websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Debian patch 4.0.5-6~numeezy

Browse Source
This commit is contained in:
Alexandre Ellert
2016-02-17 15:07:45 +01:00
committed by Mario Fetka
parent c44de33144
commit 10dfc9587b
1203 changed files with 53869 additions and 241462 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
ipaplatform/base/__init__.pyc
View File

Binary file not shown.

28
ipaplatform/base/constants.py
View File

@@ -1,28 +0,0 @@
#
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
'''
This base platform module exports platform dependant constants.
'''
class BaseConstantsNamespace(object):
DS_USER = 'dirsrv'
DS_GROUP = 'dirsrv'
HTTPD_USER = "apache"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
KDCPROXY_USER = "kdcproxy"
NAMED_USER = "named"
NAMED_GROUP = "named"
PKI_USER = 'pkiuser'
PKI_GROUP = 'pkiuser'
# ntpd init variable used for daemon options
NTPD_OPTS_VAR = "OPTIONS"
# quote used for daemon options
NTPD_OPTS_QUOTE = "\""
ODS_USER = "ods"
ODS_GROUP = "ods"
# nfsd init variable used to enable kerberized NFS
SECURE_NFS_VAR = "SECURE_NFS"
SSSD_USER = "sssd"

130
ipaplatform/base/paths.py
View File

@@ -27,6 +27,8 @@ class BasePathNamespace(object):
BIN_FALSE = "/bin/false"
BIN_HOSTNAME = "/bin/hostname"
LS = "/bin/ls"
PKICREATE = "/bin/pkicreate"
PKISILENT = "/bin/pkisilent"
SH = "/bin/sh"
SYSTEMCTL = "/bin/systemctl"
TAR = "/bin/tar"
@@ -37,6 +39,7 @@ class BasePathNamespace(object):
ETC_DIRSRV = "/etc/dirsrv"
DS_KEYTAB = "/etc/dirsrv/ds.keytab"
ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s"
ETC_SLAPD_PKI_IPA_DIR = "/etc/dirsrv/slapd-PKI-IPA"
ETC_FEDORA_RELEASE = "/etc/fedora-release"
GROUP = "/etc/group"
ETC_HOSTNAME = "/etc/hostname"
@@ -46,8 +49,6 @@ class BasePathNamespace(object):
ALIAS_CACERT_ASC = "/etc/httpd/alias/cacert.asc"
ALIAS_PWDFILE_TXT = "/etc/httpd/alias/pwdfile.txt"
HTTPD_CONF_D_DIR = "/etc/httpd/conf.d/"
HTTPD_IPA_KDCPROXY_CONF = "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf"
HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/httpd/conf.d/ipa-kdc-proxy.conf"
HTTPD_IPA_PKI_PROXY_CONF = "/etc/httpd/conf.d/ipa-pki-proxy.conf"
HTTPD_IPA_REWRITE_CONF = "/etc/httpd/conf.d/ipa-rewrite.conf"
HTTPD_IPA_CONF = "/etc/httpd/conf.d/ipa.conf"
@@ -62,40 +63,29 @@ class BasePathNamespace(object):
IPA_DNS_UPDATE_TXT = "/etc/ipa/.dns_update.txt"
IPA_CA_CRT = "/etc/ipa/ca.crt"
IPA_DEFAULT_CONF = "/etc/ipa/default.conf"
IPA_DNSKEYSYNCD_KEYTAB = "/etc/ipa/dnssec/ipa-dnskeysyncd.keytab"
IPA_ODS_EXPORTER_KEYTAB = "/etc/ipa/dnssec/ipa-ods-exporter.keytab"
DNSSEC_SOFTHSM2_CONF = "/etc/ipa/dnssec/softhsm2.conf"
DNSSEC_SOFTHSM_PIN_SO = "/etc/ipa/dnssec/softhsm_pin_so"
IPA_NSSDB_DIR = "/etc/ipa/nssdb"
IPA_NSSDB_PWDFILE_TXT = "/etc/ipa/nssdb/pwdfile.txt"
KRB5_CONF = "/etc/krb5.conf"
KRB5_KEYTAB = "/etc/krb5.keytab"
LDAP_CONF = "/etc/ldap.conf"
LIBNSS_LDAP_CONF = "/etc/libnss-ldap.conf"
NAMED_CONF = "/etc/named.conf"
NAMED_VAR_DIR = "/var/named"
NAMED_KEYTAB = "/etc/named.keytab"
NAMED_RFC1912_ZONES = "/etc/named.rfc1912.zones"
NAMED_ROOT_KEY = "/etc/named.root.key"
NAMED_BINDKEYS_FILE = "/etc/named.iscdlv.key"
NAMED_MANAGED_KEYS_DIR = "/var/named/dynamic"
NSLCD_CONF = "/etc/nslcd.conf"
NSS_LDAP_CONF = "/etc/nss_ldap.conf"
NSSWITCH_CONF = "/etc/nsswitch.conf"
NTP_CONF = "/etc/ntp.conf"
NTP_STEP_TICKERS = "/etc/ntp/step-tickers"
ETC_OPENDNSSEC_DIR = "/etc/opendnssec"
OPENDNSSEC_CONF_FILE = "/etc/opendnssec/conf.xml"
OPENDNSSEC_KASP_FILE = "/etc/opendnssec/kasp.xml"
OPENDNSSEC_ZONELIST_FILE = "/etc/opendnssec/zonelist.xml"
OPENLDAP_LDAP_CONF = "/etc/openldap/ldap.conf"
PAM_LDAP_CONF = "/etc/pam_ldap.conf"
PASSWD = "/etc/passwd"
SYSTEMWIDE_IPA_CA_CRT = "/etc/pki/ca-trust/source/anchors/ipa-ca.crt"
IPA_P11_KIT = "/etc/pki/ca-trust/source/ipa.p11-kit"
ETC_PKI_CA_DIR = "/etc/pki-ca"
SYSTEMWIDE_CA_STORE = "/etc/pki/ca-trust/source/anchors/"
NSS_DB_DIR = "/etc/pki/nssdb"
NSSDB_CERT8_DB = "/etc/pki/nssdb/cert8.db"
NSSDB_KEY3_DB = "/etc/pki/nssdb/key3.db"
NSSDB_SECMOD_DB = "/etc/pki/nssdb/secmod.db"
PKI_TOMCAT = "/etc/pki/pki-tomcat"
PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias"
PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias/"
PKI_TOMCAT_PASSWORD_CONF = "/etc/pki/pki-tomcat/password.conf"
ETC_REDHAT_RELEASE = "/etc/redhat-release"
RESOLV_CONF = "/etc/resolv.conf"
@@ -107,38 +97,35 @@ class BasePathNamespace(object):
SSSD_CONF = "/etc/sssd/sssd.conf"
SSSD_CONF_BKP = "/etc/sssd/sssd.conf.bkp"
SSSD_CONF_DELETED = "/etc/sssd/sssd.conf.deleted"
ETC_SYSCONFIG_DIR = "/etc/sysconfig"
ETC_SYSCONFIG_AUTHCONFIG = "/etc/sysconfig/authconfig"
SYSCONFIG_AUTOFS = "/etc/sysconfig/autofs"
SYSCONFIG_DIRSRV = "/etc/sysconfig/dirsrv"
SYSCONFIG_DIRSRV_INSTANCE = "/etc/sysconfig/dirsrv-%s"
SYSCONFIG_DIRSRV_PKI_IPA_DIR = "/etc/sysconfig/dirsrv-PKI-IPA"
SYSCONFIG_DIRSRV_SYSTEMD = "/etc/sysconfig/dirsrv.systemd"
SYSCONFIG_IPA_DNSKEYSYNCD = "/etc/sysconfig/ipa-dnskeysyncd"
SYSCONFIG_IPA_ODS_EXPORTER = "/etc/sysconfig/ipa-ods-exporter"
SYSCONFIG_HTTPD = "/etc/sysconfig/httpd"
SYSCONFIG_KRB5KDC_DIR = "/etc/sysconfig/krb5kdc"
SYSCONFIG_NAMED = "/etc/sysconfig/named"
SYSCONFIG_NETWORK = "/etc/sysconfig/network"
SYSCONFIG_NETWORK_IPABKP = "/etc/sysconfig/network.ipabkp"
SYSCONFIG_NFS = "/etc/sysconfig/nfs"
SYSCONFIG_NTPD = "/etc/sysconfig/ntpd"
SYSCONFIG_ODS = "/etc/sysconfig/ods"
SYSCONFIG_PKI = "/etc/sysconfig/pki"
SYSCONFIG_PKI_CA_DIR = "/etc/sysconfig/pki-ca"
SYSCONFIG_PKI_TOMCAT = "/etc/sysconfig/pki-tomcat"
SYSCONFIG_PKI_CA_PKI_CA_DIR = "/etc/sysconfig/pki/ca/pki-ca"
SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/sysconfig/pki/tomcat/pki-tomcat"
ETC_SYSTEMD_SYSTEM_DIR = "/etc/systemd/system/"
SYSTEMD_CERTMONGER_SERVICE = "/etc/systemd/system/multi-user.target.wants/certmonger.service"
SYSTEMD_IPA_SERVICE = "/etc/systemd/system/multi-user.target.wants/ipa.service"
SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service"
SYSTEMD_PKI_TOMCAT_SERVICE = "/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service"
DNSSEC_TRUSTED_KEY = "/etc/trusted-key.key"
HOME_DIR = "/home"
ROOT_IPA_CACHE = "/root/.ipa_cache"
ROOT_PKI = "/root/.pki"
DOGTAG_ADMIN_P12 = "/root/ca-agent.p12"
KRA_AGENT_PEM = "/etc/httpd/alias/kra-agent.pem"
CA_AGENT_P12 = "/root/ca-agent.p12"
CACERT_P12 = "/root/cacert.p12"
ROOT_IPA_CSR = "/root/ipa.csr"
ROOT_TMP_CA_P12 = "/root/tmp-ca.p12"
NAMED_PID = "/run/named/named.pid"
IP = "/sbin/ip"
NOLOGIN = "/sbin/nologin"
@@ -149,7 +136,7 @@ class BasePathNamespace(object):
TMP_CA_P12 = "/tmp/ca.p12"
TMP_KRB5CC = "/tmp/krb5cc_%d"
USR_DIR = "/usr"
CERTMONGER_COMMAND_TEMPLATE = "/usr/libexec/ipa/certmonger/%s"
CERTMONGER_COMMAND_TEMPLATE = "/usr/%s/ipa/certmonger/%s"
PKCS12EXPORT = "/usr/bin/PKCS12Export"
CERTUTIL = "/usr/bin/certutil"
CHROMIUM_BROWSER = "/usr/bin/chromium-browser"
@@ -167,54 +154,45 @@ class BasePathNamespace(object):
NET = "/usr/bin/net"
BIN_NISDOMAINNAME = "/usr/bin/nisdomainname"
NSUPDATE = "/usr/bin/nsupdate"
ODS_KSMUTIL = "/usr/bin/ods-ksmutil"
ODS_SIGNER = "/usr/sbin/ods-signer"
OPENSSL = "/usr/bin/openssl"
PERL = "/usr/bin/perl"
PK12UTIL = "/usr/bin/pk12util"
PKI_SETUP_PROXY = "/usr/bin/pki-setup-proxy"
PKICREATE = "/usr/bin/pkicreate"
PKIREMOVE = "/usr/bin/pkiremove"
PKISILENT = "/usr/bin/pkisilent"
SETPASSWD = "/usr/bin/setpasswd"
SIGNTOOL = "/usr/bin/signtool"
SOFTHSM2_UTIL = "/usr/bin/softhsm2-util"
SSLGET = "/usr/bin/sslget"
SSS_SSH_AUTHORIZEDKEYS = "/usr/bin/sss_ssh_authorizedkeys"
SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy"
BIN_TIMEOUT = "/usr/bin/timeout"
UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
BIN_CURL = "/usr/bin/curl"
BIN_WGET = "/usr/bin/wget"
ZIP = "/usr/bin/zip"
BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
USR_LIB_DIRSRV = "/usr/lib/dirsrv"
USR_LIB_SLAPD_INSTANCE_TEMPLATE = "/usr/lib/dirsrv/slapd-%s"
USR_LIB_SLAPD_PKI_IPA_DIR = "/usr/lib/dirsrv/slapd-PKI-IPA"
LIB_FIREFOX = "/usr/lib/firefox"
LIBSOFTHSM2_SO = "/usr/lib/pkcs11/libsofthsm2.so"
LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/"
BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE = "/usr/lib64/dirsrv/slapd-%s"
SLAPD_PKI_IPA = "/usr/lib64/dirsrv/slapd-PKI-IPA"
LIB64_FIREFOX = "/usr/lib64/firefox"
LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so"
DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit"
DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit"
IPA_SERVER_GUARD = "/usr/libexec/certmonger/ipa-server-guard"
GENERATE_RNDC_KEY = "/usr/libexec/generate-rndc-key.sh"
IPA_DNSKEYSYNCD_REPLICA = "/usr/libexec/ipa/ipa-dnskeysync-replica"
IPA_DNSKEYSYNCD = "/usr/libexec/ipa/ipa-dnskeysyncd"
IPA_ODS_EXPORTER = "/usr/libexec/ipa/ipa-ods-exporter"
DNSSEC_KEYFROMLABEL = "/usr/sbin/dnssec-keyfromlabel-pkcs11"
GETSEBOOL = "/usr/sbin/getsebool"
GROUPADD = "/usr/sbin/groupadd"
HTTPD = "/usr/sbin/httpd"
IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"
IPA_DNS_INSTALL = "/usr/sbin/ipa-dns-install"
SBIN_IPA_JOIN = "/usr/sbin/ipa-join"
IPA_REPLICA_CONNCHECK = "/usr/sbin/ipa-replica-conncheck"
IPA_RMKEYTAB = "/usr/sbin/ipa-rmkeytab"
IPACTL = "/usr/sbin/ipactl"
NAMED = "/usr/sbin/named"
NAMED_PKCS11 = "/usr/sbin/named-pkcs11"
NTPD = "/usr/sbin/ntpd"
PKIDESTROY = "/usr/sbin/pkidestroy"
PKISPAWN = "/usr/sbin/pkispawn"
REMOVE_DS_PL = "/usr/sbin/remove-ds.pl"
RESTORECON = "/usr/sbin/restorecon"
SELINUXENABLED = "/usr/sbin/selinuxenabled"
SETSEBOOL = "/usr/sbin/setsebool"
@@ -222,28 +200,26 @@ class BasePathNamespace(object):
SMBD = "/usr/sbin/smbd"
USERADD = "/usr/sbin/useradd"
USR_SHARE_IPA_DIR = "/usr/share/ipa/"
CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
FFEXTENSION = "/usr/share/ipa/ffextension"
IPA_HTML_DIR = "/usr/share/ipa/html"
CA_CRT = "/usr/share/ipa/html/ca.crt"
CONFIGURE_JAR = "/usr/share/ipa/html/configure.jar"
KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi"
KRB_CON = "/usr/share/ipa/html/krb.con"
KRB_JS = "/usr/share/ipa/html/krb.js"
HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
PREFERENCES_HTML = "/usr/share/ipa/html/preferences.html"
NIS_ULDIF = "/usr/share/ipa/nis.uldif"
NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif"
IPA_PLUGINS = "/usr/share/ipa/plugins"
SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
UPDATES_DIR = "/usr/share/ipa/updates/"
DICT_WORDS = "/usr/share/dict/words"
PKI_CONF_SERVER_XML = "/usr/share/pki/ca/conf/server.xml"
CACHE_IPA_SESSIONS = "/var/cache/ipa/sessions"
VAR_KERBEROS_KRB5KDC_DIR = "/var/kerberos/krb5kdc/"
VAR_KRB5KDC_K5_REALM = "/var/kerberos/krb5kdc/.k5."
CACERT_PEM = "/var/kerberos/krb5kdc/cacert.pem"
KRB5KDC_KADM5_ACL = "/var/kerberos/krb5kdc/kadm5.acl"
KRB5KDC_KADM5_KEYTAB = "/var/kerberos/krb5kdc/kadm5.keytab"
KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf"
KDC_PEM = "/var/kerberos/krb5kdc/kdc.pem"
VAR_LIB = "/var/lib"
@@ -257,45 +233,35 @@ class BasePathNamespace(object):
VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE = "/var/lib/dirsrv/scripts-%s"
VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s"
SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s"
SLAPD_INSTANCE_DB_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/%s"
IPACA_DIRSRV_INSTANCE_DB_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/ipaca"
SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif"
VAR_LIB_SLAPD_PKI_IPA_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-PKI-IPA"
VAR_LIB_IPA = "/var/lib/ipa"
IPA_CLIENT_SYSRESTORE = "/var/lib/ipa-client/sysrestore"
SYSRESTORE_INDEX = "/var/lib/ipa-client/sysrestore/sysrestore.index"
IPA_BACKUP_DIR = "/var/lib/ipa/backup"
IPA_DNSSEC_DIR = "/var/lib/ipa/dnssec"
IPA_KASP_DB_BACKUP = "/var/lib/ipa/ipa-kasp.db.backup"
DNSSEC_TOKENS_DIR = "/var/lib/ipa/dnssec/tokens"
DNSSEC_SOFTHSM_PIN = "/var/lib/ipa/dnssec/softhsm_pin"
IPA_CA_CSR = "/var/lib/ipa/ca.csr"
PKI_CA_PUBLISH_DIR = "/var/lib/ipa/pki-ca/publish"
REPLICA_INFO_TEMPLATE = "/var/lib/ipa/replica-info-%s"
REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg"
SYSRESTORE = "/var/lib/ipa/sysrestore"
STATEFILE_DIR = "/var/lib/ipa/sysupgrade"
VAR_LIB_KDCPROXY = "/var/lib/kdcproxy"
VAR_LIB_PKI_DIR = "/var/lib/pki"
VAR_LIB_PKI_CA_ALIAS_DIR = "/var/lib/pki-ca/alias"
VAR_LIB_PKI_CA_DIR = "/var/lib/pki-ca"
PKI_ALIAS_CA_P12 = "/var/lib/pki-ca/alias/ca.p12"
VAR_LIB_PKI_TOMCAT_DIR = "/var/lib/pki/pki-tomcat"
CA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12"
KRA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/kra_backup_keys.p12"
CA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg"
CAJARSIGNINGCERT_CFG = (
"/var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg")
CASIGNEDLOGCERT_CFG = (
"/var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg")
KRA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/kra/CS.cfg"
KRACERT_P12 = "/root/kracert.p12"
SAMBA_DIR = "/var/lib/samba/"
SSSD_DB = "/var/lib/sss/db"
SSSD_MC_GROUP = "/var/lib/sss/mc/group"
SSSD_MC_PASSWD = "/var/lib/sss/mc/passwd"
SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
SLAPD_INSTANCE_LOCK_TEMPLATE = "/var/lock/dirsrv/slapd-%s"
VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
VAR_LOG_SLAPD_PKI_IPA_DIR = "/var/log/dirsrv/slapd-PKI-IPA"
VAR_LOG_HTTPD_DIR = "/var/log/httpd"
IPABACKUP_LOG = "/var/log/ipabackup.log"
IPACLIENT_INSTALL_LOG = "/var/log/ipaclient-install.log"
@@ -304,49 +270,27 @@ class BasePathNamespace(object):
IPAREPLICA_CONNCHECK_LOG = "/var/log/ipareplica-conncheck.log"
IPAREPLICA_INSTALL_LOG = "/var/log/ipareplica-install.log"
IPARESTORE_LOG = "/var/log/iparestore.log"
IPASERVER_CA_INSTALL_LOG = "/var/log/ipaserver-ca-install.log"
IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log"
IPASERVER_KRA_INSTALL_LOG = "/var/log/ipaserver-kra-install.log"
IPASERVER_KRA_UNINSTALL_LOG = "/var/log/ipaserver-kra-uninstall.log"
IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log"
IPAUPGRADE_LOG = "/var/log/ipaupgrade.log"
KADMIND_LOG = "/var/log/kadmind.log"
MESSAGES = "/var/log/messages"
PKI_CA_LOG_DIR = "/var/log/pki-ca"
PKI_CA_INSTALL_LOG = "/var/log/pki-ca-install.log"
PKI_CA_UNINSTALL_LOG = "/var/log/pki-ca-uninstall.log"
VAR_LOG_PKI_DIR = "/var/log/pki/"
TOMCAT_TOPLEVEL_DIR = "/var/log/pki/pki-tomcat"
TOMCAT_CA_DIR = "/var/log/pki/pki-tomcat/ca"
TOMCAT_CA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/ca/archive"
TOMCAT_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/ca/signedAudit"
TOMCAT_KRA_DIR = "/var/log/pki/pki-tomcat/kra"
TOMCAT_KRA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/kra/archive"
TOMCAT_KRA_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/kra/signedAudit"
LOG_SECURE = "/var/log/secure"
NAMED_RUN = "/var/named/data/named.run"
VAR_OPENDNSSEC_DIR = "/var/opendnssec"
OPENDNSSEC_KASP_DB = "/var/opendnssec/kasp.db"
IPA_ODS_EXPORTER_CCACHE = "/var/opendnssec/tmp/ipa-ods-exporter.ccache"
VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv"
KRB5CC_HTTPD = "/var/run/httpd/ipa/krbcache/krb5ccache"
IPA_RENEWAL_LOCK = "/var/run/ipa/renewal.lock"
SVC_LIST_FILE = "/var/run/ipa/services.list"
IPA_MEMCACHED_DIR = "/var/run/ipa_memcached"
VAR_RUN_IPA_MEMCACHED = "/var/run/ipa_memcached/ipa_memcached"
KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba"
SLAPD_INSTANCE_SOCKET_TEMPLATE = "/var/run/slapd-%s.socket"
ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
ADMIN_CERT_PATH = '/root/.dogtag/pki-tomcat/ca_admin.cert'
ENTROPY_AVAIL = '/proc/sys/kernel/random/entropy_avail'
LDIF2DB = '/usr/sbin/ldif2db'
DB2LDIF = '/usr/sbin/db2ldif'
BAK2DB = '/usr/sbin/bak2db'
DB2BAK = '/usr/sbin/db2bak'
KDCPROXY_CONFIG = '/etc/ipa/kdcproxy/kdcproxy.conf'
CERTMONGER = '/usr/sbin/certmonger'
NETWORK_MANAGER_CONFIG_DIR = '/etc/NetworkManager/conf.d'
IPA_CUSTODIA_CONF_DIR = '/etc/ipa/custodia'
IPA_CUSTODIA_CONF = '/etc/ipa/custodia/custodia.conf'
IPA_CUSTODIA_SOCKET = '/run/httpd/ipa-custodia.sock'
IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log'
IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab'
path_namespace = BasePathNamespace

BIN
ipaplatform/base/paths.pyc
View File

Binary file not shown.

128
ipaplatform/base/services.py
View File

@@ -25,14 +25,11 @@ interacting with system services.
import os
import json
import time
import collections
import six
import ipalib
from ipapython import ipautil
from ipaplatform.paths import paths
from ipalib.plugable import MagicDict
# Canonical names of services as IPA wants to see them. As we need to have
# *some* naming, set them as in Red Hat distributions. Actual implementation
@@ -41,22 +38,23 @@ from ipaplatform.paths import paths
wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc',
'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap',
'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd',
'rpcidmapd', 'pki_tomcatd', 'chronyd', 'domainname',
'named', 'ods_enforcerd', 'ods_signerd']
'rpcidmapd', 'pki_tomcatd', 'pki_cad', 'chronyd',
'domainname']
# The common ports for these services. This is used to wait for the
# service to become available.
wellknownports = {
'dirsrv@PKI-IPA.service': [7389],
'PKI-IPA': [7389],
'dirsrv': [389], # only used if the incoming instance name is blank
'pki-cad': [9180, 9443, 9444],
'pki-tomcatd@pki-tomcat.service': [8080, 8443],
'pki-tomcat': [8080, 8443],
'pki-tomcatd': [8080, 8443], # used if the incoming instance name is blank
}
SERVICE_POLL_INTERVAL = 0.1 # seconds
class KnownServices(collections.Mapping):
class KnownServices(MagicDict):
"""
KnownServices is an abstract class factory that should give out instances
of well-known platform services. Actual implementation must create these
@@ -64,27 +62,6 @@ class KnownServices(collections.Mapping):
and cache them.
"""
def __init__(self, d):
self.__d = d
def __getitem__(self, key):
return self.__d[key]
def __iter__(self):
return iter(self.__d)
def __len__(self):
return len(self.__d)
def __call__(self):
return six.itervalues(self.__d)
def __getattr__(self, name):
try:
return self.__d[name]
except KeyError:
raise AttributeError(name)
class PlatformService(object):
"""
@@ -157,21 +134,12 @@ class PlatformService(object):
def is_enabled(self, instance_name=""):
return False
def is_masked(self, instance_name=""):
return False
def enable(self, instance_name=""):
return
def disable(self, instance_name=""):
return
def mask(self, instance_name=""):
return
def unmask(self, instance_name=""):
return
def install(self, instance_name=""):
return
@@ -198,7 +166,8 @@ class SystemdService(PlatformService):
elements = self.systemd_name.split("@")
# Make sure the correct DS instance is returned
if elements[0] == 'dirsrv' and not instance_name:
if (elements[0] == 'dirsrv' and not instance_name and
operation == 'is-active'):
return ('dirsrv@%s.service'
% str(self.api.env.realm.replace('.', '-')))
@@ -269,7 +238,7 @@ class SystemdService(PlatformService):
if instance == "ipa-otpd.socket":
args.append("--ignore-dependencies")
ipautil.run(args, skip_output=not capture_output)
ipautil.run(args, capture_output=capture_output)
if getattr(self.api.env, 'context', None) in ['ipactl', 'installer']:
update_service_list = True
@@ -282,7 +251,7 @@ class SystemdService(PlatformService):
def start(self, instance_name="", capture_output=True, wait=True):
ipautil.run([paths.SYSTEMCTL, "start",
self.service_instance(instance_name)],
skip_output=not capture_output)
capture_output=capture_output)
if getattr(self.api.env, 'context', None) in ['ipactl', 'installer']:
update_service_list = True
@@ -298,7 +267,7 @@ class SystemdService(PlatformService):
def restart(self, instance_name="", capture_output=True, wait=True):
ipautil.run([paths.SYSTEMCTL, "restart",
self.service_instance(instance_name)],
skip_output=not capture_output)
capture_output=capture_output)
if wait and self.is_running(instance_name):
self.wait_for_open_ports(self.service_instance(instance_name))
@@ -308,35 +277,33 @@ class SystemdService(PlatformService):
while True:
try:
result = ipautil.run(
(sout, serr, rcode) = ipautil.run(
[paths.SYSTEMCTL, "is-active", instance],
capture_output=True
)
except ipautil.CalledProcessError as e:
if e.returncode == 3 and 'activating' in str(e.output):
time.sleep(SERVICE_POLL_INTERVAL)
continue
return False
else:
# activating
if result.returncode == 3 and 'activating' in result.output:
time.sleep(SERVICE_POLL_INTERVAL)
if rcode == 3 and 'activating' in str(sout):
continue
# active
if result.returncode == 0:
if rcode == 0:
return True
# not active
return False
def is_installed(self):
try:
result = ipautil.run(
[paths.SYSTEMCTL, "list-unit-files", "--full"],
capture_output=True)
if result.returncode != 0:
(sout, serr, rcode) = ipautil.run([paths.SYSTEMCTL,
"list-unit-files",
"--full"])
if rcode != 0:
return False
else:
svar = self.parse_variables(result.output)
svar = self.parse_variables(sout)
if not self.service_instance("") in svar:
# systemd doesn't show the service
return False
@@ -348,32 +315,18 @@ class SystemdService(PlatformService):
def is_enabled(self, instance_name=""):
enabled = True
try:
result = ipautil.run(
[paths.SYSTEMCTL, "is-enabled",
self.service_instance(instance_name)])
(sout, serr, rcode) = ipautil.run(
[paths.SYSTEMCTL,
"is-enabled",
self.service_instance(instance_name)])
if result.returncode != 0:
if rcode != 0:
enabled = False
except ipautil.CalledProcessError:
enabled = False
return enabled
def is_masked(self, instance_name=""):
masked = False
try:
result = ipautil.run(
[paths.SYSTEMCTL, "is-enabled",
self.service_instance(instance_name)],
capture_output=True)
if result.returncode == 1 and result.output == 'masked':
masked = True
except ipautil.CalledProcessError:
pass
return masked
def enable(self, instance_name=""):
if self.lib_path_exists is None:
self.lib_path_exists = os.path.exists(self.lib_path)
@@ -408,7 +361,6 @@ class SystemdService(PlatformService):
try:
if not ipautil.dir_exists(srv_tgt):
os.mkdir(srv_tgt)
os.chmod(srv_tgt, 0o755)
if os.path.exists(srv_lnk):
# Remove old link
os.unlink(srv_lnk)
@@ -448,28 +400,7 @@ class SystemdService(PlatformService):
except:
pass
else:
try:
ipautil.run([paths.SYSTEMCTL, "disable",
self.service_instance(instance_name)])
except ipautil.CalledProcessError:
pass
def mask(self, instance_name=""):
srv_tgt = os.path.join(paths.ETC_SYSTEMD_SYSTEM_DIR, self.service_instance(instance_name))
if os.path.exists(srv_tgt):
os.unlink(srv_tgt)
try:
ipautil.run([paths.SYSTEMCTL, "mask",
self.service_instance(instance_name)])
except ipautil.CalledProcessError:
pass
def unmask(self, instance_name=""):
try:
ipautil.run([paths.SYSTEMCTL, "unmask",
self.service_instance(instance_name)])
except ipautil.CalledProcessError:
pass
self.__disable(instance_name)
def __enable(self, instance_name=""):
try:
@@ -478,6 +409,13 @@ class SystemdService(PlatformService):
except ipautil.CalledProcessError:
pass
def __disable(self, instance_name=""):
try:
ipautil.run([paths.SYSTEMCTL, "disable",
self.service_instance(instance_name)])
except ipautil.CalledProcessError:
pass
def install(self):
self.enable()

BIN
ipaplatform/base/services.pyc Normal file
View File

Binary file not shown.

115
ipaplatform/base/tasks.py
View File

@@ -22,16 +22,7 @@
This module contains default platform-specific implementations of system tasks.
'''
import pwd
import grp
from pkg_resources import parse_version
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import log_mgr
from ipapython import ipautil
log = log_mgr.get_logger(__name__)
class BaseTaskNamespace(object):
@@ -58,18 +49,9 @@ class BaseTaskNamespace(object):
return
def reload_systemwide_ca_store(self):
def insert_ca_cert_into_systemwide_ca_store(self, path):
"""
Reloads the systemwide CA store.
Returns True if the operation succeeded, False otherwise.
"""
return True
def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
"""
Adds CA certificates from 'ca_certs' to the systemwide CA store
Adds the CA certificate located at 'path' to the systemwide CA store
(if available on the platform).
Returns True if the operation succeeded, False otherwise.
@@ -77,10 +59,10 @@ class BaseTaskNamespace(object):
return True
def remove_ca_certs_from_systemwide_ca_store(self):
def remove_ca_cert_from_systemwide_ca_store(self, path):
"""
Removes IPA CA certificates from the systemwide CA store
(if available on the platform).
Removes the CA certificate located at 'path' from the systemwide CA
store (if available on the platform).
Returns True if the operation succeeded, False otherwise.
"""
@@ -150,89 +132,4 @@ class BaseTaskNamespace(object):
return
def backup_auth_configuration(self, path):
"""
Create backup of access control configuration.
:param path: store the backup here. This will be passed to
restore_auth_configuration as well.
"""
return
def restore_auth_configuration(self, path):
"""
Restore backup of access control configuration.
:param path: restore the backup from here.
"""
return
def set_selinux_booleans(self, required_settings, backup_func=None):
"""Set the specified SELinux booleans
:param required_settings: A dictionary mapping the boolean names
to desired_values.
The desired value can be 'on' or 'off',
or None to leave the setting unchanged.
:param backup_func: A function called for each boolean with two
arguments: the name and the previous value
If SELinux is disabled, return False; on success returns True.
If setting the booleans fails,
an ipapython.errors.SetseboolError is raised.
"""
return
def create_system_user(self, name, group, homedir, shell, uid=None, gid=None, comment=None, create_homedir=False):
"""Create a system user with a corresponding group"""
try:
grp.getgrnam(group)
except KeyError:
log.debug('Adding group %s', group)
args = [paths.GROUPADD, '-r', group]
if gid:
args += ['-g', str(gid)]
try:
ipautil.run(args)
log.debug('Done adding group')
except ipautil.CalledProcessError as e:
log.critical('Failed to add group: %s', e)
raise
else:
log.debug('group %s exists', group)
try:
pwd.getpwnam(name)
except KeyError:
log.debug('Adding user %s', name)
args = [
paths.USERADD,
'-g', group,
'-d', homedir,
'-s', shell,
'-r', name,
]
if uid:
args += ['-u', str(uid)]
if comment:
args += ['-c', comment]
if create_homedir:
args += ['-m']
else:
args += ['-M']
try:
ipautil.run(args)
log.debug('Done adding user')
except ipautil.CalledProcessError as e:
log.critical('Failed to add user: %s', e)
raise
else:
log.debug('user %s exists', name)
def parse_ipa_version(self, version):
"""
:param version: textual version
:return: object implementing proper __cmp__ method for version compare
"""
return parse_version(version)
task_namespace = BaseTaskNamespace()

BIN
ipaplatform/base/tasks.pyc Normal file
View File

Binary file not shown.