websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Debian patch 4.0.5-6~numeezy

Browse Source
This commit is contained in:
Alexandre Ellert
2016-02-17 15:07:45 +01:00
committed by Mario Fetka
parent c44de33144
commit 10dfc9587b
1203 changed files with 53869 additions and 241462 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
ipaserver/advise/base.py
View File

@@ -17,15 +17,11 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import print_function
import os
from textwrap import wrap
from ipalib import api
from ipalib.plugable import Plugin, API
from ipalib.errors import ValidationError
from ipapython import admintool
from textwrap import wrap
from ipapython.ipa_log_manager import log_mgr
@@ -76,62 +72,6 @@ Important! Do not forget to register the class to the API.
"""
class _AdviceOutput(object):
def __init__(self):
self.content = []
self.prefix = '# '
self.options = None
def comment(self, line, wrapped=True):
if wrapped:
for wrapped_line in wrap(line, 70):
self.content.append(self.prefix + wrapped_line)
else:
self.content.append(self.prefix + line)
def debug(self, line):
if self.options.verbose:
self.comment('DEBUG: ' + line)
def command(self, line):
self.content.append(line)
class Advice(Plugin):
"""
Base class for advices, plugins for ipa-advise.
"""
options = None
require_root = False
description = ''
def __init__(self, api):
super(Advice, self).__init__(api)
self.log = _AdviceOutput()
def set_options(self, options):
self.options = options
self.log.options = options
def get_info(self):
"""
This method should be overridden by child Advices.
Returns a string with instructions.
"""
raise NotImplementedError
class AdviseAPI(API):
bases = (Advice,)
modules = ('ipaserver.advise.plugins.*',)
advise_api = AdviseAPI()
class IpaAdvise(admintool.AdminTool):
"""
Admin tool that given systems's configuration provides instructions how to
@@ -164,10 +104,10 @@ class IpaAdvise(admintool.AdminTool):
def print_config_list(self):
self.print_header('List of available advices')
max_keyword_len = max((len(keyword) for keyword in advise_api.Advice))
max_keyword_len = max((len(keyword) for keyword in api.Advice))
for keyword in advise_api.Advice:
advice = getattr(advise_api.Advice, keyword, '')
for keyword in api.Advice:
advice = getattr(api.Advice, keyword, '')
description = getattr(advice, 'description', '')
keyword = keyword.replace('_', '-')
@@ -177,11 +117,11 @@ class IpaAdvise(admintool.AdminTool):
wrapped_description = wrap(description, 80 - len(prefix))
# Print the first line with the prefix (keyword)
print(prefix + wrapped_description[0])
print prefix + wrapped_description[0]
# Print the rest wrapped behind the colon
for line in wrapped_description[1:]:
print("{off}{line}".format(off=' ' * len(prefix), line=line))
print "{off}{line}".format(off=' ' * len(prefix), line=line)
def print_header(self, header, print_shell=False):
header_size = len(header)
@@ -189,17 +129,17 @@ class IpaAdvise(admintool.AdminTool):
prefix = ''
if print_shell:
prefix = '# '
print('#!/bin/sh')
print '#!/bin/sh'
# Do not print out empty header
if header_size > 0:
print((prefix + '-' * 70))
print(prefix + '-' * 70)
for line in wrap(header, 70):
print((prefix + line))
print((prefix + '-' * 70))
print(prefix + line)
print(prefix + '-' * 70)
def print_advice(self, keyword):
advice = getattr(advise_api.Advice, keyword, None)
advice = getattr(api.Advice, keyword, None)
# Ensure that Configuration class for given --setup option value exists
if advice is None:
@@ -227,15 +167,13 @@ class IpaAdvise(admintool.AdminTool):
advice.get_info()
api.Backend.rpcclient.disconnect()
for line in advice.log.content:
print(line)
print line
def run(self):
super(IpaAdvise, self).run()
api.bootstrap(in_server=False, context='cli')
api.bootstrap(in_server=False, context='advise')
api.finalize()
advise_api.bootstrap(in_server=False, context='cli')
advise_api.finalize()
if not self.options.verbose:
# Do not print connection information by default
logger_name = r'ipa\.ipalib\.plugins\.rpcclient'

9
ipaserver/advise/plugins/fedora_authconfig.py
View File

@@ -18,13 +18,9 @@
#
from ipalib import api
from ipalib.plugable import Registry
from ipaserver.advise.base import Advice
register = Registry()
from ipalib.frontend import Advice
@register()
class config_fedora_authconfig(Advice):
"""
Provides client configuration instructions using authconfig.
@@ -40,3 +36,6 @@ class config_fedora_authconfig(Advice):
"--enablerfc2307bis --enablekrb5"
advice = template.format(server=api.env.host)
self.log.command(advice)
api.register(config_fedora_authconfig)

45
ipaserver/advise/plugins/legacy_clients.py
View File

@@ -19,12 +19,9 @@
import os
from ipalib import api
from ipalib.plugable import Registry
from ipaserver.advise.base import Advice
from ipalib.frontend import Advice
from ipapython.ipautil import template_file, SHARE_DIR
register = Registry()
class config_base_legacy_client(Advice):
def get_uri_and_base(self):
@@ -51,13 +48,13 @@ class config_base_legacy_client(Advice):
'cacertdir_rehash?format=txt')
self.log.comment('Download the CA certificate of the IPA server')
self.log.command('mkdir -p -m 755 /etc/openldap/cacerts')
self.log.command('curl http://%s/ipa/config/ca.crt -o '
self.log.command('wget http://%s/ipa/config/ca.crt -O '
'/etc/openldap/cacerts/ipa.crt\n' % api.env.host)
self.log.comment('Generate hashes for the openldap library')
self.log.command('command -v cacertdir_rehash')
self.log.command('if [ $? -ne 0 ] ; then')
self.log.command(' curl "%s" -o cacertdir_rehash ;' % cacertdir_rehash)
self.log.command(' wget "%s" -O cacertdir_rehash ;' % cacertdir_rehash)
self.log.command(' chmod 755 ./cacertdir_rehash ;')
self.log.command(' ./cacertdir_rehash /etc/openldap/cacerts/ ;')
self.log.command('else')
@@ -83,7 +80,6 @@ class config_base_legacy_client(Advice):
self.log.command('service sssd start')
@register()
class config_redhat_sssd_before_1_9(config_base_legacy_client):
"""
Legacy client configuration for Red Hat based systems, using SSSD.
@@ -98,7 +94,7 @@ class config_redhat_sssd_before_1_9(config_base_legacy_client):
self.check_compat_plugin()
self.log.comment('Install required packages via yum')
self.log.command('yum install -y sssd authconfig curl openssl\n')
self.log.command('yum install -y sssd authconfig wget openssl\n')
self.configure_ca_cert()
@@ -117,7 +113,9 @@ class config_redhat_sssd_before_1_9(config_base_legacy_client):
super(config_redhat_sssd_before_1_9, self).configure_ca_cert()
@register()
api.register(config_redhat_sssd_before_1_9)
class config_generic_linux_sssd_before_1_9(config_base_legacy_client):
"""
Legacy client configuration for non Red Hat based linux systems,
@@ -140,7 +138,7 @@ class config_generic_linux_sssd_before_1_9(config_base_legacy_client):
self.log.comment('Install required packages using your system\'s '
'package manager. E.g:')
self.log.command('apt-get -y install sssd curl openssl\n')
self.log.command('apt-get -y install sssd wget openssl\n')
self.configure_ca_cert()
@@ -172,7 +170,9 @@ class config_generic_linux_sssd_before_1_9(config_base_legacy_client):
'/etc/ldap/ldap.conf\n')
@register()
api.register(config_generic_linux_sssd_before_1_9)
class config_redhat_nss_pam_ldapd(config_base_legacy_client):
"""
Legacy client configuration for Red Hat based systems,
@@ -188,14 +188,14 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client):
self.check_compat_plugin()
self.log.comment('Install required packages via yum')
self.log.command('yum install -y curl openssl nss-pam-ldapd pam_ldap '
self.log.command('yum install -y wget openssl nss-pam-ldapd pam_ldap '
'authconfig\n')
self.configure_ca_cert()
self.log.comment('Use the authconfig to configure nsswitch.conf '
'and the PAM stack')
self.log.command('authconfig --updateall --enableldap --enableldaptls '
self.log.command('authconfig --updateall --enableldap '
'--enableldapauth --ldapserver=%s --ldapbasedn=%s\n'
% (uri, base))
@@ -207,7 +207,9 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client):
super(config_redhat_nss_pam_ldapd, self).configure_ca_cert()
@register()
api.register(config_redhat_nss_pam_ldapd)
class config_generic_linux_nss_pam_ldapd(config_base_legacy_client):
"""
Legacy client configuration for non Red Hat based linux systems,
@@ -232,7 +234,7 @@ class config_generic_linux_nss_pam_ldapd(config_base_legacy_client):
self.log.comment('Install required packages using your system\'s '
'package manager. E.g:')
self.log.command('apt-get -y install curl openssl libnss-ldapd '
self.log.command('apt-get -y install wget openssl libnss-ldapd '
'libpam-ldapd nslcd\n')
self.configure_ca_cert()
@@ -274,7 +276,9 @@ class config_generic_linux_nss_pam_ldapd(config_base_legacy_client):
'/etc/ldap/ldap.conf\n')
@register()
api.register(config_generic_linux_nss_pam_ldapd)
class config_freebsd_nss_pam_ldapd(config_base_legacy_client):
"""
Legacy client configuration for FreeBSD, using nss-pam-ldapd.
@@ -339,8 +343,9 @@ class config_freebsd_nss_pam_ldapd(config_base_legacy_client):
self.log.command('curl -k https://%s/ipa/config/ca.crt > '
'%s' % (api.env.host, cacrt))
api.register(config_freebsd_nss_pam_ldapd)
@register()
class config_redhat_nss_ldap(config_base_legacy_client):
"""
Legacy client configuration for Red Hat based systems,
@@ -356,14 +361,14 @@ class config_redhat_nss_ldap(config_base_legacy_client):
self.check_compat_plugin()
self.log.comment('Install required packages via yum')
self.log.command('yum install -y curl openssl nss_ldap '
self.log.command('yum install -y wget openssl nss_ldap '
'authconfig\n')
self.configure_ca_cert()
self.log.comment('Use the authconfig to configure nsswitch.conf '
'and the PAM stack')
self.log.command('authconfig --updateall --enableldap --enableldaptls '
self.log.command('authconfig --updateall --enableldap '
'--enableldapauth --ldapserver=%s --ldapbasedn=%s\n'
% (uri, base))
@@ -373,3 +378,5 @@ class config_redhat_nss_ldap(config_base_legacy_client):
'Therefore, clients older than RHEL5.2 will not be '
'able to interoperate with IPA server 3.x.')
super(config_redhat_nss_ldap, self).configure_ca_cert()
api.register(config_redhat_nss_ldap)