Added fdc.in.

diff --git a/sources/fdc.in/c3d/firstboot/scripts/01_setupnetworking.sh b/sources/fdc.in/c3d/firstboot/scripts/01_setupnetworking.sh
new file mode 100755 (executable)
index 0000000..b10faf1
--- /dev/null
+++ b/sources/fdc.in/c3d/firstboot/scripts/01_setupnetworking.sh
@@ -0,0 +1,79 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+CYCLES_WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+    if [ $CYCLES_WAITED -ge 10 ]
+    then
+        exit 1
+    fi
+    if [ $CYCLES_WAITED -eq 0 ]
+    then
+        echo -n "Waiting for NetworkManager"
+    fi
+    echo -n .
+    sleep 1
+    CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+    systemctl --quiet is-active NetworkManager.service
+    NM_RC=$?
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+# wait for one/the network connection to come up
+CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+                            | grep --invert-match ':$' | wc -l)
+CYCLES_WAITED=0
+while [ $CONNECTION_DEVICES_UP -lt 1 ]
+do
+    if [ $CYCLES_WAITED -ge 10 ]
+    then
+        nmcli connection show
+        exit 1
+    fi
+    if [ $CYCLES_WAITED -eq 0 ]
+    then
+        echo -n "Waiting for the network connection"
+    fi
+    echo -n .
+    sleep 1
+    CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+    CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+                                | grep --invert-match ':$' | wc -l)
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+if [ $CONNECTIONS -ne 1 ]
+then
+    echo "Number of connections: $CONNECTIONS" >&2
+    exit 1
+fi
+
+CONNECTION_LINE=$(nmcli --terse connection show)
+CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':')
+
+nmcli connection delete uuid "$CONNECTION_UUID"
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id internal \
+    connection.interface-name $CONNECTION_DEVICE \
+    connection.type 802-3-ethernet \
+    ipv4.addresses "10.228.109.67/16" \
+    ipv4.dns "10.228.109.159, 10.228.92.159" \
+    ipv4.dns-search "in.useribm.hu" \
+    ipv4.gateway "10.228.109.254" \
+    ipv4.method "manual" \
+    ipv6.addresses "2a02:d400:0000:f268:000c:18ff:fe03:6d43/64" \
+    ipv6.dns "2a02:d400:0000:f268:000c:18ff:fe03:6d9f, 2a02:d400:0000:f268:000c:18ff:fe03:5c9f" \
+    ipv6.dns-search "in.useribm.hu" \
+    ipv6.gateway "2a02:d400:0000:f268:000c:18ff:fe03:6dfe" \
+    ipv6.method "manual" \
+    save yes
+
+nmcli connection show

diff --git a/sources/fdc.in/c3d/firstboot/scripts/02_settimezone.sh b/sources/fdc.in/c3d/firstboot/scripts/02_settimezone.sh
new file mode 100755 (executable)
index 0000000..20b2a71
--- /dev/null
+++ b/sources/fdc.in/c3d/firstboot/scripts/02_settimezone.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+    if [ $WAITED -eq 0 ]
+    then
+        echo -n "Waiting for dbus.service"
+    fi
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active dbus.service
+    DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest

diff --git a/sources/fdc.in/c3d/firstboot/scripts/10_setupdc.sh b/sources/fdc.in/c3d/firstboot/scripts/10_setupdc.sh
new file mode 100755 (executable)
index 0000000..d1b6549
--- /dev/null
+++ b/sources/fdc.in/c3d/firstboot/scripts/10_setupdc.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+
+REAL_PATH=$(realpath $(dirname $0))
+
+
+authselect select sssd with-mkhomedir --force
+
+echo "URI ldaps://fds.useribm.hu/" >>/etc/openldap/ldap.conf
+echo "BASE dc=user,dc=hu" >>/etc/openldap/ldap.conf

diff --git a/sources/fdc.in/c3d/firstboot/scripts/20_setupletsencrypt.sh b/sources/fdc.in/c3d/firstboot/scripts/20_setupletsencrypt.sh
new file mode 100755 (executable)
index 0000000..019bbd0
--- /dev/null
+++ b/sources/fdc.in/c3d/firstboot/scripts/20_setupletsencrypt.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+
+/usr/local/bin/getletsencrypt.sh

diff --git a/sources/fdc.in/c3d/firstboot/scripts/30_setuphttpd.sh b/sources/fdc.in/c3d/firstboot/scripts/30_setuphttpd.sh
new file mode 100755 (executable)
index 0000000..6a3a230
--- /dev/null
+++ b/sources/fdc.in/c3d/firstboot/scripts/30_setuphttpd.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+
+if [ -d /etc/letsencrypt/live/useribm ]
+then
+    for ORIG_FILE in /etc/httpd/conf.d/*.le
+    do
+        CONF_FILE=$(echo $ORIG_FILE | sed 's/^\(.*\)\.le$/\1/')
+        echo "Moving $ORIG_FILE to $CONF_FILE"
+        mv $ORIG_FILE $CONF_FILE
+    done
+    cp --archive \
+       /usr/lib/python3.10/site-packages/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf \
+       /etc/letsencrypt/options-ssl-apache.conf
+    systemctl enable httpd.service
+    systemctl start httpd.service
+fi

diff --git a/sources/fdc.in/c3d/firstboot/scripts/90_setupservices.sh b/sources/fdc.in/c3d/firstboot/scripts/90_setupservices.sh
new file mode 100755 (executable)
index 0000000..be4d925
--- /dev/null
+++ b/sources/fdc.in/c3d/firstboot/scripts/90_setupservices.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+
+systemctl enable oddjobd.service
+systemctl start oddjobd.service
+systemctl enable sssd.service
+systemctl start sssd.service
+
+systemctl enable NetworkManager-wait-online.service
+systemctl start NetworkManager-wait-online.service
+
+systemctl enable logrotate.timer
+systemctl start logrotate.timer

diff --git a/sources/fdc.in/c3d/mode.txt b/sources/fdc.in/c3d/mode.txt
new file mode 100644 (file)
index 0000000..396fc87
--- /dev/null
+++ b/sources/fdc.in/c3d/mode.txt
@@ -0,0 +1,9 @@
+# mode file (relative to /c3d)
+755 firstboot/scripts/*.sh
+440 postinstall/install-data/etc/ssh/ssh_host_*_key
+444 postinstall/install-data/etc/ssh/ssh_host_*_key.pub
+600 postinstall/install-data/etc/ssh/sshd_config.d/*.conf
+600 postinstall/install-data/etc/sssd/sssd.conf
+755 postinstall/install-data/usr/local/bin/*.py
+755 postinstall/install-data/usr/local/bin/*.sh
+755 postinstall/scripts/*.sh

diff --git a/sources/fdc.in/c3d/owner.txt b/sources/fdc.in/c3d/owner.txt
new file mode 100644 (file)
index 0000000..ea1bd74
--- /dev/null
+++ b/sources/fdc.in/c3d/owner.txt
@@ -0,0 +1,2 @@
+# owner file (relative to /c3d)
+root.ssh_keys postinstall/install-data/etc/ssh/ssh_host_*_key

diff --git a/sources/fdc.in/c3d/postinstall/install-data/etc/httpd/conf.d/fdc.443.conf.le b/sources/fdc.in/c3d/postinstall/install-data/etc/httpd/conf.d/fdc.443.conf.le
new file mode 100644 (file)
index 0000000..67d5497
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/etc/httpd/conf.d/fdc.443.conf.le
@@ -0,0 +1,26 @@
+WSGISocketPrefix run/wsgi
+
+<VirtualHost *:443>
+    ServerName fdc.useribm.hu
+    ServerAdmin siteadmin@useribm.hu
+    DocumentRoot "/var/www/htdocs.443"
+
+    SSLCertificateFile /etc/letsencrypt/live/useribm/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/useribm/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    <Directory /var/www/htdocs.443>
+        DirectoryIndex index.xhtml
+        #Options FollowSymLinks Indexes
+        #IndexOptions Charset=UTF-8 NameWidth=*
+        <RequireAny>
+            Require all granted
+        </RequireAny>
+    </Directory>
+
+    DavLockDB /var/www/htdocs.443/dav/lock
+
+    WSGIDaemonProcess was.443 processes=1 threads=1 maximum-requests=10000 shutdown-timeout=5
+    WSGIProcessGroup was.443
+    WSGIScriptAlias /passwordchange /var/www/htdocs.443/wsgi/passwordchange.wsgi
+</VirtualHost>

diff --git a/sources/fdc.in/c3d/postinstall/install-data/etc/httpd/conf.d/fdc.80.conf b/sources/fdc.in/c3d/postinstall/install-data/etc/httpd/conf.d/fdc.80.conf
new file mode 100644 (file)
index 0000000..10fb4c9
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/etc/httpd/conf.d/fdc.80.conf
@@ -0,0 +1,6 @@
+<VirtualHost *:80>
+    ServerName fdc.useribm.hu
+    ServerAdmin siteadmin@useribm.hu
+
+    Redirect permanent / https://fdc.useribm.hu/
+</VirtualHost>

diff --git a/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key
new file mode 100644 (file)
index 0000000..638ee69
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAe9DNoJPhMNt1ZHK9XsR1u9OST5FAcoHL9MVXarEDo3wAAAIj/fKw7/3ys
+OwAAAAtzc2gtZWQyNTUxOQAAACAe9DNoJPhMNt1ZHK9XsR1u9OST5FAcoHL9MVXarEDo3w
+AAAEDLDS0ZQeg6RdoS0O7UBBRL7eV2UR+WAt0vo6ICnCnDch70M2gk+Ew23Vkcr1exHW70
+5JPkUBygcv0xVdqsQOjfAAAAAAECAwQF
+-----END OPENSSH PRIVATE KEY-----

diff --git a/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key-cert.pub b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key-cert.pub
new file mode 100644 (file)
index 0000000..8905808
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key-cert.pub
@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIDKU1Qv0xVQsBXFkQ7BLNDz41lny8emxGrAhdTvAWt/tAAAAIB70M2gk+Ew23Vkcr1exHW705JPkUBygcv0xVdqsQOjfAAAAAAAAAAAAAAACAAAADmZkYy51c2VyaWJtLmh1AAAAEgAAAA5mZGMudXNlcmlibS5odQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIEXYIIzrUSx8/BQ6/ttkSr5oEyB5F5Yg4bp1DOkqDON9AAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDPGYtr8L8QZkualco2Bhh2oT8QpU9IDvAdnSBp5kEpdpksiL2j/8YUUZ/E1fys2Tk/Q/eoyb31K6peYuiOjAAK ssh_host_ed25519_key.pub

diff --git a/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key.pub b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key.pub
new file mode 100644 (file)
index 0000000..a0fa061
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB70M2gk+Ew23Vkcr1exHW705JPkUBygcv0xVdqsQOjf 

diff --git a/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-host-cert.conf b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-host-cert.conf
new file mode 100644 (file)
index 0000000..173b545
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-host-cert.conf
@@ -0,0 +1 @@
+HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub

diff --git a/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-user-CA.conf b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-user-CA.conf
new file mode 100644 (file)
index 0000000..115882b
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-user-CA.conf
@@ -0,0 +1 @@
+TrustedUserCAKeys /etc/ssh/trusted-user-ca.keys

diff --git a/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/trusted-user-ca.keys b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/trusted-user-ca.keys
new file mode 100644 (file)
index 0000000..84d19e3
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/etc/ssh/trusted-user-ca.keys
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcf/XXU8dNVtbveGmwbdnRJfYIItzxKmgRkzlp0k6r5 user-CA

diff --git a/sources/fdc.in/c3d/postinstall/install-data/etc/sssd/sssd.conf b/sources/fdc.in/c3d/postinstall/install-data/etc/sssd/sssd.conf
new file mode 100644 (file)
index 0000000..b0da37b
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/etc/sssd/sssd.conf
@@ -0,0 +1,20 @@
+[sssd]
+services = nss, pam
+domains = ldap
+
+[nss]
+default_shell = /bin/bash
+
+[pam]
+
+[domain/ldap]
+id_provider = ldap
+ldap_uri = ldaps://fds.useribm.hu
+ldap_search_base = dc=user,dc=hu
+ldap_tls_cacertdir = /etc/openldap/certs
+ldap_tls_reqcert = allow
+
+auth_provider = ldap
+chpass_provider = ldap
+
+cache_credentials = True

diff --git a/sources/fdc.in/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh b/sources/fdc.in/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh
new file mode 100755 (executable)
index 0000000..eb5ba2d
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+
+if [ -d /etc/letsencrypt ]
+then
+    rm --force --recursive /etc/letsencrypt.old
+    cp --archive /etc/letsencrypt /etc/letsencrypt.old
+fi
+
+/usr/bin/rsync \
+    --archive \
+    --delete-after \
+    --info=STATS \
+    pki.in.useribm.hu::letsencrypt \
+    /etc/letsencrypt
+
+cp --archive \
+    /usr/lib/python3.10/site-packages/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf \
+    /etc/letsencrypt/options-ssl-apache.conf

diff --git a/sources/fdc.in/c3d/postinstall/install-data/usr/local/bin/mailpwdexpiration.py b/sources/fdc.in/c3d/postinstall/install-data/usr/local/bin/mailpwdexpiration.py
new file mode 100755 (executable)
index 0000000..5bda486
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/usr/local/bin/mailpwdexpiration.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+
+
+import ldap
+import time
+
+
+LDAP_URI='ldaps://fds.useribm.hu'
+USERS_BASE='ou=people,dc=user,dc=hu'
+
+
+if __name__ == '__main__':
+
+    ldap_object = ldap.initialize(LDAP_URI)
+    #ldap_object.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+    #ldap_object.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
+
+    search_id = ldap_object.search(USERS_BASE, ldap.SCOPE_SUBTREE, attrlist=['uid', 'pwdUpdateTime'])
+    (search_result_type, search_result_data) = ldap_object.result()
+
+    current_timestamp = time.mktime(time.gmtime())
+    for item in search_result_data:
+        (dn, values) = item
+        if 'pwdUpdateTime' in values:
+            uid = values['uid'][0].decode('utf-8')
+            pwdupdatetime = values['pwdUpdateTime'][0].decode('utf-8')
+            pwdupdatetimestamp = time.mktime(time.strptime(pwdupdatetime, '%Y%m%d%H%M%S%z'))
+            days_since_password_update = (current_timestamp - pwdupdatetimestamp) / (24 * 60 * 60)
+            print(uid, pwdupdatetime, days_since_password_update)
+            #print(dn, values)

diff --git a/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/index.xhtml b/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/index.xhtml
new file mode 100644 (file)
index 0000000..a7e98b2
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/index.xhtml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <title>Password Change</title>
+    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+    <link rel="stylesheet" href="main.css" type="text/css" />
+  </head>
+  <body>
+    <form action="/passwordchange" method="post">
+      <p>Login Name:</p>
+      <p><input name="login_name" type="text" /></p>
+      <p>Old Password:</p>
+      <p><input name="old_password" type="password" /></p>
+      <hr />
+      <p>New Password:</p>
+      <p><input name="new_password" type="password" /></p>
+      <p>New Password Again:</p>
+      <p><input name="new_password_again" type="password" /></p>
+      <p><input type="submit" value="Change" /></p>
+    </form>
+  </body>
+</html>

diff --git a/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/main.css b/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/main.css
new file mode 100644 (file)
index 0000000..ec079d7
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/main.css
@@ -0,0 +1,4 @@
+h1, p {
+  /* Center horizontally*/
+  text-align: center;
+}

diff --git a/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/wsgi/epilogue.xhtml b/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/wsgi/epilogue.xhtml
new file mode 100644 (file)
index 0000000..b605728
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/wsgi/epilogue.xhtml
@@ -0,0 +1,2 @@
+  </body>
+</html>

diff --git a/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/wsgi/passwordchange.wsgi b/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/wsgi/passwordchange.wsgi
new file mode 100644 (file)
index 0000000..1275550
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/wsgi/passwordchange.wsgi
@@ -0,0 +1,101 @@
+import os
+import cgi
+import sys
+import ldap
+import traceback
+
+
+LDAP_URI='ldaps://fds.useribm.hu'
+USERS_BASE='ou=people,dc=user,dc=hu'
+
+
+def password_change_app(environ, start_response):
+
+    error_occured = False
+
+    field_storage = cgi.FieldStorage(fp=environ['wsgi.input'],
+                                     environ=environ,
+                                     keep_blank_values=True)
+
+    uid = field_storage['login_name'].value
+    old_password = field_storage['old_password'].value
+    new_password = field_storage['new_password'].value
+    new_password_again = field_storage['new_password_again'].value
+
+    if new_password != new_password_again:
+        formatted_traceback = ['NEW_PASSWORD_MISMATCH']
+        error_occured = True
+
+    if not error_occured:
+        try:
+            ldap_object = ldap.initialize(LDAP_URI)
+            #ldap_object.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+            #ldap_object.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
+        except:
+            (exc_type, exc_value, exc_traceback) = sys.exc_info()
+            formatted_traceback = traceback.format_exception(exc_type,
+                                                             exc_value,
+                                                             exc_traceback)
+            error_occured = True
+
+    if not error_occured:
+        user_dn=','.join(['uid={}'.format(uid), USERS_BASE])
+        try:
+            bind_id = ldap_object.simple_bind(user_dn, old_password)
+            (bind_result_type, bind_result_data) = ldap_object.result()
+        except:
+            (exc_type, exc_value, exc_traceback) = sys.exc_info()
+            formatted_traceback = traceback.format_exception(exc_type,
+                                                             exc_value,
+                                                             exc_traceback)
+            error_occured = True
+
+    if not error_occured:
+        try:
+            password_change_id = ldap_object.passwd(user_dn,
+                                                    old_password,
+                                                    new_password)
+            (pwd_result_type, pwd_result_data) = ldap_object.result()
+        except:
+            (exc_type, exc_value, exc_traceback) = sys.exc_info()
+            formatted_traceback = traceback.format_exception(exc_type,
+                                                             exc_value,
+                                                             exc_traceback)
+            error_occured = True
+
+    prologue_file = open('/var/www/htdocs.443/wsgi/prologue.xhtml', 'r')
+    response_prologue = prologue_file.read()
+    prologue_file.close()
+    response_epilogue = '</body></html>'
+    if not error_occured:
+        success_text = '<h1>Woohoo, you have successfully changed your password!</h1>'
+        response_texts = [response_prologue,
+                          success_text,
+                          response_epilogue]
+    else:
+        response_texts = [response_prologue, '<pre>']
+        response_texts.extend(formatted_traceback)
+        response_texts.append('</pre>')
+        response_texts.append('<p><button onclick="history.back()">Go Back and Try Again</button></p>')
+        response_texts.append(response_epilogue)
+    response_body = bytes(os.linesep.join(response_texts), 'utf-8')
+                                
+    # HTTP response code and message
+    status = '200 OK'
+
+    # HTTP headers expected by the client
+    # They must be wrapped as a list of tupled pairs:
+    # [(Header name, Header value)].
+    response_headers = [
+        ('Content-Type', 'text/html'),
+        ('Content-Length', str(len(response_body)))
+    ]
+
+    # Send them to the server using the supplied function
+    start_response(status, response_headers)
+
+    # Return the response body. Notice it is wrapped
+    # in a list although it could be any iterable.
+    return [response_body]
+
+application = password_change_app

diff --git a/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/wsgi/prologue.xhtml b/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/wsgi/prologue.xhtml
new file mode 100644 (file)
index 0000000..b9f6005
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/install-data/var/www/htdocs.443/wsgi/prologue.xhtml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <title>Password Change</title>
+    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+    <link rel="stylesheet" href="main.css" type="text/css" />
+  </head>
+  <body>

diff --git a/sources/fdc.in/c3d/postinstall/scripts/10_setupservices.sh b/sources/fdc.in/c3d/postinstall/scripts/10_setupservices.sh
new file mode 100755 (executable)
index 0000000..d104b8a
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/scripts/10_setupservices.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+
+systemctl disable httpd.service
+systemctl disable oddjobd.service
+systemctl disable sssd.service
+
+systemctl disable NetworkManager-wait-online.service
+
+systemctl disable logrotate.timer

diff --git a/sources/fdc.in/config b/sources/fdc.in/config
new file mode 100644 (file)
index 0000000..7d1300c
--- /dev/null
+++ b/sources/fdc.in/config
@@ -0,0 +1,21 @@
+lxc.include = /usr/share/lxc/config/common.conf
+
+lxc.arch = x86_64
+lxc.uts.name = fdc.useribm.hu
+lxc.rootfs.path = __CONTAINER_PATH__/rootfs
+lxc.mount.auto = proc:rw sys:ro
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.link = brci-dev
+lxc.net.0.hwaddr = 02:0c:18:03:6d:43
+
+lxc.autodev = 1
+
+lxc.cgroup2.devices.allow = a
+
+lxc.signal.halt = SIGRTMIN+4
+
+lxc.start.auto = 1
+lxc.start.order = __CONTAINER_START_ORDER__
+lxc.start.delay = 5

diff --git a/sources/fdc.in/envvars b/sources/fdc.in/envvars
new file mode 100644 (file)
index 0000000..594e4ac
--- /dev/null
+++ b/sources/fdc.in/envvars
@@ -0,0 +1,6 @@
+DISTRIBUTION=Fedora
+DISTRIBUTION_VERSION=35
+SPEC_PACKAGES="authselect cronie httpd mailx mod_ssl oddjob-mkhomedir"
+SPEC_PACKAGES="$SPEC_PACKAGES openldap-clients openssh-clients"
+SPEC_PACKAGES="$SPEC_PACKAGES openssh-server passwd python3-certbot-apache"
+SPEC_PACKAGES="$SPEC_PACKAGES python3-ldap python3-mod_wsgi rsync sssd-ldap"