diff options
| -rw-r--r-- | ipa-python/rpcclient.py | 2 | ||||
| -rw-r--r-- | ipa-server/Makefile.am | 5 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipa_webgui.cfg | 4 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css | 4 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css | 24 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/static/css/style_platform.css | 14 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/templates/master.kid | 12 | ||||
| -rw-r--r-- | ipa-server/ipa-server.spec.in | 7 | ||||
| -rw-r--r-- | ipa-server/ipa-upgradeconfig | 112 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/ipa-rewrite.conf | 4 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/ipa.conf | 24 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/unauthorized.html | 6 |
12 files changed, 171 insertions, 47 deletions
diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py index ecd42b99d..5a95d8300 100644 --- a/ipa-python/rpcclient.py +++ b/ipa-python/rpcclient.py @@ -38,7 +38,7 @@ class RPCClient: def server_url(self, server): """Build the XML-RPC server URL from our configuration""" - url = "https://" + server + "/ipaxml" + url = "https://" + server + "/ipa/xml" if self.verbose: print "Connecting to IPA server: %s" % url return url diff --git a/ipa-server/Makefile.am b/ipa-server/Makefile.am index 35d3074e1..949b39c3e 100644 --- a/ipa-server/Makefile.am +++ b/ipa-server/Makefile.am @@ -14,6 +14,10 @@ SUBDIRS = \ man \ $(NULL) +sbin_SCRIPTS = \ + ipa-upgradeconfig \ + $(NULL) + install-exec-local: mkdir -p $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore chmod 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore @@ -35,6 +39,7 @@ EXTRA_DIST = \ HACKING \ NEWS \ ChangeLog \ + $(sbin_SCRIPTS) \ $(NULL) DISTCLEANFILES = \ diff --git a/ipa-server/ipa-gui/ipa_webgui.cfg b/ipa-server/ipa-gui/ipa_webgui.cfg index 62d251cf3..f7dfb2593 100644 --- a/ipa-server/ipa-gui/ipa_webgui.cfg +++ b/ipa-server/ipa-gui/ipa_webgui.cfg @@ -29,11 +29,11 @@ server.thread_pool = 10 # if this is part of a larger site, you can set the path # to the TurboGears instance here -server.webpath="/ipa" +server.webpath="/ipa/ui" # Set to True if you are deploying your App behind a proxy # e.g. Apache using mod_proxy -# base_url_filter.on = False +base_url_filter.on = True # Set to True if your proxy adds the x_forwarded_host header # base_url_filter.use_x_forwarded_host = True diff --git a/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css b/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css index 5eafa9b1a..f56971bd3 100644 --- a/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css +++ b/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css @@ -40,10 +40,10 @@ text-decoration: underline; } .sortasc { - background-image: url(/static/images/up.gif) !important; + background-image: url(/ipa/ui/static/images/up.gif) !important; } .sortdesc { - background-image: url(/static/images/down.gif) !important; + background-image: url(/ipa/ui/static/images/down.gif) !important; } .warning_message { diff --git a/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css b/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css index bb9e805ab..51d570896 100644 --- a/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css +++ b/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css @@ -1,19 +1,19 @@ /* object h1 styles */ -#details h1.overview { background-image: url('/static/images/objects/object-overview.png'); } +#details h1.overview { background-image: url('/ipa/ui/static/images/objects/object-overview.png'); } -#details h1.accesscontrol { background-image: url('/static/images/objects/object-accesscontrol.png'); } +#details h1.accesscontrol { background-image: url('/ipa/ui/static/images/objects/object-accesscontrol.png'); } -#details h1.user { background-image: url('/static/images/objects/object-user.png'); } -#details h1.usergroup { background-image: url('/static/images/objects/object-usergroup.png'); } +#details h1.user { background-image: url('/ipa/ui/static/images/objects/object-user.png'); } +#details h1.usergroup { background-image: url('/ipa/ui/static/images/objects/object-usergroup.png'); } -#details h1.content-overview { background-image: url('/static/images/objects/object-content.png'); } -#details h1.channel { background-image: url('/static/images/objects/object-channel.png'); } -#details h1.channel-new { background-image: url('/static/images/objects/object-channel.png'); } -#details h1.channels { background-image: url('/static/images/objects/object-channels.png'); } -#details h1.media { background-image: url('/static/images/objects/object-media.png'); } +#details h1.content-overview { background-image: url('/ipa/ui/static/images/objects/object-content.png'); } +#details h1.channel { background-image: url('/ipa/ui/static/images/objects/object-channel.png'); } +#details h1.channel-new { background-image: url('/ipa/ui/static/images/objects/object-channel.png'); } +#details h1.channels { background-image: url('/ipa/ui/static/images/objects/object-channels.png'); } +#details h1.media { background-image: url('/ipa/ui/static/images/objects/object-media.png'); } -#details h1.system { background-image: url('/static/images/objects/object-system.png'); } -#details h1.virtualsystem { background-image: url('/static/images/objects/object-virtualsystem.png'); } +#details h1.system { background-image: url('/ipa/ui/static/images/objects/object-system.png'); } +#details h1.virtualsystem { background-image: url('/ipa/ui/static/images/objects/object-virtualsystem.png'); } -#details h1.policy { background-image: url('/static/images/objects/object-policy.png'); } +#details h1.policy { background-image: url('/ipa/ui/static/images/objects/object-policy.png'); } diff --git a/ipa-server/ipa-gui/ipagui/static/css/style_platform.css b/ipa-server/ipa-gui/ipagui/static/css/style_platform.css index 37f030a84..9168bd1d0 100644 --- a/ipa-server/ipa-gui/ipagui/static/css/style_platform.css +++ b/ipa-server/ipa-gui/ipagui/static/css/style_platform.css @@ -12,7 +12,7 @@ html, body { } body { - background-image: url('/static/images/template/background.png'); + background-image: url('/ipa/ui/static/images/template/background.png'); background-repeat: repeat-x; background-color: #f9f9f9; margin: 0px; @@ -45,7 +45,7 @@ td, th { float: left; margin-top: -10px; - background: url('/static/images/branding/logo.png') no-repeat; + background: url('/ipa/ui/static/images/branding/logo.png') no-repeat; } #content { @@ -53,7 +53,7 @@ td, th { min-height: 100%; background-color: #f9f9f9; - background-image: url('/static/images/template/background-content.png'); + background-image: url('/ipa/ui/static/images/template/background-content.png'); background-repeat: repeat-x; } @@ -95,7 +95,7 @@ div#search { margin: 0px; clear: both; - background-image: url('/static/images/template/background-navbar.png'); + background-image: url('/ipa/ui/static/images/template/background-navbar.png'); background-repeat: repeat-x; } @@ -121,7 +121,7 @@ div#search { } #navbar .active { - background-image: url('/static/images/template/background-navbar-active.png'); + background-image: url('/ipa/ui/static/images/template/background-navbar-active.png'); height: 70px; width: 116px; @@ -156,7 +156,7 @@ div#search { border: 1px solid #aaa; background-color: #ccc; - background-image: url('/static/images/template/background-sidebar.png'); + background-image: url('/ipa/ui/static/images/template/background-sidebar.png'); background-repeat: repeat-y; } @@ -477,7 +477,7 @@ div.instructions { padding-top: 2ex; width: 40%; float: right; - background-image: url('/static/images/template/background-search.png'); + background-image: url('/ipa/ui/static/images/template/background-search.png'); background-repeat: repeat-y; background-color: white; } diff --git a/ipa-server/ipa-gui/ipagui/templates/master.kid b/ipa-server/ipa-gui/ipagui/templates/master.kid index ac850178a..d8b341428 100644 --- a/ipa-server/ipa-gui/ipagui/templates/master.kid +++ b/ipa-server/ipa-gui/ipagui/templates/master.kid @@ -24,13 +24,13 @@ <title py:replace="''">Your title goes here</title> <meta py:replace="item[:]"/> <style type="text/css" media="all"> - @import "/static/css/style_platform.css"; - @import "/static/css/style_platform-objects.css"; - @import "/static/css/style_freeipa.css"; + @import "${tg.url('/static/css/style_platform.css')}"; + @import "${tg.url('/static/css/style_platform-objects.css')}"; + @import "${tg.url('/static/css/style_freeipa.css')}"; </style> - <script type="text/javascript" charset="utf-8" src="/static/javascript/prototype.js"></script> - <script type="text/javascript" charset="utf-8" src="/static/javascript/scriptaculous.js?load=effects"></script> - <script type="text/javascript" charset="utf-8" src="/static/javascript/ipautil.js"></script> + <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/prototype.js')}"></script> + <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/scriptaculous.js?load=effects')}"></script> + <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/ipautil.js')}"></script> </head> <body py:match="item.tag=='{http://www.w3.org/1999/xhtml}body'" py:attrs="item.items()"> diff --git a/ipa-server/ipa-server.spec.in b/ipa-server/ipa-server.spec.in index 4390dff37..281fa07fe 100644 --- a/ipa-server/ipa-server.spec.in +++ b/ipa-server/ipa-server.spec.in @@ -1,6 +1,6 @@ Name: ipa-server Version: VERSION -Release: 1%{?dist} +Release: 2%{?dist} Summary: IPA authentication server Group: System Environment/Base @@ -93,6 +93,7 @@ fi /bin/chown apache /var/log/ipa_error.log /bin/chmod 600 /var/log/ipa_error.log restorecon /var/log/ipa_error.log +/usr/sbin/ipa-upgradeconfig %preun if [ $1 = 0 ]; then @@ -118,6 +119,7 @@ fi %{_sbindir}/ipactl %{_sbindir}/ipa_kpasswd %{_sbindir}/ipa_webgui +%{_sbindir}/ipa-upgradeconfig %attr(755,root,root) %{_initrddir}/ipa_kpasswd %attr(755,root,root) %{_initrddir}/ipa_webgui @@ -166,6 +168,9 @@ fi %{_mandir}/man1/ipa-server-install.1.gz %changelog +* Tue May 5 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2 +- Add ipa-upgradeconfig command and run it at post + * Thu Apr 3 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1 - Version bump for release diff --git a/ipa-server/ipa-upgradeconfig b/ipa-server/ipa-upgradeconfig new file mode 100644 index 000000000..2fa290168 --- /dev/null +++ b/ipa-server/ipa-upgradeconfig @@ -0,0 +1,112 @@ +#!/usr/bin/python +# +# Upgrade configuration files to a newer template. + +import sys +try: + from ipa import ipautil + import krbV + import re + import os + import shutil + import fileinput +except ImportError: + print >> sys.stderr, """\ +There was a problem importing one of the required Python modules. The +error was: + + %s +""" % sys.exc_value + sys.exit(1) + +def backup_file(filename, ext): + """Make a backup of filename using ext as the extension. Do not overwrite + previous backups.""" + if not os.path.isabs(filename): + raise ValueError("Absolute path required") + + backupfile = filename + ".bak" + (reldir, file) = os.path.split(filename) + + while os.path.exists(backupfile): + backupfile = backupfile + "." + str(ext) + + shutil.copy2(filename, backupfile) + +def update_conf(sub_dict, filename, template_filename): + template = ipautil.template_file(template_filename, sub_dict) + fd = open(filename, "w") + fd.write(template) + fd.close() + +def find_hostname(): + """Find the hostname currently configured in ipa-rewrite.conf""" + filename="/etc/httpd/conf.d/ipa-rewrite.conf" + if os.path.exists(filename): + pattern = "^[\s#]*.*https:\/\/([A-Za-z0-9\.\-]*)\/.*" + p = re.compile(pattern) + for line in fileinput.input(filename): + if p.search(line): + fileinput.close() + return p.search(line).group(1) + fileinput.close() + + return None + +def find_version(filename): + """Find the version of a configuration file""" + if os.path.exists(filename): + pattern = "^[\s#]*VERSION\s+([0-9]+)\s+.*" + p = re.compile(pattern) + for line in fileinput.input(filename): + if p.search(line): + fileinput.close() + return p.search(line).group(1) + fileinput.close() + + # no VERSION found + return 0 + else: + return -1 + +def upgrade(sub_dict, filename, template): + old = int(find_version(filename)) + new = int(find_version(template)) + + if old < 0: + print "%s not found." % filename + sys.exit(1) + + if new < 0: + print "%s not found." % template + + if old < new: + backup_file(filename, new) + update_conf(sub_dict, filename, template) + print "Upgraded %s to version %d" % (filename, new) + +def main(): + try: + krbctx = krbV.default_context() + except krbV.Krb5Error, e: + print "Unable to get default kerberos realm: %s" % e[1] + sys.exit(1) + + fqdn = find_hostname() + + if fqdn is None: + print "Unable to determine hostname from ipa-rewrite.conf" + sys.exit(1) + + sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn } + + upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") + upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") + +try: + if __name__ == "__main__": + sys.exit(main()) +except SystemExit, e: + sys.exit(e) +except KeyboardInterrupt, e: + sys.exit(1) diff --git a/ipa-server/xmlrpc-server/ipa-rewrite.conf b/ipa-server/xmlrpc-server/ipa-rewrite.conf index af3a3afe2..fc7ce6806 100644 --- a/ipa-server/xmlrpc-server/ipa-rewrite.conf +++ b/ipa-server/xmlrpc-server/ipa-rewrite.conf @@ -1,9 +1,11 @@ +# VERSION 1 - DO NOT REMOVE THIS LINE + RewriteEngine on # By default forward all requests to /ipa. If you don't want IPA # to be the default on your web server comment this line out. You will # need to modify ipa_webgui.cfg as well. -RewriteRule ^/$$ https://$FQDN/ipa [L,NC,R=301] +RewriteRule ^/$$ https://$FQDN/ipa/ui [L,NC,R=301] # Redirect to the fully-qualified hostname. Not redirecting to secure # port so configuration files can be retrieved without requiring SSL. diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index c08282e3b..1eca97757 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -1,3 +1,6 @@ +# +# VERSION 1 - DO NOT REMOVE THIS LINE +# # LoadModule auth_kerb_module modules/mod_auth_kerb.so ProxyRequests Off @@ -17,7 +20,7 @@ AddType application/java-archive jar Krb5KeyTab /etc/httpd/conf/ipa.keytab KrbSaveCredentials on Require valid-user - ErrorDocument 401 /errors/unauthorized.html + ErrorDocument 401 /ipa/errors/unauthorized.html RewriteEngine on Order deny,allow Allow from all @@ -28,20 +31,17 @@ AddType application/java-archive jar </Proxy> # The URI's with a trailing ! are those that aren't handled by the proxy -ProxyPass /ipa http://localhost:8080/ipa -ProxyPassReverse /ipa http://localhost:8080/ipa +ProxyPass /ipa/ui http://localhost:8080/ipa/ui +ProxyPassReverse /ipa/ui http://localhost:8080/ipa/ui # Configure the XML-RPC service -Alias /ipaxml "/usr/share/ipa/ipaserver/XMLRPC" +Alias /ipa/xml "/usr/share/ipa/ipaserver/XMLRPC" # This is where we redirect on failed auth -Alias /errors "/usr/share/ipa/html" +Alias /ipa/errors "/usr/share/ipa/html" # For the MIT Windows config files -Alias /config "/usr/share/ipa/html" - -# So we don't have to hardcode a path into the CSS -Alias /static "/usr/share/ipa/ipagui/static" +Alias /ipa/config "/usr/share/ipa/html" <Directory "/usr/share/ipa/ipaserver"> AuthType Kerberos @@ -53,7 +53,7 @@ Alias /static "/usr/share/ipa/ipagui/static" Krb5KeyTab /etc/httpd/conf/ipa.keytab KrbSaveCredentials on Require valid-user - ErrorDocument 401 /errors/unauthorized.html + ErrorDocument 401 /ipa/errors/unauthorized.html SetHandler mod_python PythonHandler ipaxmlrpc @@ -84,7 +84,7 @@ Alias /static "/usr/share/ipa/ipagui/static" Krb5KeyTab /etc/httpd/conf/ipa.keytab KrbSaveCredentials on Require valid-user - ErrorDocument 401 /errors/unauthorized.html + ErrorDocument 401 /ipa/errors/unauthorized.html </Directory> #Alias /ipatest "/usr/share/ipa/ipatest" @@ -99,7 +99,7 @@ Alias /static "/usr/share/ipa/ipagui/static" # Krb5KeyTab /etc/httpd/conf/ipa.keytab # KrbSaveCredentials on # Require valid-user -# ErrorDocument 401 /errors/unauthorized.html +# ErrorDocument 401 /ipa/errors/unauthorized.html # # SetHandler mod_python # PythonHandler test_mod_python diff --git a/ipa-server/xmlrpc-server/unauthorized.html b/ipa-server/xmlrpc-server/unauthorized.html index cc53e33b7..6ba8a99ee 100644 --- a/ipa-server/xmlrpc-server/unauthorized.html +++ b/ipa-server/xmlrpc-server/unauthorized.html @@ -5,12 +5,12 @@ <p> Unable to verify your Kerberos credentials. Please make sure that you have valid Kerberos tickets (obtainable via kinit), and that you -have <a href="/errors/ssbrowser.html">configured your +have <a href="/ipa/errors/ssbrowser.html">configured your browser correctly</a>. If you are still unable to access the IPA Web interface, please contact the helpdesk on for additional assistance. </p> <p> -Import the <a href="/errors/ca.crt">IPA Certificate Authority</a>. +Import the <a href="/ipa/errors/ca.crt">IPA Certificate Authority</a>. </p> <p> <script type="text/javascript"> @@ -19,7 +19,7 @@ Import the <a href="/errors/ca.crt">IPA Certificate Authority</a>. { document.write("<p>You can automatically configure your browser to work with Kerberos by importing the Certificate Authority above and clicking on the Configure Browser button.</p>"); document.write("<p>You <strong>must</strong> reload this page after importing the Certificate Authority for the automatic settings to work</p>"); - document.write("<object data=\"jar:/errors/configure.jar!/preferences.html\" type=\"text/html\"><\/object"); + document.write("<object data=\"jar:/ipa/errors/configure.jar!/preferences.html\" type=\"text/html\"><\/object"); } </script> </p> |