Import Upstream version 4.12.4
This commit is contained in:
geos_one
@@ -9,22 +9,25 @@ This Debian family platform module exports platform dependant constants.
|
||||
# Fallback to default path definitions
|
||||
from __future__ import absolute_import
|
||||
|
||||
from ipaplatform.base.constants import BaseConstantsNamespace
|
||||
from ipaplatform.base.constants import BaseConstantsNamespace, User, Group
|
||||
|
||||
|
||||
__all__ = ("constants", "User", "Group")
|
||||
|
||||
|
||||
class DebianConstantsNamespace(BaseConstantsNamespace):
|
||||
HTTPD_USER = "www-data"
|
||||
HTTPD_GROUP = "www-data"
|
||||
NAMED_USER = "bind"
|
||||
NAMED_GROUP = "bind"
|
||||
HTTPD_USER = User("www-data")
|
||||
HTTPD_GROUP = Group("www-data")
|
||||
NAMED_USER = User("bind")
|
||||
NAMED_GROUP = Group("bind")
|
||||
NAMED_DATA_DIR = ""
|
||||
NAMED_ZONE_COMMENT = "//"
|
||||
# ntpd init variable used for daemon options
|
||||
NTPD_OPTS_VAR = "NTPD_OPTS"
|
||||
# quote used for daemon options
|
||||
NTPD_OPTS_QUOTE = "\'"
|
||||
ODS_USER = "opendnssec"
|
||||
ODS_GROUP = "opendnssec"
|
||||
ODS_USER = User("opendnssec")
|
||||
ODS_GROUP = Group("opendnssec")
|
||||
SECURE_NFS_VAR = "NEED_GSSD"
|
||||
|
||||
constants = DebianConstantsNamespace()
|
||||
|
||||
@@ -17,11 +17,8 @@ MULTIARCH = sysconfig.get_config_var('MULTIARCH')
|
||||
|
||||
class DebianPathNamespace(BasePathNamespace):
|
||||
BIN_HOSTNAMECTL = "/usr/bin/hostnamectl"
|
||||
AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
|
||||
ETC_HTTPD_DIR = "/etc/apache2"
|
||||
HTTPD_ALIAS_DIR = "/etc/apache2/nssdb"
|
||||
ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc"
|
||||
ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt"
|
||||
HTTPD_ALIAS_DIR = "/etc/apache2/ipa"
|
||||
HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/"
|
||||
HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/apache2/conf-enabled/ipa-kdc-proxy.conf"
|
||||
HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf"
|
||||
@@ -36,13 +33,17 @@ class DebianPathNamespace(BasePathNamespace):
|
||||
NAMED_CONF_BAK = "/etc/bind/named.conf.ipa-backup"
|
||||
NAMED_CUSTOM_CONF = "/etc/bind/ipa-ext.conf"
|
||||
NAMED_CUSTOM_OPTIONS_CONF = "/etc/bind/ipa-options-ext.conf"
|
||||
NAMED_LOGGING_OPTIONS_CONF = "/etc/bind/ipa-logging-ext.conf"
|
||||
NAMED_VAR_DIR = "/var/cache/bind"
|
||||
NAMED_KEYTAB = "/etc/bind/named.keytab"
|
||||
NAMED_KEYTAB = "/etc/bind/krb5.keytab"
|
||||
NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones"
|
||||
NAMED_ROOT_KEY = "/etc/bind/bind.keys"
|
||||
NAMED_MANAGED_KEYS_DIR = "/var/cache/bind/dynamic"
|
||||
CHRONY_CONF = "/etc/chrony/chrony.conf"
|
||||
OPENLDAP_LDAP_CONF = "/etc/ldap/ldap.conf"
|
||||
OPENSSL_DIR = "/usr/lib/ssl"
|
||||
OPENSSL_CERTS_DIR = "/usr/lib/ssl/certs"
|
||||
OPENSSL_PRIVATE_DIR = "/usr/lib/ssl/private"
|
||||
ETC_DEBIAN_VERSION = "/etc/debian_version"
|
||||
# Old versions of freeipa wrote all trusted certificates to a single
|
||||
# file, which is not supported by ca-certificates.
|
||||
@@ -59,7 +60,7 @@ class DebianPathNamespace(BasePathNamespace):
|
||||
SYSCONFIG_IPA_DNSKEYSYNCD = "/etc/default/ipa-dnskeysyncd"
|
||||
SYSCONFIG_IPA_ODS_EXPORTER = "/etc/default/ipa-ods-exporter"
|
||||
SYSCONFIG_KRB5KDC_DIR = "/etc/default/krb5-kdc"
|
||||
SYSCONFIG_NAMED = "/etc/default/bind9"
|
||||
SYSCONFIG_NAMED = "/etc/default/named"
|
||||
SYSCONFIG_NFS = "/etc/default/nfs-common"
|
||||
SYSCONFIG_NTPD = "/etc/default/ntp"
|
||||
SYSCONFIG_ODS = "/etc/default/opendnssec"
|
||||
@@ -70,7 +71,7 @@ class DebianPathNamespace(BasePathNamespace):
|
||||
SYSTEMD_SYSTEM_HTTPD_D_DIR = "/etc/systemd/system/apache2.service.d/"
|
||||
SYSTEMD_SYSTEM_HTTPD_IPA_CONF = "/etc/systemd/system/apache2.service.d/ipa.conf"
|
||||
DNSSEC_TRUSTED_KEY = "/etc/bind/trusted-key.key"
|
||||
GSSAPI_SESSION_KEY = "/etc/apache2/ipasession.key"
|
||||
GSSAPI_SESSION_KEY = "/etc/apache2/ipa/ipasession.key"
|
||||
OLD_KRA_AGENT_PEM = "/etc/apache2/nssdb/kra-agent.pem"
|
||||
SBIN_SERVICE = "/usr/sbin/service"
|
||||
CERTMONGER_COMMAND_TEMPLATE = "/usr/lib/ipa/certmonger/%s"
|
||||
@@ -78,8 +79,9 @@ class DebianPathNamespace(BasePathNamespace):
|
||||
UPDATE_CA_TRUST = "/usr/sbin/update-ca-certificates"
|
||||
BIND_LDAP_DNS_IPA_WORKDIR = "/var/cache/bind/dyndb-ldap/ipa/"
|
||||
BIND_LDAP_DNS_ZONE_WORKDIR = "/var/cache/bind/dyndb-ldap/ipa/master/"
|
||||
BIND_LDAP_SO = "/usr/lib/{0}/bind/ldap.so".format(MULTIARCH)
|
||||
LIBARCH = "/{0}".format(MULTIARCH)
|
||||
LIBSOFTHSM2_SO = "/usr/lib/softhsm/libsofthsm2.so"
|
||||
LIBSOFTHSM2_SO = "/usr/lib/{0}/softhsm/libsofthsm2.so".format(MULTIARCH)
|
||||
PAM_KRB5_SO = "/usr/lib/{0}/security/pam_krb5.so".format(MULTIARCH)
|
||||
LIB_SYSTEMD_SYSTEMD_DIR = "/lib/systemd/system/"
|
||||
LIBEXEC_CERTMONGER_DIR = "/usr/lib/certmonger"
|
||||
@@ -117,6 +119,7 @@ class DebianPathNamespace(BasePathNamespace):
|
||||
IPA_CUSTODIA_SOCKET = "/run/apache2/ipa-custodia.sock"
|
||||
IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log'
|
||||
IPA_CUSTODIA_HANDLER = "/usr/lib/ipa/custodia"
|
||||
IPA_CUSTODIA_CHECK = "/usr/lib/ipa/ipa-custodia-check"
|
||||
WSGI_PREFIX_DIR = "/run/apache2/wsgi"
|
||||
|
||||
paths = DebianPathNamespace()
|
||||
|
||||
@@ -20,12 +20,14 @@ debian_system_units = redhat_services.redhat_system_units.copy()
|
||||
# For beginning just remap names to add .service
|
||||
# As more services will migrate to systemd, unit names will deviate and
|
||||
# mapping will be kept in this dictionary
|
||||
debian_system_units['chronyd'] = 'chrony.service'
|
||||
debian_system_units['httpd'] = 'apache2.service'
|
||||
debian_system_units['kadmin'] = 'krb5-admin-server.service'
|
||||
debian_system_units['krb5kdc'] = 'krb5-kdc.service'
|
||||
debian_system_units['named-regular'] = 'bind9.service'
|
||||
debian_system_units['named-regular'] = 'named.service'
|
||||
debian_system_units['named-pkcs11'] = 'bind9-pkcs11.service'
|
||||
debian_system_units['named'] = debian_system_units['named-pkcs11']
|
||||
debian_system_units['named'] = debian_system_units['named-regular']
|
||||
debian_system_units['ntpd'] = 'ntp.service'
|
||||
debian_system_units['pki-tomcatd'] = 'pki-tomcatd.service'
|
||||
debian_system_units['pki_tomcatd'] = debian_system_units['pki-tomcatd']
|
||||
debian_system_units['ods-enforcerd'] = 'opendnssec-enforcer.service'
|
||||
|
||||
@@ -42,7 +42,8 @@ class DebianTaskNamespace(RedHatTaskNamespace):
|
||||
return True
|
||||
|
||||
@staticmethod
|
||||
def modify_nsswitch_pam_stack(sssd, mkhomedir, statestore, sudo=True):
|
||||
def modify_nsswitch_pam_stack(sssd, mkhomedir, statestore, sudo=True,
|
||||
subid=False):
|
||||
if mkhomedir:
|
||||
try:
|
||||
ipautil.run(["pam-auth-update",
|
||||
@@ -202,11 +203,7 @@ Serial Number (hex): {cert.serial_number:#x}
|
||||
|
||||
return True
|
||||
|
||||
# Debian doesn't use authselect, so call enable/disable_ldap_automount
|
||||
# from BaseTaskNamespace.
|
||||
def enable_ldap_automount(self, statestore):
|
||||
return BaseTaskNamespace.enable_ldap_automount(self, statestore)
|
||||
|
||||
# Debian doesn't use authselect, so call disable_ldap_automount
|
||||
def disable_ldap_automount(self, statestore):
|
||||
return BaseTaskNamespace.disable_ldap_automount(self, statestore)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user