debian:~# apt update
 
 We will install python3-pip, and other packages that we’ll need later for this tutorial (it will get ~+100MB from the archives, so be patient) :
 
 .. code-block:: none
 
-  root@debian9:~# apt install python3-pip git openssl
+  root@debian:~# apt install python3-pip git openssl virtualenv libpython3-dev
 
-Let’s update pip :
-
-.. code-block:: none
-
-  root@debian9:~# pip3 install -U pip
-
-Now, install virtual-env using pip :
+Next we will need to add a system user called « passhport », and switch to it :
 
 .. code-block:: none
 
-  root@debian9:~# pip3 install virtualenv
+  root@debian:~# useradd --home-dir /home/passhport --shell /bin/bash --create-home passhport
+  root@debian:~# su - passhport
+  passhport@debian:~$
 
-Next we will need to add a system user called « passhport », and switch to it :
+Let’s get passhport sources from github :
 
 .. code-block:: none
 
-  root@debian9:~# useradd --home-dir /home/passhport --shell /bin/bash --create-home passhport
-  root@debian9:~# su - passhport
-  passhport@debian9:~$
+  passhport@debian:~$ git clone http://github.com/LibrIT/passhport.git
+  Clonage dans 'passhport'...
+  remote: Counting objects: 2713, done.
+  remote: Compressing objects: 100% (50/50), done.
+  remote: Total 2713 (delta 19), reused 0 (delta 0), pack-reused 2661
+  Réception d'objets: 100% (2713/2713), 482.76 KiB | 396.00 KiB/s, fait.
+  Résolution des deltas: 100% (1633/1633), fait.
+  passhport@debian:~$
 
 We now need to create a virtual-env for passhport user :
 
 .. code-block:: none
 
-  passhport@debian9:~$ virtualenv -p python3 passhport-run-env
+  passhport@debian:~$ virtualenv -p python3 passhport-run-env
 
 Now that we have our virtual-env, we install the python’s modules we’ll need for PaSSHport :
 
 .. code-block:: none
 
-  passhport@debian9:~$ /home/passhport/passhport-run-env/bin/pip install sqlalchemy-migrate flask-migrate requests docopt configparser tabulate flask-login ldap3 psutil
+  passhport@debian:~$ /home/passhport/passhport-run-env/bin/pip install -r /home/passhport/passhport/requirements.txt
 
 Now, let’s start the real thing…
 
-Let’s get passhport sources from github :
-
-.. code-block:: none
-
-  passhport@debian9:~$ git clone http://github.com/LibrIT/passhport.git
-  Clonage dans 'passhport'...
-  remote: Counting objects: 2713, done.
-  remote: Compressing objects: 100% (50/50), done.
-  remote: Total 2713 (delta 19), reused 0 (delta 0), pack-reused 2661
-  Réception d'objets: 100% (2713/2713), 482.76 KiB | 396.00 KiB/s, fait.
-  Résolution des deltas: 100% (1633/1633), fait.
-  passhport@debian9:~$
 
 PaSSHport will need to write some logs, so, as root, we’ll create a directory in « /var/log », and give the ownership to the « passhport » user:
 
 .. code-block:: none
 
-  root@debian9:~# mkdir -p /var/log/passhport/
-  root@debian9:~# chown passhport:passhport /var/log/passhport/
+  root@debian:~# mkdir -p /var/log/passhport/
+  root@debian:~# chown passhport:passhport /var/log/passhport/
 
 We’ll also create the config directory, and copy the differents config file :
 
 .. code-block:: none
 
-  root@debian9:~# mkdir /etc/passhport
-  root@debian9:~# cp /home/passhport/passhport/passhport/passhport.ini /etc/passhport/.
-  root@debian9:~# cp /home/passhport/passhport/passhport-admin/passhport-admin.ini /etc/passhport/.
-  root@debian9:~# cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/.
+  root@debian:~# mkdir /etc/passhport
+  root@debian:~# cp /home/passhport/passhport/passhport/passhport.ini /etc/passhport/.
+  root@debian:~# cp /home/passhport/passhport/passhport-admin/passhport-admin.ini /etc/passhport/.
+  root@debian:~# cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/.
 
 We’ll also need to make some modifications in those config file, if you run passhportd on a distant server. Here we’ll change the default listening address (localhost) to the real IP of our server.
 
 First, passhportd :
 
 .. code-block:: none
 
-  root@debian9:~# vim /etc/passhport/passhportd.ini
+  root@debian:~# vim /etc/passhport/passhportd.ini
 
 Change the « LISTENING_IP » parameter, to the IP address of your server :
 
@@ -137,17 +126,17 @@ Change the following parameter in /etc/passhport/passhport.ini and /etc/passhpor
 
 ``PASSHPORTD_HOSTNAME = 192.168.122.56``
 
-We’ll need ssh publickey, so we generate an 4096 bits RSA key:
+We’ll need ssh publickey, so we generate a 4096 bits RSA key (keys lengh can be longer):
 
 .. code-block:: none
 
-  root@debian9:~# su - passhport
-  passhport@debian9:~$ ssh-keygen -t rsa -b 4096 -N "" -f "/home/passhport/.ssh/id_rsa"
+  root@debian:~# su - passhport
+  passhport@debian:~$ ssh-keygen -t rsa -b 4096 -N "" -f "/home/passhport/.ssh/id_rsa"
   Generating public/private rsa key pair.
   Your identification has been saved in /home/passhport/.ssh/id_rsa.
   Your public key has been saved in /home/passhport/.ssh/id_rsa.pub.
   The key fingerprint is:
-  SHA256:0o6jkepqr2Phz0AKmLGRZh6PeVexP2gf5CGNPd+ksQ passhport@debian9
+  SHA256:0o6jkepqr2Phz0AKmLGRZh6PeVexP2gf5CGNPd+ksQ passhport@debian
   The key's randomart image is:
   +---[RSA 4096]----+
   | .    ....       |
@@ -160,20 +149,20 @@ We’ll need ssh publickey, so we generate an 4096 bits RSA key:
   | =o. o .         |
   |++B+.            |
   +----[SHA256]-----+
-  passhport@debian9:~$
+  passhport@debian:~$
 
 This will be the key that’ll be use by PaSSHport to connect to your hosts. You can also generate a ECDSA key if you wish :
 
 .. code-block:: none
 
-  passhport@debian9:~$ ssh-keygen -t ecdsa -b 521 -N "" -f "/home/passhport/.ssh/id_ecdsa"
+  passhport@debian:~$ ssh-keygen -t ecdsa -b 521 -N "" -f "/home/passhport/.ssh/id_ecdsa"
 
 Again as root, let’s make the directory that’ll contains the database (because we use SQLite for this tutorial) :
 
 .. code-block:: none
 
-  root@debian9:~# mkdir -p /var/lib/passhport
-  root@debian9:~# chown -R passhport:passhport /var/lib/passhport/
+  root@debian:~# mkdir -p /var/lib/passhport
+  root@debian:~# chown -R passhport:passhport /var/lib/passhport/
 
 … then we’ll have to change 3 paramaters in the passhportd config file (as root, edit «/etc/passhport/passhportd.ini») :
 
@@ -187,22 +176,22 @@ Now we can create the database and check that it has correcly been created:
 
 .. code-block:: none
 
-  root@debian9:~# su - passhport
-  passhport@debian9:~$ /home/passhport/passhport-run-env/bin/python /home/passhport/passhport/passhportd/db_create.py
-  passhport@debian9:~$ ls -la /var/lib/passhport/
+  root@debian:~# su - passhport
+  passhport@debian:~$ /home/passhport/passhport-run-env/bin/python /home/passhport/passhport/passhportd/db_create.py
+  passhport@debian:~$ ls -la /var/lib/passhport/
   total 172
   drwxr-xr-x  3 passhport passhport   4096 févr. 28 16:10 .
   drwxr-xr-x 25 root      root        4096 févr. 28 15:37 ..
   -rw-r--r--  1 passhport passhport 159744 févr. 28 16:10 app.db
   drwxr-xr-x  4 passhport passhport   4096 févr. 28 16:10 db_repository
-  passhport@debian9:~$
+  passhport@debian:~$
 
 We’ll now need to create the certificate to secure the API. First, create the directory in which will be key and the cert, and make the directory rwx for passport only :
 
 .. code-block:: none
 
-  passhport@debian9:~$ mkdir /home/passhport/certs
-  passhport@debian9:~$ chmod 700 /home/passhport/certs
+  passhport@debian:~$ mkdir /home/passhport/certs
+  passhport@debian:~$ chmod 700 /home/passhport/certs
 
 Create the RSA key :
 
@@ -253,41 +242,41 @@ Once executed, you’ll have a cert file next to the key file :
 
 .. code-block:: none
 
-  passhport@debian9:~$ ls -la /home/passhport/certs/
+  passhport@debian:~$ ls -la /home/passhport/certs/
   total 16
   drwx------ 2 passhport passhport 4096 févr. 28 18:00 .
   drwxr-xr-x 8 passhport passhport 4096 févr. 28 17:46 ..
   -rw-r--r-- 1 passhport passhport 2171 févr. 28 18:00 cert.pem
   -rw------- 1 passhport passhport 3243 févr. 28 16:11 key.pem
-  passhport@debian9:~$
+  passhport@debian:~$
 
 As root, create some symlink to the two main *binaries*, passhportd and passhport-admin, so you can access it without typing full path :
 
 .. code-block:: none
 
-  root@debian9:~# ln -s /home/passhport/passhport/tools/passhportd.sh /usr/bin/passhportd
-  root@debian9:~# ln -s /home/passhport/passhport/tools/passhport-admin.sh /usr/bin/passhport-admin
+  root@debian:~# ln -s /home/passhport/passhport/tools/passhportd.sh /usr/bin/passhportd
+  root@debian:~# ln -s /home/passhport/passhport/tools/passhport-admin.sh /usr/bin/passhport-admin
 
 We now create the systemd service, and enables *passhportd* on startup :
 
 .. code-block:: none
 
-  root@debian9:~# cp /home/passhport/passhport/tools/passhportd.service /etc/systemd/system/passhportd.service
-  root@debian9:~# systemctl daemon-reload
-  root@debian9:~# systemctl enable passhportd
+  root@debian:~# cp /home/passhport/passhport/tools/passhportd.service /etc/systemd/system/passhportd.service
+  root@debian:~# systemctl daemon-reload
+  root@debian:~# systemctl enable passhportd
 
 And now, we’re ready to go, just launch passhportd daemon :
 
 .. code-block:: none
 
-  root@debian9:~# systemctl start passhportd
+  root@debian:~# systemctl start passhportd
 
 You can check that passhportd is running, by curling the IP you previously configured in */etc/passhport/passhportd.ini*, on port 5000 :
 
 .. code-block:: none
 
-  root@debian9:~# curl -s --insecure https://192.168.122.56:5000
+  root@debian:~# curl -s --insecure https://192.168.122.56:5000
   passhportd is running, gratz!
-  root@debian9:~#
+  root@debian:~#
 
 Bravo ! You successfully installed PaSSHport. You may now go to the `Getting Started <getting-started.html>`_ chapter.
diff --git a/passhportd/app/models_mod/targetgroup.py b/passhportd/app/models_mod/targetgroup.py
@@ -79,7 +79,7 @@ def simplejson(self):
         output = "{\n"
 
         output = output + "\"Name\": \"" + format(self.name) + "\",\n"
-        output = output + "\"Comment\": \"" + format(self.comment) + "\",\n"
+        output = output + "\"Comment\": \"" + format(self.comment) + "\"\n"
         output = output + "}"
 
         return output
@@ -109,7 +109,7 @@ def prepare_delete(self):
             self.tgadmins.pop()
 
         return self
-    
+
 
     # User management
     def is_members(self, user):
@@ -288,7 +288,7 @@ def accessible_target_list(self, parsed_targetgroups = None, style="object"):
                                             style = "object"):
                     if target not in targets:
                         targets.append(target)
-        # Return target objects or names depending of the style                
+        # Return target objects or names depending of the style
         if style == "names":
             targetnames = []
             for target in targets:
@@ -386,7 +386,7 @@ def addtargetgroup(self, targetgroup):
         """Add a targetgroup to the relaton table"""
         if not self.is_tgmembers(targetgroup) and not self == targetgroup:
             self.tgmembers.append(targetgroup)
-        else: 
+        else:
             return False
 
         return self
@@ -410,7 +410,7 @@ def memberof(self, obj):
                     members.append(targetgroup)
         else:
             return "Error in object type"
-            
+
         ret = "["
         for m in members:
             ret = ret + m.name + ","
@@ -456,11 +456,11 @@ def all_targetgroupname_list(self, parsed_targetgroups = None):
         return targetgroupnames
 
     def show_targets(self, indentation):
-        """Return a formated list of the targets that the targetgroup 
+        """Return a formated list of the targets that the targetgroup
         provides
         """
         listing = []
-        
+
         indent = ""
         for i in range(indentation):
             indent = indent + "    "

diff --git a/passhportd/app/models_mod/user.py b/passhportd/app/models_mod/user.py
@@ -66,7 +66,7 @@ def simplejson(self):
                           format(self.show_sshkeyhash()) + "\",\n"
         output = output + "\"logfilesize\": \"" + \
                           format(self.show_logfilesize()) + "\",\n"
-        output = output + "\"comment\": \"" + format(self.comment) + "\",\n"
+        output = output + "\"comment\": \"" + format(self.comment) + "\"\n"
         output = output + "}"
 
         return output

diff --git a/passhportd/app/models_mod/usergroup.py b/passhportd/app/models_mod/usergroup.py
@@ -71,7 +71,7 @@ def simplejson(self):
         output = output + "\"Name\": \"" + format(self.name) + "\",\n"
         output = output + "\"Comment\": \"" + format(self.comment) + "\",\n"
         output = output + "\"Directsize\": \"" + format(str(directsize)) + "\",\n"
-        output = output + "\"Totalsize\": \"" + format(str(totalsize)) + "\",\n"
+        output = output + "\"Totalsize\": \"" + format(str(totalsize)) + "\"\n"
         output = output + "}"
 
         return output
@@ -80,7 +80,7 @@ def simplejson(self):
     def show_name(self):
         """Return a string containing the usergroup's name"""
         return self.name
-    
+
 
     def show_comment(self):
         """Return a string containing the usergroup's comment"""
@@ -189,7 +189,7 @@ def all_username_list(self, parsed_usergroups = []):
         """
         usernames = self.username_list()
 
-        # Recursive on groups: 
+        # Recursive on groups:
         # we list all usernames but we never parse a group twice
         # to avoid cirular issues.
         for usergroup in self.gmembers:
@@ -217,7 +217,7 @@ def memberof(self, obj):
                     members.append(usergroup)
         else:
             return "Error in object type"
-            
+
         ret = "["
         for m in members:
             ret = ret + m.name + ","
@@ -278,7 +278,7 @@ def all_usergroupname_list(self, parsed_usergroups = []):
         in the usergroup
         """
         usergroupnames = self.usergroupname_list() # ["G1","G2"]
- 
+
         # Recursive on usergroups:
         # we list all usergroups but we never parse a group twice
         # to avoid cirular issues.
@@ -356,7 +356,7 @@ def accessible_target_list(self, checked_usergroups = [], mode="string"):
                 checked_usergroups.append(usergroup)
                 for target in usergroup.accessible_target_list(checked_usergroups):
                     if target not in self.targets:
-                        if mode == "string": 
+                        if mode == "string":
                             accessible_targets.append(target.name)
                         else:
                             accessible_targets.append(target)
@@ -377,7 +377,7 @@ def show_targets(self, indentation):
         """Return all targets the group gives access
         First the targets with this group attached
         Then targets from targetgroups with this group attached
-        Then targets from groups with this group attached 
+        Then targets from groups with this group attached
         Finally We relaunch this on the groups with this groups attached
         """
         listing = []

diff --git a/passhportd/passhportd.ini b/passhportd/passhportd.ini
@@ -42,5 +42,5 @@ PYTHON_PATH      = /home/passhport/passhport-run-env/bin/python3
 OPEN_ACCESS_PATH = /home/passhport/passhwall.sh
 
 [MISC]
-# Maximum log file size in Mb
+# Maximum log file size in MB
 MAXLOGSIZE = 5