mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
ac0fb8ea52
correctly issue certs from the same authority. Also remove support for read-only replicas since that work will not be finished and tested for 1.0.
-
115 lines
3.1 KiB
Python
115 lines
3.1 KiB
Python
#! /usr/bin/python -E
|
|
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
|
|
#
|
|
# Copyright (C) 2007 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; version 2 or later
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
#
|
|
|
|
import sys
|
|
sys.path.append("/usr/share/ipa")
|
|
|
|
import logging, tempfile, shutil, os, pwd
|
|
from ConfigParser import SafeConfigParser
|
|
import krbV
|
|
|
|
from ipa import ipautil
|
|
from ipaserver import dsinstance, installutils, certs
|
|
|
|
def get_host_name():
|
|
hostname = installutils.get_fqdn()
|
|
try:
|
|
installutils.verify_fqdn(hostname)
|
|
except RuntimeError, e:
|
|
logging.error(str(e))
|
|
sys.exit(1)
|
|
|
|
return hostname
|
|
|
|
def get_realm_name():
|
|
c = krbV.default_context()
|
|
return c.default_realm
|
|
|
|
def check_ipa_configuration(realm_name):
|
|
config_dir = dsinstance.config_dirname(realm_name)
|
|
if not ipautil.dir_exists(config_dir):
|
|
logging.error("could not find directory instance: %s" % config_dir)
|
|
sys.exit(1)
|
|
|
|
def export_certdb(ds_dir, dir):
|
|
ds_cdb = certs.CertDB(ds_dir)
|
|
|
|
pkcs12_fname = dir + "/cacert.p12"
|
|
passwd_fname = dir + "/pwdfile.txt"
|
|
fd = open(passwd_fname, "w")
|
|
fd.write("\n")
|
|
fd.close()
|
|
|
|
try:
|
|
ds_cdb.export_pkcs12(pkcs12_fname, passwd_fname)
|
|
except ipautil.CalledProcessError, e:
|
|
print "error exporting CA certificate: " + str(e)
|
|
try:
|
|
os.unlink(pkcs12_fname)
|
|
os.unlink(passwd_fname)
|
|
except:
|
|
pass
|
|
|
|
|
|
def get_ds_user(ds_dir):
|
|
uid = os.stat(ds_dir).st_uid
|
|
user = pwd.getpwuid(uid)[0]
|
|
|
|
return user
|
|
|
|
def save_config(dir, realm_name, host_name, ds_user):
|
|
config = SafeConfigParser()
|
|
config.add_section("realm")
|
|
config.set("realm", "realm_name", realm_name)
|
|
config.set("realm", "master_host_name", host_name)
|
|
config.set("realm", "ds_user", ds_user)
|
|
fd = open(dir + "/realm_info", "w")
|
|
config.write(fd)
|
|
|
|
def copy_files(realm_name, dir):
|
|
shutil.copy("/var/kerberos/krb5kdc/ldappwd", dir + "/ldappwd")
|
|
|
|
def main():
|
|
realm_name = get_realm_name()
|
|
host_name = get_host_name()
|
|
ds_dir = dsinstance.config_dirname(realm_name)
|
|
ds_user = get_ds_user(ds_dir)
|
|
|
|
check_ipa_configuration(realm_name)
|
|
|
|
top_dir = tempfile.mkdtemp("ipa")
|
|
dir = top_dir + "/realm_info"
|
|
os.mkdir(dir, 0700)
|
|
|
|
export_certdb(ds_dir, dir)
|
|
copy_files(realm_name, dir)
|
|
save_config(dir, realm_name, host_name, ds_user)
|
|
|
|
ipautil.run(["/bin/tar", "cfz", "replica-info-" + realm_name, "-C", top_dir, "realm_info"])
|
|
|
|
shutil.rmtree(dir)
|
|
|
|
main()
|
|
|
|
|
|
|
|
|
|
|