def kdb5Create(self, db_password, db_location = config['Locations']['principal_db'],
stash_location = config['Locations']['stash']):
"""
Creates a Kerberos database utilizing the kdb5_util command-line utility.
:param db_password: String which contains the master password for the database.
:param db_location: Path to the directory in which to generate the database.
:param stash_location: Path to the stash file.
"""
if not nixcommon.runningAsRoot():
raise nixexceptions.RequiresRoot('Kerberos database creation must occur as root.')
self.logger.info('Creating new Kerberos database: %s' %db_location)
# Check to make sure the database doesn't exist
if os.path.exists(db_location):
self.logger.error('Database creation failed. Path exists: %s' %db_location)
raise DBExistsError(db_location)
cmd = "%s -s %s -r %s -d %s -P %s create" %(krb_paths['kdb5_util'], stash_location,
self.realm_name.upper(), db_location, db_password)
kdb5_info = nixcommon.runExternalProcess(cmd)
if kdb5_info['return_code']:
self.logger.error('kdb5_util returned an error: %s' %kdb5_info['stderr'])
raise DBCreateError('Creation of the Kerberos database failed: %s' %kdb5_info['stderr'])
# Set the stash file permissions, this is ALWAYS root:root and 0600, regardless of distro
os.chown(stash_location, 0, 0)
os.chmod(stash_location, stat.S_IWUSR | stat.S_IRUSR)
return
def kdb5Remove(self, db_location, stash_location = None):
"""
Removes the Kerberos database from disk.
:param db_location: Path to the database files.
:param stash_location: Path to the stash file.
"""
if not nixcommon.runningAsRoot():
raise nixexceptions.RequiresRoot('Kerberos database removal must be done as root.')
import glob
self.logger.info('Removing Kerberos database at %s' %db_location)
if os.path.exists(db_location):
dbFiles = glob.glob('%s*' %db_location)
for file in dbFiles:
os.remove(file)
if stash_location and os.path.exists(stash_location):
os.remove(stash_location)
return
