diff -up authconfig-6.2.10/authinfo.py.cacertdir authconfig-6.2.10/authinfo.py
--- authconfig-6.2.10/authinfo.py.cacertdir 2015-03-31 10:40:43.321241910 +0200
+++ authconfig-6.2.10/authinfo.py 2015-04-01 19:05:27.879900326 +0200
@@ -116,7 +116,7 @@ PATH_LIBSSS_AUTOFS = "/usr" + LIBDIR + "
PATH_WINBIND_NET = "/usr/bin/net"
PATH_IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"
-PATH_LDAP_CACERTS = "/etc/openldap/cacerts"
+PATH_LDAP_CACERTS = "/etc/openldap/certs"
LDAP_CACERT_DOWNLOADED = "authconfig_downloaded.pem"
PATH_CONFIG_BACKUPS = "/var/lib/authconfig"
@@ -155,6 +155,13 @@ def matchKey(line, key):
else:
return False
+def matchKeyI(line, key):
+ if line.lower().startswith(key.lower()):
+ # Skip intervening whitespace.
+ return line[len(key):].lstrip()
+ else:
+ return False
+
def matchKeyEquals(line, key):
if line.startswith(key):
# Skip intervening whitespace.
@@ -926,9 +933,9 @@ def feedFork(command, echo, query, respo
try:
c = os.read(master, 1)
except OSError as err:
- if err == errno.EINTR or err == errno.EAGAIN:
+ if err.errno == errno.EINTR or err.errno == errno.EAGAIN:
pass
- elif err == errno.EIO:
+ elif err.errno == errno.EIO:
os.close(master)
eof = True
else:
@@ -1222,14 +1229,13 @@ class CacheBackup(FileBackup):
return rv
# indexes for the configs
-(CFG_HESIOD, CFG_YP, CFG_LDAP, CFG_NSSLDAP, CFG_PAMLDAP, CFG_NSLCD, CFG_OPENLDAP, CFG_KRB5,
+(CFG_HESIOD, CFG_YP, CFG_NSSLDAP, CFG_PAMLDAP, CFG_NSLCD, CFG_OPENLDAP, CFG_KRB5,
CFG_KRB, CFG_PAM_PKCS11, CFG_SMB, CFG_NSSWITCH, CFG_CACHE,
CFG_PAM, CFG_POSTLOGIN_PAM, CFG_PASSWORD_PAM, CFG_FINGERPRINT_PAM, CFG_SMARTCARD_PAM, CFG_AUTHCONFIG, CFG_NETWORK, CFG_LIBUSER, CFG_PWQUALITY,
- CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 30))
+ CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 29))
all_configs = [
FileBackup("hesiod.conf", SYSCONFDIR+"/hesiod.conf"),
FileBackup("yp.conf", SYSCONFDIR+"/yp.conf"),
- FileBackup("ldap.conf", SYSCONFDIR+"/ldap.conf"),
FileBackup("nss_ldap.conf", SYSCONFDIR+"/nss_ldap.conf"),
FileBackup("pam_ldap.conf", SYSCONFDIR+"/pam_ldap.conf"),
FileBackup("nslcd.conf", SYSCONFDIR+"/nslcd.conf"),
@@ -1627,7 +1633,6 @@ class AuthInfo:
# Read LDAP setup from /etc/ldap.conf.
def readLDAP(self, ref):
- self.ldapCacertDir = PATH_LDAP_CACERTS
# Open the file. Bail if it's not there or there's some problem
# reading it.
try:
@@ -1640,45 +1645,52 @@ class AuthInfo:
f = open(all_configs[CFG_PAMLDAP].origPath, "r")
except IOError:
try:
- f = open(all_configs[CFG_LDAP].origPath, "r")
+ f = open(all_configs[CFG_OPENLDAP].origPath, "r")
except IOError:
+ self.ldapCacertDir = PATH_LDAP_CACERTS
return False
for line in f:
line = line.strip()
# Is it a "base" statement?
- value = matchKey(line, "base")
+ value = matchKeyI(line, "base")
if value and checkDN(value):
# Save the base DN.
self.setParam("ldapBaseDN", value, ref)
continue
# Is it a "host" statement?
- value = matchKey(line, "host")
+ value = matchKeyI(line, "host")
if value:
# Save the host name or IP.
self.setParam("ldapServer", value, ref)
continue
# Is it a "uri" statement?
- value = matchKey(line, "uri")
+ value = matchKeyI(line, "uri")
if value:
# Save the host name or IP.
self.setParam("ldapServer", value, ref)
continue
# Is it a "ssl" statement?
- value = matchKey(line, "ssl")
+ value = matchKeyI(line, "ssl")
if value:
self.setParam("enableLDAPS", matchLine(value, "start_tls"), ref)
continue
# Is it a "nss_schema" statement?
- value = matchKey(line, "nss_schema")
+ value = matchKeyI(line, "nss_schema")
if value:
self.setParam("ldapSchema", value, ref)
continue
+ value = matchKeyI(line, "tls_cacertdir")
+ if value:
+ self.setParam("ldapCacertDir", value, ref)
+ continue
# We'll pull MD5/DES crypt ("pam_password") from the config
# file, or from the pam_unix PAM config lines.
self.ldapServer = self.ldapHostsToURIs(cleanList(self.ldapServer), False)
+ if not self.ldapCacertDir:
+ self.ldapCacertDir = PATH_LDAP_CACERTS
f.close()
return True
@@ -2747,10 +2759,6 @@ class AuthInfo:
return True
def writeLDAP(self):
- if os.path.isfile(all_configs[CFG_LDAP].origPath):
- all_configs[CFG_LDAP].backup(self.backupDir)
- self.writeLDAP2(all_configs[CFG_LDAP].origPath,
- "uri", "host", "base", True, True, True)
if os.path.isfile(all_configs[CFG_NSSLDAP].origPath):
all_configs[CFG_NSSLDAP].backup(self.backupDir)
self.writeLDAP2(all_configs[CFG_NSSLDAP].origPath,
@@ -4443,11 +4451,11 @@ class AuthInfo:
self.uninstallIPA()
def testLDAPCACerts(self):
- if self.enableLDAP or self.enableLDAPAuth:
+ if self.enableLDAP or self.enableLDAPAuth or self.ldapCacertURL:
try:
os.stat(self.ldapCacertDir)
except OSError as err:
- if err == errno.ENOENT:
+ if err.errno == errno.ENOENT:
os.mkdir(self.ldapCacertDir, 0o755)
return isEmptyDir(self.ldapCacertDir)
@@ -4455,7 +4463,7 @@ class AuthInfo:
def rehashLDAPCACerts(self):
if ((self.enableLDAP or self.enableLDAPAuth) and
- (self.enableLDAPS or 'ldaps:' in self.ldapServer)):
+ (self.enableLDAPS or 'ldaps:' in self.ldapServer)) or self.ldapCacertURL:
os.system("/usr/sbin/cacertdir_rehash " + self.ldapCacertDir)
def downloadLDAPCACert(self):