summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2013-02-19 22:29:10 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2013-02-19 22:56:29 -0500
commit6668f3b43e17869adc18ed7c1ade7ce3c4ba0d73 (patch)
treebe19d2eb08deaa2ba4daa48347879872519af242
parentf49c98ca0cbfc0def8f055c2d97c031ff0f4a439 (diff)
downloadpki-ticket-472.tar.gz
pki-ticket-472.tar.xz
pki-ticket-472.zip
Added DS info validation.ticket-472
The installer script has been modified to validate DS info in both interactive and silent installation. Ticket #472
-rwxr-xr-xbase/deploy/src/pkispawn67
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py56
2 files changed, 107 insertions, 16 deletions
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn
index f03bc15a1..509f08e4e 100755
--- a/base/deploy/src/pkispawn
+++ b/base/deploy/src/pkispawn
@@ -27,6 +27,7 @@ if not hasattr(sys, "hexversion") or sys.hexversion < 0x020700f0:
sys.exit(1)
try:
import argparse
+ import ldap
import logging
import os
import socket
@@ -176,13 +177,46 @@ def main(argv):
print
print "Directory Server:"
- parser.read_text('Hostname', config.pki_subsystem, 'pki_ds_hostname')
- parser.read_text('Port', config.pki_subsystem, 'pki_ds_ldap_port')
- parser.read_text('Base DN', config.pki_subsystem, 'pki_ds_base_dn')
- parser.read_text('Bind DN', config.pki_subsystem, 'pki_ds_bind_dn')
- parser.read_password(
- 'Password', config.pki_subsystem, 'pki_ds_password',
- verifyMessage='Verify password')
+ while True:
+ parser.read_text('Hostname', config.pki_subsystem, 'pki_ds_hostname')
+ parser.read_text('Port', config.pki_subsystem, 'pki_ds_ldap_port')
+
+ try:
+ parser.ds_connect()
+ break
+
+ except ldap.LDAPError as e:
+ parser.print_text('ERROR: ' + e.message['desc'])
+
+ while True:
+ parser.read_text('Bind DN', config.pki_subsystem, 'pki_ds_bind_dn')
+ parser.read_password('Password', config.pki_subsystem, 'pki_ds_password')
+
+ try:
+ parser.ds_bind()
+ break
+
+ except ldap.LDAPError as e:
+ parser.print_text('ERROR: ' + e.message['desc'])
+
+ while True:
+ parser.read_text('Base DN', config.pki_subsystem, 'pki_ds_base_dn')
+ if not parser.ds_base_dn_exists():
+ break
+
+ remove = parser.read_text('Base DN already exists. Overwrite (Yes/No/Quit)',
+ options=['Yes', 'Y', 'No', 'N', 'Quit', 'Q'],
+ sign='?', allowEmpty=False, caseSensitive=False).lower()
+
+ if remove == 'q' or remove == 'quit':
+ print "Installation canceled."
+ sys.exit(0)
+
+ if remove == 'y' or remove == 'yes':
+ break
+
+ parser.ds_close()
+
print
print "Security Domain:"
@@ -210,7 +244,7 @@ def main(argv):
print "Installation canceled."
sys.exit(0)
- elif begin == 'y' or begin == 'yes':
+ if begin == 'y' or begin == 'yes':
break
else:
@@ -282,6 +316,23 @@ def main(argv):
config.pki_log.debug(pkilogging.format(config.pki_master_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
+ if not interactive:
+ try:
+ if not config.str2bool(config.pki_master_dict['pki_skip_configuration']):
+ parser.ds_connect()
+ parser.ds_bind()
+
+ if parser.ds_base_dn_exists() and\
+ not config.str2bool(config.pki_master_dict['pki_ds_remove_data']):
+ print 'ERROR: Base DN already exists.'
+ sys.exit(1)
+
+ parser.ds_close()
+
+ except ldap.LDAPError as e:
+ print 'ERROR: ' + e.message['desc']
+ sys.exit(1)
+
print "Installing " + config.pki_subsystem + " into " + config.pki_master_dict['pki_instance_path'] + "."
# Process the various "scriptlets" to create the specified PKI subsystem.
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index aec125016..19f7210e8 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -23,6 +23,7 @@
import ConfigParser
import argparse
import getpass
+import ldap
import logging
import os
import random
@@ -241,6 +242,9 @@ class PKIConfigParser:
config.user_config.set(section, property, value)
+ def print_text(self, message):
+ print ' ' * self.indent + message
+
def read_text(self, message,
section=None, property=None, default=None,
options=None, sign=':', allowEmpty=True, caseSensitive=True):
@@ -286,20 +290,24 @@ class PKIConfigParser:
def read_password(self, message, section=None, property=None,
verifyMessage=None):
message = ' ' * self.indent + message + ': '
- verifyMessage = ' ' * self.indent + verifyMessage + ': '
+ if verifyMessage is not None:
+ verifyMessage = ' ' * self.indent + verifyMessage + ': '
+
while True:
password = ''
while len(password) == 0:
password = getpass.getpass(prompt=message)
- verification = ''
- while len(verification) == 0:
- verification = getpass.getpass(prompt=verifyMessage)
+ if verifyMessage is not None:
+ verification = ''
+ while len(verification) == 0:
+ verification = getpass.getpass(prompt=verifyMessage)
- if password == verification:
- break
- else:
- print ' ' * self.indent + 'Passwords do not match.'
+ if password != verification:
+ self.print_text('Passwords do not match.')
+ continue
+
+ break
if section:
self.set_property(section, property, password)
@@ -345,6 +353,38 @@ class PKIConfigParser:
config.pki_master_dict.update(subsystem_dict)
+ def ds_connect(self):
+ uri = 'ldap://' + config.pki_master_dict['pki_ds_hostname'] +\
+ ':' + config.pki_master_dict['pki_ds_ldap_port']
+ self.ds_connection = ldap.initialize(uri)
+ self.ds_connection.search_s('', ldap.SCOPE_BASE)
+
+ def ds_bind(self):
+ self.ds_connection.simple_bind_s(
+ config.pki_master_dict['pki_ds_bind_dn'],
+ config.pki_master_dict['pki_ds_password'])
+
+ def ds_base_dn_exists(self):
+ try:
+ results = self.ds_connection.search_s(
+ config.pki_master_dict['pki_ds_base_dn'],
+ ldap.SCOPE_BASE)
+
+ if results is None or len(results) == 0:
+ return False
+
+ return True
+
+ except ldap.NO_SUCH_OBJECT as e:
+ return False
+
+ except ldap.LDAPError as e:
+ print 'ERROR: ' + e.message['desc']
+ sys.exit(1)
+
+ def ds_close(self):
+ self.ds_connection.unbind_s()
+
def compose_pki_master_dictionary(self):
"Create a single master PKI dictionary from the sectional dictionaries"
try: