def install_key(self, zone, uuid, attrs, workdir): """Run dnssec-keyfromlabel on given LDAP object. :returns: base file name of output files, e.g. Kaaa.test.+008+19719 """ logger.info('attrs: %s', attrs) assert attrs.get('idnsseckeyzone', [b'FALSE'])[0] == b'TRUE', \ b'object %s is not a DNS zone key' % attrs['dn'] uri = b"%s;pin-source=%s" % (attrs['idnsSecKeyRef'][0], paths.DNSSEC_SOFTHSM_PIN.encode('utf-8')) cmd = [ paths.DNSSEC_KEYFROMLABEL, '-K', workdir, '-a', attrs['idnsSecAlgorithm'][0], '-l', uri ] cmd.extend(self.dates2params(attrs)) if attrs.get('idnsSecKeySep', [b'FALSE'])[0].upper() == b'TRUE': cmd.extend(['-f', 'KSK']) if attrs.get('idnsSecKeyRevoke', [b'FALSE'])[0].upper() == b'TRUE': cmd.extend(['-R', datetime.now().strftime(time_bindfmt)]) if platformconstants.NAMED_OPENSSL_ENGINE is not None: cmd.extend(['-E', platformconstants.NAMED_OPENSSL_ENGINE]) cmd.append(zone.to_text()) installutils.check_entropy() # keys has to be readable by ODS & named result = ipautil.run(cmd, capture_output=True) basename = result.output.strip() private_fn = "%s/%s.private" % (workdir, basename) os.chmod(private_fn, FILE_PERM) # this is useful mainly for debugging with open("%s/%s.uuid" % (workdir, basename), 'w') as uuid_file: uuid_file.write(uuid) with open("%s/%s.dn" % (workdir, basename), 'w') as dn_file: dn_file.write(attrs['dn'])
def __init_ipa_kdb(self): # kdb5_util may take a very long time when entropy is low installutils.check_entropy() #populate the directory with the realm structure args = ["kdb5_util", "create", "-s", "-r", self.realm, "-x", "ipa-setup-override-restrictions"] dialogue = ( # Enter KDC database master key: self.master_password + '\n', # Re-enter KDC database master key to verify: self.master_password + '\n', ) try: ipautil.run(args, nolog=(self.master_password,), stdin=''.join(dialogue)) except ipautil.CalledProcessError: print("Failed to initialize the realm container")
def __generate_rndc_key(self): installutils.check_entropy() ipautil.run([paths.GENERATE_RNDC_KEY])
def __generate_rndc_key(self): installutils.check_entropy() ipautil.run(['/usr/libexec/generate-rndc-key.sh'])