I've been carrying these patches in my tree for a while, I think it is
time to put them in master as they stand on their own.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From 9f24666266a0d19547f6e1bda3b177d8c52431d6 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Wed, 1 Jul 2015 09:40:09 -0400
Subject: [PATCH] Remove custom utility function from krbinstance

Remove the custom update_key_val_in_file() and instead use the common
function config_replace_variables() available from ipautil.
---
 ipaserver/install/krbinstance.py | 24 +++---------------------
 1 file changed, 3 insertions(+), 21 deletions(-)

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 648fc76018f8342e787e74863e62dd85164af247..a0581565df6312a446cf0ba0c3a5a640f97e234d 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -49,26 +49,6 @@ from distutils import version
 from ipaplatform.tasks import tasks
 from ipaplatform.paths import paths
 
-def update_key_val_in_file(filename, key, val):
-    if os.path.exists(filename):
-        pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val))
-        p = re.compile(pattern)
-        for line in fileinput.input(filename):
-            if p.search(line):
-                fileinput.close()
-                return
-        fileinput.close()
-
-        pattern = "^[\s#]*%s\s*=" % re.escape(key)
-        p = re.compile(pattern)
-        for line in fileinput.input(filename, inplace=1):
-            if not p.search(line):
-                sys.stdout.write(line)
-        fileinput.close()
-    f = open(filename, "a")
-    f.write("%s=%s\n" % (key, val))
-    f.close()
-
 class KpasswdInstance(service.SimpleServiceInstance):
     def __init__(self):
         service.SimpleServiceInstance.__init__(self, "kadmin")
@@ -386,7 +366,9 @@ class KrbInstance(service.Service):
         self.fstore.backup_file(paths.DS_KEYTAB)
         installutils.create_keytab(paths.DS_KEYTAB, ldap_principal)
 
-        update_key_val_in_file(paths.SYSCONFIG_DIRSRV, "KRB5_KTNAME", paths.DS_KEYTAB)
+        vardict = {"KRB5_KTNAME": paths.DS_KEYTAB}
+        ipautil.config_replace_variables(paths.SYSCONFIG_DIRSRV,
+                                         replacevars=vardict)
         pent = pwd.getpwnam(dsinstance.DS_USER)
         os.chown(paths.DS_KEYTAB, pent.pw_uid, pent.pw_gid)
 
-- 
2.4.2

>From 1ae59d9d8a8ebf88135c58ba535516385dcda7b4 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Sun, 5 Jul 2015 07:18:25 -0400
Subject: [PATCH] Move sasl mappings creation to dsinstance

Sasl mappings can be created directly by the DS Instance, there is
no reason to create them in the krbinstance as they do not depend on
the kdc to be configured just to be created.

Signed-off-by: Simo Sorce <s...@redhat.com>
---
 ipaserver/install/dsinstance.py  | 51 ++++++++++++++++++++++++++++++++++++++++
 ipaserver/install/krbinstance.py | 48 -------------------------------------
 2 files changed, 51 insertions(+), 48 deletions(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index d561ca5b6d0d586cb1c27ec1c495413dad102e69..93ad60e36ab76c2e57829c5c4aa13c5c2766074f 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -353,6 +353,7 @@ class DsInstance(service.Service):
         self.__common_setup(True)
 
         self.step("setting up initial replication", self.__setup_replica)
+        self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
         self.step("updating schema", self.__update_schema)
         # See LDIFs for automember configuration during replica install
         self.step("setting Auto Member configuration", self.__add_replica_automember_config)
@@ -377,6 +378,56 @@ class DsInstance(service.Service):
                                r_bindpw=self.dm_password)
         self.run_init_memberof = repl.needs_memberof_fixup()
 
+
+    def __configure_sasl_mappings(self):
+        # we need to remove any existing SASL mappings in the directory as otherwise they
+        # they may conflict.
+
+        if not self.admin_conn:
+            self.ldap_connect()
+
+        try:
+            res = self.admin_conn.get_entries(
+                DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
+                self.admin_conn.SCOPE_ONELEVEL,
+                "(objectclass=nsSaslMapping)")
+            for r in res:
+                try:
+                    self.admin_conn.delete_entry(r)
+                except Exception, e:
+                    root_logger.critical(
+                        "Error during SASL mapping removal: %s", e)
+                    raise
+        except Exception, e:
+            root_logger.critical("Error while enumerating SASL mappings %s", e)
+            raise
+
+        entry = self.admin_conn.make_entry(
+            DN(
+                ('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'),
+                ('cn', 'config')),
+            objectclass=["top", "nsSaslMapping"],
+            cn=["Full Principal"],
+            nsSaslMapRegexString=['\(.*\)@\(.*\)'],
+            nsSaslMapBaseDNTemplate=[self.suffix],
+            nsSaslMapFilterTemplate=['(krbPrincipalName=\\1@\\2)'],
+            nsSaslMapPriority=['10'],
+        )
+        self.admin_conn.add_entry(entry)
+
+        entry = self.admin_conn.make_entry(
+            DN(
+                ('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'),
+                ('cn', 'config')),
+            objectclass=["top", "nsSaslMapping"],
+            cn=["Name Only"],
+            nsSaslMapRegexString=['^[^:@]+$'],
+            nsSaslMapBaseDNTemplate=[self.suffix],
+            nsSaslMapFilterTemplate=['(krbPrincipalName=&@%s)' % self.realm],
+            nsSaslMapPriority=['10'],
+        )
+        self.admin_conn.add_entry(entry)
+
     def __update_schema(self):
         # FIXME: https://fedorahosted.org/389/ticket/47490
         self._ldap_mod("schema-update.ldif")
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index a0581565df6312a446cf0ba0c3a5a640f97e234d..8ec671907e2c2bb4ab4dd3401c3b0ab7cbcabdb7 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -150,7 +150,6 @@ class KrbInstance(service.Service):
 
         self.__common_setup(realm_name, host_name, domain_name, admin_password)
 
-        self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
         self.step("adding kerberos container to the directory", self.__add_krb_container)
         self.step("configuring KDC", self.__configure_instance)
         self.step("initialize kerberos container", self.__init_ipa_kdb)
@@ -180,7 +179,6 @@ class KrbInstance(service.Service):
 
         self.__common_setup(realm_name, host_name, domain_name, admin_password)
 
-        self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
         self.step("configuring KDC", self.__configure_instance)
         self.step("creating a keytab for the directory", self.__create_ds_keytab)
         self.step("creating a keytab for the machine", self.__create_host_keytab)
@@ -245,52 +243,6 @@ class KrbInstance(service.Service):
             root_logger.debug("Persistent keyring CCACHE is not enabled")
             self.sub_dict['OTHER_LIBDEFAULTS'] = ''
 
-    def __configure_sasl_mappings(self):
-        # we need to remove any existing SASL mappings in the directory as otherwise they
-        # they may conflict.
-
-        try:
-            res = self.admin_conn.get_entries(
-                DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
-                self.admin_conn.SCOPE_ONELEVEL,
-                "(objectclass=nsSaslMapping)")
-            for r in res:
-                try:
-                    self.admin_conn.delete_entry(r)
-                except Exception, e:
-                    root_logger.critical(
-                        "Error during SASL mapping removal: %s", e)
-                    raise
-        except Exception, e:
-            root_logger.critical("Error while enumerating SASL mappings %s", e)
-            raise
-
-        entry = self.admin_conn.make_entry(
-            DN(
-                ('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'),
-                ('cn', 'config')),
-            objectclass=["top", "nsSaslMapping"],
-            cn=["Full Principal"],
-            nsSaslMapRegexString=['\(.*\)@\(.*\)'],
-            nsSaslMapBaseDNTemplate=[self.suffix],
-            nsSaslMapFilterTemplate=['(krbPrincipalName=\\1@\\2)'],
-            nsSaslMapPriority=['10'],
-        )
-        self.admin_conn.add_entry(entry)
-
-        entry = self.admin_conn.make_entry(
-            DN(
-                ('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'),
-                ('cn', 'config')),
-            objectclass=["top", "nsSaslMapping"],
-            cn=["Name Only"],
-            nsSaslMapRegexString=['^[^:@]+$'],
-            nsSaslMapBaseDNTemplate=[self.suffix],
-            nsSaslMapFilterTemplate=['(krbPrincipalName=&@%s)' % self.realm],
-            nsSaslMapPriority=['10'],
-        )
-        self.admin_conn.add_entry(entry)
-
     def __add_krb_container(self):
         self._ldap_mod("kerberos.ldif", self.sub_dict)
 
-- 
2.4.2

>From 1da5a9579816198bd04f8efc663572e26ff2bbee Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Fri, 26 Jun 2015 20:47:57 -0400
Subject: [PATCH] Simplify adding options in ipachangeconf

Signed-off-by: Simo Sorce <s...@redhat.com>
---
 ipa-client/ipaclient/ipachangeconf.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ipa-client/ipaclient/ipachangeconf.py b/ipa-client/ipaclient/ipachangeconf.py
index edf34f5ae738eb22b8935c222392dc9b6f08638d..4167ff9f154d263a8d293c85b58baf29b997b0f7 100644
--- a/ipa-client/ipaclient/ipachangeconf.py
+++ b/ipa-client/ipaclient/ipachangeconf.py
@@ -536,3 +536,21 @@ class IPAChangeConf:
             except IOError:
                 pass
         return True
+
+    def setOption(self, name, value):
+        return {'name': name,
+                'type': 'option',
+                'action': 'set',
+                'value': value}
+
+    def rmOption(self, name):
+        return {'name': name,
+                'type': 'option',
+                'action': 'remove',
+                'value': None}
+
+    def setSection(self, name, options):
+        return {'name': name,
+                'type': 'section',
+                'action': 'set',
+                'value': options}
-- 
2.4.2

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to