summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/dsinstance.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r--ipaserver/install/dsinstance.py87
1 files changed, 85 insertions, 2 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 242e04d99..1719df46d 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -25,7 +25,6 @@ import os
import re
import time
import tempfile
-import base64
import stat
import grp
@@ -38,7 +37,9 @@ import ldap
from ipaserver.install import ldapupdate
from ipaserver.install import replication
from ipaserver.install import sysupgrade
-from ipalib import errors, certstore
+from ipalib import api
+from ipalib import certstore
+from ipalib import errors
from ipaplatform.tasks import tasks
from ipalib.constants import CACERT
from ipapython.dn import DN
@@ -952,3 +953,85 @@ class DsInstance(service.Service):
pass
self.ldap_disconnect()
+
+ def find_subject_base(self):
+ """
+ Try to find the current value of certificate subject base.
+ 1) Look in sysupgrade first
+ 2) If no value is found there, look in DS (start DS if necessary)
+ 3) Last resort, look in the certmap.conf itself
+ 4) If all fails, log loudly and return None
+
+ Note that this method can only be executed AFTER the ipa server
+ is configured, the api is initialized elsewhere and
+ that a ticket already have been acquired.
+ """
+ root_logger.debug(
+ 'Trying to find certificate subject base in sysupgrade')
+ subject_base = sysupgrade.get_upgrade_state(
+ 'certmap.conf', 'subject_base')
+
+ if subject_base:
+ root_logger.debug(
+ 'Found certificate subject base in sysupgrade: %s',
+ subject_base)
+ return subject_base
+
+ root_logger.debug(
+ 'Unable to find certificate subject base in sysupgrade')
+ root_logger.debug(
+ 'Trying to find certificate subject base in DS')
+
+ ds_is_running = is_ds_running()
+ if not ds_is_running:
+ try:
+ self.start()
+ ds_is_running = True
+ except ipautil.CalledProcessError as e:
+ root_logger.error('Cannot start DS to find certificate '
+ 'subject base: %s', e)
+
+ if ds_is_running:
+ try:
+ api.Backend.ldap2.connect(autobind=True)
+ ret = api.Command['config_show']()
+ subject_base = str(
+ ret['result']['ipacertificatesubjectbase'][0])
+ root_logger.debug(
+ 'Found certificate subject base in DS: %s', subject_base)
+ except errors.PublicError, e:
+ root_logger.error('Cannot connect to DS to find certificate '
+ 'subject base: %s', e)
+ finally:
+ try:
+ api.Backend.ldap2.disconnect()
+ except Exception:
+ pass
+
+ if not subject_base:
+ root_logger.debug('Unable to find certificate subject base in DS')
+ root_logger.debug('Trying to find certificate subject base in '
+ 'certmap.conf')
+
+ certmap_dir = config_dirname(
+ realm_to_serverid(api.env.realm)
+ )
+ try:
+ with open(os.path.join(certmap_dir, 'certmap.conf')) as f:
+ for line in f:
+ if line.startswith('certmap ipaca'):
+ subject_base = line.strip().split(',')[-1]
+ root_logger.debug(
+ 'Found certificate subject base in certmap.conf: '
+ '%s', subject_base)
+
+ except IOError as e:
+ root_logger.error('Cannot open certmap.conf to find certificate '
+ 'subject base: %s', e.strerror)
+
+ if subject_base:
+ return subject_base
+
+ root_logger.debug('Unable to find certificate subject base in '
+ 'certmap.conf')
+ return None
generated by cgit (git 2.34.1) at 2024-05-24 18:17:43 +0000