diff --git a/ipaserver/install/httpinstance.py b/ipapython/platform/base/instances/http.py similarity index 85% rename from ipaserver/install/httpinstance.py rename to ipapython/platform/base/instances/http.py index c5c047c35..34d9f1074 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipapython/platform/base/instances/http.py @@ -73,7 +73,7 @@ class HTTPInstance(service.Service): self.ldap_connect() - self.step("disabling mod_ssl in httpd", self.__disable_mod_ssl) + self.step("disabling mod_ssl in httpd", self._disable_mod_ssl) self.step("setting mod_nss port to 443", self.__set_mod_nss_port) self.step("setting mod_nss password file", self.__set_mod_nss_passwordfile) self.step("enabling mod_nss renegotiate", self.enable_mod_nss_renegotiate) @@ -129,53 +129,52 @@ class HTTPInstance(service.Service): def __create_http_keytab(self): installutils.kadmin_addprinc(self.principal) - installutils.create_keytab("/etc/httpd/conf/ipa.keytab", self.principal) + installutils.create_keytab(self.keytab_path, self.principal) self.move_service(self.principal) self.add_cert_to_service() - pent = pwd.getpwnam("apache") - os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid) + pent = pwd.getpwnam(self.httpd_user) + os.chown(self.keytab_path, pent.pw_uid, pent.pw_gid) def __configure_http(self): - target_fname = '/etc/httpd/conf.d/ipa.conf' + target_fname = os.path.join(self.httpd_conf, 'ipa.conf') http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa.conf", self.sub_dict) - self.fstore.backup_file("/etc/httpd/conf.d/ipa.conf") + self.fstore.backup_file(os.path.join(target_fname) http_fd = open(target_fname, "w") http_fd.write(http_txt) http_fd.close() os.chmod(target_fname, 0644) - target_fname = '/etc/httpd/conf.d/ipa-rewrite.conf' + target_fname = os.path.join(self.httpd_conf, 'ipa-rewrite.conf' http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa-rewrite.conf", self.sub_dict) - self.fstore.backup_file("/etc/httpd/conf.d/ipa-rewrite.conf") + self.fstore.backup_file(target_fname) http_fd = open(target_fname, "w") http_fd.write(http_txt) http_fd.close() os.chmod(target_fname, 0644) - def __disable_mod_ssl(self): - if os.path.exists(SSL_CONF): - self.fstore.backup_file(SSL_CONF) - os.unlink(SSL_CONF) + def _disable_mod_ssl(self): + # disabling apache2 modules varies from one distribution to another + # so this method has to be implemented by platform modules. + raise NotImplementedError def __set_mod_nss_port(self): - self.fstore.backup_file(NSS_CONF) - if installutils.update_file(NSS_CONF, '8443', '443') != 0: + self.fstore.backup_file(self.nss_vhost) + if installutils.update_file(self.nss_vhost, '8443', '443') != 0: print "Updating port in %s failed." % NSS_CONF def __set_mod_nss_nickname(self, nickname): - installutils.set_directive(NSS_CONF, 'NSSNickname', nickname) + installutils.set_directive(self.nss_vhost, 'NSSNickname', nickname) def enable_mod_nss_renegotiate(self): - installutils.set_directive(NSS_CONF, 'NSSRenegotiation', 'on', False) - installutils.set_directive(NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False) + installutils.set_directive(self.nss_vhost, 'NSSRenegotiation', 'on', False) + installutils.set_directive(self.nss_vhost, 'NSSRequireSafeNegotiation', 'on', False) def __set_mod_nss_passwordfile(self): - installutils.set_directive(NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf') + installutils.set_directive(self.nss_vhost, 'NSSPassPhraseDialog', self.password_conf) def __add_include(self): - """This should run after __set_mod_nss_port so is already backed up""" - if installutils.update_file(NSS_CONF, '', 'Include conf.d/ipa-rewrite.conf\n') != 0: + if installutils.update_file(self.nss_vhost, '', 'Include conf.d/ipa-rewrite.conf\n') != 0: print "Adding Include conf.d/ipa-rewrite to %s failed." % NSS_CONF def __setup_ssl(self): @@ -214,7 +213,7 @@ class HTTPInstance(service.Service): os.chmod(certs.NSS_DIR + "/secmod.db", 0660) os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0660) - pent = pwd.getpwnam("apache") + pent = pwd.getpwnam(self.httpd_user) os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid ) os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid ) os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid ) @@ -275,7 +274,10 @@ class HTTPInstance(service.Service): if not enabled is None and not enabled: self.disable() - for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]: + for f in [os.path.join(self.httpd_conf, "ipa.conf", self.ssl_conf, self.nss_conf, self.nss_vhost]: + if not f: + continue + try: self.fstore.restore_file(f) except ValueError, error: @@ -283,9 +285,9 @@ class HTTPInstance(service.Service): pass # Remove the configuration files we create - installutils.remove_file("/etc/httpd/conf.d/ipa-rewrite.conf") - installutils.remove_file("/etc/httpd/conf.d/ipa.conf") - installutils.remove_file("/etc/httpd/conf.d/ipa-pki-proxy.conf") + installutils.remove_file(os.path.join(self.httpd_conf, "ipa-rewrite.conf")) + installutils.remove_file(os.path.join(self.httpd_conf, "ipa.conf")) + installutils.remove_file(os.path.join(self.httpd_conf, "ipa-pki-proxy.conf")) sebool_state = self.restore_state("httpd_can_network_connect") if not sebool_state is None: diff --git a/ipapython/platform/debian/instances/http.py b/ipapython/platform/debian/instances/http.py index 419d05abc..8670a3a94 100644 --- a/ipapython/platform/debian/instances/http.py +++ b/ipapython/platform/debian/instances/http.py @@ -1,19 +1,39 @@ -import ipautil -import installutils +# Authors: Krzysztof Klimonda +# +# Copyright (C) 2012 Krzysztof Klimonda +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# -NSS_CONF = '/etc/apache2/mods-available/nss.conf' +import os -class DebianHTTPInstance(object): +from ipapython import ipautil + +from ..base.instances import HTTPInstance + +class DebianHTTPInstance(HTTPInstance): def __init__(self): - pass + self.httpd_dir = "/etc/apache2" + self.httpd_conf_dir = os.path.join(self.httpd_dir, "conf.d") + self.nss_conf = os.path.join(self.httpd_dir, "mods-available/nss.conf") + self.nss_vhost = os.path.join(self.httpd_dir, "sites-available/nss") + self.ssl_conf = None # not used by Debian for disabling mod_ssl + self.keytab_path = os.path.join(self.http_dir, "ipa.keytab") + self.httpd_user = "www-data" + self.password_conf = 'file:/etc/apache2/password.conf' - def __disable_mod_ssl(self): - ipautil.run(['/usr/sbin/a2dismod', 'ssl']) - - - def __set_mod_nss_port(self): - self.fstore.backup(NSS_CONF) - if installutils.update_file(NSS_CONF, '8443', '443') - - def __set_mod_nss_nickname(self, nickname): - installutils.set_directive(NSS_CONF, 'NSSNickName', nickname) \ No newline at end of file + def _disable_mod_ssl(self): + ipautil.run(["a2dismod", "ssl"]) + ipautil.run(["a2dissite", "default-ssl"])