diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-08-27 14:12:55 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-08-27 14:15:26 -0400 |
| commit | 559c76f761ff46c0d0e7f679d24d7ca5304db101 (patch) | |
| tree | 7df5b1122aca7283bc4a01bfc4afb80e6f265c68 | |
| parent | cab55250760ad1633ed115564f83750fd91e230d (diff) | |
| download | freeipa-559c76f761ff46c0d0e7f679d24d7ca5304db101.tar.gz freeipa-559c76f761ff46c0d0e7f679d24d7ca5304db101.tar.xz freeipa-559c76f761ff46c0d0e7f679d24d7ca5304db101.zip | |
Add option to the installer for uid/gid starting numbers.
This also adds a new option to the template system. If you include
eval(string) in a file that goes through the templater then the
string in the eval will be evaluated by the Python interpreter. This is
used so one can do $UIDSTART+1. If any errors occur during the evaluation
the original string is is returned, eval() and all so it is up to the
developer to make sure the evaluation passes.
The default value for uid and gid is now a random value between
1,000,000 and (2^31 - 1,000,000)
| -rw-r--r-- | install/share/bootstrap-template.ldif | 10 | ||||
| -rw-r--r-- | install/share/dna-posix.ldif | 4 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 11 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 6 | ||||
| -rw-r--r-- | ipapython/ipautil.py | 10 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 7 |
6 files changed, 37 insertions, 11 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 5c716f6a5..e98c73b07 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -69,8 +69,8 @@ uid: admin krbPrincipalName: admin@$REALM cn: Administrator sn: Administrator -uidNumber: 999 -gidNumber: 1001 +uidNumber: $UIDSTART +gidNumber: $GIDSTART homeDirectory: /home/admin loginShell: /bin/bash gecos: Administrator @@ -107,7 +107,7 @@ objectClass: groupofnames objectClass: posixgroup cn: admins description: Account administrators group -gidNumber: 1001 +gidNumber: $GIDSTART member: uid=admin,cn=users,cn=accounts,$SUFFIX nsAccountLock: False @@ -118,7 +118,7 @@ objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: posixgroup -gidNumber: 1002 +gidNumber: eval($GIDSTART+1) description: Default group for all users cn: ipausers @@ -127,7 +127,7 @@ changetype: add objectClass: top objectClass: groupofnames objectClass: posixgroup -gidNumber: 1003 +gidNumber: eval($GIDSTART+2) description: Limited admins who can edit other users cn: editors diff --git a/install/share/dna-posix.ldif b/install/share/dna-posix.ldif index 6b5cef8cc..e255bb27a 100644 --- a/install/share/dna-posix.ldif +++ b/install/share/dna-posix.ldif @@ -6,7 +6,7 @@ objectclass: top objectclass: extensibleObject cn: Posix Accounts dnaType: uidNumber -dnaNextValue: 1100 +dnaNextValue: eval($UIDSTART+1) dnaInterval: 1 dnaMaxValue: 1000000000 dnaMagicRegen: 999 @@ -21,7 +21,7 @@ objectclass: top objectclass: extensibleObject cn: Posix Groups dnaType: gidNumber -dnaNextValue: 1100 +dnaNextValue: eval($GIDSTART+3) dnaInterval: 1 dnaMaxValue: 1000000000 dnaMagicRegen: 999 diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index c09b24de5..d0e939796 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -36,6 +36,7 @@ import shutil import glob import traceback from optparse import OptionParser +import random from ipaserver.install import dsinstance from ipaserver.install import krbinstance @@ -54,7 +55,11 @@ from ipalib import util pw_name = None +# Used to determine the the highest possible uid/gid +MAXINT_32BIT = 2147483648 + def parse_options(): + namespace = random.randint(1000000, (MAXINT_32BIT - 1000000)) parser = OptionParser(version=version.VERSION) parser.add_option("-u", "--user", dest="ds_user", help="ds user") @@ -97,6 +102,10 @@ def parse_options(): default=False, help="Do not use DNS for hostname lookup during installation") + parser.add_option("--uidstart", dest="uidstart", default=namespace, type=int, + help="The starting uid value (default random)") + parser.add_option("--gidstart", dest="gidstart", default=namespace, type=int, + help="The starting gid value (default random)") options, args = parser.parse_args() if options.uninstall: @@ -537,7 +546,7 @@ def main(): finally: os.remove(pw_name) else: - ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=not options.ca) + ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=not options.ca, uidstart=options.uidstart, gidstart=options.gidstart) # Create a kerberos instance krb = krbinstance.KrbInstance(fstore) diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index bf533af88..df977c2f6 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -75,6 +75,12 @@ The password of the Directory Server PKCS#12 file \fB\-\-http_pin\fR=\fIHTTP_PIN\fR The password of the Apache Server PKCS#12 file .PP +\fB\-\-uidstart\fR=\fIUIDSTART\fR +The starting user id number (default random) +.PP +\fB\-\-gidstart\fR=\fIGIDSTART\fR +The starting group id number (default random) +.PP .SH "EXIT STATUS" 0 if the installation was successful diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 240e0d872..47b651c1d 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -68,7 +68,15 @@ def realm_to_suffix(realm_name): return ",".join(terms) def template_str(txt, vars): - return string.Template(txt).substitute(vars) + val = string.Template(txt).substitute(vars) + + # eval() is a special string one can insert into a template to have the + # Python interpreter evaluate the string. This is intended to allow + # math to be performed in templates. + pattern = re.compile('(eval\s*\(([^()]*)\))') + val = pattern.sub(lambda x: str(eval(x.group(2))), val) + + return val def template_file(infilename, vars): txt = open(infilename).read() diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 061b827bc..90d64b112 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -151,7 +151,7 @@ class DsInstance(service.Service): else: self.suffix = None - def create_instance(self, ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False): + def create_instance(self, ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False, uidstart=1100, gidstart=1100): self.ds_user = ds_user self.realm_name = realm_name.upper() self.serverid = realm_to_serverid(self.realm_name) @@ -161,6 +161,8 @@ class DsInstance(service.Service): self.domain = domain_name self.pkcs12_info = pkcs12_info self.self_signed_ca = self_signed_ca + self.uidstart = uidstart + self.gidstart = gidstart self.__setup_sub_dict() self.step("creating directory server user", self.__create_ds_user) @@ -198,7 +200,8 @@ class DsInstance(service.Service): PASSWORD=self.dm_password, SUFFIX=self.suffix.lower(), REALM=self.realm_name, USER=self.ds_user, SERVER_ROOT=server_root, DOMAIN=self.domain, - TIME=int(time.time())) + TIME=int(time.time()), UIDSTART=self.uidstart, + GIDSTART=self.gidstart) def __create_ds_user(self): user_exists = True |