IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipaplatform: Move all filesystem paths to ipaplatform.paths module

Browse Source 
https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Tomas Babej 2014-05-29 14:47:17 +02:00 committed by Petr Viktorin
parent c7edd7b68c
commit 4d2ef43f28
61 changed files with 743 additions and 470 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
install/migration/migration.py
View File

@ -30,6 +30,7 @@ from ipapython.ipautil import get_ipa_basedn
from ipapython.dn import DN
from ipapython.ipaldap import IPAdmin
from ipalib import errors
from ipaplatform.paths import paths
def wsgi_redirect(start_response, loc):
@ -89,7 +90,7 @@ def application(environ, start_response):
if not form_data.has_key('username') or not form_data.has_key('password'):
return wsgi_redirect(start_response, 'invalid.html')
slapd_sockets = glob.glob('/var/run/slapd-*.socket')
slapd_sockets = glob.glob(paths.ALL_SLAPD_INSTANCE_SOCKETS)
if slapd_sockets:
ldap_uri = 'ldapi://%s' % slapd_sockets[0].replace('/', '%2f')
else:

3
install/wsgi/plugins.py
View File

@ -22,9 +22,10 @@ Plugin index generation script
"""
import os
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import root_logger
PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
PLUGINS_DIR = paths.IPA_JS_PLUGINS_DIR
def get_plugin_index():

3
ipa-client/ipaclient/ipadiscovery.py
View File

@ -26,6 +26,7 @@ from dns import resolver, rdatatype
from dns.exception import DNSException
from ipalib import errors
from ipapython import ipaldap
from ipaplatform.paths import paths
from ipapython.ipautil import valid_ip, get_ipa_basedn, realm_to_suffix
from ipapython.dn import DN
@ -75,7 +76,7 @@ class IPADiscovery(object):
domains = []
domain = None
try:
fp = open('/etc/resolv.conf', 'r')
fp = open(paths.RESOLV_CONF, 'r')
lines = fp.readlines()
fp.close()

9
ipa-client/ipaclient/ntpconf.py
View File

@ -22,6 +22,7 @@ import shutil
import os
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
ntp_conf = """# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
@ -96,9 +97,9 @@ def __write_config(path, content):
fd.close()
def config_ntp(server_fqdn, fstore = None, sysstore = None):
path_step_tickers = "/etc/ntp/step-tickers"
path_ntp_conf = "/etc/ntp.conf"
path_ntp_sysconfig = "/etc/sysconfig/ntpd"
path_step_tickers = paths.NTP_STEP_TICKERS
path_ntp_conf = paths.NTP_CONF
path_ntp_sysconfig = paths.SYSCONFIG_NTPD
sub_dict = { }
sub_dict["SERVER"] = server_fqdn
@ -142,7 +143,7 @@ def synconce_ntp(server_fqdn):
Returns True if sync was successful
"""
ntpd = '/usr/sbin/ntpd'
ntpd = paths.NTPD
if not os.path.exists(ntpd):
return False

3
ipalib/constants.py
View File

@ -22,6 +22,7 @@
All constants centralised in one file.
"""
import socket
from ipaplatform.paths import paths
from ipapython.dn import DN
from ipapython.version import VERSION, API_VERSION
@ -34,7 +35,7 @@ except:
FQDN = None
# Path to CA certificate bundle
CACERT = '/etc/ipa/ca.crt'
CACERT = paths.IPA_CA_CRT
# regular expression NameSpace member names must match:
NAME_REGEX = r'^[a-z][_a-z0-9]*[a-z0-9]$|^[a-z]$'

3
ipalib/errors.py
View File

@ -105,6 +105,7 @@ current block assignments:
from ipalib.text import ngettext as ungettext
import messages
from ipaplatform.paths import paths
class PrivateError(StandardError):
@ -142,7 +143,7 @@ class SubprocessError(PrivateError):
The exit code of the sub-process is available via the ``returncode``
instance attribute. For example:
>>> e = SubprocessError(returncode=1, argv=('/bin/false',))
>>> e = SubprocessError(returncode=1, argv=(paths.BIN_FALSE,))
>>> e.returncode
1
>>> e.argv # argv is also available

5
ipalib/plugins/migration.py
View File

@ -33,6 +33,7 @@ from ipalib import _
from ipapython.dn import DN
from ipapython.ipautil import write_tmp_file
import datetime
from ipaplatform.paths import paths
__doc__ = _("""
Migration to IPA
@ -185,13 +186,13 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
# fill in required attributes by IPA
entry_attrs['ipauniqueid'] = 'autogenerate'
if 'homedirectory' not in entry_attrs:
homes_root = config.get('ipahomesrootdir', ('/home', ))[0]
homes_root = config.get('ipahomesrootdir', (paths.HOME_DIR, ))[0]
home_dir = '%s/%s' % (homes_root, pkey)
home_dir = home_dir.replace('//', '/').rstrip('/')
entry_attrs['homedirectory'] = home_dir
if 'loginshell' not in entry_attrs:
default_shell = config.get('ipadefaultloginshell', ['/bin/sh'])[0]
default_shell = config.get('ipadefaultloginshell', [paths.SH])[0]
entry_attrs.setdefault('loginshell', default_shell)
# do not migrate all attributes

5
ipalib/plugins/user.py
View File

@ -31,6 +31,7 @@ from ipalib.plugins import baseldap
from ipalib.request import context
from ipalib import _, ngettext
from ipalib import output
from ipaplatform.paths import paths
from ipapython.ipautil import ipa_generate_password
from ipapython.ipavalidate import Email
from ipalib.capabilities import client_has_capability
@ -729,14 +730,14 @@ class user_add(LDAPCreate):
len = int(config.get('ipamaxusernamelength')[0])
)
)
default_shell = config.get('ipadefaultloginshell', ['/bin/sh'])[0]
default_shell = config.get('ipadefaultloginshell', [paths.SH])[0]
entry_attrs.setdefault('loginshell', default_shell)
# hack so we can request separate first and last name in CLI
full_name = '%s %s' % (entry_attrs['givenname'], entry_attrs['sn'])
entry_attrs.setdefault('cn', full_name)
if 'homedirectory' not in entry_attrs:
# get home's root directory from config
homes_root = config.get('ipahomesrootdir', ['/home'])[0]
homes_root = config.get('ipahomesrootdir', [paths.HOME_DIR])[0]
# build user's home directory based on his uid
entry_attrs['homedirectory'] = posixpath.join(homes_root, keys[-1])
entry_attrs.setdefault('krbprincipalname', '%s@%s' % (entry_attrs['uid'], api.env.realm))

3
ipalib/rpc.py
View File

@ -59,6 +59,7 @@ from ipalib.util import get_current_principal
from ipapython.ipa_log_manager import root_logger
from ipapython import ipautil
from ipapython import kernel_keyring
from ipaplatform.paths import paths
from ipapython.cookie import Cookie
from ipapython.dnsutil import DNSName
from ipalib.text import _
@ -482,7 +483,7 @@ class SSLTransport(LanguageAwareTransport):
if self._connection and host == self._connection[0]:
return self._connection[1]
dbdir = '/etc/pki/nssdb'
dbdir = paths.NSS_DB_DIR
no_init = self.__nss_initialized(dbdir)
if sys.version_info < (2, 7):
conn = NSSHTTPS(host, 443, dbdir=dbdir, no_init=no_init)

5
ipalib/session.py
View File

@ -27,6 +27,7 @@ from text import _
from ipapython.ipa_log_manager import *
from ipalib import api, errors
from ipalib import Command
from ipaplatform.paths import paths
from ipalib.krb_utils import *
from ipapython.cookie import Cookie
@ -795,7 +796,7 @@ class MemcacheSessionManager(SessionManager):
session data (see `load_session_data()`)
'''
memcached_socket_path = '/var/run/ipa_memcached/ipa_memcached'
memcached_socket_path = paths.VAR_RUN_IPA_MEMCACHED
session_cookie_name = 'ipa_session'
mc_server_stat_name_re = re.compile(r'(.+)\s+\((\d+)\)')
@ -1208,7 +1209,7 @@ class MemcacheSessionManager(SessionManager):
#-------------------------------------------------------------------------------
krbccache_dir ='/var/run/ipa_memcached'
krbccache_dir =paths.IPA_MEMCACHED_DIR
krbccache_prefix = 'krbcc_'
def _get_krbccache_pathname():

3
ipalib/x509.py
View File

@ -42,6 +42,7 @@ from ipalib import api
from ipalib import _
from ipalib import util
from ipalib import errors
from ipaplatform.paths import paths
from ipapython.dn import DN
PEM = 0
@ -99,7 +100,7 @@ def load_certificate(data, datatype=PEM, dbdir=None):
if api.env.in_tree:
dbdir = api.env.dot_ipa + os.sep + 'alias'
else:
dbdir = "/etc/httpd/alias"
dbdir = paths.HTTPD_ALIAS_DIR
nss.nss_init(dbdir)
else:
nss.nss_init_nodb()

228
ipaplatform/base/paths.py
View File

@ -21,5 +21,229 @@
This base platform module exports default filesystem paths.
'''
SVC_LIST_FILE = "/var/run/ipa/services.list"
SYSTEMWIDE_CA_STORE = "/etc/pki/ca-trust/source/anchors/"
class BasePathNamespace(object):
BASH = "/bin/bash"
BIN_FALSE = "/bin/false"
BIN_HOSTNAME = "/bin/hostname"
LS = "/bin/ls"
PKICREATE = "/bin/pkicreate"
PKISILENT = "/bin/pkisilent"
SH = "/bin/sh"
SYSTEMCTL = "/bin/systemctl"
TAR = "/bin/tar"
BIN_TRUE = "/bin/true"
DEV_NULL = "/dev/null"
DEV_STDIN = "/dev/stdin"
ETC_DIRSRV = "/etc/dirsrv"
DS_KEYTAB = "/etc/dirsrv/ds.keytab"
ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s"
ETC_SLAPD_PKI_IPA_DIR = "/etc/dirsrv/slapd-PKI-IPA"
ETC_FEDORA_RELEASE = "/etc/fedora-release"
GROUP = "/etc/group"
ETC_HOSTNAME = "/etc/hostname"
HOSTS = "/etc/hosts"
ETC_HTTPD_DIR = "/etc/httpd"
HTTPD_ALIAS_DIR = "/etc/httpd/alias"
ALIAS_PWDFILE_TXT = "/etc/httpd/alias/pwdfile.txt"
HTTPD_CONF_D_DIR = "/etc/httpd/conf.d/"
HTTPD_IPA_PKI_PROXY_CONF = "/etc/httpd/conf.d/ipa-pki-proxy.conf"
HTTPD_IPA_REWRITE_CONF = "/etc/httpd/conf.d/ipa-rewrite.conf"
HTTPD_IPA_CONF = "/etc/httpd/conf.d/ipa.conf"
HTTPD_NSS_CONF = "/etc/httpd/conf.d/nss.conf"
HTTPD_SSL_CONF = "/etc/httpd/conf.d/ssl.conf"
IPA_KEYTAB = "/etc/httpd/conf/ipa.keytab"
HTTPD_PASSWORD_CONF = "/etc/httpd/conf/password.conf"
ETC_IPA = "/etc/ipa"
IPA_CA_CRT = "/etc/ipa/ca.crt"
IPA_DEFAULT_CONF = "/etc/ipa/default.conf"
IPA_SMARTPROXY_CONF = "/etc/ipa/ipa-smartproxy.conf"
KRB5_CONF = "/etc/krb5.conf"
KRB5_KEYTAB = "/etc/krb5.keytab"
NAMED_CONF = "/etc/named.conf"
NAMED_KEYTAB = "/etc/named.keytab"
NAMED_RFC1912_ZONES = "/etc/named.rfc1912.zones"
NSSWITCH_CONF = "/etc/nsswitch.conf"
NTP_CONF = "/etc/ntp.conf"
NTP_STEP_TICKERS = "/etc/ntp/step-tickers"
OPENLDAP_LDAP_CONF = "/etc/openldap/ldap.conf"
PASSWD = "/etc/passwd"
ETC_PKI_CA_DIR = "/etc/pki-ca"
SYSTEMWIDE_CA_STORE = "/etc/pki/ca-trust/source/anchors/"
NSS_DB_DIR = "/etc/pki/nssdb"
NSSDB_CERT8_DB = "/etc/pki/nssdb/cert8.db"
NSSDB_KEY3_DB = "/etc/pki/nssdb/key3.db"
NSSDB_SECMOD_DB = "/etc/pki/nssdb/secmod.db"
PKI_TOMCAT = "/etc/pki/pki-tomcat"
PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias/"
PKI_TOMCAT_PASSWORD_CONF = "/etc/pki/pki-tomcat/password.conf"
ETC_REDHAT_RELEASE = "/etc/redhat-release"
RESOLV_CONF = "/etc/resolv.conf"
SAMBA_KEYTAB = "/etc/samba/samba.keytab"
SMB_CONF = "/etc/samba/smb.conf"
LIMITS_CONF = "/etc/security/limits.conf"
SSH_CONFIG = "/etc/ssh/ssh_config"
SSHD_CONFIG = "/etc/ssh/sshd_config"
SSSD_CONF = "/etc/sssd/sssd.conf"
ETC_SYSCONFIG_AUTHCONFIG = "/etc/sysconfig/authconfig"
SYSCONFIG_DIRSRV = "/etc/sysconfig/dirsrv"
SYSCONFIG_DIRSRV_INSTANCE = "/etc/sysconfig/dirsrv-%s"
SYSCONFIG_DIRSRV_PKI_IPA_DIR = "/etc/sysconfig/dirsrv-PKI-IPA"
SYSCONFIG_KRB5KDC_DIR = "/etc/sysconfig/krb5kdc"
SYSCONFIG_NTPD = "/etc/sysconfig/ntpd"
SYSCONFIG_PKI = "/etc/sysconfig/pki"
SYSCONFIG_PKI_CA_DIR = "/etc/sysconfig/pki-ca"
SYSCONFIG_PKI_TOMCAT = "/etc/sysconfig/pki-tomcat"
SYSCONFIG_PKI_CA_PKI_CA_DIR = "/etc/sysconfig/pki/ca/pki-ca"
SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/sysconfig/pki/tomcat/pki-tomcat"
SYSTEMD_CERTMONGER_SERVICE = "/etc/systemd/system/multi-user.target.wants/certmonger.service"
SYSTEMD_IPA_SERVICE = "/etc/systemd/system/multi-user.target.wants/ipa.service"
SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service"
SYSTEMD_PKI_TOMCAT_SERVICE = "/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service"
HOME_DIR = "/home"
ROOT_PKI = "/root/.pki"
CA_AGENT_P12 = "/root/ca-agent.p12"
CACERT_P12 = "/root/cacert.p12"
ROOT_TMP_CA_P12 = "/root/tmp-ca.p12"
IP = "/sbin/ip"
NOLOGIN = "/sbin/nologin"
SBIN_SERVICE = "/sbin/service"
TMP = "/tmp"
TMP_CA_P12 = "/tmp/ca.p12"
TMP_KRB5CC = "/tmp/krb5cc_%d"
USR_DIR = "/usr"
CERTMONGER_COMMAND_TEMPLATE = "/usr/%s/ipa/certmonger/%s"
PKCS12EXPORT = "/usr/bin/PKCS12Export"
CERTUTIL = "/usr/bin/certutil"
CHROMIUM_BROWSER = "/usr/bin/chromium-browser"
DS_NEWINST_PL = "/usr/bin/ds_newinst.pl"
FIREFOX = "/usr/bin/firefox"
GETCERT = "/usr/bin/getcert"
GPG = "/usr/bin/gpg"
GPG_AGENT = "/usr/bin/gpg-agent"
IPA_GETCERT = "/usr/bin/ipa-getcert"
KDESTROY = "/usr/bin/kdestroy"
KINIT = "/usr/bin/kinit"
LDAPMODIFY = "/usr/bin/ldapmodify"
LDAPPASSWD = "/usr/bin/ldappasswd"
NET = "/usr/bin/net"
OPENSSL = "/usr/bin/openssl"
PERL = "/usr/bin/perl"
PK12UTIL = "/usr/bin/pk12util"
PKICREATE = "/usr/bin/pkicreate"
PKIREMOVE = "/usr/bin/pkiremove"
PKISILENT = "/usr/bin/pkisilent"
SETPASSWD = "/usr/bin/setpasswd"
SIGNTOOL = "/usr/bin/signtool"
SSLGET = "/usr/bin/sslget"
ZIP = "/usr/bin/zip"
BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
USR_LIB_DIRSRV = "/usr/lib/dirsrv"
USR_LIB_SLAPD_INSTANCE_TEMPLATE = "/usr/lib/dirsrv/slapd-%s"
USR_LIB_SLAPD_PKI_IPA_DIR = "/usr/lib/dirsrv/slapd-PKI-IPA"
LIB_FIREFOX = "/usr/lib/firefox"
BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE = "/usr/lib64/dirsrv/slapd-%s"
SLAPD_PKI_IPA = "/usr/lib64/dirsrv/slapd-PKI-IPA"
LIB64_FIREFOX = "/usr/lib64/firefox"
DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit"
GETSEBOOL = "/usr/sbin/getsebool"
GROUPADD = "/usr/sbin/groupadd"
HTTPD = "/usr/sbin/httpd"
IPA_REPLICA_CONNCHECK = "/usr/sbin/ipa-replica-conncheck"
NTPD = "/usr/sbin/ntpd"
PKIDESTROY = "/usr/sbin/pkidestroy"
PKISPAWN = "/usr/sbin/pkispawn"
RESTORECON = "/usr/sbin/restorecon"
SELINUXENABLED = "/usr/sbin/selinuxenabled"
SETSEBOOL = "/usr/sbin/setsebool"
SETUP_DS_PL = "/usr/sbin/setup-ds.pl"
SMBD = "/usr/sbin/smbd"
USERADD = "/usr/sbin/useradd"
USR_SHARE_IPA_DIR = "/usr/share/ipa/"
FFEXTENSION = "/usr/share/ipa/ffextension"
IPA_HTML_DIR = "/usr/share/ipa/html"
CA_CRT = "/usr/share/ipa/html/ca.crt"
CONFIGURE_JAR = "/usr/share/ipa/html/configure.jar"
KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi"
KRB_CON = "/usr/share/ipa/html/krb.con"
KRB_JS = "/usr/share/ipa/html/krb.js"
HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
PREFERENCES_HTML = "/usr/share/ipa/html/preferences.html"
IPA_PLUGINS = "/usr/share/ipa/plugins"
SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
UPDATES_DIR = "/usr/share/ipa/updates/"
PKI_CONF_SERVER_XML = "/usr/share/pki/ca/conf/server.xml"
VAR_KRB5KDC_K5_REALM = "/var/kerberos/krb5kdc/.k5."
CACERT_PEM = "/var/kerberos/krb5kdc/cacert.pem"
KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf"
KDC_PEM = "/var/kerberos/krb5kdc/kdc.pem"
VAR_LIB = "/var/lib"
AUTHCONFIG_LAST = "/var/lib/authconfig/last"
VAR_LIB_CERTMONGER_DIR = "/var/lib/certmonger"
CERTMONGER_CAS_DIR = "/var/lib/certmonger/cas/"
CERTMONGER_REQUESTS_DIR = "/var/lib/certmonger/requests/"
VAR_LIB_DIRSRV = "/var/lib/dirsrv"
DIRSRV_BOOT_LDIF = "/var/lib/dirsrv/boot.ldif"
VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE = "/var/lib/dirsrv/scripts-%s"
VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s"
SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s"
IPACA_DIRSRV_INSTANCE_DB_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/ipaca"
SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif"
VAR_LIB_SLAPD_PKI_IPA_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-PKI-IPA"
VAR_LIB_IPA = "/var/lib/ipa"
IPA_CLIENT_SYSRESTORE = "/var/lib/ipa-client/sysrestore"
IPA_BACKUP_DIR = "/var/lib/ipa/backup"
PKI_CA_PUBLISH_DIR = "/var/lib/ipa/pki-ca/publish"
REPLICA_INFO_TEMPLATE = "/var/lib/ipa/replica-info-%s"
REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg"
SYSRESTORE = "/var/lib/ipa/sysrestore"
STATEFILE_DIR = "/var/lib/ipa/sysupgrade"
VAR_LIB_PKI_DIR = "/var/lib/pki"
VAR_LIB_PKI_CA_DIR = "/var/lib/pki-ca"
PKI_ALIAS_CA_P12 = "/var/lib/pki-ca/alias/ca.p12"
VAR_LIB_PKI_TOMCAT_DIR = "/var/lib/pki/pki-tomcat"
CA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12"
SAMBA_DIR = "/var/lib/samba/"
SSSD_MC_GROUP = "/var/lib/sss/mc/group"
SSSD_MC_PASSWD = "/var/lib/sss/mc/passwd"
SSS_KRB5_INCLUDE_D = "/var/lib/sss/pubconf/krb5.include.d"
DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
SLAPD_INSTANCE_LOCK_TEMPLATE = "/var/lock/dirsrv/slapd-%s"
VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
VAR_LOG_SLAPD_PKI_IPA_DIR = "/var/log/dirsrv/slapd-PKI-IPA"
VAR_LOG_HTTPD_DIR = "/var/log/httpd"
IPABACKUP_LOG = "/var/log/ipabackup.log"
IPACLIENT_INSTALL_LOG = "/var/log/ipaclient-install.log"
IPACLIENT_UNINSTALL_LOG = "/var/log/ipaclient-uninstall.log"
IPAREPLICA_CONNCHECK_LOG = "/var/log/ipareplica-conncheck.log"
IPAREPLICA_INSTALL_LOG = "/var/log/ipareplica-install.log"
IPARESTORE_LOG = "/var/log/iparestore.log"
IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log"
IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log"
IPAUPGRADE_LOG = "/var/log/ipaupgrade.log"
KADMIND_LOG = "/var/log/kadmind.log"
MESSAGES = "/var/log/messages"
PKI_CA_LOG_DIR = "/var/log/pki-ca"
PKI_CA_INSTALL_LOG = "/var/log/pki-ca-install.log"
PKI_CA_UNINSTALL_LOG = "/var/log/pki-ca-uninstall.log"
VAR_LOG_PKI_DIR = "/var/log/pki/"
TOMCAT_TOPLEVEL_DIR = "/var/log/pki/pki-tomcat"
TOMCAT_CA_DIR = "/var/log/pki/pki-tomcat/ca"
TOMCAT_CA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/ca/archive"
TOMCAT_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/ca/signedAudit"
LOG_SECURE = "/var/log/secure"
NAMED_RUN = "/var/named/data/named.run"
VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv"
SVC_LIST_FILE = "/var/run/ipa/services.list"
IPA_MEMCACHED_DIR = "/var/run/ipa_memcached"
VAR_RUN_IPA_MEMCACHED = "/var/run/ipa_memcached/ipa_memcached"
KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba"
SLAPD_INSTANCE_SOCKET_TEMPLATE = "/var/run/slapd-%s.socket"
ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
path_namespace = BasePathNamespace

21
ipapython/certmonger.py
View File

@ -27,9 +27,10 @@ import re
import time
from ipapython import ipautil
from ipapython import dogtag
from ipaplatform.paths import paths
REQUEST_DIR='/var/lib/certmonger/requests/'
CA_DIR='/var/lib/certmonger/cas/'
REQUEST_DIR=paths.CERTMONGER_REQUESTS_DIR
CA_DIR=paths.CERTMONGER_CAS_DIR
# Normalizer types for critera in get_request_id()
NPATH = 1
@ -176,7 +177,7 @@ def request_cert(nssdb, nickname, subject, principal, passwd_fname=None):
"""
Execute certmonger to request a server certificate
"""
args = ['/usr/bin/ipa-getcert',
args = [paths.IPA_GETCERT,
'request',
'-d', nssdb,
'-n', nickname,
@ -202,7 +203,7 @@ def cert_exists(nickname, secdir):
a database that doesn't exist and a nickname that doesn't exist within
the database.
"""
args = ["/usr/bin/certutil", "-L",
args = [paths.CERTUTIL, "-L",
"-d", os.path.abspath(secdir),
"-n", nickname
]
@ -227,7 +228,7 @@ def start_tracking(nickname, secdir, password_file=None, command=None):
"""
if not cert_exists(nickname, os.path.abspath(secdir)):
raise RuntimeError('Nickname "%s" doesn\'t exist in NSS database "%s"' % (nickname, secdir))
args = ["/usr/bin/ipa-getcert", "start-tracking",
args = [paths.IPA_GETCERT, "start-tracking",
"-d", os.path.abspath(secdir),
"-n", nickname]
if password_file:
@ -261,7 +262,7 @@ def stop_tracking(secdir, request_id=None, nickname=None):
# Fall back to trying to stop tracking using nickname
pass
args = ['/usr/bin/getcert',
args = [paths.GETCERT,
'stop-tracking',
]
if request_id:
@ -390,7 +391,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
if not cert_exists(nickname, os.path.abspath(secdir)):
raise RuntimeError('Nickname "%s" doesn\'t exist in NSS database "%s"' % (nickname, secdir))
args = ["/usr/bin/getcert", "start-tracking",
args = [paths.GETCERT, "start-tracking",
"-d", os.path.abspath(secdir),
"-n", nickname,
"-c", ca,
@ -402,7 +403,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
libpath = 'lib64'
else:
libpath = 'lib'
pre_command = '/usr/%s/ipa/certmonger/%s' % (libpath, pre_command)
pre_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, pre_command)
args.append("-B")
args.append(pre_command)
@ -412,7 +413,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
libpath = 'lib64'
else:
libpath = 'lib'
post_command = '/usr/%s/ipa/certmonger/%s' % (libpath, post_command)
post_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, post_command)
args.append("-C")
args.append(post_command)
@ -446,7 +447,7 @@ def check_state(dirs):
return reqids
if __name__ == '__main__':
request_id = request_cert("/etc/httpd/alias", "Test", "cn=tiger.example.com,O=IPA", "HTTP/tiger.example.com@EXAMPLE.COM")
request_id = request_cert(paths.HTTPD_ALIAS_DIR, "Test", "cn=tiger.example.com,O=IPA", "HTTP/tiger.example.com@EXAMPLE.COM")
csr = get_request_value(request_id, 'csr')
print csr
stop_tracking(request_id)

3
ipapython/config.py
View File

@ -23,6 +23,7 @@ from copy import copy
from dns import resolver, rdatatype
from dns.exception import DNSException
from ipapython.dn import DN
from ipaplatform.paths import paths
import dns.name
import socket
@ -152,7 +153,7 @@ config = IPAConfig()
def __parse_config(discover_server = True):
p = ConfigParser.SafeConfigParser()
p.read("/etc/ipa/default.conf")
p.read(paths.IPA_DEFAULT_CONF)
try:
if not config.default_realm:

23
ipapython/dogtag.py
View File

@ -30,6 +30,7 @@ from ipalib import api, errors
from ipalib.errors import NetworkError, CertificateOperationError
from ipalib.text import _
from ipapython import nsslib, ipautil
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import *
# IPA can use either Dogtag version 9 or 10.
@ -50,17 +51,17 @@ class Dogtag10Constants(object):
DS_PORT = 389
DS_SECURE_PORT = 636
SPAWN_BINARY = '/usr/sbin/pkispawn'
DESTROY_BINARY = '/usr/sbin/pkidestroy'
SPAWN_BINARY = paths.PKISPAWN
DESTROY_BINARY = paths.PKIDESTROY
SERVER_ROOT = '/var/lib/pki'
SERVER_ROOT = paths.VAR_LIB_PKI_DIR
PKI_INSTANCE_NAME = 'pki-tomcat'
PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish'
CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT
PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT
SERVICE_PROFILE_DIR = '%s/ca/profiles/ca' % PKI_ROOT
ALIAS_DIR = '/etc/pki/pki-tomcat/alias'
ALIAS_DIR = paths.PKI_TOMCAT_ALIAS_DIR.rstrip('/')
SERVICE_NAME = 'pki_tomcatd'
@ -82,13 +83,13 @@ class Dogtag9Constants(object):
DS_PORT = 7389
DS_SECURE_PORT = 7636
SPAWN_BINARY = '/bin/pkicreate'
DESTROY_BINARY = '/bin/pkisilent'
SPAWN_BINARY = paths.PKICREATE
DESTROY_BINARY = paths.PKISILENT
SERVER_ROOT = '/var/lib'
SERVER_ROOT = paths.VAR_LIB
PKI_INSTANCE_NAME = 'pki-ca'
PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish'
CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT
PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT
SERVICE_PROFILE_DIR = '%s/profiles/ca' % PKI_ROOT
@ -108,7 +109,7 @@ class Dogtag9Constants(object):
DS_USER = "pkisrv"
DS_NAME = "PKI-IPA"
if os.path.exists('/usr/sbin/pkispawn'):
if os.path.exists(paths.PKISPAWN):
install_constants = Dogtag10Constants
else:
install_constants = Dogtag9Constants
@ -124,7 +125,7 @@ def _get_configured_version(api):
return int(api.env.dogtag_version)
else:
p = ConfigParser.SafeConfigParser()
p.read("/etc/ipa/default.conf")
p.read(paths.IPA_DEFAULT_CONF)
try:
version = p.get('global', 'dogtag_version')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):

27
ipapython/ipautil.py
View File

@ -17,13 +17,6 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
SHARE_DIR = "/usr/share/ipa/"
PLUGINS_SHARE_DIR = "/usr/share/ipa/plugins"
GEN_PWD_LEN = 12
IPA_BASEDN_INFO = 'ipa v2.0'
import string
import tempfile
import subprocess
@ -49,8 +42,16 @@ from dns.exception import DNSException
from ipapython.ipa_log_manager import *
from ipapython import ipavalidate
from ipapython import config
from ipaplatform.paths import paths
from ipapython.dn import DN
SHARE_DIR = paths.USR_SHARE_IPA_DIR
PLUGINS_SHARE_DIR = paths.IPA_PLUGINS
GEN_PWD_LEN = 12
IPA_BASEDN_INFO = 'ipa v2.0'
try:
from subprocess import CalledProcessError
except ImportError:
@ -143,7 +144,7 @@ class CheckedIPAddress(netaddr.IPAddress):
elif addr.version == 6:
family = 'inet6'
ipresult = run(['/sbin/ip', '-family', family, '-oneline', 'address', 'show'])
ipresult = run([paths.IP, '-family', family, '-oneline', 'address', 'show'])
lines = ipresult[0].split('\n')
for line in lines:
fields = line.split()
@ -261,7 +262,7 @@ def run(args, stdin=None, raiseonerr=True,
Example:
We have a command
['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser']
[paths.SETPASSWD, '--password', 'Secret123', 'someuser']
and we don't want to log the password so nolog would be set to:
('Secret123',)
The resulting log output would be:
@ -296,7 +297,7 @@ def run(args, stdin=None, raiseonerr=True,
if stdin:
p_in = subprocess.PIPE
if skip_output:
p_out = p_err = open('/dev/null', 'w')
p_out = p_err = open(paths.DEV_NULL, 'w')
elif capture_output:
p_out = subprocess.PIPE
p_err = subprocess.PIPE
@ -411,7 +412,7 @@ def encrypt_file(source, dest, password, workdir = None):
#give gpg a fake dir so that we can leater remove all
#the cruft when we clean up the tempdir
os.mkdir(gpgdir)
args = ['/usr/bin/gpg-agent', '--batch', '--homedir', gpgdir, '--daemon', '/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-c', source]
args = [paths.GPG_AGENT, '--batch', '--homedir', gpgdir, '--daemon', paths.GPG, '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-c', source]
run(args, password, skip_output=True)
except:
raise
@ -441,7 +442,7 @@ def decrypt_file(source, dest, password, workdir = None):
#give gpg a fake dir so that we can leater remove all
#the cruft when we clean up the tempdir
os.mkdir(gpgdir)
args = ['/usr/bin/gpg-agent', '--batch', '--homedir', gpgdir, '--daemon', '/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-d', source]
args = [paths.GPG_AGENT, '--batch', '--homedir', gpgdir, '--daemon', paths.GPG, '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-d', source]
run(args, password, skip_output=True)
except:
raise
@ -1234,6 +1235,6 @@ def restore_hostname(statestore):
system_hostname = socket.gethostname()
if old_hostname is not None and old_hostname != system_hostname:
try:
run(['/bin/hostname', old_hostname])
run([paths.BIN_HOSTNAME, old_hostname])
except CalledProcessError, e:
print >>sys.stderr, "Failed to set this machine hostname back to %s: %s" % (old_hostname, str(e))

5
ipapython/nsslib.py
View File

@ -29,6 +29,7 @@ import nss.io as io
import nss.nss as nss
import nss.ssl as ssl
import nss.error as error
from ipaplatform.paths import paths
def auth_certificate_callback(sock, check_sig, is_server, certdb):
cert_is_valid = False
@ -309,7 +310,7 @@ if __name__ == "__main__":
root_logger.info("Start")
if False:
conn = NSSConnection("www.verisign.com", 443, dbdir="/etc/pki/nssdb")
conn = NSSConnection("www.verisign.com", 443, dbdir=paths.NSS_DB_DIR)
conn.set_debuglevel(1)
conn.connect()
conn.request("GET", "/")
@ -322,7 +323,7 @@ if __name__ == "__main__":
conn.close()
if True:
h = NSSHTTPS("www.verisign.com", 443, dbdir="/etc/pki/nssdb")
h = NSSHTTPS("www.verisign.com", 443, dbdir=paths.NSS_DB_DIR)
h.connect()
h.putrequest('GET', '/')
h.endheaders()

5
ipapython/platform/base/__init__.py
View File

@ -1,4 +1,5 @@
# Authors: Alexander Bokovoy <abokovoy@redhat.com>
from ipaplatform.paths import paths
#
# Copyright (C) 2011 Red Hat
# see file 'COPYING' for use and warranty information
@ -17,8 +18,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Firefox paths
FIREFOX_EXEC = "/usr/bin/firefox"
FIREFOX_INSTALL_DIRS = ["/usr/lib64/firefox", "/usr/lib/firefox"]
FIREFOX_EXEC = paths.FIREFOX
FIREFOX_INSTALL_DIRS = [paths.LIB64_FIREFOX, paths.LIB_FIREFOX]
# /firefox/install/dir/FIREFOX_PREFERENCES_REL_PATH
FIREFOX_PREFERENCES_REL_PATH = "browser/defaults/preferences"

5
ipapython/platform/fedora16/selinux.py
View File

@ -1,4 +1,5 @@
# Author: Alexander Bokovoy <abokovoy@redhat.com>
from ipaplatform.paths import paths
#
# Copyright (C) 2011 Red Hat
# see file 'COPYING' for use and warranty information
@ -19,8 +20,8 @@
from ipapython.platform import redhat
def restore_context(filepath, restorecon='/usr/sbin/restorecon'):
def restore_context(filepath, restorecon=paths.RESTORECON):
return redhat.restore_context(filepath, restorecon)
def check_selinux_status(restorecon='/usr/sbin/restorecon'):
def check_selinux_status(restorecon=paths.RESTORECON):
return redhat.check_selinux_status(restorecon)

3
ipapython/sysrestore.py
View File

@ -33,8 +33,9 @@ import string
from ipapython import ipautil
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
SYSRESTORE_PATH = "/tmp"
SYSRESTORE_PATH = paths.TMP
SYSRESTORE_INDEXFILE = "sysrestore.index"
SYSRESTORE_STATEFILE = "sysrestore.state"

7
ipaserver/dcerpc.py
View File

@ -55,6 +55,7 @@ from dns import resolver, rdatatype
from dns.exception import DNSException
import pysss_nss_idmap
import pysss
from ipaplatform.paths import paths
__doc__ = _("""
Classes to manage trust joins using DCE-RPC calls
@ -474,13 +475,13 @@ class DomainValidator(object):
realm = api.env.realm
hostname = api.env.host
principal = 'HTTP/%s@%s' % (hostname, realm)
keytab = '/etc/httpd/conf/ipa.keytab'
keytab = paths.IPA_KEYTAB
# Destroy the contents of the ccache
root_logger.debug('Destroying the contents of the separate ccache')
(stdout, stderr, returncode) = ipautil.run(
['/usr/bin/kdestroy', '-A', '-c', ccache_path],
[paths.KDESTROY, '-A', '-c', ccache_path],
env={'KRB5CCNAME': ccache_path},
raiseonerr=False)
@ -489,7 +490,7 @@ class DomainValidator(object):
'service principal with MS-PAC attached.')
(stdout, stderr, returncode) = ipautil.run(
['/usr/bin/kinit', '-kt', keytab, principal],
[paths.KINIT, '-kt', keytab, principal],
env={'KRB5CCNAME': ccache_path},
raiseonerr=False)

31
ipaserver/install/adtrustinstance.py
View File

@ -40,6 +40,7 @@ from ipapython.ipa_log_manager import *
import ipaclient.ipachangeconf
from ipaplatform import services
from ipaplatform.paths import paths
ALLOWED_NETBIOS_CHARS = string.ascii_uppercase + string.digits
@ -60,7 +61,7 @@ and re-run ipa-adtrust-instal again afterwards.
"""
def check_inst():
for smbfile in ['/usr/sbin/smbd', '/usr/bin/net']:
for smbfile in [paths.SMBD, paths.NET]:
if not os.path.exists(smbfile):
print "%s was not found on this system" % smbfile
print "Please install the 'samba' packages and " \
@ -73,7 +74,7 @@ def check_inst():
def ipa_smb_conf_exists():
try:
conf_fd = open('/etc/samba/smb.conf', 'r')
conf_fd = open(paths.SMB_CONF, 'r')
except IOError, err:
if err.errno == errno.ENOENT:
return False
@ -134,7 +135,7 @@ class ADTRUSTInstance(service.Service):
if fstore:
self.fstore = fstore
else:
self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
self.fstore = sysrestore.FileStore(paths.SYSRESTORE)
self.__setup_default_attributes()
@ -145,8 +146,8 @@ class ADTRUSTInstance(service.Service):
"""
# Constants
self.smb_conf = "/etc/samba/smb.conf"
self.samba_keytab = "/etc/samba/samba.keytab"
self.smb_conf = paths.SMB_CONF
self.samba_keytab = paths.SAMBA_KEYTAB
self.selinux_booleans = ["samba_portmapper"]
self.cifs_hosts = []
@ -485,7 +486,7 @@ class ADTRUSTInstance(service.Service):
os.write(tmp_fd, conf)
os.close(tmp_fd)
args = ["/usr/bin/net", "conf", "import", tmp_name]
args = [paths.NET, "conf", "import", tmp_name]
try:
ipautil.run(args)
@ -608,8 +609,8 @@ class ADTRUSTInstance(service.Service):
def __configure_selinux_for_smbd(self):
selinux = False
try:
if (os.path.exists('/usr/sbin/selinuxenabled')):
ipautil.run(["/usr/sbin/selinuxenabled"])
if (os.path.exists(paths.SELINUXENABLED)):
ipautil.run([paths.SELINUXENABLED])
selinux = True
except ipautil.CalledProcessError:
# selinuxenabled returns 1 if not enabled
@ -620,7 +621,7 @@ class ADTRUSTInstance(service.Service):
sebools = []
for var in self.selinux_booleans:
try:
(stdout, stderr, returncode) = ipautil.run(["/usr/sbin/getsebool", var])
(stdout, stderr, returncode) = ipautil.run([paths.GETSEBOOL, var])
if stdout and not stderr and returncode == 0:
self.backup_state(var, stdout.split()[2])
sebools.append(var)
@ -629,7 +630,7 @@ class ADTRUSTInstance(service.Service):
if sebools:
bools = [var + "=true" for var in sebools]
args = ["/usr/sbin/setsebool", "-P"]
args = [paths.SETSEBOOL, "-P"]
args.extend(bools);
try:
ipautil.run(args)
@ -665,7 +666,7 @@ class ADTRUSTInstance(service.Service):
{'name':'realms', 'type':'section', 'action':'set',
'value':ropts}]
krbconf.changeConf("/etc/krb5.conf", opts)
krbconf.changeConf(paths.KRB5_CONF, opts)
def __update_krb5_conf(self):
"""
@ -673,7 +674,7 @@ class ADTRUSTInstance(service.Service):
"""
try:
krb5conf = open("/etc/krb5.conf", 'r')
krb5conf = open(paths.KRB5_CONF, 'r')
except IOError, e:
self.print_msg("Cannot open /etc/krb5.conf (%s)\n" % str(e))
return
@ -908,20 +909,20 @@ class ADTRUSTInstance(service.Service):
sebool_state = self.restore_state(var)
if not sebool_state is None:
try:
ipautil.run(["/usr/sbin/setsebool",
ipautil.run([paths.SETSEBOOL,
"-P", var, sebool_state])
except Exception:
self.print_msg(SELINUX_WARNING % dict(var=var))
# Remove samba's credentials cache
krb5cc_samba = '/var/run/samba/krb5cc_samba'
krb5cc_samba = paths.KRB5CC_SAMBA
installutils.remove_file(krb5cc_samba)
# Remove samba's configuration file
installutils.remove_file(self.smb_conf)
# Remove samba's persistent and temporary tdb files
tdb_files = [tdb_file for tdb_file in os.listdir("/var/lib/samba/")
tdb_files = [tdb_file for tdb_file in os.listdir(paths.SAMBA_DIR)
if tdb_file.endswith(".tdb")]
for tdb_file in tdb_files:
installutils.remove_file(tdb_file)

21
ipaserver/install/bindinstance.py
View File

@ -35,13 +35,14 @@ from ipapython.ipa_log_manager import *
from ipapython.dn import DN
import ipalib
from ipalib import api, errors
from ipaplatform.paths import paths
from ipalib.util import (validate_zonemgr_str, normalize_zonemgr,
get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy,
normalize_zone, get_reverse_zone_default, zone_is_reverse)
from ipalib.constants import CACERT
NAMED_CONF = '/etc/named.conf'
RESOLV_CONF = '/etc/resolv.conf'
NAMED_CONF = paths.NAMED_CONF
RESOLV_CONF = paths.RESOLV_CONF
named_conf_section_ipa_start_re = re.compile('\s*dynamic-db\s+"ipa"\s+{')
named_conf_section_options_start_re = re.compile('\s*options\s+{')
@ -55,14 +56,14 @@ def check_inst(unattended):
has_bind = True
# So far this file is always present in both RHEL5 and Fedora if all the necessary
# bind packages are installed (RHEL5 requires also the pkg: caching-nameserver)
if not os.path.exists('/etc/named.rfc1912.zones'):
if not os.path.exists(paths.NAMED_RFC1912_ZONES):
print "BIND was not found on this system"
print "Please install the 'bind' package and start the installation again"
has_bind = False
# Also check for the LDAP BIND plug-in
if not os.path.exists('/usr/lib/bind/ldap.so') and \
not os.path.exists('/usr/lib64/bind/ldap.so'):
if not os.path.exists(paths.BIND_LDAP_SO) and \
not os.path.exists(paths.BIND_LDAP_SO_64):
print "The BIND LDAP plug-in was not found on this system"
print "Please install the 'bind-dyndb-ldap' package and start the installation again"
has_bind = False
@ -458,7 +459,7 @@ class BindInstance(service.Service):
if fstore:
self.fstore = fstore
else:
self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
self.fstore = sysrestore.FileStore(paths.SYSRESTORE)
suffix = ipautil.dn_attribute_property('_suffix')
@ -758,8 +759,8 @@ class BindInstance(service.Service):
installutils.kadmin_addprinc(dns_principal)
# Store the keytab on disk
self.fstore.backup_file("/etc/named.keytab")
installutils.create_keytab("/etc/named.keytab", dns_principal)
self.fstore.backup_file(paths.NAMED_KEYTAB)
installutils.create_keytab(paths.NAMED_KEYTAB, dns_principal)
p = self.move_service(dns_principal)
if p is None:
# the service has already been moved, perhaps we're doing a DNS reinstall
@ -770,8 +771,8 @@ class BindInstance(service.Service):
# Make sure access is strictly reserved to the named user
pent = pwd.getpwnam(self.named_user)
os.chown("/etc/named.keytab", pent.pw_uid, pent.pw_gid)
os.chmod("/etc/named.keytab", 0400)
os.chown(paths.NAMED_KEYTAB, pent.pw_uid, pent.pw_gid)
os.chmod(paths.NAMED_KEYTAB, 0400)
# modify the principal so that it is marked as an ipa service so that
# it can host the memberof attribute, then also add it to the

71
ipaserver/install/cainstance.py
View File

@ -59,8 +59,9 @@ from ipaserver.install.installutils import stopped_service
from ipaserver.plugins import ldap2
from ipapython.ipa_log_manager import *
from ipaplatform import services
from ipaplatform.paths import paths
HTTPD_CONFD = "/etc/httpd/conf.d/"
HTTPD_CONFD = paths.HTTPD_CONF_D_DIR
DEFAULT_DSPORT = dogtag.install_constants.DS_PORT
PKI_USER = "pkiuser"
@ -99,7 +100,7 @@ def check_inst():
return False
# This is the template tomcat file for a CA
if not os.path.exists('/usr/share/pki/ca/conf/server.xml'):
if not os.path.exists(paths.PKI_CONF_SERVER_XML):
return False
return True
@ -132,7 +133,7 @@ def get_preop_pin(instance_root, instance_name):
def import_pkcs12(input_file, input_passwd, cert_database,
cert_passwd):
ipautil.run(["/usr/bin/pk12util", "-d", cert_database,
ipautil.run([paths.PK12UTIL, "-d", cert_database,
"-i", input_file,
"-k", cert_passwd,
"-w", input_passwd])
@ -322,7 +323,7 @@ def stop_tracking_certificates(dogtag_constants):
"certmonger failed to stop tracking certificate: %s" % str(e))
try:
certmonger.stop_tracking('/etc/httpd/alias', nickname='ipaCert')
certmonger.stop_tracking(paths.HTTPD_ALIAS_DIR, nickname='ipaCert')
except (ipautil.CalledProcessError, RuntimeError), e:
root_logger.error(
"certmonger failed to stop tracking certificate: %s" % str(e))
@ -444,7 +445,7 @@ class CAInstance(service.Service):
if self.dogtag_constants.DOGTAG_VERSION >= 10:
self.step("configuring certificate server instance", self.__spawn_instance)
else:
if not ipautil.dir_exists("/var/lib/pki-ca"):
if not ipautil.dir_exists(paths.VAR_LIB_PKI_CA_DIR):
self.step("creating pki-ca instance", self.create_instance)
self.step("configuring certificate server instance", self.__configure_instance)
self.step("stopping certificate server instance to update CS.cfg", self.__stop)
@ -526,7 +527,7 @@ class CAInstance(service.Service):
config.set("CA", "pki_admin_nickname", "ipa-ca-agent")
config.set("CA", "pki_admin_subject_dn",
str(DN(('cn', 'ipa-ca-agent'), self.subject_base)))
config.set("CA", "pki_client_admin_cert_p12", "/root/ca-agent.p12")
config.set("CA", "pki_client_admin_cert_p12", paths.CA_AGENT_P12)
# Directory server
config.set("CA", "pki_ds_ldap_port", str(self.ds_port))
@ -555,9 +556,9 @@ class CAInstance(service.Service):
if (self.clone):
cafile = self.pkcs12_info[0]
shutil.copy(cafile, "/tmp/ca.p12")
shutil.copy(cafile, paths.TMP_CA_P12)
pent = pwd.getpwnam(PKI_USER)
os.chown("/tmp/ca.p12", pent.pw_uid, pent.pw_gid)
os.chown(paths.TMP_CA_P12, pent.pw_uid, pent.pw_gid)
# Security domain registration
config.set("CA", "pki_security_domain_hostname", self.master_host)
@ -567,7 +568,7 @@ class CAInstance(service.Service):
# Clone
config.set("CA", "pki_clone", "True")
config.set("CA", "pki_clone_pkcs12_path", "/tmp/ca.p12")
config.set("CA", "pki_clone_pkcs12_path", paths.TMP_CA_P12)
config.set("CA", "pki_clone_pkcs12_password", self.dm_password)
config.set("CA", "pki_clone_replication_security", "TLS")
config.set("CA", "pki_clone_replication_master_port", str(self.master_replication_port))
@ -593,7 +594,7 @@ class CAInstance(service.Service):
# Define the things we don't want logged
nolog = (self.admin_password, self.dm_password,)
args = ["/usr/sbin/pkispawn", "-s", "CA", "-f", cfg_file ]
args = [paths.PKISPAWN, "-s", "CA", "-f", cfg_file ]
with open(cfg_file) as f:
root_logger.debug(
@ -613,8 +614,8 @@ class CAInstance(service.Service):
print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate"
sys.exit(0)
else:
shutil.move("/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12", \
"/root/cacert.p12")
shutil.move(paths.CA_BACKUP_KEYS_P12, \
paths.CACERT_P12)
root_logger.debug("completed creating ca instance")
@ -624,8 +625,8 @@ class CAInstance(service.Service):
"""
# Only used for Dogtag 9
args = ['/usr/bin/pkicreate',
'-pki_instance_root', '/var/lib',
args = [paths.PKICREATE,
'-pki_instance_root', paths.VAR_LIB,
'-pki_instance_name',
self.dogtag_constants.PKI_INSTANCE_NAME,
'-subsystem_type', 'ca',
@ -660,9 +661,9 @@ class CAInstance(service.Service):
root_logger.debug("ca user %s exists" % PKI_USER)
except KeyError:
root_logger.debug("adding ca user %s" % PKI_USER)
args = ["/usr/sbin/useradd", "-c", "CA System User",
"-d", "/var/lib",
"-s", "/sbin/nologin",
args = [paths.USERADD, "-c", "CA System User",
"-d", paths.VAR_LIB,
"-s", paths.NOLOGIN,
"-M", "-r", PKI_USER]
try:
ipautil.run(args)
@ -676,7 +677,7 @@ class CAInstance(service.Service):
self.server_root, self.dogtag_constants.PKI_INSTANCE_NAME)
try:
args = ["/usr/bin/perl", "/usr/bin/pkisilent", "ConfigureCA",
args = [paths.PERL, paths.PKISILENT, "ConfigureCA",
"-cs_hostname", self.fqdn,
"-cs_port", str(self.dogtag_constants.ADMIN_SECURE_PORT),
"-client_certdb_dir", self.ca_agent_db,
@ -731,9 +732,9 @@ class CAInstance(service.Service):
"""
# The install wizard expects the file to be here.
cafile = self.pkcs12_info[0]
shutil.copy(cafile, "/var/lib/pki-ca/alias/ca.p12")
shutil.copy(cafile, paths.PKI_ALIAS_CA_P12)
pent = pwd.getpwnam(PKI_USER)
os.chown("/var/lib/pki-ca/alias/ca.p12", pent.pw_uid, pent.pw_gid )
os.chown(paths.PKI_ALIAS_CA_P12, pent.pw_uid, pent.pw_gid )
args.append("-clone")
args.append("true")
args.append("-clone_p12_file")
@ -773,8 +774,8 @@ class CAInstance(service.Service):
# pkisilent makes a copy of the CA PKCS#12 file for us but gives
# it a lousy name.
if ipautil.file_exists("/root/tmp-ca.p12"):
shutil.move("/root/tmp-ca.p12", "/root/cacert.p12")
if ipautil.file_exists(paths.ROOT_TMP_CA_P12):
shutil.move(paths.ROOT_TMP_CA_P12, paths.CACERT_P12)
root_logger.debug("completed creating ca instance")
@ -805,7 +806,7 @@ class CAInstance(service.Service):
# Look thru the cert chain to get all the certs we need to add
# trust for
p = subprocess.Popen(["/usr/bin/certutil", "-d", self.ca_agent_db,
p = subprocess.Popen([paths.CERTUTIL, "-d", self.ca_agent_db,
"-O", "-n", "ipa-ca-agent"], stdout=subprocess.PIPE)
chain = p.stdout.read()
@ -836,7 +837,7 @@ class CAInstance(service.Service):
# to use the final RA agent database when issuing certs for DS and
# mod_nss.
args = [
'/usr/bin/sslget',
paths.SSLGET,
'-v',
'-n', 'ipa-ca-agent',
'-p', self.admin_password,
@ -857,7 +858,7 @@ class CAInstance(service.Service):
# Now issue the RA certificate.
args = [
'/usr/bin/sslget',
paths.SSLGET,
'-v',
'-n', 'ipa-ca-agent',
'-p', self.admin_password,
@ -951,7 +952,7 @@ class CAInstance(service.Service):
database = self.ra_agent_db
if not pwd_file:
pwd_file = self.ra_agent_pwd
new_args = ["/usr/bin/certutil", "-d", database, "-f", pwd_file]
new_args = [paths.CERTUTIL, "-d", database, "-f", pwd_file]
new_args = new_args + args
return ipautil.run(new_args, stdin, nolog=(pwd_file,))
@ -987,9 +988,9 @@ class CAInstance(service.Service):
os.write(pwd_fd, self.admin_password)
os.close(pwd_fd)
try:
ipautil.run(["/usr/bin/pk12util",
ipautil.run([paths.PK12UTIL,
"-n", "ipa-ca-agent",
"-o", "/root/ca-agent.p12",
"-o", paths.CA_AGENT_P12,
"-d", self.ca_agent_db,
"-k", pwd_name,
"-w", pwd_name])
@ -1008,7 +1009,7 @@ class CAInstance(service.Service):
# makes openssl throw up.
data = base64.b64decode(chain)
(certlist, stderr, returncode) = ipautil.run(["/usr/bin/openssl",
(certlist, stderr, returncode) = ipautil.run([paths.OPENSSL,
"pkcs7",
"-inform",
"DER",
@ -1318,11 +1319,11 @@ class CAInstance(service.Service):
try:
if self.dogtag_constants.DOGTAG_VERSION >= 10:
ipautil.run(["/usr/sbin/pkidestroy", "-i",
ipautil.run([paths.PKIDESTROY, "-i",
self.dogtag_constants.PKI_INSTANCE_NAME,
"-s", "CA"])
else:
ipautil.run(["/usr/bin/pkiremove",
ipautil.run([paths.PKIREMOVE,
"-pki_instance_root=/var/lib",
"-pki_instance_name=%s" %
self.dogtag_constants.PKI_INSTANCE_NAME,
@ -1401,7 +1402,7 @@ class CAInstance(service.Service):
if not path:
iface.add_known_ca(
'dogtag-ipa-ca-renew-agent',
'/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit', [])
paths.DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT, [])
def configure_agent_renewal(self):
try:
@ -1409,8 +1410,8 @@ class CAInstance(service.Service):
ca='dogtag-ipa-ca-renew-agent',
nickname='ipaCert',
pin=None,
pinfile='/etc/httpd/alias/pwdfile.txt',
secdir='/etc/httpd/alias',
pinfile=paths.ALIAS_PWDFILE_TXT,
secdir=paths.HTTPD_ALIAS_DIR,
pre_command=None,
post_command='renew_ra_cert')
except (ipautil.CalledProcessError, RuntimeError), e:
@ -1802,5 +1803,5 @@ if __name__ == "__main__":
standard_logging_setup("install.log")
ds = dsinstance.DsInstance()
ca = CAInstance("EXAMPLE.COM", "/etc/httpd/alias")
ca = CAInstance("EXAMPLE.COM", paths.HTTPD_ALIAS_DIR)
ca.configure_instance("catest.example.com", "example.com", "password", "password")

27
ipaserver/install/certs.py
View File

@ -42,10 +42,11 @@ from ipalib import pkcs10, x509, api
from ipalib.errors import CertificateOperationError
from ipalib.text import _
from ipaplatform import services
from ipaplatform.paths import paths
# Apache needs access to this database so we need to create it
# where apache can reach
NSS_DIR = "/etc/httpd/alias"
NSS_DIR = paths.HTTPD_ALIAS_DIR
def find_cert_from_txt(cert, start=0):
"""
@ -114,7 +115,7 @@ class NSSDatabase(object):
self.close()
def run_certutil(self, args, stdin=None):
new_args = ["/usr/bin/certutil", "-d", self.secdir]
new_args = [paths.CERTUTIL, "-d", self.secdir]
new_args = new_args + args
return ipautil.run(new_args, stdin)
@ -177,12 +178,12 @@ class NSSDatabase(object):
def import_pkcs12(self, pkcs12_filename, db_password_filename,
pkcs12_passwd=None):
args = ["/usr/bin/pk12util", "-d", self.secdir,
args = [paths.PK12UTIL, "-d", self.secdir,
"-i", pkcs12_filename,
"-k", db_password_filename, '-v']
if pkcs12_passwd is not None:
pkcs12_passwd = pkcs12_passwd + '\n'
args = args + ["-w", "/dev/stdin"]
args = args + ["-w", paths.DEV_STDIN]
try:
ipautil.run(args, stdin=pkcs12_passwd)
except ipautil.CalledProcessError, e:
@ -298,7 +299,7 @@ class CertDB(object):
self.cacert_fname = self.secdir + "/cacert.asc"
self.pk12_fname = self.secdir + "/cacert.p12"
self.pin_fname = self.secdir + "/pin.txt"
self.pwd_conf = "/etc/httpd/conf/password.conf"
self.pwd_conf = paths.HTTPD_PASSWORD_CONF
self.reqdir = None
self.certreq_fname = None
self.certder_fname = None
@ -328,7 +329,7 @@ class CertDB(object):
if fstore:
self.fstore = fstore
else:
self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
self.fstore = sysrestore.FileStore(paths.SYSRESTORE)
subject_base = ipautil.dn_attribute_property('_subject_base')
@ -351,7 +352,7 @@ class CertDB(object):
if self.reqdir is not None:
return
self.reqdir = tempfile.mkdtemp('', 'ipa-', '/var/lib/ipa')
self.reqdir = tempfile.mkdtemp('', 'ipa-', paths.VAR_LIB_IPA)
self.certreq_fname = self.reqdir + "/tmpcertreq"
self.certder_fname = self.reqdir + "/tmpcert.der"
@ -379,7 +380,7 @@ class CertDB(object):
def run_signtool(self, args, stdin=None):
with open(self.passwd_fname, "r") as f:
password = f.readline()
new_args = ["/usr/bin/signtool", "-d", self.secdir, "-p", password]
new_args = [paths.SIGNTOOL, "-d", self.secdir, "-p", password]
new_args = new_args + args
ipautil.run(new_args, stdin)
@ -446,7 +447,7 @@ class CertDB(object):
os.chmod(self.cacert_fname, stat.S_IRUSR | stat.S_IRGRP | stat.S_IROTH)
if create_pkcs12:
ipautil.backup_file(self.pk12_fname)
ipautil.run(["/usr/bin/pk12util", "-d", self.secdir,
ipautil.run([paths.PK12UTIL, "-d", self.secdir,
"-o", self.pk12_fname,
"-n", self.cacert_name,
"-w", self.passwd_fname,
@ -508,7 +509,7 @@ class CertDB(object):
libpath = 'lib64'
else:
libpath = 'lib'
command = '/usr/%s/ipa/certmonger/%s' % (libpath, command)
command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, command)
cmonger = services.knownservices.certmonger
cmonger.enable()
services.knownservices.messagebus.start()
@ -779,7 +780,7 @@ class CertDB(object):
if nickname is None:
nickname = get_ca_nickname(api.env.realm)
ipautil.run(["/usr/bin/pk12util", "-d", self.secdir,
ipautil.run([paths.PK12UTIL, "-d", self.secdir,
"-o", pkcs12_fname,
"-n", nickname,
"-k", self.passwd_fname,
@ -787,7 +788,7 @@ class CertDB(object):
def export_pem_p12(self, pkcs12_fname, pkcs12_pwd_fname,
nickname, pem_fname):
ipautil.run(["/usr/bin/openssl", "pkcs12",
ipautil.run([paths.OPENSSL, "pkcs12",
"-export", "-name", nickname,
"-in", pem_fname, "-out", pkcs12_fname,
"-passout", "file:" + pkcs12_pwd_fname])
@ -857,7 +858,7 @@ class CertDB(object):
def install_pem_from_p12(self, p12_fname, p12_passwd, pem_fname):
pwd = ipautil.write_tmp_file(p12_passwd)
ipautil.run(["/usr/bin/openssl", "pkcs12", "-nodes",
ipautil.run([paths.OPENSSL, "pkcs12", "-nodes",
"-in", p12_fname, "-out", pem_fname,
"-passin", "file:" + pwd.name])

67
ipaserver/install/dsinstance.py
View File

@ -43,9 +43,10 @@ from ipaplatform.tasks import tasks
from ipalib.constants import CACERT
from ipapython.dn import DN
from ipaplatform import services
from ipaplatform.paths import paths
SERVER_ROOT_64 = "/usr/lib64/dirsrv"
SERVER_ROOT_32 = "/usr/lib/dirsrv"
SERVER_ROOT_64 = paths.USR_LIB_DIRSRV_64
SERVER_ROOT_32 = paths.USR_LIB_DIRSRV
DS_USER = 'dirsrv'
DS_GROUP = 'dirsrv'
@ -75,32 +76,32 @@ def realm_to_serverid(realm_name):
return "-".join(realm_name.split("."))
def config_dirname(serverid):
return "/etc/dirsrv/slapd-" + serverid + "/"
return (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid) + "/"
def schema_dirname(serverid):
return config_dirname(serverid) + "/schema/"
def erase_ds_instance_data(serverid):
installutils.rmtree("/etc/dirsrv/slapd-%s" % serverid)
installutils.rmtree(paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid)
installutils.rmtree("/usr/lib/dirsrv/slapd-%s" % serverid)
installutils.rmtree(paths.USR_LIB_SLAPD_INSTANCE_TEMPLATE % serverid)
installutils.rmtree("/usr/lib64/dirsrv/slapd-%s" % serverid)
installutils.rmtree(paths.USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE % serverid)
installutils.rmtree("/var/lib/dirsrv/slapd-%s" % serverid)
installutils.rmtree(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % serverid)
installutils.rmtree("/var/lock/dirsrv/slapd-%s" % serverid)
installutils.rmtree(paths.SLAPD_INSTANCE_LOCK_TEMPLATE % serverid)
installutils.remove_file("/var/run/slapd-%s.socket" % serverid)
installutils.remove_file(paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % serverid)
installutils.rmtree("/var/lib/dirsrv/scripts-%s" % serverid)
installutils.rmtree(paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % serverid)
installutils.remove_file("/etc/dirsrv/ds.keytab")
installutils.remove_file(paths.DS_KEYTAB)
installutils.remove_file("/etc/sysconfig/dirsrv-%s" % serverid)
installutils.remove_file(paths.SYSCONFIG_DIRSRV_INSTANCE % serverid)
# try:
# shutil.rmtree("/var/log/dirsrv/slapd-%s" % serverid)
# shutil.rmtree(paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % serverid)
# except:
# pass
@ -112,7 +113,7 @@ def get_ds_instances():
matches 389ds behavior.
'''
dirsrv_instance_dir='/etc/dirsrv'
dirsrv_instance_dir=paths.ETC_DIRSRV
instance_prefix = 'slapd-'
instances = []
@ -158,11 +159,11 @@ def create_ds_user():
except KeyError:
root_logger.debug('Adding DS user %s', DS_USER)
args = [
'/usr/sbin/useradd',
paths.USERADD,
'-g', DS_GROUP,
'-c', 'DS System User',
'-d', '/var/lib/dirsrv',
'-s', '/sbin/nologin',
'-d', paths.VAR_LIB_DIRSRV,
'-s', paths.NOLOGIN,
'-M', '-r', DS_USER
]
try:
@ -184,7 +185,7 @@ def create_ds_group():
except KeyError:
group_exists = False
root_logger.debug('Adding DS group %s', DS_GROUP)
args = ['/usr/sbin/groupadd', '-r', DS_GROUP]
args = [paths.GROUPADD, '-r', DS_GROUP]
try:
ipautil.run(args)
root_logger.debug('Done adding DS group')
@ -251,7 +252,7 @@ class DsInstance(service.Service):
if fstore:
self.fstore = fstore
else:
self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
self.fstore = sysrestore.FileStore(paths.SYSRESTORE)
subject_base = ipautil.dn_attribute_property('_subject_base')
@ -433,13 +434,13 @@ class DsInstance(service.Service):
pent = pwd.getpwnam(DS_USER)
self.backup_state("serverid", self.serverid)
self.fstore.backup_file("/etc/sysconfig/dirsrv")
self.fstore.backup_file(paths.SYSCONFIG_DIRSRV)
self.sub_dict['BASEDC'] = self.realm.split('.')[0].lower()
base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict)
root_logger.debug(base_txt)
target_fname = '/var/lib/dirsrv/boot.ldif'
target_fname = paths.DIRSRV_BOOT_LDIF
base_fd = open(target_fname, "w")
base_fd.write(base_txt)
base_fd.close()
@ -453,11 +454,11 @@ class DsInstance(service.Service):
inf_fd = ipautil.write_tmp_file(inf_txt)
inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt)
root_logger.debug(inf_txt)
if ipautil.file_exists("/usr/sbin/setup-ds.pl"):
args = ["/usr/sbin/setup-ds.pl", "--silent", "--logfile", "-", "-f", inf_fd.name]
if ipautil.file_exists(paths.SETUP_DS_PL):
args = [paths.SETUP_DS_PL, "--silent", "--logfile", "-", "-f", inf_fd.name]
root_logger.debug("calling setup-ds.pl")
else:
args = ["/usr/bin/ds_newinst.pl", inf_fd.name]
args = [paths.DS_NEWINST_PL, inf_fd.name]
root_logger.debug("calling ds_newinst.pl")
try:
ipautil.run(args)
@ -476,7 +477,7 @@ class DsInstance(service.Service):
print "failed to restart ds instance", e
root_logger.debug("failed to restart ds instance %s" % e)
inf_fd.close()
os.remove("/var/lib/dirsrv/boot.ldif")
os.remove(paths.DIRSRV_BOOT_LDIF)
def __add_default_schemas(self):
pent = pwd.getpwnam(DS_USER)
@ -560,7 +561,7 @@ class DsInstance(service.Service):
def __enable_compat_plugin(self):
ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password, sub_dict=self.sub_dict)
rv = ld.update(['/usr/share/ipa/schema_compat.uldif'])
rv = ld.update([paths.SCHEMA_COMPAT_ULDIF])
if not rv:
raise RuntimeError("Enabling compatibility plugin failed")
@ -591,8 +592,8 @@ class DsInstance(service.Service):
def configure_dirsrv_ccache(self):
pent = pwd.getpwnam("dirsrv")
ccache = '/tmp/krb5cc_%d' % pent.pw_uid
filepath = '/etc/sysconfig/dirsrv'
ccache = paths.TMP_KRB5CC % pent.pw_uid
filepath = paths.SYSCONFIG_DIRSRV
if not os.path.exists(filepath):
# file doesn't exist; create it with correct ownership & mode
open(filepath, 'a').close()
@ -753,15 +754,15 @@ class DsInstance(service.Service):
admpwdfile = ""
try:
(dmpwdfd, dmpwdfile) = tempfile.mkstemp(dir='/var/lib/ipa')
(dmpwdfd, dmpwdfile) = tempfile.mkstemp(dir=paths.VAR_LIB_IPA)
os.write(dmpwdfd, self.dm_password)
os.close(dmpwdfd)
(admpwdfd, admpwdfile) = tempfile.mkstemp(dir='/var/lib/ipa')
(admpwdfd, admpwdfile) = tempfile.mkstemp(dir=paths.VAR_LIB_IPA)
os.write(admpwdfd, password)
os.close(admpwdfd)
args = ["/usr/bin/ldappasswd", "-h", self.fqdn,
args = [paths.LDAPPASSWD, "-h", self.fqdn,
"-ZZ", "-x", "-D", str(DN(('cn', 'Directory Manager'))),
"-y", dmpwdfile, "-T", admpwdfile,
str(DN(('uid', 'admin'), ('cn', 'users'), ('cn', 'accounts'), self.suffix))]
@ -790,8 +791,8 @@ class DsInstance(service.Service):
running = self.restore_state("running")
try:
self.fstore.restore_file("/etc/security/limits.conf")
self.fstore.restore_file("/etc/sysconfig/dirsrv")
self.fstore.restore_file(paths.LIMITS_CONF)
self.fstore.restore_file(paths.SYSCONFIG_DIRSRV)
except ValueError, error:
root_logger.debug(error)
pass

82
ipaserver/install/httpinstance.py
View File

@ -35,19 +35,9 @@ from ipapython.ipa_log_manager import *
from ipaserver.install import sysupgrade
from ipalib import api
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
from ipalib.constants import CACERT
HTTPD_DIR = "/etc/httpd"
SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf"
NSS_CONF = HTTPD_DIR + "/conf.d/nss.conf"
selinux_warning = """
WARNING: could not set selinux boolean(s) %(var)s to true. The web
interface may not function correctly until this boolean is successfully
change with the command:
/usr/sbin/setsebool -P %(var)s true
Try updating the policycoreutils and selinux-policy packages.
"""
def httpd_443_configured():
"""
@ -58,7 +48,7 @@ def httpd_443_configured():
False otherwise.
"""
try:
(stdout, stderr, rc) = ipautil.run(['/usr/sbin/httpd', '-t', '-D', 'DUMP_VHOSTS'])
(stdout, stderr, rc) = ipautil.run([paths.HTTPD, '-t', '-D', 'DUMP_VHOSTS'])
except ipautil.CalledProcessError, e:
service.print_msg("WARNING: cannot check if port 443 is already configured")
service.print_msg("httpd returned error when checking: %s" % e)
@ -84,7 +74,7 @@ class HTTPInstance(service.Service):
if fstore:
self.fstore = fstore
else:
self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
self.fstore = sysrestore.FileStore(paths.SYSRESTORE)
self.cert_nickname = cert_nickname
@ -151,15 +141,15 @@ class HTTPInstance(service.Service):
else:
updates = ["%s=%s" % update for update in changes.iteritems()]
args = ["/usr/sbin/setsebool", "-P"]
args = [paths.SETSEBOOL, "-P"]
args.extend(updates)
return args
selinux = False
try:
if (os.path.exists('/usr/sbin/selinuxenabled')):
ipautil.run(["/usr/sbin/selinuxenabled"])
if (os.path.exists(paths.SELINUXENABLED)):
ipautil.run([paths.SELINUXENABLED])
selinux = True
except ipautil.CalledProcessError:
# selinuxenabled returns 1 if not enabled
@ -173,7 +163,7 @@ class HTTPInstance(service.Service):
("httpd_manage_ipa", "on"))
for setting, state in required_settings:
try:
(stdout, stderr, returncode) = ipautil.run(["/usr/sbin/getsebool", setting])
(stdout, stderr, returncode) = ipautil.run([paths.GETSEBOOL, setting])
original_state = stdout.split()[2]
self.backup_state(setting, original_state)
@ -208,12 +198,12 @@ class HTTPInstance(service.Service):
def __create_http_keytab(self):
installutils.kadmin_addprinc(self.principal)
installutils.create_keytab("/etc/httpd/conf/ipa.keytab", self.principal)
installutils.create_keytab(paths.IPA_KEYTAB, self.principal)
self.move_service(self.principal)
self.add_cert_to_service()
pent = pwd.getpwnam("apache")
os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid)
os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid)
def remove_httpd_ccache(self):
# Clean up existing ccache
@ -222,17 +212,17 @@ class HTTPInstance(service.Service):
ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={})
def __configure_http(self):
target_fname = '/etc/httpd/conf.d/ipa.conf'
target_fname = paths.HTTPD_IPA_CONF
http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa.conf", self.sub_dict)
self.fstore.backup_file("/etc/httpd/conf.d/ipa.conf")
self.fstore.backup_file(paths.HTTPD_IPA_CONF)
http_fd = open(target_fname, "w")
http_fd.write(http_txt)
http_fd.close()
os.chmod(target_fname, 0644)
target_fname = '/etc/httpd/conf.d/ipa-rewrite.conf'
target_fname = paths.HTTPD_IPA_REWRITE_CONF
http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa-rewrite.conf", self.sub_dict)
self.fstore.backup_file("/etc/httpd/conf.d/ipa-rewrite.conf")
self.fstore.backup_file(paths.HTTPD_IPA_REWRITE_CONF)
http_fd = open(target_fname, "w")
http_fd.write(http_txt)
http_fd.close()
@ -249,28 +239,28 @@ class HTTPInstance(service.Service):
#
# Remove the workaround.
if sysupgrade.get_upgrade_state('nss.conf', 'listen_port_updated'):
installutils.set_directive(NSS_CONF, 'Listen', '443', quotes=False)
installutils.set_directive(paths.HTTPD_NSS_CONF, 'Listen', '443', quotes=False)
sysupgrade.set_upgrade_state('nss.conf', 'listen_port_updated', False)
def __set_mod_nss_port(self):
self.fstore.backup_file(NSS_CONF)
if installutils.update_file(NSS_CONF, '8443', '443') != 0:
print "Updating port in %s failed." % NSS_CONF
self.fstore.backup_file(paths.HTTPD_NSS_CONF)
if installutils.update_file(paths.HTTPD_NSS_CONF, '8443', '443') != 0:
print "Updating port in %s failed." % paths.HTTPD_NSS_CONF
def __set_mod_nss_nickname(self, nickname):
installutils.set_directive(NSS_CONF, 'NSSNickname', nickname)
installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSNickname', nickname)
def enable_mod_nss_renegotiate(self):
installutils.set_directive(NSS_CONF, 'NSSRenegotiation', 'on', False)
installutils.set_directive(NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False)
installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRenegotiation', 'on', False)
installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False)
def __set_mod_nss_passwordfile(self):
installutils.set_directive(NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf')
installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf')
def __add_include(self):
"""This should run after __set_mod_nss_port so is already backed up"""
if installutils.update_file(NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
print "Adding Include conf.d/ipa-rewrite to %s failed." % NSS_CONF
if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
print "Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF
def __setup_ssl(self):
fqdn = self.fqdn
@ -321,7 +311,7 @@ class HTTPInstance(service.Service):
tasks.restore_context(certs.NSS_DIR + "/key3.db")
def __setup_autoconfig(self):
target_fname = '/usr/share/ipa/html/preferences.html'
target_fname = paths.PREFERENCES_HTML
ipautil.copy_template_file(
ipautil.SHARE_DIR + "preferences.html.template",
target_fname, self.sub_dict)
@ -335,8 +325,8 @@ class HTTPInstance(service.Service):
# Setup configure.jar
if db.has_nickname('Signing-Cert'):
tmpdir = tempfile.mkdtemp(prefix="tmp-")
target_fname = '/usr/share/ipa/html/configure.jar'
shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir)
target_fname = paths.CONFIGURE_JAR
shutil.copy(paths.PREFERENCES_HTML, tmpdir)
db.run_signtool(["-k", "Signing-Cert",
"-Z", target_fname,
"-e", ".html", "-p", pwd,
@ -356,7 +346,7 @@ class HTTPInstance(service.Service):
``force`` is true.
"""
target_fname = '/usr/share/ipa/html/krb.js'
target_fname = paths.KRB_JS
if os.path.exists(target_fname) and not force:
root_logger.info(
'%s exists, skipping install of Firefox extension',
@ -375,8 +365,8 @@ class HTTPInstance(service.Service):
# Setup extension
tmpdir = tempfile.mkdtemp(prefix="tmp-")
extdir = tmpdir + "/ext"
target_fname = "/usr/share/ipa/html/kerberosauth.xpi"
shutil.copytree("/usr/share/ipa/ffextension", extdir)
target_fname = paths.KERBEROSAUTH_XPI
shutil.copytree(paths.FFEXTENSION, extdir)
if db.has_nickname('Signing-Cert'):
db.run_signtool(["-k", "Signing-Cert",
"-p", pwd,
@ -386,14 +376,14 @@ class HTTPInstance(service.Service):
root_logger.warning('Object-signing certificate was not found. '
'Creating unsigned Firefox configuration extension.')
filenames = os.listdir(extdir)
ipautil.run(['/usr/bin/zip', '-r', target_fname] + filenames,
ipautil.run([paths.ZIP, '-r', target_fname] + filenames,
cwd=extdir)
shutil.rmtree(tmpdir)
os.chmod(target_fname, 0644)
def __publish_ca_cert(self):
ca_db = certs.CertDB(self.realm)
ca_db.publish_ca_cert("/usr/share/ipa/html/ca.crt")
ca_db.publish_ca_cert(paths.CA_CRT)
def uninstall(self):
if self.is_configured():
@ -409,7 +399,7 @@ class HTTPInstance(service.Service):
if not enabled is None and not enabled:
self.disable()
for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]:
for f in [paths.HTTPD_IPA_CONF, paths.HTTPD_SSL_CONF, paths.HTTPD_NSS_CONF]:
try:
self.fstore.restore_file(f)
except ValueError, error:
@ -417,15 +407,15 @@ class HTTPInstance(service.Service):
pass
# Remove the configuration files we create
installutils.remove_file("/etc/httpd/conf.d/ipa-rewrite.conf")
installutils.remove_file("/etc/httpd/conf.d/ipa.conf")
installutils.remove_file("/etc/httpd/conf.d/ipa-pki-proxy.conf")
installutils.remove_file(paths.HTTPD_IPA_REWRITE_CONF)
installutils.remove_file(paths.HTTPD_IPA_CONF)
installutils.remove_file(paths.HTTPD_IPA_PKI_PROXY_CONF)
for var in ["httpd_can_network_connect", "httpd_manage_ipa"]:
sebool_state = self.restore_state(var)
if not sebool_state is None:
try:
ipautil.run(["/usr/sbin/setsebool", "-P", var, sebool_state])
ipautil.run([paths.SETSEBOOL, "-P", var, sebool_state])
except ipautil.CalledProcessError, e:
self.print_msg("Cannot restore SELinux boolean '%s' back to '%s': %s" \
% (var, sebool_state, e))

13
ipaserver/install/installutils.py
View File

@ -43,6 +43,7 @@ from ipalib import errors
from ipapython.dn import DN
from ipaserver.install import certs, service
from ipaplatform import services
from ipaplatform.paths import paths
# Used to determine install status
IPA_MODULES = [
@ -172,7 +173,7 @@ def verify_fqdn(host_name, no_host_dns=False, local_hostname=True):
raise HostReverseLookupError("The host name %s does not match the reverse lookup %s" % (host_name, revname))
verified.add(address)
def record_in_hosts(ip, host_name=None, file="/etc/hosts"):
def record_in_hosts(ip, host_name=None, file=paths.HOSTS):
"""
Search record in /etc/hosts - static table lookup for hostnames
@ -209,7 +210,7 @@ def record_in_hosts(ip, host_name=None, file="/etc/hosts"):
return None
def add_record_to_hosts(ip, host_name, file="/etc/hosts"):
def add_record_to_hosts(ip, host_name, file=paths.HOSTS):
hosts_fd = open(file, 'r+')
hosts_fd.seek(0, 2)
hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n')
@ -488,7 +489,7 @@ def get_server_ip_address(host_name, fstore, unattended, options):
if hosts_record is None:
if ip_add_to_hosts:
print "Adding ["+ip_address+" "+host_name+"] to your /etc/hosts file"
fstore.backup_file("/etc/hosts")
fstore.backup_file(paths.HOSTS)
add_record_to_hosts(ip_address, host_name)
else:
primary_host = hosts_record[1][0]
@ -566,7 +567,7 @@ def check_server_configuration():
Most convenient use case for the function is in install tools that require
configured IPA for its function.
"""
server_fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
server_fstore = sysrestore.FileStore(paths.SYSRESTORE)
if not server_fstore.has_files():
raise RuntimeError("IPA is not configured on this system.")
@ -597,8 +598,8 @@ def is_ipa_configured():
"""
installed = False
sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore')
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
sstore = sysrestore.StateFile(paths.SYSRESTORE)
fstore = sysrestore.FileStore(paths.SYSRESTORE)
for module in IPA_MODULES:
if sstore.has_state(module):

183
ipaserver/install/ipa_backup.py
View File

@ -25,6 +25,7 @@ import time
import pwd
from optparse import OptionGroup
from ConfigParser import SafeConfigParser
from ipaplatform.paths import paths
from ipaplatform import services
from ipalib import api, errors
@ -62,14 +63,14 @@ EOF
--keyring /root/backup.pub --list-secret-keys
"""
BACKUP_DIR = '/var/lib/ipa/backup'
BACKUP_DIR = paths.IPA_BACKUP_DIR
def encrypt_file(filename, keyring, remove_original=True):
source = filename
dest = filename + '.gpg'
args = ['/usr/bin/gpg',
args = [paths.GPG,
'--batch',
'--default-recipient-self',
'-o', dest]
@ -96,91 +97,91 @@ def encrypt_file(filename, keyring, remove_original=True):
class Backup(admintool.AdminTool):
command_name = 'ipa-backup'
log_file_name = '/var/log/ipabackup.log'
log_file_name = paths.IPABACKUP_LOG
usage = "%prog [options]"
description = "Back up IPA files and databases."
dirs = ('/usr/share/ipa/html',
'/root/.pki',
'/etc/pki-ca',
'/etc/pki/pki-tomcat',
'/etc/sysconfig/pki',
'/etc/httpd/alias',
'/var/lib/pki',
'/var/lib/pki-ca',
'/var/lib/ipa/sysrestore',
'/var/lib/ipa-client/sysrestore',
'/var/lib/sss/pubconf/krb5.include.d',
'/var/lib/authconfig/last',
'/var/lib/certmonger',
'/var/lib/ipa',
'/var/run/dirsrv',
'/var/lock/dirsrv',
dirs = (paths.IPA_HTML_DIR,
paths.ROOT_PKI,
paths.ETC_PKI_CA_DIR,
paths.PKI_TOMCAT,
paths.SYSCONFIG_PKI,
paths.HTTPD_ALIAS_DIR,
paths.VAR_LIB_PKI_DIR,
paths.VAR_LIB_PKI_CA_DIR,
paths.SYSRESTORE,
paths.IPA_CLIENT_SYSRESTORE,
paths.SSS_KRB5_INCLUDE_D,
paths.AUTHCONFIG_LAST,
paths.VAR_LIB_CERTMONGER_DIR,
paths.VAR_LIB_IPA,
paths.VAR_RUN_DIRSRV_DIR,
paths.DIRSRV_LOCK_DIR,
)
files = (
'/etc/named.conf',
'/etc/named.keytab',
'/etc/resolv.conf',
'/etc/sysconfig/pki-ca',
'/etc/sysconfig/pki-tomcat',
'/etc/sysconfig/dirsrv',
'/etc/sysconfig/ntpd',
'/etc/sysconfig/krb5kdc',
'/etc/sysconfig/pki/ca/pki-ca',
'/etc/sysconfig/authconfig',
'/etc/pki/nssdb/cert8.db',
'/etc/pki/nssdb/key3.db',
'/etc/pki/nssdb/secmod.db',
'/etc/nsswitch.conf',
'/etc/krb5.keytab',
'/etc/sssd/sssd.conf',
'/etc/openldap/ldap.conf',
'/etc/security/limits.conf',
'/etc/httpd/conf/password.conf',
'/etc/httpd/conf/ipa.keytab',
'/etc/httpd/conf.d/ipa-pki-proxy.conf',
'/etc/httpd/conf.d/ipa-rewrite.conf',
'/etc/httpd/conf.d/nss.conf',
'/etc/httpd/conf.d/ipa.conf',
'/etc/ssh/sshd_config',
'/etc/ssh/ssh_config',
'/etc/krb5.conf',
'/etc/group',
'/etc/passwd',
paths.NAMED_CONF,
paths.NAMED_KEYTAB,
paths.RESOLV_CONF,
paths.SYSCONFIG_PKI_CA_DIR,
paths.SYSCONFIG_PKI_TOMCAT,
paths.SYSCONFIG_DIRSRV,
paths.SYSCONFIG_NTPD,
paths.SYSCONFIG_KRB5KDC_DIR,
paths.SYSCONFIG_PKI_CA_PKI_CA_DIR,
paths.ETC_SYSCONFIG_AUTHCONFIG,
paths.NSSDB_CERT8_DB,
paths.NSSDB_KEY3_DB,
paths.NSSDB_SECMOD_DB,
paths.NSSWITCH_CONF,
paths.KRB5_KEYTAB,
paths.SSSD_CONF,
paths.OPENLDAP_LDAP_CONF,
paths.LIMITS_CONF,
paths.HTTPD_PASSWORD_CONF,
paths.IPA_KEYTAB,
paths.HTTPD_IPA_PKI_PROXY_CONF,
paths.HTTPD_IPA_REWRITE_CONF,
paths.HTTPD_NSS_CONF,
paths.HTTPD_IPA_CONF,
paths.SSHD_CONFIG,
paths.SSH_CONFIG,
paths.KRB5_CONF,
paths.GROUP,
paths.PASSWD,
CACERT,
'/etc/ipa/default.conf',
'/etc/dirsrv/ds.keytab',
'/etc/ntp.conf',
'/etc/samba/smb.conf',
'/etc/samba/samba.keytab',
'/root/ca-agent.p12',
'/root/cacert.p12',
'/var/kerberos/krb5kdc/kdc.conf',
'/etc/systemd/system/multi-user.target.wants/ipa.service',
'/etc/systemd/system/multi-user.target.wants/sssd.service',
'/etc/systemd/system/multi-user.target.wants/certmonger.service',
'/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service',
'/var/run/ipa/services.list',
paths.IPA_DEFAULT_CONF,
paths.DS_KEYTAB,
paths.NTP_CONF,
paths.SMB_CONF,
paths.SAMBA_KEYTAB,
paths.CA_AGENT_P12,
paths.CACERT_P12,
paths.KRB5KDC_KDC_CONF,
paths.SYSTEMD_IPA_SERVICE,
paths.SYSTEMD_SSSD_SERVICE,
paths.SYSTEMD_CERTMONGER_SERVICE,
paths.SYSTEMD_PKI_TOMCAT_SERVICE,
paths.SVC_LIST_FILE,
)
logs=(
'/var/log/pki-ca',
'/var/log/pki/',
'/var/log/dirsrv/slapd-PKI-IPA',
'/var/log/httpd',
'/var/log/ipaserver-install.log',
'/var/log/kadmind.log',
'/var/log/pki-ca-install.log',
'/var/log/messages',
'/var/log/ipaclient-install.log',
'/var/log/secure',
'/var/log/ipaserver-uninstall.log',
'/var/log/pki-ca-uninstall.log',
'/var/log/ipaclient-uninstall.log',
'/var/named/data/named.run',
paths.PKI_CA_LOG_DIR,
paths.VAR_LOG_PKI_DIR,
paths.VAR_LOG_SLAPD_PKI_IPA_DIR,
paths.VAR_LOG_HTTPD_DIR,
paths.IPASERVER_INSTALL_LOG,
paths.KADMIND_LOG,
paths.PKI_CA_INSTALL_LOG,
paths.MESSAGES,
paths.IPACLIENT_INSTALL_LOG,
paths.LOG_SECURE,
paths.IPASERVER_UNINSTALL_LOG,
paths.PKI_CA_UNINSTALL_LOG,
paths.IPACLIENT_UNINSTALL_LOG,
paths.NAMED_RUN,
)
def __init__(self, options, args):
@ -277,8 +278,8 @@ class Backup(admintool.AdminTool):
run(['ipactl', 'stop'])
for instance in [realm_to_serverid(api.env.realm), 'PKI-IPA']:
if os.path.exists('/var/lib/dirsrv/slapd-%s' % instance):
if os.path.exists('/var/lib/dirsrv/slapd-%s/db/ipaca' % instance):
if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance):
if os.path.exists(paths.IPACA_DIRSRV_INSTANCE_DB_TEMPLATE % instance):
self.db2ldif(instance, 'ipaca', online=options.online)
self.db2ldif(instance, 'userRoot', online=options.online)
self.db2bak(instance, online=options.online)
@ -310,26 +311,26 @@ class Backup(admintool.AdminTool):
instance.
'''
for dir in [
'/etc/dirsrv/slapd-%s' % realm_to_serverid(api.env.realm),
'/var/lib/dirsrv/scripts-%s' % realm_to_serverid(api.env.realm),
'/var/lib/dirsrv/slapd-%s' % realm_to_serverid(api.env.realm),
'/usr/lib64/dirsrv/slapd-PKI-IPA',
'/usr/lib/dirsrv/slapd-PKI-IPA',
'/etc/dirsrv/slapd-PKI-IPA',
'/var/lib/dirsrv/slapd-PKI-IPA',
paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % realm_to_serverid(api.env.realm),
paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % realm_to_serverid(api.env.realm),
paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % realm_to_serverid(api.env.realm),
paths.VAR_LIB_SLAPD_PKI_IPA_DIR_TEMPLATE,
paths.USR_LIB_SLAPD_PKI_IPA_DIR,
paths.ETC_SLAPD_PKI_IPA_DIR,
paths.VAR_LIB_SLAPD_PKI_IPA_DIR_TEMPLATE,
self.__find_scripts_dir('PKI-IPA'),
]:
if os.path.exists(dir):
self.dirs.append(dir)
for file in [
'/etc/sysconfig/dirsrv-%s' % realm_to_serverid(api.env.realm),
'/etc/sysconfig/dirsrv-PKI-IPA']:
paths.SYSCONFIG_DIRSRV_INSTANCE % realm_to_serverid(api.env.realm),
paths.SYSCONFIG_DIRSRV_PKI_IPA_DIR]:
if os.path.exists(file):
self.files.append(file)
for log in [
'/var/log/dirsrv/slapd-%s' % realm_to_serverid(api.env.realm),]:
paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % realm_to_serverid(api.env.realm),]:
self.logs.append(log)
@ -372,7 +373,7 @@ class Backup(admintool.AdminTool):
ldifname = '%s-%s.ldif' % (instance, backend)
ldiffile = os.path.join(
'/var/lib/dirsrv/slapd-%s/ldif' % instance,
paths.SLAPD_INSTANCE_LDIF_DIR_TEMPLATE % instance,
ldifname)
if online:
@ -421,7 +422,7 @@ class Backup(admintool.AdminTool):
cn = time.strftime('backup_%Y_%m_%d_%H_%M_%S')
dn = DN(('cn', cn), ('cn', 'backup'), ('cn', 'tasks'), ('cn', 'config'))
bakdir = os.path.join('/var/lib/dirsrv/slapd-%s/bak/%s' % (instance, instance))
bakdir = os.path.join(paths.SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE % (instance, instance))
if online:
conn = self.get_connection()
@ -560,10 +561,10 @@ class Backup(admintool.AdminTool):
does so we need to probe for it.
"""
if instance != 'PKI-IPA':
return os.path.join('/var/lib/dirsrv', 'scripts-%s' % instance)
return os.path.join(paths.VAR_LIB_DIRSRV, 'scripts-%s' % instance)
else:
if sys.maxsize > 2**32L:
libpath = 'lib64'
else:
libpath = 'lib'
return os.path.join('/usr', libpath, 'dirsrv', 'slapd-PKI-IPA')
return os.path.join(paths.USR_DIR, libpath, 'dirsrv', 'slapd-PKI-IPA')

7
ipaserver/install/ipa_ldap_updater.py
View File

@ -30,6 +30,7 @@ import krbV
from ipalib import api
from ipapython import ipautil, admintool
from ipaplatform.paths import paths
from ipaserver.install import installutils, dsinstance, schemaupdate
from ipaserver.install.ldapupdate import LDAPUpdate, UPDATES_DIR
from ipaserver.install.upgradeinstance import IPAUpgrade
@ -94,7 +95,7 @@ class LDAPUpdater(admintool.AdminTool):
except RuntimeError, e:
print unicode(e)
sys.exit(1)
elif not os.path.exists('/etc/ipa/default.conf'):
elif not os.path.exists(paths.IPA_DEFAULT_CONF):
print "IPA is not configured on this system."
sys.exit(1)
@ -124,7 +125,7 @@ class LDAPUpdater(admintool.AdminTool):
class LDAPUpdater_Upgrade(LDAPUpdater):
log_file_name = '/var/log/ipaupgrade.log'
log_file_name = paths.IPAUPGRADE_LOG
def validate_options(self):
if os.getegid() != 0:
@ -154,7 +155,7 @@ class LDAPUpdater_Upgrade(LDAPUpdater):
class LDAPUpdater_NonUpgrade(LDAPUpdater):
log_file_name = '/var/log/ipaupgrade.log'
log_file_name = paths.IPAUPGRADE_LOG
def validate_options(self):
super(LDAPUpdater_NonUpgrade, self).validate_options()

23
ipaserver/install/ipa_replica_prepare.py
View File

@ -34,6 +34,7 @@ from ipapython.dn import DN
from ipapython import version
from ipalib import api
from ipalib import errors
from ipaplatform.paths import paths
from ipalib.constants import CACERT
@ -60,7 +61,7 @@ class ReplicaPrepare(admintool.AdminTool):
parser.add_option("--no-pkinit", dest="setup_pkinit",
action="store_false", default=True,
help="disables pkinit setup steps")
parser.add_option("--ca", dest="ca_file", default="/root/cacert.p12",
parser.add_option("--ca", dest="ca_file", default=paths.CACERT_P12,
metavar="FILE",
help="location of CA PKCS#12 file, default /root/cacert.p12")
@ -358,16 +359,16 @@ class ReplicaPrepare(admintool.AdminTool):
self.log.info("Copying additional files")
self.copy_info_file(CACERT, "ca.crt")
preferences_filename = "/usr/share/ipa/html/preferences.html"
preferences_filename = paths.PREFERENCES_HTML
if ipautil.file_exists(preferences_filename):
self.copy_info_file(preferences_filename, "preferences.html")
self.copy_info_file("/usr/share/ipa/html/krb.js", "krb.js")
self.copy_info_file(paths.KRB_JS, "krb.js")
self.copy_info_file(
"/usr/share/ipa/html/kerberosauth.xpi", "kerberosauth.xpi")
jar_filename = "/usr/share/ipa/html/configure.jar"
paths.KERBEROSAUTH_XPI, "kerberosauth.xpi")
jar_filename = paths.CONFIGURE_JAR
if ipautil.file_exists(jar_filename):
self.copy_info_file(jar_filename, "configure.jar")
cacert_filename = "/var/kerberos/krb5kdc/cacert.pem"
cacert_filename = paths.CACERT_PEM
if ipautil.file_exists(cacert_filename):
self.copy_info_file(cacert_filename, "cacert.pem")
@ -387,12 +388,12 @@ class ReplicaPrepare(admintool.AdminTool):
config.write(fd)
def package_replica_file(self):
replicafile = "/var/lib/ipa/replica-info-%s" % self.replica_fqdn
replicafile = paths.REPLICA_INFO_TEMPLATE % self.replica_fqdn
encfile = "%s.gpg" % replicafile
self.log.info("Packaging replica information into %s", encfile)
ipautil.run(
["/bin/tar", "cf", replicafile, "-C", self.top_dir, "realm_info"])
[paths.TAR, "cf", replicafile, "-C", self.top_dir, "realm_info"])
ipautil.encrypt_file(
replicafile, encfile, self.dirman_password, self.top_dir)
@ -546,7 +547,7 @@ class ReplicaPrepare(admintool.AdminTool):
dm_pwd_fd = ipautil.write_tmp_file(self.dirman_password)
keydb_pwd = ''
with open('/etc/pki/pki-tomcat/password.conf') as f:
with open(paths.PKI_TOMCAT_PASSWORD_CONF) as f:
for line in f.readlines():
key, value = line.strip().split('=')
if key == 'internal':
@ -556,8 +557,8 @@ class ReplicaPrepare(admintool.AdminTool):
keydb_pwd_fd = ipautil.write_tmp_file(keydb_pwd)
ipautil.run([
'/usr/bin/PKCS12Export',
'-d', '/etc/pki/pki-tomcat/alias/',
paths.PKCS12EXPORT,
'-d', paths.PKI_TOMCAT_ALIAS_DIR,
'-p', keydb_pwd_fd.name,
'-w', dm_pwd_fd.name,
'-o', ca_file

27
ipaserver/install/ipa_restore.py
View File

@ -40,6 +40,7 @@ from ipapython import ipaldap
from ipaplatform.tasks import tasks
from ipaserver.install.ipa_backup import BACKUP_DIR
from ipaplatform import services
from ipaplatform.paths import paths
def recursive_chown(path, uid, gid):
@ -65,7 +66,7 @@ def decrypt_file(tmpdir, filename, keyring):
dest = os.path.basename(dest)
dest = os.path.join(tmpdir, dest)
args = ['/usr/bin/gpg',
args = [paths.GPG,
'--batch',
'-o', dest]
@ -88,7 +89,7 @@ def decrypt_file(tmpdir, filename, keyring):
class Restore(admintool.AdminTool):
command_name = 'ipa-restore'
log_file_name = '/var/log/iparestore.log'
log_file_name = paths.IPARESTORE_LOG
usage = "%prog [options] backup"
@ -180,7 +181,7 @@ class Restore(admintool.AdminTool):
if not options.instance:
instances = []
for instance in [realm_to_serverid(api.env.realm), 'PKI-IPA']:
if os.path.exists('/var/lib/dirsrv/slapd-%s' % instance):
if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance):
instances.append(instance)
else:
instances = [options.instance]
@ -277,10 +278,10 @@ class Restore(admintool.AdminTool):
# have a unified instance we need to restore both userRoot and
# ipaca.
for instance in instances:
if os.path.exists('/var/lib/dirsrv/slapd-%s' % instance):
if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance):
if options.backend is None:
self.ldif2db(instance, 'userRoot', online=options.online)
if os.path.exists('/var/lib/dirsrv/slapd-%s/db/ipaca' % instance):
if os.path.exists(paths.IPACA_DIRSRV_INSTANCE_DB_TEMPLATE % instance):
self.ldif2db(instance, 'ipaca', online=options.online)
else:
self.ldif2db(instance, options.backend, online=options.online)
@ -589,13 +590,13 @@ class Restore(admintool.AdminTool):
does so we need to probe for it.
"""
if instance != 'PKI-IPA':
return os.path.join('/var/lib/dirsrv', 'scripts-%s' % instance)
return os.path.join(paths.VAR_LIB_DIRSRV, 'scripts-%s' % instance)
else:
if sys.maxsize > 2**32L:
libpath = 'lib64'
else:
libpath = 'lib'
return os.path.join('/usr', libpath, 'dirsrv', 'slapd-PKI-IPA')
return os.path.join(paths.USR_DIR, libpath, 'dirsrv', 'slapd-PKI-IPA')
def __create_dogtag_log_dirs(self):
"""
@ -606,16 +607,16 @@ class Restore(admintool.AdminTool):
or a d10-based installation. We can tell based on whether there is
a PKI-IPA 389-ds instance.
"""
if os.path.exists('/etc/dirsrv/slapd-PKI-IPA'): # dogtag 9
topdir = '/var/log/pki-ca'
if os.path.exists(paths.ETC_SLAPD_PKI_IPA_DIR): # dogtag 9
topdir = paths.PKI_CA_LOG_DIR
dirs = [topdir,
'/var/log/pki-ca/signedAudit,']
else: # dogtag 10
topdir = '/var/log/pki/pki-tomcat'
topdir = paths.TOMCAT_TOPLEVEL_DIR
dirs = [topdir,
'/var/log/pki/pki-tomcat/ca',
'/var/log/pki/pki-tomcat/ca/archive',
'/var/log/pki/pki-tomcat/ca/signedAudit',]
paths.TOMCAT_CA_DIR,
paths.TOMCAT_CA_ARCHIVE_DIR,
paths.TOMCAT_SIGNEDAUDIT_DIR,]
if os.path.exists(topdir):
return

5
ipaserver/install/ipa_server_certinstall.py
View File

@ -24,6 +24,7 @@ import os.path
import pwd
import optparse
from ipaplatform.paths import paths
from ipapython import admintool
from ipapython.dn import DN
from ipapython.ipautil import user_input, write_tmp_file
@ -132,14 +133,14 @@ class ServerCertInstall(admintool.AdminTool):
def install_http_cert(self):
dirname = certs.NSS_DIR
old_cert = installutils.get_directive(httpinstance.NSS_CONF,
old_cert = installutils.get_directive(paths.HTTPD_NSS_CONF,
'NSSNickname')
server_cert = self.import_cert(dirname, self.options.pin,
old_cert, 'HTTP/%s' % api.env.host,
'restart_httpd')
installutils.set_directive(httpinstance.NSS_CONF,
installutils.set_directive(paths.HTTPD_NSS_CONF,
'NSSNickname', server_cert)
# Fix the database permissions

41
ipaserver/install/krbinstance.py
View File

@ -45,6 +45,7 @@ import struct
import certs
from distutils import version
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
def update_key_val_in_file(filename, key, val):
if os.path.exists(filename):
@ -88,7 +89,7 @@ class KrbInstance(service.Service):
if fstore:
self.fstore = fstore
else:
self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
self.fstore = sysrestore.FileStore(paths.SYSRESTORE)
suffix = ipautil.dn_attribute_property('_suffix')
subject_base = ipautil.dn_attribute_property('_subject_base')
@ -345,11 +346,11 @@ class KrbInstance(service.Service):
print "Failed to initialize the realm container"
def __configure_instance(self):
self.__template_file("/var/kerberos/krb5kdc/kdc.conf", chmod=None)
self.__template_file("/etc/krb5.conf")
self.__template_file("/usr/share/ipa/html/krb5.ini")
self.__template_file("/usr/share/ipa/html/krb.con")
self.__template_file("/usr/share/ipa/html/krbrealm.con")
self.__template_file(paths.KRB5KDC_KDC_CONF, chmod=None)
self.__template_file(paths.KRB5_CONF)
self.__template_file(paths.HTML_KRB5_INI)
self.__template_file(paths.KRB_CON)
self.__template_file(paths.HTML_KRBREALM_CON)
MIN_KRB5KDC_WITH_WORKERS = "1.9"
cpus = os.sysconf('SC_NPROCESSORS_ONLN')
@ -367,10 +368,10 @@ class KrbInstance(service.Service):
appendvars = {}
if workers and cpus > 1:
appendvars = {'KRB5KDC_ARGS': "'-w %s'" % str(cpus)}
ipautil.backup_config_and_replace_variables(self.fstore, "/etc/sysconfig/krb5kdc",
ipautil.backup_config_and_replace_variables(self.fstore, paths.SYSCONFIG_KRB5KDC_DIR,
replacevars=replacevars,
appendvars=appendvars)
tasks.restore_context("/etc/sysconfig/krb5kdc")
tasks.restore_context(paths.SYSCONFIG_KRB5KDC_DIR)
def __write_stash_from_ds(self):
try:
@ -390,7 +391,7 @@ class KrbInstance(service.Service):
format = '=hi%ss' % len(keydata)
s = struct.pack(format, keytype, len(keydata), keydata)
try:
fd = open("/var/kerberos/krb5kdc/.k5."+self.realm, "w")
fd = open(paths.VAR_KRB5KDC_K5_REALM+self.realm, "w")
fd.write(s)
fd.close()
except os.error, e:
@ -406,23 +407,23 @@ class KrbInstance(service.Service):
installutils.kadmin_addprinc(ldap_principal)
self.move_service(ldap_principal)
self.fstore.backup_file("/etc/dirsrv/ds.keytab")
installutils.create_keytab("/etc/dirsrv/ds.keytab", ldap_principal)
self.fstore.backup_file(paths.DS_KEYTAB)
installutils.create_keytab(paths.DS_KEYTAB, ldap_principal)
update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
update_key_val_in_file(paths.SYSCONFIG_DIRSRV, "KRB5_KTNAME", paths.DS_KEYTAB)
pent = pwd.getpwnam(dsinstance.DS_USER)
os.chown("/etc/dirsrv/ds.keytab", pent.pw_uid, pent.pw_gid)
os.chown(paths.DS_KEYTAB, pent.pw_uid, pent.pw_gid)
def __create_host_keytab(self):
host_principal = "host/" + self.fqdn + "@" + self.realm
installutils.kadmin_addprinc(host_principal)
self.fstore.backup_file("/etc/krb5.keytab")
installutils.create_keytab("/etc/krb5.keytab", host_principal)
self.fstore.backup_file(paths.KRB5_KEYTAB)
installutils.create_keytab(paths.KRB5_KEYTAB, host_principal)
# Make sure access is strictly reserved to root only for now
os.chown("/etc/krb5.keytab", 0, 0)
os.chmod("/etc/krb5.keytab", 0600)
os.chown(paths.KRB5_KEYTAB, 0, 0)
os.chmod(paths.KRB5_KEYTAB, 0600)
self.move_service_to_host(host_principal)
@ -433,13 +434,13 @@ class KrbInstance(service.Service):
if self.pkcs12_info:
ca_db.install_pem_from_p12(self.pkcs12_info[0],
self.pkcs12_info[1],
"/var/kerberos/krb5kdc/kdc.pem")
paths.KDC_PEM)
else:
raise RuntimeError("PKI not supported yet\n")
# Finally copy the cacert in the krb directory so we don't
# have any selinux issues with the file context
shutil.copyfile(CACERT, "/var/kerberos/krb5kdc/cacert.pem")
shutil.copyfile(CACERT, paths.CACERT_PEM)
def __add_anonymous_pkinit_principal(self):
princ = "WELLKNOWN/ANONYMOUS"
@ -472,7 +473,7 @@ class KrbInstance(service.Service):
except:
pass
for f in ["/var/kerberos/krb5kdc/kdc.conf", "/etc/krb5.conf"]:
for f in [paths.KRB5KDC_KDC_CONF, paths.KRB5_CONF]:
try:
self.fstore.restore_file(f)
except ValueError, error:

5
ipaserver/install/ldapupdate.py
View File

@ -22,8 +22,6 @@
# TODO
# save undo files?
UPDATES_DIR="/usr/share/ipa/updates/"
import sys
import uuid
import platform
@ -41,11 +39,14 @@ from ipaserver.install import installutils
from ipapython import ipautil, ipaldap
from ipalib import errors
from ipalib import api
from ipaplatform.paths import paths
from ipapython.dn import DN
from ipapython.ipa_log_manager import *
from ipaserver.install.plugins import PRE_UPDATE, POST_UPDATE
from ipaserver.plugins import ldap2
UPDATES_DIR=paths.UPDATES_DIR
def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None):
"""Create a connection for updates"""

21
ipaserver/install/ntpinstance.py
View File

@ -21,6 +21,7 @@
import service
from ipapython import sysrestore
from ipapython import ipautil
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import *
class NTPInstance(service.Service):
@ -30,20 +31,20 @@ class NTPInstance(service.Service):
if fstore:
self.fstore = fstore
else:
self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
self.fstore = sysrestore.FileStore(paths.SYSRESTORE)
def __write_config(self):
self.fstore.backup_file("/etc/ntp.conf")
self.fstore.backup_file("/etc/sysconfig/ntpd")
self.fstore.backup_file(paths.NTP_CONF)
self.fstore.backup_file(paths.SYSCONFIG_NTPD)
# We use the OS variable to point it towards either the rhel
# or fedora pools. Other distros should be added in the future
# or we can get our own pool.
os = ""
if ipautil.file_exists("/etc/fedora-release"):
if ipautil.file_exists(paths.ETC_FEDORA_RELEASE):
os = "fedora"
elif ipautil.file_exists("/etc/redhat-release"):
elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE):
os = "rhel"
srv_vals = []
@ -57,7 +58,7 @@ class NTPInstance(service.Service):
file_changed = False
fudge_present = False
ntpconf = []
fd = open("/etc/ntp.conf", "r")
fd = open(paths.NTP_CONF, "r")
for line in fd:
opt = line.split()
if len(opt) < 1:
@ -85,7 +86,7 @@ class NTPInstance(service.Service):
ntpconf.append(line)
if file_changed or len(srv_vals) != 0 or not fudge_present:
fd = open("/etc/ntp.conf", "w")
fd = open(paths.NTP_CONF, "w")
for line in ntpconf:
fd.write(line)
fd.write("\n### Added by IPA Installer ###\n")
@ -99,7 +100,7 @@ class NTPInstance(service.Service):
#read in memory, find OPTIONS, check/change it, then overwrite file
needopts = [ {'val':'-x', 'need':True},
{'val':'-g', 'need':True} ]
fd = open("/etc/sysconfig/ntpd", "r")
fd = open(paths.SYSCONFIG_NTPD, "r")
lines = fd.readlines()
fd.close()
for line in lines:
@ -118,7 +119,7 @@ class NTPInstance(service.Service):
done = False
if newopts:
fd = open("/etc/sysconfig/ntpd", "w")
fd = open(paths.SYSCONFIG_NTPD, "w")
for line in lines:
if not done:
sline = line.strip()
@ -167,7 +168,7 @@ class NTPInstance(service.Service):
self.stop()
try:
self.fstore.restore_file("/etc/ntp.conf")
self.fstore.restore_file(paths.NTP_CONF)
except ValueError, error:
root_logger.debug(error)
pass

3
ipaserver/install/plugins/ca_renewal_master.py
View File

@ -22,6 +22,7 @@ from ipaserver.install import installutils, certs, cainstance
from ipalib import errors
from ipalib.plugable import Registry
from ipapython import certmonger, dogtag
from ipaplatform.paths import paths
from ipapython.dn import DN
register = Registry()
@ -52,7 +53,7 @@ class update_ca_renewal_master(PostUpdate):
return (False, False, [])
criteria = (
('cert_storage_location', '/etc/httpd/alias', certmonger.NPATH),
('cert_storage_location', paths.HTTPD_ALIAS_DIR, certmonger.NPATH),
('cert_nickname', 'ipaCert', None),
)
request_id = certmonger.get_request_id(criteria)

3
ipaserver/install/plugins/updateclient.py
View File

@ -22,6 +22,7 @@ from ipaserver.install.ldapupdate import LDAPUpdate
from ipapython.ipautil import wait_for_open_socket
from ipalib import api
from ipalib import backend
from ipaplatform.paths import paths
from ipapython.dn import DN
class updateclient(backend.Executioner):
@ -143,7 +144,7 @@ class updateclient(backend.Executioner):
def restart(self, dm_password, live_run):
dsrestart = DSRestart()
socket_name = '/var/run/slapd-%s.socket' % \
socket_name = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % \
api.env.realm.replace('.','-')
if live_run:
self.destroy_context()

3
ipaserver/install/replication.py
View File

@ -30,6 +30,7 @@ from ipapython.ipa_log_manager import *
from ipapython import ipautil, dogtag, ipaldap
from ipapython.dn import DN
from ipaplatform import services
from ipaplatform.paths import paths
# the default container used by AD for user entries
WIN_USER_CONTAINER = DN(('cn', 'Users'))
@ -68,7 +69,7 @@ def replica_conn_check(master_host, host_name, realm, check_ca,
Does not return a value, will sys.exit() on failure.
"""
print "Run connection check to master"
args = ["/usr/sbin/ipa-replica-conncheck", "--master", master_host,
args = [paths.IPA_REPLICA_CONNCHECK, "--master", master_host,
"--auto-master-check", "--realm", realm,
"--principal", "admin",
"--hostname", host_name]

5
ipaserver/install/service.py
View File

@ -29,6 +29,7 @@ from ipapython.dn import DN
from ipapython.ipa_log_manager import *
from ipalib import errors
from ipaplatform import services
from ipaplatform.paths import paths
# Autobind modes
AUTO = 1
@ -88,7 +89,7 @@ class Service(object):
if sstore:
self.sstore = sstore
else:
self.sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore')
self.sstore = sysrestore.StateFile(paths.SYSRESTORE)
self.realm = None
self.suffix = DN()
@ -155,7 +156,7 @@ class Service(object):
if 'RANDOM_PASSWORD' in sub_dict:
nologlist.append(sub_dict['RANDOM_PASSWORD'])
args = ["/usr/bin/ldapmodify", "-v", "-f", path]
args = [paths.LDAPMODIFY, "-v", "-f", path]
# As we always connect to the local host,
# use URI of admin connection

3
ipaserver/install/sysupgrade.py
View File

@ -21,9 +21,10 @@ import os
import os.path
from ipapython import sysrestore
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import *
STATEFILE_DIR = '/var/lib/ipa/sysupgrade'
STATEFILE_DIR = paths.STATEFILE_DIR
STATEFILE_FILE = 'sysupgrade.state'
_sstore = sysrestore.StateFile(STATEFILE_DIR, STATEFILE_FILE)

7
ipaserver/install/upgradeinstance.py
View File

@ -22,6 +22,7 @@ import sys
import shutil
import random
import traceback
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import *
from ipaserver.install import installutils
@ -30,7 +31,7 @@ from ipaserver.install import schemaupdate
from ipaserver.install import ldapupdate
from ipaserver.install import service
DSBASE = '/etc/dirsrv/slapd-'
DSBASE = paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE
DSE = 'dse.ldif'
class IPAUpgrade(service.Service):
@ -53,8 +54,8 @@ class IPAUpgrade(service.Service):
ext += h
service.Service.__init__(self, "dirsrv")
serverid = dsinstance.realm_to_serverid(realm_name)
self.filename = '%s%s/%s' % (DSBASE, serverid, DSE)
self.savefilename = '%s%s/%s.ipa.%s' % (DSBASE, serverid, DSE, ext)
self.filename = '%s/%s' % (DSBASE % serverid, DSE)
self.savefilename = '%s/%s.ipa.%s' % (DSBASE % serverid, DSE, ext)
self.live_run = live_run
self.files = files
self.modified = False

5
ipaserver/plugins/dogtag.py
View File

@ -1212,6 +1212,7 @@ from ipalib.constants import TYPE_ERROR
from ipalib.util import cachedproperty
from ipapython import dogtag
from ipalib import _
from ipaplatform.paths import paths
class ra(rabase.rabase):
"""
@ -1222,8 +1223,8 @@ class ra(rabase.rabase):
self.sec_dir = api.env.dot_ipa + os.sep + 'alias'
self.pwd_file = self.sec_dir + os.sep + '.pwd'
else:
self.sec_dir = "/etc/httpd/alias"
self.pwd_file = "/etc/httpd/alias/pwdfile.txt"
self.sec_dir = paths.HTTPD_ALIAS_DIR
self.pwd_file = paths.ALIAS_PWDFILE_TXT
self.noise_file = self.sec_dir + os.sep + '.noise'
self.ipa_key_size = "2048"
self.ipa_certificate_nickname = "ipaCert"

5
ipaserver/plugins/rabase.py
View File

@ -35,6 +35,7 @@ from ipalib import Backend
from ipalib import errors
from ipaserver.install import certs
import os
from ipaplatform.paths import paths
class rabase(Backend):
"""
@ -45,8 +46,8 @@ class rabase(Backend):
self.sec_dir = api.env.dot_ipa + os.sep + 'alias'
self.pwd_file = self.sec_dir + os.sep + '.pwd'
else:
self.sec_dir = "/etc/httpd/alias"
self.pwd_file = "/etc/httpd/alias/pwdfile.txt"
self.sec_dir = paths.HTTPD_ALIAS_DIR
self.pwd_file = paths.ALIAS_PWDFILE_TXT
super(rabase, self).__init__()

9
ipaserver/rpcserver.py
View File

@ -51,6 +51,7 @@ from ipalib.krb_utils import (
KRB5_CCache, krb_ticket_expiration_threshold, krb5_format_principal_name,
krb5_format_service_principal_name)
from ipapython import ipautil
from ipaplatform.paths import paths
from ipapython.version import VERSION
from ipalib.text import _
@ -977,7 +978,7 @@ class login_password(Backend, KerberosSession, HTTP_Status):
# get http service ccache as an armor for FAST to enable OTP authentication
armor_principal = krb5_format_service_principal_name(
'HTTP', self.api.env.host, realm)
keytab = '/etc/httpd/conf/ipa.keytab'
keytab = paths.IPA_KEYTAB
armor_name = "%sA_%s" % (krbccache_prefix, user)
armor_path = os.path.join(krbccache_dir, armor_name)
@ -985,7 +986,7 @@ class login_password(Backend, KerberosSession, HTTP_Status):
armor_principal, keytab, armor_path)
(stdout, stderr, returncode) = ipautil.run(
['/usr/bin/kinit', '-kt', keytab, armor_principal],
[paths.KINIT, '-kt', keytab, armor_principal],
env={'KRB5CCNAME': armor_path}, raiseonerr=False)
if returncode != 0:
@ -995,7 +996,7 @@ class login_password(Backend, KerberosSession, HTTP_Status):
principal = krb5_format_principal_name(user, realm)
(stdout, stderr, returncode) = ipautil.run(
['/usr/bin/kinit', principal, '-T', armor_path],
[paths.KINIT, principal, '-T', armor_path],
env={'KRB5CCNAME': ccache_name}, stdin=password, raiseonerr=False)
self.debug('kinit: principal=%s returncode=%s, stderr="%s"',
@ -1003,7 +1004,7 @@ class login_password(Backend, KerberosSession, HTTP_Status):
self.debug('Cleanup the armor ccache')
ipautil.run(
['/usr/bin/kdestroy', '-A', '-c', armor_path],
[paths.KDESTROY, '-A', '-c', armor_path],
env={'KRB5CCNAME': armor_path},
raiseonerr=False)

5
ipatests/beakerlib_plugin.py
View File

@ -31,6 +31,7 @@ import nose
from nose.plugins import Plugin
from ipapython import ipautil
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import log_mgr
LINK_RE = re.compile(r'https?://[^\s]+')
@ -63,8 +64,8 @@ class BeakerLibProcess(object):
# Set up the Bash process
self.bash = subprocess.Popen(['bash'],
stdin=subprocess.PIPE,
stdout=open('/dev/null', 'w'),
stderr=open('/dev/null', 'w'))
stdout=open(paths.DEV_NULL, 'w'),
stderr=open(paths.DEV_NULL, 'w'))
source_path = os.path.join(self.env['BEAKERLIB'], 'beakerlib.sh')
self.run_beakerlib_command(['.', source_path])

3
ipatests/test_cmdline/cmdline.py
View File

@ -28,6 +28,7 @@ import os
from ipalib import api
from ipalib import errors
from ipaplatform.paths import paths
from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test
from ipaserver.plugins.ldap2 import ldap2
@ -49,7 +50,7 @@ class cmdline_test(XMLRPC_test):
Base class for all command-line tests
"""
# some reasonable default command
command = '/bin/ls'
command = paths.LS
def setUp(self):
# Find the executable in $PATH

5
ipatests/test_install/test_updates.py
View File

@ -30,6 +30,7 @@ from ipalib import errors
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax
from ipaserver.install import installutils
from ipapython import ipautil, ipaldap
from ipaplatform.paths import paths
from ipapython.dn import DN
"""
@ -123,7 +124,7 @@ class test_update(unittest.TestCase):
for item in ('top', 'person', 'posixaccount', 'krbprincipalaux', 'inetuser'):
self.assertTrue(item in objectclasses)
self.assertEqual(entry.single_value['loginshell'], '/bin/bash')
self.assertEqual(entry.single_value['loginshell'], paths.BASH)
self.assertEqual(entry.single_value['sn'], 'User')
self.assertEqual(entry.single_value['uid'], 'tuser')
self.assertEqual(entry.single_value['cn'], 'Test User')
@ -307,7 +308,7 @@ class test_update(unittest.TestCase):
for item in ('top', 'person', 'posixaccount', 'krbprincipalaux', 'inetuser'):
self.assertTrue(item in objectclasses)
self.assertEqual(entry.single_value['loginshell'], '/bin/bash')
self.assertEqual(entry.single_value['loginshell'], paths.BASH)
self.assertEqual(entry.single_value['sn'], 'User')
self.assertEqual(entry.single_value['uid'], 'tuser')
self.assertEqual(entry.single_value['cn'], 'Test User')

77
ipatests/test_integration/tasks.py
View File

@ -30,6 +30,7 @@ import StringIO
from ldif import LDIFWriter
from ipapython import ipautil
from ipaplatform.paths import paths
from ipapython.dn import DN
from ipapython.ipa_log_manager import log_mgr
from ipatests.test_integration import util
@ -75,8 +76,8 @@ def backup_file(host, filename):
def fix_etc_hosts(host):
backup_file(host, '/etc/hosts')
contents = host.get_file_contents('/etc/hosts')
backup_file(host, paths.HOSTS)
contents = host.get_file_contents(paths.HOSTS)
# Remove existing mentions of the host's FQDN, short name, and IP
contents = re.sub('\s%s(\s|$)' % re.escape(host.hostname), ' ', contents,
flags=re.MULTILINE)
@ -87,12 +88,12 @@ def fix_etc_hosts(host):
# Add the host's info again
contents += '\n%s %s %s\n' % (host.ip, host.hostname, host.shortname)
log.debug('Writing the following to /etc/hosts:\n%s', contents)
host.put_file_contents('/etc/hosts', contents)
host.put_file_contents(paths.HOSTS, contents)
def fix_hostname(host):
backup_file(host, '/etc/hostname')
host.put_file_contents('/etc/hostname', host.hostname + '\n')
backup_file(host, paths.ETC_HOSTNAME)
host.put_file_contents(paths.ETC_HOSTNAME, host.hostname + '\n')
host.run_command(['hostname', host.hostname])
backupname = os.path.join(host.config.test_dir, 'backup_hostname')
@ -100,24 +101,24 @@ def fix_hostname(host):
def fix_resolv_conf(host):
backup_file(host, '/etc/resolv.conf')
lines = host.get_file_contents('/etc/resolv.conf').splitlines()
backup_file(host, paths.RESOLV_CONF)
lines = host.get_file_contents(paths.RESOLV_CONF).splitlines()
lines = ['#' + l if l.startswith('nameserver') else l for l in lines]
for other_host in host.domain.hosts:
if other_host.role in ('master', 'replica'):
lines.append('nameserver %s' % other_host.ip)
contents = '\n'.join(lines)
log.debug('Writing the following to /etc/resolv.conf:\n%s', contents)
host.put_file_contents('/etc/resolv.conf', contents)
host.put_file_contents(paths.RESOLV_CONF, contents)
def fix_apache_semaphores(master):
systemd_available = master.transport.file_exists('/bin/systemctl')
systemd_available = master.transport.file_exists(paths.SYSTEMCTL)
if systemd_available:
master.run_command(['systemctl', 'stop', 'httpd'], raiseonerr=False)
else:
master.run_command(['/sbin/service', 'httpd', 'stop'], raiseonerr=False)
master.run_command([paths.SBIN_SERVICE, 'httpd', 'stop'], raiseonerr=False)
master.run_command('for line in `ipcs -s | grep apache | cut -d " " -f 2`; '
'do ipcrm -s $line; done', raiseonerr=False)
@ -184,11 +185,11 @@ def enable_replication_debugging(host):
def install_master(host):
host.collect_log('/var/log/ipaserver-install.log')
host.collect_log('/var/log/ipaclient-install.log')
host.collect_log(paths.IPASERVER_INSTALL_LOG)
host.collect_log(paths.IPACLIENT_INSTALL_LOG)
inst = host.domain.realm.replace('.', '-')
host.collect_log('/var/log/dirsrv/slapd-%s/errors' % inst)
host.collect_log('/var/log/dirsrv/slapd-%s/access' % inst)
host.collect_log(paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % inst)
host.collect_log(paths.SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE % inst)
apply_common_fixes(host)
fix_apache_semaphores(host)
@ -207,8 +208,8 @@ def install_master(host):
def install_replica(master, replica, setup_ca=True):
replica.collect_log('/var/log/ipareplica-install.log')
replica.collect_log('/var/log/ipareplica-conncheck.log')
replica.collect_log(paths.IPAREPLICA_INSTALL_LOG)
replica.collect_log(paths.IPAREPLICA_CONNCHECK_LOG)
apply_common_fixes(replica)
fix_apache_semaphores(replica)
@ -218,7 +219,7 @@ def install_replica(master, replica, setup_ca=True):
'--ip-address', replica.ip,
replica.hostname])
replica_bundle = master.get_file_contents(
'/var/lib/ipa/replica-info-%s.gpg' % replica.hostname)
paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
replica_filename = os.path.join(replica.config.test_dir,
'replica-info.gpg')
replica.put_file_contents(replica_filename, replica_bundle)
@ -239,7 +240,7 @@ def install_replica(master, replica, setup_ca=True):
def install_client(master, client, extra_args=()):
client.collect_log('/var/log/ipaclient-install.log')
client.collect_log(paths.IPACLIENT_INSTALL_LOG)
apply_common_fixes(client)
@ -262,11 +263,11 @@ def install_adtrust(host):
"""
# ipa-adtrust-install appends to ipaserver-install.log
host.collect_log('/var/log/ipaserver-install.log')
host.collect_log(paths.IPASERVER_INSTALL_LOG)
inst = host.domain.realm.replace('.', '-')
host.collect_log('/var/log/dirsrv/slapd-%s/errors' % inst)
host.collect_log('/var/log/dirsrv/slapd-%s/access' % inst)
host.collect_log(paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % inst)
host.collect_log(paths.SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE % inst)
kinit_admin(host)
host.run_command(['ipa-adtrust-install', '-U',
@ -354,7 +355,7 @@ def establish_trust_with_ad(master, ad, extra_args=()):
"""
# Force KDC to reload MS-PAC info by trying to get TGT for HTTP
master.run_command(['kinit', '-kt', '/etc/httpd/conf/ipa.keytab',
master.run_command(['kinit', '-kt', paths.IPA_KEYTAB,
'HTTP/%s' % master.hostname])
master.run_command(['systemctl', 'restart', 'krb5kdc.service'])
master.run_command(['kdestroy', '-A'])
@ -397,7 +398,7 @@ def configure_auth_to_local_rule(master, ad):
% (ad.domain.realm, ad.domain.realm, ad.domain.name))
line2 = " auth_to_local = DEFAULT"
krb5_conf_content = master.get_file_contents('/etc/krb5.conf')
krb5_conf_content = master.get_file_contents(paths.KRB5_CONF)
krb5_lines = [line.rstrip() for line in krb5_conf_content.split('\n')]
realm_section_index = krb5_lines.index(section_identifier)
@ -405,7 +406,7 @@ def configure_auth_to_local_rule(master, ad):
krb5_lines.insert(realm_section_index + 2, line2)
krb5_conf_new_content = '\n'.join(krb5_lines)
master.put_file_contents('/etc/krb5.conf', krb5_conf_new_content)
master.put_file_contents(paths.KRB5_CONF, krb5_conf_new_content)
master.run_command(['systemctl', 'restart', 'sssd'])
@ -419,13 +420,13 @@ def setup_sssd_debugging(host):
# First, remove any previous occurences
host.run_command(['sed', '-i',
'/debug_level = 7/d',
'/etc/sssd/sssd.conf'
paths.SSSD_CONF
], raiseonerr=False)
# Add the debug directive to each section
host.run_command(['sed', '-i',
'/\[*\]/ a\debug_level = 7',
'/etc/sssd/sssd.conf'
paths.SSSD_CONF
], raiseonerr=False)
@ -440,22 +441,22 @@ def clear_sssd_cache(host):
Clears SSSD cache by removing the cache files. Restarts SSSD.
"""
systemd_available = host.transport.file_exists('/bin/systemctl')
systemd_available = host.transport.file_exists(paths.SYSTEMCTL)
if systemd_available:
host.run_command(['systemctl', 'stop', 'sssd'])
else:
host.run_command(['/sbin/service', 'sssd', 'stop'])
host.run_command([paths.SBIN_SERVICE, 'sssd', 'stop'])
host.run_command("find /var/lib/sss/db -name '*.ldb' | "
"xargs rm -fv")
host.run_command(['rm', '-fv', '/var/lib/sss/mc/group'])
host.run_command(['rm', '-fv', '/var/lib/sss/mc/passwd'])
host.run_command(['rm', '-fv', paths.SSSD_MC_GROUP])
host.run_command(['rm', '-fv', paths.SSSD_MC_PASSWD])
if systemd_available:
host.run_command(['systemctl', 'start', 'sssd'])
else:
host.run_command(['/sbin/service', 'sssd', 'start'])
host.run_command([paths.SBIN_SERVICE, 'sssd', 'start'])
# To avoid false negatives due to SSSD not responding yet
time.sleep(10)
@ -487,24 +488,24 @@ def kinit_admin(host):
def uninstall_master(host):
host.collect_log('/var/log/ipaserver-uninstall.log')
host.collect_log(paths.IPASERVER_UNINSTALL_LOG)
host.run_command(['ipa-server-install', '--uninstall', '-U'],
raiseonerr=False)
host.run_command(['pkidestroy', '-s', 'CA', '-i', 'pki-tomcat'],
raiseonerr=False)
host.run_command(['rm', '-rf',
'/var/log/pki/pki-tomcat',
'/etc/sysconfig/pki-tomcat',
'/etc/sysconfig/pki/tomcat/pki-tomcat',
'/var/lib/pki/pki-tomcat',
'/etc/pki/pki-tomcat'],
paths.TOMCAT_TOPLEVEL_DIR,
paths.SYSCONFIG_PKI_TOMCAT,
paths.SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR,
paths.VAR_LIB_PKI_TOMCAT_DIR,
paths.PKI_TOMCAT],
raiseonerr=False)
unapply_fixes(host)
def uninstall_client(host):
host.collect_log('/var/log/ipaclient-uninstall.log')
host.collect_log(paths.IPACLIENT_UNINSTALL_LOG)
host.run_command(['ipa-client-install', '--uninstall', '-U'],
raiseonerr=False)

29
ipatests/test_integration/test_caless.py
View File

@ -27,6 +27,7 @@ import nose
from ipalib import x509
from ipapython import ipautil
from ipaplatform.paths import paths
from ipapython.dn import DN
from ipatests.test_integration.base import IntegrationTest
from ipatests.test_integration import tasks
@ -113,7 +114,7 @@ class CALessBase(IntegrationTest):
# Remove CA cert in /etc/pki/nssdb, in case of failed (un)install
for host in cls.get_all_hosts():
cls.master.run_command(['certutil', '-d', '/etc/pki/nssdb', '-D',
cls.master.run_command(['certutil', '-d', paths.NSS_DB_DIR, '-D',
'-n', 'External CA cert'],
raiseonerr=False)
@ -145,11 +146,11 @@ class CALessBase(IntegrationTest):
for filename in set(files_to_copy):
cls.copy_cert(host, filename)
cls.collect_log(host, '/var/log/ipaserver-install.log')
cls.collect_log(host, '/var/log/ipaclient-install.log')
cls.collect_log(host, paths.IPASERVER_INSTALL_LOG)
cls.collect_log(host, paths.IPACLIENT_INSTALL_LOG)
inst = host.domain.realm.replace('.', '-')
cls.collect_log(host, '/var/log/dirsrv/slapd-%s/errors' % inst)
cls.collect_log(host, '/var/log/dirsrv/slapd-%s/access' % inst)
cls.collect_log(host, paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % inst)
cls.collect_log(host, paths.SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE % inst)
args = [
'ipa-server-install',
@ -216,11 +217,11 @@ class CALessBase(IntegrationTest):
os.path.join(self.cert_dir, filename),
os.path.join(master.config.test_dir, filename))
self.collect_log(replica, '/var/log/ipareplica-install.log')
self.collect_log(replica, '/var/log/ipaclient-install.log')
self.collect_log(replica, paths.IPAREPLICA_INSTALL_LOG)
self.collect_log(replica, paths.IPACLIENT_INSTALL_LOG)
inst = replica.domain.realm.replace('.', '-')
self.collect_log(replica, '/var/log/dirsrv/slapd-%s/errors' % inst)
self.collect_log(replica, '/var/log/dirsrv/slapd-%s/access' % inst)
self.collect_log(replica, paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % inst)
self.collect_log(replica, paths.SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE % inst)
args = [
'ipa-replica-prepare',
@ -244,7 +245,7 @@ class CALessBase(IntegrationTest):
if result.returncode == 0:
replica_bundle = master.get_file_contents(
'/var/lib/ipa/replica-info-%s.gpg' % replica.hostname)
paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
replica.put_file_contents(self.get_replica_filename(replica),
replica_bundle)
else:
@ -327,7 +328,7 @@ class CALessBase(IntegrationTest):
for host in self.get_all_hosts():
# Check the cert PEM file
remote_cacrt = host.get_file_contents('/etc/ipa/ca.crt')
remote_cacrt = host.get_file_contents(paths.IPA_CA_CRT)
self.log.debug('%s:/etc/ipa/ca.crt contents:\n%s',
host, remote_cacrt)
binary_cacrt = base64.b64decode(x509.strip_header(remote_cacrt))
@ -344,7 +345,7 @@ class TestServerInstall(CALessBase):
# Remove CA cert in /etc/pki/nssdb, in case of failed (un)install
for host in self.get_all_hosts():
self.master.run_command(['certutil', '-d', '/etc/pki/nssdb', '-D',
self.master.run_command(['certutil', '-d', paths.NSS_DB_DIR, '-D',
'-n', 'External CA cert'],
raiseonerr=False)
@ -768,11 +769,11 @@ class TestReplicaInstall(CALessBase):
self.master.run_command(['ipa', 'host-del', replica.hostname],
raiseonerr=False)
replica.run_command(['certutil', '-d', '/etc/pki/nssdb', '-D',
replica.run_command(['certutil', '-d', paths.NSS_DB_DIR, '-D',
'-n', 'External CA cert'], raiseonerr=False)
self.uninstall_server()
self.master.run_command(['certutil', '-d', '/etc/pki/nssdb', '-D',
self.master.run_command(['certutil', '-d', paths.NSS_DB_DIR, '-D',
'-n', 'External CA cert'], raiseonerr=False)
def test_no_certs(self):

7
ipatests/test_integration/test_forced_client_reenrollment.py
View File

@ -18,11 +18,12 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import subprocess
from ipaplatform.paths import paths
from ipatests.test_integration.base import IntegrationTest
from ipatests.test_integration import tasks
CLIENT_KEYTAB = '/etc/krb5.keytab'
CLIENT_KEYTAB = paths.KRB5_KEYTAB
class TestForcedClientReenrollment(IntegrationTest):
@ -274,9 +275,9 @@ class TestForcedClientReenrollment(IntegrationTest):
"""
Put server's ip address at the top of resolv.conf
"""
contents = client.get_file_contents('/etc/resolv.conf')
contents = client.get_file_contents(paths.RESOLV_CONF)
nameserver = 'nameserver %s\n' % server.ip
if not contents.startswith(nameserver):
contents = nameserver + contents.replace(nameserver, '')
client.put_file_contents('/etc/resolv.conf', contents)
client.put_file_contents(paths.RESOLV_CONF, contents)

5
ipatests/test_integration/test_legacy_clients.py
View File

@ -21,6 +21,7 @@ import os
import re
import nose
from ipaplatform.paths import paths
from ipatests.test_integration import tasks
@ -40,7 +41,7 @@ class BaseTestLegacyClient(object):
'/etc/openldap/cacerts',
'/etc/openldap/ldap.conf',
'/etc/nsswitch.conf',
'/etc/sssd/sssd.conf']
paths.SSSD_CONF]
# Actual test classes need to override these attributes to set the expected
# values on the UID and GID results, since this varies with the usage of the
@ -88,7 +89,7 @@ class BaseTestLegacyClient(object):
advice_path])
# Restart SSHD to load new PAM configuration
self.legacy_client.run_command(['/sbin/service', 'sshd', 'restart'])
self.legacy_client.run_command([paths.SBIN_SERVICE, 'sshd', 'restart'])
def clear_sssd_caches(self):
tasks.clear_sssd_cache(self.master)

9
ipatests/test_ipalib/test_config.py
View File

@ -32,6 +32,7 @@ from ipatests.util import TempDir, TempHome
from ipalib.constants import TYPE_ERROR, OVERRIDE_ERROR, SET_ERROR, DEL_ERROR
from ipalib.constants import NAME_REGEX, NAME_ERROR
from ipalib import config, constants, base
from ipaplatform.paths import paths
# Valid environment variables in (key, raw, value) tuples:
@ -448,8 +449,8 @@ class test_Env(ClassChecker):
assert o.dot_ipa == home.join('.ipa')
assert o.in_tree is False
assert o.context == 'default'
assert o.confdir == '/etc/ipa'
assert o.conf == '/etc/ipa/default.conf'
assert o.confdir == paths.ETC_IPA
assert o.conf == paths.IPA_DEFAULT_CONF
assert o.conf_default == o.conf
# Test overriding values created by _bootstrap()
@ -461,11 +462,11 @@ class test_Env(ClassChecker):
assert o.in_tree is False
assert o.context == 'default'
assert o.conf == '/my/wacky/whatever.conf'
assert o.conf_default == '/etc/ipa/default.conf'
assert o.conf_default == paths.IPA_DEFAULT_CONF
(o, home) = self.bootstrap(conf_default='/my/wacky/default.conf')
assert o.in_tree is False
assert o.context == 'default'
assert o.conf == '/etc/ipa/default.conf'
assert o.conf == paths.IPA_DEFAULT_CONF
assert o.conf_default == '/my/wacky/default.conf'
# Test various overrides and types conversion

5
ipatests/test_ipalib/test_errors.py
View File

@ -26,6 +26,7 @@ import inspect
from ipatests.util import assert_equal, raises
from ipalib import errors, text
from ipaplatform.paths import paths
from ipalib.constants import TYPE_ERROR
@ -102,9 +103,9 @@ class test_SubprocessError(PrivateExceptionTester):
"""
Test the `ipalib.errors.SubprocessError.__init__` method.
"""
inst = self.new(returncode=1, argv=('/bin/false',))
inst = self.new(returncode=1, argv=(paths.BIN_FALSE,))
assert inst.returncode == 1
assert inst.argv == ('/bin/false',)
assert inst.argv == (paths.BIN_FALSE,)
assert str(inst) == "return code 1 from ('/bin/false',)"
assert inst.message == str(inst)

7
ipatests/test_ipalib/test_plugable.py
View File

@ -26,6 +26,7 @@ from ipatests.util import raises, no_set, no_del, read_only
from ipatests.util import getitem, setitem, delitem
from ipatests.util import ClassChecker, create_test_api
from ipalib import plugable, errors, text
from ipaplatform.paths import paths
class test_SetProxy(ClassChecker):
@ -277,10 +278,10 @@ class test_Plugin(ClassChecker):
Test the `ipalib.plugable.Plugin.call` method.
"""
o = self.cls()
o.call('/bin/true') is None
e = raises(errors.SubprocessError, o.call, '/bin/false')
o.call(paths.BIN_TRUE) is None
e = raises(errors.SubprocessError, o.call, paths.BIN_FALSE)
assert e.returncode == 1
assert e.argv == ('/bin/false',)
assert e.argv == (paths.BIN_FALSE,)
def test_Registrar():

3
ipatests/test_ipaserver/test_ldap.py
View File

@ -36,6 +36,7 @@ from ipalib.plugins.service import service, service_show
from ipalib.plugins.host import host
from ipalib import api, x509, create_api, errors
from ipapython import ipautil
from ipaplatform.paths import paths
from ipapython.dn import DN
class test_ldap(object):
@ -46,7 +47,7 @@ class test_ldap(object):
def setUp(self):
self.conn = None
self.ldapuri = 'ldap://%s' % ipautil.format_netloc(api.env.host)
self.ccache = '/tmp/krb5cc_%d' % os.getuid()
self.ccache = paths.TMP_KRB5CC % os.getuid()
nss.nss_init_nodb()
self.dn = DN(('krbprincipalname','ldap/%s@%s' % (api.env.host, api.env.realm)),
('cn','services'),('cn','accounts'),api.env.basedn)

3
ipatests/test_webui/ui_driver.py
View File

@ -53,6 +53,7 @@ try:
except ImportError:
NO_YAML = True
from urllib2 import URLError
from ipaplatform.paths import paths
ENV_MAP = {
'MASTER': 'ipa_server',
@ -186,7 +187,7 @@ class UI_driver(object):
if browser == 'chromium':
options = ChromeOptions()
options.binary_location = '/usr/bin/chromium-browser'
options.binary_location = paths.CHROMIUM_BROWSER
if driver_type == 'remote':
if not 'host' in self.config:

1
ipatests/test_xmlrpc/test_automount_plugin.py
View File

@ -32,6 +32,7 @@ from ipapython.dn import DN
from nose.tools import raises, assert_raises # pylint: disable=E0611
from xmlrpc_test import XMLRPC_test, assert_attr_equal
from ipaplatform.paths import paths
from ipatests.util import assert_deepequal

5
ipatests/test_xmlrpc/test_cert_plugin.py
View File

@ -33,6 +33,7 @@ import tempfile
from ipapython import ipautil
import nose
import base64
from ipaplatform.paths import paths
from ipapython.dn import DN
# So we can save the cert from issuance and compare it later
@ -78,7 +79,7 @@ class test_cert(XMLRPC_test):
is_db_configured()
def run_certutil(self, args, stdin=None):
new_args = ["/usr/bin/certutil", "-d", self.reqdir]
new_args = [paths.CERTUTIL, "-d", self.reqdir]
new_args = new_args + args
return ipautil.run(new_args, stdin)
@ -105,7 +106,7 @@ class test_cert(XMLRPC_test):
def generateCSR(self, subject):
self.run_certutil(["-R", "-s", subject,
"-o", self.reqfile,
"-z", "/etc/group",
"-z", paths.GROUP,
"-f", self.pwname,
"-a",
])

5
ipatests/test_xmlrpc/testcert.py
View File

@ -31,6 +31,7 @@ import shutil
from ipalib import api, x509
from ipaserver.plugins import rabase
from ipapython import ipautil
from ipaplatform.paths import paths
from ipapython.dn import DN
_testcert = None
@ -52,7 +53,7 @@ def run_certutil(reqdir, args, stdin=None):
"""
Run an NSS certutil command
"""
new_args = ["/usr/bin/certutil", "-d", reqdir]
new_args = [paths.CERTUTIL, "-d", reqdir]
new_args = new_args + args
return ipautil.run(new_args, stdin)
@ -64,7 +65,7 @@ def generate_csr(reqdir, pwname, subject):
req_path = os.path.join(reqdir, 'req')
run_certutil(reqdir, ["-R", "-s", subject,
"-o", req_path,
"-z", "/etc/group",
"-z", paths.GROUP,
"-f", pwname,
"-a"])
with open(req_path, "r") as fp:

5
smartproxy/ipa-smartproxy.py
View File

@ -28,6 +28,7 @@ import traceback as tb_internal
from cherrypy import response
from ipalib import api
from ipalib import errors
from ipaplatform.paths import paths
from ipalib.request import context
from ipalib.rpc import json_encode_binary
from ipapython.version import VERSION, API_VERSION
@ -391,8 +392,8 @@ wsgi_config = {'environment': 'embedded',
'engine.autoreload_on': False
}
api.bootstrap(context='ipasmartproxy', log='/dev/null')
api.bootstrap(context='ipasmartproxy', log=paths.DEV_NULL)
api.finalize()
cherrypy.config.update(wsgi_config)
start(['/etc/ipa/ipa-smartproxy.conf'])
start([paths.IPA_SMARTPROXY_CONF])