diff options
| author | Christian Heimes <cheimes@redhat.com> | 2016-01-19 14:18:30 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-03-22 10:40:44 +0100 |
| commit | 49be6c8d3cc20902dbe8e92a74e31aed2fd21d9f (patch) | |
| tree | 5a1e7cd570fcd769f2e9dd41daacb49cf769fee4 | |
| parent | 4f25b296054076abf3d6e44f6b2e7552f993fb1c (diff) | |
| download | freeipa-49be6c8d3cc20902dbe8e92a74e31aed2fd21d9f.tar.gz freeipa-49be6c8d3cc20902dbe8e92a74e31aed2fd21d9f.tar.xz freeipa-49be6c8d3cc20902dbe8e92a74e31aed2fd21d9f.zip | |
Move user/group constants for PKI and DS into ipaplatform
https://fedorahosted.org/freeipa/ticket/5619
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
| -rwxr-xr-x | install/share/copy-schema-to-ca.py | 8 | ||||
| -rw-r--r-- | ipaplatform/base/constants.py | 4 | ||||
| -rw-r--r-- | ipaplatform/redhat/tasks.py | 5 | ||||
| -rw-r--r-- | ipaserver/install/cainstance.py | 16 | ||||
| -rw-r--r-- | ipaserver/install/dogtaginstance.py | 5 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 7 | ||||
| -rw-r--r-- | ipaserver/install/ipa_backup.py | 4 | ||||
| -rw-r--r-- | ipaserver/install/ipa_restore.py | 16 | ||||
| -rw-r--r-- | ipaserver/install/krainstance.py | 9 | ||||
| -rw-r--r-- | ipaserver/install/krbinstance.py | 4 | ||||
| -rw-r--r-- | ipaserver/install/server/upgrade.py | 3 | ||||
| -rw-r--r-- | ipatests/test_integration/test_backup_and_restore.py | 5 |
12 files changed, 49 insertions, 37 deletions
diff --git a/install/share/copy-schema-to-ca.py b/install/share/copy-schema-to-ca.py index 10fd3d740..c2f070aa2 100755 --- a/install/share/copy-schema-to-ca.py +++ b/install/share/copy-schema-to-ca.py @@ -19,9 +19,9 @@ from hashlib import sha1 from ipapython import ipautil from ipapython.ipa_log_manager import root_logger, standard_logging_setup -from ipaserver.install.dsinstance import DS_USER, schema_dirname -from ipaserver.install.cainstance import PKI_USER +from ipaserver.install.dsinstance import schema_dirname from ipalib import api +from ipaplatform.constants import constants try: from ipaplatform import services @@ -52,8 +52,8 @@ def _sha1_file(filename): def add_ca_schema(): """Copy IPA schema files into the CA DS instance """ - pki_pent = pwd.getpwnam(PKI_USER) - ds_pent = pwd.getpwnam(DS_USER) + pki_pent = pwd.getpwnam(constants.PKI_USER) + ds_pent = pwd.getpwnam(constants.DS_USER) for schema_fname in SCHEMA_FILENAMES: source_fname = os.path.join(ipautil.SHARE_DIR, schema_fname) target_fname = os.path.join(schema_dirname(SERVERID), schema_fname) diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py index 50f8a3ed1..52af12429 100644 --- a/ipaplatform/base/constants.py +++ b/ipaplatform/base/constants.py @@ -8,9 +8,13 @@ This base platform module exports platform dependant constants. class BaseConstantsNamespace(object): + DS_USER = 'dirsrv' + DS_GROUP = 'dirsrv' HTTPD_USER = "apache" IPA_DNS_PACKAGE_NAME = "freeipa-server-dns" NAMED_USER = "named" + PKI_USER = 'pkiuser' + PKI_GROUP = 'pkiuser' # ntpd init variable used for daemon options NTPD_OPTS_VAR = "OPTIONS" # quote used for daemon options diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 638048679..7c29b51e1 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -45,6 +45,7 @@ import ipapython.errors from ipalib import x509 # FIXME: do not import from ipalib +from ipaplatform.constants import constants from ipaplatform.paths import paths from ipaplatform.redhat.authconfig import RedHatAuthConfig from ipaplatform.base.tasks import BaseTaskNamespace @@ -438,14 +439,14 @@ class RedHatTaskNamespace(BaseTaskNamespace): This values should be constant and may be hardcoded. Add other values for other users when needed. """ - if name == 'pkiuser': + if name == constants.PKI_USER: if uid is None: uid = 17 if gid is None: gid = 17 if comment is None: comment = 'CA System User' - if name == 'dirsrv': + if name == constants.DS_USER: if comment is None: comment = 'DS System User' diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index d94520166..a21f7d267 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -66,8 +66,8 @@ from ipaserver.install import installutils from ipaserver.install import ldapupdate from ipaserver.install import replication from ipaserver.install import service -from ipaserver.install.dogtaginstance import ( - PKI_USER, export_kra_agent_pem, DogtagInstance) +from ipaserver.install.dogtaginstance import (export_kra_agent_pem, + DogtagInstance) from ipaserver.plugins import ldap2 # Python 3 rename. The package is available in "six.moves.http_client", but @@ -279,8 +279,8 @@ def is_ca_installed_locally(): def create_ca_user(): """Create PKI user/group if it doesn't exist yet.""" tasks.create_system_user( - name=PKI_USER, - group=PKI_USER, + name=constants.PKI_USER, + group=constants.PKI_GROUP, homedir=paths.VAR_LIB, shell=paths.NOLOGIN, ) @@ -442,7 +442,7 @@ class CAInstance(DogtagInstance): # Create an empty and secured file (cfg_fd, cfg_file) = tempfile.mkstemp() os.close(cfg_fd) - pent = pwd.getpwnam(PKI_USER) + pent = pwd.getpwnam(constants.PKI_USER) os.chown(cfg_file, pent.pw_uid, pent.pw_gid) # Create CA configuration @@ -514,7 +514,7 @@ class CAInstance(DogtagInstance): cafile = self.pkcs12_info[0] shutil.copy(cafile, paths.TMP_CA_P12) - pent = pwd.getpwnam(PKI_USER) + pent = pwd.getpwnam(constants.PKI_USER) os.chown(paths.TMP_CA_P12, pent.pw_uid, pent.pw_gid) # Security domain registration @@ -609,7 +609,7 @@ class CAInstance(DogtagInstance): 'ca.enableNonces=false') if update_result != 0: raise RuntimeError("Disabling nonces failed") - pent = pwd.getpwnam(PKI_USER) + pent = pwd.getpwnam(constants.PKI_USER) os.chown(paths.CA_CS_CFG_PATH, pent.pw_uid, pent.pw_gid) def enable_pkix(self): @@ -944,7 +944,7 @@ class CAInstance(DogtagInstance): os.mkdir(publishdir) os.chmod(publishdir, 0o775) - pent = pwd.getpwnam(PKI_USER) + pent = pwd.getpwnam(constants.PKI_USER) os.chown(publishdir, 0, pent.pw_gid) tasks.restore_context(publishdir) diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index b8ce19d72..d906d05e5 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -33,8 +33,8 @@ import pki.system from ipalib import errors from ipaplatform import services -from ipaplatform.paths import paths from ipaplatform.constants import constants +from ipaplatform.paths import paths from ipapython import certmonger from ipapython import ipaldap from ipapython import ipautil @@ -45,9 +45,10 @@ from ipaserver.install import replication from ipaserver.install.installutils import stopped_service from ipapython.ipa_log_manager import log_mgr -PKI_USER = "pkiuser" +PKI_USER = constants.PKI_USER HTTPD_USER = constants.HTTPD_USER + def get_security_domain(): """ Get the security domain from the REST interface on the local Dogtag CA diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 741dda91f..00ef5f3a9 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -44,14 +44,15 @@ from ipalib import api from ipalib import certstore from ipalib import errors from ipalib import constants +from ipaplatform.constants import constants as platformconstants from ipaplatform.tasks import tasks from ipalib.constants import CACERT from ipapython.dn import DN from ipaplatform import services from ipaplatform.paths import paths -DS_USER = 'dirsrv' -DS_GROUP = 'dirsrv' +DS_USER = platformconstants.DS_USER +DS_GROUP = platformconstants.DS_GROUP IPA_SCHEMA_FILES = ("60kerberos.ldif", "60samba.ldif", @@ -708,7 +709,7 @@ class DsInstance(service.Service): self._ldap_mod("repoint-managed-entries.ldif", self.sub_dict) def configure_dirsrv_ccache(self): - pent = pwd.getpwnam("dirsrv") + pent = pwd.getpwnam(platformconstants.DS_USER) ccache = paths.TMP_KRB5CC % pent.pw_uid filepath = paths.SYSCONFIG_DIRSRV if not os.path.exists(filepath): diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 3e765b9ae..69af6e2d5 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -32,12 +32,12 @@ from ipapython import version from ipapython.ipautil import run, write_tmp_file from ipapython import admintool from ipapython.dn import DN -from ipaserver.install.dsinstance import DS_USER from ipaserver.install.replication import wait_for_task from ipaserver.install import installutils from ipapython import ipaldap from ipalib.session import ISO8601_DATETIME_FMT from ipalib.constants import CACERT +from ipaplatform.constants import constants from ipaplatform.tasks import tasks """ @@ -260,7 +260,7 @@ class Backup(admintool.AdminTool): self.log.info("Preparing backup on %s", api.env.host) - pent = pwd.getpwnam(DS_USER) + pent = pwd.getpwnam(constants.DS_USER) self.top_dir = tempfile.mkdtemp("ipa") os.chown(self.top_dir, pent.pw_uid, pent.pw_gid) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index b6ac51102..214409e11 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -32,14 +32,15 @@ from ipapython import version, ipautil, certdb from ipapython.ipautil import run, user_input from ipapython import admintool from ipapython.dn import DN -from ipaserver.install.dsinstance import create_ds_user, DS_USER -from ipaserver.install.cainstance import PKI_USER, create_ca_user +from ipaserver.install.dsinstance import create_ds_user +from ipaserver.install.cainstance import create_ca_user from ipaserver.install.replication import (wait_for_task, ReplicationManager, get_cs_replication_manager) from ipaserver.install import installutils from ipaserver.install import dsinstance, httpinstance, cainstance from ipapython import ipaldap import ipapython.errors +from ipaplatform.constants import constants from ipaplatform.tasks import tasks from ipaplatform import services from ipaplatform.paths import paths @@ -293,7 +294,7 @@ class Restore(admintool.AdminTool): raise admintool.ScriptError("Aborted") create_ds_user() - pent = pwd.getpwnam(DS_USER) + pent = pwd.getpwnam(constants.DS_USER) # Temporary directory for decrypting files before restoring self.top_dir = tempfile.mkdtemp("ipa") @@ -530,7 +531,7 @@ class Restore(admintool.AdminTool): srcldiffile = os.path.join(self.dir, ldifname) if not os.path.exists(ldifdir): - pent = pwd.getpwnam(DS_USER) + pent = pwd.getpwnam(constants.DS_USER) os.mkdir(ldifdir) os.chmod(ldifdir, 0o770) os.chown(ldifdir, pent.pw_uid, pent.pw_gid) @@ -755,7 +756,7 @@ class Restore(admintool.AdminTool): ] run(args) - pent = pwd.getpwnam(DS_USER) + pent = pwd.getpwnam(constants.DS_USER) os.chown(self.top_dir, pent.pw_uid, pent.pw_gid) recursive_chown(self.dir, pent.pw_uid, pent.pw_gid) @@ -781,9 +782,10 @@ class Restore(admintool.AdminTool): paths.TOMCAT_SIGNEDAUDIT_DIR] try: - pent = pwd.getpwnam(PKI_USER) + pent = pwd.getpwnam(constants.PKI_USER) except KeyError: - self.log.debug("No %s user exists, skipping CA directory creation" % PKI_USER) + self.log.debug("No %s user exists, skipping CA directory creation", + constants.PKI_USER) return self.log.debug('Creating log directories for dogtag') for dir in dirs: diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index a354d3748..67ad6544c 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -28,6 +28,7 @@ from six.moves.configparser import ConfigParser from ipalib import api from ipalib import x509 from ipaplatform import services +from ipaplatform.constants import constants from ipaplatform.paths import paths from ipapython import certdb from ipapython import ipautil @@ -37,8 +38,8 @@ from ipaserver.install import cainstance from ipaserver.install import installutils from ipaserver.install import ldapupdate from ipaserver.install import service -from ipaserver.install.dogtaginstance import ( - PKI_USER, export_kra_agent_pem, DogtagInstance) +from ipaserver.install.dogtaginstance import (export_kra_agent_pem, + DogtagInstance) from ipaserver.plugins import ldap2 from ipapython.ipa_log_manager import log_mgr @@ -134,7 +135,7 @@ class KRAInstance(DogtagInstance): # Create an empty and secured file (cfg_fd, cfg_file) = tempfile.mkstemp() os.close(cfg_fd) - pent = pwd.getpwnam(PKI_USER) + pent = pwd.getpwnam(constants.PKI_USER) os.chown(cfg_file, pent.pw_uid, pent.pw_gid) # Create KRA configuration @@ -225,7 +226,7 @@ class KRAInstance(DogtagInstance): if self.clone: krafile = self.pkcs12_info[0] shutil.copy(krafile, p12_tmpfile_name) - pent = pwd.getpwnam(PKI_USER) + pent = pwd.getpwnam(constants.PKI_USER) os.chown(p12_tmpfile_name, pent.pw_uid, pent.pw_gid) # Security domain registration diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index f782068d1..03e3ed81d 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -36,11 +36,11 @@ from ipapython.ipa_log_manager import root_logger from ipapython.dn import DN from ipaserver.install import replication -from ipaserver.install import dsinstance from ipaserver.install import ldapupdate from ipaserver.install import certs from distutils import version +from ipaplatform.constants import constants from ipaplatform.tasks import tasks from ipaplatform.paths import paths @@ -327,7 +327,7 @@ class KrbInstance(service.Service): vardict = {"KRB5_KTNAME": paths.DS_KEYTAB} ipautil.config_replace_variables(paths.SYSCONFIG_DIRSRV, replacevars=vardict) - pent = pwd.getpwnam(dsinstance.DS_USER) + pent = pwd.getpwnam(constants.DS_USER) os.chown(paths.DS_KEYTAB, pent.pw_uid, pent.pw_gid) def __create_host_keytab(self): diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index fc9c2eb62..3e60cfd36 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -25,6 +25,7 @@ from ipapython import ipaldap from ipapython.ipa_log_manager import root_logger from ipapython import certmonger from ipapython.dn import DN +from ipaplatform.constants import constants from ipaplatform.paths import paths from ipaserver.install import installutils from ipaserver.install import dsinstance @@ -945,7 +946,7 @@ def copy_crl_file(old_path, new_path=None): os.symlink(realpath, new_path) else: shutil.copy2(old_path, new_path) - pent = pwd.getpwnam(cainstance.PKI_USER) + pent = pwd.getpwnam(constants.PKI_USER) os.chown(new_path, pent.pw_uid, pent.pw_gid) tasks.restore_context(new_path) diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py index b8abb343b..ffd086bae 100644 --- a/ipatests/test_integration/test_backup_and_restore.py +++ b/ipatests/test_integration/test_backup_and_restore.py @@ -23,6 +23,7 @@ import os import re import contextlib +from ipaplatform.constants import constants from ipapython.ipa_log_manager import log_mgr from ipapython.dn import DN from ipatests.test_integration.base import IntegrationTest @@ -164,8 +165,8 @@ class TestBackupAndRestore(IntegrationTest): '--uninstall', '-U']) - self.master.run_command(['userdel', 'dirsrv']) - self.master.run_command(['userdel', 'pkiuser']) + self.master.run_command(['userdel', constants.DS_USER]) + self.master.run_command(['userdel', constants.PKI_USER]) homedir = os.path.join(self.master.config.test_dir, 'testuser_homedir') |