diff options
author | Ade Lee <alee@redhat.com> | 2012-12-03 00:28:53 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-12-03 09:08:57 -0500 |
commit | 35dc1009494453803d22573ef876c8b418a609d3 (patch) | |
tree | 8584ea7bab0f45fe9154265a1a1285044cd045b6 /base/deploy | |
parent | 03a6350687e033461306d6b9000ef8ea34af96f9 (diff) | |
download | pki-35dc1009494453803d22573ef876c8b418a609d3.tar.gz pki-35dc1009494453803d22573ef876c8b418a609d3.tar.xz pki-35dc1009494453803d22573ef876c8b418a609d3.zip |
Change the structure of the client directory.
We need to keep the admin cert and p12 file in case the client directory
is purged.
Diffstat (limited to 'base/deploy')
-rw-r--r-- | base/deploy/src/scriptlets/configuration.py | 2 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/finalization.py | 4 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 23 |
3 files changed, 15 insertions, 14 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index 2d7797b06..16b63122f 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -41,7 +41,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Place "slightly" less restrictive permissions on # the top-level client directory ONLY - util.directory.create(master['pki_client_dir'], + util.directory.create(master['pki_client_subsystem_dir'], uid=0, gid=0, perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) # Since 'certutil' does NOT strip the 'token=' portion of diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py index 62d92a626..55a007bca 100644 --- a/base/deploy/src/scriptlets/finalization.py +++ b/base/deploy/src/scriptlets/finalization.py @@ -67,8 +67,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # be deleted! # if config.str2bool(master['pki_client_database_purge']): - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) + if util.directory.exists(master['pki_client_subsystem_dir']): + util.directory.delete(master['pki_client_subsystem_dir']) # If instance has not been configured, print the # configuration URL to the log if config.str2bool(master['pki_skip_configuration']): diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index edb2fd556..a99425960 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -1366,6 +1366,7 @@ class PKIConfigParser: # # config.pki_master_dict['pki_client_database_password'] # config.pki_master_dict['pki_client_dir'] + # config.pki_master_dict['pki_client_subsystem_dir'] # if not len(config.pki_master_dict['pki_client_database_password']): # use randomly generated client 'pin' @@ -1375,20 +1376,23 @@ class PKIConfigParser: config.pki_master_dict['pki_client_dir'] =\ os.path.join( os.path.expanduser("~"), ".pki", - config.pki_master_dict['pki_instance_id'] + "_" +\ - config.pki_master_dict['pki_subsystem'].lower()) + config.pki_master_dict['pki_instance_id']) + config.pki_master_dict['pki_client_subsystem_dir'] =\ + os.path.join( + config.pki_master_dict['pki_client_dir'], + config.pki_master_dict['pki_subsystem'].lower()) if not len(config.pki_master_dict['pki_client_database_dir']): config.pki_master_dict['pki_client_database_dir'] =\ os.path.join( - config.pki_master_dict['pki_client_dir'], + config.pki_master_dict['pki_client_subsystem_dir'], "alias") config.pki_master_dict['pki_client_password_conf'] =\ os.path.join( - config.pki_master_dict['pki_client_dir'], + config.pki_master_dict['pki_client_subsystem_dir'], "password.conf") config.pki_master_dict['pki_client_pkcs12_password_conf'] =\ os.path.join( - config.pki_master_dict['pki_client_dir'], + config.pki_master_dict['pki_client_subsystem_dir'], "pkcs12_password.conf") config.pki_master_dict['pki_client_cert_database'] =\ os.path.join(config.pki_master_dict['pki_client_database_dir'], @@ -1402,19 +1406,16 @@ class PKIConfigParser: config.pki_master_dict['pki_client_admin_cert'] =\ config.pki_master_dict['pki_subsystem'].lower() + "_" +\ "admin" + "." + "cert" - # NOTE: ALWAYS store the PKCS #12 "client" Admin Cert file - # in with the NSS "server" security databases + config.pki_master_dict['pki_client_admin_cert_p12'] =\ - config.pki_master_dict['pki_database_path'] + "/" +\ + config.pki_master_dict['pki_client_dir'] + "/" +\ config.pki_master_dict['pki_subsystem'].lower() + "_" +\ "admin" + "_" + "cert" + "." + "p12" - # the admin cert is stored with the NSS server databases - # in case we want to use a common admin user cert if not 'pki_admin_cert_file' in config.pki_master_dict or\ not len(config.pki_master_dict['pki_admin_cert_file']): config.pki_master_dict['pki_admin_cert_file'] =\ - config.pki_master_dict['pki_database_path'] +\ + config.pki_master_dict['pki_client_dir'] +\ "/ca_admin.cert" # Jython scriptlet name/value pairs |