ipa-client-install: Added options to configure firefox

Option --configure-firefox configures firefox to use Kerberos
credentials within IPA domain
Optional option --firefox-dir=DIR allows to user to specify non-standard
path where firefox install directory is placed.

Part of ticket: https://fedorahosted.org/freeipa/ticket/3821

ipa-client/ipa-install/ipa-client-install

@@ -40,7 +40,8 @@ try:
     import ipaclient.ipachangeconf
     import ipaclient.ntpconf
     from ipapython.ipautil import (
-        run, user_input, CalledProcessError, file_exists, realm_to_suffix)
+        run, user_input, CalledProcessError, file_exists, dir_exists,
+        realm_to_suffix)
     import ipapython.services as ipaservices
     from ipapython import ipautil, sysrestore, version, certmonger, ipaldap
     from ipapython.config import IPAOptionParser
@@ -150,7 +151,12 @@ def parse_options():
                       help=SUPPRESS_HELP, default=False)
     basic_group.add_option("--automount-location", dest="location",
                            help="Automount location")
+    basic_group.add_option("--configure-firefox", dest="configure_firefox",
+                            action="store_true", default=False,
+                            help="configure Firefox")
     parser.add_option_group(basic_group)
+    basic_group.add_option("--firefox-dir", dest="firefox_dir", default=None,
+                            help="specify directory where Firefox is installed (for example: '/usr/lib/firefox')")
 
     sssd_group = OptionGroup(parser, "SSSD options")
     sssd_group.add_option("--permit", dest="permit",
@@ -185,6 +191,9 @@ def parse_options():
     if options.force_ntpd and not options.conf_ntp:
         parser.error("--force-ntpd cannot be used together with --no-ntp")
 
+    if options.firefox_dir and not options.configure_firefox:
+        parser.error("--firefox-dir cannot be used without --configure-firefox option")
+
     return safe_opts, options
 
 def logging_setup(options):
@@ -622,6 +631,18 @@ def uninstall(options, env):
     if was_sshd_configured and ipaservices.knownservices.sshd.is_running():
         ipaservices.knownservices.sshd.restart()
 
+    # Remove the Firefox configuration
+    if statestore.has_state('firefox'):
+        root_logger.info("Removing Firefox configuration.")
+        preferences_fname = statestore.restore_state('firefox', 'preferences_fname')
+        if preferences_fname is not None:
+            if file_exists(preferences_fname):
+                try:
+                    os.remove(preferences_fname)
+                except Exception, e:
+                    root_logger.warning("'%s' could not be removed: %s." % preferences_fname, str(e))
+                    root_logger.warning("Please remove file '%s' manually." % preferences_fname)
+
     rv = 0
 
     if fstore.has_files():
@@ -1823,6 +1844,76 @@ def get_ca_cert(fstore, options, server, basedn):
         raise errors.FileError(reason=u"Unable set permissions on ca "
                                u"cert '%s': %s" % (CACERT, e))
 
+#IMPORTANT First line of FF config file is ignored
+FIREFOX_CONFIG_TEMPLATE = """
+
+/* Kerberos SSO configuration */
+pref("network.negotiate-auth.trusted-uris", ".$DOMAIN");
+
+/* These are the defaults */
+pref("network.negotiate-auth.gsslib", "");
+pref("network.negotiate-auth.using-native-gsslib", true);
+pref("network.negotiate-auth.allow-proxies", true);
+"""
+
+FIREFOX_PREFERENCES_FILENAME = "all-ipa.js"
+
+def configure_firefox(options, statestore, domain):
+    try:
+        root_logger.debug("Setting up Firefox configuration.")
+
+        preferences_dir = None
+
+        # Check user specified location of firefox install directory
+        if options.firefox_dir is not None:
+            pref_path = os.path.join(options.firefox_dir,
+                                    ipaservices.FIREFOX_PREFERENCES_REL_PATH)
+            if dir_exists(pref_path):
+                preferences_dir = pref_path
+            else:
+                root_logger.error("Directory '%s' does not exists." % pref_path)
+        else:
+            # test if firefox is installed
+            if file_exists(ipaservices.FIREFOX_EXEC):
+
+                # find valid preferences path
+                for path in ipaservices.FIREFOX_INSTALL_DIRS:
+                    pref_path = os.path.join(path,
+                                            ipaservices.FIREFOX_PREFERENCES_REL_PATH)
+                    if dir_exists(pref_path):
+                        preferences_dir = pref_path
+                        break
+            else:
+                root_logger.error("Firefox configuration skipped (Firefox not found).")
+                return
+
+        # setting up firefox
+        if preferences_dir is not None:
+
+            # user could specify relative path, we need to store absolute
+            preferences_dir = os.path.abspath(preferences_dir)
+            root_logger.debug("Firefox preferences directory found '%s'." % preferences_dir)
+            preferences_fname = os.path.join(preferences_dir, FIREFOX_PREFERENCES_FILENAME)
+            update_txt = ipautil.template_str(FIREFOX_CONFIG_TEMPLATE, dict(DOMAIN=domain))
+            root_logger.debug("Firefox trusted and delegation uris will be set as '.%s' domain." % domain)
+            root_logger.debug("Firefox configuration will be stored in '%s' file." % preferences_fname)
+
+            try:
+                with open(preferences_fname, 'w') as f:
+                    f.write(update_txt)
+                root_logger.info("Firefox sucessfully configured.")
+                statestore.backup_state('firefox', 'preferences_fname', preferences_fname)
+            except Exception, e:
+                root_logger.debug("An error occured during creating preferences file: %s." % str(e))
+                root_logger.error("Firefox configuration failed.")
+        else:
+            root_logger.debug("Firefox preferences directory not found.")
+            root_logger.error("Firefox configuration failed.")
+
+    except Exception, e:
+        root_logger.debug(str(e))
+        root_logger.error("Firefox configuration failed.")
+
 
 def install(options, env, fstore, statestore):
     dnsok = False
@@ -2568,6 +2659,9 @@ def install(options, env, fstore, statestore):
     if options.location:
         configure_automount(options)
 
+    if options.configure_firefox:
+        configure_firefox(options, statestore, cli_domain)
+
     root_logger.info('Client configuration complete.')
 
     return 0

ipapython/platform/base/__init__.py

@@ -48,6 +48,12 @@ wellknownports = {
 
 SVC_LIST_FILE = "/var/run/ipa/services.list"
 
+# Firefox paths
+FIREFOX_EXEC = "/usr/bin/firefox"
+FIREFOX_INSTALL_DIRS = ["/usr/lib64/firefox", "/usr/lib/firefox"]
+# /firefox/install/dir/FIREFOX_PREFERENCES_REL_PATH
+FIREFOX_PREFERENCES_REL_PATH = "browser/defaults/preferences"
+
 class AuthConfig(object):
     """
     AuthConfig class implements system-independent interface to configure

ipapython/platform/fedora16/__init__.py

@@ -38,7 +38,8 @@ from ipapython.platform.fedora16.service import f16_service, Fedora16Services
 #                         and restorecon is installed.
 __all__ = ['authconfig', 'service', 'knownservices',
     'backup_and_replace_hostname', 'restore_context', 'check_selinux_status',
-    'restore_network_configuration', 'timedate_services']
+    'restore_network_configuration', 'timedate_services', 'FIREFOX_EXEC',
+    'FIREFOX_INSTALL_DIRS', 'FIREFOX_PREFERENCES_REL_PATH']
 
 # Just copy a referential list of timedate services
 timedate_services = list(base.timedate_services)
@@ -50,3 +51,8 @@ backup_and_replace_hostname = redhat.backup_and_replace_hostname
 restore_context = selinux.restore_context
 check_selinux_status = selinux.check_selinux_status
 restore_network_configuration = redhat.restore_network_configuration
+
+# Firefox paths
+FIREFOX_EXEC = base.FIREFOX_EXEC
+FIREFOX_INSTALL_DIRS = base.FIREFOX_INSTALL_DIRS
+FIREFOX_PREFERENCES_REL_PATH = base.FIREFOX_PREFERENCES_REL_PATH

ipapython/platform/fedora18/__init__.py

@@ -44,7 +44,8 @@ from ipapython.platform import fedora16, base
 #                         and restorecon is installed.
 __all__ = ['authconfig', 'service', 'knownservices',
     'backup_and_replace_hostname', 'restore_context', 'check_selinux_status',
-    'restore_network_configuration', 'timedate_services']
+    'restore_network_configuration', 'timedate_services', 'FIREFOX_EXEC',
+    'FIREFOX_INSTALL_DIRS', 'FIREFOX_PREFERENCES_REL_PATH']
 
 # Just copy a referential list of timedate services
 timedate_services = list(base.timedate_services)
@@ -111,3 +112,8 @@ service = fedora16.service
 knownservices = fedora16.knownservices
 restore_context = fedora16.restore_context
 check_selinux_status = fedora16.check_selinux_status
+
+# Firefox paths
+FIREFOX_EXEC = base.FIREFOX_EXEC
+FIREFOX_INSTALL_DIRS = base.FIREFOX_INSTALL_DIRS
+FIREFOX_PREFERENCES_REL_PATH = base.FIREFOX_PREFERENCES_REL_PATH

ipapython/platform/redhat/__init__.py

@@ -48,7 +48,8 @@ from ipapython.platform.redhat.service import redhat_service, RedHatServices
 #                         and restorecon is installed.
 __all__ = ['authconfig', 'service', 'knownservices',
     'backup_and_replace_hostname', 'restore_context', 'check_selinux_status',
-    'restore_network_configuration', 'timedate_services']
+    'restore_network_configuration', 'timedate_services', 'FIREFOX_EXEC',
+    'FIREFOX_INSTALL_DIRS', 'FIREFOX_PREFERENCES_REL_PATH']
 
 # Just copy a referential list of timedate services
 timedate_services = list(base.timedate_services)
@@ -131,3 +132,8 @@ def restore_network_configuration(fstore, statestore):
     filepath = '/etc/sysconfig/network'
     if fstore.has_file(filepath):
         fstore.restore_file(filepath)
+
+# Firefox paths
+FIREFOX_EXEC = base.FIREFOX_EXEC
+FIREFOX_INSTALL_DIRS = base.FIREFOX_INSTALL_DIRS
+FIREFOX_PREFERENCES_REL_PATH = base.FIREFOX_PREFERENCES_REL_PATH