URL: https://github.com/freeipa/freeipa/pull/143
Author: tiran
 Title: #143: Issue6386 nss dir
Action: opened

PR body:
"""
See https://fedorahosted.org/freeipa/ticket/6386

* use api.env.nss_dir in all ipaclient plugins
* set api.env.nss_dir to confdir/nssdb
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/143/head:pr143
git checkout pr143
From bcef90d4a65f74f3ab34dabcbcffd7fcce05dcfb Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Thu, 6 Oct 2016 16:24:43 +0200
Subject: [PATCH 1/2] Use api.env.nss_dir instead of paths.IPA_NSSDB_DIR

ipaclient plugins are now using nss_dir from api.env instead of
hard-coded paths.IPA_NSSDB_DIR.

Closes: https://fedorahosted.org/freeipa/ticket/6386
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 ipaclient/ipa_certupdate.py   | 2 +-
 ipaclient/plugins/otptoken.py | 3 +--
 ipaclient/plugins/vault.py    | 7 ++-----
 3 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/ipaclient/ipa_certupdate.py b/ipaclient/ipa_certupdate.py
index 2c6b94f..550bbb6 100644
--- a/ipaclient/ipa_certupdate.py
+++ b/ipaclient/ipa_certupdate.py
@@ -108,7 +108,7 @@ def run(self):
     def update_client(self, certs):
         self.update_file(paths.IPA_CA_CRT, certs)
 
-        ipa_db = certdb.NSSDatabase(paths.IPA_NSSDB_DIR)
+        ipa_db = certdb.NSSDatabase(api.env.nss_dir)
 
         # Remove old IPA certs from /etc/ipa/nssdb
         for nickname in ('IPA CA', 'External CA cert'):
diff --git a/ipaclient/plugins/otptoken.py b/ipaclient/plugins/otptoken.py
index dd4a718..885a612 100644
--- a/ipaclient/plugins/otptoken.py
+++ b/ipaclient/plugins/otptoken.py
@@ -25,7 +25,6 @@
 from ipalib.messages import add_message, ResultFormattingError
 from ipalib.plugable import Registry
 from ipalib.frontend import Local
-from ipaplatform.paths import paths
 from ipapython.dn import DN
 from ipapython.nsslib import NSSConnection
 from ipapython.version import API_VERSION
@@ -174,7 +173,7 @@ def forward(self, *args, **kwargs):
 
         # Sync the token.
         # pylint: disable=E1101
-        handler = HTTPSHandler(dbdir=paths.IPA_NSSDB_DIR,
+        handler = HTTPSHandler(dbdir=api.env.nss_dir,
                                tls_version_min=api.env.tls_version_min,
                                tls_version_max=api.env.tls_version_max)
         rsp = urllib.request.build_opener(handler).open(sync_uri, query)
diff --git a/ipaclient/plugins/vault.py b/ipaclient/plugins/vault.py
index b8b4f29..c099e9e 100644
--- a/ipaclient/plugins/vault.py
+++ b/ipaclient/plugins/vault.py
@@ -43,7 +43,6 @@
 from ipalib import Bytes, Flag, Str
 from ipalib.plugable import Registry
 from ipalib import _
-from ipaplatform.paths import paths
 
 
 def validated_read(argname, filename, mode='r', encoding=None):
@@ -752,8 +751,7 @@ def forward(self, *args, **options):
                 error=_('Invalid vault type'))
 
         # initialize NSS database
-        current_dbdir = paths.IPA_NSSDB_DIR
-        nss.nss_init(current_dbdir)
+        nss.nss_init(api.env.nss_dir)
 
         # retrieve transport certificate
         config = self.api.Command.vaultconfig_show()['result']
@@ -912,8 +910,7 @@ def forward(self, *args, **options):
         vault_type = vault['ipavaulttype'][0]
 
         # initialize NSS database
-        current_dbdir = paths.IPA_NSSDB_DIR
-        nss.nss_init(current_dbdir)
+        nss.nss_init(api.env.nss_dir)
 
         # retrieve transport certificate
         config = self.api.Command.vaultconfig_show()['result']

From 3739cb80b036fb72378a2115ec00cee32559fb96 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Thu, 6 Oct 2016 16:42:37 +0200
Subject: [PATCH 2/2] Set nss_dir to confdir/nssdb

Closes: https://fedorahosted.org/freeipa/ticket/6386
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 ipalib/config.py    | 4 ++++
 ipalib/constants.py | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ipalib/config.py b/ipalib/config.py
index eb6c3ae..a3064da 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -531,6 +531,10 @@ def _finalize_core(self, **defaults):
             self._merge_from_file(self.conf)
             self._merge_from_file(self.conf_default)
 
+        # Set nss_dir to nssdb directory in confdir
+        if 'nss_dir' not in self:
+            self.nss_dir = self._join('confdir', 'nssdb')
+
         # Determine if in_server:
         if 'in_server' not in self:
             self.in_server = (self.context == 'server')
diff --git a/ipalib/constants.py b/ipalib/constants.py
index c423117..3ef5ddf 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -133,7 +133,7 @@
 
     ('rpc_protocol', 'jsonrpc'),
 
-    ('nss_dir', paths.IPA_NSSDB_DIR),
+    ('nss_dir', paths.IPA_NSSDB_DIR),  # Set to confdir/nssdb in _finalize_core()
 
     # Define an inclusive range of SSL/TLS version support
     ('tls_version_min', 'tls1.0'),
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to