Branch 'dev/boddie' - 11 commits - conf/kolab.conf pykolab/auth pykolab/setup

Paul Boddie boddie at kolabsys.com
Sun Mar 23 18:05:15 CET 2014


 conf/kolab.conf               |    3 -
 pykolab/auth/ldap/__init__.py |    2 
 pykolab/setup/services.py     |   21 +++++++++
 pykolab/setup/setup_imap.py   |    2 
 pykolab/setup/setup_ldap.py   |   22 ++++-----
 pykolab/setup/setup_mta.py    |   98 ++++++++++++++++++++++++++++++------------
 6 files changed, 106 insertions(+), 42 deletions(-)

New commits:
commit 1e17594bcb0ced88c42494e6bdd543899e233109
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sun Mar 23 17:46:49 2014 +0100

    Tentative fix to make shared folders writable; otherwise iTIP messages to resources bounce.

diff --git a/conf/kolab.conf b/conf/kolab.conf
index 26a5a64..6bf2125 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -206,6 +206,7 @@ kolab_group_filter = (|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgr
 ; Same again
 sharedfolder_base_dn = ou=Shared Folders,%(base_dn)s
 sharedfolder_filter = (objectclass=kolabsharedfolder)
+sharedfolder_delivery_address_attribute = mail
 
 ; Same again. Resources live in a different OU structure or;
 ;


commit 77e81f550513c55e554d9176b39ae13efb7567cf
Merge: b2cb459 015de50
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sun Mar 23 14:50:37 2014 +0100

    Merge branch 'paul-fix' into dev/boddie



commit 015de500d58d86afeb6b1c3b9c4800282bb99060
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sun Mar 23 14:50:16 2014 +0100

    Removed phantom method call.

diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index a9070b8..7a7cb6a 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -1195,8 +1195,6 @@ class LDAP(pykolab.base.Base):
 
         self.init_entry_attribute(entry, 'kolabtargetfolder')
 
-        self.init_folder_for_entry(entry)
-
         folder_path = self.get_folder_path(entry)
 
         self.init_folder_acl(entry)


commit b2cb4593d8ffc5f369775fd2e3d7e8b0def0596b
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sun Mar 23 14:39:46 2014 +0100

    Quote shared folder LDAP results to avoid Postfix breaking up names containing spaces.

diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index e2295a6..5ddc66e 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -537,5 +537,5 @@ bind_pw = %(service_bind_pw)s
 
 query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=kolabsharedfolder))
 result_attribute = kolabtargetfolder
-result_format = shared+%%s
+result_format = "shared+%%s"
 """


commit 3d36fb5813e15e29bfa80aaa95acb46bdfedb6d1
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sun Mar 23 02:04:34 2014 +0100

    Fixed transport filename, broken during refactoring.

diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 11d0f5d..e2295a6 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -159,7 +159,7 @@ def _execute(*args, **kw):
 
     # Check to see if the transport file was already written.
 
-    transport_file = join(prefix, "transport")
+    transport_file = "/etc/postfix/transport"
     transport_file_content = postfix_transport % {'domain': conf.get('kolab', 'primary_domain')}
 
     matching_transport = file_contains_data(transport_file, transport_file_content)


commit 5e85c9437ec5aeb9e69feaf8b69065d91e804951
Merge: 8c50f0b 4c513f8
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sat Mar 22 23:49:28 2014 +0100

    Merge branch 'paul-ldap-io' into dev/boddie



commit 8c50f0b290799338d507fe94c34c989c26208d95
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sat Mar 22 23:47:57 2014 +0100

    Permit template instantiation when configuration is needed and is taking place.

diff --git a/pykolab/setup/setup_imap.py b/pykolab/setup/setup_imap.py
index fe239e6..e3b5563 100644
--- a/pykolab/setup/setup_imap.py
+++ b/pykolab/setup/setup_imap.py
@@ -206,7 +206,7 @@ def configure_cyrus_imapd(imapd_settings):
         # Instantiate the template unless only checking is being performed.
 
         if template_file is not None:
-            matching_config = matching_config and instantiate_template(template_file, output_file, settings, check_only=conf.check_only)
+            matching_config = instantiate_template(template_file, output_file, settings, check_only=conf.check_only) and matching_config
         else:
             log.error(_("Could not write out Cyrus IMAP configuration file %s") % output_file)
             sys.exit(1)
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index c2a78f8..5800b3c 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -235,7 +235,7 @@ def execute(*args, **kw):
     output_file = '/etc/postfix/master.cf'
 
     if template_file is not None:
-        matching_config = matching_config and instantiate_template(template_file, output_file, [postfix_master_settings], check_only=conf.check_only)
+        matching_config = instantiate_template(template_file, output_file, [postfix_master_settings], check_only=conf.check_only) and matching_config
     else:
         log.error(_("Could not write out Postfix configuration file %s") % output_file)
         return
@@ -260,7 +260,7 @@ def execute(*args, **kw):
         output_file = '/etc/amavisd/amavisd.conf'
 
         if template_file is not None:
-            matching_config = matching_config and instantiate_template(template_file, output_file, [amavisd_settings], check_only=conf.check_only)
+            matching_config = instantiate_template(template_file, output_file, [amavisd_settings], check_only=conf.check_only) and matching_config
         else:
             log.error(_("Could not write out Amavis configuration file %s") % output_file)
             return


commit 3e57ce0d8804a8df0930178e11d53d95eb1cc52c
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sat Mar 22 23:17:43 2014 +0100

    Fixed property for ConfigParser interpolation rules.

diff --git a/conf/kolab.conf b/conf/kolab.conf
index 122c657..26a5a64 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -370,7 +370,7 @@ result_attribute = mail
 uri = imaps://localhost:993
 mail_uid = vmail
 mail_gid = vmail
-mail_location = mbox:/var/mail/vmail/%u
+mail_location = mbox:/var/mail/vmail/%%u
 
 [wallace]
 modules = resources, footer


commit 4c513f859256fe1a9bb15fcd1400a3c2796dfdc0
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sat Mar 22 21:32:27 2014 +0100

    Fixed unpropagated variable after refactoring.

diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index b961669..74cc828 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -583,7 +583,7 @@ def _execute(*args, **kw):
 
     if update_directory:
         try:
-            populate_schema(_input)
+            populate_schema(_input, not schema_error)
         except ldap.ALREADY_EXISTS:
             log.info(_("Information already seems to exist in the directory."))
 
@@ -622,7 +622,7 @@ def ensure_slapd_service(hostname):
     else:
         return False
 
-def populate_schema(_input):
+def populate_schema(_input, have_schema=True):
 
     """
         Populate the schema using the values from '_input', although the
@@ -805,7 +805,7 @@ def populate_schema(_input):
     dn = conf.get('ldap', 'base_dn')
     aci = []
 
-    if schema_error:
+    if not have_schema:
         aci.append('(targetattr = "carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || l || labeledURI || mobile || o || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier") (version 3.0; acl "Enable self write for common attributes"; allow (read,compare,search,write)(userdn = "ldap:///self");)')
     else:
         aci.append('(targetattr = "carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || l || labeledURI || mobile || o || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier || kolabDelegate || kolabInvitationPolicy || kolabAllowSMTPSender") (version 3.0; acl "Enable self write for common attributes"; allow (read,compare,search,write)(userdn = "ldap:///self");)')


commit b72ed4232cf38393bd117ac9d30d54637f2b90b2
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sat Mar 22 20:18:46 2014 +0100

    Replaced stderr usage with the interaction functions.

diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index d48299a..b961669 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -129,7 +129,9 @@ def _execute(*args, **kw):
     ask_for_credentials = unconfigured or conf.reset_ldap_config
 
     if conf.without_ldap:
-        print >> sys.stderr, _("Skipping setup of LDAP, as specified")
+        ask_question("kolab-conf/ldap-setup-skipped",
+                _("Skipping setup of LDAP, as specified.")
+            )
         return
 
     if conf.with_openldap and not conf.with_ad:
@@ -155,13 +157,12 @@ def _execute(*args, **kw):
         return
 
     elif conf.with_ad and conf.with_openldap:
-        print >> sys.stderr, utils.multiline_message(
+        ask_question("kolab-conf/ldap-system-conflict",
                 _("""
-                        You can not configure Kolab to run against OpenLDAP
+                        You cannot configure Kolab to run against OpenLDAP
                         and Active Directory simultaneously.
                     """)
             )
-
         sys.exit(1)
 
     # Where the LDAP server is to be chosen explicitly, interact with the user.
@@ -489,7 +490,7 @@ def _execute(*args, **kw):
                 '--file=%s' % (filename)
             ]
 
-        print >> sys.stderr, utils.multiline_message(
+        ask_question("kolab-conf/ldap-setup-in-progress",
                 _("""
                         Setup is now going to set up the 389 Directory Server. This
                         may take a little while (during which period there is no
@@ -567,7 +568,6 @@ def _execute(*args, **kw):
         # Handle any failure to restart the service.
 
         if not ensure_slapd_service(_input['hostname']):
-            print >> sys.stderr, _("Directory service not started. Exiting...")
             log.error(_("Directory server service not available."))
             sys.exit(1)
 
@@ -585,7 +585,7 @@ def _execute(*args, **kw):
         try:
             populate_schema(_input)
         except ldap.ALREADY_EXISTS:
-            print >> sys.stderr, _("Information already seems to exist in the directory.")
+            log.info(_("Information already seems to exist in the directory."))
 
 def find_schema_file():
     for kolab_dir in glob('/usr/share/doc/kolab*'):
@@ -615,7 +615,7 @@ def ensure_slapd_service(hostname):
         if have_slapd_process(hostname):
             return True
         else:
-            print >> sys.stderr, _("Directory service not started. Starting...")
+            log.info(_("Directory service not started. Starting..."))
             if not control_service('dirsrv', 'start', '.target'):
                 log.error(_("Could not start the directory server service."))
             time.sleep(10)


commit 20c1aa9d8ff90ca6f5fc42d2ad953fc068958353
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sat Mar 22 18:13:52 2014 +0100

    Attempted to configure TLS settings for Postfix in a more versatile manner.

diff --git a/pykolab/setup/services.py b/pykolab/setup/services.py
index 1d6e88e..a836a5a 100644
--- a/pykolab/setup/services.py
+++ b/pykolab/setup/services.py
@@ -275,6 +275,27 @@ def stop_interaction():
 def have_postfix():
     return have_command(['postfix', 'status'])
 
+# Certificate-related functions.
+
+def get_certificate_path(name):
+    if is_debian():
+        return '/etc/ssl/certs/%s.pem' % name
+    else:
+        return '/etc/pki/tls/certs/%s.pem' % name
+
+def get_private_key_path(name):
+    if is_debian():
+        return '/etc/ssl/private/%s.key' % name
+    else:
+        return '/etc/pki/tls/private/%s.pem' % name
+
+def make_ssl_certificate(key_filename):
+    for program in ['/etc/pki/tls/certs/make-dummy-cert']:
+        if isfile(program):
+            call([program, key_filename])
+            return True
+    return False
+
 # Apache-related functions.
 
 def get_apache_site_dir():
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index c2a78f8..aef29ef 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -55,6 +55,17 @@ def description():
 
 def execute(*args, **kw):
 
+    # Signal that interaction may occur. This will involve debconf and similar
+    # system-specific mechanisms if available.
+
+    start_interaction("kolab-conf/title-mta")
+    try:
+        _execute(*args, **kw)
+    finally:
+        stop_interaction()
+
+def _execute(*args, **kw):
+
     # If Postfix is not actually installed, continue under the assumption that
     # a remote SMTP service will be used.
 
@@ -75,6 +86,24 @@ def execute(*args, **kw):
 
     matching_config = True
 
+    # Establish the main Postfix configuration if necessary.
+    # This should have occurred during package post-installation activities.
+
+    missing_main_config = not isfile('/etc/postfix/main.cf') and isfile('/usr/share/postfix/main.cf.debian')
+    matching_config = matching_config and not missing_main_config
+
+    if missing_main_config and not conf.check_only:
+        shutil.copy(
+                '/usr/share/postfix/main.cf.debian',
+                '/etc/postfix/main.cf'
+            )
+
+    # Access the Postfix configuration.
+
+    myaugeas = Augeas()
+
+    setting_base = '/files/etc/postfix/main.cf/'
+
     # Configure Postfix.
 
     prefix = "/etc/postfix/ldap"
@@ -147,11 +176,41 @@ def execute(*args, **kw):
 
     # Initialise certificate.
 
-    missing_certificate = isfile('/etc/pki/tls/certs/make-dummy-cert') and not isfile('/etc/pki/tls/private/localhost.pem')
-    matching_config = matching_config and not missing_certificate
+    current_certificate = myaugeas.get(join(setting_base, 'smtpd_tls_cert_file'))
+    current_key = myaugeas.get(join(setting_base, 'smtpd_tls_key_file'))
+    unset_certificate = not current_certificate or not current_key
+
+    # Ask for details of the certificate, if appropriate.
+
+    if (unset_certificate or conf.reset_postfix_config) and not conf.check_only:
+        default_certificate_name = is_debian() and 'ssl-cert-snakeoil' or 'localhost'
+
+        certificate_name = ask_question("kolab-conf/ssl-certificate-selection",
+                _("""
+                    Please indicate the name of the certificate to be used
+                    by Postfix. If this is a new certificate, an attempt
+                    will be made to create it. Note that this should be only
+                    a simple name like "localhost" or "ssl-cert-snakeoil",
+                    not a filename or pathname.
+                    """),
+                _("Certificate name"),
+                default=default_certificate_name
+            ).strip()
+
+        current_certificate = get_certificate_path(certificate_name)
+        current_key = get_private_key_path(certificate_name)
+
+    # Detect and create a certificate, if appropriate.
+    # Here, we test the certificate and not the key because there can be an
+    # inconsistency between usage of .pem and .key for the keys, but
+    # certificates always seem to use .pem as their suffix.
+
+    missing_certificate = not isfile(current_certificate)
 
     if missing_certificate and not conf.check_only:
-        call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
+        make_ssl_certificate(current_key)
+
+    matching_config = matching_config and not unset_certificate and not missing_certificate
 
     # Acquire the settings from a global defined below, duplicating the global
     # to be safe.
@@ -159,20 +218,9 @@ def execute(*args, **kw):
     postfix_main_settings = {}
     postfix_main_settings.update(_postfix_main_settings)
 
-    if isfile('/etc/pki/tls/private/localhost.pem'):
-        postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
-        postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
-
-    # Establish the main Postfix configuration if necessary.
-
-    missing_main_config = not isfile('/etc/postfix/main.cf') and isfile('/usr/share/postfix/main.cf.debian')
-    matching_config = matching_config and not missing_main_config
-
-    if missing_main_config and not conf.check_only:
-        shutil.copy(
-                '/usr/share/postfix/main.cf.debian',
-                '/etc/postfix/main.cf'
-            )
+    if unset_certificate:
+        postfix_main_settings['smtpd_tls_cert_file'] = current_certificate
+        postfix_main_settings['smtpd_tls_key_file'] = current_key
 
     # Copy header checks files.
 
@@ -189,12 +237,8 @@ def execute(*args, **kw):
 
     # Update the main Postfix configuration.
 
-    myaugeas = Augeas()
-
-    setting_base = '/files/etc/postfix/main.cf/'
-
     for setting_key, proposed_value in postfix_main_settings.items():
-        setting = join(setting_base,setting_key)
+        setting = join(setting_base, setting_key)
         current_value = myaugeas.get(setting)
 
         # When only checking the configuration, exit the loop upon seeing any
@@ -219,7 +263,7 @@ def execute(*args, **kw):
         log.debug(_("Setting key %r to %r") % (setting_key, proposed_value), level=8)
         myaugeas.set(setting, proposed_value)
 
-    if not conf.check_only:
+    if (not matching_config or conf.reset_postfix_config) and not conf.check_only:
         myaugeas.save()
 
     # Update the master Postfix configuration.




More information about the commits mailing list