diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-19 22:29:10 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-19 22:56:29 -0500 |
commit | 6668f3b43e17869adc18ed7c1ade7ce3c4ba0d73 (patch) | |
tree | be19d2eb08deaa2ba4daa48347879872519af242 | |
parent | f49c98ca0cbfc0def8f055c2d97c031ff0f4a439 (diff) | |
download | pki-ticket-472.tar.gz pki-ticket-472.tar.xz pki-ticket-472.zip |
Added DS info validation.ticket-472
The installer script has been modified to validate DS info in both
interactive and silent installation.
Ticket #472
-rwxr-xr-x | base/deploy/src/pkispawn | 67 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 56 |
2 files changed, 107 insertions, 16 deletions
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn index f03bc15a1..509f08e4e 100755 --- a/base/deploy/src/pkispawn +++ b/base/deploy/src/pkispawn @@ -27,6 +27,7 @@ if not hasattr(sys, "hexversion") or sys.hexversion < 0x020700f0: sys.exit(1) try: import argparse + import ldap import logging import os import socket @@ -176,13 +177,46 @@ def main(argv): print print "Directory Server:" - parser.read_text('Hostname', config.pki_subsystem, 'pki_ds_hostname') - parser.read_text('Port', config.pki_subsystem, 'pki_ds_ldap_port') - parser.read_text('Base DN', config.pki_subsystem, 'pki_ds_base_dn') - parser.read_text('Bind DN', config.pki_subsystem, 'pki_ds_bind_dn') - parser.read_password( - 'Password', config.pki_subsystem, 'pki_ds_password', - verifyMessage='Verify password') + while True: + parser.read_text('Hostname', config.pki_subsystem, 'pki_ds_hostname') + parser.read_text('Port', config.pki_subsystem, 'pki_ds_ldap_port') + + try: + parser.ds_connect() + break + + except ldap.LDAPError as e: + parser.print_text('ERROR: ' + e.message['desc']) + + while True: + parser.read_text('Bind DN', config.pki_subsystem, 'pki_ds_bind_dn') + parser.read_password('Password', config.pki_subsystem, 'pki_ds_password') + + try: + parser.ds_bind() + break + + except ldap.LDAPError as e: + parser.print_text('ERROR: ' + e.message['desc']) + + while True: + parser.read_text('Base DN', config.pki_subsystem, 'pki_ds_base_dn') + if not parser.ds_base_dn_exists(): + break + + remove = parser.read_text('Base DN already exists. Overwrite (Yes/No/Quit)', + options=['Yes', 'Y', 'No', 'N', 'Quit', 'Q'], + sign='?', allowEmpty=False, caseSensitive=False).lower() + + if remove == 'q' or remove == 'quit': + print "Installation canceled." + sys.exit(0) + + if remove == 'y' or remove == 'yes': + break + + parser.ds_close() + print print "Security Domain:" @@ -210,7 +244,7 @@ def main(argv): print "Installation canceled." sys.exit(0) - elif begin == 'y' or begin == 'yes': + if begin == 'y' or begin == 'yes': break else: @@ -282,6 +316,23 @@ def main(argv): config.pki_log.debug(pkilogging.format(config.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) + if not interactive: + try: + if not config.str2bool(config.pki_master_dict['pki_skip_configuration']): + parser.ds_connect() + parser.ds_bind() + + if parser.ds_base_dn_exists() and\ + not config.str2bool(config.pki_master_dict['pki_ds_remove_data']): + print 'ERROR: Base DN already exists.' + sys.exit(1) + + parser.ds_close() + + except ldap.LDAPError as e: + print 'ERROR: ' + e.message['desc'] + sys.exit(1) + print "Installing " + config.pki_subsystem + " into " + config.pki_master_dict['pki_instance_path'] + "." # Process the various "scriptlets" to create the specified PKI subsystem. diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index aec125016..19f7210e8 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -23,6 +23,7 @@ import ConfigParser import argparse import getpass +import ldap import logging import os import random @@ -241,6 +242,9 @@ class PKIConfigParser: config.user_config.set(section, property, value) + def print_text(self, message): + print ' ' * self.indent + message + def read_text(self, message, section=None, property=None, default=None, options=None, sign=':', allowEmpty=True, caseSensitive=True): @@ -286,20 +290,24 @@ class PKIConfigParser: def read_password(self, message, section=None, property=None, verifyMessage=None): message = ' ' * self.indent + message + ': ' - verifyMessage = ' ' * self.indent + verifyMessage + ': ' + if verifyMessage is not None: + verifyMessage = ' ' * self.indent + verifyMessage + ': ' + while True: password = '' while len(password) == 0: password = getpass.getpass(prompt=message) - verification = '' - while len(verification) == 0: - verification = getpass.getpass(prompt=verifyMessage) + if verifyMessage is not None: + verification = '' + while len(verification) == 0: + verification = getpass.getpass(prompt=verifyMessage) - if password == verification: - break - else: - print ' ' * self.indent + 'Passwords do not match.' + if password != verification: + self.print_text('Passwords do not match.') + continue + + break if section: self.set_property(section, property, password) @@ -345,6 +353,38 @@ class PKIConfigParser: config.pki_master_dict.update(subsystem_dict) + def ds_connect(self): + uri = 'ldap://' + config.pki_master_dict['pki_ds_hostname'] +\ + ':' + config.pki_master_dict['pki_ds_ldap_port'] + self.ds_connection = ldap.initialize(uri) + self.ds_connection.search_s('', ldap.SCOPE_BASE) + + def ds_bind(self): + self.ds_connection.simple_bind_s( + config.pki_master_dict['pki_ds_bind_dn'], + config.pki_master_dict['pki_ds_password']) + + def ds_base_dn_exists(self): + try: + results = self.ds_connection.search_s( + config.pki_master_dict['pki_ds_base_dn'], + ldap.SCOPE_BASE) + + if results is None or len(results) == 0: + return False + + return True + + except ldap.NO_SUCH_OBJECT as e: + return False + + except ldap.LDAPError as e: + print 'ERROR: ' + e.message['desc'] + sys.exit(1) + + def ds_close(self): + self.ds_connection.unbind_s() + def compose_pki_master_dictionary(self): "Create a single master PKI dictionary from the sectional dictionaries" try: |