def kdb5Create(self, db_password, db_location = config['Locations']['principal_db'], stash_location = config['Locations']['stash']): """ Creates a Kerberos database utilizing the kdb5_util command-line utility. :param db_password: String which contains the master password for the database. :param db_location: Path to the directory in which to generate the database. :param stash_location: Path to the stash file. """ if not nixcommon.runningAsRoot(): raise nixexceptions.RequiresRoot('Kerberos database creation must occur as root.') self.logger.info('Creating new Kerberos database: %s' %db_location) # Check to make sure the database doesn't exist if os.path.exists(db_location): self.logger.error('Database creation failed. Path exists: %s' %db_location) raise DBExistsError(db_location) cmd = "%s -s %s -r %s -d %s -P %s create" %(krb_paths['kdb5_util'], stash_location, self.realm_name.upper(), db_location, db_password) kdb5_info = nixcommon.runExternalProcess(cmd) if kdb5_info['return_code']: self.logger.error('kdb5_util returned an error: %s' %kdb5_info['stderr']) raise DBCreateError('Creation of the Kerberos database failed: %s' %kdb5_info['stderr']) # Set the stash file permissions, this is ALWAYS root:root and 0600, regardless of distro os.chown(stash_location, 0, 0) os.chmod(stash_location, stat.S_IWUSR | stat.S_IRUSR) return
def kdb5Remove(self, db_location, stash_location = None): """ Removes the Kerberos database from disk. :param db_location: Path to the database files. :param stash_location: Path to the stash file. """ if not nixcommon.runningAsRoot(): raise nixexceptions.RequiresRoot('Kerberos database removal must be done as root.') import glob self.logger.info('Removing Kerberos database at %s' %db_location) if os.path.exists(db_location): dbFiles = glob.glob('%s*' %db_location) for file in dbFiles: os.remove(file) if stash_location and os.path.exists(stash_location): os.remove(stash_location) return