def _prepare_ds(self, general, slapd, backends):
assert(general['defaults'] is not None)
if self.verbose:
self.log.info("PASSED: using config settings %s" % general['defaults'])
# Validate our arguments.
assert(slapd['user'] is not None)
# check the user exists
assert(pwd.getpwnam(slapd['user']))
slapd['user_uid'] = pwd.getpwnam(slapd['user']).pw_uid
assert(slapd['group'] is not None)
assert(grp.getgrnam(slapd['group']))
slapd['group_gid'] = grp.getgrnam(slapd['group']).gr_gid
# check this group exists
# Check that we are running as this user / group, or that we are root.
assert(os.geteuid() == 0 or getpass.getuser() == slapd['user'])
if self.verbose:
self.log.info("PASSED: user / group checking")
assert(general['full_machine_name'] is not None)
assert(general['strict_host_checking'] is not None)
if general['strict_host_checking'] is True:
# Check it resolves with dns
assert(socket.gethostbyname(general['full_machine_name']))
if self.verbose:
self.log.info("PASSED: Hostname strict checking")
assert(slapd['prefix'] is not None)
if (slapd['prefix'] != ""):
assert(os.path.exists(slapd['prefix']))
if self.verbose:
self.log.info("PASSED: prefix checking")
# We need to know the prefix before we can do the instance checks
assert(slapd['instance_name'] is not None)
# Check if the instance exists or not.
# Should I move this import? I think this prevents some recursion
from lib389 import DirSrv
ds = DirSrv(verbose=self.verbose)
ds.containerised = self.containerised
ds.prefix = slapd['prefix']
insts = ds.list(serverid=slapd['instance_name'])
assert(len(insts) == 0)
if self.verbose:
self.log.info("PASSED: instance checking")
assert(slapd['root_dn'] is not None)
# Assert this is a valid DN
assert(is_a_dn(slapd['root_dn']))
assert(slapd['root_password'] is not None)
# Check if pre-hashed or not.
# !!!!!!!!!!!!!!
# Right now, the way that rootpw works on ns-slapd works, it force hashes the pw
# see https://fedorahosted.org/389/ticket/48859
if not re.match('^\{[A-Z0-9]+\}.*$', slapd['root_password']):
# We need to hash it. Call pwdhash-bin.
# slapd['root_password'] = password_hash(slapd['root_password'], prefix=slapd['prefix'])
pass
else:
pass
# Create a random string
# Hash it.
# This will be our temporary rootdn password so that we can do
# live mods and setup rather than static ldif manipulations.
self._raw_secure_password = password_generate()
self._secure_password = password_hash(self._raw_secure_password, bin_dir=slapd['bin_dir'])
if self.verbose:
self.log.info("PASSED: root user checking")
assert(slapd['port'] is not None)
assert(socket_check_open('::1', slapd['port']) is False)
assert(slapd['secure_port'] is not None)
assert(socket_check_open('::1', slapd['secure_port']) is False)
if self.verbose:
self.log.info("PASSED: network avaliability checking")
def _prepare_ds(self, general, slapd, backends):
self.log.info("Validate installation settings ...")
assert_c(general['defaults'] is not None,
"Configuration defaults in section [general] not found")
self.log.debug("PASSED: using config settings %s" %
general['defaults'])
# Validate our arguments.
assert_c(slapd['user'] is not None,
"Configuration user in section [slapd] not found")
# check the user exists
assert_c(pwd.getpwnam(slapd['user']),
"user %s not found on system" % slapd['user'])
slapd['user_uid'] = pwd.getpwnam(slapd['user']).pw_uid
assert_c(slapd['group'] is not None,
"Configuration group in section [slapd] not found")
assert_c(grp.getgrnam(slapd['group']),
"group %s not found on system" % slapd['group'])
slapd['group_gid'] = grp.getgrnam(slapd['group']).gr_gid
# check this group exists
# Check that we are running as this user / group, or that we are root.
assert_c(
os.geteuid() == 0 or getpass.getuser() == slapd['user'],
"Not running as user root or %s, may not have permission to continue"
% slapd['user'])
self.log.debug("PASSED: user / group checking")
assert_c(
general['full_machine_name'] is not None,
"Configuration full_machine_name in section [general] not found")
assert_c(
general['strict_host_checking'] is not None,
"Configuration strict_host_checking in section [general] not found"
)
if general['strict_host_checking'] is True:
# Check it resolves with dns
assert_c(
socket.gethostbyname(general['full_machine_name']),
"Strict hostname check failed. Check your DNS records for %s" %
general['full_machine_name'])
self.log.debug("PASSED: Hostname strict checking")
assert_c(slapd['prefix'] is not None,
"Configuration prefix in section [slapd] not found")
if (slapd['prefix'] != ""):
assert_c(os.path.exists(slapd['prefix']),
"Prefix location '%s' not found" % slapd['prefix'])
self.log.debug("PASSED: prefix checking")
# We need to know the prefix before we can do the instance checks
assert_c(slapd['instance_name'] is not None,
"Configuration instance_name in section [slapd] not found")
assert_c(
len(slapd['instance_name']) <= 80,
"Server identifier should not be longer than 80 symbols")
assert_c(all(ord(c) < 128 for c in slapd['instance_name']),
"Server identifier can not contain non ascii characters")
assert_c(' ' not in slapd['instance_name'],
"Server identifier can not contain a space")
assert_c(
slapd['instance_name'] != 'admin',
"Server identifier \"admin\" is reserved, please choose a different identifier"
)
# Check that valid characters are used
safe = re.compile(r'^[:\w@_-]+$').search
assert_c(
bool(safe(slapd['instance_name'])),
"Server identifier has invalid characters, please choose a different value"
)
# Check if the instance exists or not.
# Should I move this import? I think this prevents some recursion
from lib389 import DirSrv
ds = DirSrv(verbose=self.verbose)
ds.containerised = self.containerised
ds.prefix = slapd['prefix']
insts = ds.list(serverid=slapd['instance_name'])
assert_c(
len(insts) == 0, "Another instance named '%s' may already exist" %
slapd['instance_name'])
self.log.debug("PASSED: instance checking")
assert_c(slapd['root_dn'] is not None,
"Configuration root_dn in section [slapd] not found")
# Assert this is a valid DN
assert_c(is_a_dn(slapd['root_dn']),
"root_dn in section [slapd] is not a well formed LDAP DN")
assert_c(
slapd['root_password'] is not None
and slapd['root_password'] != '',
"Configuration attribute 'root_password' in section [slapd] not found"
)
if len(slapd['root_password']) < 8:
raise ValueError(
"root_password must be at least 8 characters long")
# Check if pre-hashed or not.
# !!!!!!!!!!!!!!
# Right now, the way that rootpw works on ns-slapd works, it force hashes the pw
# see https://fedorahosted.org/389/ticket/48859
if not re.match('^([A-Z0-9]+).*$', slapd['root_password']):
# We need to hash it. Call pwdhash-bin.
# slapd['root_password'] = password_hash(slapd['root_password'], prefix=slapd['prefix'])
pass
else:
pass
# Create a random string
# Hash it.
# This will be our temporary rootdn password so that we can do
# live mods and setup rather than static ldif manipulations.
self._raw_secure_password = password_generate()
self._secure_password = password_hash(self._raw_secure_password,
bin_dir=slapd['bin_dir'])
self.log.debug("INFO: temp root password set to %s" %
self._raw_secure_password)
self.log.debug("PASSED: root user checking")
assert_c(slapd['port'] is not None,
"Configuration port in section [slapd] not found")
if self.containerised:
if slapd['port'] <= 1024:
self.log.warning(
"WARNING: slapd port %s may not work without NET_BIND_SERVICE in containers"
% slapd['port'])
if slapd['secure_port'] <= 1024:
self.log.warning(
"WARNING: slapd secure_port %s may not work without NET_BIND_SERVICE in containers"
% slapd['secure_port'])
assert_c(
socket_check_open('::1', slapd['port']) is False,
"port %s is already in use, or missing NET_BIND_SERVICE" %
slapd['port'])
# We enable secure port by default.
assert_c(slapd['secure_port'] is not None,
"Configuration secure_port in section [slapd] not found")
assert_c(
socket_check_open('::1', slapd['secure_port']) is False,
"secure_port %s is already in use, or missing NET_BIND_SERVICE" %
slapd['secure_port'])
self.log.debug("PASSED: network avaliability checking")
# Make assertions of the paths?
# Make assertions of the backends?
# First fix some compat shenanigans. I hate legacy ...
for be in backends:
for k in BACKEND_PROPNAME_TO_ATTRNAME:
if k in be:
be[BACKEND_PROPNAME_TO_ATTRNAME[k]] = be[k]
del (be[k])
for be in backends:
assert_c('nsslapd-suffix' in be)
assert_c('cn' in be)
def _prepare_ds(self, general, slapd, backends):
assert_c(general['defaults'] is not None, "Configuration defaults in section [general] not found")
if self.verbose:
self.log.info("PASSED: using config settings %s" % general['defaults'])
# Validate our arguments.
assert_c(slapd['user'] is not None, "Configuration user in section [slapd] not found")
# check the user exists
assert_c(pwd.getpwnam(slapd['user']), "user %s not found on system" % slapd['user'])
slapd['user_uid'] = pwd.getpwnam(slapd['user']).pw_uid
assert_c(slapd['group'] is not None, "Configuration group in section [slapd] not found")
assert_c(grp.getgrnam(slapd['group']), "group %s not found on system" % slapd['group'])
slapd['group_gid'] = grp.getgrnam(slapd['group']).gr_gid
# check this group exists
# Check that we are running as this user / group, or that we are root.
assert_c(os.geteuid() == 0 or getpass.getuser() == slapd['user'], "Not running as user root or %s, may not have permission to continue" % slapd['user'])
if self.verbose:
self.log.info("PASSED: user / group checking")
assert_c(general['full_machine_name'] is not None, "Configuration full_machine_name in section [general] not found")
assert_c(general['strict_host_checking'] is not None, "Configuration strict_host_checking in section [general] not found")
if general['strict_host_checking'] is True:
# Check it resolves with dns
assert_c(socket.gethostbyname(general['full_machine_name']), "Strict hostname check failed. Check your DNS records for %s" % general['full_machine_name'])
if self.verbose:
self.log.info("PASSED: Hostname strict checking")
assert_c(slapd['prefix'] is not None, "Configuration prefix in section [slapd] not found")
if (slapd['prefix'] != ""):
assert_c(os.path.exists(slapd['prefix']), "Prefix location '%s' not found" % slapd['prefix'])
if self.verbose:
self.log.info("PASSED: prefix checking")
# We need to know the prefix before we can do the instance checks
assert_c(slapd['instance_name'] is not None, "Configuration instance_name in section [slapd] not found")
# Check if the instance exists or not.
# Should I move this import? I think this prevents some recursion
from lib389 import DirSrv
ds = DirSrv(verbose=self.verbose)
ds.containerised = self.containerised
ds.prefix = slapd['prefix']
insts = ds.list(serverid=slapd['instance_name'])
assert_c(len(insts) == 0, "Another instance named '%s' may already exist" % slapd['instance_name'])
if self.verbose:
self.log.info("PASSED: instance checking")
assert_c(slapd['root_dn'] is not None, "Configuration root_dn in section [slapd] not found")
# Assert this is a valid DN
assert_c(is_a_dn(slapd['root_dn']), "root_dn in section [slapd] is not a well formed LDAP DN")
assert_c(slapd['root_password'] is not None, "Configuration root_password in section [slapd] not found")
# Check if pre-hashed or not.
# !!!!!!!!!!!!!!
# Right now, the way that rootpw works on ns-slapd works, it force hashes the pw
# see https://fedorahosted.org/389/ticket/48859
if not re.match('^\{[A-Z0-9]+\}.*$', slapd['root_password']):
# We need to hash it. Call pwdhash-bin.
# slapd['root_password'] = password_hash(slapd['root_password'], prefix=slapd['prefix'])
pass
else:
pass
# Create a random string
# Hash it.
# This will be our temporary rootdn password so that we can do
# live mods and setup rather than static ldif manipulations.
self._raw_secure_password = password_generate()
self._secure_password = password_hash(self._raw_secure_password, bin_dir=slapd['bin_dir'])
if self.verbose:
self.log.info("INFO: temp root password set to %s" % self._raw_secure_password)
self.log.info("PASSED: root user checking")
assert_c(slapd['port'] is not None, "Configuration port in section [slapd] not found")
assert_c(socket_check_open('::1', slapd['port']) is False, "port %s is already in use" % slapd['port'])
# We enable secure port by default.
assert_c(slapd['secure_port'] is not None, "Configuration secure_port in section [slapd] not found")
assert_c(socket_check_open('::1', slapd['secure_port']) is False, "secure_port %s is already in use" % slapd['secure_port'])
if self.verbose:
self.log.info("PASSED: network avaliability checking")