websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.3.1

Browse Source
This commit is contained in:
Mario Fetka
2021-08-10 02:37:58 +02:00
parent a791de49a2
commit 2f177da8f2
2056 changed files with 421730 additions and 1668138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ipaplatform/Makefile.am
View File

@@ -1,12 +0,0 @@
include $(top_srcdir)/Makefile.python.am
EXTRA_DIST = override.py.in
all-local: override.py
dist-hook: override.py
install-exec-local: override.py
override.py: override.py.in $(top_builddir)/$(CONFIG_STATUS)
$(AM_V_GEN)sed \
-e 's|@IPAPLATFORM[@]|$(IPAPLATFORM)|g' \
$< > $@

632
ipaplatform/Makefile.in
View File

@@ -1,632 +0,0 @@
# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = ipaplatform
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/VERSION.m4 \
$(top_srcdir)/server.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in \
$(top_srcdir)/Makefile.python.am
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
API_VERSION = @API_VERSION@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
CMOCKA_LIBS = @CMOCKA_LIBS@
CONFIG_STATUS = @CONFIG_STATUS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CRYPTO_CFLAGS = @CRYPTO_CFLAGS@
CRYPTO_LIBS = @CRYPTO_LIBS@
CYGPATH_W = @CYGPATH_W@
DATA_VERSION = @DATA_VERSION@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DIRSRV_CFLAGS = @DIRSRV_CFLAGS@
DIRSRV_LIBS = @DIRSRV_LIBS@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GETTEXT_DOMAIN = @GETTEXT_DOMAIN@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GIT_BRANCH = @GIT_BRANCH@
GIT_VERSION = @GIT_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
INI_CFLAGS = @INI_CFLAGS@
INI_LIBS = @INI_LIBS@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
IPAPLATFORM = @IPAPLATFORM@
IPA_DATA_DIR = @IPA_DATA_DIR@
IPA_SYSCONF_DIR = @IPA_SYSCONF_DIR@
JSLINT = @JSLINT@
KRAD_LIBS = @KRAD_LIBS@
KRB5KDC_SERVICE = @KRB5KDC_SERVICE@
KRB5_CFLAGS = @KRB5_CFLAGS@
KRB5_LIBS = @KRB5_LIBS@
LD = @LD@
LDAP_CFLAGS = @LDAP_CFLAGS@
LDAP_LIBS = @LDAP_LIBS@
LDFLAGS = @LDFLAGS@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBINTL_LIBS = @LIBINTL_LIBS@
LIBOBJS = @LIBOBJS@
LIBPDB_NAME = @LIBPDB_NAME@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBVERTO_CFLAGS = @LIBVERTO_CFLAGS@
LIBVERTO_LIBS = @LIBVERTO_LIBS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MK_ASSIGN = @MK_ASSIGN@
MK_ELSE = @MK_ELSE@
MK_ENDIF = @MK_ENDIF@
MK_IFEQ = @MK_IFEQ@
MSGATTRIB = @MSGATTRIB@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NAMED_GROUP = @NAMED_GROUP@
NDRNBT_CFLAGS = @NDRNBT_CFLAGS@
NDRNBT_LIBS = @NDRNBT_LIBS@
NDRPAC_CFLAGS = @NDRPAC_CFLAGS@
NDRPAC_LIBS = @NDRPAC_LIBS@
NDR_CFLAGS = @NDR_CFLAGS@
NDR_LIBS = @NDR_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSPR_CFLAGS = @NSPR_CFLAGS@
NSPR_LIBS = @NSPR_LIBS@
NSS_CFLAGS = @NSS_CFLAGS@
NSS_LIBS = @NSS_LIBS@
NUM_VERSION = @NUM_VERSION@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
ODS_USER = @ODS_USER@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLATFORM_PYTHON = @PLATFORM_PYTHON@
POPT_CFLAGS = @POPT_CFLAGS@
POPT_LIBS = @POPT_LIBS@
POSUB = @POSUB@
PYLINT = @PYLINT@
PYTHON = @PYTHON@
PYTHON2 = @PYTHON2@
PYTHON3 = @PYTHON3@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_INSTALL_EXTRA_OPTIONS = @PYTHON_INSTALL_EXTRA_OPTIONS@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
SAMBA40EXTRA_LIBPATH = @SAMBA40EXTRA_LIBPATH@
SAMBAUTIL_CFLAGS = @SAMBAUTIL_CFLAGS@
SAMBAUTIL_LIBS = @SAMBAUTIL_LIBS@
SASL_CFLAGS = @SASL_CFLAGS@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SSSCERTMAP_CFLAGS = @SSSCERTMAP_CFLAGS@
SSSCERTMAP_LIBS = @SSSCERTMAP_LIBS@
SSSIDMAP_CFLAGS = @SSSIDMAP_CFLAGS@
SSSIDMAP_LIBS = @SSSIDMAP_LIBS@
SSSNSSIDMAP_CFLAGS = @SSSNSSIDMAP_CFLAGS@
SSSNSSIDMAP_LIBS = @SSSNSSIDMAP_LIBS@
STRIP = @STRIP@
TALLOC_CFLAGS = @TALLOC_CFLAGS@
TALLOC_LIBS = @TALLOC_LIBS@
TEVENT_CFLAGS = @TEVENT_CFLAGS@
TEVENT_LIBS = @TEVENT_LIBS@
UNISTRING_LIBS = @UNISTRING_LIBS@
UNLINK = @UNLINK@
USE_NLS = @USE_NLS@
UUID_CFLAGS = @UUID_CFLAGS@
UUID_LIBS = @UUID_LIBS@
VENDOR_SUFFIX = @VENDOR_SUFFIX@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLRPC_CFLAGS = @XMLRPC_CFLAGS@
XMLRPC_LIBS = @XMLRPC_LIBS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
i18ntests = @i18ntests@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
krb5rundir = @krb5rundir@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgpyexecdir = @pkgpyexecdir@
pkgpythondir = $(pythondir)/$(pkgname)
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
pyexecdir = @pyexecdir@
pythondir = @pythondir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
sysconfenvdir = @sysconfenvdir@
systemdsystemunitdir = @systemdsystemunitdir@
systemdtmpfilesdir = @systemdtmpfilesdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
pkgname = $(shell basename "$(abs_srcdir)")
@VERBOSE_MAKE_FALSE@VERBOSITY = "--quiet"
@VERBOSE_MAKE_TRUE@VERBOSITY = "--verbose"
WHEELDISTDIR = $(top_builddir)/dist/wheels
EXTRA_DIST = override.py.in
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(top_srcdir)/Makefile.python.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign ipaplatform/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign ipaplatform/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_srcdir)/Makefile.python.am $(am__empty):
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$(top_distdir)" distdir="$(distdir)" \
dist-hook
check-am: all-am
check: check-am
all-am: Makefile all-local
installdirs:
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am: install-exec-local
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-local
.MAKE: install-am install-strip
.PHONY: all all-am all-local check check-am clean clean-generic \
clean-libtool clean-local cscopelist-am ctags-am dist-hook \
distclean distclean-generic distclean-libtool distdir dvi \
dvi-am html html-am info info-am install install-am \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-exec-local install-html \
install-html-am install-info install-info-am install-man \
install-pdf install-pdf-am install-ps install-ps-am \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags-am uninstall uninstall-am uninstall-local
.PRECIOUS: Makefile
# hack to handle back-in-the-hierarchy depedency on ipasetup.py
.PHONY: $(top_builddir)/ipasetup.py
$(top_builddir)/ipasetup.py:
(cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) ipasetup.py)
all-local: $(top_builddir)/ipasetup.py
cd $(srcdir); $(PYTHON) setup.py \
$(VERBOSITY) \
build \
--build-base "$(abs_builddir)/build"
install-exec-local: $(top_builddir)/ipasetup.py
if [ "x$(pkginstall)" != "xfalse" ]; then \
$(PYTHON) $(srcdir)/setup.py \
$(VERBOSITY) \
build \
--build-base "$(abs_builddir)/build" \
install \
--prefix "$(DESTDIR)$(prefix)" \
--single-version-externally-managed \
--record "$(DESTDIR)$(pkgpythondir)/install_files.txt" \
--optimize 1 \
$(PYTHON_INSTALL_EXTRA_OPTIONS); \
fi
uninstall-local:
if [ -f "$(DESTDIR)$(pkgpythondir)/install_files.txt" ]; then \
cat "$(DESTDIR)$(pkgpythondir)/install_files.txt" | xargs rm -rf ; \
fi
rm -rf "$(DESTDIR)$(pkgpythondir)"
clean-local: $(top_builddir)/ipasetup.py
$(PYTHON) "$(srcdir)/setup.py" \
clean \
--all
--build-base "$(abs_builddir)/build"
rm -rf "$(srcdir)/build" "$(srcdir)/dist" "$(srcdir)/MANIFEST"
find "$(srcdir)" \
-name "*.py[co]" -delete -o \
-name "__pycache__" -delete -o \
-name "*.egg-info" -exec rm -rf {} +
# take list of all Python source files and copy them into distdir
# SOURCES.txt does not contain directories so we need to create those
dist-hook: $(top_builddir)/ipasetup.py
$(PYTHON) "$(srcdir)/setup.py" egg_info
PYTHON_SOURCES=$$(cat "$(srcdir)/$(pkgname).egg-info/SOURCES.txt") || exit $$?; \
for FILEN in $${PYTHON_SOURCES}; \
do \
if test -x "$(srcdir)/$${FILEN}"; then MODE=755; else MODE=644; fi; \
$(INSTALL) -D -m $${MODE} "$(srcdir)/$${FILEN}" "$(distdir)/$${FILEN}" || exit $$?; \
done
.PHONY: bdist_wheel
bdist_wheel: $(top_builddir)/ipasetup.py
rm -rf $(WHEELDISTDIR)/$(pkgname)-*.whl
$(PYTHON) "$(srcdir)/setup.py" \
build \
--build-base "$(abs_builddir)/build" \
bdist_wheel \
--dist-dir=$(WHEELDISTDIR)
all-local: override.py
dist-hook: override.py
install-exec-local: override.py
override.py: override.py.in $(top_builddir)/$(CONFIG_STATUS)
$(AM_V_GEN)sed \
-e 's|@IPAPLATFORM[@]|$(IPAPLATFORM)|g' \
$< > $@
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

15
ipaplatform/__init__.py
View File

@@ -1,11 +1,12 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
"""ipaplatform namespace package
In the presence of a namespace package, any code in this module will be
ignore.
"""
__import__('pkg_resources').declare_namespace(__name__)
'''
Module containing platform-specific functionality for every platform.
'''
NAME = None # initialized by ipaplatform.osinfo
NAME = "fedora"
# FIXME: too much cyclic dependencies
# from fedora import paths, tasks, services

12
ipaplatform/__init__.py.in Normal file
View File

@@ -0,0 +1,12 @@
#
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
'''
Module containing platform-specific functionality for every platform.
'''
NAME = "__PLATFORM__"
# FIXME: too much cyclic dependencies
# from __PLATFORM__ import paths, tasks, services

BIN
ipaplatform/__init__.pyc Normal file
View File

Binary file not shown.

50
ipaplatform/_importhook.py
View File

@@ -1,50 +0,0 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
from __future__ import absolute_import
import importlib
import sys
from ipaplatform.osinfo import osinfo
class IpaMetaImporter(object):
modules = {
'ipaplatform.constants',
'ipaplatform.paths',
'ipaplatform.services',
'ipaplatform.tasks'
}
def __init__(self, platform):
self.platform = platform
def find_module(self, fullname, path=None):
"""Meta importer hook"""
if fullname in self.modules:
return self
return None
def load_module(self, fullname):
"""Meta importer hook"""
suffix = fullname.split('.', 1)[1]
alias = 'ipaplatform.{}.{}'.format(self.platform, suffix)
platform_mod = importlib.import_module(alias)
base_mod = sys.modules.get(fullname)
if base_mod is not None:
# module has been imported before, update its __dict__
base_mod.__dict__.update(platform_mod.__dict__)
for key in list(base_mod.__dict__):
if not hasattr(platform_mod, key):
delattr(base_mod, key)
else:
sys.modules[fullname] = platform_mod
return platform_mod
metaimporter = IpaMetaImporter(osinfo.platform)
sys.meta_path.insert(0, metaimporter)
fixup_module = metaimporter.load_module

BIN
ipaplatform/base/__init__.pyc Normal file
View File

Binary file not shown.

28
ipaplatform/base/constants.py
View File

@@ -5,23 +5,16 @@
'''
This base platform module exports platform dependant constants.
'''
import sys
class BaseConstantsNamespace(object):
IS_64BITS = sys.maxsize > 2 ** 32
DS_USER = 'dirsrv'
DS_GROUP = 'dirsrv'
HTTPD_USER = "apache"
HTTPD_GROUP = "apache"
GSSPROXY_USER = "root"
IPA_ADTRUST_PACKAGE_NAME = "freeipa-server-trust-ad"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
KDCPROXY_USER = "kdcproxy"
NAMED_USER = "named"
NAMED_GROUP = "named"
NAMED_DATA_DIR = "data/"
NAMED_ZONE_COMMENT = ""
PKI_USER = 'pkiuser'
PKI_GROUP = 'pkiuser'
# ntpd init variable used for daemon options
@@ -32,25 +25,4 @@ class BaseConstantsNamespace(object):
ODS_GROUP = "ods"
# nfsd init variable used to enable kerberized NFS
SECURE_NFS_VAR = "SECURE_NFS"
SELINUX_BOOLEAN_ADTRUST = {
'samba_portmapper': 'on',
}
SELINUX_BOOLEAN_HTTPD = {
'httpd_can_network_connect': 'on',
'httpd_manage_ipa': 'on',
'httpd_run_ipa': 'on',
'httpd_dbus_sssd': 'on',
}
SSSD_USER = "sssd"
# WSGI module override, only used on Fedora
MOD_WSGI_PYTHON2 = None
MOD_WSGI_PYTHON3 = None
# WSGIDaemonProcess process count. On 64bit platforms, each process
# consumes about 110 MB RSS, from which are about 35 MB shared.
WSGI_PROCESSES = 4 if IS_64BITS else 2
# high ciphers without RC4, MD5, TripleDES, pre-shared key, secure
# remote password, and DSA cert authentication.
TLS_HIGH_CIPHERS = "HIGH:!aNULL:!eNULL:!MD5:!RC4:!3DES:!PSK:!SRP:!aDSS"
constants = BaseConstantsNamespace()

105
ipaplatform/base/paths.py
View File

@@ -24,13 +24,15 @@ This base platform module exports default filesystem paths.
class BasePathNamespace(object):
BASH = "/bin/bash"
BIN_HOSTNAMECTL = "/bin/hostnamectl"
ECHO = "/bin/echo"
GZIP = "/usr/bin/gzip"
BIN_FALSE = "/bin/false"
BIN_HOSTNAME = "/bin/hostname"
LS = "/bin/ls"
SH = "/bin/sh"
SYSTEMCTL = "/bin/systemctl"
TAR = "/bin/tar"
BIN_TRUE = "/bin/true"
DEV_NULL = "/dev/null"
DEV_STDIN = "/dev/stdin"
AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
ETC_DIRSRV = "/etc/dirsrv"
DS_KEYTAB = "/etc/dirsrv/ds.keytab"
@@ -41,8 +43,8 @@ class BasePathNamespace(object):
HOSTS = "/etc/hosts"
ETC_HTTPD_DIR = "/etc/httpd"
HTTPD_ALIAS_DIR = "/etc/httpd/alias"
GSSAPI_SESSION_KEY = "/etc/httpd/alias/ipasession.key"
OLD_KRA_AGENT_PEM = "/etc/httpd/alias/kra-agent.pem"
ALIAS_CACERT_ASC = "/etc/httpd/alias/cacert.asc"
ALIAS_PWDFILE_TXT = "/etc/httpd/alias/pwdfile.txt"
HTTPD_CONF_D_DIR = "/etc/httpd/conf.d/"
HTTPD_IPA_KDCPROXY_CONF = "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf"
HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/httpd/conf.d/ipa-kdc-proxy.conf"
@@ -51,14 +53,7 @@ class BasePathNamespace(object):
HTTPD_IPA_CONF = "/etc/httpd/conf.d/ipa.conf"
HTTPD_NSS_CONF = "/etc/httpd/conf.d/nss.conf"
HTTPD_SSL_CONF = "/etc/httpd/conf.d/ssl.conf"
HTTPD_SSL_SITE_CONF = "/etc/httpd/conf.d/ssl.conf"
HTTPD_CERT_FILE = "/var/lib/ipa/certs/httpd.crt"
HTTPD_KEY_FILE = "/var/lib/ipa/private/httpd.key"
HTTPD_PASSWD_FILE_FMT = "/var/lib/ipa/passwds/{host}-443-RSA"
# only used on Fedora
HTTPD_IPA_WSGI_MODULES_CONF = None
OLD_IPA_KEYTAB = "/etc/httpd/conf/ipa.keytab"
HTTP_KEYTAB = "/var/lib/ipa/gssproxy/http.keytab"
IPA_KEYTAB = "/etc/httpd/conf/ipa.keytab"
HTTPD_PASSWORD_CONF = "/etc/httpd/conf/password.conf"
IDMAPD_CONF = "/etc/idmapd.conf"
ETC_IPA = "/etc/ipa"
@@ -73,9 +68,7 @@ class BasePathNamespace(object):
DNSSEC_SOFTHSM_PIN_SO = "/etc/ipa/dnssec/softhsm_pin_so"
IPA_NSSDB_DIR = "/etc/ipa/nssdb"
IPA_NSSDB_PWDFILE_TXT = "/etc/ipa/nssdb/pwdfile.txt"
COMMON_KRB5_CONF_DIR = "/etc/krb5.conf.d/"
KRB5_CONF = "/etc/krb5.conf"
KRB5_FREEIPA = COMMON_KRB5_CONF_DIR + "freeipa"
KRB5_KEYTAB = "/etc/krb5.keytab"
LDAP_CONF = "/etc/ldap.conf"
LIBNSS_LDAP_CONF = "/etc/libnss-ldap.conf"
@@ -86,11 +79,9 @@ class BasePathNamespace(object):
NAMED_ROOT_KEY = "/etc/named.root.key"
NAMED_BINDKEYS_FILE = "/etc/named.iscdlv.key"
NAMED_MANAGED_KEYS_DIR = "/var/named/dynamic"
NAMED_CRYPTO_POLICY_FILE = None
NSLCD_CONF = "/etc/nslcd.conf"
NSS_LDAP_CONF = "/etc/nss_ldap.conf"
NSSWITCH_CONF = "/etc/nsswitch.conf"
CHRONY_CONF = "/etc/chrony.conf"
NTP_CONF = "/etc/ntp.conf"
NTP_STEP_TICKERS = "/etc/ntp/step-tickers"
ETC_OPENDNSSEC_DIR = "/etc/opendnssec"
@@ -105,14 +96,12 @@ class BasePathNamespace(object):
NSS_DB_DIR = "/etc/pki/nssdb"
PKI_TOMCAT = "/etc/pki/pki-tomcat"
PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias"
PKI_TOMCAT_ALIAS_PWDFILE_TXT = "/etc/pki/pki-tomcat/alias/pwdfile.txt"
PKI_TOMCAT_PASSWORD_CONF = "/etc/pki/pki-tomcat/password.conf"
ETC_REDHAT_RELEASE = "/etc/redhat-release"
RESOLV_CONF = "/etc/resolv.conf"
SAMBA_KEYTAB = "/etc/samba/samba.keytab"
SMB_CONF = "/etc/samba/smb.conf"
LIMITS_CONF = "/etc/security/limits.conf"
SSH_CONFIG_DIR = "/etc/ssh"
SSH_CONFIG = "/etc/ssh/ssh_config"
SSHD_CONFIG = "/etc/ssh/sshd_config"
SSSD_CONF = "/etc/sssd/sssd.conf"
@@ -129,6 +118,8 @@ class BasePathNamespace(object):
SYSCONFIG_HTTPD = "/etc/sysconfig/httpd"
SYSCONFIG_KRB5KDC_DIR = "/etc/sysconfig/krb5kdc"
SYSCONFIG_NAMED = "/etc/sysconfig/named"
SYSCONFIG_NETWORK = "/etc/sysconfig/network"
SYSCONFIG_NETWORK_IPABKP = "/etc/sysconfig/network.ipabkp"
SYSCONFIG_NFS = "/etc/sysconfig/nfs"
SYSCONFIG_NTPD = "/etc/sysconfig/ntpd"
SYSCONFIG_ODS = "/etc/sysconfig/ods"
@@ -136,24 +127,20 @@ class BasePathNamespace(object):
SYSCONFIG_PKI_TOMCAT = "/etc/sysconfig/pki-tomcat"
SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/sysconfig/pki/tomcat/pki-tomcat"
ETC_SYSTEMD_SYSTEM_DIR = "/etc/systemd/system/"
SYSTEMD_SYSTEM_HTTPD_D_DIR = "/etc/systemd/system/httpd.service.d/"
SYSTEMD_SYSTEM_HTTPD_IPA_CONF = "/etc/systemd/system/httpd.service.d/ipa.conf"
SYSTEMD_CERTMONGER_SERVICE = "/etc/systemd/system/multi-user.target.wants/certmonger.service"
SYSTEMD_IPA_SERVICE = "/etc/systemd/system/multi-user.target.wants/ipa.service"
SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service"
SYSTEMD_PKI_TOMCAT_SERVICE = "/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service"
ETC_TMPFILESD_DIRSRV = "/etc/tmpfiles.d/dirsrv-%s.conf"
DNSSEC_TRUSTED_KEY = "/etc/trusted-key.key"
HOME_DIR = "/home"
PROC_FIPS_ENABLED = "/proc/sys/crypto/fips_enabled"
ROOT_IPA_CACHE = "/root/.ipa_cache"
ROOT_PKI = "/root/.pki"
DOGTAG_ADMIN_P12 = "/root/ca-agent.p12"
RA_AGENT_PEM = "/var/lib/ipa/ra-agent.pem"
RA_AGENT_KEY = "/var/lib/ipa/ra-agent.key"
KRA_AGENT_PEM = "/etc/httpd/alias/kra-agent.pem"
CACERT_P12 = "/root/cacert.p12"
ROOT_IPA_CSR = "/root/ipa.csr"
NAMED_PID = "/run/named/named.pid"
IP = "/sbin/ip"
NOLOGIN = "/sbin/nologin"
SBIN_REBOOT = "/sbin/reboot"
SBIN_RESTORECON = "/sbin/restorecon"
@@ -166,20 +153,17 @@ class BasePathNamespace(object):
PKCS12EXPORT = "/usr/bin/PKCS12Export"
CERTUTIL = "/usr/bin/certutil"
CHROMIUM_BROWSER = "/usr/bin/chromium-browser"
DS_NEWINST_PL = "/usr/bin/ds_newinst.pl"
FIREFOX = "/usr/bin/firefox"
GETCERT = "/usr/bin/getcert"
GPG2 = "/usr/bin/gpg2"
GPG_CONNECT_AGENT = "/usr/bin/gpg-connect-agent"
GPG = "/usr/bin/gpg"
GPG_AGENT = "/usr/bin/gpg-agent"
IPA_GETCERT = "/usr/bin/ipa-getcert"
KADMIN_LOCAL = '/usr/sbin/kadmin.local'
KDESTROY = "/usr/bin/kdestroy"
KINIT = "/usr/bin/kinit"
KLIST = "/usr/bin/klist"
BIN_KVNO = "/usr/bin/kvno"
LDAPMODIFY = "/usr/bin/ldapmodify"
LDAPPASSWD = "/usr/bin/ldappasswd"
MODUTIL = "/usr/bin/modutil"
NET = "/usr/bin/net"
BIN_NISDOMAINNAME = "/usr/bin/nisdomainname"
NSUPDATE = "/usr/bin/nsupdate"
@@ -187,6 +171,8 @@ class BasePathNamespace(object):
ODS_SIGNER = "/usr/sbin/ods-signer"
OPENSSL = "/usr/bin/openssl"
PK12UTIL = "/usr/bin/pk12util"
SETPASSWD = "/usr/bin/setpasswd"
SIGNTOOL = "/usr/bin/signtool"
SOFTHSM2_UTIL = "/usr/bin/softhsm2-util"
SSLGET = "/usr/bin/sslget"
SSS_SSH_AUTHORIZEDKEYS = "/usr/bin/sss_ssh_authorizedkeys"
@@ -194,35 +180,29 @@ class BasePathNamespace(object):
BIN_TIMEOUT = "/usr/bin/timeout"
UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
BIN_CURL = "/usr/bin/curl"
ZIP = "/usr/bin/zip"
BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
USR_LIB_DIRSRV = "/usr/lib/dirsrv"
LIB_FIREFOX = "/usr/lib/firefox"
LIBSOFTHSM2_SO = "/usr/lib/pkcs11/libsofthsm2.so"
PAM_KRB5_SO = "/usr/lib/security/pam_krb5.so"
LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/"
BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
LIB64_FIREFOX = "/usr/lib64/firefox"
LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so"
PAM_KRB5_SO_64 = "/usr/lib64/security/pam_krb5.so"
DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit"
DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit"
CERTMONGER_DOGTAG_SUBMIT = "/usr/libexec/certmonger/dogtag-submit"
IPA_SERVER_GUARD = "/usr/libexec/certmonger/ipa-server-guard"
GENERATE_RNDC_KEY = "/usr/libexec/generate-rndc-key.sh"
IPA_DNSKEYSYNCD_REPLICA = "/usr/libexec/ipa/ipa-dnskeysync-replica"
IPA_DNSKEYSYNCD = "/usr/libexec/ipa/ipa-dnskeysyncd"
IPA_HTTPD_KDCPROXY = "/usr/libexec/ipa/ipa-httpd-kdcproxy"
IPA_ODS_EXPORTER = "/usr/libexec/ipa/ipa-ods-exporter"
IPA_HTTPD_PASSWD_READER = "/usr/libexec/ipa/ipa-httpd-pwdreader"
DNSSEC_KEYFROMLABEL = "/usr/sbin/dnssec-keyfromlabel-pkcs11"
GETSEBOOL = "/usr/sbin/getsebool"
GROUPADD = "/usr/sbin/groupadd"
USERMOD = "/usr/sbin/usermod"
HTTPD = "/usr/sbin/httpd"
IPA_CLIENT_AUTOMOUNT = "/usr/sbin/ipa-client-automount"
IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"
IPA_DNS_INSTALL = "/usr/sbin/ipa-dns-install"
SBIN_IPA_JOIN = "/usr/sbin/ipa-join"
@@ -231,11 +211,9 @@ class BasePathNamespace(object):
IPACTL = "/usr/sbin/ipactl"
NAMED = "/usr/sbin/named"
NAMED_PKCS11 = "/usr/sbin/named-pkcs11"
CHRONYC = "/usr/bin/chronyc"
CHRONYD = "/usr/sbin/chronyd"
NTPD = "/usr/sbin/ntpd"
PKIDESTROY = "/usr/sbin/pkidestroy"
PKISPAWN = "/usr/sbin/pkispawn"
PKI = "/usr/bin/pki"
REMOVE_DS_PL = "/usr/sbin/remove-ds.pl"
RESTORECON = "/usr/sbin/restorecon"
SELINUXENABLED = "/usr/sbin/selinuxenabled"
@@ -243,19 +221,20 @@ class BasePathNamespace(object):
SETUP_DS_PL = "/usr/sbin/setup-ds.pl"
SMBD = "/usr/sbin/smbd"
USERADD = "/usr/sbin/useradd"
FONTS_DIR = "/usr/share/fonts"
USR_SHARE_IPA_DIR = "/usr/share/ipa/"
USR_SHARE_IPA_CLIENT_DIR = "/usr/share/ipa/client"
CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
FFEXTENSION = "/usr/share/ipa/ffextension"
IPA_HTML_DIR = "/usr/share/ipa/html"
CA_CRT = "/usr/share/ipa/html/ca.crt"
KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi"
KRB_CON = "/usr/share/ipa/html/krb.con"
KRB_JS = "/usr/share/ipa/html/krb.js"
HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
NIS_ULDIF = "/usr/share/ipa/nis.uldif"
NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif"
SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/updates/91-schema_compat.update"
SCHEMA_COMPAT_POST_ULDIF = "/usr/share/ipa/schema_compat_post.uldif"
IPA_PLUGINS = "/usr/share/ipa/plugins"
SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
UPDATES_DIR = "/usr/share/ipa/updates/"
DICT_WORDS = "/usr/share/dict/words"
@@ -266,8 +245,7 @@ class BasePathNamespace(object):
KRB5KDC_KADM5_ACL = "/var/kerberos/krb5kdc/kadm5.acl"
KRB5KDC_KADM5_KEYTAB = "/var/kerberos/krb5kdc/kadm5.keytab"
KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf"
KDC_CERT = "/var/kerberos/krb5kdc/kdc.crt"
KDC_KEY = "/var/kerberos/krb5kdc/kdc.key"
KDC_PEM = "/var/kerberos/krb5kdc/kdc.pem"
VAR_LIB = "/var/lib"
AUTHCONFIG_LAST = "/var/lib/authconfig/last"
VAR_LIB_CERTMONGER_DIR = "/var/lib/certmonger"
@@ -290,8 +268,6 @@ class BasePathNamespace(object):
DNSSEC_TOKENS_DIR = "/var/lib/ipa/dnssec/tokens"
DNSSEC_SOFTHSM_PIN = "/var/lib/ipa/dnssec/softhsm_pin"
IPA_CA_CSR = "/var/lib/ipa/ca.csr"
IPA_CACERT_MANAGE = "/usr/sbin/ipa-cacert-manage"
IPA_CERTUPDATE = "/usr/sbin/ipa-certupdate"
PKI_CA_PUBLISH_DIR = "/var/lib/ipa/pki-ca/publish"
REPLICA_INFO_TEMPLATE = "/var/lib/ipa/replica-info-%s"
REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg"
@@ -304,6 +280,8 @@ class BasePathNamespace(object):
CA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12"
KRA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/kra_backup_keys.p12"
CA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg"
CAJARSIGNINGCERT_CFG = (
"/var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg")
CASIGNEDLOGCERT_CFG = (
"/var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg")
KRA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/kra/CS.cfg"
@@ -314,13 +292,11 @@ class BasePathNamespace(object):
SSSD_MC_PASSWD = "/var/lib/sss/mc/passwd"
SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
VAR_LOG_AUDIT = "/var/log/audit/audit.log"
DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
VAR_LOG_HTTPD_DIR = "/var/log/httpd"
VAR_LOG_HTTPD_ERROR = "/var/log/httpd/error_log"
IPABACKUP_LOG = "/var/log/ipabackup.log"
IPACLIENT_INSTALL_LOG = "/var/log/ipaclient-install.log"
IPACLIENT_UNINSTALL_LOG = "/var/log/ipaclient-uninstall.log"
@@ -328,12 +304,13 @@ class BasePathNamespace(object):
IPAREPLICA_CONNCHECK_LOG = "/var/log/ipareplica-conncheck.log"
IPAREPLICA_INSTALL_LOG = "/var/log/ipareplica-install.log"
IPARESTORE_LOG = "/var/log/iparestore.log"
IPASERVER_CA_INSTALL_LOG = "/var/log/ipaserver-ca-install.log"
IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log"
IPASERVER_KRA_INSTALL_LOG = "/var/log/ipaserver-kra-install.log"
IPASERVER_KRA_UNINSTALL_LOG = "/var/log/ipaserver-kra-uninstall.log"
IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log"
IPAUPGRADE_LOG = "/var/log/ipaupgrade.log"
KADMIND_LOG = "/var/log/kadmind.log"
KRB5KDC_LOG = "/var/log/krb5kdc.log"
MESSAGES = "/var/log/messages"
VAR_LOG_PKI_DIR = "/var/log/pki/"
TOMCAT_TOPLEVEL_DIR = "/var/log/pki/pki-tomcat"
@@ -344,18 +321,16 @@ class BasePathNamespace(object):
TOMCAT_KRA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/kra/archive"
TOMCAT_KRA_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/kra/signedAudit"
LOG_SECURE = "/var/log/secure"
VAR_LOG_SSSD_DIR = "/var/log/sssd"
NAMED_RUN = "/var/named/data/named.run"
VAR_OPENDNSSEC_DIR = "/var/opendnssec"
OPENDNSSEC_KASP_DB = "/var/opendnssec/kasp.db"
IPA_ODS_EXPORTER_CCACHE = "/var/opendnssec/tmp/ipa-ods-exporter.ccache"
VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv"
IPA_CCACHES = "/run/ipa/ccaches"
HTTP_CCACHE = "/var/lib/ipa/gssproxy/http.ccache"
CA_BUNDLE_PEM = "/var/lib/ipa-client/pki/ca-bundle.pem"
KDC_CA_BUNDLE_PEM = "/var/lib/ipa-client/pki/kdc-ca-bundle.pem"
KRB5CC_HTTPD = "/var/run/httpd/ipa/krbcache/krb5ccache"
IPA_RENEWAL_LOCK = "/var/run/ipa/renewal.lock"
SVC_LIST_FILE = "/var/run/ipa/services.list"
IPA_MEMCACHED_DIR = "/var/run/ipa_memcached"
VAR_RUN_IPA_MEMCACHED = "/var/run/ipa_memcached/ipa_memcached"
KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba"
SLAPD_INSTANCE_SOCKET_TEMPLATE = "/var/run/slapd-%s.socket"
ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
@@ -370,24 +345,8 @@ class BasePathNamespace(object):
NETWORK_MANAGER_CONFIG_DIR = '/etc/NetworkManager/conf.d'
IPA_CUSTODIA_CONF_DIR = '/etc/ipa/custodia'
IPA_CUSTODIA_CONF = '/etc/ipa/custodia/custodia.conf'
IPA_CUSTODIA_KEYS = '/etc/ipa/custodia/server.keys'
IPA_CUSTODIA_SOCKET = '/run/httpd/ipa-custodia.sock'
IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log'
IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab'
EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d'
GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf'
KRB5CC_HTTPD = '/tmp/krb5cc-httpd'
IF_INET6 = '/proc/net/if_inet6'
WSGI_PREFIX_DIR = "/run/httpd/wsgi"
AUTHCONFIG = None
AUTHSELECT = None
SYSCONF_NETWORK = None
IPA_SERVER_UPGRADE = '/usr/sbin/ipa-server-upgrade'
KEYCTL = '/usr/bin/keyctl'
GETENT = '/usr/bin/getent'
SSHD = '/usr/sbin/sshd'
SSSCTL = '/usr/sbin/sssctl'
LIBARCH = "64"
paths = BasePathNamespace()
path_namespace = BasePathNamespace

BIN
ipaplatform/base/paths.pyc Normal file
View File

Binary file not shown.

126
ipaplatform/base/services.py
View File

@@ -23,37 +23,26 @@ This base module contains default implementations of IPA interface for
interacting with system services.
'''
from __future__ import absolute_import
import os
import json
import time
import logging
import warnings
import collections
import six
import ipalib
from ipapython import ipautil
from ipaplatform.paths import paths
# pylint: disable=no-name-in-module, import-error
if six.PY3:
from collections.abc import Mapping
else:
from collections import Mapping
# pylint: enable=no-name-in-module, import-error
logger = logging.getLogger(__name__)
# Canonical names of services as IPA wants to see them. As we need to have
# *some* naming, set them as in Red Hat distributions. Actual implementation
# should make them available through knownservices.<name> and take care of
# re-mapping internally, if needed
wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc',
'dbus', 'nslcd', 'nscd', 'ntpd', 'portmap',
'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap',
'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd',
'rpcidmapd', 'pki_tomcatd', 'chronyd', 'domainname',
'named', 'ods_enforcerd', 'ods_signerd', 'gssproxy']
'named', 'ods_enforcerd', 'ods_signerd']
# The common ports for these services. This is used to wait for the
# service to become available.
@@ -67,13 +56,14 @@ wellknownports = {
SERVICE_POLL_INTERVAL = 0.1 # seconds
class KnownServices(Mapping):
class KnownServices(collections.Mapping):
"""
KnownServices is an abstract class factory that should give out instances
of well-known platform services. Actual implementation must create these
instances as its own attributes on first access (or instance creation)
and cache them.
"""
def __init__(self, d):
self.__d = d
@@ -103,19 +93,9 @@ class PlatformService(object):
"""
def __init__(self, service_name, api=None):
# pylint: disable=ipa-forbidden-import
import ipalib # FixMe: break import cycle
# pylint: enable=ipa-forbidden-import
def __init__(self, service_name, api=ipalib.api):
self.service_name = service_name
if api is not None:
self.api = api
else:
self.api = ipalib.api
warnings.warn(
"{s.__class__.__name__}('{s.service_name}', api=None) "
"is deprecated.".format(s=self),
RuntimeWarning, stacklevel=2)
self.api = api
def start(self, instance_name="", capture_output=True, wait=True,
update_service_list=True):
@@ -140,6 +120,8 @@ class PlatformService(object):
with open(paths.SVC_LIST_FILE, 'w') as f:
json.dump(svc_list, f)
return
def stop(self, instance_name="", capture_output=True,
update_service_list=True):
"""
@@ -161,14 +143,12 @@ class PlatformService(object):
with open(paths.SVC_LIST_FILE, 'w') as f:
json.dump(svc_list, f)
def reload_or_restart(self, instance_name="", capture_output=True,
wait=True):
pass
return
def restart(self, instance_name="", capture_output=True, wait=True):
pass
return
def is_running(self, instance_name="", wait=True):
def is_running(self, instance_name=""):
return False
def is_installed(self):
@@ -181,32 +161,34 @@ class PlatformService(object):
return False
def enable(self, instance_name=""):
pass
return
def disable(self, instance_name=""):
pass
return
def mask(self, instance_name=""):
pass
return
def unmask(self, instance_name=""):
pass
return
def install(self, instance_name=""):
pass
return
def remove(self, instance_name=""):
pass
return
def get_config_dir(self, instance_name=""):
return
class SystemdService(PlatformService):
SYSTEMD_SRV_TARGET = "%s.target.wants"
def __init__(self, service_name, systemd_name, api=None):
super(SystemdService, self).__init__(service_name, api=api)
def __init__(self, service_name, systemd_name, **kwargs):
super(SystemdService, self).__init__(service_name, **kwargs)
self.systemd_name = systemd_name
self.lib_path = os.path.join(paths.LIB_SYSTEMD_SYSTEMD_DIR,
self.systemd_name)
self.lib_path = os.path.join(paths.LIB_SYSTEMD_SYSTEMD_DIR, self.systemd_name)
self.lib_path_exists = None
def service_instance(self, instance_name, operation=None):
@@ -289,51 +271,39 @@ class SystemdService(PlatformService):
ipautil.run(args, skip_output=not capture_output)
update_service_list = getattr(self.api.env, 'context',
None) in ['ipactl', 'installer']
if getattr(self.api.env, 'context', None) in ['ipactl', 'installer']:
update_service_list = True
else:
update_service_list = False
super(SystemdService, self).stop(
instance_name,
update_service_list=update_service_list)
logger.debug('Stop of %s complete', instance)
def start(self, instance_name="", capture_output=True, wait=True):
ipautil.run([paths.SYSTEMCTL, "start",
self.service_instance(instance_name)],
skip_output=not capture_output)
update_service_list = getattr(self.api.env, 'context',
None) in ['ipactl', 'installer']
if getattr(self.api.env, 'context', None) in ['ipactl', 'installer']:
update_service_list = True
else:
update_service_list = False
if wait and self.is_running(instance_name):
self.wait_for_open_ports(self.service_instance(instance_name))
super(SystemdService, self).start(
instance_name,
update_service_list=update_service_list)
logger.debug('Start of %s complete',
self.service_instance(instance_name))
def _restart_base(self, instance_name, operation, capture_output=True,
wait=False):
ipautil.run([paths.SYSTEMCTL, operation,
self.service_instance(instance_name)],
def restart(self, instance_name="", capture_output=True, wait=True):
ipautil.run([paths.SYSTEMCTL, "restart",
self.service_instance(instance_name)],
skip_output=not capture_output)
if wait and self.is_running(instance_name):
self.wait_for_open_ports(self.service_instance(instance_name))
logger.debug('Restart of %s complete',
self.service_instance(instance_name))
def reload_or_restart(self, instance_name="", capture_output=True,
wait=True):
self._restart_base(instance_name, "reload-or-restart",
capture_output, wait)
def restart(self, instance_name="", capture_output=True, wait=True):
self._restart_base(instance_name, "restart",
capture_output, wait)
def is_running(self, instance_name="", wait=True):
def is_running(self, instance_name=""):
instance = self.service_instance(instance_name, 'is-active')
while True:
@@ -367,7 +337,7 @@ class SystemdService(PlatformService):
return False
else:
svar = self.parse_variables(result.output)
if self.service_instance("") not in svar:
if not self.service_instance("") in svar:
# systemd doesn't show the service
return False
except ipautil.CalledProcessError:
@@ -436,7 +406,7 @@ class SystemdService(PlatformService):
self.service_instance(instance_name))
try:
if not os.path.isdir(srv_tgt):
if not ipautil.dir_exists(srv_tgt):
os.mkdir(srv_tgt)
os.chmod(srv_tgt, 0o755)
if os.path.exists(srv_lnk):
@@ -452,7 +422,7 @@ class SystemdService(PlatformService):
os.unlink(srv_lnk)
os.symlink(self.lib_path, srv_lnk)
ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"])
except Exception:
except:
pass
else:
self.__enable(instance_name)
@@ -471,11 +441,11 @@ class SystemdService(PlatformService):
self.service_instance(instance_name))
try:
if os.path.isdir(srv_tgt):
if ipautil.dir_exists(srv_tgt):
if os.path.islink(srv_lnk):
os.unlink(srv_lnk)
ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"])
except Exception:
except:
pass
else:
try:
@@ -517,13 +487,9 @@ class SystemdService(PlatformService):
# Objects below are expected to be exported by platform module
def base_service_class_factory(name, api=None):
raise NotImplementedError
service = None
knownservices = None
service = base_service_class_factory
knownservices = KnownServices({})
# System may support more time&date services. FreeIPA supports chrony only.
# Other services will be disabled during IPA installation
# System may support more time&date services. FreeIPA supports ntpd only, other
# services will be disabled during IPA installation
timedate_services = ['ntpd', 'chronyd']

165
ipaplatform/base/tasks.py
View File

@@ -22,36 +22,41 @@
This module contains default platform-specific implementations of system tasks.
'''
from __future__ import absolute_import
import logging
import pwd
import grp
from pkg_resources import parse_version
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import log_mgr
from ipapython import ipautil
logger = logging.getLogger(__name__)
log = log_mgr.get_logger(__name__)
class BaseTaskNamespace(object):
def restore_context(self, filepath, force=False):
"""Restore SELinux security context on the given filepath.
def restore_context(self, filepath):
"""
Restore SELinux security context on the given filepath.
No return value expected.
"""
raise NotImplementedError()
def backup_hostname(self, fstore, statestore):
return
def backup_and_replace_hostname(self, fstore, statestore, hostname):
"""
Backs up the current hostname in the statestore (so that it can be
restored by the restore_hostname platform task).
restored by the restore_network_configuration platform task).
Makes sure that new hostname (passed via hostname argument) is set
as a new pemanent hostname for this host.
No return value expected.
"""
raise NotImplementedError()
return
def reload_systemwide_ca_store(self):
"""
@@ -60,7 +65,7 @@ class BaseTaskNamespace(object):
Returns True if the operation succeeded, False otherwise.
"""
raise NotImplementedError()
return True
def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
"""
@@ -70,7 +75,7 @@ class BaseTaskNamespace(object):
Returns True if the operation succeeded, False otherwise.
"""
raise NotImplementedError()
return True
def remove_ca_certs_from_systemwide_ca_store(self):
"""
@@ -80,7 +85,7 @@ class BaseTaskNamespace(object):
Returns True if the operation succeeded, False otherwise.
"""
raise NotImplementedError()
return True
def get_svc_list_file(self):
"""
@@ -99,20 +104,15 @@ class BaseTaskNamespace(object):
restorecon and rerunning the installation.
"""
raise NotImplementedError()
return
def check_ipv6_stack_enabled(self):
"""Check whether IPv6 kernel module is loaded"""
raise NotImplementedError()
def restore_hostname(self, fstore, statestore):
def restore_network_configuration(self, fstore, statestore):
"""
Restores the original hostname as backed up in the
backup_hostname platform task.
backup_and_replace_hostname platform task.
"""
raise NotImplementedError()
return
def restore_pre_ipa_client_configuration(self, fstore, statestore,
was_sssd_installed,
@@ -124,39 +124,31 @@ class BaseTaskNamespace(object):
modify_pam_to_use_krb5
"""
raise NotImplementedError()
return
def set_nisdomain(self, nisdomain):
"""
Sets the NIS domain name to 'nisdomain'.
"""
raise NotImplementedError()
return
def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore,
sudo=True):
def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore):
"""
If sssd flag is true, configure pam and nsswitch so that SSSD is used
If sssd flag is true, configure pam and nsswtich so that SSSD is used
for retrieving user information and authentication.
Otherwise, configure pam and nsswitch to leverage pure LDAP.
"""
raise NotImplementedError()
return
def modify_pam_to_use_krb5(self, statestore):
"""
Configure pam stack to allow kerberos authentication.
"""
raise NotImplementedError()
def is_nosssd_supported(self):
"""
Check if the flag --no-sssd is supported for client install.
"""
return True
return
def backup_auth_configuration(self, path):
"""
@@ -164,19 +156,14 @@ class BaseTaskNamespace(object):
:param path: store the backup here. This will be passed to
restore_auth_configuration as well.
"""
raise NotImplementedError()
return
def restore_auth_configuration(self, path):
"""
Restore backup of access control configuration.
:param path: restore the backup from here.
"""
raise NotImplementedError()
def migrate_auth_configuration(self, statestore):
"""
Migrate pam stack configuration to authselect.
"""
return
def set_selinux_booleans(self, required_settings, backup_func=None):
"""Set the specified SELinux booleans
@@ -195,53 +182,57 @@ class BaseTaskNamespace(object):
an ipapython.errors.SetseboolError is raised.
"""
raise NotImplementedError()
return
@staticmethod
def parse_ipa_version(version):
def create_system_user(self, name, group, homedir, shell, uid=None, gid=None, comment=None, create_homedir=False):
"""Create a system user with a corresponding group"""
try:
grp.getgrnam(group)
except KeyError:
log.debug('Adding group %s', group)
args = [paths.GROUPADD, '-r', group]
if gid:
args += ['-g', str(gid)]
try:
ipautil.run(args)
log.debug('Done adding group')
except ipautil.CalledProcessError as e:
log.critical('Failed to add group: %s', e)
raise
else:
log.debug('group %s exists', group)
try:
pwd.getpwnam(name)
except KeyError:
log.debug('Adding user %s', name)
args = [
paths.USERADD,
'-g', group,
'-d', homedir,
'-s', shell,
'-r', name,
]
if uid:
args += ['-u', str(uid)]
if comment:
args += ['-c', comment]
if create_homedir:
args += ['-m']
else:
args += ['-M']
try:
ipautil.run(args)
log.debug('Done adding user')
except ipautil.CalledProcessError as e:
log.critical('Failed to add user: %s', e)
raise
else:
log.debug('user %s exists', name)
def parse_ipa_version(self, version):
"""
:param version: textual version
:return: object implementing proper __cmp__ method for version compare
"""
return parse_version(version)
def set_hostname(self, hostname):
"""
Set hostname for the system
No return value expected, raise CalledProcessError when error occurred
"""
raise NotImplementedError()
def configure_httpd_service_ipa_conf(self):
"""Configure httpd service to work with IPA"""
raise NotImplementedError()
def configure_http_gssproxy_conf(self, ipauser):
raise NotImplementedError()
def remove_httpd_service_ipa_conf(self):
"""Remove configuration of httpd service of IPA"""
raise NotImplementedError()
def configure_httpd_wsgi_conf(self):
"""Configure WSGI for correct Python version"""
raise NotImplementedError()
def is_fips_enabled(self):
return False
def add_user_to_group(self, user, group):
logger.debug('Adding user %s to group %s', user, group)
args = [paths.USERMOD, '-a', '-G', group, user]
try:
ipautil.run(args)
logger.debug('Done adding user to group')
except ipautil.CalledProcessError as e:
logger.debug('Failed to add user to group: %s', e)
def setup_httpd_logging(self):
raise NotImplementedError()
tasks = BaseTaskNamespace()

10
ipaplatform/constants.py
View File

@@ -1,10 +0,0 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
"""IpaMetaImporter replaces this module with ipaplatform.$NAME.constants.
"""
from __future__ import absolute_import
import ipaplatform._importhook
ipaplatform._importhook.fixup_module('ipaplatform.constants')

1
ipaplatform/constants.py Symbolic link
View File

@@ -0,0 +1 @@
fedora/constants.py

7
ipaplatform/debian/__init__.py
View File

@@ -1,7 +0,0 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
"""
This module contains Debian specific platform files.
"""

30
ipaplatform/debian/constants.py
View File

@@ -1,30 +0,0 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
'''
This Debian family platform module exports platform dependant constants.
'''
# Fallback to default path definitions
from __future__ import absolute_import
from ipaplatform.base.constants import BaseConstantsNamespace
class DebianConstantsNamespace(BaseConstantsNamespace):
HTTPD_USER = "www-data"
HTTPD_GROUP = "www-data"
NAMED_USER = "bind"
NAMED_GROUP = "bind"
NAMED_DATA_DIR = ""
NAMED_ZONE_COMMENT = "//"
# ntpd init variable used for daemon options
NTPD_OPTS_VAR = "NTPD_OPTS"
# quote used for daemon options
NTPD_OPTS_QUOTE = "\'"
ODS_USER = "opendnssec"
ODS_GROUP = "opendnssec"
SECURE_NFS_VAR = "NEED_GSSD"
constants = DebianConstantsNamespace()

108
ipaplatform/debian/paths.py
View File

@@ -1,108 +0,0 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
"""
This Debian base platform module exports default filesystem paths as common
in Debian-based systems.
"""
# Fallback to default path definitions
from __future__ import absolute_import
from ipaplatform.base.paths import BasePathNamespace
import sysconfig
MULTIARCH = sysconfig.get_config_var('MULTIARCH')
class DebianPathNamespace(BasePathNamespace):
BIN_HOSTNAMECTL = "/usr/bin/hostnamectl"
AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
ETC_HTTPD_DIR = "/etc/apache2"
HTTPD_ALIAS_DIR = "/etc/apache2/nssdb"
ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc"
ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt"
HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/"
HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/apache2/conf-enabled/ipa-kdc-proxy.conf"
HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf"
HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-available/ipa-rewrite.conf"
HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf"
HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf"
HTTPD_SSL_CONF = "/etc/apache2/mods-available/ssl.conf"
HTTPD_SSL_SITE_CONF = "/etc/apache2/sites-available/default-ssl.conf"
OLD_IPA_KEYTAB = "/etc/apache2/ipa.keytab"
HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf"
NAMED_CONF = "/etc/bind/named.conf"
NAMED_VAR_DIR = "/var/cache/bind"
NAMED_KEYTAB = "/etc/bind/named.keytab"
NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones"
NAMED_ROOT_KEY = "/etc/bind/bind.keys"
NAMED_BINDKEYS_FILE = "/etc/bind/bind.keys"
NAMED_MANAGED_KEYS_DIR = "/var/cache/bind/dynamic"
CHRONY_CONF = "/etc/chrony/chrony.conf"
OPENLDAP_LDAP_CONF = "/etc/ldap/ldap.conf"
ETC_DEBIAN_VERSION = "/etc/debian_version"
IPA_P11_KIT = "/usr/local/share/ca-certificates/ipa-ca.crt"
ETC_SYSCONFIG_DIR = "/etc/default"
SYSCONFIG_AUTOFS = "/etc/default/autofs"
SYSCONFIG_DIRSRV = "/etc/default/dirsrv"
SYSCONFIG_DIRSRV_INSTANCE = "/etc/default/dirsrv-%s"
SYSCONFIG_DIRSRV_SYSTEMD = "/etc/default/dirsrv.systemd"
SYSCONFIG_IPA_DNSKEYSYNCD = "/etc/default/ipa-dnskeysyncd"
SYSCONFIG_IPA_ODS_EXPORTER = "/etc/default/ipa-ods-exporter"
SYSCONFIG_KRB5KDC_DIR = "/etc/default/krb5-kdc"
SYSCONFIG_NAMED = "/etc/default/bind9"
SYSCONFIG_NFS = "/etc/default/nfs-common"
SYSCONFIG_NTPD = "/etc/default/ntp"
SYSCONFIG_ODS = "/etc/default/opendnssec"
SYSCONFIG_PKI = "/etc/dogtag/"
SYSCONFIG_PKI_TOMCAT = "/etc/default/pki-tomcat"
SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/dogtag/tomcat/pki-tomcat"
SYSTEMD_SYSTEM_HTTPD_D_DIR = "/etc/systemd/system/apache2.service.d/"
SYSTEMD_SYSTEM_HTTPD_IPA_CONF = "/etc/systemd/system/apache2.service.d/ipa.conf"
DNSSEC_TRUSTED_KEY = "/etc/bind/trusted-key.key"
GSSAPI_SESSION_KEY = "/etc/apache2/ipasession.key"
OLD_KRA_AGENT_PEM = "/etc/apache2/nssdb/kra-agent.pem"
KEYCTL = "/bin/keyctl"
SBIN_SERVICE = "/usr/sbin/service"
CERTMONGER_COMMAND_TEMPLATE = "/usr/lib/ipa/certmonger/%s"
UPDATE_CA_TRUST = "/usr/sbin/update-ca-certificates"
BIND_LDAP_DNS_IPA_WORKDIR = "/var/cache/bind/dyndb-ldap/ipa/"
BIND_LDAP_DNS_ZONE_WORKDIR = "/var/cache/bind/dyndb-ldap/ipa/master/"
LIBARCH = "/{0}".format(MULTIARCH)
LIBSOFTHSM2_SO = "/usr/lib/softhsm/libsofthsm2.so"
PAM_KRB5_SO = "/usr/lib/{0}/security/pam_krb5.so".format(MULTIARCH)
LIB_SYSTEMD_SYSTEMD_DIR = "/lib/systemd/system/"
DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/lib/certmonger/dogtag-ipa-ca-renew-agent-submit"
DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/lib/certmonger/dogtag-ipa-renew-agent-submit"
CERTMONGER_DOGTAG_SUBMIT = "/usr/lib/certmonger/dogtag-submit"
IPA_SERVER_GUARD = "/usr/lib/certmonger/ipa-server-guard"
GENERATE_RNDC_KEY = "/bin/true"
IPA_DNSKEYSYNCD_REPLICA = "/usr/lib/ipa/ipa-dnskeysync-replica"
IPA_DNSKEYSYNCD = "/usr/lib/ipa/ipa-dnskeysyncd"
IPA_HTTPD_KDCPROXY = "/usr/lib/ipa/ipa-httpd-kdcproxy"
IPA_ODS_EXPORTER = "/usr/lib/ipa/ipa-ods-exporter"
IPA_HTTPD_PASSWD_READER = "/usr/lib/ipa/ipa-httpd-pwdreader"
HTTPD = "/usr/sbin/apache2ctl"
REMOVE_DS_PL = "/usr/sbin/remove-ds"
SETUP_DS_PL = "/usr/sbin/setup-ds"
FONTS_DIR = "/usr/share/fonts/truetype"
VAR_KERBEROS_KRB5KDC_DIR = "/var/lib/krb5kdc/"
VAR_KRB5KDC_K5_REALM = "/var/lib/krb5kdc/.k5."
CACERT_PEM = "/var/lib/krb5kdc/cacert.pem"
KRB5KDC_KADM5_ACL = "/etc/krb5kdc/kadm5.acl"
KRB5KDC_KADM5_KEYTAB = "/etc/krb5kdc/kadm5.keytab"
KRB5KDC_KDC_CONF = "/etc/krb5kdc/kdc.conf"
KDC_CERT = "/var/lib/krb5kdc/kdc.crt"
KDC_KEY = "/var/lib/krb5kdc/kdc.key"
VAR_LOG_HTTPD_DIR = "/var/log/apache2"
VAR_LOG_HTTPD_ERROR = "/var/log/apache2/error.log"
NAMED_RUN = "/var/cache/bind/named.run"
VAR_OPENDNSSEC_DIR = "/var/lib/opendnssec"
OPENDNSSEC_KASP_DB = "/var/lib/opendnssec/db/kasp.db"
IPA_ODS_EXPORTER_CCACHE = "/var/lib/opendnssec/tmp/ipa-ods-exporter.ccache"
IPA_CUSTODIA_SOCKET = "/run/apache2/ipa-custodia.sock"
IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log'
WSGI_PREFIX_DIR = "/run/apache2/wsgi"
paths = DebianPathNamespace()

182
ipaplatform/debian/services.py
View File

@@ -1,182 +0,0 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
"""
Contains Debian-specific service class implementations.
"""
from __future__ import absolute_import
from ipaplatform.base import services as base_services
from ipaplatform.redhat import services as redhat_services
from ipapython import ipautil
from ipaplatform.paths import paths
# Mappings from service names as FreeIPA code references to these services
# to their actual systemd service names
debian_system_units = redhat_services.redhat_system_units.copy()
# For beginning just remap names to add .service
# As more services will migrate to systemd, unit names will deviate and
# mapping will be kept in this dictionary
debian_system_units['httpd'] = 'apache2.service'
debian_system_units['kadmin'] = 'krb5-admin-server.service'
debian_system_units['krb5kdc'] = 'krb5-kdc.service'
debian_system_units['named-regular'] = 'bind9.service'
debian_system_units['named-pkcs11'] = 'bind9-pkcs11.service'
debian_system_units['named'] = debian_system_units['named-pkcs11']
debian_system_units['pki-tomcatd'] = 'pki-tomcatd.service'
debian_system_units['pki_tomcatd'] = debian_system_units['pki-tomcatd']
debian_system_units['ods-enforcerd'] = 'opendnssec-enforcer.service'
debian_system_units['ods_enforcerd'] = debian_system_units['ods-enforcerd']
debian_system_units['ods-signerd'] = 'opendnssec-signer.service'
debian_system_units['ods_signerd'] = debian_system_units['ods-signerd']
debian_system_units['rpcgssd'] = 'rpc-gssd.service'
debian_system_units['rpcidmapd'] = 'nfs-idmapd.service'
debian_system_units['smb'] = 'smbd.service'
# Service classes that implement Debian family-specific behaviour
class DebianService(redhat_services.RedHatService):
system_units = debian_system_units
class DebianSysvService(base_services.PlatformService):
def __wait_for_open_ports(self, instance_name=""):
"""
If this is a service we need to wait for do so.
"""
ports = None
if instance_name in base_services.wellknownports:
ports = base_services.wellknownports[instance_name]
else:
if self.service_name in base_services.wellknownports:
ports = base_services.wellknownports[self.service_name]
if ports:
ipautil.wait_for_open_ports('localhost', ports, self.api.env.startup_timeout)
def stop(self, instance_name='', capture_output=True):
ipautil.run([paths.SBIN_SERVICE, self.service_name, "stop",
instance_name], capture_output=capture_output)
super(DebianSysvService, self).stop(instance_name)
def start(self, instance_name='', capture_output=True, wait=True):
ipautil.run([paths.SBIN_SERVICE, self.service_name, "start",
instance_name], capture_output=capture_output)
if wait and self.is_running(instance_name):
self.__wait_for_open_ports(instance_name)
super(DebianSysvService, self).start(instance_name)
def restart(self, instance_name='', capture_output=True, wait=True):
ipautil.run([paths.SBIN_SERVICE, self.service_name, "restart",
instance_name], capture_output=capture_output)
if wait and self.is_running(instance_name):
self.__wait_for_open_ports(instance_name)
def is_running(self, instance_name="", wait=True):
ret = True
try:
result = ipautil.run([paths.SBIN_SERVICE,
self.service_name, "status",
instance_name],
capture_output=True)
sout = result.output
if sout.find("NOT running") >= 0:
ret = False
if sout.find("stop") >= 0:
ret = False
if sout.find("inactive") >= 0:
ret = False
except ipautil.CalledProcessError:
ret = False
return ret
def is_installed(self):
installed = True
try:
ipautil.run([paths.SBIN_SERVICE, self.service_name, "status"])
except ipautil.CalledProcessError as e:
if e.returncode == 1:
# service is not installed or there is other serious issue
installed = False
return installed
@staticmethod
def is_enabled(instance_name=""):
# Services are always assumed to be enabled when installed
return True
@staticmethod
def enable():
return True
@staticmethod
def disable():
return True
@staticmethod
def install():
return True
@staticmethod
def remove():
return True
# For services which have no Debian counterpart
class DebianNoService(base_services.PlatformService):
@staticmethod
def start():
return True
@staticmethod
def stop():
return True
@staticmethod
def restart():
return True
@staticmethod
def disable():
return True
# Function that constructs proper Debian-specific server classes for services
# of specified name
def debian_service_class_factory(name, api=None):
if name == 'dirsrv':
return redhat_services.RedHatDirectoryService(name, api)
if name == 'domainname':
return DebianNoService(name, api)
if name == 'ipa':
return redhat_services.RedHatIPAService(name, api)
if name == 'ntpd':
return DebianSysvService("ntp", api)
return DebianService(name, api)
# Magicdict containing DebianService instances.
class DebianServices(base_services.KnownServices):
def __init__(self):
# pylint: disable=ipa-forbidden-import
import ipalib # FixMe: break import cycle
# pylint: enable=ipa-forbidden-import
services = dict()
for s in base_services.wellknownservices:
services[s] = self.service_class_factory(s, ipalib.api)
# Call base class constructor. This will lock services to read-only
super(DebianServices, self).__init__(services)
@staticmethod
def service_class_factory(name, api=None):
return debian_service_class_factory(name, api)
# Objects below are expected to be exported by platform module
timedate_services = base_services.timedate_services
service = debian_service_class_factory
knownservices = DebianServices()

73
ipaplatform/debian/tasks.py
View File

@@ -1,73 +0,0 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
"""
This module contains default Debian-specific implementations of system tasks.
"""
from __future__ import absolute_import
from ipaplatform.base.tasks import BaseTaskNamespace
from ipaplatform.redhat.tasks import RedHatTaskNamespace
from ipapython import ipautil
class DebianTaskNamespace(RedHatTaskNamespace):
@staticmethod
def restore_pre_ipa_client_configuration(fstore, statestore,
was_sssd_installed,
was_sssd_configured):
try:
ipautil.run(["pam-auth-update",
"--package", "--remove", "mkhomedir"])
except ipautil.CalledProcessError:
return False
return True
@staticmethod
def set_nisdomain(nisdomain):
# Debian doesn't use authconfig, nothing to set
return True
@staticmethod
def modify_nsswitch_pam_stack(sssd, mkhomedir, statestore, sudo=True):
if mkhomedir:
try:
ipautil.run(["pam-auth-update",
"--package", "--enable", "mkhomedir"])
except ipautil.CalledProcessError:
return False
return True
else:
return True
@staticmethod
def modify_pam_to_use_krb5(statestore):
# Debian doesn't use authconfig, this is handled by pam-auth-update
return True
@staticmethod
def backup_auth_configuration(path):
# Debian doesn't use authconfig, nothing to backup
return True
@staticmethod
def restore_auth_configuration(path):
# Debian doesn't use authconfig, nothing to restore
return True
@staticmethod
def parse_ipa_version(version):
return BaseTaskNamespace.parse_ipa_version(version)
def configure_httpd_wsgi_conf(self):
# Debian doesn't require special mod_wsgi configuration
pass
def setup_httpd_logging(self):
# Debian handles httpd logging differently
pass
tasks = DebianTaskNamespace()

11
ipaplatform/fedora/__init__.py
View File

@@ -20,14 +20,3 @@
'''
This module contains Fedora specific platform files.
'''
import sys
import warnings
NAME = 'fedora'
if sys.version_info < (3, 6):
warnings.warn(
"Support for Python 2.7 and 3.5 is deprecated. Python version "
"3.6 or newer will be required in the next major release.",
category=DeprecationWarning
)

13
ipaplatform/fedora/constants.py
View File

@@ -7,21 +7,10 @@ This Fedora base platform module exports platform related constants.
'''
# Fallback to default constant definitions
from __future__ import absolute_import
from ipaplatform.redhat.constants import RedHatConstantsNamespace
class FedoraConstantsNamespace(RedHatConstantsNamespace):
# Fedora allows installation of Python 2 and 3 mod_wsgi, but the modules
# can't coexist. For Apache to load correct module.
MOD_WSGI_PYTHON2 = "modules/mod_wsgi.so"
MOD_WSGI_PYTHON3 = "modules/mod_wsgi_python3.so"
# System-wide crypto policy, but without TripleDES, pre-shared key,
# secure remote password, and DSA cert authentication.
# see https://fedoraproject.org/wiki/Changes/CryptoPolicy
TLS_HIGH_CIPHERS = "PROFILE=SYSTEM:!3DES:!PSK:!SRP:!aDSS"
pass
constants = FedoraConstantsNamespace()

7
ipaplatform/fedora/paths.py
View File

@@ -23,16 +23,11 @@ in Fedora-based systems.
'''
# Fallback to default path definitions
from __future__ import absolute_import
from ipaplatform.redhat.paths import RedHatPathNamespace
class FedoraPathNamespace(RedHatPathNamespace):
HTTPD_IPA_WSGI_MODULES_CONF = (
"/etc/httpd/conf.modules.d/02-ipa-wsgi.conf"
)
NAMED_CRYPTO_POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
pass
paths = FedoraPathNamespace()

28
ipaplatform/fedora/services.py
View File

@@ -22,22 +22,14 @@
Contains Fedora-specific service class implementations.
"""
from __future__ import absolute_import
from ipaplatform.osinfo import osinfo
from ipaplatform.redhat import services as redhat_services
# Mappings from service names as FreeIPA code references to these services
# to their actual systemd service names
fedora_system_units = redhat_services.redhat_system_units.copy()
fedora_system_units = redhat_services.redhat_system_units
# Fedora 28 and earlier have fedora-domainname.service. Starting from
# Fedora 29, the service is called nis-domainname.service as defined in
# ipaplatform.redhat.services.
HAS_FEDORA_DOMAINNAME_SERVICE = int(osinfo.version_id) <= 28
if HAS_FEDORA_DOMAINNAME_SERVICE:
fedora_system_units['domainname'] = 'fedora-domainname.service'
# Service that sets domainname on Fedora is called fedora-domainname.service
fedora_system_units['domainname'] = 'fedora-domainname.service'
# Service classes that implement Fedora-specific behaviour
@@ -49,21 +41,21 @@ class FedoraService(redhat_services.RedHatService):
# Function that constructs proper Fedora-specific server classes for services
# of specified name
def fedora_service_class_factory(name, api=None):
if HAS_FEDORA_DOMAINNAME_SERVICE and name == 'domainname':
return FedoraService(name, api)
return redhat_services.redhat_service_class_factory(name, api)
def fedora_service_class_factory(name):
if name == 'domainname':
return FedoraService(name)
return redhat_services.redhat_service_class_factory(name)
# Magicdict containing FedoraService instances.
class FedoraServices(redhat_services.RedHatServices):
def service_class_factory(self, name, api=None):
return fedora_service_class_factory(name, api)
def service_class_factory(self, name):
return fedora_service_class_factory(name)
# Objects below are expected to be exported by platform module
timedate_services = redhat_services.timedate_services
from ipaplatform.redhat.services import timedate_services
service = fedora_service_class_factory
knownservices = FedoraServices()

2
ipaplatform/fedora/tasks.py
View File

@@ -23,8 +23,6 @@
This module contains default Fedora-specific implementations of system tasks.
'''
from __future__ import absolute_import
from ipaplatform.redhat.tasks import RedHatTaskNamespace

30
ipaplatform/ipaplatform.egg-info/PKG-INFO
View File

@@ -1,30 +0,0 @@
Metadata-Version: 1.2
Name: ipaplatform
Version: 4.7.2
Summary: FreeIPA platform
Home-page: https://www.freeipa.org/
Author: FreeIPA Developers
Author-email: freeipa-devel@lists.fedorahosted.org
Maintainer: FreeIPA Developers
Maintainer-email: freeipa-devel@redhat.com
License: GPLv3
Download-URL: https://www.freeipa.org/page/Downloads
Description: FreeIPA platform
Platform: Linux
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
Classifier: Programming Language :: C
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Operating System :: POSIX
Classifier: Operating System :: POSIX :: Linux
Classifier: Operating System :: Unix
Classifier: Topic :: Internet :: Name Service (DNS)
Classifier: Topic :: Security
Classifier: Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP
Requires-Python: >=2.7.5,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*

42
ipaplatform/ipaplatform.egg-info/SOURCES.txt
View File

@@ -1,42 +0,0 @@
__init__.py
_importhook.py
constants.py
osinfo.py
override.py
paths.py
services.py
setup.cfg
setup.py
tasks.py
base/__init__.py
base/constants.py
base/paths.py
base/services.py
base/tasks.py
debian/__init__.py
debian/constants.py
debian/paths.py
debian/services.py
debian/tasks.py
fedora/__init__.py
fedora/constants.py
fedora/paths.py
fedora/services.py
fedora/tasks.py
ipaplatform.egg-info/PKG-INFO
ipaplatform.egg-info/SOURCES.txt
ipaplatform.egg-info/dependency_links.txt
ipaplatform.egg-info/namespace_packages.txt
ipaplatform.egg-info/requires.txt
ipaplatform.egg-info/top_level.txt
redhat/__init__.py
redhat/authconfig.py
redhat/constants.py
redhat/paths.py
redhat/services.py
redhat/tasks.py
rhel/__init__.py
rhel/constants.py
rhel/paths.py
rhel/services.py
rhel/tasks.py

1
ipaplatform/ipaplatform.egg-info/dependency_links.txt
View File

@@ -1 +0,0 @@

1
ipaplatform/ipaplatform.egg-info/namespace_packages.txt
View File

@@ -1 +0,0 @@
ipaplatform

4
ipaplatform/ipaplatform.egg-info/requires.txt
View File

@@ -1,4 +0,0 @@
cffi
ipapython==4.7.2
pyasn1
six

1
ipaplatform/ipaplatform.egg-info/top_level.txt
View File

@@ -1 +0,0 @@
ipaplatform

214
ipaplatform/osinfo.py
View File

@@ -1,214 +0,0 @@
#
# Copyright (C) 2018 FreeIPA Contributors see COPYING for license
#
"""Distribution information
Known Linux distros with /etc/os-release
----------------------------------------
- alpine
- centos (like rhel, fedora)
- debian
- fedora
- rhel
- ubuntu (like debian)
"""
from __future__ import absolute_import
import importlib
import io
import re
import sys
import warnings
import six
import ipaplatform
try:
from ipaplatform.override import OVERRIDE
except ImportError:
OVERRIDE = None
# pylint: disable=no-name-in-module, import-error
if six.PY3:
from collections.abc import Mapping
else:
from collections import Mapping
# pylint: enable=no-name-in-module, import-error
_osrelease_line = re.compile(
u"^(?!#)(?P<name>[a-zA-Z0-9_]+)="
u"(?P<quote>[\"\']?)(?P<value>.+)(?P=quote)$"
)
def _parse_osrelease(filename='/etc/os-release'):
"""Parser for /etc/os-release for Linux distributions
https://www.freedesktop.org/software/systemd/man/os-release.html
"""
release = {}
with io.open(filename, encoding='utf-8') as f:
for line in f:
mo = _osrelease_line.match(line)
if mo is not None:
release[mo.group('name')] = mo.group('value')
if 'ID_LIKE' in release:
release['ID_LIKE'] = tuple(
v.strip()
for v in release['ID_LIKE'].split(' ')
if v.strip()
)
else:
release["ID_LIKE"] = ()
# defaults
release.setdefault('NAME', 'Linux')
release.setdefault('ID', 'linux')
release.setdefault('VERSION', '')
release.setdefault('VERSION_ID', '')
return release
class OSInfo(Mapping):
__slots__ = ('_info', '_platform')
bsd_family = (
'freebsd',
'openbsd',
'netbsd',
'dragonfly',
'gnukfreebsd'
)
def __init__(self):
if sys.platform.startswith('linux'):
# Linux, get distribution from /etc/os-release
info = self._handle_linux()
elif sys.platform == 'win32':
info = self._handle_win32()
elif sys.platform == 'darwin':
info = self._handle_darwin()
elif sys.platform.startswith(self.bsd_family):
info = self._handle_bsd()
else:
raise ValueError("Unsupported platform: {}".format(sys.platform))
self._info = info
self._platform = None
def _handle_linux(self):
"""Detect Linux distribution from /etc/os-release
"""
try:
return _parse_osrelease()
except Exception as e:
warnings.warn("Failed to read /etc/os-release: {}".format(e))
return {
'NAME': 'Linux',
'ID': 'linux',
}
def _handle_win32(self):
"""Windows 32 or 64bit platform
"""
return {
'NAME': 'Windows',
'ID': 'win32',
}
def _handle_darwin(self):
"""Handle macOS / Darwin platform
"""
return {
'NAME': 'macOS',
'ID': 'macos',
}
def _handle_bsd(self):
"""Handle BSD-like platforms
"""
platform = sys.platform
simple = platform.rstrip('0123456789')
id_like = []
if simple != platform:
id_like.append(simple)
return {
'NAME': platform,
'ID': platform,
'ID_LIKE': tuple(id_like),
}
def __getitem__(self, item):
return self._info[item]
def __iter__(self):
return iter(self._info)
def __len__(self):
return len(self._info)
@property
def name(self):
"""OS name (user)
"""
return self._info['NAME']
@property
def id(self):
"""Lower case OS identifier
"""
return self._info['ID']
@property
def id_like(self):
"""Related / similar OS
"""
return self._info.get('ID_LIKE', ())
@property
def version(self):
"""Version number and name of OS (for user)
"""
return self._info.get('VERSION')
@property
def version_id(self):
"""Version identifier
"""
return self._info.get('VERSION_ID')
@property
def platform_ids(self):
"""Ordered tuple of detected platforms (including override)
"""
platforms = []
if OVERRIDE is not None:
# allow RPM and Debian packages to override platform
platforms.append(OVERRIDE)
if OVERRIDE != self.id:
platforms.append(self.id)
platforms.extend(self.id_like)
return tuple(platforms)
@property
def platform(self):
if self._platform is not None:
return self._platform
for platform in self.platform_ids:
try:
importlib.import_module('ipaplatform.{}'.format(platform))
except ImportError:
pass
else:
self._platform = platform
return platform
raise ImportError('No ipaplatform available for "{}"'.format(
', '.join(self.platform_ids)))
osinfo = OSInfo()
ipaplatform.NAME = osinfo.platform
if __name__ == '__main__':
import pprint
pprint.pprint(dict(osinfo))

1
ipaplatform/override.py
View File

@@ -1 +0,0 @@
OVERRIDE = 'fedora'

1
ipaplatform/override.py.in
View File

@@ -1 +0,0 @@
OVERRIDE = '@IPAPLATFORM@'

10
ipaplatform/paths.py
View File

@@ -1,10 +0,0 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
"""IpaMetaImporter replaces this module with ipaplatform.$NAME.paths.
"""
from __future__ import absolute_import
import ipaplatform._importhook
ipaplatform._importhook.fixup_module('ipaplatform.paths')

1
ipaplatform/paths.py Symbolic link
View File

@@ -0,0 +1 @@
fedora/paths.py

BIN
ipaplatform/paths.pyc Normal file
View File

Binary file not shown.

BIN
ipaplatform/redhat/__init__.pyc Normal file
View File

Binary file not shown.

274
ipaplatform/redhat/authconfig.py
View File

@@ -18,209 +18,12 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from __future__ import absolute_import
import logging
import six
import abc
from ipaplatform.paths import paths
from ipapython import ipautil
from ipapython.admintool import ScriptError
import os
FILES_TO_NOT_BACKUP = ['passwd', 'group', 'shadow', 'gshadow']
logger = logging.getLogger(__name__)
def get_auth_tool():
return RedHatAuthSelect()
@six.add_metaclass(abc.ABCMeta)
class RedHatAuthToolBase(object):
@abc.abstractmethod
def configure(self, sssd, mkhomedir, statestore, sudo=True):
pass
@abc.abstractmethod
def unconfigure(self, fstore, statestore,
was_sssd_installed,
was_sssd_configured):
pass
@abc.abstractmethod
def backup(self, path):
"""
Backup the system authentication resources configuration
:param path: directory where the backup will be stored
"""
@abc.abstractmethod
def restore(self, path):
"""
Restore the system authentication resources configuration from a backup
:param path: directory where the backup is stored
"""
@abc.abstractmethod
def set_nisdomain(self, nisdomain):
pass
class RedHatAuthSelect(RedHatAuthToolBase):
def _get_authselect_current_output(self):
try:
current = ipautil.run(
[paths.AUTHSELECT, "current", "--raw"])
except ipautil.CalledProcessError:
logger.debug("Current configuration not managed by authselect")
return None
return current.raw_output.decode()
def _parse_authselect_output(self, output_text=None):
"""
Parses the output_text to extract the profile and options.
When no text is provided, runs the 'authselect profile' command to
generate the text to be parsed.
"""
if output_text is None:
output_text = self._get_authselect_current_output()
if output_text is None:
return None
output_text = output_text.strip()
if not output_text:
return None
output_items = output_text.split(' ')
profile = output_items[0]
features = output_items[1:]
return profile, features
def configure(self, sssd, mkhomedir, statestore, sudo=True):
# In the statestore, the following keys are used for the
# 'authselect' module:
# profile: name of the profile configured pre-installation
# features_list: list of features configured pre-installation
# mkhomedir: True if installation was called with --mkhomedir
# profile and features_list are used when reverting to the
# pre-install state
cfg = self._parse_authselect_output()
if cfg:
statestore.backup_state('authselect', 'profile', cfg[0])
statestore.backup_state(
'authselect', 'features_list', " ".join(cfg[1]))
else:
# cfg = None means that the current conf is not managed by
# authselect but by authconfig.
# As we are using authselect to configure the host,
# it will not be possible to revert to a custom authconfig
# configuration later (during uninstall)
# Best thing to do will be to use sssd profile at this time
logger.warning(
"WARNING: The configuration pre-client installation is not "
"managed by authselect and cannot be backed up. "
"Uninstallation may not be able to revert to the original "
"state.")
cmd = [paths.AUTHSELECT, "select", "sssd"]
if mkhomedir:
cmd.append("with-mkhomedir")
statestore.backup_state('authselect', 'mkhomedir', True)
if sudo:
cmd.append("with-sudo")
cmd.append("--force")
ipautil.run(cmd)
def unconfigure(
self, fstore, statestore, was_sssd_installed, was_sssd_configured
):
if not statestore.has_state('authselect') and was_sssd_installed:
logger.warning(
"WARNING: Unable to revert to the pre-installation state "
"('authconfig' tool has been deprecated in favor of "
"'authselect'). The default sssd profile will be used "
"instead.")
# Build the equivalent command line that will be displayed
# to the user
# This is a copy-paste of unconfigure code, except that it
# creates the command line but does not actually call it
authconfig = RedHatAuthConfig()
authconfig.prepare_unconfigure(
fstore, statestore, was_sssd_installed, was_sssd_configured)
args = authconfig.build_args()
logger.warning(
"The authconfig arguments would have been: authconfig %s",
" ".join(args))
profile = 'sssd'
features = []
else:
profile = statestore.restore_state('authselect', 'profile')
if not profile:
profile = 'sssd'
features_state = statestore.restore_state(
'authselect', 'features_list'
)
statestore.delete_state('authselect', 'mkhomedir')
# only non-empty features, https://pagure.io/freeipa/issue/7776
if features_state is not None:
features = [
f.strip() for f in features_state.split(' ') if f.strip()
]
else:
features = []
cmd = [paths.AUTHSELECT, "select", profile]
cmd.extend(features)
cmd.append("--force")
ipautil.run(cmd)
def backup(self, path):
current = self._get_authselect_current_output()
if current is None:
return
if not os.path.exists(path):
os.makedirs(path)
with open(os.path.join(path, "authselect.backup"), 'w') as f:
f.write(current)
def restore(self, path):
with open(os.path.join(path, "authselect.backup"), "r") as f:
cfg = self._parse_authselect_output(f.read())
if cfg:
profile = cfg[0]
cmd = [paths.AUTHSELECT, "select", profile]
cmd.extend(cfg[1])
cmd.append("--force")
ipautil.run(cmd)
def set_nisdomain(self, nisdomain):
try:
with open(paths.SYSCONF_NETWORK, 'r') as f:
content = [
line for line in f
if not line.strip().upper().startswith('NISDOMAIN')
]
except IOError:
content = []
content.append("NISDOMAIN={}\n".format(nisdomain))
with open(paths.SYSCONF_NETWORK, 'w') as f:
f.writelines(content)
# RedHatAuthConfig concrete class definition to be removed later
# when agreed on exact path to migrate to authselect
class RedHatAuthConfig(RedHatAuthToolBase):
class RedHatAuthConfig(object):
"""
AuthConfig class implements system-independent interface to configure
system authentication resources. In Red Hat systems this is done with
@@ -282,70 +85,10 @@ class RedHatAuthConfig(RedHatAuthToolBase):
self.add_option("update")
args = self.build_args()
try:
ipautil.run([paths.AUTHCONFIG] + args)
except ipautil.CalledProcessError:
raise ScriptError("Failed to execute authconfig command")
def configure(self, sssd, mkhomedir, statestore, sudo=True):
if sssd:
statestore.backup_state('authconfig', 'sssd', True)
statestore.backup_state('authconfig', 'sssdauth', True)
self.enable("sssd")
self.enable("sssdauth")
else:
statestore.backup_state('authconfig', 'ldap', True)
self.enable("ldap")
self.enable("forcelegacy")
statestore.backup_state('authconfig', 'krb5', True)
self.enable("krb5")
self.add_option("nostart")
if mkhomedir:
statestore.backup_state('authconfig', 'mkhomedir', True)
self.enable("mkhomedir")
self.execute()
self.reset()
def prepare_unconfigure(self, fstore, statestore,
was_sssd_installed,
was_sssd_configured):
if statestore.has_state('authconfig'):
# disable only those configurations that we enabled during install
for conf in ('ldap', 'krb5', 'sssd', 'sssdauth', 'mkhomedir'):
cnf = statestore.restore_state('authconfig', conf)
# Do not disable sssd, as this can cause issues with its later
# uses. Remove it from statestore however, so that it becomes
# empty at the end of uninstall process.
if cnf and conf != 'sssd':
self.disable(conf)
else:
# There was no authconfig status store
# It means the code was upgraded after original install
# Fall back to old logic
self.disable("ldap")
self.disable("krb5")
if not(was_sssd_installed and was_sssd_configured):
# Only disable sssdauth. Disabling sssd would cause issues
# with its later uses.
self.disable("sssdauth")
self.disable("mkhomedir")
def unconfigure(self, fstore, statestore,
was_sssd_installed,
was_sssd_configured):
self.prepare_unconfigure(
fstore, statestore, was_sssd_installed, was_sssd_configured)
self.execute()
self.reset()
ipautil.run(["/usr/sbin/authconfig"] + args)
def backup(self, path):
try:
ipautil.run([paths.AUTHCONFIG, "--savebackup", path])
except ipautil.CalledProcessError:
raise ScriptError("Failed to execute authconfig command")
ipautil.run(["/usr/sbin/authconfig", "--savebackup", path])
# do not backup these files since we don't want to mess with
# users/groups during restore. Authconfig doesn't seem to mind about
@@ -358,13 +101,4 @@ class RedHatAuthConfig(RedHatAuthToolBase):
pass
def restore(self, path):
try:
ipautil.run([paths.AUTHCONFIG, "--restorebackup", path])
except ipautil.CalledProcessError:
raise ScriptError("Failed to execute authconfig command")
def set_nisdomain(self, nisdomain):
# Let authconfig setup the permanent configuration
self.reset()
self.add_parameter("nisdomain", nisdomain)
self.execute()
ipautil.run(["/usr/sbin/authconfig", "--restorebackup", path])

2
ipaplatform/redhat/constants.py
View File

@@ -8,8 +8,6 @@ related constants for the Red Hat OS family-based systems.
'''
# Fallback to default path definitions
from __future__ import absolute_import
from ipaplatform.base.constants import BaseConstantsNamespace

7
ipaplatform/redhat/paths.py
View File

@@ -22,8 +22,6 @@ This Red Hat OS family base platform module exports default filesystem paths as
common in Red Hat OS family-based systems.
'''
from __future__ import absolute_import
import sys
# Fallback to default path definitions
@@ -34,11 +32,6 @@ class RedHatPathNamespace(BasePathNamespace):
# https://docs.python.org/2/library/platform.html#cross-platform
if sys.maxsize > 2**32:
LIBSOFTHSM2_SO = BasePathNamespace.LIBSOFTHSM2_SO_64
PAM_KRB5_SO = BasePathNamespace.PAM_KRB5_SO_64
BIND_LDAP_SO = BasePathNamespace.BIND_LDAP_SO_64
AUTHCONFIG = '/usr/sbin/authconfig'
AUTHSELECT = '/usr/bin/authselect'
SYSCONF_NETWORK = '/etc/sysconfig/network'
paths = RedHatPathNamespace()

BIN
ipaplatform/redhat/paths.pyc Normal file
View File

Binary file not shown.

125
ipaplatform/redhat/services.py
View File

@@ -22,20 +22,19 @@
Contains Red Hat OS family-specific service class implementations.
"""
from __future__ import absolute_import
import logging
import os
import time
import xml.dom.minidom
import contextlib
from ipaplatform.tasks import tasks
from ipaplatform.base import services as base_services
from ipapython import ipautil, dogtag
from ipapython.ipa_log_manager import root_logger
from ipalib import api
from ipaplatform.paths import paths
logger = logging.getLogger(__name__)
# Mappings from service names as FreeIPA code references to these services
# to their actual systemd service names
@@ -47,7 +46,6 @@ redhat_system_units = dict((x, "%s.service" % x)
redhat_system_units['rpcgssd'] = 'nfs-secure.service'
redhat_system_units['rpcidmapd'] = 'nfs-idmap.service'
redhat_system_units['domainname'] = 'nis-domainname.service'
# Rewrite dirsrv and pki-tomcatd services as they support instances via separate
# service generator. To make this working, one needs to have both foo@.servic
@@ -72,7 +70,6 @@ redhat_system_units['ods-enforcerd'] = 'ods-enforcerd.service'
redhat_system_units['ods_enforcerd'] = redhat_system_units['ods-enforcerd']
redhat_system_units['ods-signerd'] = 'ods-signerd.service'
redhat_system_units['ods_signerd'] = redhat_system_units['ods-signerd']
redhat_system_units['gssproxy'] = 'gssproxy.service'
# Service classes that implement Red Hat OS family-specific behaviour
@@ -80,7 +77,7 @@ redhat_system_units['gssproxy'] = 'gssproxy.service'
class RedHatService(base_services.SystemdService):
system_units = redhat_system_units
def __init__(self, service_name, api=None):
def __init__(self, service_name):
systemd_name = service_name
if service_name in self.system_units:
systemd_name = self.system_units[service_name]
@@ -90,14 +87,38 @@ class RedHatService(base_services.SystemdService):
# and not a foo.target. Thus, not correct service name for
# systemd, default to foo.service style then
systemd_name = "%s.service" % (service_name)
super(RedHatService, self).__init__(service_name, systemd_name, api)
super(RedHatService, self).__init__(service_name, systemd_name)
class RedHatDirectoryService(RedHatService):
def is_installed(self, instance_name):
file_path = "{}/{}-{}".format(paths.ETC_DIRSRV, "slapd", instance_name)
return os.path.exists(file_path)
def tune_nofile_platform(self, num=8192, fstore=None):
"""
Increase the number of files descriptors available to directory server
from the default 1024 to 8192. This will allow to support a greater
number of clients out of the box.
This is a part of the implementation that is systemd-specific.
Returns False if the setting of the nofile limit needs to be skipped.
"""
if os.path.exists(paths.SYSCONFIG_DIRSRV_SYSTEMD):
# We need to enable LimitNOFILE=8192 in the dirsrv@.service
# Since 389-ds-base-1.2.10-0.8.a7 the configuration of the
# service parameters is performed via
# /etc/sysconfig/dirsrv.systemd file which is imported by systemd
# into dirsrv@.service unit
replacevars = {'LimitNOFILE': str(num)}
ipautil.inifile_replace_variables(paths.SYSCONFIG_DIRSRV_SYSTEMD,
'service',
replacevars=replacevars)
tasks.restore_context(paths.SYSCONFIG_DIRSRV_SYSTEMD)
ipautil.run(["/bin/systemctl", "--system", "daemon-reload"],
raiseonerr=False)
return True
def restart(self, instance_name="", capture_output=True, wait=True,
ldapi=False):
@@ -167,21 +188,48 @@ class RedHatIPAService(RedHatService):
self.restart(instance_name)
class RedHatSSHService(RedHatService):
def get_config_dir(self, instance_name=""):
return '/etc/ssh'
class RedHatCAService(RedHatService):
def wait_until_running(self):
logger.debug('Waiting until the CA is running')
timeout = float(self.api.env.startup_timeout)
root_logger.debug('Waiting until the CA is running')
timeout = float(api.env.startup_timeout)
op_timeout = time.time() + timeout
while time.time() < op_timeout:
try:
# check status of CA instance on this host, not remote ca_host
status = dogtag.ca_status(self.api.env.host)
# FIXME https://fedorahosted.org/freeipa/ticket/4716
# workaround
#
# status = dogtag.ca_status(use_proxy=use_proxy)
#
port = 8443
url = "https://%(host_port)s%(path)s" % {
"host_port": ipautil.format_netloc(api.env.ca_host, port),
"path": "/ca/admin/ca/getStatus"
}
args = [
paths.BIN_CURL,
'-o', '-',
'--connect-timeout', '30',
'-k',
url
]
result = ipautil.run(args, capture_output=True)
status = dogtag._parse_ca_status(result.output)
# end of workaround
except Exception as e:
status = 'check interrupted due to error: %s' % e
logger.debug('The CA status is: %s', status)
root_logger.debug('The CA status is: %s' % status)
if status == 'running':
break
logger.debug('Waiting for CA to start...')
root_logger.debug('Waiting for CA to start...')
time.sleep(1)
else:
raise RuntimeError('CA did not start in %ss' % timeout)
@@ -198,55 +246,38 @@ class RedHatCAService(RedHatService):
if wait:
self.wait_until_running()
def is_running(self, instance_name="", wait=True):
if instance_name:
return super(RedHatCAService, self).is_running(instance_name)
try:
status = dogtag.ca_status()
if status == 'running':
return True
elif status == 'starting' and wait:
# Exception is raised if status is 'starting' even after wait
self.wait_until_running()
return True
except Exception as e:
logger.debug(
'Failed to check CA status: %s', e
)
return False
# Function that constructs proper Red Hat OS family-specific server classes for
# services of specified name
def redhat_service_class_factory(name, api=None):
def redhat_service_class_factory(name):
if name == 'dirsrv':
return RedHatDirectoryService(name, api)
return RedHatDirectoryService(name)
if name == 'ipa':
return RedHatIPAService(name, api)
return RedHatIPAService(name)
if name == 'sshd':
return RedHatSSHService(name)
if name in ('pki-tomcatd', 'pki_tomcatd'):
return RedHatCAService(name, api)
return RedHatService(name, api)
return RedHatCAService(name)
return RedHatService(name)
# Magicdict containing RedHatService instances.
class RedHatServices(base_services.KnownServices):
def service_class_factory(self, name):
return redhat_service_class_factory(name)
def __init__(self):
# pylint: disable=ipa-forbidden-import
import ipalib # FixMe: break import cycle
# pylint: enable=ipa-forbidden-import
services = dict()
for s in base_services.wellknownservices:
services[s] = self.service_class_factory(s, ipalib.api)
services[s] = self.service_class_factory(s)
# Call base class constructor. This will lock services to read-only
super(RedHatServices, self).__init__(services)
def service_class_factory(self, name, api=None):
return redhat_service_class_factory(name, api)
# Objects below are expected to be exported by platform module
timedate_services = base_services.timedate_services
from ipaplatform.base.services import timedate_services
service = redhat_service_class_factory
knownservices = RedHatServices()

464
ipaplatform/redhat/tasks.py
View File

@@ -23,33 +23,43 @@
This module contains default Red Hat OS family-specific implementations of
system tasks.
'''
from __future__ import print_function, absolute_import
from __future__ import print_function
import ctypes
import logging
import os
import stat
import socket
import traceback
import errno
import sys
import base64
from cffi import FFI
from ctypes.util import find_library
from functools import total_ordering
from subprocess import CalledProcessError
from subprocess import CalledProcessError
from nss.error import NSPRError
from pyasn1.error import PyAsn1Error
from six.moves import urllib
from ipapython import directivesetter
from ipapython.ipa_log_manager import root_logger, log_mgr
from ipapython import ipautil
import ipapython.errors
from ipalib import x509 # FIXME: do not import from ipalib
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipaplatform.redhat.authconfig import get_auth_tool
from ipaplatform.redhat.authconfig import RedHatAuthConfig
from ipaplatform.base.tasks import BaseTaskNamespace
logger = logging.getLogger(__name__)
_ffi = FFI()
_ffi.cdef("""
int rpmvercmp (const char *a, const char *b);
""")
# use ctypes loader to get correct librpm.so library version according to
# https://cffi.readthedocs.org/en/latest/overview.html#id8
_librpm = _ffi.dlopen(find_library("rpm"))
log = log_mgr.get_logger(__name__)
def selinux_enabled():
@@ -70,67 +80,36 @@ def selinux_enabled():
@total_ordering
class IPAVersion(object):
_rpmvercmp_func = None
@classmethod
def _rpmvercmp(cls, a, b):
"""Lazy load and call librpm's rpmvercmp
"""
rpmvercmp_func = cls._rpmvercmp_func
if rpmvercmp_func is None:
librpm = ctypes.CDLL(find_library('rpm'))
rpmvercmp_func = librpm.rpmvercmp
# int rpmvercmp(const char *a, const char *b)
rpmvercmp_func.argtypes = [ctypes.c_char_p, ctypes.c_char_p]
rpmvercmp_func.restype = ctypes.c_int
cls._rpmvercmp_func = rpmvercmp_func
return rpmvercmp_func(a, b)
def __init__(self, version):
self._version = version
self._bytes = version.encode('utf-8')
@property
def version(self):
return self._version
self.version = version
def __eq__(self, other):
if not isinstance(other, IPAVersion):
return NotImplemented
return self._rpmvercmp(self._bytes, other._bytes) == 0
assert isinstance(other, IPAVersion)
return _librpm.rpmvercmp(self.version, other.version) == 0
def __lt__(self, other):
if not isinstance(other, IPAVersion):
return NotImplemented
return self._rpmvercmp(self._bytes, other._bytes) < 0
def __hash__(self):
return hash(self._version)
assert isinstance(other, IPAVersion)
return _librpm.rpmvercmp(self.version, other.version) < 0
class RedHatTaskNamespace(BaseTaskNamespace):
def restore_context(self, filepath, force=False):
"""Restore SELinux security context on the given filepath.
def restore_context(self, filepath, restorecon=paths.SBIN_RESTORECON):
"""
restore security context on the file path
SELinux equivalent is /path/to/restorecon <filepath>
restorecon's return values are not reliable so we have to
ignore them (BZ #739604).
ipautil.run() will do the logging.
"""
restorecon = paths.SBIN_RESTORECON
if not selinux_enabled() or not os.path.exists(restorecon):
if not selinux_enabled():
return
# Force reset of context to match file_context for customizable
# files, and the default file context, changing the user, role,
# range portion as well as the type.
args = [restorecon]
if force:
args.append('-F')
args.append(filepath)
ipautil.run(args, raiseonerr=False)
if (os.path.exists(restorecon)):
ipautil.run([restorecon, filepath], raiseonerr=False)
def check_selinux_status(self, restorecon=paths.RESTORECON):
"""
@@ -150,129 +129,93 @@ class RedHatTaskNamespace(BaseTaskNamespace):
'Install the policycoreutils package and start '
'the installation again.' % restorecon)
def check_ipv6_stack_enabled(self):
"""Checks whether IPv6 kernel module is loaded.
Function checks if /proc/net/if_inet6 is present. If IPv6 stack is
enabled, it exists and contains the interfaces configuration.
:raises: RuntimeError when IPv6 stack is disabled
"""
if not os.path.exists(paths.IF_INET6):
raise RuntimeError(
"IPv6 stack has to be enabled in the kernel and some "
"interface has to have ::1 address assigned. Typically "
"this is 'lo' interface. If you do not wish to use IPv6 "
"globally, disable it on the specific interfaces in "
"sysctl.conf except 'lo' interface.")
# XXX This is a hack to work around an issue with Travis CI by
# skipping IPv6 address test. The Dec 2017 update removed ::1 from
# loopback, see https://github.com/travis-ci/travis-ci/issues/8891.
if os.environ.get('TRAVIS') == 'true':
return
try:
localhost6 = ipautil.CheckedIPAddress('::1', allow_loopback=True)
if localhost6.get_matching_interface() is None:
raise ValueError("no interface for ::1 address found")
except ValueError:
raise RuntimeError(
"IPv6 stack is enabled in the kernel but there is no "
"interface that has ::1 address assigned. Add ::1 address "
"resolution to 'lo' interface. You might need to enable IPv6 "
"on the interface 'lo' in sysctl.conf.")
def restore_pre_ipa_client_configuration(self, fstore, statestore,
was_sssd_installed,
was_sssd_configured):
auth_config = get_auth_tool()
auth_config.unconfigure(
fstore, statestore, was_sssd_installed, was_sssd_configured
)
auth_config = RedHatAuthConfig()
if statestore.has_state('authconfig'):
# disable only those configurations that we enabled during install
for conf in ('ldap', 'krb5', 'sssd', 'sssdauth', 'mkhomedir'):
cnf = statestore.restore_state('authconfig', conf)
# Do not disable sssd, as this can cause issues with its later
# uses. Remove it from statestore however, so that it becomes
# empty at the end of uninstall process.
if cnf and conf != 'sssd':
auth_config.disable(conf)
else:
# There was no authconfig status store
# It means the code was upgraded after original install
# Fall back to old logic
auth_config.disable("ldap")
auth_config.disable("krb5")
if not(was_sssd_installed and was_sssd_configured):
# Only disable sssdauth. Disabling sssd would cause issues
# with its later uses.
auth_config.disable("sssdauth")
auth_config.disable("mkhomedir")
auth_config.execute()
def set_nisdomain(self, nisdomain):
try:
with open(paths.SYSCONF_NETWORK, 'r') as f:
content = [
line for line in f
if not line.strip().upper().startswith('NISDOMAIN')
]
except IOError:
content = []
# Let authconfig setup the permanent configuration
auth_config = RedHatAuthConfig()
auth_config.add_parameter("nisdomain", nisdomain)
auth_config.execute()
content.append("NISDOMAIN={}\n".format(nisdomain))
def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore):
auth_config = RedHatAuthConfig()
with open(paths.SYSCONF_NETWORK, 'w') as f:
f.writelines(content)
if sssd:
statestore.backup_state('authconfig', 'sssd', True)
statestore.backup_state('authconfig', 'sssdauth', True)
auth_config.enable("sssd")
auth_config.enable("sssdauth")
else:
statestore.backup_state('authconfig', 'ldap', True)
auth_config.enable("ldap")
auth_config.enable("forcelegacy")
def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore,
sudo=True):
auth_config = get_auth_tool()
auth_config.configure(sssd, mkhomedir, statestore, sudo)
if mkhomedir:
statestore.backup_state('authconfig', 'mkhomedir', True)
auth_config.enable("mkhomedir")
def is_nosssd_supported(self):
# The flag --no-sssd is not supported any more for rhel-based distros
return False
auth_config.execute()
def modify_pam_to_use_krb5(self, statestore):
auth_config = RedHatAuthConfig()
statestore.backup_state('authconfig', 'krb5', True)
auth_config.enable("krb5")
auth_config.add_option("nostart")
auth_config.execute()
def backup_auth_configuration(self, path):
auth_config = get_auth_tool()
auth_config = RedHatAuthConfig()
auth_config.backup(path)
def restore_auth_configuration(self, path):
auth_config = get_auth_tool()
auth_config = RedHatAuthConfig()
auth_config.restore(path)
def migrate_auth_configuration(self, statestore):
"""
Migrate the pam stack configuration from authconfig to an authselect
profile.
"""
# Check if mkhomedir was enabled during installation
mkhomedir = statestore.get_state('authconfig', 'mkhomedir')
# Force authselect 'sssd' profile
authselect_cmd = [paths.AUTHSELECT, "select", "sssd", "with-sudo"]
if mkhomedir:
authselect_cmd.append("with-mkhomedir")
authselect_cmd.append("--force")
ipautil.run(authselect_cmd)
# Remove all remaining keys from the authconfig module
for conf in ('ldap', 'krb5', 'sssd', 'sssdauth', 'mkhomedir'):
statestore.restore_state('authconfig', conf)
# Create new authselect module in the statestore
statestore.backup_state('authselect', 'profile', 'sssd')
statestore.backup_state(
'authselect', 'features_list', '')
statestore.backup_state('authselect', 'mkhomedir', bool(mkhomedir))
def reload_systemwide_ca_store(self):
try:
ipautil.run([paths.UPDATE_CA_TRUST])
except CalledProcessError as e:
logger.error(
root_logger.error(
"Could not update systemwide CA trust database: %s", e)
return False
else:
logger.info("Systemwide CA database updated.")
root_logger.info("Systemwide CA database updated.")
return True
def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
# pylint: disable=ipa-forbidden-import
from ipalib import x509 # FixMe: break import cycle
from ipalib.errors import CertificateError
# pylint: enable=ipa-forbidden-import
new_cacert_path = paths.SYSTEMWIDE_IPA_CA_CRT
if os.path.exists(new_cacert_path):
try:
os.remove(new_cacert_path)
except OSError as e:
logger.error(
root_logger.error(
"Could not remove %s: %s", new_cacert_path, e)
return False
@@ -280,23 +223,22 @@ class RedHatTaskNamespace(BaseTaskNamespace):
try:
f = open(new_cacert_path, 'w')
os.fchmod(f.fileno(), 0o644)
except IOError as e:
logger.info("Failed to open %s: %s", new_cacert_path, e)
root_logger.info("Failed to open %s: %s" % (new_cacert_path, e))
return False
f.write("# This file was created by IPA. Do not edit.\n"
"\n")
has_eku = set()
for cert, nickname, trusted, _ext_key_usage in ca_certs:
for cert, nickname, trusted, ext_key_usage in ca_certs:
try:
subject = cert.subject_bytes
issuer = cert.issuer_bytes
serial_number = cert.serial_number_bytes
public_key_info = cert.public_key_info_bytes
except (PyAsn1Error, ValueError, CertificateError) as e:
logger.warning(
subject = x509.get_der_subject(cert, x509.DER)
issuer = x509.get_der_issuer(cert, x509.DER)
serial_number = x509.get_der_serial_number(cert, x509.DER)
public_key_info = x509.get_der_public_key_info(cert, x509.DER)
except (NSPRError, PyAsn1Error, ValueError) as e:
root_logger.warning(
"Failed to decode certificate \"%s\": %s", nickname, e)
continue
@@ -306,6 +248,9 @@ class RedHatTaskNamespace(BaseTaskNamespace):
serial_number = urllib.parse.quote(serial_number)
public_key_info = urllib.parse.quote(public_key_info)
cert = base64.b64encode(cert)
cert = x509.make_pem(cert)
obj = ("[p11-kit-object-v1]\n"
"class: certificate\n"
"certificate-type: x-509\n"
@@ -324,16 +269,16 @@ class RedHatTaskNamespace(BaseTaskNamespace):
obj += "trusted: true\n"
elif trusted is False:
obj += "x-distrusted: true\n"
obj += "{pem}\n\n".format(
pem=cert.public_bytes(x509.Encoding.PEM).decode('ascii'))
obj += "%s\n\n" % cert
f.write(obj)
if (cert.extended_key_usage is not None and
public_key_info not in has_eku):
if ext_key_usage is not None and public_key_info not in has_eku:
if not ext_key_usage:
ext_key_usage = {x509.EKU_PLACEHOLDER}
try:
ext_key_usage = cert.extended_key_usage_bytes
ext_key_usage = x509.encode_ext_key_usage(ext_key_usage)
except PyAsn1Error as e:
logger.warning(
root_logger.warning(
"Failed to encode extended key usage for \"%s\": %s",
nickname, e)
continue
@@ -370,7 +315,7 @@ class RedHatTaskNamespace(BaseTaskNamespace):
try:
os.remove(new_cacert_path)
except OSError as e:
logger.error(
root_logger.error(
"Could not remove %s: %s", new_cacert_path, e)
result = False
else:
@@ -382,31 +327,64 @@ class RedHatTaskNamespace(BaseTaskNamespace):
return result
def backup_hostname(self, fstore, statestore):
def backup_and_replace_hostname(self, fstore, statestore, hostname):
old_hostname = socket.gethostname()
try:
ipautil.run([paths.BIN_HOSTNAME, hostname])
except ipautil.CalledProcessError as e:
print(("Failed to set this machine hostname to "
"%s (%s)." % (hostname, str(e))), file=sys.stderr)
filepath = paths.ETC_HOSTNAME
if os.path.exists(filepath):
# read old hostname
with open(filepath, 'r') as f:
for line in f.readlines():
line = line.strip()
if not line or line.startswith('#'):
# skip comment or empty line
continue
old_hostname = line
break
fstore.backup_file(filepath)
with open(filepath, 'w') as f:
f.write("%s\n" % hostname)
os.chmod(filepath,
stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH)
os.chown(filepath, 0, 0)
self.restore_context(filepath)
# store old hostname
old_hostname = socket.gethostname()
statestore.backup_state('network', 'hostname', old_hostname)
def restore_hostname(self, fstore, statestore):
old_hostname = statestore.restore_state('network', 'hostname')
def restore_network_configuration(self, fstore, statestore):
old_filepath = paths.SYSCONFIG_NETWORK
old_hostname = statestore.get_state('network', 'hostname')
hostname_was_configured = False
if old_hostname is not None:
try:
self.set_hostname(old_hostname)
except ipautil.CalledProcessError as e:
logger.debug("%s", traceback.format_exc())
logger.error(
"Failed to restore this machine hostname to %s (%s).",
old_hostname, e
)
if fstore.has_file(old_filepath):
# This is Fedora >=18 instance that was upgraded from previous
# Fedora version which held network configuration
# in /etc/sysconfig/network
old_filepath_restore = paths.SYSCONFIG_NETWORK_IPABKP
fstore.restore_file(old_filepath, old_filepath_restore)
print("Deprecated configuration file '%s' was restored to '%s'" \
% (old_filepath, old_filepath_restore))
hostname_was_configured = True
filepath = paths.ETC_HOSTNAME
if fstore.has_file(filepath):
fstore.restore_file(filepath)
hostname_was_configured = True
if not hostname_was_configured and old_hostname:
# hostname was not configured before but was set by IPA. Delete
# /etc/hostname to restore previous configuration
try:
os.remove(filepath)
except OSError:
pass
def set_selinux_booleans(self, required_settings, backup_func=None):
def get_setsebool_args(changes):
@@ -435,7 +413,7 @@ class RedHatTaskNamespace(BaseTaskNamespace):
if original_state != state:
updated_vars[setting] = state
except ipautil.CalledProcessError as e:
logger.error("Cannot get SELinux boolean '%s': %s", setting, e)
log.error("Cannot get SELinux boolean '%s': %s", setting, e)
failed_vars[setting] = state
if updated_vars:
@@ -452,6 +430,29 @@ class RedHatTaskNamespace(BaseTaskNamespace):
return True
def create_system_user(self, name, group, homedir, shell, uid=None, gid=None, comment=None, create_homedir=False):
"""
Create a system user with a corresponding group
According to https://fedoraproject.org/wiki/Packaging:UsersAndGroups?rd=Packaging/UsersAndGroups#Soft_static_allocation
some system users should have fixed UID, GID and other parameters set.
This values should be constant and may be hardcoded.
Add other values for other users when needed.
"""
if name == constants.PKI_USER:
if uid is None:
uid = 17
if gid is None:
gid = 17
if comment is None:
comment = 'CA System User'
if name == constants.DS_USER:
if comment is None:
comment = 'DS System User'
super(RedHatTaskNamespace, self).create_system_user(name, group,
homedir, shell, uid, gid, comment, create_homedir)
def parse_ipa_version(self, version):
"""
:param version: textual version
@@ -459,122 +460,5 @@ class RedHatTaskNamespace(BaseTaskNamespace):
"""
return IPAVersion(version)
def configure_httpd_service_ipa_conf(self):
"""Create systemd config for httpd service to work with IPA
"""
if not os.path.exists(paths.SYSTEMD_SYSTEM_HTTPD_D_DIR):
os.mkdir(paths.SYSTEMD_SYSTEM_HTTPD_D_DIR, 0o755)
ipautil.copy_template_file(
os.path.join(paths.USR_SHARE_IPA_DIR, 'ipa-httpd.conf.template'),
paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF,
dict(
KDCPROXY_CONFIG=paths.KDCPROXY_CONFIG,
IPA_HTTPD_KDCPROXY=paths.IPA_HTTPD_KDCPROXY,
KRB5CC_HTTPD=paths.KRB5CC_HTTPD,
)
)
os.chmod(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, 0o644)
self.restore_context(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF)
ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"],
raiseonerr=False)
def configure_http_gssproxy_conf(self, ipaapi_user):
ipautil.copy_template_file(
os.path.join(paths.USR_SHARE_IPA_DIR, 'gssproxy.conf.template'),
paths.GSSPROXY_CONF,
dict(
HTTP_KEYTAB=paths.HTTP_KEYTAB,
HTTP_CCACHE=paths.HTTP_CCACHE,
HTTPD_USER=constants.HTTPD_USER,
IPAAPI_USER=ipaapi_user,
)
)
os.chmod(paths.GSSPROXY_CONF, 0o600)
self.restore_context(paths.GSSPROXY_CONF)
def configure_httpd_wsgi_conf(self):
"""Configure WSGI for correct Python version (Fedora)
See https://pagure.io/freeipa/issue/7394
"""
conf = paths.HTTPD_IPA_WSGI_MODULES_CONF
if sys.version_info.major == 2:
wsgi_module = constants.MOD_WSGI_PYTHON2
else:
wsgi_module = constants.MOD_WSGI_PYTHON3
if conf is None or wsgi_module is None:
logger.info("Nothing to do for configure_httpd_wsgi_conf")
return
confdir = os.path.dirname(conf)
if not os.path.isdir(confdir):
os.makedirs(confdir)
ipautil.copy_template_file(
os.path.join(
paths.USR_SHARE_IPA_DIR, 'ipa-httpd-wsgi.conf.template'
),
conf,
dict(WSGI_MODULE=wsgi_module)
)
os.chmod(conf, 0o644)
self.restore_context(conf)
def remove_httpd_service_ipa_conf(self):
"""Remove systemd config for httpd service of IPA"""
try:
os.unlink(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF)
except OSError as e:
if e.errno == errno.ENOENT:
logger.debug(
'Trying to remove %s but file does not exist',
paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF
)
else:
logger.error(
'Error removing %s: %s',
paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, e
)
return
ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"],
raiseonerr=False)
def set_hostname(self, hostname):
ipautil.run([paths.BIN_HOSTNAMECTL, 'set-hostname', hostname])
def is_fips_enabled(self):
"""
Checks whether this host is FIPS-enabled.
Returns a boolean indicating if the host is FIPS-enabled, i.e. if the
file /proc/sys/crypto/fips_enabled contains a non-0 value. Otherwise,
or if the file /proc/sys/crypto/fips_enabled does not exist,
the function returns False.
"""
try:
with open(paths.PROC_FIPS_ENABLED, 'r') as f:
if f.read().strip() != '0':
return True
except IOError:
# Consider that the host is not fips-enabled if the file does not
# exist
pass
return False
def setup_httpd_logging(self):
directivesetter.set_directive(paths.HTTPD_SSL_CONF,
'ErrorLog',
'logs/error_log', False)
directivesetter.set_directive(paths.HTTPD_SSL_CONF,
'TransferLog',
'logs/access_log', False)
tasks = RedHatTaskNamespace()

1
ipaplatform/rhel/__init__.py
View File

@@ -20,4 +20,3 @@
'''
This module contains RHEL-specific platform files.
'''
NAME = 'rhel'

3
ipaplatform/rhel/constants.py
View File

@@ -7,13 +7,10 @@ This RHEL base platform module exports platform related constants.
'''
# Fallback to default constant definitions
from __future__ import absolute_import
from ipaplatform.redhat.constants import RedHatConstantsNamespace
class RHELConstantsNamespace(RedHatConstantsNamespace):
IPA_ADTRUST_PACKAGE_NAME = "ipa-server-trust-ad"
IPA_DNS_PACKAGE_NAME = "ipa-server-dns"
constants = RHELConstantsNamespace()

2
ipaplatform/rhel/paths.py
View File

@@ -23,8 +23,6 @@ in RHEL-based systems.
'''
# Fallback to default path definitions
from __future__ import absolute_import
from ipaplatform.redhat.paths import RedHatPathNamespace

14
ipaplatform/rhel/services.py
View File

@@ -22,8 +22,6 @@
Contains RHEL-specific service class implementations.
"""
from __future__ import absolute_import
from ipaplatform.redhat import services as redhat_services
# Mappings from service names as FreeIPA code references to these services
@@ -43,21 +41,21 @@ class RHELService(redhat_services.RedHatService):
# Function that constructs proper RHEL-specific server classes for services
# of specified name
def rhel_service_class_factory(name, api=None):
def rhel_service_class_factory(name):
if name == 'domainname':
return RHELService(name, api)
return redhat_services.redhat_service_class_factory(name, api)
return RHELService(name)
return redhat_services.redhat_service_class_factory(name)
# Magicdict containing RHELService instances.
class RHELServices(redhat_services.RedHatServices):
def service_class_factory(self, name, api=None):
return rhel_service_class_factory(name, api)
def service_class_factory(self, name):
return rhel_service_class_factory(name)
# Objects below are expected to be exported by platform module
timedate_services = redhat_services.timedate_services
from ipaplatform.redhat.services import timedate_services
service = rhel_service_class_factory
knownservices = RHELServices()

2
ipaplatform/rhel/tasks.py
View File

@@ -21,8 +21,6 @@
This module contains default RHEL-specific implementations of system tasks.
'''
from __future__ import absolute_import
from ipaplatform.redhat.tasks import RedHatTaskNamespace

10
ipaplatform/services.py
View File

@@ -1,10 +0,0 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
"""IpaMetaImporter replaces this module with ipaplatform.$NAME.services.
"""
from __future__ import absolute_import
import ipaplatform._importhook
ipaplatform._importhook.fixup_module('ipaplatform.services')

1
ipaplatform/services.py Symbolic link
View File

@@ -0,0 +1 @@
fedora/services.py

5
ipaplatform/setup.cfg
View File

@@ -1,5 +0,0 @@
[bdist_wheel]
universal = 1
[metadata]
license_file = ../COPYING

82
ipaplatform/setup.py
View File

@@ -1,3 +1,4 @@
#!/usr/bin/python2
# Copyright (C) 2014 Red Hat
# see file 'COPYING' for use and warranty information
#
@@ -19,32 +20,61 @@
FreeIPA is a server for identity, policy, and audit.
"""
from os.path import abspath, dirname
DOCLINES = __doc__.split("\n")
import os
import sys
import distutils.sysconfig
CLASSIFIERS = """\
Development Status :: 4 - Beta
Intended Audience :: System Environment/Base
License :: GPL
Programming Language :: Python
Operating System :: POSIX
Operating System :: Unix
"""
# BEFORE importing distutils, remove MANIFEST. distutils doesn't properly
# update it when the contents of directories change.
if os.path.exists('MANIFEST'):
os.remove('MANIFEST')
def setup_package():
from distutils.core import setup
old_path = os.getcwd()
local_path = os.path.dirname(os.path.abspath(sys.argv[0]))
os.chdir(local_path)
sys.path.insert(0, local_path)
try:
setup(
name = "ipaplatform",
version = "4.3.1",
license = "GPL",
author = "FreeIPA Developers",
author_email = "freeipa-devel@redhat.com",
maintainer = "FreeIPA Developers",
maintainer_email = "freeipa-devel@redhat.com",
url = "http://www.freeipa.org/",
description = DOCLINES[0],
long_description = "\n".join(DOCLINES[2:]),
download_url = "http://www.freeipa.org/page/Downloads",
classifiers=[line for line in CLASSIFIERS.split('\n') if line],
package_dir = {'ipaplatform': ''},
packages = ["ipaplatform",
"ipaplatform.base",
"ipaplatform.fedora",
"ipaplatform.redhat",
"ipaplatform.rhel"],
)
finally:
del sys.path[0]
os.chdir(old_path)
return
if __name__ == '__main__':
# include ../ for ipasetup.py
sys.path.append(dirname(dirname(abspath(__file__))))
from ipasetup import ipasetup # noqa: E402
ipasetup(
name="ipaplatform",
doc=__doc__,
package_dir={'ipaplatform': ''},
namespace_packages=['ipaplatform'],
packages=[
"ipaplatform",
"ipaplatform.base",
"ipaplatform.debian",
"ipaplatform.fedora",
"ipaplatform.redhat",
"ipaplatform.rhel"
],
install_requires=[
"cffi",
# "ipalib", # circular dependency
"ipapython",
"pyasn1",
"six",
],
)
setup_package()

80
ipaplatform/setup.py.in Normal file
View File

@@ -0,0 +1,80 @@
#!/usr/bin/python2
# Copyright (C) 2014 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
"""FreeIPA platform
FreeIPA is a server for identity, policy, and audit.
"""
DOCLINES = __doc__.split("\n")
import os
import sys
import distutils.sysconfig
CLASSIFIERS = """\
Development Status :: 4 - Beta
Intended Audience :: System Environment/Base
License :: GPL
Programming Language :: Python
Operating System :: POSIX
Operating System :: Unix
"""
# BEFORE importing distutils, remove MANIFEST. distutils doesn't properly
# update it when the contents of directories change.
if os.path.exists('MANIFEST'):
os.remove('MANIFEST')
def setup_package():
from distutils.core import setup
old_path = os.getcwd()
local_path = os.path.dirname(os.path.abspath(sys.argv[0]))
os.chdir(local_path)
sys.path.insert(0, local_path)
try:
setup(
name = "ipaplatform",
version = "__VERSION__",
license = "GPL",
author = "FreeIPA Developers",
author_email = "freeipa-devel@redhat.com",
maintainer = "FreeIPA Developers",
maintainer_email = "freeipa-devel@redhat.com",
url = "http://www.freeipa.org/",
description = DOCLINES[0],
long_description = "\n".join(DOCLINES[2:]),
download_url = "http://www.freeipa.org/page/Downloads",
classifiers=[line for line in CLASSIFIERS.split('\n') if line],
package_dir = {'ipaplatform': ''},
packages = ["ipaplatform",
"ipaplatform.base",
"ipaplatform.fedora",
"ipaplatform.redhat",
"ipaplatform.rhel"],
)
finally:
del sys.path[0]
os.chdir(old_path)
return
if __name__ == '__main__':
setup_package()

10
ipaplatform/tasks.py
View File

@@ -1,10 +0,0 @@
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
"""IpaMetaImporter replaces this module with ipaplatform.$NAME.tasks.
"""
from __future__ import absolute_import
import ipaplatform._importhook
ipaplatform._importhook.fixup_module('ipaplatform.tasks')

1
ipaplatform/tasks.py Symbolic link
View File

@@ -0,0 +1 @@
fedora/tasks.py