IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

First step in enabling SSL in the IPA web server

Browse Source
This commit is contained in:
Rob Crittenden
2007-10-15 15:42:12 -04:00
parent a4143789da
commit ed8f506b0f
4 changed files with 84 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ipa-server/freeipa-server.spec
View File

@@ -11,7 +11,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel
Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears mod_nss
%define httpd_conf /etc/httpd/conf.d %define httpd_conf /etc/httpd/conf.d
%define plugin_dir %{_libdir}/dirsrv/plugins %define plugin_dir %{_libdir}/dirsrv/plugins

2
ipa-server/freeipa-server.spec.in
View File

@@ -11,7 +11,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel
Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears mod_nss
%define httpd_conf /etc/httpd/conf.d %define httpd_conf /etc/httpd/conf.d
%define plugin_dir %{_libdir}/dirsrv/plugins %define plugin_dir %{_libdir}/dirsrv/plugins

7
ipa-server/ipa-install/ipa-server-install
View File

@@ -43,6 +43,7 @@ from optparse import OptionParser
import ipaserver.dsinstance import ipaserver.dsinstance
import ipaserver.krbinstance import ipaserver.krbinstance
import ipaserver.bindinstance import ipaserver.bindinstance
import ipaserver.httpinstance
from ipa.ipautil import run from ipa.ipautil import run
def parse_options(): def parse_options():
@@ -387,8 +388,8 @@ def main():
print "To accept the default shown in brackets, press the Enter key." print "To accept the default shown in brackets, press the Enter key."
print "" print ""
check_ports()
check_existing_installation() check_existing_installation()
check_ports()
options = parse_options() options = parse_options()
logging_setup(options) logging_setup(options)
@@ -508,6 +509,10 @@ def main():
krb = ipaserver.krbinstance.KrbInstance() krb = ipaserver.krbinstance.KrbInstance()
krb.create_instance(ds_user, realm_name, host_name, dm_password, master_password) krb.create_instance(ds_user, realm_name, host_name, dm_password, master_password)
# Create a HTTP instance
http = ipaserver.httpinstance.HTTPInstance()
http.create_instance()
bind.setup(host_name, ip_address, realm_name) bind.setup(host_name, ip_address, realm_name)
if options.setup_bind: if options.setup_bind:
skipbind = False skipbind = False

76
ipa-server/ipaserver/httpinstance.py Normal file
View File

@@ -0,0 +1,76 @@
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 or later
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import subprocess
import string
import tempfile
import shutil
import logging
import pwd
from ipa.ipautil import *
import fileinput
import sys
HTTPD_DIR = "/etc/httpd"
SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf"
NSS_CONF = HTTPD_DIR + "/conf.d/nss.conf"
def update_file(filename, orig, subst):
if os.path.exists(filename):
pattern = "%s" % re.escape(orig)
p = re.compile(pattern)
for line in fileinput.input(filename, inplace=1):
if not p.search(line):
sys.stdout.write(line)
else:
sys.stdout.write(p.sub(subst, line))
fileinput.close()
class HTTPInstance:
def __init__(self):
pass
def create_instance(self):
self.__disable_mod_ssl()
self.__set_mod_nss_port()
try:
self.restart()
except:
# TODO: roll back here?
print "Failed to restart httpd"
def stop(self):
run(["/sbin/service", "httpd", "stop"])
def start(self):
run(["/sbin/service", "httpd", "start"])
def restart(self):
run(["/sbin/service", "httpd", "restart"])
def __disable_mod_ssl(self):
logging.debug("disabling mod_ssl in httpd")
if os.path.exists(SSL_CONF):
os.rename(SSL_CONF, "%s.moved_by_ipa" % SSL_CONF)
logging.debug("done disabling mod_ssl")
def __set_mod_nss_port(self):
logging.debug("Setting mod_nss port to 443")
update_file(NSS_CONF, '8443', '443')
logging.debug("done setting mod_nss port")