mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-27 09:21:59 -06:00
remove offensive use of rpm
add the radiusprofile to the list of objectclasses used when creating a user
This commit is contained in:
John Dennis
parent
8e48393c61
commit
80c4ed7af2
@ -30,7 +30,6 @@ from string import lower
|
|||||||
import re
|
import re
|
||||||
import xmlrpclib
|
import xmlrpclib
|
||||||
import datetime
|
import datetime
|
||||||
import rpm
|
|
||||||
|
|
||||||
def realm_to_suffix(realm_name):
|
def realm_to_suffix(realm_name):
|
||||||
s = realm_name.split(".")
|
s = realm_name.split(".")
|
||||||
@ -332,38 +331,3 @@ def parse_generalized_time(timestr):
|
|||||||
except ValueError:
|
except ValueError:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
#-------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
def get_rpm_nvr_from_header(hdr):
|
|
||||||
'Given an RPM header return the package NVR as a string'
|
|
||||||
name = hdr['name']
|
|
||||||
version = hdr['version']
|
|
||||||
release = hdr['release']
|
|
||||||
|
|
||||||
return '%s-%s-%s' % (name, version, release)
|
|
||||||
|
|
||||||
def get_rpm_nvr_by_name(name):
|
|
||||||
if name is None:
|
|
||||||
return None
|
|
||||||
|
|
||||||
nvr = None
|
|
||||||
try:
|
|
||||||
ts = rpm.ts()
|
|
||||||
mi = ts.dbMatch(rpm.RPMTAG_NAME, name)
|
|
||||||
for h in mi:
|
|
||||||
nvr = get_rpm_nvr_from_header(h)
|
|
||||||
break
|
|
||||||
except:
|
|
||||||
logging.exception('failed to retrieve rpm info for %s', name)
|
|
||||||
return nvr
|
|
||||||
|
|
||||||
def split_rpm_nvr(nvr):
|
|
||||||
components = nvr.split('-')
|
|
||||||
release = components[-1]
|
|
||||||
version = components[-2]
|
|
||||||
name = '-'.join(components[:-2])
|
|
||||||
return (name, version, release)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -11,7 +11,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|||||||
|
|
||||||
BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel
|
BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel
|
||||||
|
|
||||||
Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears python-krbV acl freeipa-admintools rpm
|
Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears python-krbV acl freeipa-admintools
|
||||||
Requires: mod_nss >= 1.0.7-2
|
Requires: mod_nss >= 1.0.7-2
|
||||||
Requires: freeradius >= 1.1.7
|
Requires: freeradius >= 1.1.7
|
||||||
|
|
||||||
|
|||||||
@ -44,9 +44,30 @@ LDAP_ATTR_MAP_FILEPATH = os.path.join(PKG_CONFIG_DIR, 'ldap.attrmap')
|
|||||||
RADIUSD_CONF_FILEPATH = os.path.join(PKG_CONFIG_DIR, 'radiusd.conf')
|
RADIUSD_CONF_FILEPATH = os.path.join(PKG_CONFIG_DIR, 'radiusd.conf')
|
||||||
RADIUSD_CONF_TEMPLATE_FILEPATH = os.path.join(SHARE_DIR, 'radius.radiusd.conf.template')
|
RADIUSD_CONF_TEMPLATE_FILEPATH = os.path.join(SHARE_DIR, 'radius.radiusd.conf.template')
|
||||||
|
|
||||||
|
RADIUSD = '/usr/sbin/radiusd'
|
||||||
|
|
||||||
# FIXME there should a utility to get the user base dn
|
# FIXME there should a utility to get the user base dn
|
||||||
from ipaserver.funcs import DefaultUserContainer, DefaultGroupContainer
|
from ipaserver.funcs import DefaultUserContainer, DefaultGroupContainer
|
||||||
|
|
||||||
|
#-------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
def get_radius_version():
|
||||||
|
version = None
|
||||||
|
try:
|
||||||
|
p = subprocess.Popen([RADIUSD, '-v'], stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.PIPE)
|
||||||
|
stdout, stderr = p.communicate()
|
||||||
|
status = p.returncode
|
||||||
|
|
||||||
|
if status == 0:
|
||||||
|
match = re.search("radiusd: FreeRADIUS Version (.+), for host", stdout)
|
||||||
|
if match:
|
||||||
|
version = match.group(1)
|
||||||
|
except Exception, e:
|
||||||
|
pass
|
||||||
|
return version
|
||||||
|
|
||||||
|
|
||||||
#-------------------------------------------------------------------------------
|
#-------------------------------------------------------------------------------
|
||||||
|
|
||||||
class RadiusInstance(service.Service):
|
class RadiusInstance(service.Service):
|
||||||
@ -63,12 +84,7 @@ class RadiusInstance(service.Service):
|
|||||||
self.principal = "%s/%s@%s" % (RADIUS_SERVICE_NAME, self.fqdn, self.realm)
|
self.principal = "%s/%s@%s" % (RADIUS_SERVICE_NAME, self.fqdn, self.realm)
|
||||||
self.basedn = realm_to_suffix(self.realm)
|
self.basedn = realm_to_suffix(self.realm)
|
||||||
self.user_basedn = "%s,%s" % (DefaultUserContainer, self.basedn) # FIXME, should be utility to get this
|
self.user_basedn = "%s,%s" % (DefaultUserContainer, self.basedn) # FIXME, should be utility to get this
|
||||||
self.rpm_nvr = get_rpm_nvr_by_name(PKG_NAME)
|
self.radius_version = get_radius_version()
|
||||||
if self.rpm_nvr is not None:
|
|
||||||
self.rpm_name, self.rpm_version, self.rpm_release = split_rpm_nvr(self.rpm_nvr)
|
|
||||||
else:
|
|
||||||
self.rpm_name = self.rpm_version = self.rpm_release = None
|
|
||||||
|
|
||||||
self.start_creation(4, "Configuring radiusd")
|
self.start_creation(4, "Configuring radiusd")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
@ -93,7 +109,7 @@ class RadiusInstance(service.Service):
|
|||||||
def __radiusd_conf(self):
|
def __radiusd_conf(self):
|
||||||
self.step('configuring radiusd.conf for radius instance')
|
self.step('configuring radiusd.conf for radius instance')
|
||||||
|
|
||||||
version = 'IPA_RADIUS_VERSION=%s RADIUS_PACKAGE_VERSION=%s' % (IPA_RADIUS_VERSION, self.rpm_nvr)
|
version = 'IPA_RADIUS_VERSION=%s FREE_RADIUS_VERSION=%s' % (IPA_RADIUS_VERSION, self.radius_version)
|
||||||
sub_dict = {'CONFIG_FILE_VERSION_INFO' : version,
|
sub_dict = {'CONFIG_FILE_VERSION_INFO' : version,
|
||||||
'LDAP_SERVER' : self.ldap_server,
|
'LDAP_SERVER' : self.ldap_server,
|
||||||
'RADIUS_KEYTAB' : IPA_KEYTAB_FILEPATH,
|
'RADIUS_KEYTAB' : IPA_KEYTAB_FILEPATH,
|
||||||
|
|||||||
@ -443,7 +443,7 @@ class IPAServer:
|
|||||||
|
|
||||||
# some required objectclasses
|
# some required objectclasses
|
||||||
entry.setValues('objectClass', 'top', 'person', 'organizationalPerson',
|
entry.setValues('objectClass', 'top', 'person', 'organizationalPerson',
|
||||||
'inetOrgPerson', 'inetUser', 'posixAccount', 'krbPrincipalAux')
|
'inetOrgPerson', 'inetUser', 'posixAccount', 'krbPrincipalAux', 'radiusprofile')
|
||||||
|
|
||||||
# fill in our new entry with everything sent by the user
|
# fill in our new entry with everything sent by the user
|
||||||
for u in user:
|
for u in user:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user