diff options
| -rw-r--r-- | Makefile | 192 | ||||
| -rw-r--r-- | daemons/Makefile.am | 35 | ||||
| -rwxr-xr-x | daemons/autogen.sh (renamed from autogen.sh) | 6 | ||||
| -rw-r--r-- | daemons/configure.ac | 291 | ||||
| -rw-r--r-- | install/Makefile.am | 50 | ||||
| -rwxr-xr-x | install/autogen.sh | 202 | ||||
| -rw-r--r-- | install/conf/Makefile.am | 15 | ||||
| -rw-r--r-- | install/conf/ipa.conf | 15 | ||||
| -rw-r--r-- | install/configure.ac | 43 | ||||
| -rw-r--r-- | install/html/Makefile.am | 15 | ||||
| -rw-r--r-- | install/tools/Makefile.am | 11 | ||||
| -rwxr-xr-x[-rw-r--r--] | install/tools/ipa-server-install | 51 | ||||
| -rw-r--r-- | install/tools/man/Makefile.am | 2 | ||||
| -rw-r--r-- | install/tools/man/ipa_webgui.8 | 37 | ||||
| -rw-r--r-- | ipa.spec.in | 637 | ||||
| -rw-r--r-- | ipalib/plugins/b_xmlrpc.py | 5 | ||||
| -rw-r--r-- | ipalib/rpc.py | 5 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 2 | ||||
| -rw-r--r--[-rwxr-xr-x] | ipaserver/install/ldapupdate.py | 2 | ||||
| -rwxr-xr-x | ipaserver/mod_python_xmlrpc.py | 1 | ||||
| -rwxr-xr-x | setup.py | 1 |
21 files changed, 1390 insertions, 228 deletions
@@ -1,6 +1,6 @@ include VERSION -SUBDIRS=ipa-server ipa-admintools ipa-python ipa-client ipa-radius-server ipa-radius-admintools +SUBDIRS=daemons install ipa-python ipa-client ipa-radius-server ipa-radius-admintools PRJ_PREFIX=ipa @@ -29,47 +29,31 @@ endif # rc endif # pre endif # ipa_version -SERV_TARBALL_PREFIX=$(PRJ_PREFIX)-server-$(IPA_VERSION) -SERV_TARBALL=$(SERV_TARBALL_PREFIX).tgz - -ADMIN_TARBALL_PREFIX=$(PRJ_PREFIX)-admintools-$(IPA_VERSION) -ADMIN_TARBALL=$(ADMIN_TARBALL_PREFIX).tgz - -PYTHON_TARBALL_PREFIX=$(PRJ_PREFIX)-python-$(IPA_VERSION) -PYTHON_TARBALL=$(PYTHON_TARBALL_PREFIX).tgz - -CLI_TARBALL_PREFIX=$(PRJ_PREFIX)-client-$(IPA_VERSION) -CLI_TARBALL=$(CLI_TARBALL_PREFIX).tgz - -RADIUS_SERVER_TARBALL_PREFIX=$(PRJ_PREFIX)-radius-server-$(IPA_VERSION) -RADIUS_SERVER_TARBALL=$(RADIUS_SERVER_TARBALL_PREFIX).tgz - -RADIUS_ADMINTOOLS_TARBALL_PREFIX=$(PRJ_PREFIX)-radius-admintools-$(IPA_VERSION) -RADIUS_ADMINTOOLS_TARBALL=$(RADIUS_ADMINTOOLS_TARBALL_PREFIX).tgz - -SERV_SELINUX_TARBALL_PREFIX=$(PRJ_PREFIX)-server-selinux-$(IPA_VERSION) -SERV_SELINUX_TARBALL=$(SERV_SELINUX_TARBALL_PREFIX).tgz +TARBALL_PREFIX=freeipa-$(IPA_VERSION) +TARBALL=$(TARBALL_PREFIX).tar.gz IPA_RPM_RELEASE=$(shell cat RELEASE) LIBDIR ?= /usr/lib -all: bootstrap-autogen +all: bootstrap-autogen server @for subdir in $(SUBDIRS); do \ (cd $$subdir && $(MAKE) $@) || exit 1; \ done bootstrap-autogen: version-update @echo "Building IPA $(IPA_VERSION)" - cd ipa-server; if [ ! -e Makefile ]; then ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi + cd daemons; if [ ! -e Makefile ]; then ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi + cd install; if [ ! -e Makefile ]; then ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi cd ipa-client; if [ ! -e Makefile ]; then ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi autogen: version-update @echo "Building IPA $(IPA_VERSION)" - cd ipa-server; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR) + cd daemons; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi + cd install; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi cd ipa-client; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR) -install: all +install: all server-install @for subdir in $(SUBDIRS); do \ (cd $$subdir && $(MAKE) $@) || exit 1; \ done @@ -84,96 +68,50 @@ release-update: version-update: release-update sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \ - ipa-server/ipa-server.spec.in > ipa-server/ipa-server.spec - sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-server/version.m4.in \ - > ipa-server/version.m4 - - sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \ - ipa-admintools/ipa-admintools.spec.in > ipa-admintools/ipa-admintools.spec + ipa.spec.in > ipa.spec + sed -e s/__VERSION__/$(IPA_VERSION)/ version.m4.in \ + > version.m4 - sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \ - ipa-python/ipa-python.spec.in > ipa-python/ipa-python.spec + sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-python/setup.py.in \ + > ipa-python/setup.py + sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-python/version.py.in \ + > ipa-python/version.py + perl -pi -e "s:__NUM_VERSION__:$(IPA_VERSION_MAJOR)$(IPA_VERSION_MINOR)$(IPA_VERSION_RELEASE):" ipa-python/version.py sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \ ipa-client/ipa-client.spec.in > ipa-client/ipa-client.spec sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-client/version.m4.in \ > ipa-client/version.m4 - sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \ - ipa-radius-server/ipa-radius-server.spec.in \ - > ipa-radius-server/ipa-radius-server.spec - - sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \ - ipa-radius-admintools/ipa-radius-admintools.spec.in \ - > ipa-radius-admintools/ipa-radius-admintools.spec +server: + python setup.py build - sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \ - ipa-server/selinux/ipa-server-selinux.spec.in \ - > ipa-server/selinux/ipa-server-selinux.spec - - sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-python/setup.py.in \ - > ipa-python/setup.py - sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-python/version.py.in \ - > ipa-python/version.py - perl -pi -e "s:__NUM_VERSION__:$(IPA_VERSION_MAJOR)$(IPA_VERSION_MINOR)$(IPA_VERSION_RELEASE):" ipa-python/version.py +server-install: server + if [ "$(DESTDIR)" = "" ]; then \ + python setup.py install; \ + else \ + python setup.py install --root $(DESTDIR); \ + fi archive: -mkdir -p dist git archive --format=tar --prefix=ipa/ $(TARGET) | (cd dist && tar xf -) local-archive: - -mkdir -p dist/ipa - @for subdir in $(SUBDIRS); do \ - cp -pr $$subdir dist/ipa/.; \ - done + -mkdir -p dist/$(TARBALL_PREFIX) + rsync -a --exclude=dist --exclude=.git --exclude=build --exclude=rpmbuild . dist/$(TARBALL_PREFIX) archive-cleanup: - rm -fr dist/ipa + rm -fr dist/freeipa -tarballs: +tarballs: local-archive -mkdir -p dist/sources - - # ipa-server - mv dist/ipa/ipa-server dist/$(SERV_TARBALL_PREFIX) - rm -f dist/sources/$(SERV_TARBALL) - cd dist/$(SERV_TARBALL_PREFIX); ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); make distclean - cd dist; tar cfz sources/$(SERV_TARBALL) $(SERV_TARBALL_PREFIX) - rm -fr dist/$(SERV_TARBALL_PREFIX) - - # ipa-admintools - mv dist/ipa/ipa-admintools dist/$(ADMIN_TARBALL_PREFIX) - rm -f dist/sources/$(ADMIN_TARBALL) - cd dist; tar cfz sources/$(ADMIN_TARBALL) $(ADMIN_TARBALL_PREFIX) - rm -fr dist/$(ADMIN_TARBALL_PREFIX) - - # ipa-python - mv dist/ipa/ipa-python dist/$(PYTHON_TARBALL_PREFIX) - rm -f dist/sources/$(PYTHON_TARBALL) - cd dist; tar cfz sources/$(PYTHON_TARBALL) $(PYTHON_TARBALL_PREFIX) - rm -fr dist/$(PYTHON_TARBALL_PREFIX) - - # ipa-client - mv dist/ipa/ipa-client dist/$(CLI_TARBALL_PREFIX) - rm -f dist/sources/$(CLI_TARBALL) - cd dist/$(CLI_TARBALL_PREFIX); ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); make distclean - cd dist; tar cfz sources/$(CLI_TARBALL) $(CLI_TARBALL_PREFIX) - rm -fr dist/$(CLI_TARBALL_PREFIX) - - # ipa-radius-server - mv dist/ipa/ipa-radius-server dist/$(RADIUS_SERVER_TARBALL_PREFIX) - rm -f dist/sources/$(RADIUS_SERVER_TARBALL) - cd dist; tar cfz sources/$(RADIUS_SERVER_TARBALL) $(RADIUS_SERVER_TARBALL_PREFIX) - rm -fr dist/$(RADIUS_SERVER_TARBALL_PREFIX) - - # ipa-radius-admintools - mv dist/ipa/ipa-radius-admintools dist/$(RADIUS_ADMINTOOLS_TARBALL_PREFIX) - rm -f dist/sources/$(RADIUS_ADMINTOOLS_TARBALL) - cd dist; tar cfz sources/$(RADIUS_ADMINTOOLS_TARBALL) $(RADIUS_ADMINTOOLS_TARBALL_PREFIX) - rm -fr dist/$(RADIUS_ADMINTOOLS_TARBALL_PREFIX) - - # ipa-server/selinux - cp dist/sources/$(SERV_TARBALL) dist/sources/$(SERV_SELINUX_TARBALL) - + # tar up clean sources + cd dist/$(TARBALL_PREFIX)/ipa-client; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); make distclean + cd dist/$(TARBALL_PREFIX)/daemons; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); make distclean + cd dist/$(TARBALL_PREFIX)/install; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); make distclean + cd dist; tar cfz sources/$(TARBALL) $(TARBALL_PREFIX) + rm -rf dist/$(TARBALL_PREFIX) rpmroot: mkdir -p $(RPMBUILD)/BUILD @@ -186,49 +124,11 @@ rpmdistdir: mkdir -p dist/rpms mkdir -p dist/srpms -rpm-ipa-server: - cp dist/sources/$(SERV_TARBALL) $(RPMBUILD)/SOURCES/. - rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-server/ipa-server.spec - cp rpmbuild/RPMS/*/$(PRJ_PREFIX)-server-$(IPA_VERSION)-*.rpm dist/rpms/ - cp rpmbuild/SRPMS/$(PRJ_PREFIX)-server-$(IPA_VERSION)-*.src.rpm dist/srpms/ - -rpm-ipa-admin: - cp dist/sources/$(ADMIN_TARBALL) $(RPMBUILD)/SOURCES/. - rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-admintools/ipa-admintools.spec - cp rpmbuild/RPMS/noarch/$(PRJ_PREFIX)-admintools-$(IPA_VERSION)-*.rpm dist/rpms/ - cp rpmbuild/SRPMS/$(PRJ_PREFIX)-admintools-$(IPA_VERSION)-*.src.rpm dist/srpms/ - -rpm-ipa-python: - cp dist/sources/$(PYTHON_TARBALL) $(RPMBUILD)/SOURCES/. - rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-python/ipa-python.spec - cp rpmbuild/RPMS/noarch/$(PRJ_PREFIX)-python-$(IPA_VERSION)-*.rpm dist/rpms/ - cp rpmbuild/SRPMS/$(PRJ_PREFIX)-python-$(IPA_VERSION)-*.src.rpm dist/srpms/ - -rpm-ipa-client: - cp dist/sources/$(CLI_TARBALL) $(RPMBUILD)/SOURCES/. - rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-client/ipa-client.spec - cp rpmbuild/RPMS/*/$(PRJ_PREFIX)-client-$(IPA_VERSION)-*.rpm dist/rpms/ - cp rpmbuild/SRPMS/$(PRJ_PREFIX)-client-$(IPA_VERSION)-*.src.rpm dist/srpms/ - -rpm-ipa-radius-server: - cp dist/sources/$(RADIUS_SERVER_TARBALL) $(RPMBUILD)/SOURCES/. - rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-radius-server/ipa-radius-server.spec - cp rpmbuild/RPMS/noarch/$(PRJ_PREFIX)-radius-server-$(IPA_VERSION)-*.rpm dist/rpms/ - cp rpmbuild/SRPMS/$(PRJ_PREFIX)-radius-server-$(IPA_VERSION)-*.src.rpm dist/srpms/ - -rpm-ipa-radius-admintools: - cp dist/sources/$(RADIUS_ADMINTOOLS_TARBALL) $(RPMBUILD)/SOURCES/. - rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-radius-admintools/ipa-radius-admintools.spec - cp rpmbuild/RPMS/noarch/$(PRJ_PREFIX)-radius-admintools-$(IPA_VERSION)-*.rpm dist/rpms/ - cp rpmbuild/SRPMS/$(PRJ_PREFIX)-radius-admintools-$(IPA_VERSION)-*.src.rpm dist/srpms/ - -rpm-ipa-server-selinux: - cp dist/sources/$(SERV_SELINUX_TARBALL) $(RPMBUILD)/SOURCES/. - rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-server/selinux/ipa-server-selinux.spec - cp rpmbuild/RPMS/*/$(PRJ_PREFIX)-server-selinux-$(IPA_VERSION)-*.rpm dist/rpms/ - cp rpmbuild/SRPMS/$(PRJ_PREFIX)-server-selinux-$(IPA_VERSION)-*.src.rpm dist/srpms/ - -rpms: rpmroot rpmdistdir rpm-ipa-server rpm-ipa-admin rpm-ipa-python rpm-ipa-client rpm-ipa-radius-server rpm-ipa-radius-admintools rpm-ipa-server-selinux +rpms: rpmroot rpmdistdir version-update tarballs + cp dist/sources/$(TARBALL) $(RPMBUILD)/SOURCES/. + rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa.spec + cp rpmbuild/RPMS/*/$(PRJ_PREFIX)-*-$(IPA_VERSION)-*.rpm dist/rpms/ + cp rpmbuild/SRPMS/$(PRJ_PREFIX)-$(IPA_VERSION)-*.src.rpm dist/srpms/ repodata: -createrepo -p dist @@ -248,14 +148,16 @@ distclean: version-update @for subdir in $(SUBDIRS); do \ (cd $$subdir && $(MAKE) $@) || exit 1; \ done - rm -fr rpmbuild dist + rm -fr rpmbuild dist build maintainer-clean: clean - rm -fr rpmbuild dist - cd ipa-server/selinux && $(MAKE) maintainer-clean - cd ipa-server && $(MAKE) maintainer-clean + rm -fr rpmbuild dist build + cd selinux && $(MAKE) maintainer-clean + cd daemons && $(MAKE) maintainer-clean + cd install && $(MAKE) maintainer-clean cd ipa-client && $(MAKE) maintainer-clean cd ipa-python && $(MAKE) maintainer-clean - cd ipa-admintools && $(MAKE) maintainer-clean cd ipa-radius-admintools && $(MAKE) maintainer-clean cd ipa-radius-server && $(MAKE) maintainer-clean + rm -f version.m4 + rm -f ipa.spec diff --git a/daemons/Makefile.am b/daemons/Makefile.am new file mode 100644 index 000000000..9960789a4 --- /dev/null +++ b/daemons/Makefile.am @@ -0,0 +1,35 @@ +# This file will be processed with automake-1.7 to create Makefile.in +# +AUTOMAKE_OPTIONS = 1.7 + +NULL = + +SUBDIRS = \ + ipa-kpasswd \ + ipa-slapi-plugins \ + $(NULL) + +DISTCLEANFILES = \ + $(NULL) + +MAINTAINERCLEANFILES = \ + *~ \ + intltool-*.in \ + compile \ + configure \ + COPYING \ + INSTALL \ + install-sh \ + missing \ + mkinstalldirs \ + config.guess \ + ltmain.sh \ + config.sub \ + depcomp \ + Makefile.in \ + config.h.* \ + aclocal.m4 \ + version.m4 \ + ipa-client.spec \ + py-compile \ + $(NULL) diff --git a/autogen.sh b/daemons/autogen.sh index c95b6dbc6..d0ef1806a 100755 --- a/autogen.sh +++ b/daemons/autogen.sh @@ -179,6 +179,9 @@ do_cmd() { $@ } +# I don't want autotools dictating what files I have +touch NEWS README AUTHORS ChangeLog + do_cmd $LIBTOOLIZE $LIBTOOLIZE_FLAGS do_cmd $ACLOCAL $ACLOCAL_FLAGS @@ -189,6 +192,9 @@ do_cmd $AUTOMAKE $AUTOMAKE_FLAGS do_cmd $AUTOCONF +# I don't want autotools dictating what files I have +touch NEWS README AUTHORS ChangeLog + cd $ORIGDIR || exit 1 rm -f config.cache diff --git a/daemons/configure.ac b/daemons/configure.ac new file mode 100644 index 000000000..5b32c58a3 --- /dev/null +++ b/daemons/configure.ac @@ -0,0 +1,291 @@ +AC_PREREQ(2.59) +m4_include(../version.m4) +AC_INIT([ipa-server], + IPA_VERSION, + [https://hosted.fedoraproject.org/projects/freeipa/newticket]) + +#AC_CONFIG_SRCDIR([ipaserver/ipaldap.py]) +AC_CONFIG_HEADERS([config.h]) + +AM_INIT_AUTOMAKE + +AM_MAINTAINER_MODE +AC_PROG_CC +AC_STDC_HEADERS +AC_DISABLE_STATIC +AC_PROG_LIBTOOL + +AC_HEADER_STDC + +AC_SUBST(VERSION) + +dnl --------------------------------------------------------------------------- +dnl - Check for NSPR +dnl --------------------------------------------------------------------------- +AC_CHECK_HEADER(nspr4/nspr.h) +if test "x$ac_cv_header_nspr4_nspr_h" = "xno" ; then + AC_MSG_ERROR([Required NSPR header not available (nspr-devel)]) +fi + +dnl --------------------------------------------------------------------------- +dnl - Check for NSS +dnl --------------------------------------------------------------------------- +SAVE_CPPFLAGS=$CPPFLAGS +CPPFLAGS="-I/usr/include/nspr4" +AC_CHECK_HEADER(nss3/nss.h) +CPPFLAGS=$SAVE_CPPFLAGS +if test "x$ac_cv_header_nss3_nss_h" = "xno" ; then + AC_MSG_ERROR([Required NSS header not available (nss-devel)]) +fi + +dnl --------------------------------------------------------------------------- +dnl - Check for DS slapi plugin +dnl --------------------------------------------------------------------------- + +# Need to hack CPPFLAGS to be able to correctly detetct slapi-plugin.h +SAVE_CPPFLAGS=$CPPFLAGS +CPPFLAGS="-I/usr/include/nspr4" +AC_CHECK_HEADER(dirsrv/slapi-plugin.h) +CPPFLAGS=$SAVE_CPPFLAGS + +if test "x$ac_cv_header_dirsrv_slapi_plugin_h" = "xno" ; then + AC_MSG_ERROR([Required DS slapi plugin header not available (fedora-ds-base-devel)]) +fi + +dnl --------------------------------------------------------------------------- +dnl - Check for KRB5 +dnl --------------------------------------------------------------------------- + +KRB5_LIBS= +AC_CHECK_HEADER(krb5.h) + +krb5_impl=mit + +if test "x$ac_cv_header_krb5_h" = "xyes" ; then + dnl lazy check for Heimdal Kerberos + AC_CHECK_HEADERS(heim_err.h) + if test $ac_cv_header_heim_err_h = yes ; then + krb5_impl=heimdal + else + krb5_impl=mit + fi + + if test "x$krb5_impl" = "xmit"; then + AC_CHECK_LIB(k5crypto, main, + [krb5crypto=k5crypto], + [krb5crypto=crypto]) + + AC_CHECK_LIB(krb5, main, + [have_krb5=yes + KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"], + [have_krb5=no], + [-l$krb5crypto -lcom_err]) + + elif test "x$krb5_impl" = "xheimdal"; then + AC_CHECK_LIB(des, main, + [krb5crypto=des], + [krb5crypto=crypto]) + + AC_CHECK_LIB(krb5, main, + [have_krb5=yes + KRB5_LIBS="-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err"], + [have_krb5=no], + [-l$krb5crypto -lasn1 -lroken -lcom_err]) + + AC_DEFINE(HAVE_HEIMDAL_KERBEROS, 1, + [define if you have HEIMDAL Kerberos]) + + else + have_krb5=no + AC_MSG_WARN([Unrecognized Kerberos5 Implementation]) + fi + + if test "x$have_krb5" = "xyes" ; then + ol_link_krb5=yes + + AC_DEFINE(HAVE_KRB5, 1, + [define if you have Kerberos V]) + + else + AC_MSG_ERROR([Required Kerberos 5 support not available]) + fi + +fi + +AC_SUBST(KRB5_LIBS) + +dnl --------------------------------------------------------------------------- +dnl - Check for Mozilla LDAP or OpenLDAP SDK +dnl --------------------------------------------------------------------------- + +AC_ARG_WITH(openldap, [ --with-openldap Use OpenLDAP]) + +dnl The mozldap libraries are always needed because ipa-slapi-plugins/dna/ +dnl will not build against OpenLDAP. +SAVE_CPPFLAGS=$CPPFLAGS +CPPFLAGS="-I/usr/include/nspr4 -I/usr/include/nss3" +AC_CHECK_HEADER(svrcore.h) +if test "x$ac_cv_header_svrcore_h" = "xno" ; then + AC_MSG_ERROR([Required svrcore header not available (svrcore-devel)]) +fi +CPPFLAGS=$SAVE_CPPFLAGS +AC_CHECK_HEADER(mozldap/ldap.h) +if test "x$ac_cv_header_mozldap_ldap_h" = "xno" ; then + AC_MSG_ERROR([Required MOZLDAP header not available (mozldap-devel)]) +fi +PKG_CHECK_MODULES(MOZLDAP, mozldap > 6) + +if test x$with_openldap = xyes; then + AC_CHECK_LIB(ldap, ldap_search, with_ldap=yes) + dnl Check for other libraries we need to link with to get the main routines. + test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) } + test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) } + test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) } + dnl Recently, we need -lber even though the main routines are elsewhere, + dnl because otherwise be get link errors w.r.t. ber_pvt_opt_on. So just + dnl check for that (it's a variable not a fun but that doesn't seem to + dnl matter in these checks) and stick in -lber if so. Can't hurt (even to + dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who + dnl #### understands LDAP needs to fix this properly. + test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) } + + if test "$with_ldap" = "yes"; then + if test "$with_ldap_des" = "yes" ; then + LDAP_LIBS="${LDAP_LIBS} -ldes" + fi + if test "$with_ldap_krb" = "yes" ; then + LDAP_LIBS="${LDAP_LIBS} -lkrb" + fi + if test "$with_ldap_lber" = "yes" ; then + LDAP_LIBS="${LDAP_LIBS} -llber" + fi + LDAP_LIBS="${LDAP_LIBS} -lldap" + else + AC_MSG_ERROR([OpenLDAP not found]) + fi + + AC_SUBST(LDAP_LIBS) + + LDAP_CFLAGS="${LDAP_CFLAGS} -DWITH_OPENLDAP" + AC_SUBST(LDAP_CFLAGS) +else + LDAP_LIBS="${MOZLDAP_LIBS}" + AC_SUBST(LDAP_LIBS) + + LDAP_CFLAGS="${LDAP_CFLAGS} -DWITH_MOZLDAP" + AC_SUBST(LDAP_CFLAGS) +fi + +dnl --------------------------------------------------------------------------- +dnl - Check for OpenSSL Crypto library +dnl --------------------------------------------------------------------------- +dnl This is a very simple check, we should probably check also for MD4_Init and +dnl probably also the version we are using is recent enough +SSL_LIBS= +AC_CHECK_LIB(crypto, DES_set_key_unchecked, [SSL_LIBS="-lcrypto"]) +AC_SUBST(SSL_LIBS) + +dnl --------------------------------------------------------------------------- +dnl - Check for Python +dnl --------------------------------------------------------------------------- + +AC_MSG_NOTICE([Checking for Python]) +have_python=no +AM_PATH_PYTHON(2.3) + +if test "x$PYTHON" = "x" ; then + AC_MSG_ERROR([Python not found]) +fi + +dnl --------------------------------------------------------------------------- +dnl - Set the data install directory since we don't use pkgdatadir +dnl --------------------------------------------------------------------------- + +IPA_DATA_DIR="$datadir/ipa" +AC_SUBST(IPA_DATA_DIR) + +dnl --------------------------------------------------------------------------- +dnl Finish +dnl --------------------------------------------------------------------------- + +# Turn on the additional warnings last, so -Werror doesn't affect other tests. + +AC_ARG_ENABLE(more-warnings, + [AC_HELP_STRING([--enable-more-warnings], + [Maximum compiler warnings])], + set_more_warnings="$enableval",[ + if test -d $srcdir/../.hg; then + set_more_warnings=yes + else + set_more_warnings=no + fi + ]) +AC_MSG_CHECKING(for more warnings) +if test "$GCC" = "yes" -a "$set_more_warnings" != "no"; then + AC_MSG_RESULT(yes) + CFLAGS="\ + -Wall \ + -Wchar-subscripts -Wmissing-declarations -Wmissing-prototypes \ + -Wnested-externs -Wpointer-arith \ + -Wcast-align -Wsign-compare \ + $CFLAGS" + + for option in -Wno-strict-aliasing -Wno-sign-compare; do + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $option" + AC_MSG_CHECKING([whether gcc understands $option]) + AC_TRY_COMPILE([], [], + has_option=yes, + has_option=no,) + if test $has_option = no; then + CFLAGS="$SAVE_CFLAGS" + fi + AC_MSG_RESULT($has_option) + unset has_option + unset SAVE_CFLAGS + done + unset option +else + AC_MSG_RESULT(no) +fi + +# Flags + +AC_SUBST(CFLAGS) +AC_SUBST(CPPFLAGS) +AC_SUBST(LDFLAGS) + +# Files + +AC_CONFIG_FILES([ + Makefile + ipa-kpasswd/Makefile + ipa-slapi-plugins/Makefile + ipa-slapi-plugins/dna/Makefile + ipa-slapi-plugins/ipa-memberof/Makefile + ipa-slapi-plugins/ipa-pwd-extop/Makefile + ipa-slapi-plugins/ipa-winsync/Makefile +]) + +AC_OUTPUT + +echo " + IPA Server $VERSION + ======================== + + prefix: ${prefix} + exec_prefix: ${exec_prefix} + libdir: ${libdir} + bindir: ${bindir} + sbindir: ${sbindir} + sysconfdir: ${sysconfdir} + localstatedir: ${localstatedir} + datadir: ${datadir} + source code location: ${srcdir} + compiler: ${CC} + cflags: ${CFLAGS} + LDAP libs: ${LDAP_LIBS} + KRB5 libs: ${KRB5_LIBS} + OpenSSL libs: ${SSL_LIBS} + Maintainer mode: ${USE_MAINTAINER_MODE} +" diff --git a/install/Makefile.am b/install/Makefile.am new file mode 100644 index 000000000..e57818cdc --- /dev/null +++ b/install/Makefile.am @@ -0,0 +1,50 @@ +# This file will be processed with automake-1.7 to create Makefile.in +# +AUTOMAKE_OPTIONS = 1.7 + +NULL = + +SUBDIRS = \ + conf \ + html \ + share \ + tools \ + updates \ + $(NULL) + +install-exec-local: + mkdir -p $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore + chmod 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore + mkdir -p $(DESTDIR)$(localstatedir)/cache/ipa/sessions + chmod 700 $(DESTDIR)$(localstatedir)/cache/ipa/sessions + +uninstall-local: + -rmdir $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore + -rmdir $(DESTDIR)$(localstatedir)/lib/ipa + -rmdir $(DESTDIR)$(localstatedir)/cache/ipa/sessions + -rmdir $(DESTDIR)$(localstatedir)/cache/ipa + +DISTCLEANFILES = \ + $(NULL) + +MAINTAINERCLEANFILES = \ + *~ \ + intltool-*.in \ + compile \ + configure \ + COPYING \ + INSTALL \ + install-sh \ + missing \ + mkinstalldirs \ + config.guess \ + ltmain.sh \ + config.sub \ + depcomp \ + Makefile.in \ + config.h.* \ + aclocal.m4 \ + version.m4 \ + ipa-client.spec \ + py-compile \ + $(NULL) diff --git a/install/autogen.sh b/install/autogen.sh new file mode 100755 index 000000000..d0ef1806a --- /dev/null +++ b/install/autogen.sh @@ -0,0 +1,202 @@ +#!/bin/sh +# Run this to generate all the initial makefiles, etc. +set -e + +PACKAGE=freeipa-server + +LIBTOOLIZE=${LIBTOOLIZE-libtoolize} +LIBTOOLIZE_FLAGS="--copy --force" +AUTOHEADER=${AUTOHEADER-autoheader} +AUTOMAKE_FLAGS="--add-missing --gnu" +AUTOCONF=${AUTOCONF-autoconf} + +# automake 1.8 requires autoconf 2.58 +# automake 1.7 requires autoconf 2.54 +automake_min_vers=1.7 +aclocal_min_vers=$automake_min_vers +autoconf_min_vers=2.54 +libtoolize_min_vers=1.4 + +# The awk-based string->number conversion we use needs a C locale to work +# as expected. Setting LC_ALL overrides whether the user set LC_ALL, +# LC_NUMERIC, or LANG. +LC_ALL=C + +ARGV0=$0 + +# Allow invocation from a separate build directory; in that case, we change +# to the source directory to run the auto*, then change back before running configure +srcdir=`dirname $ARGV0` +test -z "$srcdir" && srcdir=. + +ORIGDIR=`pwd` + +cd $srcdir + +# Usage: +# compare_versions MIN_VERSION ACTUAL_VERSION +# returns true if ACTUAL_VERSION >= MIN_VERSION +compare_versions() { + ch_min_version=$1 + ch_actual_version=$2 + ch_status=0 + IFS="${IFS= }"; ch_save_IFS="$IFS"; IFS="." + set $ch_actual_version + for ch_min in $ch_min_version; do + ch_cur=`echo $1 | sed 's/[^0-9].*$//'`; shift # remove letter suffixes + if [ -z "$ch_min" ]; then break; fi + if [ -z "$ch_cur" ]; then ch_status=1; break; fi + if [ $ch_cur -gt $ch_min ]; then break; fi + if [ $ch_cur -lt $ch_min ]; then ch_status=1; break; fi + done + IFS="$ch_save_IFS" + return $ch_status +} + +if ($AUTOCONF --version) < /dev/null > /dev/null 2>&1 ; then + if ($AUTOCONF --version | head -n 1 | awk 'NR==1 { if( $(NF) >= '$autoconf_min_vers') \ + exit 1; exit 0; }'); + then + echo "$ARGV0: ERROR: \`$AUTOCONF' is too old." + $AUTOCONF --version + echo " (version $autoconf_min_vers or newer is required)" + DIE="yes" + fi +else + echo $AUTOCONF: command not found + echo + echo "$ARGV0: ERROR: You must have \`autoconf' installed to compile $PACKAGE." + echo " (version $autoconf_min_vers or newer is required)" + DIE="yes" +fi + +# +# Hunt for an appropriate version of automake and aclocal; we can't +# assume that 'automake' is necessarily the most recent installed version +# +# We check automake first to allow it to be a newer version than we know about. +# +if test x"$AUTOMAKE" = x || test x"$ACLOCAL" = x ; then + am_ver="" + for ver in "" "-1.9" "-1.8" "-1.7" ; do + am="automake$ver" + if ($am --version) < /dev/null > /dev/null 2>&1 ; then + if ($am --version | head -n 1 | awk 'NR==1 { if( $(NF) >= '$automake_min_vers') \ + exit 1; exit 0; }'); then : ; else + am_ver=$ver + break; + fi + fi + done + + AUTOMAKE=${AUTOMAKE-automake$am_ver} + ACLOCAL=${ACLOCAL-aclocal$am_ver} +fi + +# +# Now repeat the tests with the copies we decided upon and error out if they +# aren't sufficiently new. +# +if ($AUTOMAKE --version) < /dev/null > /dev/null 2>&1 ; then + automake_actual_version=`$AUTOMAKE --version | head -n 1 | \ + sed 's/^.*[ ]\([0-9.]*[a-z]*\).*$/\1/'` + if ! compare_versions $automake_min_vers $automake_actual_version; then + echo "$ARGV0: ERROR: \`$AUTOMAKE' is too old." + $AUTOMAKE --version + echo " (version $automake_min_vers or newer is required)" + DIE="yes" + fi + if ($ACLOCAL --version) < /dev/null > /dev/null 2>&1; then + aclocal_actual_version=`$ACLOCAL --version | head -n 1 | \ + sed 's/^.*[ ]\([0-9.]*[a-z]*\).*$/\1/'` + + if ! compare_versions $aclocal_min_vers $aclocal_actual_version; then + echo "$ARGV0: ERROR: \`$ACLOCAL' is too old." + $ACLOCAL --version + echo " (version $aclocal_min_vers or newer is required)" + DIE="yes" + fi + else + echo $ACLOCAL: command not found + echo + echo "$ARGV0: ERROR: Missing \`$ACLOCAL'" + echo " The version of $AUTOMAKE installed doesn't appear recent enough." + DIE="yes" + fi +else + echo $AUTOMAKE: command not found + echo + echo "$ARGV0: ERROR: You must have \`automake' installed to compile $PACKAGE." + echo " (version $automake_min_vers or newer is required)" + DIE="yes" +fi + +if ($LIBTOOLIZE --version) < /dev/null > /dev/null 2>&1 ; then + if ($LIBTOOLIZE --version | awk 'NR==1 { if( $4 >= '$libtoolize_min_vers') \ + exit 1; exit 0; }'); + then + echo "$ARGV0: ERROR: \`$LIBTOOLIZE' is too old." + echo " (version $libtoolize_min_vers or newer is required)" + DIE="yes" + fi +else + echo $LIBTOOLIZE: command not found + echo + echo "$ARGV0: ERROR: You must have \`libtoolize' installed to compile $PACKAGE." + echo " (version $libtoolize_min_vers or newer is required)" + DIE="yes" +fi + +if test -z "$ACLOCAL_FLAGS"; then + acdir=`$ACLOCAL --print-ac-dir` + if [ ! -f $acdir/pkg.m4 ]; then + echo "$ARGV0: Error: Could not find pkg-config macros." + echo " (Looked in $acdir/pkg.m4)" + echo " If pkg.m4 is available in /another/directory, please set" + echo " ACLOCAL_FLAGS=\"-I /another/directory\"" + echo " Otherwise, please install pkg-config." + echo "" + echo "pkg-config is available from:" + echo "http://www.freedesktop.org/software/pkgconfig/" + DIE=yes + fi +fi + +if test "X$DIE" != X; then + exit 1 +fi + + +if test -z "$*"; then + echo "$ARGV0: Note: \`./configure' will be run with no arguments." + echo " If you wish to pass any to it, please specify them on the" + echo " \`$0' command line." + echo +fi + +do_cmd() { + echo "$ARGV0: running \`$@'" + $@ +} + +# I don't want autotools dictating what files I have +touch NEWS README AUTHORS ChangeLog + +do_cmd $LIBTOOLIZE $LIBTOOLIZE_FLAGS + +do_cmd $ACLOCAL $ACLOCAL_FLAGS + +do_cmd $AUTOHEADER + +do_cmd $AUTOMAKE $AUTOMAKE_FLAGS + +do_cmd $AUTOCONF + +# I don't want autotools dictating what files I have +touch NEWS README AUTHORS ChangeLog + +cd $ORIGDIR || exit 1 + +rm -f config.cache + +do_cmd $srcdir/configure --cache-file=config.cache --disable-static --enable-maintainer-mode --enable-gtk-doc ${1+"$@"} && echo "Now type \`make' to compile" || exit 1 diff --git a/install/conf/Makefile.am b/install/conf/Makefile.am new file mode 100644 index 000000000..e00ad618f --- /dev/null +++ b/install/conf/Makefile.am @@ -0,0 +1,15 @@ +NULL = + +appdir = $(IPA_DATA_DIR) +app_DATA = \ + ipa.conf \ + ipa-rewrite.conf \ + $(NULL) + +EXTRA_DIST = \ + $(app_DATA) \ + $(NULL) + +MAINTAINERCLEANFILES = \ + *~ \ + Makefile.in diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 85b4543af..9656fdf35 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -4,6 +4,7 @@ # LoadModule auth_kerb_module modules/mod_auth_kerb.so ProxyRequests Off +PythonImport ipaserver main_interpreter # ipa-rewrite.conf is loaded separately @@ -34,16 +35,13 @@ AddType application/java-archive jar ProxyPass /ipa/ui http://localhost:8080/ipa/ui ProxyPassReverse /ipa/ui http://localhost:8080/ipa/ui -# Configure the XML-RPC service -Alias /ipa/xml "/usr/share/ipa/ipaserver/XMLRPC" - # This is where we redirect on failed auth Alias /ipa/errors "/usr/share/ipa/html" # For the MIT Windows config files Alias /ipa/config "/usr/share/ipa/html" -<Directory "/usr/share/ipa/ipaserver"> +<Location "/ipa/xml"> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on @@ -55,16 +53,17 @@ Alias /ipa/config "/usr/share/ipa/html" Require valid-user ErrorDocument 401 /ipa/errors/unauthorized.html - SetHandler mod_python - PythonHandler ipaxmlrpc - + SetHandler python-program + PythonInterpreter main_interpreter + PythonHandler ipaserver::xmlrpc + PythonDebug Off PythonOption IPADebug Off # this is pointless to use since it would just reload ipaxmlrpc.py PythonAutoReload Off -</Directory> +</Location> # Do no authentication on the directory that contains error messages <Directory "/usr/share/ipa/html"> diff --git a/install/configure.ac b/install/configure.ac new file mode 100644 index 000000000..7f96812f0 --- /dev/null +++ b/install/configure.ac @@ -0,0 +1,43 @@ +AC_PREREQ(2.59) +m4_include(../version.m4) +AC_INIT([ipa-server], + IPA_VERSION, + [https://hosted.fedoraproject.org/projects/freeipa/newticket]) + +#AC_CONFIG_SRCDIR([ipaserver/ipaldap.py]) +AC_CONFIG_HEADERS([config.h]) + +AM_INIT_AUTOMAKE + +AM_MAINTAINER_MODE +#AC_PROG_CC +#AC_STDC_HEADERS +#AC_DISABLE_STATIC +#AC_PROG_LIBTOOL + +#AC_HEADER_STDC + +AC_SUBST(VERSION) + +dnl --------------------------------------------------------------------------- +dnl - Set the data install directory since we don't use pkgdatadir +dnl --------------------------------------------------------------------------- + +IPA_DATA_DIR="$datadir/ipa" +IPA_SYSCONF_DIR="$sysconfdir/ipa" +AC_SUBST(IPA_DATA_DIR) +AC_SUBST(IPA_SYSCONF_DIR) + +# Files + +AC_CONFIG_FILES([ + Makefile + conf/Makefile + html/Makefile + share/Makefile + tools/Makefile + tools/man/Makefile + updates/Makefile +]) + +AC_OUTPUT diff --git a/install/html/Makefile.am b/install/html/Makefile.am new file mode 100644 index 000000000..df2e9a5e7 --- /dev/null +++ b/install/html/Makefile.am @@ -0,0 +1,15 @@ +NULL = + +appdir = $(IPA_SYSCONF_DIR)/html +app_DATA = \ + ssbrowser.html \ + unauthorized.html \ + $(NULL) + +EXTRA_DIST = \ + $(app_DATA) \ + $(NULL) + +MAINTAINERCLEANFILES = \ + *~ \ + Makefile.in diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am index 3f5661754..750ab6417 100644 --- a/install/tools/Makefile.am +++ b/install/tools/Makefile.am @@ -1,9 +1,8 @@ NULL = -SUBDIRS = \ - share \ - updates \ - $(NULL) +SUBDIRS = \ + man \ + $(NULL) sbin_SCRIPTS = \ ipa-server-install \ @@ -12,6 +11,10 @@ sbin_SCRIPTS = \ ipa-replica-manage \ ipa-server-certinstall \ ipactl \ + ipa-compat-manage \ + ipa-fix-CVE-2008-3274 \ + ipa-ldap-updater \ + ipa-upgradeconfig \ $(NULL) EXTRA_DIST = \ diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index c9d5c5bf3..70e74ac51 100644..100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -37,15 +37,15 @@ import glob import traceback from optparse import OptionParser -import ipaserver.dsinstance -import ipaserver.krbinstance -import ipaserver.bindinstance -import ipaserver.httpinstance -import ipaserver.ntpinstance +from ipaserver.install import dsinstance +from ipaserver.install import krbinstance +from ipaserver.install import bindinstance +from ipaserver.install import httpinstance +from ipaserver.install import ntpinstance -from ipaserver import service +from ipaserver.install import service from ipa import version -from ipaserver.installutils import * +from ipaserver.install.installutils import * from ipa import sysrestore from ipa.ipautil import * @@ -119,7 +119,7 @@ def signal_handler(signum, frame): print "Removing configuration for %s instance" % ds.serverid ds.stop() if ds.serverid: - ipaserver.dsinstance.erase_ds_instance_data (ds.serverid) + dsinstance.erase_ds_instance_data (ds.serverid) sys.exit(1) def read_host_name(host_default,no_host_dns=False): @@ -269,7 +269,7 @@ def read_admin_password(): return admin_password def check_dirsrv(unattended): - serverids = ipaserver.dsinstance.check_existing_installation() + serverids = dsinstance.check_existing_installation() if serverids: print "" print "An existing Directory Server has been detected." @@ -285,9 +285,9 @@ def check_dirsrv(unattended): pass for serverid in serverids: - ipaserver.dsinstance.erase_ds_instance_data(serverid) + dsinstance.erase_ds_instance_data(serverid) - (ds_unsecure, ds_secure) = ipaserver.dsinstance.check_ports() + (ds_unsecure, ds_secure) = dsinstance.check_ports() if not ds_unsecure or not ds_secure: print "IPA requires ports 389 and 636 for the Directory Server." print "These are currently in use:" @@ -305,12 +305,11 @@ def uninstall(): print "ipa-client-install returned: " + str(e) pass - ipaserver.ntpinstance.NTPInstance(fstore).uninstall() - ipaserver.bindinstance.BindInstance(fstore).uninstall() - ipaserver.httpinstance.WebGuiInstance().uninstall() - ipaserver.httpinstance.HTTPInstance(fstore).uninstall() - ipaserver.krbinstance.KrbInstance(fstore).uninstall() - ipaserver.dsinstance.DsInstance().uninstall() + ntpinstance.NTPInstance(fstore).uninstall() + bindinstance.BindInstance(fstore).uninstall() + httpinstance.HTTPInstance(fstore).uninstall() + krbinstance.KrbInstance(fstore).uninstall() + dsinstance.DsInstance().uninstall() fstore.restore_all_files() return 0 @@ -487,7 +486,7 @@ def main(): # Configure ntpd if options.conf_ntp: - ntp = ipaserver.ntpinstance.NTPInstance(fstore) + ntp = ntpinstance.NTPInstance(fstore) ntp.create_instance() if options.dirsrv_pin: @@ -496,7 +495,7 @@ def main(): os.close(pw_fd) # Create a directory server instance - ds = ipaserver.dsinstance.DsInstance() + ds = dsinstance.DsInstance() if options.dirsrv_pkcs12: pkcs12_info = (options.dirsrv_pkcs12, pw_name) ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info) @@ -505,7 +504,7 @@ def main(): ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password) # Create a kerberos instance - krb = ipaserver.krbinstance.KrbInstance(fstore) + krb = krbinstance.KrbInstance(fstore) krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password) # Create a HTTP instance @@ -515,7 +514,7 @@ def main(): os.write(pw_fd, options.http_pin) os.close(pw_fd) - http = ipaserver.httpinstance.HTTPInstance(fstore) + http = httpinstance.HTTPInstance(fstore) if options.http_pkcs12: pkcs12_info = (options.http_pkcs12, pw_name) http.create_instance(realm_name, host_name, domain_name, autoconfig=False, pkcs12_info=pkcs12_info) @@ -532,11 +531,7 @@ def main(): fd.write("domain=" + domain_name + "\n") fd.close() - # Create a Web Gui instance - webgui = ipaserver.httpinstance.WebGuiInstance() - webgui.create_instance() - - bind = ipaserver.bindinstance.BindInstance(fstore) + bind = bindinstance.BindInstance(fstore) bind.setup(host_name, ip_address, realm_name, domain_name) if options.setup_bind: bind.create_instance() @@ -594,8 +589,8 @@ def main(): print "" if not options.dirsrv_pkcs12: - print "Be sure to back up the CA certificate stored in " + ipaserver.dsinstance.config_dirname(ds.serverid) + "cacert.p12" - print "The password for this file is in " + ipaserver.dsinstance.config_dirname(ds.serverid) + "pwdfile.txt" + print "Be sure to back up the CA certificate stored in " + dsinstance.config_dirname(ds.serverid) + "cacert.p12" + print "The password for this file is in " + dsinstance.config_dirname(ds.serverid) + "pwdfile.txt" else: print "In order for Firefox autoconfiguration to work you will need to" print "use a SSL signing certificate. See the IPA documentation for more details." diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am index 244b06b8d..b2c3fa360 100644 --- a/install/tools/man/Makefile.am +++ b/install/tools/man/Makefile.am @@ -16,7 +16,7 @@ man1_MANS = \ man8_MANS = \ ipactl.8 \ ipa_kpasswd.8 \ - ipa_webgui.8 + $(NULL) install-data-hook: @for i in $(man1_MANS) ; do gzip -f $(DESTDIR)$(man1dir)/$$i ; done diff --git a/install/tools/man/ipa_webgui.8 b/install/tools/man/ipa_webgui.8 deleted file mode 100644 index 20545363f..000000000 --- a/install/tools/man/ipa_webgui.8 +++ /dev/null @@ -1,37 +0,0 @@ -.\" A man page for ipa_webgui -.\" Copyright (C) 2008 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa_webgui" "8" "Mar 14 2008" "freeipa" "" -.SH "NAME" -ipa_webgui \- Start the IPA Web User Interface -.SH "SYNOPSIS" -ipa_webgui [\fIOPTION\fR]... - -.SH "DESCRIPTION" -Used to start the TurboGears web user interface for IPA -.SH "OPTIONS" -.TP -\fB\-f\fR, \fB\-\-foreground\fR -Remain in the foreground instead of becoming a daemon. -.TP -\fB\-d\fR, \fB\-\-debug\fR -.TP -Increase the amount of logging and print it to stdout instead of logging to /var/log/ipa_error.log - -.SH "EXIT STATUS" -1 if an error occurred diff --git a/ipa.spec.in b/ipa.spec.in new file mode 100644 index 000000000..400cf67ef --- /dev/null +++ b/ipa.spec.in @@ -0,0 +1,637 @@ +%define httpd_conf /etc/httpd/conf.d +%define plugin_dir %{_libdir}/dirsrv/plugins +%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} +%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} +%define POLICYCOREUTILSVER 1.33.12-1 + +Name: ipa +Version: __VERSION__ +Release: __RELEASE__%{?dist} +Summary: The Identity, Policy and Audit system + +Group: System Environment/Base +License: GPLv2 +URL: http://www.freeipa.org/ +Source0: freeipa-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: fedora-ds-base-devel >= 1.1.3 +BuildRequires: mozldap-devel +BuildRequires: svrcore-devel +BuildRequires: nspr-devel +BuildRequires: openssl-devel +BuildRequires: openldap-devel +BuildRequires: e2fsprogs-devel +BuildRequires: krb5-devel +BuildRequires: nss-devel +BuildRequires: libcap-devel +BuildRequires: python-devel +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: popt-devel +BuildRequires: /usr/share/selinux/devel/Makefile +BuildRequires: m4 +BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER} +BuildRequires: TurboGears + +%description +IPA is an integrated solution to provide centrally managed Identity (machine, +user, virtual machines, groups, authentication credentials), Policy +(configuration settings, access control information) and Audit (events, +logs, analysis thereof). + +%package server +Summary: The IPA authentication server +Group: System Environment/Base +Requires: %{name}-python = %{version}-%{release} +Requires: %{name}-client = %{version}-%{release} +Requires: %{name}-admintools = %{version}-%{release} +Requires(post): %{name}-server-selinux = %{version}-%{release} +Requires: fedora-ds-base >= 1.1.3 +Requires: openldap-clients +Requires: nss +Requires: nss-tools +%{?fc8:Requires: krb5-server >= 1.6.2-11} +%if 0%{?fedora} >= 9 +Requires: krb5-server +%endif +Requires: krb5-server-ldap +Requires: cyrus-sasl-gssapi +Requires: ntp +Requires: httpd +Requires: mod_python +Requires: mod_auth_kerb +%{?fc8:Requires: mod_nss >= 1.0.7-2} +%{?fc9:Requires: mod_nss >= 1.0.7-5} +%{?fc10:Requires: mod_nss >= 1.0.7-4} +%if 0%{?fedora} >= 10 +Requires: mod_nss +%endif +Requires: python-ldap +Requires: python-krbV +Requires: TurboGears +Requires: python-tgexpandingformwidget +Requires: acl +Requires: python-pyasn1 +Requires: libcap +%{?fc8:Requires: selinux-policy >= 3.0.8-117} +%{?fc9:Requires: selinux-policy >= 3.3.1-99} +%{?fc10:Requires: selinux-policy >= 3.5.13-11} +%if 0%{?fedora} >= 10 +Requires: selinux-policy +%endif +Requires(post): selinux-policy-base +Requires: slapi-nis +Conflicts: mod_ssl + +%description server +IPA is an integrated solution to provide centrally managed Identity (machine, +user, virtual machines, groups, authentication credentials), Policy +(configuration settings, access control information) and Audit (events, +logs, analysis thereof). If you are installing an IPA server you need +to install this package (in other words, most people should NOT install +this package). + + +%package server-selinux +Summary: SELinux rules for ipa-server daemons +Group: System Environment/Base +Requires: %{name}-server = %{version}-%{release} +Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} libsemanage + +%description server-selinux +IPA is an integrated solution to provide centrally managed Identity (machine, +user, virtual machines, groups, authentication credentials), Policy +(configuration settings, access control information) and Audit (events, +logs, analysis thereof). This package provides SELinux rules for the +daemons included in ipa-server + + +%package client +Summary: IPA authentication for use on clients +Group: System Environment/Base +Requires: %{name}-python = %{version}-%{release} +Requires: python-ldap +Requires: python-krbV +Requires: cyrus-sasl-gssapi +Requires: ntp +Requires: krb5-workstation +Requires: krb5-libs +Requires: authconfig +Requires: pam_krb5 +Requires: nss_ldap + +%description client +IPA is an integrated solution to provide centrally managed Identity (machine, +user, virtual machines, groups, authentication credentials), Policy +(configuration settings, access control information) and Audit (events, +logs, analysis thereof). If your network uses IPA for authentication, +this package should be installed on every client machine. + + +%package admintools +Summary: IPA administrative tools +Group: System Environment/Base +Requires: %{name}-python = %{version}-%{release} +Requires: python-krbV +Requires: python-ldap +Requires: python-configobj + +%description admintools +IPA is an integrated solution to provide centrally managed Identity (machine, +user, virtual machines, groups, authentication credentials), Policy +(configuration settings, access control information) and Audit (events, +logs, analysis thereof). This package provides command-line tools for +IPA administrators. + +%package python +Summary: Python libraries used by IPA +Group: System Environment/Libraries +%{?fc8:Requires: python-kerberos >= 1.0} +%if 0%{?fedora} >= 9 +Requires: python-kerberos >= 1.1-3 +%endif +Requires: authconfig +Requires: gnupg + +%description python +IPA is an integrated solution to provide centrally managed Identity (machine, +user, virtual machines, groups, authentication credentials), Policy +(configuration settings, access control information) and Audit (events, +logs, analysis thereof). If you are using IPA you need to install this +package. + +%package radius-server +Summary: IPA authentication server - radius plugin +Group: System Environment/Base +Requires: freeradius +Requires: freeradius-ldap +Requires: %{name}-python = %{version}-%{release} + +%description radius-server +IPA is an integrated solution to provide centrally managed Identity (machine, +user, virtual machines, groups, authentication credentials), Policy +(configuration settings, access control information) and Audit (events, +logs, analysis thereof). This plugin enables radius support. + +%package radius-admintools +Summary: IPA authentication server - radius administration tools +Group: System Environment/Base +Requires: %{name}-python = %{version}-%{release} +Requires: %{name}-admintools = %{version}-%{release} +Requires: python-krbV + +%description radius-admintools +IPA is an integrated solution to provide centrally managed Identity (machine, +user, virtual machines, groups, authentication credentials), Policy +(configuration settings, access control information) and Audit (events, +logs, analysis thereof). This package provides command-line tools for +administering radius authentication settings in IPA. + + +%prep +%setup -n freeipa-%{version} -q + +%build +export CFLAGS="$CFLAGS %{optflags}" +export CPPFLAGS="$CPPFLAGS %{optflags}" +make version-update +cd ipa-client; ./autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd .. +cd daemons; ./autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd .. +cd install; ./autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd .. + +make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} version-update all +cd selinux +# This isn't multi-process make capable yet +make all + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} +cd selinux +make install DESTDIR=%{buildroot} + +# Remove .la files from libtool - we don't want to package +# these files +rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la +rm %{buildroot}/%{plugin_dir}/libipa-memberof-plugin.la +rm %{buildroot}/%{plugin_dir}/libipa-dna-plugin.la +rm %{buildroot}/%{plugin_dir}/libipa_winsync.la + +# Some user-modifiable HTML files are provided. Move these to /etc +# and link back. +mkdir -p %{buildroot}/%{_sysconfdir}/ipa/html +mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysrestore +mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore +#mv %{buildroot}/%{_usr}/share/ipa/html/ssbrowser.html %{buildroot}/%{_sysconfdir}/ipa/html +#mv %{buildroot}/%{_usr}/share/ipa/html/unauthorized.html %{buildroot}/%{_sysconfdir}/ipa/html +mkdir %{buildroot}%{_usr}/share/ipa/html/ +ln -s ../../../..%{_sysconfdir}/ipa/html/ssbrowser.html \ + %{buildroot}%{_usr}/share/ipa/html/ssbrowser.html +ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \ + %{buildroot}%{_usr}/share/ipa/html/unauthorized.html +ln -s ../../../..%{python_sitelib}/ipaserver/mod_python_xmlrpc.py \ + %{buildroot}%{_usr}/share/ipa/ipaserver/mod_python_xmlrpc.py + +%clean +rm -rf %{buildroot} + +%post server +if [ $1 = 1 ]; then + /sbin/chkconfig --add ipa_kpasswd +fi +if [ -e /usr/share/ipa/serial ]; then + mv /usr/share/ipa/serial /var/lib/ipa/ca_serialno +fi +/bin/touch /var/log/ipa_error.log +/bin/chown apache /var/log/ipa_error.log +/bin/chmod 600 /var/log/ipa_error.log +restorecon /var/log/ipa_error.log +/usr/sbin/ipa-upgradeconfig || : +if [ -e /etc/httpd/conf.d/ipa.conf ]; then + echo "" + echo "Run /usr/sbin/ipa-ldap-updater to complete the upgrade process." + echo "" +fi + +%preun server +if [ $1 = 0 ]; then + /sbin/chkconfig --del ipa_kpasswd + /sbin/service ipa_kpasswd stop >/dev/null 2>&1 || : +fi + +%postun server +if [ "$1" -ge "1" ]; then + /sbin/service ipa_kpasswd condrestart >/dev/null 2>&1 || : + /sbin/service httpd condrestart >/dev/null 2>&1 || : + /sbin/service dirsrv condrestart >/dev/null 2>&1 || : +fi + +%pre server-selinux +if [ -s /etc/selinux/config ]; then + . %{_sysconfdir}/selinux/config + FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts + if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \ + cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name} + fi +fi + +%post server-selinux +semodule -s targeted -i /usr/share/selinux/targeted/ipa_webgui.pp /usr/share/selinux/targeted/ipa_kpasswd.pp +. %{_sysconfdir}/selinux/config +FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts +selinuxenabled +if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then + fixfiles -C ${FILE_CONTEXT}.%{name} restore + rm -f ${FILE_CONTEXT}.%name +fi + +%preun server-selinux +if [ $1 = 0 ]; then +if [ -s /etc/selinux/config ]; then + . %{_sysconfdir}/selinux/config + FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts + if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \ + cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name} + fi +fi +fi + +%postun server-selinux +if [ $1 = 0 ]; then +semodule -s targeted -r ipa_webgui ipa_kpasswd +. %{_sysconfdir}/selinux/config +FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts +selinuxenabled +if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then + fixfiles -C ${FILE_CONTEXT}.%{name} restore + rm -f ${FILE_CONTEXT}.%name +fi +fi + + +%files server +%doc LICENSE README +%defattr(-,root,root,-) +%{_sbindir}/ipa-server-install +%{_sbindir}/ipa-replica-install +%{_sbindir}/ipa-replica-prepare +%{_sbindir}/ipa-replica-manage +%{_sbindir}/ipa-server-certinstall +%{_sbindir}/ipa_kpasswd +%{_sbindir}/ipactl +%{_sbindir}/ipa-upgradeconfig +%attr(755,root,root) %{_initrddir}/ipa_kpasswd +%{_bindir}/ipa +%{python_sitelib}/ipalib/* +%{python_sitelib}/ipaserver/* +%{python_sitelib}/ipawebui/* +%{python_sitelib}/*.egg-info +%dir %{_usr}/share/ipa +%{_usr}/share/ipa/*.ldif +%{_usr}/share/ipa/*.uldif +%{_usr}/share/ipa/*.template +%dir %{_usr}/share/ipa/html +%{_usr}/share/ipa/html/ssbrowser.html +%{_usr}/share/ipa/html/unauthorized.html +%dir %{_sysconfdir}/ipa +%dir %{_sysconfdir}/ipa/html +%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html +%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html +%{_usr}/share/ipa/ipa.conf +%{_usr}/share/ipa/ipa-rewrite.conf +%dir %{_usr}/share/ipa/ipaserver +%{_usr}/share/ipa/ipaserver/* +%dir %{_usr}/share/ipa/updates/ +%{_usr}/share/ipa/updates/* +%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so +%attr(755,root,root) %{plugin_dir}/libipa-memberof-plugin.so +%attr(755,root,root) %{plugin_dir}/libipa-dna-plugin.so +%attr(755,root,root) %{plugin_dir}/libipa_winsync.so +%dir %{_localstatedir}/lib/ipa +%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore +%dir %{_localstatedir}/cache/ipa +%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions +%attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd +%{_mandir}/man1/ipa-replica-install.1.gz +%{_mandir}/man1/ipa-replica-manage.1.gz +%{_mandir}/man1/ipa-replica-prepare.1.gz +%{_mandir}/man1/ipa-server-certinstall.1.gz +%{_mandir}/man1/ipa-server-install.1.gz +%{_mandir}/man8/ipa_kpasswd.8.gz +%{_mandir}/man8/ipactl.8.gz +%{_mandir}/man1/ipa-compat-manage.1.gz +%{_mandir}/man1/ipa-ldap-updater.1.gz + +%files server-selinux +%{_usr}/share/selinux/targeted/ipa_webgui.pp +%{_usr}/share/selinux/targeted/ipa_kpasswd.pp + +%files client +%doc LICENSE README +%{_sbindir}/ipa-client-install +%{_sbindir}/ipa-getkeytab +%dir %{_usr}/share/ipa +%dir %{_usr}/share/ipa/ipaclient +%dir %{_localstatedir}/lib/ipa-client +%dir %{_localstatedir}/lib/ipa-client/sysrestore +%{_usr}/share/ipa/ipaclient/ipa.cfg +%{_usr}/share/ipa/ipaclient/ipa.js +%dir %{python_sitelib}/ipaclient +%{python_sitelib}/ipaclient/*.py* +%{_mandir}/man1/ipa-getkeytab.1.gz +%{_mandir}/man1/ipa-client-install.1.gz + +%files admintools +%doc LICENSE README +%defattr(-,root,root,-) +#%{_sbindir}/ipa-adddelegation +#%{_sbindir}/ipa-addgroup +#%{_sbindir}/ipa-addservice +#%{_sbindir}/ipa-adduser +#%{_sbindir}/ipa-defaultoptions +#%{_sbindir}/ipa-deldelegation +#%{_sbindir}/ipa-delgroup +#%{_sbindir}/ipa-delservice +#%{_sbindir}/ipa-deluser +#%{_sbindir}/ipa-findgroup +#%{_sbindir}/ipa-findservice +#%{_sbindir}/ipa-finduser +#%{_sbindir}/ipa-listdelegation +#%{_sbindir}/ipa-lockuser +#%{_sbindir}/ipa-modgroup +#%{_sbindir}/ipa-moddelegation +#%{_sbindir}/ipa-passwd +#%{_sbindir}/ipa-moduser +#%{_sbindir}/ipa-pwpolicy +#%{_sbindir}/ipa-change-master-key +%{_sbindir}/ipa-fix-CVE-2008-3274 +%{_sbindir}/ipa-ldap-updater +%{_sbindir}/ipa-compat-manage +#%{_mandir}/man1/ipa-adddelegation.1.gz +#%{_mandir}/man1/ipa-addgroup.1.gz +#%{_mandir}/man1/ipa-addservice.1.gz +#%{_mandir}/man1/ipa-adduser.1.gz +#%{_mandir}/man1/ipa-defaultoptions.1.gz +#%{_mandir}/man1/ipa-deldelegation.1.gz +#%{_mandir}/man1/ipa-delgroup.1.gz +#%{_mandir}/man1/ipa-delservice.1.gz +#%{_mandir}/man1/ipa-deluser.1.gz +#%{_mandir}/man1/ipa-findgroup.1.gz +#%{_mandir}/man1/ipa-findservice.1.gz +#%{_mandir}/man1/ipa-finduser.1.gz +#%{_mandir}/man1/ipa-modgroup.1.gz +#%{_mandir}/man1/ipa-listdelegation.1.gz +#%{_mandir}/man1/ipa-lockuser.1.gz +#%{_mandir}/man1/ipa-moddelegation.1.gz +#%{_mandir}/man1/ipa-passwd.1.gz +#%{_mandir}/man1/ipa-moduser.1.gz +#%{_mandir}/man1/ipa-pwpolicy.1.gz +#%{_mandir}/man1/ipa-ldap-updater.1.gz +#%{_mandir}/man1/ipa-compat-manage.1.gz + +%files python +%doc LICENSE README +%defattr(-,root,root,-) +%dir %{python_sitelib}/ipa +%{python_sitelib}/ipa/*.py* +%if 0%{?fedora} >= 9 +%{python_sitelib}/ipa-*.egg-info +%endif +%config(noreplace) %{_sysconfdir}/ipa/ipa.conf + +%files radius-server +%doc LICENSE README +%{_sbindir}/ipa-radius-install +%{_usr}/share/ipa/ipaserver/plugins/* +%dir %{_usr}/share/ipa/plugins +%{_usr}/share/ipa/plugins/radius.radiusd.conf.template + +%files radius-admintools +%doc LICENSE README +%{_sbindir}/ipa-addradiusclient +%{_sbindir}/ipa-addradiusprofile +%{_sbindir}/ipa-delradiusclient +%{_sbindir}/ipa-delradiusprofile +%{_sbindir}/ipa-findradiusclient +%{_sbindir}/ipa-findradiusprofile +%{_sbindir}/ipa-modradiusclient +%{_sbindir}/ipa-modradiusprofile + +%changelog +* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.1-3 +- rebuild with new openssl + +* Fri Dec 19 2008 Dan Walsh <dwalsh@redhat.com> - 1.2.1-2 +- Fix SELinux code + +* Mon Dec 15 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-1 +- Fix breakage caused by python-kerberos update to 1.1 + +* Fri Dec 5 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-0 +- New upstream release 1.2.1 + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 1.2.0-4 +- Rebuild for Python 2.6 + +* Fri Nov 14 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-3 +- Respin after the tarball has been re-released upstream + New hash is 506c9c92dcaf9f227cba5030e999f177 + +* Thu Nov 13 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-2 +- Conditionally restart also dirsrv and httpd when upgrading + +* Wed Oct 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.2.0-1 +- Update to upstream version 1.2.0 +- Set fedora-ds-base minimum version to 1.1.3 for winsync header +- Set the minimum version for SELinux policy +- Remove references to Fedora 7 + +* Wed Jul 23 2008 Simo Sorce <ssorce@redhat.com> - 1.1.0-3 +- Fix for CVE-2008-3274 +- Fix segfault in ipa-kpasswd in case getifaddrs returns a NULL interface +- Add fix for bug #453185 +- Rebuild against openldap libraries, mozldap ones do not work properly +- TurboGears is currently broken in rawhide. Added patch to not build + the UI locales and removed them from the ipa-server files section. + +* Wed Jun 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-2 +- Add call to /usr/sbin/upgradeconfig to post install + +* Wed Jun 11 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-1 +- Update to upstream version 1.1.0 +- Patch for indexing memberof attribute +- Patch for indexing uidnumber and gidnumber +- Patch to change DNA default values for replicas +- Patch to fix uninitialized variable in ipa-getkeytab + +* Fri May 16 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-5 +- Set fedora-ds-base minimum version to 1.1.0.1-4 and mod_nss minimum + version to 1.0.7-4 so we pick up the NSS fixes. +- Add selinux-policy-base(post) to Requires (446496) + +* Tue Apr 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-4 +- Add missing entry for /var/cache/ipa/kpasswd (444624) +- Added patch to fix permissions problems with the Apache NSS database. +- Added patch to fix problem with DNS querying where the query could be + returned as the answer. +- Fix spec error where patch1 was in the wrong section + +* Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-3 +- Added patch to fix problem reported by ldapmodify + +* Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2 +- Fix Requires for krb5-server that was missing for Fedora versions > 9 +- Remove quotes around test for fedora version to package egg-info + +* Fri Apr 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1 +- Update to upstream version 1.0.0 + +* Tue Mar 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-12 +- Pull upstream changelog 722 +- Add Conflicts mod_ssl (435360) + +* Thu Feb 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-11 +- Pull upstream changelog 698 +- Fix ownership of /var/log/ipa_error.log during install (435119) +- Add pwpolicy command and man page + +* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-10 +- Pull upstream changelog 678 +- Add new subpackage, ipa-server-selinux +- Add Requires: authconfig to ipa-python (bz #433747) +- Package i18n files + +* Mon Feb 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-9 +- Pull upstream changelog 641 +- Require minimum version of krb5-server on F-7 and F-8 +- Package some new files + +* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> 0.99-8 +- Marked with wrong license. IPA is GPLv2. + +* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-7 +- Ensure that /etc/ipa exists before moving user-modifiable html files there +- Put html files into /etc/ipa/html instead of /etc/ipa + +* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-6 +- Pull upstream changelog 608 which renamed several files + +* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-5 +- package the sessions dir /var/cache/ipa/sessions +- Pull upstream changelog 597 + +* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-4 +- Updated upstream pull (596) to fix bug in ipa_webgui that was causing the + UI to not start. + +* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-3 +- Included LICENSE and README in all packages for documentation +- Move user-modifiable content to /etc/ipa and linked back to + /usr/share/ipa/html +- Changed some references to /usr to the {_usr} macro and /etc + to {_sysconfdir} +- Added popt-devel to BuildRequires for Fedora 8 and higher and + popt for Fedora 7 +- Package the egg-info for Fedora 9 and higher for ipa-python + +* Tue Jan 22 2008 Rob Crittenden <rcritten@redhat.com> 0.99-2 +- Added auto* BuildRequires + +* Mon Jan 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-1 +- Unified spec file + +* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2 +- Fixed License in specfile +- Include files from /usr/lib/python*/site-packages/ipaserver + +* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1 +- Version bump for release + +* Wed Nov 21 2007 Karl MacMillan <kmacmill@mentalrootkit.com> - 0.5.0-1 +- Preverse mode on ipa-keytab-util +- Version bump for relase and rpm name change + +* Thu Nov 15 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.1-2 +- Broke invididual Requires and BuildRequires onto separate lines and + reordered them +- Added python-tgexpandingformwidget as a dependency +- Require at least fedora-ds-base 1.1 + +* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1 +- Version bump for release + +* Wed Oct 31 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-6 +- Add dep for freeipa-admintools and acl + +* Wed Oct 24 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-5 +- Add dependency for python-krbV + +* Fri Oct 19 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-4 +- Require mod_nss-1.0.7-2 for mod_proxy fixes + +* Thu Oct 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-3 +- Convert to autotools-based build + +* Tue Sep 25 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2 + +* Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1 +- Added support for libipa-dna-plugin + +* Fri Aug 10 2007 Karl MacMillan <kmacmill@redhat.com> - 0.2.0-1 +- Added support for ipa_kpasswd and ipa_pwd_extop + +* Mon Aug 5 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-3 +- Abstracted client class to work directly or over RPC + +* Wed Aug 1 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-2 +- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires +- Remove references to admin server in ipa-server-setupssl +- Generate a client certificate for the XML-RPC server to connect to LDAP with +- Create a keytab for Apache +- Create an ldif with a test user +- Provide a certmap.conf for doing SSL client authentication + +* Fri Jul 27 2007 Karl MacMillan <kmacmill@redhat.com> - 0.1.0-1 +- Initial rpm version diff --git a/ipalib/plugins/b_xmlrpc.py b/ipalib/plugins/b_xmlrpc.py index 14f2a9bed..1676ecf51 100644 --- a/ipalib/plugins/b_xmlrpc.py +++ b/ipalib/plugins/b_xmlrpc.py @@ -86,7 +86,10 @@ class KerbTransport(xmlrpclib.SafeTransport): service = "HTTP@" + hostinfo[0] try: - rc, vc = kerberos.authGSSClientInit(service); + rc, vc = kerberos.authGSSClientInit(service, + kerberos.GSS_C_DELEG_FLAG | + kerberos.GSS_C_MUTUAL_FLAG | + kerberos.GSS_C_SEQUENCE_FLAG) except kerberos.GSSError, e: raise kerberos.GSSError(e) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 938c30e64..207276d5a 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -187,7 +187,10 @@ class KerbTransport(SafeTransport): service = "HTTP@" + host.split(':')[0] try: - (rc, vc) = kerberos.authGSSClientInit(service) + (rc, vc) = kerberos.authGSSClientInit(service, + kerberos.GSS_C_DELEG_FLAG | + kerberos.GSS_C_MUTUAL_FLAG | + kerberos.GSS_C_SEQUENCE_FLAG) except kerberos.GSSError, e: raise e # FIXME: raise a PublicError diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index e9826bf68..7ddcbc4e2 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -35,7 +35,7 @@ import service import installutils import certs import ipaldap, ldap -from ipaserver import ldapupdate +from ipaserver.install import ldapupdate SERVER_ROOT_64 = "/usr/lib64/dirsrv" SERVER_ROOT_32 = "/usr/lib/dirsrv" diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index cdf23125a..f6d2fb4d1 100755..100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -25,7 +25,7 @@ UPDATES_DIR="/usr/share/ipa/updates/" import sys -from ipaserver import ipaldap, installutils +from ipaserver.install import ipaldap, installutils from ipa import entity, ipaerror, ipautil import ldap import logging diff --git a/ipaserver/mod_python_xmlrpc.py b/ipaserver/mod_python_xmlrpc.py index 0f631f744..f8566ec7f 100755 --- a/ipaserver/mod_python_xmlrpc.py +++ b/ipaserver/mod_python_xmlrpc.py @@ -46,7 +46,6 @@ try: except ImportError: pass - # Global list of available functions gfunctions = {} @@ -36,6 +36,7 @@ setup( 'ipalib.plugins', 'ipaserver', 'ipaserver.plugins', + 'ipaserver.install', 'ipawebui', 'ipawebui.templates', ], |