From 2a2d63669d740396eabc6f46906b8625f001ad3c Mon Sep 17 00:00:00 2001 From: Timo Aaltonen Date: Fri, 18 Mar 2016 12:22:33 +0200 Subject: [PATCH] ipaplatform: Move remaining user/group constants to ipaplatform.constants. Use ipaplatform.constants in every corner instead of importing other bits or calling some platform specific things, and remove most of the remaining hardcoded uid's. https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: David Kupka --- .../oddjob/com.redhat.idm.trust-fetch-domains | 3 ++- ipaplatform/base/constants.py | 5 ++++ ipaplatform/base/services.py | 12 --------- ipaplatform/redhat/services.py | 26 ------------------- ipaserver/install/bindinstance.py | 2 +- ipaserver/install/dns.py | 4 +-- ipaserver/install/dnskeysyncinstance.py | 9 ++++--- ipaserver/install/dogtaginstance.py | 1 - ipaserver/install/httpinstance.py | 2 +- ipaserver/install/odsexporterinstance.py | 5 ++-- ipaserver/install/opendnssecinstance.py | 15 ++++++----- 11 files changed, 27 insertions(+), 57 deletions(-) diff --git a/install/oddjob/com.redhat.idm.trust-fetch-domains b/install/oddjob/com.redhat.idm.trust-fetch-domains index 6e8bfc6c8..7c70c41d5 100755 --- a/install/oddjob/com.redhat.idm.trust-fetch-domains +++ b/install/oddjob/com.redhat.idm.trust-fetch-domains @@ -8,6 +8,7 @@ from ipapython.dn import DN from ipalib.config import Env from ipalib.constants import DEFAULT_CONFIG from ipapython.ipautil import kinit_keytab +from ipaplatform.constants import constants import sys import os import pwd @@ -31,7 +32,7 @@ def retrieve_keytab(api, ccache_name, oneway_keytab_name, oneway_principal): raiseonerr=False) # Make sure SSSD is able to read the keytab try: - sssd = pwd.getpwnam('sssd') + sssd = pwd.getpwnam(constants.SSSD_USER) os.chown(oneway_keytab_name, sssd[2], sssd[3]) except KeyError as e: # If user 'sssd' does not exist, we don't need to chown from root to sssd diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py index 52af12429..3e1c4c6f7 100644 --- a/ipaplatform/base/constants.py +++ b/ipaplatform/base/constants.py @@ -12,12 +12,17 @@ class BaseConstantsNamespace(object): DS_GROUP = 'dirsrv' HTTPD_USER = "apache" IPA_DNS_PACKAGE_NAME = "freeipa-server-dns" + KDCPROXY_USER = "kdcproxy" NAMED_USER = "named" + NAMED_GROUP = "named" PKI_USER = 'pkiuser' PKI_GROUP = 'pkiuser' # ntpd init variable used for daemon options NTPD_OPTS_VAR = "OPTIONS" # quote used for daemon options NTPD_OPTS_QUOTE = "\"" + ODS_USER = "ods" + ODS_GROUP = "ods" # nfsd init variable used to enable kerberized NFS SECURE_NFS_VAR = "SECURE_NFS" + SSSD_USER = "sssd" diff --git a/ipaplatform/base/services.py b/ipaplatform/base/services.py index 11d0c2a83..641a65418 100644 --- a/ipaplatform/base/services.py +++ b/ipaplatform/base/services.py @@ -181,18 +181,6 @@ class PlatformService(object): def get_config_dir(self, instance_name=""): return - def get_user_name(self, instance_name=""): - return - - def get_group_name(self, instance_name=""): - return - - def get_binary_path(self): - return - - def get_package_name(self): - return - class SystemdService(PlatformService): SYSTEMD_SRV_TARGET = "%s.target.wants" diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 3c18dbc3c..92dae452a 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -223,28 +223,6 @@ class RedHatCAService(RedHatService): self.wait_until_running() -class RedHatNamedService(RedHatService): - def get_user_name(self): - return u'named' - - def get_group_name(self): - return u'named' - - def get_binary_path(self): - return paths.NAMED_PKCS11 - - def get_package_name(self): - return u"bind-pkcs11" - - -class RedHatODSEnforcerdService(RedHatService): - def get_user_name(self): - return u'ods' - - def get_group_name(self): - return u'ods' - - # Function that constructs proper Red Hat OS family-specific server classes for # services of specified name @@ -257,10 +235,6 @@ def redhat_service_class_factory(name): return RedHatSSHService(name) if name in ('pki-tomcatd', 'pki_tomcatd'): return RedHatCAService(name) - if name == 'named': - return RedHatNamedService(name) - if name in ('ods-enforcerd', 'ods_enforcerd'): - return RedHatODSEnforcerdService(name) return RedHatService(name) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index f7d5be41e..0b451e5f5 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -1260,4 +1260,4 @@ class BindInstance(service.Service): self.named_regular.start() installutils.remove_keytab(paths.NAMED_KEYTAB) - installutils.remove_ccache(run_as='named') + installutils.remove_ccache(run_as=constants.NAMED_USER) diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index 9a2fde29f..dbeacaee8 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -231,8 +231,8 @@ def install_check(standalone, api, replica, options, hostname): dnskeysyncd.stop() try: ipautil.run(cmd, env=environment, - runas=ods_enforcerd.get_user_name(), - suplementary_groups=[named.get_group_name()]) + runas=constants.ODS_USER, + suplementary_groups=[constants.NAMED_GROUP]) except CalledProcessError as e: root_logger.debug("%s", e) raise RuntimeError("This IPA server cannot be promoted to " diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py index 4fe566cdd..4888d83f8 100644 --- a/ipaserver/install/dnskeysyncinstance.py +++ b/ipaserver/install/dnskeysyncinstance.py @@ -22,6 +22,7 @@ from ipapython.dn import DN from ipapython import ipaldap from ipapython import sysrestore, ipautil from ipaplatform import services +from ipaplatform.constants import constants from ipaplatform.paths import paths from ipalib import errors, api from ipalib.constants import CACERT @@ -142,14 +143,14 @@ class DNSKeySyncInstance(service.Service): def __get_named_uid(self): named = services.knownservices.named try: - return pwd.getpwnam(named.get_user_name()).pw_uid + return pwd.getpwnam(constants.NAMED_USER).pw_uid except KeyError: raise RuntimeError("Named UID not found") def __get_named_gid(self): named = services.knownservices.named try: - return grp.getgrnam(named.get_group_name()).gr_gid + return grp.getgrnam(constants.NAMED_GROUP).gr_gid except KeyError: raise RuntimeError("Named GID not found") @@ -160,12 +161,12 @@ class DNSKeySyncInstance(service.Service): self.named_gid = self.__get_named_gid() try: - self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid + self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid except KeyError: raise RuntimeError("OpenDNSSEC UID not found") try: - self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid + self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid except KeyError: raise RuntimeError("OpenDNSSEC GID not found") diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index d906d05e5..9f094d834 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -45,7 +45,6 @@ from ipaserver.install import replication from ipaserver.install.installutils import stopped_service from ipapython.ipa_log_manager import log_mgr -PKI_USER = constants.PKI_USER HTTPD_USER = constants.HTTPD_USER diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 54aeb8ae7..b0fbe6926 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -54,8 +54,8 @@ SELINUX_BOOLEAN_SETTINGS = dict( httpd_run_ipa='on', ) -KDCPROXY_USER = 'kdcproxy' HTTPD_USER = constants.HTTPD_USER +KDCPROXY_USER = constants.KDCPROXY_USER # See contrib/nsscipersuite/nssciphersuite.py NSS_CIPHER_SUITE = [ diff --git a/ipaserver/install/odsexporterinstance.py b/ipaserver/install/odsexporterinstance.py index e761ebcde..e9f7bf853 100644 --- a/ipaserver/install/odsexporterinstance.py +++ b/ipaserver/install/odsexporterinstance.py @@ -13,6 +13,7 @@ from ipaserver.install import installutils from ipapython.ipa_log_manager import root_logger from ipapython.dn import DN from ipapython import sysrestore, ipautil, ipaldap +from ipaplatform.constants import constants from ipaplatform.paths import paths from ipaplatform import services from ipalib import errors, api @@ -68,12 +69,12 @@ class ODSExporterInstance(service.Service): ods_enforcerd = services.knownservices.ods_enforcerd try: - self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid + self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid except KeyError: raise RuntimeError("OpenDNSSEC UID not found") try: - self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid + self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid except KeyError: raise RuntimeError("OpenDNSSEC GID not found") diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py index 05b2013c8..cfb41be4c 100644 --- a/ipaserver/install/opendnssecinstance.py +++ b/ipaserver/install/opendnssecinstance.py @@ -15,6 +15,7 @@ from ipapython.ipa_log_manager import root_logger from ipapython.dn import DN from ipapython import sysrestore, ipautil, ipaldap, p11helper from ipaplatform import services +from ipaplatform.constants import constants from ipaplatform.paths import paths from ipalib import errors, api from ipaserver.install import dnskeysyncinstance @@ -125,22 +126,22 @@ class OpenDNSSECInstance(service.Service): ods_enforcerd = services.knownservices.ods_enforcerd try: - self.named_uid = pwd.getpwnam(named.get_user_name()).pw_uid + self.named_uid = pwd.getpwnam(constants.NAMED_USER).pw_uid except KeyError: raise RuntimeError("Named UID not found") try: - self.named_gid = grp.getgrnam(named.get_group_name()).gr_gid + self.named_gid = grp.getgrnam(constants.NAMED_GROUP).gr_gid except KeyError: raise RuntimeError("Named GID not found") try: - self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid + self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid except KeyError: raise RuntimeError("OpenDNSSEC UID not found") try: - self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid + self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid except KeyError: raise RuntimeError("OpenDNSSEC GID not found") @@ -287,7 +288,7 @@ class OpenDNSSECInstance(service.Service): ods_enforcerd = services.knownservices.ods_enforcerd cmd = [paths.ODS_KSMUTIL, 'zonelist', 'export'] result = ipautil.run(cmd, - runas=ods_enforcerd.get_user_name(), + runas=constants.ODS_USER, capture_output=True) with open(paths.OPENDNSSEC_ZONELIST_FILE, 'w') as zonelistf: zonelistf.write(result.output) @@ -303,7 +304,7 @@ class OpenDNSSECInstance(service.Service): ] ods_enforcerd = services.knownservices.ods_enforcerd - ipautil.run(command, stdin="y", runas=ods_enforcerd.get_user_name()) + ipautil.run(command, stdin="y", runas=constants.ODS_USER) def __setup_dnskeysyncd(self): # set up dnskeysyncd this is DNSSEC master @@ -352,7 +353,7 @@ class OpenDNSSECInstance(service.Service): cmd = [paths.IPA_ODS_EXPORTER, 'ipa-full-update'] try: self.print_msg("Exporting DNSSEC data before uninstallation") - ipautil.run(cmd, runas=ods_enforcerd.get_user_name()) + ipautil.run(cmd, runas=constants.ODS_USER) except CalledProcessError: root_logger.error("DNSSEC data export failed")