#!/usr/bin/python # # Authors: # Rob Crittenden # # Copyright (C) 2009 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . """ Upgrade configuration files to a newer template. """ import sys try: from ipapython import ipautil import krbV import re import os import shutil import fileinput except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The error was: %s """ % sys.exc_value sys.exit(1) def backup_file(filename, ext): """Make a backup of filename using ext as the extension. Do not overwrite previous backups.""" if not os.path.isabs(filename): raise ValueError("Absolute path required") backupfile = filename + ".bak" (reldir, file) = os.path.split(filename) while os.path.exists(backupfile): backupfile = backupfile + "." + str(ext) shutil.copy2(filename, backupfile) def update_conf(sub_dict, filename, template_filename): template = ipautil.template_file(template_filename, sub_dict) fd = open(filename, "w") fd.write(template) fd.close() def find_hostname(): """Find the hostname currently configured in ipa-rewrite.conf""" filename="/etc/httpd/conf.d/ipa-rewrite.conf" if not ipautil.file_exists(filename): return None pattern = "^[\s#]*.*https:\/\/([A-Za-z0-9\.\-]*)\/.*" p = re.compile(pattern) for line in fileinput.input(filename): if p.search(line): fileinput.close() return p.search(line).group(1) fileinput.close() raise RuntimeError("Unable to determine the fully qualified hostname from %s" % filename) def find_version(filename): """Find the version of a configuration file""" if os.path.exists(filename): pattern = "^[\s#]*VERSION\s+([0-9]+)\s+.*" p = re.compile(pattern) for line in fileinput.input(filename): if p.search(line): fileinput.close() return p.search(line).group(1) fileinput.close() # no VERSION found return 0 else: return -1 def upgrade(sub_dict, filename, template): old = int(find_version(filename)) new = int(find_version(template)) if old < 0: print "%s not found." % filename sys.exit(1) if new < 0: print "%s not found." % template if old < new: backup_file(filename, new) update_conf(sub_dict, filename, template) print "Upgraded %s to version %d" % (filename, new) def check_certs(): """Check ca.crt is in the right place, and try to fix if not""" if not os.path.exists("/usr/share/ipa/html/ca.crt"): ca_file = "/etc/httpd/alias/cacert.asc" if os.path.exists(ca_file): old_umask = os.umask(022) # make sure its readable by httpd try: shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt") finally: os.umask(old_umask) else: print "Missing Certification Authority file." print "You should place a copy of the CA certificate in /usr/share/ipa/html/ca.crt" def main(): """ Get some basics about the system. If getting those basics fail then this is likely because the machine isn't currently an IPA server so exit gracefully. """ try: krbctx = krbV.default_context() except krbV.Krb5Error, e: # Unable to get default kerberos realm sys.exit(0) fqdn = find_hostname() if fqdn is None: # ipa-rewrite.conf doesn't exist, nothing to do sys.exit(0) # Ok, we are an IPA server, do the additional tests check_certs() sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn } upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") try: if __name__ == "__main__": sys.exit(main()) except SystemExit, e: sys.exit(e) except KeyboardInterrupt, e: sys.exit(1)