Use private ccache in ipa install tools

All installers that handle Kerberos auth, have been altered to use private ccache, that is ipa-server-install, ipa-dns-install, ipa-replica-install, ipa-ca-install. https://fedorahosted.org/freeipa/ticket/3666
2025-02-25 18:55:28 -06:00 · 2013-06-03 12:06:06 +02:00 · 2013-06-03 12:06:06 +02:00 · 6f51f92138
commit 6f51f92138
parent e31eea3268
5 changed files with 44 additions and 16 deletions
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@ -28,9 +28,9 @@ from ipapython import services as ipaservices

 from ipaserver.install import installutils, service
 from ipaserver.install import certs
-from ipaserver.install.installutils import HostnameLocalhost
-from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info
-from ipaserver.install.installutils import get_host_name, BadHostError
+from ipaserver.install.installutils import (HostnameLocalhost, ReplicaConfig,
+        expand_replica_info, read_replica_info, get_host_name, BadHostError,
+        private_ccache)
 from ipaserver.install import dsinstance, cainstance, bindinstance
 from ipaserver.install.replication import replica_conn_check
 from ipapython import version
@ -212,9 +212,10 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.

 if __name__ == '__main__':
    try:
-        installutils.run_script(main, log_file_name=log_file_name,
-                operation_name='ipa-ca-install',
-                fail_message=fail_message)
+        with private_ccache():
+            installutils.run_script(main, log_file_name=log_file_name,
+                    operation_name='ipa-ca-install',
+                    fail_message=fail_message)
    finally:
        # always try to remove decrypted replica file
        try:
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@ -258,5 +258,6 @@ def main():
    return 0

 if __name__ == '__main__':
-    installutils.run_script(main, log_file_name=log_file_name,
-        operation_name='ipa-dns-install')
+    with private_ccache():
+        installutils.run_script(main, log_file_name=log_file_name,
+            operation_name='ipa-dns-install')
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@ -36,9 +36,9 @@ from ipaserver.install import dsinstance, installutils, krbinstance, service
 from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
 from ipaserver.install import memcacheinstance
 from ipaserver.install.replication import replica_conn_check, ReplicationManager
-from ipaserver.install.installutils import HostnameLocalhost, resolve_host
-from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info
-from ipaserver.install.installutils import get_host_name, BadHostError
+from ipaserver.install.installutils import (HostnameLocalhost, resolve_host,
+        ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name,
+        BadHostError, private_ccache)
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import cainstance
 from ipalib import api, errors, util
@ -726,9 +726,10 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.

 if __name__ == '__main__':
    try:
-        installutils.run_script(main, log_file_name=log_file_name,
-                operation_name='ipa-replica-install',
-                fail_message=fail_message)
+        with private_ccache():
+            installutils.run_script(main, log_file_name=log_file_name,
+                    operation_name='ipa-replica-install',
+                    fail_message=fail_message)
    finally:
        # always try to remove decrypted replica file
        try:
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@ -1210,6 +1210,7 @@ def main():

 if __name__ == '__main__':
    success = False
+
    try:
        # FIXME: Common option parsing, logging setup, etc should be factored
        # out from all install scripts
@ -1219,8 +1220,10 @@ if __name__ == '__main__':
        else:
            log_file_name = "/var/log/ipaserver-install.log"

-        installutils.run_script(main, log_file_name=log_file_name,
-            operation_name='ipa-server-install')
+        # Use private ccache
+        with private_ccache():
+            installutils.run_script(main, log_file_name=log_file_name,
+                                    operation_name='ipa-server-install')
        success = True

    finally:
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@ -28,6 +28,7 @@ import shutil
 from ConfigParser import SafeConfigParser, NoOptionError
 import traceback
 import textwrap
+from contextlib import contextmanager

 from dns import resolver, rdatatype
 from dns.exception import DNSException
@ -753,3 +754,24 @@ def check_pkcs12(pkcs12_info, ca_file, hostname):
                (pkcs12_filename, e))

        return server_cert_name
+
+
+@contextmanager
+def private_ccache():
+
+    (desc, path) = tempfile.mkstemp(prefix='krbcc')
+    os.close(desc)
+
+    original_value = os.environ.get('KRB5CCNAME', None)
+
+    os.environ['KRB5CCNAME'] = path
+
+    yield
+
+    if original_value is not None:
+        os.environ['KRB5CCNAME'] = original_value
+    else:
+        os.environ.pop('KRB5CCNAME')
+
+    if os.path.exists(path):
+        os.remove(path)