def removeLdapDatabase(self):
"""Удаляем предыдущую базу данных"""
pathDatabase = "/var/lib/openldap-data"
# if os.path.exists(pathDatabase) and os.listdir(pathDatabase):
# if os.system("rm /var/lib/openldap-data/* &>/dev/null") !=0:
# self.printERROR("Can't remove /var/lib/openldap-data/*")
# return False
# return True
if os.path.exists(pathDatabase):
fileOrDirNames = os.listdir(pathDatabase)
if fileOrDirNames:
for fileOrDirName in fileOrDirNames:
fullFileOrDirName = os.path.join(pathDatabase, fileOrDirName)
if os.path.isdir(fullFileOrDirName):
try:
removeDir(pathDatabase)
except:
self.printERROR(_("Can't remove directory %s") % fullFileOrDirName)
return False
else:
try:
os.remove(fullFileOrDirName)
except:
self.printERROR(_("Can't remove file %s") % fullFileOrDirName)
return False
self.printOK(_("Erased LDAP Database") + " ...")
return True
def restorePathDelUser(self,userName,destDir,relDir,message,unixObj=False):
"""Восстанавливает директорию удаленного пользователя"""
removedDir = False
flagError = False
resRestore = self.__restoreDelUser(userName, relDir,
destDir, message, unixObj)
# Если ошибка то выходим
if not resRestore:
flagError = True
# Флаг создания директории профиля пользователя
createDir = destDir
term = ""
if resRestore == True:
term = message
if not flagError and type(resRestore) == types.TupleType:
# Если cansel
if resRestore[0] == "Cancel":
# Удаляем пользователя
flagError = True
term = None
# Если No
elif resRestore[0] == "No":
try:
removeDir(resRestore[1])
except:
flagError = True
if not flagError:
removedDir = resRestore[1]
term = False
elif resRestore[0] == "Yes":
createDir = False
removedDir = resRestore[1]
term = True
if flagError or term == "":
return False
else:
return (term, createDir, removedDir)
def createCertificateAutority(self,sslCountry=sslCountry,
sslState=sslState,
sslLocality=sslLocality,
sslOrganization=sslOrganization,
sslUnit=sslUnit,
sslCommonName=sslCommonName,
sslEmail=sslEmail,
nsCertType=nsCertType,
sslDays=sslDays,
sslBits=sslBits,
userName=userName,
CAPath=CAPath,
CACertFileName=CACertFileName,
CAKeyFileName=CAKeyFileName,
CACrlFileName=CACrlFileName,
fileMode=fileMode,
force=False):
'''Create CA'''
rCACertFile = os.path.join(self.rCACertPath, CACertFileName)
rCAKeyFile = os.path.join(self.rCAKeyPath, CAKeyFileName)
rCACrlFile = os.path.join(self.rCACrlPath, CACrlFileName)
rRandFile = os.path.join(self.rCAKeyPath,".rnd")
CACertFile = os.path.join(CAPath, rCACertFile)
CAKeyFile = os.path.join(CAPath, rCAKeyFile)
# Cerificates exists
if not force and os.path.isfile(CACertFile) and\
os.path.isfile(CAKeyFile):
return True
# получаем id и gid пользователя
try:
pwdObj = pwd.getpwnam(userName)
except:
self.printERROR(_("User %s not found")%userName)
return False
uid = pwdObj.pw_uid
gid = pwdObj.pw_gid
# delete certificate dir
if os.path.isdir(CAPath):
removeDir(CAPath)
# create certificate dirs
self._createDir(CAPath)
CACertPath = os.path.join(CAPath, self.rCACertPath)
CAKeyPath = os.path.join(CAPath, self.rCAKeyPath)
CACrlPath = os.path.join(CAPath, self.rCACrlPath)
for createDir in [CACertPath, CAKeyPath, CACrlPath]:
self._createDir(createDir)
# save serial number
SerialFile = os.path.join(CAPath, self.rSerialFileName)
self._createFile(SerialFile, "01\n")
# create database file
DatabaseFile = os.path.join(CAPath, self.rDatabaseFileName)
self._createFile(DatabaseFile, "")
textCnf = self.templCnfCA%{'CAPath':CAPath,
'rCACertPath':self.rCACertPath,
'rCACrlPath':self.rCACrlPath,
'rDatabaseFileName':self.rDatabaseFileName,
'rCACertFile':rCACertFile,
'rSerialFileName':self.rSerialFileName,
'rCACrlFile':rCACrlFile,
'rCAKeyFile':rCAKeyFile,
'rRandFile':rRandFile,
'sslBits':sslBits,
'sslCountry':sslCountry,
'sslState':sslState,
'sslLocality':sslLocality,
'sslOrganization':sslOrganization,
'sslUnit':sslUnit,
'sslCommonName':sslCommonName,
'sslEmail':sslEmail,
'nsCertType':nsCertType}
cnfFile = self.createCnfFile(textCnf)
if cnfFile is False:
return False
# generate CA RSA key
execStr = self.templCreateKey%{'sslFile':self.sslFile,
'certKeyFile':CAKeyFile,
'sslBits':sslBits}
if execProg(execStr) is False:
self.printERROR(_("Can not execute '%s'")%execStr)
return False
if os.path.exists(CAKeyFile):
os.chown(CAKeyFile, uid,gid)
os.chmod(CAKeyFile, fileMode)
# create CA
execStr = self.templCreateCert%{'sslFile':self.sslFile,
'sslDays':sslDays,
'cnfFile':cnfFile,
'certKeyFile':CAKeyFile,
'certFile':CACertFile}
if execProg(execStr) is False:
self.printERROR(_("Can not execute '%s'")%execStr)
return False
if os.path.exists(CACertFile):
os.chown(CACertFile, uid,gid)
os.chmod(CACertFile, fileMode)
if os.path.exists(cnfFile):
os.remove(cnfFile)
# check certificate
return self.checkCertificate(CACertFile)
