From 4d2ef43f287aa96df3d65b97977fc7a824b6b33c Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Thu, 29 May 2014 14:47:17 +0200
Subject: ipaplatform: Move all filesystem paths to ipaplatform.paths module

https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
---
 ipapython/certmonger.py                | 21 +++++++++++----------
 ipapython/config.py                    |  3 ++-
 ipapython/dogtag.py                    | 23 ++++++++++++-----------
 ipapython/ipautil.py                   | 27 ++++++++++++++-------------
 ipapython/nsslib.py                    |  5 +++--
 ipapython/platform/base/__init__.py    |  5 +++--
 ipapython/platform/fedora16/selinux.py |  5 +++--
 ipapython/sysrestore.py                |  3 ++-
 8 files changed, 50 insertions(+), 42 deletions(-)

(limited to 'ipapython')

diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py
index e7edc64f2..0099d239d 100644
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -27,9 +27,10 @@ import re
 import time
 from ipapython import ipautil
 from ipapython import dogtag
+from ipaplatform.paths import paths
 
-REQUEST_DIR='/var/lib/certmonger/requests/'
-CA_DIR='/var/lib/certmonger/cas/'
+REQUEST_DIR=paths.CERTMONGER_REQUESTS_DIR
+CA_DIR=paths.CERTMONGER_CAS_DIR
 
 # Normalizer types for critera in get_request_id()
 NPATH = 1
@@ -176,7 +177,7 @@ def request_cert(nssdb, nickname, subject, principal, passwd_fname=None):
     """
     Execute certmonger to request a server certificate
     """
-    args = ['/usr/bin/ipa-getcert',
+    args = [paths.IPA_GETCERT,
             'request',
             '-d', nssdb,
             '-n', nickname,
@@ -202,7 +203,7 @@ def cert_exists(nickname, secdir):
     a database that doesn't exist and a nickname that doesn't exist within
     the database.
     """
-    args = ["/usr/bin/certutil", "-L",
+    args = [paths.CERTUTIL, "-L",
            "-d", os.path.abspath(secdir),
            "-n", nickname
           ]
@@ -227,7 +228,7 @@ def start_tracking(nickname, secdir, password_file=None, command=None):
     """
     if not cert_exists(nickname, os.path.abspath(secdir)):
         raise RuntimeError('Nickname "%s" doesn\'t exist in NSS database "%s"' % (nickname, secdir))
-    args = ["/usr/bin/ipa-getcert", "start-tracking",
+    args = [paths.IPA_GETCERT, "start-tracking",
             "-d", os.path.abspath(secdir),
             "-n", nickname]
     if password_file:
@@ -261,7 +262,7 @@ def stop_tracking(secdir, request_id=None, nickname=None):
             # Fall back to trying to stop tracking using nickname
             pass
 
-    args = ['/usr/bin/getcert',
+    args = [paths.GETCERT,
             'stop-tracking',
     ]
     if request_id:
@@ -390,7 +391,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
     if not cert_exists(nickname, os.path.abspath(secdir)):
         raise RuntimeError('Nickname "%s" doesn\'t exist in NSS database "%s"' % (nickname, secdir))
 
-    args = ["/usr/bin/getcert", "start-tracking",
+    args = [paths.GETCERT, "start-tracking",
             "-d", os.path.abspath(secdir),
             "-n", nickname,
             "-c", ca,
@@ -402,7 +403,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
                 libpath = 'lib64'
             else:
                 libpath = 'lib'
-            pre_command = '/usr/%s/ipa/certmonger/%s' % (libpath, pre_command)
+            pre_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, pre_command)
         args.append("-B")
         args.append(pre_command)
 
@@ -412,7 +413,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
                 libpath = 'lib64'
             else:
                 libpath = 'lib'
-            post_command = '/usr/%s/ipa/certmonger/%s' % (libpath, post_command)
+            post_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, post_command)
         args.append("-C")
         args.append(post_command)
 
@@ -446,7 +447,7 @@ def check_state(dirs):
     return reqids
 
 if __name__ == '__main__':
-    request_id = request_cert("/etc/httpd/alias", "Test", "cn=tiger.example.com,O=IPA", "HTTP/tiger.example.com@EXAMPLE.COM")
+    request_id = request_cert(paths.HTTPD_ALIAS_DIR, "Test", "cn=tiger.example.com,O=IPA", "HTTP/tiger.example.com@EXAMPLE.COM")
     csr = get_request_value(request_id, 'csr')
     print csr
     stop_tracking(request_id)
diff --git a/ipapython/config.py b/ipapython/config.py
index b9b0b4e3d..60f556dc9 100644
--- a/ipapython/config.py
+++ b/ipapython/config.py
@@ -23,6 +23,7 @@ from copy import copy
 from dns import resolver, rdatatype
 from dns.exception import DNSException
 from ipapython.dn import DN
+from ipaplatform.paths import paths
 import dns.name
 
 import socket
@@ -152,7 +153,7 @@ config = IPAConfig()
 
 def __parse_config(discover_server = True):
     p = ConfigParser.SafeConfigParser()
-    p.read("/etc/ipa/default.conf")
+    p.read(paths.IPA_DEFAULT_CONF)
 
     try:
         if not config.default_realm:
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index f829b9340..178d2942b 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -30,6 +30,7 @@ from ipalib import api, errors
 from ipalib.errors import NetworkError, CertificateOperationError
 from ipalib.text import _
 from ipapython import nsslib, ipautil
+from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import *
 
 # IPA can use either Dogtag version 9 or 10.
@@ -50,17 +51,17 @@ class Dogtag10Constants(object):
     DS_PORT = 389
     DS_SECURE_PORT = 636
 
-    SPAWN_BINARY = '/usr/sbin/pkispawn'
-    DESTROY_BINARY = '/usr/sbin/pkidestroy'
+    SPAWN_BINARY = paths.PKISPAWN
+    DESTROY_BINARY = paths.PKIDESTROY
 
-    SERVER_ROOT = '/var/lib/pki'
+    SERVER_ROOT = paths.VAR_LIB_PKI_DIR
     PKI_INSTANCE_NAME = 'pki-tomcat'
     PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
-    CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish'
+    CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
     CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT
     PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT
     SERVICE_PROFILE_DIR = '%s/ca/profiles/ca' % PKI_ROOT
-    ALIAS_DIR = '/etc/pki/pki-tomcat/alias'
+    ALIAS_DIR = paths.PKI_TOMCAT_ALIAS_DIR.rstrip('/')
 
     SERVICE_NAME = 'pki_tomcatd'
 
@@ -82,13 +83,13 @@ class Dogtag9Constants(object):
     DS_PORT = 7389
     DS_SECURE_PORT = 7636
 
-    SPAWN_BINARY = '/bin/pkicreate'
-    DESTROY_BINARY = '/bin/pkisilent'
+    SPAWN_BINARY = paths.PKICREATE
+    DESTROY_BINARY = paths.PKISILENT
 
-    SERVER_ROOT = '/var/lib'
+    SERVER_ROOT = paths.VAR_LIB
     PKI_INSTANCE_NAME = 'pki-ca'
     PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
-    CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish'
+    CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
     CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT
     PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT
     SERVICE_PROFILE_DIR = '%s/profiles/ca' % PKI_ROOT
@@ -108,7 +109,7 @@ class Dogtag9Constants(object):
     DS_USER = "pkisrv"
     DS_NAME = "PKI-IPA"
 
-if os.path.exists('/usr/sbin/pkispawn'):
+if os.path.exists(paths.PKISPAWN):
     install_constants = Dogtag10Constants
 else:
     install_constants = Dogtag9Constants
@@ -124,7 +125,7 @@ def _get_configured_version(api):
         return int(api.env.dogtag_version)
     else:
         p = ConfigParser.SafeConfigParser()
-        p.read("/etc/ipa/default.conf")
+        p.read(paths.IPA_DEFAULT_CONF)
         try:
             version = p.get('global', 'dogtag_version')
         except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index d95983b20..45b334d0a 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -17,13 +17,6 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-SHARE_DIR = "/usr/share/ipa/"
-PLUGINS_SHARE_DIR = "/usr/share/ipa/plugins"
-
-GEN_PWD_LEN = 12
-
-IPA_BASEDN_INFO = 'ipa v2.0'
-
 import string
 import tempfile
 import subprocess
@@ -49,8 +42,16 @@ from dns.exception import DNSException
 from ipapython.ipa_log_manager import *
 from ipapython import ipavalidate
 from ipapython import config
+from ipaplatform.paths import paths
 from ipapython.dn import DN
 
+SHARE_DIR = paths.USR_SHARE_IPA_DIR
+PLUGINS_SHARE_DIR = paths.IPA_PLUGINS
+
+GEN_PWD_LEN = 12
+
+IPA_BASEDN_INFO = 'ipa v2.0'
+
 try:
     from subprocess import CalledProcessError
 except ImportError:
@@ -143,7 +144,7 @@ class CheckedIPAddress(netaddr.IPAddress):
             elif addr.version == 6:
                 family = 'inet6'
 
-            ipresult = run(['/sbin/ip', '-family', family, '-oneline', 'address', 'show'])
+            ipresult = run([paths.IP, '-family', family, '-oneline', 'address', 'show'])
             lines = ipresult[0].split('\n')
             for line in lines:
                 fields = line.split()
@@ -261,7 +262,7 @@ def run(args, stdin=None, raiseonerr=True,
 
         Example:
         We have a command
-            ['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser']
+            [paths.SETPASSWD, '--password', 'Secret123', 'someuser']
         and we don't want to log the password so nolog would be set to:
         ('Secret123',)
         The resulting log output would be:
@@ -296,7 +297,7 @@ def run(args, stdin=None, raiseonerr=True,
     if stdin:
         p_in = subprocess.PIPE
     if skip_output:
-        p_out = p_err = open('/dev/null', 'w')
+        p_out = p_err = open(paths.DEV_NULL, 'w')
     elif capture_output:
         p_out = subprocess.PIPE
         p_err = subprocess.PIPE
@@ -411,7 +412,7 @@ def encrypt_file(source, dest, password, workdir = None):
             #give gpg a fake dir so that we can leater remove all
             #the cruft when we clean up the tempdir
             os.mkdir(gpgdir)
-            args = ['/usr/bin/gpg-agent', '--batch', '--homedir', gpgdir, '--daemon', '/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-c', source]
+            args = [paths.GPG_AGENT, '--batch', '--homedir', gpgdir, '--daemon', paths.GPG, '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-c', source]
             run(args, password, skip_output=True)
         except:
             raise
@@ -441,7 +442,7 @@ def decrypt_file(source, dest, password, workdir = None):
             #give gpg a fake dir so that we can leater remove all
             #the cruft when we clean up the tempdir
             os.mkdir(gpgdir)
-            args = ['/usr/bin/gpg-agent', '--batch', '--homedir', gpgdir, '--daemon', '/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-d', source]
+            args = [paths.GPG_AGENT, '--batch', '--homedir', gpgdir, '--daemon', paths.GPG, '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-d', source]
             run(args, password, skip_output=True)
         except:
             raise
@@ -1234,6 +1235,6 @@ def restore_hostname(statestore):
     system_hostname = socket.gethostname()
     if old_hostname is not None and old_hostname != system_hostname:
         try:
-            run(['/bin/hostname', old_hostname])
+            run([paths.BIN_HOSTNAME, old_hostname])
         except CalledProcessError, e:
             print >>sys.stderr, "Failed to set this machine hostname back to %s: %s" % (old_hostname, str(e))
diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py
index d06b05fb2..22c81c0d6 100644
--- a/ipapython/nsslib.py
+++ b/ipapython/nsslib.py
@@ -29,6 +29,7 @@ import nss.io as io
 import nss.nss as nss
 import nss.ssl as ssl
 import nss.error as error
+from ipaplatform.paths import paths
 
 def auth_certificate_callback(sock, check_sig, is_server, certdb):
     cert_is_valid = False
@@ -309,7 +310,7 @@ if __name__ == "__main__":
     root_logger.info("Start")
 
     if False:
-        conn = NSSConnection("www.verisign.com", 443, dbdir="/etc/pki/nssdb")
+        conn = NSSConnection("www.verisign.com", 443, dbdir=paths.NSS_DB_DIR)
         conn.set_debuglevel(1)
         conn.connect()
         conn.request("GET", "/")
@@ -322,7 +323,7 @@ if __name__ == "__main__":
         conn.close()
 
     if True:
-        h = NSSHTTPS("www.verisign.com", 443, dbdir="/etc/pki/nssdb")
+        h = NSSHTTPS("www.verisign.com", 443, dbdir=paths.NSS_DB_DIR)
         h.connect()
         h.putrequest('GET', '/')
         h.endheaders()
diff --git a/ipapython/platform/base/__init__.py b/ipapython/platform/base/__init__.py
index 3a6670a87..9b5960584 100644
--- a/ipapython/platform/base/__init__.py
+++ b/ipapython/platform/base/__init__.py
@@ -1,4 +1,5 @@
 # Authors: Alexander Bokovoy <abokovoy@redhat.com>
+from ipaplatform.paths import paths
 #
 # Copyright (C) 2011  Red Hat
 # see file 'COPYING' for use and warranty information
@@ -17,8 +18,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 # Firefox paths
-FIREFOX_EXEC = "/usr/bin/firefox"
-FIREFOX_INSTALL_DIRS = ["/usr/lib64/firefox", "/usr/lib/firefox"]
+FIREFOX_EXEC = paths.FIREFOX
+FIREFOX_INSTALL_DIRS = [paths.LIB64_FIREFOX, paths.LIB_FIREFOX]
 # /firefox/install/dir/FIREFOX_PREFERENCES_REL_PATH
 FIREFOX_PREFERENCES_REL_PATH = "browser/defaults/preferences"
 
diff --git a/ipapython/platform/fedora16/selinux.py b/ipapython/platform/fedora16/selinux.py
index cf71a38e4..4ecafdc5e 100644
--- a/ipapython/platform/fedora16/selinux.py
+++ b/ipapython/platform/fedora16/selinux.py
@@ -1,4 +1,5 @@
 # Author: Alexander Bokovoy <abokovoy@redhat.com>
+from ipaplatform.paths import paths
 #
 # Copyright (C) 2011   Red Hat
 # see file 'COPYING' for use and warranty information
@@ -19,8 +20,8 @@
 
 from ipapython.platform import redhat
 
-def restore_context(filepath, restorecon='/usr/sbin/restorecon'):
+def restore_context(filepath, restorecon=paths.RESTORECON):
     return redhat.restore_context(filepath, restorecon)
 
-def check_selinux_status(restorecon='/usr/sbin/restorecon'):
+def check_selinux_status(restorecon=paths.RESTORECON):
     return redhat.check_selinux_status(restorecon)
diff --git a/ipapython/sysrestore.py b/ipapython/sysrestore.py
index 7d5aabdff..6db33a7ef 100644
--- a/ipapython/sysrestore.py
+++ b/ipapython/sysrestore.py
@@ -33,8 +33,9 @@ import string
 
 from ipapython import ipautil
 from ipaplatform.tasks import tasks
+from ipaplatform.paths import paths
 
-SYSRESTORE_PATH = "/tmp"
+SYSRESTORE_PATH = paths.TMP
 SYSRESTORE_INDEXFILE = "sysrestore.index"
 SYSRESTORE_STATEFILE = "sysrestore.state"
 
-- 
cgit