diff options
| author | Simo Sorce <ssorce@redhat.com> | 2008-12-01 15:06:20 -0500 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2008-12-01 17:19:10 -0500 |
| commit | 3a263e94667c7acf41df24c042946307d976ee4e (patch) | |
| tree | 87dc6779cbc1216820c2ff1ea00390796a0e5ca0 | |
| parent | 5d1d292c1550d8faf965d2db16b9ed308c999cd2 (diff) | |
| download | freeipa-3a263e94667c7acf41df24c042946307d976ee4e.tar.gz freeipa-3a263e94667c7acf41df24c042946307d976ee4e.tar.xz freeipa-3a263e94667c7acf41df24c042946307d976ee4e.zip | |
Make sure the CA cert is copied to the replica, fail if no ca.crt is available. Cope with some versions of ipa that forgot to copy the ca.crt cert in the right place.
| -rw-r--r-- | ipa-server/ipa-install/ipa-replica-prepare | 2 | ||||
| -rw-r--r-- | ipa-server/ipa-upgradeconfig | 15 |
2 files changed, 16 insertions, 1 deletions
diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index 07a21826..eb962b4c 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -155,10 +155,10 @@ def copy_files(realm_name, dir): try: shutil.copy("/var/kerberos/krb5kdc/ldappwd", dir + "/ldappwd") shutil.copy("/var/kerberos/krb5kdc/kpasswd.keytab", dir + "/kpasswd.keytab") + shutil.copy("/usr/share/ipa/html/ca.crt", dir + "/ca.crt") if ipautil.file_exists("/usr/share/ipa/html/preferences.html"): shutil.copy("/usr/share/ipa/html/preferences.html", dir + "/preferences.html") shutil.copy("/usr/share/ipa/html/configure.jar", dir + "/configure.jar") - shutil.copy(config_dir + "/cacert.asc", dir + "/ca.crt") except Exception, e: print "error copying files: " + str(e) sys.exit(1) diff --git a/ipa-server/ipa-upgradeconfig b/ipa-server/ipa-upgradeconfig index 9f2c6cb9..48c4117d 100644 --- a/ipa-server/ipa-upgradeconfig +++ b/ipa-server/ipa-upgradeconfig @@ -84,6 +84,16 @@ def upgrade(sub_dict, filename, template): update_conf(sub_dict, filename, template) print "Upgraded %s to version %d" % (filename, new) +def check_certs(realm_name): + """Check ca.crt is in the right place, and try to fix if not""" + if not os.path.exists("/usr/share/ipa/html/ca.crt"): + ca_file = "/etc/dirsrv/slapd-" + ("-".join(realm_name.split("."))) + "/cacert.asc" + if os.path.exists(ca_file): + shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt") + else: + print "Missing Certification Authority file." + print "You should place a copy of the CA certificate in /usr/share/ipa/html/ca.crt" + def main(): try: krbctx = krbV.default_context() @@ -92,6 +102,11 @@ def main(): sys.exit(1) try: + check_certs(krbctx.default_realm) + except Error, e: + print "Failed to check CA certificate: %s" % e + + try: fqdn = find_hostname() except IOError: # ipa-rewrite.conf doesn't exist, nothing to do |