upstream fixes

2025-02-25 18:55:28 -06:00 · 2016-03-23 01:06:46 +02:00
parent d378b98897
commit 095a88a42b
3 changed files with 107 additions and 0 deletions
--- a/debian/patches/Fix-kdc.conf.template-to-use-ipaplatform.paths.patch
+++ b/debian/patches/Fix-kdc.conf.template-to-use-ipaplatform.paths.patch
@@ -0,0 +1,62 @@
+From 5798e8c04e716bc6fad01c8ea87473a1859eea28 Mon Sep 17 00:00:00 2001
+From: Timo Aaltonen <tjaalton@debian.org>
+Date: Wed, 23 Mar 2016 00:32:52 +0200
+Subject: [PATCH] Fix kdc.conf.template to use ipaplatform.paths.
+
+https://fedorahosted.org/freeipa/ticket/5343
+---
+ install/share/kdc.conf.template  | 10 +++++-----
+ ipaplatform/base/paths.py        |  3 +++
+ ipaserver/install/krbinstance.py |  7 ++++++-
+ 3 files changed, 14 insertions(+), 6 deletions(-)
+
+--- a/install/share/kdc.conf.template
+++ b/install/share/kdc.conf.template
+@@ -8,10 +8,10 @@
+   master_key_type = aes256-cts
+   max_life = 7d
+   max_renewable_life = 14d
+-  acl_file = /var/kerberos/krb5kdc/kadm5.acl
+-  dict_file = /usr/share/dict/words
+  acl_file = $KRB5KDC_KADM5_ACL
+  dict_file = $DICT_WORDS
+   default_principal_flags = +preauth
+-;  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
+-  pkinit_identity = FILE:/var/kerberos/krb5kdc/kdc.pem
+-  pkinit_anchors = FILE:/var/kerberos/krb5kdc/cacert.pem
+;  admin_keytab = $KRB5KDC_KADM5_KEYTAB
+  pkinit_identity = FILE:$KDC_PEM
+  pkinit_anchors = FILE:$CACERT_PEM
+  }
+--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
+@@ -237,10 +237,13 @@ class BasePathNamespace(object):
+     SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
+     IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
+     UPDATES_DIR = "/usr/share/ipa/updates/"
+    DICT_WORDS = "/usr/share/dict/words"
+     CACHE_IPA_SESSIONS = "/var/cache/ipa/sessions"
+     VAR_KERBEROS_KRB5KDC_DIR = "/var/kerberos/krb5kdc/"
+     VAR_KRB5KDC_K5_REALM = "/var/kerberos/krb5kdc/.k5."
+     CACERT_PEM = "/var/kerberos/krb5kdc/cacert.pem"
+    KRB5KDC_KADM5_ACL = "/var/kerberos/krb5kdc/kadm5.acl"
+    KRB5KDC_KADM5_KEYTAB = "/var/kerberos/krb5kdc/kadm5.keytab"
+     KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf"
+     KDC_PEM = "/var/kerberos/krb5kdc/kdc.pem"
+     VAR_LIB = "/var/lib"
+--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
+@@ -228,7 +228,12 @@ class KrbInstance(service.Service):
+                              DOMAIN=self.domain,
+                              HOST=self.host,
+                              SERVER_ID=installutils.realm_to_serverid(self.realm),
+-                             REALM=self.realm)
+                             REALM=self.realm,
+                             KRB5KDC_KADM5_ACL=paths.KRB5KDC_KADM5_ACL,
+                             DICT_WORDS=paths.DICT_WORDS,
+                             KRB5KDC_KADM5_KEYTAB=paths.KRB5KDC_KADM5_KEYTAB,
+                             KDC_PEM=paths.KDC_PEM,
+                             CACERT_PEM=paths.CACERT_PEM)
+ 
+         # IPA server/KDC is not a subdomain of default domain
+         # Proper domain-realm mapping needs to be specified
--- a/debian/patches/ipa_restore-Import-only-FQDN-from-ipalib.constants.patch
+++ b/debian/patches/ipa_restore-Import-only-FQDN-from-ipalib.constants.patch
@@ -0,0 +1,43 @@
+From d161e7ad51c90be6643a2851d5d21e1ae8a375dd Mon Sep 17 00:00:00 2001
+From: Timo Aaltonen <tjaalton@debian.org>
+Date: Tue, 22 Mar 2016 21:05:39 +0200
+Subject: [PATCH] ipa_restore: Import only FQDN from ipalib.constants
+
+---
+ ipaserver/install/ipa_restore.py | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
+@@ -30,7 +30,8 @@ import locale
+ from six.moves.configparser import SafeConfigParser
+ import six
+ 
+-from ipalib import api, errors, constants
+from ipalib import api, errors
+from ipalib.constants import FQDN
+ from ipapython import version, ipautil, certdb
+ from ipapython.ipautil import run, user_input
+ from ipapython import admintool
+@@ -218,7 +219,7 @@ class Restore(admintool.AdminTool):
+             self.backup_dir = os.path.join(paths.IPA_BACKUP_DIR, self.backup_dir)
+ 
+         self.log.info("Preparing restore from %s on %s",
+-                      self.backup_dir, constants.FQDN)
+                      self.backup_dir, FQDN)
+ 
+         self.header = os.path.join(self.backup_dir, 'header')
+ 
+@@ -281,10 +282,10 @@ class Restore(admintool.AdminTool):
+         self.log.info("Performing %s restore from %s backup" %
+                       (restore_type, self.backup_type))
+ 
+-        if self.backup_host != constants.FQDN:
+        if self.backup_host != FQDN:
+             raise admintool.ScriptError(
+                 "Host name %s does not match backup name %s" %
+-                (constants.FQDN, self.backup_host))
+                (FQDN, self.backup_host))
+ 
+         if self.backup_ipa_version != str(version.VERSION):
+             self.log.warning(
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,5 @@ ipaplatform-Move-remaining-user-group-constants-to-i.patch
 fix-dnssec-services.diff
 fix-opendnssec-conf-template.diff
 create-sysconfig-ods.diff
+ipa_restore-Import-only-FQDN-from-ipalib.constants.patch
+Fix-kdc.conf.template-to-use-ipaplatform.paths.patch