IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

dsinstance, httpinstance: Don't hardcode 'Server-Cert'

Browse Source
This commit is contained in:
Petr Viktorin 2013-03-15 10:09:58 +01:00 committed by Martin Kosek
parent ac06a28cf9
commit a03aba5704
2 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ipaserver/install/dsinstance.py
View File

@ -154,14 +154,15 @@ info: IPA V2.0
""" """
class DsInstance(service.Service): class DsInstance(service.Service):
def __init__(self, realm_name=None, domain_name=None, dm_password=None, fstore=None): def __init__(self, realm_name=None, domain_name=None, dm_password=None,
fstore=None, cert_nickname='Server-Cert'):
service.Service.__init__(self, "dirsrv", service.Service.__init__(self, "dirsrv",
service_desc="directory server", service_desc="directory server",
dm_password=dm_password, dm_password=dm_password,
ldapi=False, ldapi=False,
autobind=service.DISABLED autobind=service.DISABLED
) )
self.nickname = 'Server-Cert' self.nickname = cert_nickname
self.dm_password = dm_password self.dm_password = dm_password
self.realm_name = realm_name self.realm_name = realm_name
self.sub_dict = None self.sub_dict = None
@ -542,19 +543,24 @@ class DsInstance(service.Service):
self.dercert = dsdb.get_cert_from_db(nickname, pem=False) self.dercert = dsdb.get_cert_from_db(nickname, pem=False)
dsdb.track_server_cert(nickname, self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid ) dsdb.track_server_cert(nickname, self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid )
else: else:
nickname = "Server-Cert" nickname = self.nickname
cadb = certs.CertDB(self.realm_name, host_name=self.fqdn, subject_base=self.subject_base) cadb = certs.CertDB(self.realm_name, host_name=self.fqdn, subject_base=self.subject_base)
if self.self_signed_ca: if self.self_signed_ca:
dsdb.create_from_cacert(cadb.cacert_fname, passwd=None) dsdb.create_from_cacert(cadb.cacert_fname, passwd=None)
self.dercert = dsdb.create_server_cert("Server-Cert", self.fqdn, cadb) self.dercert = dsdb.create_server_cert(nickname, self.fqdn, cadb)
dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid) dsdb.track_server_cert(
nickname, self.principal, dsdb.passwd_fname,
'restart_dirsrv %s' % self.serverid)
dsdb.create_pin_file() dsdb.create_pin_file()
else: else:
# FIXME, need to set this nickname in the RA plugin # FIXME, need to set this nickname in the RA plugin
cadb.export_ca_cert('ipaCert', False) cadb.export_ca_cert('ipaCert', False)
dsdb.create_from_cacert(cadb.cacert_fname, passwd=None) dsdb.create_from_cacert(cadb.cacert_fname, passwd=None)
self.dercert = dsdb.create_server_cert("Server-Cert", self.fqdn, cadb) self.dercert = dsdb.create_server_cert(
dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid) nickname, self.fqdn, cadb)
dsdb.track_server_cert(
nickname, self.principal, dsdb.passwd_fname,
'restart_dirsrv %s' % self.serverid)
dsdb.create_pin_file() dsdb.create_pin_file()
conn = ipaldap.IPAdmin(self.fqdn) conn = ipaldap.IPAdmin(self.fqdn)
@ -685,7 +691,7 @@ class DsInstance(service.Service):
# will match what is in certmonger # will match what is in certmonger
dirname = config_dirname(serverid)[:-1] dirname = config_dirname(serverid)[:-1]
dsdb = certs.CertDB(self.realm_name, nssdir=dirname) dsdb = certs.CertDB(self.realm_name, nssdir=dirname)
dsdb.untrack_server_cert("Server-Cert") dsdb.untrack_server_cert(self.nickname)
erase_ds_instance_data(serverid) erase_ds_instance_data(serverid)
# At one time we removed this user on uninstall. That can potentially # At one time we removed this user on uninstall. That can potentially

12
ipaserver/install/httpinstance.py
View File

@ -50,13 +50,15 @@ class WebGuiInstance(service.SimpleServiceInstance):
service.SimpleServiceInstance.__init__(self, "ipa_webgui") service.SimpleServiceInstance.__init__(self, "ipa_webgui")
class HTTPInstance(service.Service): class HTTPInstance(service.Service):
def __init__(self, fstore = None): def __init__(self, fstore=None, cert_nickname='Server-Cert'):
service.Service.__init__(self, "httpd", service_desc="the web interface") service.Service.__init__(self, "httpd", service_desc="the web interface")
if fstore: if fstore:
self.fstore = fstore self.fstore = fstore
else: else:
self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
self.cert_nickname = cert_nickname
subject_base = ipautil.dn_attribute_property('_subject_base') subject_base = ipautil.dn_attribute_property('_subject_base')
def create_instance(self, realm, fqdn, domain_name, dm_password=None, autoconfig=True, pkcs12_info=None, self_signed_ca=False, subject_base=None, auto_redirect=True): def create_instance(self, realm, fqdn, domain_name, dm_password=None, autoconfig=True, pkcs12_info=None, self_signed_ca=False, subject_base=None, auto_redirect=True):
@ -256,8 +258,10 @@ class HTTPInstance(service.Service):
db.create_from_cacert(ca_db.cacert_fname) db.create_from_cacert(ca_db.cacert_fname)
db.create_password_conf() db.create_password_conf()
self.dercert = db.create_server_cert("Server-Cert", self.fqdn, ca_db) self.dercert = db.create_server_cert(self.cert_nickname, self.fqdn,
db.track_server_cert("Server-Cert", self.principal, db.passwd_fname, 'restart_httpd') ca_db)
db.track_server_cert(self.cert_nickname, self.principal,
db.passwd_fname, 'restart_httpd')
db.create_signing_cert("Signing-Cert", "Object Signing Cert", ca_db) db.create_signing_cert("Signing-Cert", "Object Signing Cert", ca_db)
# Fix the database permissions # Fix the database permissions
@ -365,7 +369,7 @@ class HTTPInstance(service.Service):
self.stop() self.stop()
db = certs.CertDB(api.env.realm) db = certs.CertDB(api.env.realm)
db.untrack_server_cert("Server-Cert") db.untrack_server_cert(self.cert_nickname)
if not enabled is None and not enabled: if not enabled is None and not enabled:
self.disable() self.disable()