diff options
author | Simo Sorce <simo@redhat.com> | 2016-08-19 09:23:55 -0400 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-02-15 07:13:37 +0100 |
commit | c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a (patch) | |
tree | 8511e93ca9e8e1df6c504b8f18d2fec733686d26 /ipaserver/install | |
parent | 11ef2cacbf2ebb67f80a0cf4a3e7b39da700188b (diff) | |
download | freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.tar.gz freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.tar.xz freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.zip |
Change session handling
Stop using memcache, use mod_auth_gssapi filesystem based ccaches.
Remove custom session handling, use mod_auth_gssapi and mod_session to
establish and keep a session cookie.
Add loopback to mod_auth_gssapi to do form absed auth and pass back a
valid session cookie.
And now that we do not remove ccaches files to move them to the
memcache, we can avoid the risk of pollutting the filesystem by keeping
a common ccache file for all instances of the same user.
https://fedorahosted.org/freeipa/ticket/5959
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/installutils.py | 2 | ||||
-rw-r--r-- | ipaserver/install/ipa_backup.py | 4 | ||||
-rw-r--r-- | ipaserver/install/memcacheinstance.py | 24 | ||||
-rw-r--r-- | ipaserver/install/server/install.py | 7 | ||||
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 5 | ||||
-rw-r--r-- | ipaserver/install/server/upgrade.py | 18 | ||||
-rw-r--r-- | ipaserver/install/service.py | 1 |
7 files changed, 22 insertions, 39 deletions
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index ab2596c8c..8602f59ca 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -64,7 +64,7 @@ if six.PY3: # Used to determine install status IPA_MODULES = [ 'httpd', 'kadmin', 'dirsrv', 'pki-tomcatd', 'install', 'krb5kdc', 'ntpd', - 'named', 'ipa_memcached'] + 'named'] class BadHostError(Exception): diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 536914638..4ba61e529 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -36,11 +36,13 @@ from ipapython import admintool from ipapython.dn import DN from ipaserver.install.replication import wait_for_task from ipaserver.install import installutils -from ipaserver.session import ISO8601_DATETIME_FMT from ipapython import ipaldap from ipaplatform.constants import constants from ipaplatform.tasks import tasks + +ISO8601_DATETIME_FMT = '%Y-%m-%dT%H:%M:%S' + """ A test gpg can be generated like this: diff --git a/ipaserver/install/memcacheinstance.py b/ipaserver/install/memcacheinstance.py deleted file mode 100644 index 547ac2ba4..000000000 --- a/ipaserver/install/memcacheinstance.py +++ /dev/null @@ -1,24 +0,0 @@ -# Authors: John Dennis <jdennis@redhat.com> -# -# Copyright (C) 2011 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# - -from ipaserver.install import service - -class MemcacheInstance(service.SimpleServiceInstance): - def __init__(self): - service.SimpleServiceInstance.__init__(self, "ipa_memcached") diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 8178d4e29..8628572a7 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -32,7 +32,7 @@ from ipalib.util import ( import ipaclient.install.ntpconf from ipaserver.install import ( bindinstance, ca, cainstance, certs, dns, dsinstance, - httpinstance, installutils, kra, krbinstance, memcacheinstance, + httpinstance, installutils, kra, krbinstance, ntpinstance, otpdinstance, custodiainstance, replication, service, sysupgrade) from ipaserver.install.installutils import ( @@ -804,10 +804,6 @@ def install(installer): # generated ds.add_cert_to_service() - memcache = memcacheinstance.MemcacheInstance() - memcache.create_instance('MEMCACHE', host_name, - ipautil.realm_to_suffix(realm_name)) - otpd = otpdinstance.OtpdInstance() otpd.create_instance('OTPD', host_name, ipautil.realm_to_suffix(realm_name)) @@ -1052,7 +1048,6 @@ def uninstall(installer): if _server_trust_ad_installed: adtrustinstance.ADTRUSTInstance(fstore).uninstall() custodiainstance.CustodiaInstance().uninstall() - memcacheinstance.MemcacheInstance().uninstall() otpdinstance.OtpdInstance().uninstall() tasks.restore_hostname(fstore, sstore) fstore.restore_all_files() diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index fcb979c15..649184cbe 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -37,7 +37,7 @@ from ipalib.util import ( from ipaclient.install.client import configure_krb5_conf, purge_host_keytab from ipaserver.install import ( bindinstance, ca, certs, dns, dsinstance, httpinstance, - installutils, kra, krbinstance, memcacheinstance, + installutils, kra, krbinstance, ntpinstance, otpdinstance, custodiainstance, service) from ipaserver.install.installutils import ( create_replica_config, ReplicaConfig, load_pkcs12, is_ipa_configured) @@ -163,9 +163,6 @@ def install_http(config, auto_redirect, ca_is_configured, ca_file, pkcs12_info = make_pkcs12_info(config.dir, "httpcert.p12", "http_pin.txt") - memcache = memcacheinstance.MemcacheInstance() - memcache.create_instance('MEMCACHE', config.host_name, - ipautil.realm_to_suffix(config.realm_name)) http = httpinstance.HTTPInstance() http.create_instance( diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 0e034efac..2bdf6eede 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -34,7 +34,6 @@ from ipaplatform.paths import paths from ipaserver.install import installutils from ipaserver.install import dsinstance from ipaserver.install import httpinstance -from ipaserver.install import memcacheinstance from ipaserver.install import ntpinstance from ipaserver.install import bindinstance from ipaserver.install import service @@ -74,6 +73,21 @@ def uninstall_ipa_kpasswd(): if enabled is not None and not enabled: ipa_kpasswd.remove() + +def uninstall_ipa_memcached(): + """ + We can't use the full service uninstaller because that will attempt + to stop and disable the service which by now doesn't exist. We just + want to clean up sysrestore.state to remove all references to + ipa_kpasswd. + """ + ipa_memcached = service.SimpleServiceInstance('ipa_memcached') + + enabled = not ipa_memcached.restore_state("enabled") + + if enabled is not None and not enabled: + ipa_memcached.remove() + def backup_file(filename, ext): """Make a backup of filename using ext as the extension. Do not overwrite previous backups.""" @@ -1570,6 +1584,7 @@ def upgrade_configuration(): update_dbmodules(api.env.realm) uninstall_ipa_kpasswd() + uninstall_ipa_memcached() removed_sysconfig_file = paths.SYSCONFIG_HTTPD if fstore.has_file(removed_sysconfig_file): @@ -1620,7 +1635,6 @@ def upgrade_configuration(): uninstall_dogtag_9(ds, http) simple_service_list = ( - (memcacheinstance.MemcacheInstance(), 'MEMCACHE'), (otpdinstance.OtpdInstance(), 'OTPD'), ) diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index fbe3f23e5..b80044f4b 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -46,7 +46,6 @@ SERVICE_LIST = { 'KDC': ('krb5kdc', 10), 'KPASSWD': ('kadmin', 20), 'DNS': ('named', 30), - 'MEMCACHE': ('ipa_memcached', 39), 'HTTP': ('httpd', 40), 'KEYS': ('ipa-custodia', 41), 'NTP': ('ntpd', 45), |