diff options
Diffstat (limited to 'ipapython')
-rw-r--r-- | ipapython/Makefile | 4 | ||||
-rw-r--r-- | ipapython/ipautil.py | 117 | ||||
-rw-r--r-- | ipapython/platform/__init__.py | 23 | ||||
-rw-r--r-- | ipapython/platform/redhat.py | 116 | ||||
-rw-r--r-- | ipapython/setup.py.in | 2 |
5 files changed, 213 insertions, 49 deletions
diff --git a/ipapython/Makefile b/ipapython/Makefile index c96d5d9c1..7b046383a 100644 --- a/ipapython/Makefile +++ b/ipapython/Makefile @@ -3,7 +3,7 @@ PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/ipa CONFIGDIR ?= $(DESTDIR)/etc/ipa TESTS = $(wildcard test/*.py) -SUBDIRS = py_default_encoding +SUBDIRS = py_default_encoding platform all: @for subdir in $(SUBDIRS); do \ @@ -27,7 +27,7 @@ clean: done distclean: clean - rm -f setup.py ipa-python.spec version.py + rm -f setup.py ipa-python.spec version.py services.py @for subdir in $(SUBDIRS); do \ (cd $$subdir && $(MAKE) $@) || exit 1; \ done diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index da6e94c85..0e2532dc9 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -1,6 +1,7 @@ # Authors: Simo Sorce <ssorce@redhat.com> +# Alexander Bokovoy <abokovoy@redhat.com> # -# Copyright (C) 2007 Red Hat +# Copyright (C) 2007-2011 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -1053,51 +1054,6 @@ def get_gsserror(e): return (major, minor) -def service_stop(service_name, instance_name="", capture_output=True): - run(["/sbin/service", service_name, "stop", instance_name], - capture_output=capture_output) - -def service_start(service_name, instance_name="", capture_output=True): - run(["/sbin/service", service_name, "start", instance_name], - capture_output=capture_output) - -def service_restart(service_name, instance_name="", capture_output=True): - run(["/sbin/service", service_name, "restart", instance_name], - capture_output=capture_output) - -def service_is_running(service_name, instance_name=""): - ret = True - try: - run(["/sbin/service", service_name, "status", instance_name]) - except CalledProcessError: - ret = False - return ret - -def service_is_installed(service_name): - installed = True - try: - run(["/sbin/service", service_name, "status"]) - except CalledProcessError, e: - if e.returncode == 1: - # service is not installed or there is other serious issue - installed = False - return installed - -def service_is_enabled(service_name): - (stdout, stderr, returncode) = run(["/sbin/chkconfig", service_name], raiseonerr=False) - return (returncode == 0) - -def chkconfig_on(service_name): - run(["/sbin/chkconfig", service_name, "on"]) - -def chkconfig_off(service_name): - run(["/sbin/chkconfig", service_name, "off"]) - -def chkconfig_add(service_name): - run(["/sbin/chkconfig", "--add", service_name]) - -def chkconfig_del(service_name): - run(["/sbin/chkconfig", "--del", service_name]) def host_port_open(host, port, socket_stream=True, socket_timeout=None): families = (socket.AF_INET, socket.AF_INET6) @@ -1171,3 +1127,72 @@ def bind_port_responder(port, socket_stream=True, socket_timeout=None, responder s.sendto(responder_data, addr) finally: s.close() + +class AuthConfig: + """ + AuthConfig class implements system-independent interface to configure + system authentication resources. In Red Hat systems this is done with + authconfig(8) utility. + + AuthConfig class is nothing more than a tool to gather configuration options + and execute their processing. These options then converted by an actual implementation + to series of a system calls to appropriate utilities performing real configuration. + + Actual implementation should be done in ipapython/platform/<platform>.py by inheriting from ipautil.AuthConfig + and redefining __build_args() and execute() methods. + .... + class PlatformAuthConfig(ipautil.AuthConfig): + def __build_args(): + ... + + def execute(): + ... + + authconfig = PlatformAuthConfig + .... + + See ipapython/platform/redhat.py for a sample implementation that uses authconfig(8) as its backend. + + From IPA perspective, the authentication configuration should be done with use of ipapython.services.authconfig: + + auth_config = ipapython.services.authconfig() + auth_config.disable("ldap").\ + disable("krb5").\ + disable("sssd").\ + disable("sssdauth").\ + disable("mkhomedir").\ + add_option("update").\ + enable("nis").\ + add_parameter("nisdomain","foobar") + auth_config.execute() + """ + + def __init__(self): + self.parameters = {} + + def enable(self, option): + self.parameters[option] = True + return self + + def disable(self, option): + self.parameters[option] = False + return self + + def add_option(self, option): + self.parameters[option] = None + return self + + def add_parameter(self, option, value): + self.parameters[option] = [value] + return self + + def __build_args(self): + # do nothing + return None + + def execute(self): + # do nothing + return None + + + diff --git a/ipapython/platform/__init__.py b/ipapython/platform/__init__.py new file mode 100644 index 000000000..e0a394b02 --- /dev/null +++ b/ipapython/platform/__init__.py @@ -0,0 +1,23 @@ +# Authors: +# Alexander Bokovoy <abokovoy@redhat.com> +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Sub-package containing all platform-specific adaptation for ipapython.services. +Should not be used directly. +""" diff --git a/ipapython/platform/redhat.py b/ipapython/platform/redhat.py new file mode 100644 index 000000000..c6d2631cd --- /dev/null +++ b/ipapython/platform/redhat.py @@ -0,0 +1,116 @@ +# Authors: Simo Sorce <ssorce@redhat.com> +# Alexander Bokovoy <abokovoy@redhat.com> +# +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +from ipapython import ipautil + +SERVICE_PORTMAP = "portmap" +SERVICE_RPCBIND = "rpcbind" +SERVICE_CERTMONGER = "certmonger" +SERVICE_NSCD = "nscd" +SERVICE_NLSCD = "nlscd" + +def service_stop(service_name, instance_name="", capture_output=True): + ipautil.run(["/sbin/service", service_name, "stop", instance_name], + capture_output=capture_output) + +def service_start(service_name, instance_name="", capture_output=True): + ipautil.run(["/sbin/service", service_name, "start", instance_name], + capture_output=capture_output) + +def service_restart(service_name, instance_name="", capture_output=True): + ipautil.run(["/sbin/service", service_name, "restart", instance_name], + capture_output=capture_output) + +def service_is_running(service_name, instance_name=""): + ret = True + try: + ipautil.run(["/sbin/service", service_name, "status", instance_name]) + except ipautil.CalledProcessError: + ret = False + return ret + +def service_is_installed(service_name): + installed = True + try: + ipautil.run(["/sbin/service", service_name, "status"]) + except ipautil.CalledProcessError, e: + if e.returncode == 1: + # service is not installed or there is other serious issue + installed = False + return installed + +def service_is_enabled(service_name): + (stdout, stderr, returncode) = ipautil.run(["/sbin/chkconfig", service_name], raiseonerr=False) + return (returncode == 0) + +def service_on(service_name): + ipautil.run(["/sbin/chkconfig", service_name, "on"]) + +def service_off(service_name): + ipautil.run(["/sbin/chkconfig", service_name, "off"]) + +def service_add(service_name): + ipautil.run(["/sbin/chkconfig", "--add", service_name]) + +def service_del(service_name): + ipautil.run(["/sbin/chkconfig", "--del", service_name]) + +def restore_context(dirname): + """ + restore security context on the directory + SE Linux equivalent is /sbin/restorecon <dirname> + """ + ipautil.run(["/sbin/restorecon", dirname]) + +class RedHatAuthConfig(ipautil.AuthConfig): + """ + AuthConfig class implements system-independent interface to configure + system authentication resources. In Red Hat-produced systems this is done with + authconfig(8) utility. + + """ + S_SHADOW = "shadow" + S_MD5 = "md5" + S_NIS = "nis" + S_LDAP = "ldap" + S_SSSD = "sssd" + + def __build_args(self): + args = [] + for (option, value) in self.parameters.items(): + if type(value) is bool: + if value: + args.append("--enable%s" % (option)) + else: + args.append("--disable%s" % (option)) + elif type(value) in (tuple, list): + args.append("--%s" % (option)) + args.append("%s" % (value[0])) + elif value is None: + args.append("--%s" % (option)) + else: + args.append("--%s%s" % (option,value)) + return args + + def execute(self): + args = self.__build_args() + ipautil.run(["/usr/sbin/authconfig"]+args) + +authconfig = RedHatAuthConfig diff --git a/ipapython/setup.py.in b/ipapython/setup.py.in index d9ee28c55..df1cacf85 100644 --- a/ipapython/setup.py.in +++ b/ipapython/setup.py.in @@ -65,7 +65,7 @@ def setup_package(): classifiers=filter(None, CLASSIFIERS.split('\n')), platforms = ["Linux", "Solaris", "Unix"], package_dir = {'ipapython': ''}, - packages = [ "ipapython" ], + packages = [ "ipapython", "ipapython.platform" ], ) finally: del sys.path[0] |