2008-05-07 08:33:00 -05:00
|
|
|
#!/usr/bin/python
|
|
|
|
#
|
|
|
|
# Upgrade configuration files to a newer template.
|
|
|
|
|
|
|
|
import sys
|
|
|
|
try:
|
2009-02-05 14:03:08 -06:00
|
|
|
from ipapython import ipautil
|
2008-05-07 08:33:00 -05:00
|
|
|
import krbV
|
|
|
|
import re
|
|
|
|
import os
|
|
|
|
import shutil
|
|
|
|
import fileinput
|
|
|
|
except ImportError:
|
|
|
|
print >> sys.stderr, """\
|
|
|
|
There was a problem importing one of the required Python modules. The
|
|
|
|
error was:
|
|
|
|
|
|
|
|
%s
|
|
|
|
""" % sys.exc_value
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
def backup_file(filename, ext):
|
|
|
|
"""Make a backup of filename using ext as the extension. Do not overwrite
|
|
|
|
previous backups."""
|
|
|
|
if not os.path.isabs(filename):
|
|
|
|
raise ValueError("Absolute path required")
|
|
|
|
|
|
|
|
backupfile = filename + ".bak"
|
|
|
|
(reldir, file) = os.path.split(filename)
|
|
|
|
|
|
|
|
while os.path.exists(backupfile):
|
|
|
|
backupfile = backupfile + "." + str(ext)
|
|
|
|
|
|
|
|
shutil.copy2(filename, backupfile)
|
|
|
|
|
|
|
|
def update_conf(sub_dict, filename, template_filename):
|
|
|
|
template = ipautil.template_file(template_filename, sub_dict)
|
|
|
|
fd = open(filename, "w")
|
|
|
|
fd.write(template)
|
|
|
|
fd.close()
|
|
|
|
|
|
|
|
def find_hostname():
|
|
|
|
"""Find the hostname currently configured in ipa-rewrite.conf"""
|
|
|
|
filename="/etc/httpd/conf.d/ipa-rewrite.conf"
|
2008-10-29 13:34:47 -05:00
|
|
|
pattern = "^[\s#]*.*https:\/\/([A-Za-z0-9\.\-]*)\/.*"
|
|
|
|
p = re.compile(pattern)
|
|
|
|
for line in fileinput.input(filename):
|
|
|
|
if p.search(line):
|
|
|
|
fileinput.close()
|
|
|
|
return p.search(line).group(1)
|
|
|
|
fileinput.close()
|
2008-05-07 08:33:00 -05:00
|
|
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
def find_version(filename):
|
|
|
|
"""Find the version of a configuration file"""
|
|
|
|
if os.path.exists(filename):
|
|
|
|
pattern = "^[\s#]*VERSION\s+([0-9]+)\s+.*"
|
|
|
|
p = re.compile(pattern)
|
|
|
|
for line in fileinput.input(filename):
|
|
|
|
if p.search(line):
|
|
|
|
fileinput.close()
|
|
|
|
return p.search(line).group(1)
|
|
|
|
fileinput.close()
|
|
|
|
|
|
|
|
# no VERSION found
|
|
|
|
return 0
|
|
|
|
else:
|
|
|
|
return -1
|
|
|
|
|
|
|
|
def upgrade(sub_dict, filename, template):
|
|
|
|
old = int(find_version(filename))
|
|
|
|
new = int(find_version(template))
|
|
|
|
|
|
|
|
if old < 0:
|
|
|
|
print "%s not found." % filename
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
if new < 0:
|
|
|
|
print "%s not found." % template
|
|
|
|
|
|
|
|
if old < new:
|
|
|
|
backup_file(filename, new)
|
|
|
|
update_conf(sub_dict, filename, template)
|
|
|
|
print "Upgraded %s to version %d" % (filename, new)
|
|
|
|
|
2008-12-01 14:06:20 -06:00
|
|
|
def check_certs(realm_name):
|
|
|
|
"""Check ca.crt is in the right place, and try to fix if not"""
|
|
|
|
if not os.path.exists("/usr/share/ipa/html/ca.crt"):
|
|
|
|
ca_file = "/etc/dirsrv/slapd-" + ("-".join(realm_name.split("."))) + "/cacert.asc"
|
|
|
|
if os.path.exists(ca_file):
|
|
|
|
shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt")
|
|
|
|
else:
|
|
|
|
print "Missing Certification Authority file."
|
|
|
|
print "You should place a copy of the CA certificate in /usr/share/ipa/html/ca.crt"
|
|
|
|
|
2008-05-07 08:33:00 -05:00
|
|
|
def main():
|
|
|
|
try:
|
|
|
|
krbctx = krbV.default_context()
|
|
|
|
except krbV.Krb5Error, e:
|
|
|
|
print "Unable to get default kerberos realm: %s" % e[1]
|
|
|
|
sys.exit(1)
|
|
|
|
|
2008-12-01 14:06:20 -06:00
|
|
|
try:
|
|
|
|
check_certs(krbctx.default_realm)
|
|
|
|
except Error, e:
|
|
|
|
print "Failed to check CA certificate: %s" % e
|
|
|
|
|
2008-10-29 13:34:47 -05:00
|
|
|
try:
|
|
|
|
fqdn = find_hostname()
|
|
|
|
except IOError:
|
|
|
|
# ipa-rewrite.conf doesn't exist, nothing to do
|
|
|
|
sys.exit(0)
|
2008-05-07 08:33:00 -05:00
|
|
|
|
|
|
|
if fqdn is None:
|
|
|
|
print "Unable to determine hostname from ipa-rewrite.conf"
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn }
|
|
|
|
|
|
|
|
upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf")
|
|
|
|
upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf")
|
|
|
|
|
|
|
|
try:
|
|
|
|
if __name__ == "__main__":
|
|
|
|
sys.exit(main())
|
|
|
|
except SystemExit, e:
|
|
|
|
sys.exit(e)
|
|
|
|
except KeyboardInterrupt, e:
|
|
|
|
sys.exit(1)
|