summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/install/cainstance.py16
-rw-r--r--ipaserver/install/dogtaginstance.py5
-rw-r--r--ipaserver/install/dsinstance.py7
-rw-r--r--ipaserver/install/ipa_backup.py4
-rw-r--r--ipaserver/install/ipa_restore.py16
-rw-r--r--ipaserver/install/krainstance.py9
-rw-r--r--ipaserver/install/krbinstance.py4
-rw-r--r--ipaserver/install/server/upgrade.py3
8 files changed, 35 insertions, 29 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index d94520166..a21f7d267 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -66,8 +66,8 @@ from ipaserver.install import installutils
from ipaserver.install import ldapupdate
from ipaserver.install import replication
from ipaserver.install import service
-from ipaserver.install.dogtaginstance import (
- PKI_USER, export_kra_agent_pem, DogtagInstance)
+from ipaserver.install.dogtaginstance import (export_kra_agent_pem,
+ DogtagInstance)
from ipaserver.plugins import ldap2
# Python 3 rename. The package is available in "six.moves.http_client", but
@@ -279,8 +279,8 @@ def is_ca_installed_locally():
def create_ca_user():
"""Create PKI user/group if it doesn't exist yet."""
tasks.create_system_user(
- name=PKI_USER,
- group=PKI_USER,
+ name=constants.PKI_USER,
+ group=constants.PKI_GROUP,
homedir=paths.VAR_LIB,
shell=paths.NOLOGIN,
)
@@ -442,7 +442,7 @@ class CAInstance(DogtagInstance):
# Create an empty and secured file
(cfg_fd, cfg_file) = tempfile.mkstemp()
os.close(cfg_fd)
- pent = pwd.getpwnam(PKI_USER)
+ pent = pwd.getpwnam(constants.PKI_USER)
os.chown(cfg_file, pent.pw_uid, pent.pw_gid)
# Create CA configuration
@@ -514,7 +514,7 @@ class CAInstance(DogtagInstance):
cafile = self.pkcs12_info[0]
shutil.copy(cafile, paths.TMP_CA_P12)
- pent = pwd.getpwnam(PKI_USER)
+ pent = pwd.getpwnam(constants.PKI_USER)
os.chown(paths.TMP_CA_P12, pent.pw_uid, pent.pw_gid)
# Security domain registration
@@ -609,7 +609,7 @@ class CAInstance(DogtagInstance):
'ca.enableNonces=false')
if update_result != 0:
raise RuntimeError("Disabling nonces failed")
- pent = pwd.getpwnam(PKI_USER)
+ pent = pwd.getpwnam(constants.PKI_USER)
os.chown(paths.CA_CS_CFG_PATH, pent.pw_uid, pent.pw_gid)
def enable_pkix(self):
@@ -944,7 +944,7 @@ class CAInstance(DogtagInstance):
os.mkdir(publishdir)
os.chmod(publishdir, 0o775)
- pent = pwd.getpwnam(PKI_USER)
+ pent = pwd.getpwnam(constants.PKI_USER)
os.chown(publishdir, 0, pent.pw_gid)
tasks.restore_context(publishdir)
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index b8ce19d72..d906d05e5 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -33,8 +33,8 @@ import pki.system
from ipalib import errors
from ipaplatform import services
-from ipaplatform.paths import paths
from ipaplatform.constants import constants
+from ipaplatform.paths import paths
from ipapython import certmonger
from ipapython import ipaldap
from ipapython import ipautil
@@ -45,9 +45,10 @@ from ipaserver.install import replication
from ipaserver.install.installutils import stopped_service
from ipapython.ipa_log_manager import log_mgr
-PKI_USER = "pkiuser"
+PKI_USER = constants.PKI_USER
HTTPD_USER = constants.HTTPD_USER
+
def get_security_domain():
"""
Get the security domain from the REST interface on the local Dogtag CA
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 741dda91f..00ef5f3a9 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -44,14 +44,15 @@ from ipalib import api
from ipalib import certstore
from ipalib import errors
from ipalib import constants
+from ipaplatform.constants import constants as platformconstants
from ipaplatform.tasks import tasks
from ipalib.constants import CACERT
from ipapython.dn import DN
from ipaplatform import services
from ipaplatform.paths import paths
-DS_USER = 'dirsrv'
-DS_GROUP = 'dirsrv'
+DS_USER = platformconstants.DS_USER
+DS_GROUP = platformconstants.DS_GROUP
IPA_SCHEMA_FILES = ("60kerberos.ldif",
"60samba.ldif",
@@ -708,7 +709,7 @@ class DsInstance(service.Service):
self._ldap_mod("repoint-managed-entries.ldif", self.sub_dict)
def configure_dirsrv_ccache(self):
- pent = pwd.getpwnam("dirsrv")
+ pent = pwd.getpwnam(platformconstants.DS_USER)
ccache = paths.TMP_KRB5CC % pent.pw_uid
filepath = paths.SYSCONFIG_DIRSRV
if not os.path.exists(filepath):
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 3e765b9ae..69af6e2d5 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -32,12 +32,12 @@ from ipapython import version
from ipapython.ipautil import run, write_tmp_file
from ipapython import admintool
from ipapython.dn import DN
-from ipaserver.install.dsinstance import DS_USER
from ipaserver.install.replication import wait_for_task
from ipaserver.install import installutils
from ipapython import ipaldap
from ipalib.session import ISO8601_DATETIME_FMT
from ipalib.constants import CACERT
+from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
"""
@@ -260,7 +260,7 @@ class Backup(admintool.AdminTool):
self.log.info("Preparing backup on %s", api.env.host)
- pent = pwd.getpwnam(DS_USER)
+ pent = pwd.getpwnam(constants.DS_USER)
self.top_dir = tempfile.mkdtemp("ipa")
os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index b6ac51102..214409e11 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -32,14 +32,15 @@ from ipapython import version, ipautil, certdb
from ipapython.ipautil import run, user_input
from ipapython import admintool
from ipapython.dn import DN
-from ipaserver.install.dsinstance import create_ds_user, DS_USER
-from ipaserver.install.cainstance import PKI_USER, create_ca_user
+from ipaserver.install.dsinstance import create_ds_user
+from ipaserver.install.cainstance import create_ca_user
from ipaserver.install.replication import (wait_for_task, ReplicationManager,
get_cs_replication_manager)
from ipaserver.install import installutils
from ipaserver.install import dsinstance, httpinstance, cainstance
from ipapython import ipaldap
import ipapython.errors
+from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
@@ -293,7 +294,7 @@ class Restore(admintool.AdminTool):
raise admintool.ScriptError("Aborted")
create_ds_user()
- pent = pwd.getpwnam(DS_USER)
+ pent = pwd.getpwnam(constants.DS_USER)
# Temporary directory for decrypting files before restoring
self.top_dir = tempfile.mkdtemp("ipa")
@@ -530,7 +531,7 @@ class Restore(admintool.AdminTool):
srcldiffile = os.path.join(self.dir, ldifname)
if not os.path.exists(ldifdir):
- pent = pwd.getpwnam(DS_USER)
+ pent = pwd.getpwnam(constants.DS_USER)
os.mkdir(ldifdir)
os.chmod(ldifdir, 0o770)
os.chown(ldifdir, pent.pw_uid, pent.pw_gid)
@@ -755,7 +756,7 @@ class Restore(admintool.AdminTool):
]
run(args)
- pent = pwd.getpwnam(DS_USER)
+ pent = pwd.getpwnam(constants.DS_USER)
os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
recursive_chown(self.dir, pent.pw_uid, pent.pw_gid)
@@ -781,9 +782,10 @@ class Restore(admintool.AdminTool):
paths.TOMCAT_SIGNEDAUDIT_DIR]
try:
- pent = pwd.getpwnam(PKI_USER)
+ pent = pwd.getpwnam(constants.PKI_USER)
except KeyError:
- self.log.debug("No %s user exists, skipping CA directory creation" % PKI_USER)
+ self.log.debug("No %s user exists, skipping CA directory creation",
+ constants.PKI_USER)
return
self.log.debug('Creating log directories for dogtag')
for dir in dirs:
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index a354d3748..67ad6544c 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -28,6 +28,7 @@ from six.moves.configparser import ConfigParser
from ipalib import api
from ipalib import x509
from ipaplatform import services
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipapython import certdb
from ipapython import ipautil
@@ -37,8 +38,8 @@ from ipaserver.install import cainstance
from ipaserver.install import installutils
from ipaserver.install import ldapupdate
from ipaserver.install import service
-from ipaserver.install.dogtaginstance import (
- PKI_USER, export_kra_agent_pem, DogtagInstance)
+from ipaserver.install.dogtaginstance import (export_kra_agent_pem,
+ DogtagInstance)
from ipaserver.plugins import ldap2
from ipapython.ipa_log_manager import log_mgr
@@ -134,7 +135,7 @@ class KRAInstance(DogtagInstance):
# Create an empty and secured file
(cfg_fd, cfg_file) = tempfile.mkstemp()
os.close(cfg_fd)
- pent = pwd.getpwnam(PKI_USER)
+ pent = pwd.getpwnam(constants.PKI_USER)
os.chown(cfg_file, pent.pw_uid, pent.pw_gid)
# Create KRA configuration
@@ -225,7 +226,7 @@ class KRAInstance(DogtagInstance):
if self.clone:
krafile = self.pkcs12_info[0]
shutil.copy(krafile, p12_tmpfile_name)
- pent = pwd.getpwnam(PKI_USER)
+ pent = pwd.getpwnam(constants.PKI_USER)
os.chown(p12_tmpfile_name, pent.pw_uid, pent.pw_gid)
# Security domain registration
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index f782068d1..03e3ed81d 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -36,11 +36,11 @@ from ipapython.ipa_log_manager import root_logger
from ipapython.dn import DN
from ipaserver.install import replication
-from ipaserver.install import dsinstance
from ipaserver.install import ldapupdate
from ipaserver.install import certs
from distutils import version
+from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
@@ -327,7 +327,7 @@ class KrbInstance(service.Service):
vardict = {"KRB5_KTNAME": paths.DS_KEYTAB}
ipautil.config_replace_variables(paths.SYSCONFIG_DIRSRV,
replacevars=vardict)
- pent = pwd.getpwnam(dsinstance.DS_USER)
+ pent = pwd.getpwnam(constants.DS_USER)
os.chown(paths.DS_KEYTAB, pent.pw_uid, pent.pw_gid)
def __create_host_keytab(self):
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index fc9c2eb62..3e60cfd36 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -25,6 +25,7 @@ from ipapython import ipaldap
from ipapython.ipa_log_manager import root_logger
from ipapython import certmonger
from ipapython.dn import DN
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipaserver.install import installutils
from ipaserver.install import dsinstance
@@ -945,7 +946,7 @@ def copy_crl_file(old_path, new_path=None):
os.symlink(realpath, new_path)
else:
shutil.copy2(old_path, new_path)
- pent = pwd.getpwnam(cainstance.PKI_USER)
+ pent = pwd.getpwnam(constants.PKI_USER)
os.chown(new_path, pent.pw_uid, pent.pw_gid)
tasks.restore_context(new_path)
generated by cgit (git 2.34.1) at 2024-11-11 14:31:08 +0000