websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.3.1

Browse Source
This commit is contained in:
Mario Fetka
2021-08-10 02:37:58 +02:00
parent a791de49a2
commit 2f177da8f2
2056 changed files with 421730 additions and 1668138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
install/restart_scripts/Makefile.am
View File

@@ -5,23 +5,15 @@ app_DATA = \
restart_dirsrv \
restart_httpd \
renew_ca_cert \
renew_kdc_cert \
renew_ra_cert \
stop_pkicad \
renew_ra_cert_pre \
$(NULL)
EXTRA_DIST = \
restart_dirsrv.in \
restart_httpd.in \
renew_ca_cert.in \
renew_kdc_cert.in \
renew_ra_cert.in \
stop_pkicad.in \
renew_ra_cert_pre.in \
$(NULL)
$(app_DATA) \
$(NULL)
PYTHON_SHEBANG = $(app_DATA)
CLEANFILES = $(PYTHON_SHEBANG)
include $(top_srcdir)/Makefile.pythonscripts.am
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

246
install/restart_scripts/Makefile.in
View File

@@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.16.1 from Makefile.am.
# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -86,19 +86,10 @@ POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = install/restart_scripts
subdir = restart_scripts
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/VERSION.m4 \
$(top_srcdir)/server.m4 $(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/../version.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
@@ -155,116 +146,39 @@ am__uninstall_files_from_dir = { \
am__installdirs = "$(DESTDIR)$(appdir)"
DATA = $(app_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in \
$(top_srcdir)/Makefile.pythonscripts.am README
am__DIST_COMMON = $(srcdir)/Makefile.in README
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
API_VERSION = @API_VERSION@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
CMOCKA_LIBS = @CMOCKA_LIBS@
CONFIG_STATUS = @CONFIG_STATUS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CRYPTO_CFLAGS = @CRYPTO_CFLAGS@
CRYPTO_LIBS = @CRYPTO_LIBS@
CYGPATH_W = @CYGPATH_W@
DATA_VERSION = @DATA_VERSION@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DIRSRV_CFLAGS = @DIRSRV_CFLAGS@
DIRSRV_LIBS = @DIRSRV_LIBS@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GETTEXT_DOMAIN = @GETTEXT_DOMAIN@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GIT_BRANCH = @GIT_BRANCH@
GIT_VERSION = @GIT_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
INI_CFLAGS = @INI_CFLAGS@
INI_LIBS = @INI_LIBS@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
IPAPLATFORM = @IPAPLATFORM@
IPA_DATA_DIR = @IPA_DATA_DIR@
IPA_SYSCONF_DIR = @IPA_SYSCONF_DIR@
JSLINT = @JSLINT@
KRAD_LIBS = @KRAD_LIBS@
KRB5KDC_SERVICE = @KRB5KDC_SERVICE@
KRB5_CFLAGS = @KRB5_CFLAGS@
KRB5_LIBS = @KRB5_LIBS@
LD = @LD@
LDAP_CFLAGS = @LDAP_CFLAGS@
LDAP_LIBS = @LDAP_LIBS@
LDFLAGS = @LDFLAGS@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBINTL_LIBS = @LIBINTL_LIBS@
LIBOBJS = @LIBOBJS@
LIBPDB_NAME = @LIBPDB_NAME@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBVERTO_CFLAGS = @LIBVERTO_CFLAGS@
LIBVERTO_LIBS = @LIBVERTO_LIBS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MK_ASSIGN = @MK_ASSIGN@
MK_ELSE = @MK_ELSE@
MK_ENDIF = @MK_ENDIF@
MK_IFEQ = @MK_IFEQ@
MSGATTRIB = @MSGATTRIB@
MSGCMP = @MSGCMP@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGINIT = @MSGINIT@
MSGMERGE = @MSGMERGE@
NAMED_GROUP = @NAMED_GROUP@
NDRNBT_CFLAGS = @NDRNBT_CFLAGS@
NDRNBT_LIBS = @NDRNBT_LIBS@
NDRPAC_CFLAGS = @NDRPAC_CFLAGS@
NDRPAC_LIBS = @NDRPAC_LIBS@
NDR_CFLAGS = @NDR_CFLAGS@
NDR_LIBS = @NDR_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSPR_CFLAGS = @NSPR_CFLAGS@
NSPR_LIBS = @NSPR_LIBS@
NSS_CFLAGS = @NSS_CFLAGS@
NSS_LIBS = @NSS_LIBS@
NUM_VERSION = @NUM_VERSION@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
ODS_USER = @ODS_USER@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
@@ -273,89 +187,33 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLATFORM_PYTHON = @PLATFORM_PYTHON@
POPT_CFLAGS = @POPT_CFLAGS@
POPT_LIBS = @POPT_LIBS@
POSUB = @POSUB@
PYLINT = @PYLINT@
PYTHON = @PYTHON@
PYTHON2 = @PYTHON2@
PYTHON3 = @PYTHON3@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_INSTALL_EXTRA_OPTIONS = @PYTHON_INSTALL_EXTRA_OPTIONS@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
SAMBA40EXTRA_LIBPATH = @SAMBA40EXTRA_LIBPATH@
SAMBAUTIL_CFLAGS = @SAMBAUTIL_CFLAGS@
SAMBAUTIL_LIBS = @SAMBAUTIL_LIBS@
SASL_CFLAGS = @SASL_CFLAGS@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SSSCERTMAP_CFLAGS = @SSSCERTMAP_CFLAGS@
SSSCERTMAP_LIBS = @SSSCERTMAP_LIBS@
SSSIDMAP_CFLAGS = @SSSIDMAP_CFLAGS@
SSSIDMAP_LIBS = @SSSIDMAP_LIBS@
SSSNSSIDMAP_CFLAGS = @SSSNSSIDMAP_CFLAGS@
SSSNSSIDMAP_LIBS = @SSSNSSIDMAP_LIBS@
STRIP = @STRIP@
TALLOC_CFLAGS = @TALLOC_CFLAGS@
TALLOC_LIBS = @TALLOC_LIBS@
TEVENT_CFLAGS = @TEVENT_CFLAGS@
TEVENT_LIBS = @TEVENT_LIBS@
UNISTRING_LIBS = @UNISTRING_LIBS@
UNLINK = @UNLINK@
USE_NLS = @USE_NLS@
UUID_CFLAGS = @UUID_CFLAGS@
UUID_LIBS = @UUID_LIBS@
VENDOR_SUFFIX = @VENDOR_SUFFIX@
TX = @TX@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLRPC_CFLAGS = @XMLRPC_CFLAGS@
XMLRPC_LIBS = @XMLRPC_LIBS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
i18ntests = @i18ntests@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
krb5rundir = @krb5rundir@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
@@ -364,20 +222,13 @@ mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgpyexecdir = @pkgpyexecdir@
pkgpythondir = @pkgpythondir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
pyexecdir = @pyexecdir@
pythondir = @pythondir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
sysconfenvdir = @sysconfenvdir@
systemdsystemunitdir = @systemdsystemunitdir@
systemdtmpfilesdir = @systemdtmpfilesdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
@@ -388,28 +239,23 @@ app_DATA = \
restart_dirsrv \
restart_httpd \
renew_ca_cert \
renew_kdc_cert \
renew_ra_cert \
stop_pkicad \
renew_ra_cert_pre \
$(NULL)
EXTRA_DIST = \
restart_dirsrv.in \
restart_httpd.in \
renew_ca_cert.in \
renew_kdc_cert.in \
renew_ra_cert.in \
stop_pkicad.in \
renew_ra_cert_pre.in \
$(NULL)
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in
PYTHON_SHEBANG = $(app_DATA)
CLEANFILES = $(PYTHON_SHEBANG)
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(top_srcdir)/Makefile.pythonscripts.am $(am__configure_deps)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
@@ -418,33 +264,26 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(top_srcdir)/Makefile.pythonscrip
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign install/restart_scripts/Makefile'; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign restart_scripts/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign install/restart_scripts/Makefile
$(AUTOMAKE) --foreign restart_scripts/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_srcdir)/Makefile.pythonscripts.am $(am__empty):
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-appDATA: $(app_DATA)
@$(NORMAL_INSTALL)
@list='$(app_DATA)'; test -n "$(appdir)" || list=; \
@@ -473,10 +312,7 @@ ctags CTAGS:
cscope cscopelist:
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -535,7 +371,6 @@ install-strip:
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -544,9 +379,10 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
clean-am: clean-generic mostlyclean-am
distclean: distclean-am
-rm -f Makefile
@@ -598,7 +434,7 @@ maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
mostlyclean-am: mostlyclean-generic
pdf: pdf-am
@@ -612,27 +448,21 @@ uninstall-am: uninstall-appDATA
.MAKE: install-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distdir dvi dvi-am html html-am info info-am \
install install-am install-appDATA install-data \
install-data-am install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-appDATA
.PHONY: all all-am check check-am clean clean-generic cscopelist-am \
ctags-am distclean distclean-generic distdir dvi dvi-am html \
html-am info info-am install install-am install-appDATA \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
pdf-am ps ps-am tags-am uninstall uninstall-am \
uninstall-appDATA
.PRECIOUS: Makefile
# special handling of Python scripts with auto-generated shebang line
$(PYTHON_SHEBANG):%: %.in Makefile
$(AM_V_GEN)sed -e 's|@PYTHONSHEBANG[@]|#!$(PYTHON) -E|g' $< > $@
$(AM_V_GEN)chmod +x $@
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

44
install/restart_scripts/renew_ca_cert.in → install/restart_scripts/renew_ca_cert
View File

@@ -1,4 +1,4 @@
@PYTHONSHEBANG@
#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
@@ -27,23 +27,18 @@ import tempfile
import shutil
import traceback
from ipalib.install import certstore
from ipapython import directivesetter
from ipapython import ipautil
from ipalib import api, errors
from ipalib import x509
from ipalib.install.kinit import kinit_keytab
from ipaserver.install import certs, cainstance
from ipalib import api, errors, x509, certstore
from ipaserver.install import certs, cainstance, installutils
from ipaserver.plugins.ldap2 import ldap2
from ipaplatform import services
from ipaplatform.paths import paths
from ipapython.certdb import TrustFlags
def _main():
nickname = sys.argv[1]
api.bootstrap(in_server=True, context='restart', confdir=paths.ETC_IPA)
api.bootstrap(context='restart')
api.finalize()
dogtag_service = services.knownservices['pki_tomcatd']
@@ -67,7 +62,7 @@ def _main():
# Fetch the new certificate
db = certs.CertDB(api.env.realm, nssdir=paths.PKI_TOMCAT_ALIAS_DIR)
cert = db.get_cert_from_db(nickname)
cert = db.get_cert_from_db(nickname, pem=False)
if not cert:
syslog.syslog(syslog.LOG_ERR, 'No certificate %s found.' % nickname)
sys.exit(1)
@@ -76,16 +71,13 @@ def _main():
try:
principal = str('host/%s@%s' % (api.env.host, api.env.realm))
ccache_filename = os.path.join(tmpdir, 'ccache')
kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
ipautil.kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
os.environ['KRB5CCNAME'] = ccache_filename
api.Backend.ldap2.connect()
ca = cainstance.CAInstance(host_name=api.env.host)
ca = cainstance.CAInstance(host_name=api.env.host, ldapi=False)
ca.update_cert_config(nickname, cert)
if ca.is_renewal_master():
cainstance.update_people_entry(cert)
cainstance.update_authority_entry(cert)
if nickname == 'auditSigningCert cert-pki-ca':
# Fix trust on the audit cert
@@ -105,22 +97,22 @@ def _main():
elif nickname == 'caSigningCert cert-pki-ca':
# Update CS.cfg
cfg_path = paths.CA_CS_CFG_PATH
config = directivesetter.get_directive(
config = installutils.get_directive(
cfg_path, 'subsystem.select', '=')
if config == 'New':
syslog.syslog(syslog.LOG_NOTICE, "Updating CS.cfg")
if cert.is_self_signed():
directivesetter.set_directive(
if x509.is_self_signed(cert, x509.DER):
installutils.set_directive(
cfg_path, 'hierarchy.select', 'Root',
quotes=False, separator='=')
directivesetter.set_directive(
installutils.set_directive(
cfg_path, 'subsystem.count', '1',
quotes=False, separator='=')
else:
directivesetter.set_directive(
installutils.set_directive(
cfg_path, 'hierarchy.select', 'Subordinate',
quotes=False, separator='=')
directivesetter.set_directive(
installutils.set_directive(
cfg_path, 'subsystem.count', '0',
quotes=False, separator='=')
else:
@@ -128,7 +120,7 @@ def _main():
# Remove old external CA certificates
for ca_nick, ca_flags in db.list_certs():
if ca_flags.has_key:
if 'u' in ca_flags:
continue
# Delete *all* certificates that use the nickname
while True:
@@ -183,17 +175,11 @@ def _main():
# Pass Dogtag's self-tests
for ca_nick in db.find_root_cert(nickname)[-2:-1]:
ca_flags = dict(cc[1:] for cc in ca_certs)[ca_nick]
usages = ca_flags.usages or set()
ca_flags_modified = TrustFlags(ca_flags.has_key,
True, True,
usages | {x509.EKU_SERVER_AUTH})
db.trust_root_cert(ca_nick, ca_flags_modified)
db.trust_root_cert(ca_nick, 'C' + ca_flags)
finally:
if conn is not None and conn.isconnected():
conn.disconnect()
finally:
if api.Backend.ldap2.isconnected():
api.Backend.ldap2.disconnect()
shutil.rmtree(tmpdir)
# Now we can start the CA. Using the services start should fire

27
install/restart_scripts/renew_kdc_cert.in
View File

@@ -1,27 +0,0 @@
@PYTHONSHEBANG@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
import syslog
import traceback
from ipaplatform import services
from ipaserver.install import certs
def main():
with certs.renewal_lock:
try:
if services.knownservices.krb5kdc.is_running():
syslog.syslog(syslog.LOG_NOTICE, 'restarting krb5kdc')
services.knownservices.krb5kdc.restart()
except Exception as e:
syslog.syslog(
syslog.LOG_ERR, "cannot restart krb5kdc: {}".format(e))
try:
main()
except Exception:
syslog.syslog(syslog.LOG_ERR, traceback.format_exc())

53
install/restart_scripts/renew_ra_cert.in → install/restart_scripts/renew_ra_cert
View File

@@ -1,4 +1,4 @@
@PYTHONSHEBANG@
#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
@@ -27,51 +27,54 @@ import tempfile
import shutil
import traceback
from ipalib.install.kinit import kinit_keytab
from ipalib import api, x509
from ipaserver.install import certs, cainstance
from ipapython import ipautil
from ipalib import api
from ipaserver.install import certs, cainstance, krainstance
from ipaplatform import services
from ipaplatform.paths import paths
def _main():
api.bootstrap(in_server=True, context='restart', confdir=paths.ETC_IPA)
nickname = 'ipaCert'
api.bootstrap(context='restart')
api.finalize()
tmpdir = tempfile.mkdtemp(prefix="tmp-")
try:
principal = str('host/%s@%s' % (api.env.host, api.env.realm))
ccache_filename = os.path.join(tmpdir, 'ccache')
kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
ipautil.kinit_keytab(principal, paths.KRB5_KEYTAB,
ccache_filename)
os.environ['KRB5CCNAME'] = ccache_filename
api.Backend.ldap2.connect()
ca = cainstance.CAInstance(host_name=api.env.host)
ra_certpath = paths.RA_AGENT_PEM
ca = cainstance.CAInstance(host_name=api.env.host, ldapi=False)
if ca.is_renewal_master():
# Fetch the new certificate
try:
cert = x509.load_certificate_from_file(ra_certpath)
except IOError as e:
db = certs.CertDB(api.env.realm)
dercert = db.get_cert_from_db(nickname, pem=False)
if not dercert:
syslog.syslog(
syslog.LOG_ERR, "Can't open '{certpath}': {err}"
.format(certpath=ra_certpath, err=e)
)
sys.exit(1)
except (TypeError, ValueError):
syslog.syslog(
syslog.LOG_ERR, "'{certpath}' is not a valid certificate "
"file".format(certpath=ra_certpath)
)
syslog.LOG_ERR, "No certificate %s found." % nickname)
sys.exit(1)
# Load it into dogtag
cainstance.update_people_entry(cert)
cainstance.update_people_entry(dercert)
if api.Command.kra_is_enabled()['result']:
krainstance.export_kra_agent_pem()
finally:
if api.Backend.ldap2.isconnected():
api.Backend.ldap2.disconnect()
shutil.rmtree(tmpdir)
# Now restart Apache so the new certificate is available
syslog.syslog(syslog.LOG_NOTICE, "Restarting httpd")
try:
services.knownservices.httpd.restart()
except Exception as e:
syslog.syslog(syslog.LOG_ERR, "Cannot restart httpd: %s" % e)
else:
syslog.syslog(syslog.LOG_NOTICE, "Restarted httpd")
def main():
try:

2
install/restart_scripts/renew_ra_cert_pre.in → install/restart_scripts/renew_ra_cert_pre Normal file → Executable file
View File

@@ -1,4 +1,4 @@
@PYTHONSHEBANG@
#!/usr/bin/python2 -E
#
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#

8
install/restart_scripts/restart_dirsrv.in → install/restart_scripts/restart_dirsrv
View File

@@ -1,4 +1,4 @@
@PYTHONSHEBANG@
#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
@@ -24,7 +24,6 @@ import syslog
import traceback
from ipalib import api
from ipaplatform import services
from ipaplatform.paths import paths
from ipaserver.install import certs
@@ -34,14 +33,13 @@ def _main():
except IndexError:
instance = ""
api.bootstrap(in_server=True, context='restart', confdir=paths.ETC_IPA)
api.bootstrap(context='restart')
api.finalize()
syslog.syslog(syslog.LOG_NOTICE, "certmonger restarted dirsrv instance '%s'" % instance)
try:
if services.knownservices.dirsrv.is_running():
services.knownservices.dirsrv.restart(instance, ldapi=True)
services.knownservices.dirsrv.restart(instance)
except Exception as e:
syslog.syslog(syslog.LOG_ERR, "Cannot restart dirsrv (instance: '%s'): %s" % (instance, str(e)))

5
install/restart_scripts/restart_httpd.in → install/restart_scripts/restart_httpd
View File

@@ -1,4 +1,4 @@
@PYTHONSHEBANG@
#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
@@ -29,8 +29,7 @@ def _main():
syslog.syslog(syslog.LOG_NOTICE, 'certmonger restarted httpd')
try:
if services.knownservices.httpd.is_running():
services.knownservices.httpd.restart()
services.knownservices.httpd.restart()
except Exception as e:
syslog.syslog(syslog.LOG_ERR, "Cannot restart httpd: %s" % str(e))

6
install/restart_scripts/stop_pkicad.in → install/restart_scripts/stop_pkicad
View File

@@ -1,4 +1,4 @@
@PYTHONSHEBANG@
#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
@@ -19,16 +19,16 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import sys
import syslog
import traceback
from ipalib import api
from ipaplatform import services
from ipaplatform.paths import paths
from ipaserver.install import certs
def main():
api.bootstrap(in_server=True, context='restart', confdir=paths.ETC_IPA)
api.bootstrap(context='restart')
api.finalize()
dogtag_service = services.knownservices['pki_tomcatd']