From 6f51f92138ff12eff732bf028751dcfa8ef9b442 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Mon, 3 Jun 2013 12:06:06 +0200 Subject: Use private ccache in ipa install tools All installers that handle Kerberos auth, have been altered to use private ccache, that is ipa-server-install, ipa-dns-install, ipa-replica-install, ipa-ca-install. https://fedorahosted.org/freeipa/ticket/3666 --- install/tools/ipa-ca-install | 13 +++++++------ install/tools/ipa-dns-install | 5 +++-- install/tools/ipa-replica-install | 13 +++++++------ install/tools/ipa-server-install | 7 +++++-- ipaserver/install/installutils.py | 22 ++++++++++++++++++++++ 5 files changed, 44 insertions(+), 16 deletions(-) diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 81c118345..3b7e9d206 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -28,9 +28,9 @@ from ipapython import services as ipaservices from ipaserver.install import installutils, service from ipaserver.install import certs -from ipaserver.install.installutils import HostnameLocalhost -from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info -from ipaserver.install.installutils import get_host_name, BadHostError +from ipaserver.install.installutils import (HostnameLocalhost, ReplicaConfig, + expand_replica_info, read_replica_info, get_host_name, BadHostError, + private_ccache) from ipaserver.install import dsinstance, cainstance, bindinstance from ipaserver.install.replication import replica_conn_check from ipapython import version @@ -212,9 +212,10 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up. if __name__ == '__main__': try: - installutils.run_script(main, log_file_name=log_file_name, - operation_name='ipa-ca-install', - fail_message=fail_message) + with private_ccache(): + installutils.run_script(main, log_file_name=log_file_name, + operation_name='ipa-ca-install', + fail_message=fail_message) finally: # always try to remove decrypted replica file try: diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index e12a0465c..47bc31b47 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -258,5 +258,6 @@ def main(): return 0 if __name__ == '__main__': - installutils.run_script(main, log_file_name=log_file_name, - operation_name='ipa-dns-install') + with private_ccache(): + installutils.run_script(main, log_file_name=log_file_name, + operation_name='ipa-dns-install') diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index b194b85a2..04cad42f6 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -36,9 +36,9 @@ from ipaserver.install import dsinstance, installutils, krbinstance, service from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs from ipaserver.install import memcacheinstance from ipaserver.install.replication import replica_conn_check, ReplicationManager -from ipaserver.install.installutils import HostnameLocalhost, resolve_host -from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info -from ipaserver.install.installutils import get_host_name, BadHostError +from ipaserver.install.installutils import (HostnameLocalhost, resolve_host, + ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name, + BadHostError, private_ccache) from ipaserver.plugins.ldap2 import ldap2 from ipaserver.install import cainstance from ipalib import api, errors, util @@ -726,9 +726,10 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up. if __name__ == '__main__': try: - installutils.run_script(main, log_file_name=log_file_name, - operation_name='ipa-replica-install', - fail_message=fail_message) + with private_ccache(): + installutils.run_script(main, log_file_name=log_file_name, + operation_name='ipa-replica-install', + fail_message=fail_message) finally: # always try to remove decrypted replica file try: diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 62adbd5bc..3e18c8e00 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -1210,6 +1210,7 @@ def main(): if __name__ == '__main__': success = False + try: # FIXME: Common option parsing, logging setup, etc should be factored # out from all install scripts @@ -1219,8 +1220,10 @@ if __name__ == '__main__': else: log_file_name = "/var/log/ipaserver-install.log" - installutils.run_script(main, log_file_name=log_file_name, - operation_name='ipa-server-install') + # Use private ccache + with private_ccache(): + installutils.run_script(main, log_file_name=log_file_name, + operation_name='ipa-server-install') success = True finally: diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 5ed2689d7..a568eae7c 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -28,6 +28,7 @@ import shutil from ConfigParser import SafeConfigParser, NoOptionError import traceback import textwrap +from contextlib import contextmanager from dns import resolver, rdatatype from dns.exception import DNSException @@ -753,3 +754,24 @@ def check_pkcs12(pkcs12_info, ca_file, hostname): (pkcs12_filename, e)) return server_cert_name + + +@contextmanager +def private_ccache(): + + (desc, path) = tempfile.mkstemp(prefix='krbcc') + os.close(desc) + + original_value = os.environ.get('KRB5CCNAME', None) + + os.environ['KRB5CCNAME'] = path + + yield + + if original_value is not None: + os.environ['KRB5CCNAME'] = original_value + else: + os.environ.pop('KRB5CCNAME') + + if os.path.exists(path): + os.remove(path) -- cgit