From e30cd6ba42c256d2016db45146d616f329455e86 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 29 Jan 2009 16:26:07 -0500
Subject: Mass tree reorganization for IPAv2. To view previous history of files
 use:

% git log --follow -- <file>

renamed: ipa-server/autogen.sh -> autogen.sh
renamed: ipa-server/ipa-kpasswd/Makefile.am -> daemons/ipa-kpasswd/Makefile.am
renamed: ipa-server/ipa-kpasswd/README -> daemons/ipa-kpasswd/README
renamed: ipa-server/ipa-kpasswd/ipa_kpasswd.c -> daemons/ipa-kpasswd/ipa_kpasswd.c
renamed: ipa-server/ipa-kpasswd/ipa_kpasswd.init -> daemons/ipa-kpasswd/ipa_kpasswd.init
renamed: ipa-server/ipa-slapi-plugins/Makefile.am -> daemons/ipa-slapi-plugins/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/README -> daemons/ipa-slapi-plugins/README
renamed: ipa-server/ipa-slapi-plugins/dna/Makefile.am -> daemons/ipa-slapi-plugins/dna/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/dna/dna-conf.ldif -> daemons/ipa-slapi-plugins/dna/dna-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/dna/dna.c -> daemons/ipa-slapi-plugins/dna/dna.c
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/Makefile.am -> daemons/ipa-slapi-plugins/ipa-memberof/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif -> daemons/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am -> daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/README -> daemons/ipa-slapi-plugins/ipa-pwd-extop/README
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c -> daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif -> daemons/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/Makefile.am -> daemons/ipa-slapi-plugins/ipa-winsync/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/README -> daemons/ipa-slapi-plugins/ipa-winsync/README
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
renamed: ipa-server/xmlrpc-server/ipa-rewrite.conf -> install/conf/ipa-rewrite.conf
renamed: ipa-server/xmlrpc-server/ipa.conf -> install/conf/ipa.conf
renamed: ipa-server/xmlrpc-server/ssbrowser.html -> install/html/ssbrowser.html
renamed: ipa-server/xmlrpc-server/unauthorized.html -> install/html/unauthorized.html
renamed: ipa-server/ipa-install/share/60ipaconfig.ldif -> install/share/60ipaconfig.ldif
renamed: ipa-server/ipa-install/share/60kerberos.ldif -> install/share/60kerberos.ldif
renamed: ipa-server/ipa-install/share/60radius.ldif -> install/share/60radius.ldif
renamed: ipa-server/ipa-install/share/60samba.ldif -> install/share/60samba.ldif
renamed: ipa-server/ipa-install/share/Makefile.am -> install/share/Makefile.am
renamed: ipa-server/ipa-install/share/bind.named.conf.template -> install/share/bind.named.conf.template
renamed: ipa-server/ipa-install/share/bind.zone.db.template -> install/share/bind.zone.db.template
renamed: ipa-server/ipa-install/share/bootstrap-template.ldif -> install/share/bootstrap-template.ldif
renamed: ipa-server/ipa-install/share/certmap.conf.template -> install/share/certmap.conf.template
renamed: ipa-server/ipa-install/share/default-aci.ldif -> install/share/default-aci.ldif
renamed: ipa-server/ipa-install/share/default-keytypes.ldif -> install/share/default-keytypes.ldif
renamed: ipa-server/ipa-install/share/dna-posix.ldif -> install/share/dna-posix.ldif
renamed: ipa-server/ipa-install/share/encrypted_attribute.ldif -> install/share/encrypted_attribute.ldif
renamed: ipa-server/ipa-install/share/fedora-ds.init.patch -> install/share/fedora-ds.init.patch
renamed: ipa-server/ipa-install/share/indices.ldif -> install/share/indices.ldif
renamed: ipa-server/ipa-install/share/kdc.conf.template -> install/share/kdc.conf.template
renamed: ipa-server/ipa-install/share/kerberos.ldif -> install/share/kerberos.ldif
renamed: ipa-server/ipa-install/share/krb.con.template -> install/share/krb.con.template
renamed: ipa-server/ipa-install/share/krb5.conf.template -> install/share/krb5.conf.template
renamed: ipa-server/ipa-install/share/krb5.ini.template -> install/share/krb5.ini.template
renamed: ipa-server/ipa-install/share/krbrealm.con.template -> install/share/krbrealm.con.template
renamed: ipa-server/ipa-install/share/master-entry.ldif -> install/share/master-entry.ldif
renamed: ipa-server/ipa-install/share/memberof-task.ldif -> install/share/memberof-task.ldif
renamed: ipa-server/ipa-install/share/ntp.conf.server.template -> install/share/ntp.conf.server.template
renamed: ipa-server/ipa-install/share/ntpd.sysconfig.template -> install/share/ntpd.sysconfig.template
renamed: ipa-server/ipa-install/share/preferences.html.template -> install/share/preferences.html.template
renamed: ipa-server/ipa-install/share/referint-conf.ldif -> install/share/referint-conf.ldif
renamed: ipa-server/ipa-install/share/schema_compat.uldif -> install/share/schema_compat.uldif
renamed: ipa-server/ipa-install/share/unique-attributes.ldif -> install/share/unique-attributes.ldif
renamed: ipa-server/ipa-install/Makefile.am -> install/tools/Makefile.am
renamed: ipa-server/ipa-install/README -> install/tools/README
renamed: ipa-server/ipa-compat-manage -> install/tools/ipa-compat-manage
renamed: ipa-server/ipa-fix-CVE-2008-3274 -> install/tools/ipa-fix-CVE-2008-3274
renamed: ipa-server/ipa-ldap-updater -> install/tools/ipa-ldap-updater
renamed: ipa-server/ipa-install/ipa-replica-install -> install/tools/ipa-replica-install
renamed: ipa-server/ipa-install/ipa-replica-manage -> install/tools/ipa-replica-manage
renamed: ipa-server/ipa-install/ipa-replica-prepare -> install/tools/ipa-replica-prepare
renamed: ipa-server/ipa-install/ipa-server-certinstall -> install/tools/ipa-server-certinstall
renamed: ipa-server/ipa-install/ipa-server-install -> install/tools/ipa-server-install
renamed: ipa-server/ipa-upgradeconfig -> install/tools/ipa-upgradeconfig
renamed: ipa-server/ipa-install/ipactl -> install/tools/ipactl
renamed: ipa-server/man/Makefile.am -> install/tools/man/Makefile.am
renamed: ipa-server/man/ipa-compat-manage.1 -> install/tools/man/ipa-compat-manage.1
renamed: ipa-server/man/ipa-ldap-updater.1 -> install/tools/man/ipa-ldap-updater.1
renamed: ipa-server/man/ipa-replica-install.1 -> install/tools/man/ipa-replica-install.1
renamed: ipa-server/man/ipa-replica-manage.1 -> install/tools/man/ipa-replica-manage.1
renamed: ipa-server/man/ipa-replica-prepare.1 -> install/tools/man/ipa-replica-prepare.1
renamed: ipa-server/man/ipa-server-certinstall.1 -> install/tools/man/ipa-server-certinstall.1
renamed: ipa-server/man/ipa-server-install.1 -> install/tools/man/ipa-server-install.1
renamed: ipa-server/man/ipa_kpasswd.8 -> install/tools/man/ipa_kpasswd.8
renamed: ipa-server/man/ipa_webgui.8 -> install/tools/man/ipa_webgui.8
renamed: ipa-server/man/ipactl.8 -> install/tools/man/ipactl.8
renamed: ipa-server/ipa-install/updates/Makefile.am -> install/updates/Makefile.am
renamed: ipa-server/ipa-install/updates/RFC2307bis.update -> install/updates/RFC2307bis.update
renamed: ipa-server/ipa-install/updates/RFC4876.update -> install/updates/RFC4876.update
renamed: ipa-server/ipa-install/updates/indices.update -> install/updates/indices.update
renamed: ipa-server/ipa-install/updates/nss_ldap.update -> install/updates/nss_ldap.update
renamed: ipa-server/ipa-install/updates/replication.update -> install/updates/replication.update
renamed: ipa-server/ipa-install/updates/winsync_index.update -> install/updates/winsync_index.update
renamed: ipa-server/ipaserver/Makefile.am -> ipaserver/install/Makefile.am
renamed: ipa-server/ipaserver/__init__.py -> ipaserver/install/__init__.py
renamed: ipa-server/ipaserver/bindinstance.py -> ipaserver/install/bindinstance.py
renamed: ipa-server/ipaserver/certs.py -> ipaserver/install/certs.py
renamed: ipa-server/ipaserver/dsinstance.py -> ipaserver/install/dsinstance.py
renamed: ipa-server/ipaserver/httpinstance.py -> ipaserver/install/httpinstance.py
renamed: ipa-server/ipaserver/installutils.py -> ipaserver/install/installutils.py
renamed: ipa-server/ipaserver/ipaldap.py -> ipaserver/install/ipaldap.py
renamed: ipa-server/ipaserver/krbinstance.py -> ipaserver/install/krbinstance.py
renamed: ipa-server/ipaserver/ldapupdate.py -> ipaserver/install/ldapupdate.py
renamed: ipa-server/ipaserver/ntpinstance.py -> ipaserver/install/ntpinstance.py
renamed: ipa-server/ipaserver/replication.py -> ipaserver/install/replication.py
renamed: ipa-server/ipaserver/service.py -> ipaserver/install/service.py
renamed: ipa-server/selinux/Makefile -> selinux/Makefile
renamed: ipa-server/selinux/ipa-server-selinux.spec.in -> selinux/ipa-server-selinux.spec.in
renamed: ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.fc -> selinux/ipa_kpasswd/ipa_kpasswd.fc
renamed: ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te -> selinux/ipa_kpasswd/ipa_kpasswd.te
renamed: ipa-server/selinux/ipa_webgui/ipa_webgui.fc -> selinux/ipa_webgui/ipa_webgui.fc
renamed: ipa-server/selinux/ipa_webgui/ipa_webgui.te -> selinux/ipa_webgui/ipa_webgui.te
renamed: ipa-server/version.m4.in -> version.m4.in
---
 ipaserver/install/installutils.py | 248 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 248 insertions(+)
 create mode 100644 ipaserver/install/installutils.py

(limited to 'ipaserver/install/installutils.py')

diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
new file mode 100644
index 00000000..563b168e
--- /dev/null
+++ b/ipaserver/install/installutils.py
@@ -0,0 +1,248 @@
+# Authors: Simo Sorce <ssorce@redhat.com>
+#
+# Copyright (C) 2007    Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.    See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import logging
+import socket
+import errno
+import getpass
+import os
+import re
+import fileinput
+import sys
+import time
+import struct
+import fcntl
+
+from ipa import ipautil
+from ipa import dnsclient
+
+def get_fqdn():
+    fqdn = ""
+    try:
+        fqdn = socket.getfqdn()
+    except:
+        try:
+            fqdn = socket.gethostname()
+        except:
+            fqdn = ""
+    return fqdn
+
+def verify_fqdn(host_name,no_host_dns=False):
+
+    if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain":
+        raise RuntimeError("Invalid hostname: " + host_name)
+
+    try:
+        hostaddr = socket.getaddrinfo(host_name, None)
+    except:
+        raise RuntimeError("Unable to resolve host name, check /etc/hosts or DNS name resolution")
+
+    if len(hostaddr) == 0:
+        raise RuntimeError("Unable to resolve host name, check /etc/hosts or DNS name resolution")
+
+    for a in hostaddr:
+        if a[4][0] == '127.0.0.1' or a[4][0] == '::1':
+            raise RuntimeError("The IPA Server hostname cannot resolve to localhost (%s). A routable IP address must be used. Check /etc/hosts to see if %s is an alias for %s" % (a[4][0], host_name, a[4][0]))
+        try:
+            revname = socket.gethostbyaddr(a[4][0])[0]
+        except:
+            raise RuntimeError("Unable to resolve the reverse ip address, check /etc/hosts or DNS name resolution")
+        if revname != host_name:
+            raise RuntimeError("The host name %s does not match the reverse lookup %s" % (host_name, revname))
+
+    if no_host_dns:
+        print "Warning: skipping DNS resolution of host", host_name
+        return
+
+    # Verify this is NOT a CNAME
+    rs = dnsclient.query(host_name+".", dnsclient.DNS_C_IN, dnsclient.DNS_T_CNAME)
+    if len(rs) != 0:
+        for rsn in rs:
+            if rsn.dns_type == dnsclient.DNS_T_CNAME:
+                raise RuntimeError("The IPA Server Hostname cannot be a CNAME, only A names are allowed.")
+
+    # Verify that it is a DNS A record
+    rs = dnsclient.query(host_name+".", dnsclient.DNS_C_IN, dnsclient.DNS_T_A)
+    if len(rs) == 0:
+        print "Warning: Hostname (%s) not found in DNS" % host_name
+        return
+
+    rec = None
+    for rsn in rs:
+        if rsn.dns_type == dnsclient.DNS_T_A:
+            rec = rsn
+            break
+
+    if rec == None:
+        print "Warning: Hostname (%s) not found in DNS" % host_name
+        return
+
+    # Compare the forward and reverse
+    forward = rec.dns_name
+
+    addr = socket.inet_ntoa(struct.pack('<L',rec.rdata.address))
+    ipaddr = socket.inet_ntoa(struct.pack('!L',rec.rdata.address))
+
+    addr = addr + ".in-addr.arpa."
+    rs = dnsclient.query(addr, dnsclient.DNS_C_IN, dnsclient.DNS_T_PTR)
+    if len(rs) == 0:
+        raise RuntimeError("Cannot find Reverse Address for %s (%s)" % (host_name, addr))
+
+    rev = None
+    for rsn in rs:
+        if rsn.dns_type == dnsclient.DNS_T_PTR:
+            rev = rsn
+            break
+
+    if rev == None:
+        raise RuntimeError("Cannot find Reverse Address for %s (%s)" % (host_name, addr))
+
+    reverse = rev.rdata.ptrdname
+
+    if forward != reverse:
+        raise RuntimeError("The DNS forward record %s does not match the reverse address %s" % (forward, reverse))
+
+def port_available(port):
+    """Try to bind to a port on the wildcard host
+       Return 1 if the port is available
+       Return 0 if the port is in use
+    """
+    rv = 1
+
+    try:
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        fcntl.fcntl(s, fcntl.F_SETFD, fcntl.FD_CLOEXEC)
+        s.bind(('', port))
+        s.close()
+    except socket.error, e:
+        if e[0] == errno.EADDRINUSE:
+            rv = 0
+
+    if rv:
+        try:
+            s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
+            fcntl.fcntl(s, fcntl.F_SETFD, fcntl.FD_CLOEXEC)
+            s.bind(('', port))
+            s.close()
+        except socket.error, e:
+            if e[0] == errno.EADDRINUSE:
+                rv = 0
+
+    return rv
+
+def standard_logging_setup(log_filename, debug=False):
+    old_umask = os.umask(077)
+    # Always log everything (i.e., DEBUG) to the log
+    # file.
+    logging.basicConfig(level=logging.DEBUG,
+                        format='%(asctime)s %(levelname)s %(message)s',
+                        filename=log_filename,
+                        filemode='w')
+    os.umask(old_umask)
+
+    console = logging.StreamHandler()
+    # If the debug option is set, also log debug messages to the console
+    if debug:
+        console.setLevel(logging.DEBUG)
+    else:
+        # Otherwise, log critical and error messages
+        console.setLevel(logging.ERROR)
+    formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s')
+    console.setFormatter(formatter)
+    logging.getLogger('').addHandler(console)
+
+def get_password(prompt):
+    if os.isatty(sys.stdin.fileno()):
+        return getpass.getpass(prompt)
+    else:
+        return sys.stdin.readline().rstrip()
+
+def read_password(user, confirm=True, validate=True):
+    correct = False
+    pwd = ""
+    while not correct:
+        pwd = get_password(user + " password: ")
+        if not pwd:
+            continue
+        if validate and len(pwd) < 8:
+            print "Password must be at least 8 characters long"
+            continue
+        if not confirm:
+            correct = True
+            continue
+        pwd_confirm = get_password("Password (confirm): ")
+        if pwd != pwd_confirm:
+            print "Password mismatch!"
+            print ""
+        else:
+            correct = True
+    print ""
+    return pwd
+
+def update_file(filename, orig, subst):
+    if os.path.exists(filename):
+        pattern = "%s" % re.escape(orig)
+        p = re.compile(pattern)
+        for line in fileinput.input(filename, inplace=1):
+            if not p.search(line):
+                sys.stdout.write(line)
+            else:
+                sys.stdout.write(p.sub(subst, line))
+        fileinput.close()
+        return 0
+    else:
+        print "File %s doesn't exist." % filename
+        return 1
+
+def set_directive(filename, directive, value):
+    """Set a name/value pair directive in a configuration file.
+
+       This has only been tested with nss.conf
+    """
+    fd = open(filename)
+    file = []
+    for line in fd:
+        if directive in line:
+            file.append('%s "%s"\n' % (directive, value))
+        else:
+            file.append(line)
+    fd.close()
+
+    fd = open(filename, "w")
+    fd.write("".join(file))
+    fd.close()
+
+def kadmin(command):
+    ipautil.run(["/usr/kerberos/sbin/kadmin.local", "-q", command])
+
+def kadmin_addprinc(principal):
+    kadmin("addprinc -randkey " + principal)
+
+def kadmin_modprinc(principal, options):
+    kadmin("modprinc " + options + " " + principal)
+
+def create_keytab(path, principal):
+    try:
+        if ipautil.file_exists(path):
+            os.remove(path)
+    except os.error:
+        logging.critical("Failed to remove %s." % path)
+
+    kadmin("ktadd -k " + path + " " + principal)
+
-- 
cgit