summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ipa-python/rpcclient.py2
-rw-r--r--ipa-server/Makefile.am5
-rw-r--r--ipa-server/ipa-gui/ipa_webgui.cfg4
-rw-r--r--ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css4
-rw-r--r--ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css24
-rw-r--r--ipa-server/ipa-gui/ipagui/static/css/style_platform.css14
-rw-r--r--ipa-server/ipa-gui/ipagui/templates/master.kid12
-rw-r--r--ipa-server/ipa-server.spec.in7
-rw-r--r--ipa-server/ipa-upgradeconfig112
-rw-r--r--ipa-server/xmlrpc-server/ipa-rewrite.conf4
-rw-r--r--ipa-server/xmlrpc-server/ipa.conf24
-rw-r--r--ipa-server/xmlrpc-server/unauthorized.html6
12 files changed, 171 insertions, 47 deletions
diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py
index ecd42b99d..5a95d8300 100644
--- a/ipa-python/rpcclient.py
+++ b/ipa-python/rpcclient.py
@@ -38,7 +38,7 @@ class RPCClient:
def server_url(self, server):
"""Build the XML-RPC server URL from our configuration"""
- url = "https://" + server + "/ipaxml"
+ url = "https://" + server + "/ipa/xml"
if self.verbose:
print "Connecting to IPA server: %s" % url
return url
diff --git a/ipa-server/Makefile.am b/ipa-server/Makefile.am
index 35d3074e1..949b39c3e 100644
--- a/ipa-server/Makefile.am
+++ b/ipa-server/Makefile.am
@@ -14,6 +14,10 @@ SUBDIRS = \
man \
$(NULL)
+sbin_SCRIPTS = \
+ ipa-upgradeconfig \
+ $(NULL)
+
install-exec-local:
mkdir -p $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
chmod 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
@@ -35,6 +39,7 @@ EXTRA_DIST = \
HACKING \
NEWS \
ChangeLog \
+ $(sbin_SCRIPTS) \
$(NULL)
DISTCLEANFILES = \
diff --git a/ipa-server/ipa-gui/ipa_webgui.cfg b/ipa-server/ipa-gui/ipa_webgui.cfg
index 62d251cf3..f7dfb2593 100644
--- a/ipa-server/ipa-gui/ipa_webgui.cfg
+++ b/ipa-server/ipa-gui/ipa_webgui.cfg
@@ -29,11 +29,11 @@ server.thread_pool = 10
# if this is part of a larger site, you can set the path
# to the TurboGears instance here
-server.webpath="/ipa"
+server.webpath="/ipa/ui"
# Set to True if you are deploying your App behind a proxy
# e.g. Apache using mod_proxy
-# base_url_filter.on = False
+base_url_filter.on = True
# Set to True if your proxy adds the x_forwarded_host header
# base_url_filter.use_x_forwarded_host = True
diff --git a/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css b/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css
index 5eafa9b1a..f56971bd3 100644
--- a/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css
+++ b/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css
@@ -40,10 +40,10 @@
text-decoration: underline;
}
.sortasc {
- background-image: url(/static/images/up.gif) !important;
+ background-image: url(/ipa/ui/static/images/up.gif) !important;
}
.sortdesc {
- background-image: url(/static/images/down.gif) !important;
+ background-image: url(/ipa/ui/static/images/down.gif) !important;
}
.warning_message {
diff --git a/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css b/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css
index bb9e805ab..51d570896 100644
--- a/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css
+++ b/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css
@@ -1,19 +1,19 @@
/* object h1 styles */
-#details h1.overview { background-image: url('/static/images/objects/object-overview.png'); }
+#details h1.overview { background-image: url('/ipa/ui/static/images/objects/object-overview.png'); }
-#details h1.accesscontrol { background-image: url('/static/images/objects/object-accesscontrol.png'); }
+#details h1.accesscontrol { background-image: url('/ipa/ui/static/images/objects/object-accesscontrol.png'); }
-#details h1.user { background-image: url('/static/images/objects/object-user.png'); }
-#details h1.usergroup { background-image: url('/static/images/objects/object-usergroup.png'); }
+#details h1.user { background-image: url('/ipa/ui/static/images/objects/object-user.png'); }
+#details h1.usergroup { background-image: url('/ipa/ui/static/images/objects/object-usergroup.png'); }
-#details h1.content-overview { background-image: url('/static/images/objects/object-content.png'); }
-#details h1.channel { background-image: url('/static/images/objects/object-channel.png'); }
-#details h1.channel-new { background-image: url('/static/images/objects/object-channel.png'); }
-#details h1.channels { background-image: url('/static/images/objects/object-channels.png'); }
-#details h1.media { background-image: url('/static/images/objects/object-media.png'); }
+#details h1.content-overview { background-image: url('/ipa/ui/static/images/objects/object-content.png'); }
+#details h1.channel { background-image: url('/ipa/ui/static/images/objects/object-channel.png'); }
+#details h1.channel-new { background-image: url('/ipa/ui/static/images/objects/object-channel.png'); }
+#details h1.channels { background-image: url('/ipa/ui/static/images/objects/object-channels.png'); }
+#details h1.media { background-image: url('/ipa/ui/static/images/objects/object-media.png'); }
-#details h1.system { background-image: url('/static/images/objects/object-system.png'); }
-#details h1.virtualsystem { background-image: url('/static/images/objects/object-virtualsystem.png'); }
+#details h1.system { background-image: url('/ipa/ui/static/images/objects/object-system.png'); }
+#details h1.virtualsystem { background-image: url('/ipa/ui/static/images/objects/object-virtualsystem.png'); }
-#details h1.policy { background-image: url('/static/images/objects/object-policy.png'); }
+#details h1.policy { background-image: url('/ipa/ui/static/images/objects/object-policy.png'); }
diff --git a/ipa-server/ipa-gui/ipagui/static/css/style_platform.css b/ipa-server/ipa-gui/ipagui/static/css/style_platform.css
index 37f030a84..9168bd1d0 100644
--- a/ipa-server/ipa-gui/ipagui/static/css/style_platform.css
+++ b/ipa-server/ipa-gui/ipagui/static/css/style_platform.css
@@ -12,7 +12,7 @@ html, body {
}
body {
- background-image: url('/static/images/template/background.png');
+ background-image: url('/ipa/ui/static/images/template/background.png');
background-repeat: repeat-x;
background-color: #f9f9f9;
margin: 0px;
@@ -45,7 +45,7 @@ td, th {
float: left;
margin-top: -10px;
- background: url('/static/images/branding/logo.png') no-repeat;
+ background: url('/ipa/ui/static/images/branding/logo.png') no-repeat;
}
#content {
@@ -53,7 +53,7 @@ td, th {
min-height: 100%;
background-color: #f9f9f9;
- background-image: url('/static/images/template/background-content.png');
+ background-image: url('/ipa/ui/static/images/template/background-content.png');
background-repeat: repeat-x;
}
@@ -95,7 +95,7 @@ div#search {
margin: 0px;
clear: both;
- background-image: url('/static/images/template/background-navbar.png');
+ background-image: url('/ipa/ui/static/images/template/background-navbar.png');
background-repeat: repeat-x;
}
@@ -121,7 +121,7 @@ div#search {
}
#navbar .active {
- background-image: url('/static/images/template/background-navbar-active.png');
+ background-image: url('/ipa/ui/static/images/template/background-navbar-active.png');
height: 70px;
width: 116px;
@@ -156,7 +156,7 @@ div#search {
border: 1px solid #aaa;
background-color: #ccc;
- background-image: url('/static/images/template/background-sidebar.png');
+ background-image: url('/ipa/ui/static/images/template/background-sidebar.png');
background-repeat: repeat-y;
}
@@ -477,7 +477,7 @@ div.instructions {
padding-top: 2ex;
width: 40%;
float: right;
- background-image: url('/static/images/template/background-search.png');
+ background-image: url('/ipa/ui/static/images/template/background-search.png');
background-repeat: repeat-y;
background-color: white;
}
diff --git a/ipa-server/ipa-gui/ipagui/templates/master.kid b/ipa-server/ipa-gui/ipagui/templates/master.kid
index ac850178a..d8b341428 100644
--- a/ipa-server/ipa-gui/ipagui/templates/master.kid
+++ b/ipa-server/ipa-gui/ipagui/templates/master.kid
@@ -24,13 +24,13 @@
<title py:replace="''">Your title goes here</title>
<meta py:replace="item[:]"/>
<style type="text/css" media="all">
- @import "/static/css/style_platform.css";
- @import "/static/css/style_platform-objects.css";
- @import "/static/css/style_freeipa.css";
+ @import "${tg.url('/static/css/style_platform.css')}";
+ @import "${tg.url('/static/css/style_platform-objects.css')}";
+ @import "${tg.url('/static/css/style_freeipa.css')}";
</style>
- <script type="text/javascript" charset="utf-8" src="/static/javascript/prototype.js"></script>
- <script type="text/javascript" charset="utf-8" src="/static/javascript/scriptaculous.js?load=effects"></script>
- <script type="text/javascript" charset="utf-8" src="/static/javascript/ipautil.js"></script>
+ <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/prototype.js')}"></script>
+ <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/scriptaculous.js?load=effects')}"></script>
+ <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/ipautil.js')}"></script>
</head>
<body py:match="item.tag=='{http://www.w3.org/1999/xhtml}body'" py:attrs="item.items()">
diff --git a/ipa-server/ipa-server.spec.in b/ipa-server/ipa-server.spec.in
index 4390dff37..281fa07fe 100644
--- a/ipa-server/ipa-server.spec.in
+++ b/ipa-server/ipa-server.spec.in
@@ -1,6 +1,6 @@
Name: ipa-server
Version: VERSION
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: IPA authentication server
Group: System Environment/Base
@@ -93,6 +93,7 @@ fi
/bin/chown apache /var/log/ipa_error.log
/bin/chmod 600 /var/log/ipa_error.log
restorecon /var/log/ipa_error.log
+/usr/sbin/ipa-upgradeconfig
%preun
if [ $1 = 0 ]; then
@@ -118,6 +119,7 @@ fi
%{_sbindir}/ipactl
%{_sbindir}/ipa_kpasswd
%{_sbindir}/ipa_webgui
+%{_sbindir}/ipa-upgradeconfig
%attr(755,root,root) %{_initrddir}/ipa_kpasswd
%attr(755,root,root) %{_initrddir}/ipa_webgui
@@ -166,6 +168,9 @@ fi
%{_mandir}/man1/ipa-server-install.1.gz
%changelog
+* Tue May 5 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2
+- Add ipa-upgradeconfig command and run it at post
+
* Thu Apr 3 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
- Version bump for release
diff --git a/ipa-server/ipa-upgradeconfig b/ipa-server/ipa-upgradeconfig
new file mode 100644
index 000000000..2fa290168
--- /dev/null
+++ b/ipa-server/ipa-upgradeconfig
@@ -0,0 +1,112 @@
+#!/usr/bin/python
+#
+# Upgrade configuration files to a newer template.
+
+import sys
+try:
+ from ipa import ipautil
+ import krbV
+ import re
+ import os
+ import shutil
+ import fileinput
+except ImportError:
+ print >> sys.stderr, """\
+There was a problem importing one of the required Python modules. The
+error was:
+
+ %s
+""" % sys.exc_value
+ sys.exit(1)
+
+def backup_file(filename, ext):
+ """Make a backup of filename using ext as the extension. Do not overwrite
+ previous backups."""
+ if not os.path.isabs(filename):
+ raise ValueError("Absolute path required")
+
+ backupfile = filename + ".bak"
+ (reldir, file) = os.path.split(filename)
+
+ while os.path.exists(backupfile):
+ backupfile = backupfile + "." + str(ext)
+
+ shutil.copy2(filename, backupfile)
+
+def update_conf(sub_dict, filename, template_filename):
+ template = ipautil.template_file(template_filename, sub_dict)
+ fd = open(filename, "w")
+ fd.write(template)
+ fd.close()
+
+def find_hostname():
+ """Find the hostname currently configured in ipa-rewrite.conf"""
+ filename="/etc/httpd/conf.d/ipa-rewrite.conf"
+ if os.path.exists(filename):
+ pattern = "^[\s#]*.*https:\/\/([A-Za-z0-9\.\-]*)\/.*"
+ p = re.compile(pattern)
+ for line in fileinput.input(filename):
+ if p.search(line):
+ fileinput.close()
+ return p.search(line).group(1)
+ fileinput.close()
+
+ return None
+
+def find_version(filename):
+ """Find the version of a configuration file"""
+ if os.path.exists(filename):
+ pattern = "^[\s#]*VERSION\s+([0-9]+)\s+.*"
+ p = re.compile(pattern)
+ for line in fileinput.input(filename):
+ if p.search(line):
+ fileinput.close()
+ return p.search(line).group(1)
+ fileinput.close()
+
+ # no VERSION found
+ return 0
+ else:
+ return -1
+
+def upgrade(sub_dict, filename, template):
+ old = int(find_version(filename))
+ new = int(find_version(template))
+
+ if old < 0:
+ print "%s not found." % filename
+ sys.exit(1)
+
+ if new < 0:
+ print "%s not found." % template
+
+ if old < new:
+ backup_file(filename, new)
+ update_conf(sub_dict, filename, template)
+ print "Upgraded %s to version %d" % (filename, new)
+
+def main():
+ try:
+ krbctx = krbV.default_context()
+ except krbV.Krb5Error, e:
+ print "Unable to get default kerberos realm: %s" % e[1]
+ sys.exit(1)
+
+ fqdn = find_hostname()
+
+ if fqdn is None:
+ print "Unable to determine hostname from ipa-rewrite.conf"
+ sys.exit(1)
+
+ sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn }
+
+ upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf")
+ upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf")
+
+try:
+ if __name__ == "__main__":
+ sys.exit(main())
+except SystemExit, e:
+ sys.exit(e)
+except KeyboardInterrupt, e:
+ sys.exit(1)
diff --git a/ipa-server/xmlrpc-server/ipa-rewrite.conf b/ipa-server/xmlrpc-server/ipa-rewrite.conf
index af3a3afe2..fc7ce6806 100644
--- a/ipa-server/xmlrpc-server/ipa-rewrite.conf
+++ b/ipa-server/xmlrpc-server/ipa-rewrite.conf
@@ -1,9 +1,11 @@
+# VERSION 1 - DO NOT REMOVE THIS LINE
+
RewriteEngine on
# By default forward all requests to /ipa. If you don't want IPA
# to be the default on your web server comment this line out. You will
# need to modify ipa_webgui.cfg as well.
-RewriteRule ^/$$ https://$FQDN/ipa [L,NC,R=301]
+RewriteRule ^/$$ https://$FQDN/ipa/ui [L,NC,R=301]
# Redirect to the fully-qualified hostname. Not redirecting to secure
# port so configuration files can be retrieved without requiring SSL.
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf
index c08282e3b..1eca97757 100644
--- a/ipa-server/xmlrpc-server/ipa.conf
+++ b/ipa-server/xmlrpc-server/ipa.conf
@@ -1,3 +1,6 @@
+#
+# VERSION 1 - DO NOT REMOVE THIS LINE
+#
# LoadModule auth_kerb_module modules/mod_auth_kerb.so
ProxyRequests Off
@@ -17,7 +20,7 @@ AddType application/java-archive jar
Krb5KeyTab /etc/httpd/conf/ipa.keytab
KrbSaveCredentials on
Require valid-user
- ErrorDocument 401 /errors/unauthorized.html
+ ErrorDocument 401 /ipa/errors/unauthorized.html
RewriteEngine on
Order deny,allow
Allow from all
@@ -28,20 +31,17 @@ AddType application/java-archive jar
</Proxy>
# The URI's with a trailing ! are those that aren't handled by the proxy
-ProxyPass /ipa http://localhost:8080/ipa
-ProxyPassReverse /ipa http://localhost:8080/ipa
+ProxyPass /ipa/ui http://localhost:8080/ipa/ui
+ProxyPassReverse /ipa/ui http://localhost:8080/ipa/ui
# Configure the XML-RPC service
-Alias /ipaxml "/usr/share/ipa/ipaserver/XMLRPC"
+Alias /ipa/xml "/usr/share/ipa/ipaserver/XMLRPC"
# This is where we redirect on failed auth
-Alias /errors "/usr/share/ipa/html"
+Alias /ipa/errors "/usr/share/ipa/html"
# For the MIT Windows config files
-Alias /config "/usr/share/ipa/html"
-
-# So we don't have to hardcode a path into the CSS
-Alias /static "/usr/share/ipa/ipagui/static"
+Alias /ipa/config "/usr/share/ipa/html"
<Directory "/usr/share/ipa/ipaserver">
AuthType Kerberos
@@ -53,7 +53,7 @@ Alias /static "/usr/share/ipa/ipagui/static"
Krb5KeyTab /etc/httpd/conf/ipa.keytab
KrbSaveCredentials on
Require valid-user
- ErrorDocument 401 /errors/unauthorized.html
+ ErrorDocument 401 /ipa/errors/unauthorized.html
SetHandler mod_python
PythonHandler ipaxmlrpc
@@ -84,7 +84,7 @@ Alias /static "/usr/share/ipa/ipagui/static"
Krb5KeyTab /etc/httpd/conf/ipa.keytab
KrbSaveCredentials on
Require valid-user
- ErrorDocument 401 /errors/unauthorized.html
+ ErrorDocument 401 /ipa/errors/unauthorized.html
</Directory>
#Alias /ipatest "/usr/share/ipa/ipatest"
@@ -99,7 +99,7 @@ Alias /static "/usr/share/ipa/ipagui/static"
# Krb5KeyTab /etc/httpd/conf/ipa.keytab
# KrbSaveCredentials on
# Require valid-user
-# ErrorDocument 401 /errors/unauthorized.html
+# ErrorDocument 401 /ipa/errors/unauthorized.html
#
# SetHandler mod_python
# PythonHandler test_mod_python
diff --git a/ipa-server/xmlrpc-server/unauthorized.html b/ipa-server/xmlrpc-server/unauthorized.html
index cc53e33b7..6ba8a99ee 100644
--- a/ipa-server/xmlrpc-server/unauthorized.html
+++ b/ipa-server/xmlrpc-server/unauthorized.html
@@ -5,12 +5,12 @@
<p>
Unable to verify your Kerberos credentials. Please make sure
that you have valid Kerberos tickets (obtainable via kinit), and that you
-have <a href="/errors/ssbrowser.html">configured your
+have <a href="/ipa/errors/ssbrowser.html">configured your
browser correctly</a>. If you are still unable to access
the IPA Web interface, please contact the helpdesk on for additional assistance.
</p>
<p>
-Import the <a href="/errors/ca.crt">IPA Certificate Authority</a>.
+Import the <a href="/ipa/errors/ca.crt">IPA Certificate Authority</a>.
</p>
<p>
<script type="text/javascript">
@@ -19,7 +19,7 @@ Import the <a href="/errors/ca.crt">IPA Certificate Authority</a>.
{
document.write("<p>You can automatically configure your browser to work with Kerberos by importing the Certificate Authority above and clicking on the Configure Browser button.</p>");
document.write("<p>You <strong>must</strong> reload this page after importing the Certificate Authority for the automatic settings to work</p>");
- document.write("<object data=\"jar:/errors/configure.jar!/preferences.html\" type=\"text/html\"><\/object");
+ document.write("<object data=\"jar:/ipa/errors/configure.jar!/preferences.html\" type=\"text/html\"><\/object");
}
</script>
</p>