コード例 #1
0
    def install_key(self, zone, uuid, attrs, workdir):
        """Run dnssec-keyfromlabel on given LDAP object.
        :returns: base file name of output files, e.g. Kaaa.test.+008+19719
        """
        logger.info('attrs: %s', attrs)
        assert attrs.get('idnsseckeyzone', [b'FALSE'])[0] == b'TRUE', \
            b'object %s is not a DNS zone key' % attrs['dn']

        uri = b"%s;pin-source=%s" % (attrs['idnsSecKeyRef'][0],
                                     paths.DNSSEC_SOFTHSM_PIN.encode('utf-8'))
        cmd = [
            paths.DNSSEC_KEYFROMLABEL, '-K', workdir, '-a',
            attrs['idnsSecAlgorithm'][0], '-l', uri
        ]
        cmd.extend(self.dates2params(attrs))
        if attrs.get('idnsSecKeySep', [b'FALSE'])[0].upper() == b'TRUE':
            cmd.extend(['-f', 'KSK'])
        if attrs.get('idnsSecKeyRevoke', [b'FALSE'])[0].upper() == b'TRUE':
            cmd.extend(['-R', datetime.now().strftime(time_bindfmt)])
        if platformconstants.NAMED_OPENSSL_ENGINE is not None:
            cmd.extend(['-E', platformconstants.NAMED_OPENSSL_ENGINE])
        cmd.append(zone.to_text())

        installutils.check_entropy()
        # keys has to be readable by ODS & named
        result = ipautil.run(cmd, capture_output=True)
        basename = result.output.strip()
        private_fn = "%s/%s.private" % (workdir, basename)
        os.chmod(private_fn, FILE_PERM)
        # this is useful mainly for debugging
        with open("%s/%s.uuid" % (workdir, basename), 'w') as uuid_file:
            uuid_file.write(uuid)
        with open("%s/%s.dn" % (workdir, basename), 'w') as dn_file:
            dn_file.write(attrs['dn'])
コード例 #2
0
ファイル: krbinstance.py プロジェクト: infraredgirl/freeipa 
    def __init_ipa_kdb(self):
        # kdb5_util may take a very long time when entropy is low
        installutils.check_entropy()

        #populate the directory with the realm structure
        args = ["kdb5_util", "create", "-s",
                                       "-r", self.realm,
                                       "-x", "ipa-setup-override-restrictions"]
        dialogue = (
            # Enter KDC database master key:
            self.master_password + '\n',
            # Re-enter KDC database master key to verify:
            self.master_password + '\n',
        )
        try:
            ipautil.run(args, nolog=(self.master_password,), stdin=''.join(dialogue))
        except ipautil.CalledProcessError:
            print("Failed to initialize the realm container")
コード例 #3
0
    def __init_ipa_kdb(self):
        # kdb5_util may take a very long time when entropy is low
        installutils.check_entropy()

        #populate the directory with the realm structure
        args = ["kdb5_util", "create", "-s",
                                       "-r", self.realm,
                                       "-x", "ipa-setup-override-restrictions"]
        dialogue = (
            # Enter KDC database master key:
            self.master_password + '\n',
            # Re-enter KDC database master key to verify:
            self.master_password + '\n',
        )
        try:
            ipautil.run(args, nolog=(self.master_password,), stdin=''.join(dialogue))
        except ipautil.CalledProcessError:
            print("Failed to initialize the realm container")
コード例 #4
0
 def __generate_rndc_key(self):
     installutils.check_entropy()
     ipautil.run([paths.GENERATE_RNDC_KEY])
コード例 #5
0
ファイル: bindinstance.py プロジェクト: stlaz/freeipa 
 def __generate_rndc_key(self):
     installutils.check_entropy()
     ipautil.run([paths.GENERATE_RNDC_KEY])
コード例 #6
0
ファイル: bindinstance.py プロジェクト: andygabby/freeipa 
 def __generate_rndc_key(self):
     installutils.check_entropy()
     ipautil.run(['/usr/libexec/generate-rndc-key.sh'])