diff --git a/ipa-server/ipa-install/freeipa-setup-20070713.patch b/ipa-server/ipa-install/freeipa-setup-20070713.patch deleted file mode 100644 index 5a36eee03..000000000 --- a/ipa-server/ipa-install/freeipa-setup-20070713.patch +++ /dev/null @@ -1,288 +0,0 @@ -diff -r 5ebd8adc48b8 ipa-install/README ---- a/ipa-install/README Mon Jul 02 15:51:04 2007 -0400 -+++ b/ipa-install/README Fri Jul 13 16:25:05 2007 -0400 -@@ -5,12 +5,17 @@ fedora-ds-base - fedora-ds-base - openldap-clients - krb5-server-ldap -+cyrus-sasl-gssapi - - - Installation example: -+ -+TEMPORARY: (until fedora ds scripts are fixed) -+please use the fedora-ds.init.patch under share/ to patch your init scripts before -+running ipa-server-install - - cd ipa-install - make install - cd .. --/usr/sbin/ipa-server-install -r FREEIPA.ORG -a rc1.freeipa.org -p freeipa -m ipafree -+/usr/sbin/ipa-server-install -u fds -r FREEIPA.ORG -p freeipa -m ipafree - -diff -r 5ebd8adc48b8 ipa-install/share/bind.zone.db.template ---- /dev/null Thu Jan 01 00:00:00 1970 +0000 -+++ b/ipa-install/share/bind.zone.db.template Fri Jul 13 16:22:12 2007 -0400 -@@ -0,0 +1,26 @@ -+$$ORIGIN $DOMAIN. -+$$TTL 86400 -+@ IN SOA $DOMAIN. root.$DOMAIN. ( -+ 01 ; serial (d. adams) -+ 3H ; refresh -+ 15M ; retry -+ 1W ; expiry -+ 1D ) ; minimum -+ -+ IN NS $HOST -+$HOST IN A $IP -+; -+; ldap servers -+_ldap._tcp IN SRV 0 100 389 $HOST -+ -+;kerberos realm -+_kerberos IN TXT $REALM -+ -+; kerberos servers -+_kerberos._tcp IN SRV 0 100 88 $HOST -+_kerberos._udp IN SRV 0 100 88 $HOST -+_kerberos-master._tcp IN SRV 0 100 88 $HOST -+_kerberos-master._udp IN SRV 0 100 88 $HOST -+_kpasswd._tcp IN SRV 0 100 88 $HOST -+_kpasswd._udp IN SRV 0 100 88 $HOST -+ -diff -r 5ebd8adc48b8 ipa-install/share/fedora-ds.init.patch ---- /dev/null Thu Jan 01 00:00:00 1970 +0000 -+++ b/ipa-install/share/fedora-ds.init.patch Fri Jul 13 14:45:53 2007 -0400 -@@ -0,0 +1,12 @@ -+--- /etc/init.d/fedora-ds.orig 2007-07-06 18:21:30.000000000 -0400 -++++ /etc/init.d/fedora-ds 2007-05-18 19:36:24.000000000 -0400 -+@@ -10,6 +10,9 @@ -+ # datadir: /var/lib/fedora-ds/slapd- -+ # -+ -++# Get config. -++[ -r /etc/sysconfig/fedora-ds ] && . /etc/sysconfig/fedora-ds -++ -+ # Source function library. -+ if [ -f /etc/rc.d/init.d/functions ] ; then -+ . /etc/rc.d/init.d/functions -diff -r 5ebd8adc48b8 ipa-install/share/krb5.conf.template ---- a/ipa-install/share/krb5.conf.template Mon Jul 02 15:51:04 2007 -0400 -+++ b/ipa-install/share/krb5.conf.template Fri Jul 13 11:01:36 2007 -0400 -@@ -9,6 +9,13 @@ - dns_lookup_kdc = true - ticket_lifetime = 24h - forwardable = yes -+ -+[realms] -+ $REALM = { -+ kdc = $FQDN:88 -+ admin_server = $FQDN:749 -+ default_domain = $DOMAIN -+} - - [domain_realm] - .$DOMAIN = $REALM -@@ -29,7 +36,7 @@ - ldap_servers = ldap://127.0.0.1/ - ldap_kerberos_container_dn = cn=kerberos,$SUFFIX - ldap_kdc_dn = uid=kdc,cn=kerberos,$SUFFIX --; ldap_kadmind_dn = cn=Directory Manager -+ ldap_kadmind_dn = uid=kdc,cn=kerberos,$SUFFIX - ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd - } - -diff -r 5ebd8adc48b8 ipa-install/src/ipa-server-install ---- a/ipa-install/src/ipa-server-install Mon Jul 02 15:51:04 2007 -0400 -+++ b/ipa-install/src/ipa-server-install Fri Jul 13 19:43:13 2007 -0400 -@@ -26,6 +26,7 @@ - - VERSION = "%prog .1" - -+import socket - import logging - from optparse import OptionParser - import ipa.dsinstance -@@ -37,8 +38,6 @@ def parse_options(): - help="ds user") - parser.add_option("-r", "--realm", dest="realm_name", - help="realm name") -- parser.add_option("-a", "--host-address", dest="host_name", -- help="host address (name or IP address)") - parser.add_option("-p", "--password", dest="password", - help="admin password") - parser.add_option("-m", "--master-password", dest="master_password", -@@ -46,8 +45,8 @@ def parse_options(): - - options, args = parser.parse_args() - -- if not options.realm_name or not options.host_name or not options.password: -- parser.error("error: password, realm, and host name required") -+ if not options.ds_user or not options.realm_name or not options.password or not options.master_password: -+ parser.error("error: all options are required") - - return options - -@@ -56,13 +55,35 @@ def main(): - format='%(asctime)s %(levelname)s %(message)s', - filename='ipa-install.log', - filemode='w') -+ - options = parse_options() -+ -+ # check the hostname is correctly configured, it must be as the kldap -+ # utilities just use the hostname as returned by gethostbyname to set -+ # up some of the standard entries -+ -+ host_name = socket.gethostname() -+ if len(host_name.split(".")) < 2: -+ print "Invalid hostname <"+host_name+">" -+ print "Check the /etc/hosts file and make sure to have a valid FQDN" -+ return "-Fatal Error-" -+ -+ if socket.gethostbyname(host_name) == "127.0.0.1": -+ print "The hostname resolves to the localhost address (127.0.0.1)" -+ print "Please change your /etc/hosts file or your DNS so that the" -+ print "hostname resolves to the ip address of your network interface." -+ print "The KDC service does not listen on 127.0.0.1" -+ return "-Fatal Error-" -+ -+ print "The Final KDC Host Name will be: " + host_name -+ - ds = ipa.dsinstance.DsInstance() -- ds.create_instance(options.ds_user, options.realm_name, options.host_name, options.password) -+ ds.create_instance(options.ds_user, options.realm_name, host_name, options.password) - - krb = ipa.krbinstance.KrbInstance() -- krb.create_instance(options.ds_user, options.realm_name, options.host_name, options.password, options.master_password) -- #restart ds after the krb instance have add the sasl map -+ krb.create_instance(options.ds_user, options.realm_name, host_name, options.password, options.master_password) -+ -+ #restart ds after the krb instance have add the sasl map and the ldap keytab - ds.restart() - - return 0 -diff -r 5ebd8adc48b8 ipa-install/src/ipa/krbinstance.py ---- a/ipa-install/src/ipa/krbinstance.py Mon Jul 02 15:51:04 2007 -0400 -+++ b/ipa-install/src/ipa/krbinstance.py Fri Jul 13 19:20:41 2007 -0400 -@@ -25,6 +25,9 @@ import logging - import logging - from random import Random - from time import gmtime -+import os -+import pwd -+import socket - - SHARE_DIR = "/usr/share/ipa/" - -@@ -32,6 +35,10 @@ def realm_to_suffix(realm_name): - s = realm_name.split(".") - terms = ["dc=" + x.lower() for x in s] - return ",".join(terms) -+ -+def host_to_domain(fqdn): -+ s = fqdn.split(".") -+ return ".".join(s[1:]) - - def generate_kdc_password(): - rndpwd = '' -@@ -75,8 +82,10 @@ class KrbInstance: - class KrbInstance: - def __init__(self): - self.ds_user = None -- self.realm_name = None -- self.host_name = None -+ self.fqdn = None -+ self.realm = None -+ self.domain = None -+ self.host = None - self.admin_password = None - self.master_password = None - self.suffix = None -@@ -85,12 +94,15 @@ class KrbInstance: - - def create_instance(self, ds_user, realm_name, host_name, admin_password, master_password): - self.ds_user = ds_user -- self.realm_name = realm_name.upper() -- self.host_name = host_name -+ self.fqdn = host_name -+ self.ip = socket.gethostbyname(host_name) -+ self.realm = realm_name.upper() -+ self.host = host_name.split(".")[0] -+ self.domain = host_to_domain(host_name) - self.admin_password = admin_password - self.master_password = master_password - -- self.suffix = realm_to_suffix(self.realm_name) -+ self.suffix = realm_to_suffix(self.realm) - self.kdc_password = generate_kdc_password() - self.__configure_kdc_account_password() - -@@ -99,6 +111,10 @@ class KrbInstance: - self.__configure_ldap() - - self.__create_instance() -+ -+ self.__create_ds_keytab() -+ -+ self.__create_sample_bind_zone() - - self.start() - -@@ -120,12 +136,13 @@ class KrbInstance: - pwd_fd.close() - - def __setup_sub_dict(self): -- #FIXME: can DOMAIN be different than REALM ? -- self.sub_dict = dict(FQHN=self.host_name, -+ self.sub_dict = dict(FQDN=self.fqdn, -+ IP=self.ip, - PASSWORD=self.kdc_password, - SUFFIX=self.suffix, -- DOMAIN= self.realm_name.lower(), -- REALM=self.realm_name) -+ DOMAIN=self.domain, -+ HOST=self.host, -+ REALM=self.realm) - - def __configure_ldap(self): - -@@ -153,7 +170,7 @@ class KrbInstance: - krb5_fd.close() - - #populate the directory with the realm structure -- args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=kerberos,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-r", self.realm_name, "-subtrees", self.suffix, "-sscope", "sub"] -+ args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=kerberos,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"] - run(args) - - # TODO: NOT called yet, need to find out how to make sure the plugin is available first -@@ -165,5 +182,28 @@ class KrbInstance: - extop_fd.close() - - #add an ACL to let the DS user read the master key -- args = ["/usr/bin/setfacl", "-m", "u:"+self.ds_user+":r", "/var/kerberos/krb5kdc/.k5."+self.realm_name] -+ args = ["/usr/bin/setfacl", "-m", "u:"+self.ds_user+":r", "/var/kerberos/krb5kdc/.k5."+self.realm] - run(args) -+ -+ def __create_sample_bind_zone(self): -+ bind_txt = template_file(SHARE_DIR + "bind.zone.db.template", self.sub_dict) -+ [bind_fd, bind_name] = tempfile.mkstemp(".db","sammple.zone.") -+ os.write(bind_fd, bind_txt) -+ os.close(bind_fd) -+ print "Sample zone file for bind has been created in "+bind_name -+ -+ def __create_ds_keytab(self): -+ (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") -+ kwrite.write("addprinc -randkey ldap/"+self.fqdn+"@"+self.realm+"\n") -+ kwrite.flush() -+ kwrite.write("ktadd -k /etc/fedora-ds/ds.keytab ldap/"+self.fqdn+"@"+self.realm+"\n") -+ kwrite.flush() -+ kwrite.close() -+ kread.close() -+ kerr.close() -+ -+ cfg_fd = open("/etc/sysconfig/fedora-ds", "a") -+ cfg_fd.write("export KRB5_KTNAME=/etc/fedora-ds/ds.keytab\n") -+ cfg_fd.close() -+ pent = pwd.getpwnam(self.ds_user) -+ os.chown("/etc/sysconfig/fedora-ds", pent.pw_uid, pent.pw_gid)