summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/Makefile.am3
-rw-r--r--server/upgrade/upgrade_config.py352
2 files changed, 355 insertions, 0 deletions
diff --git a/server/Makefile.am b/server/Makefile.am
index 41eeefb4..a5555204 100644
--- a/server/Makefile.am
+++ b/server/Makefile.am
@@ -57,6 +57,9 @@ sssdlibexec_PROGRAMS = \
$(sssd_pk) \
$(sssd_info)
+dist_sssdlibexec_SCRIPTS = \
+ upgrade/upgrade_config.py
+
if HAVE_CHECK
non_interactive_check_based_tests = \
sysdb-tests \
diff --git a/server/upgrade/upgrade_config.py b/server/upgrade/upgrade_config.py
new file mode 100644
index 00000000..412fad53
--- /dev/null
+++ b/server/upgrade/upgrade_config.py
@@ -0,0 +1,352 @@
+#!/usr/bin/python
+#coding=utf-8
+
+# SSSD
+#
+# upgrade_config.py
+#
+# Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2009
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import sys
+import shutil
+import traceback
+from ConfigParser import RawConfigParser
+from optparse import OptionParser
+
+class SSSDConfigParser(RawConfigParser):
+ def raw_set(self, section, option):
+ " set without interpolation "
+ pass
+
+ def raw_get(self, section, option):
+ " get without interpolation "
+ return self._sections[section].get(option)
+
+ def _write_section(self, section, fp):
+ fp.write("[%s]\n" % section)
+ for (key, value) in sorted(self._sections[section].items()):
+ if key != "__name__":
+ fp.write("%s = %s\n" %
+ (key, str(value).replace('\n', '\n\t')))
+ fp.write("\n")
+
+ def write(self, fp):
+ """
+ SSSD Config file uses a logical order of sections
+ ConfigParser does not allow sorting the sections, so
+ we hackishly sort them here..
+ """
+ # Write SSSD first
+ if "sssd" in self._sections:
+ self._write_section("sssd", fp)
+ if (self.has_option('sssd', 'domains')):
+ active_domains = [s.strip() for s in self.get('sssd','domains').split(',')]
+ else:
+ #There were no active domains configured
+ active_domains = []
+ del self._sections["sssd"]
+ # Write the other services
+ for service in [ s for s in self._sections if not s.startswith('domain/') ]:
+ self._write_section(service, fp)
+ del self._sections[service]
+
+ # Write the domains in the order that is specified in domains =
+ for dom in active_domains:
+ self._write_section('domain/%s' % dom, fp)
+ del self._sections['domain/%s' % dom]
+
+ # Write inactive domains
+ for section in sorted(self._sections):
+ self._write_section(section, fp)
+
+class SSSDConfigFile(object):
+ def __init__(self, file_name):
+ self.file_name = file_name
+ self._config = SSSDConfigParser()
+ self._new_config = SSSDConfigParser()
+ self._config.read(file_name)
+
+ def get_version(self):
+ " Guess if we are looking at v1 config file "
+ if not self._config.has_section('sssd'):
+ return 1
+ if not self._config.has_option('sssd', 'config_file_version'):
+ return 1
+ return self._config.getint('sssd', 'config_file_version')
+
+ def _backup_file(self):
+ " Copy the file we operate on to a backup location "
+ shutil.copy(self.file_name, self.file_name+".bak")
+
+ def _migrate_if_exists(self, to_section, to_option, from_section, from_option):
+ """
+ Move value of parameter from one section to another, renaming the parameter
+ """
+ if self._config.has_section(from_section) and \
+ self._config.has_option(from_section, from_option):
+ self._new_config.set(to_section, to_option,
+ self._config.get(from_section, from_option))
+
+ def _migrate_kw(self, to_section, from_section, new_old_dict):
+ """
+ Move value of parameter from one section to another according to
+ mapping in ``new_old_dict``
+ """
+ for new, old in new_old_dict.items():
+ self._migrate_if_exists(to_section, new, from_section, old)
+
+ def _migrate_enumerate(self, to_section, from_section):
+ " Enumerate was special as it turned into bool from (0,1,2,3) enum "
+ if self._config.has_section(from_section) and \
+ self._config.has_option(from_section, 'enumerate'):
+ enumvalue = self._config.get(from_section, 'enumerate')
+ if enumvalue.upper() in ['TRUE', 'FALSE']:
+ self._new_config.set(to_section, 'enumerate', enumvalue)
+ else:
+ try:
+ enumvalue = int(enumvalue)
+ except ValueError:
+ raise ValueError('Cannot convert value %s in domain %s' % (enumvalue, from_section))
+
+ if enumvalue == 0:
+ self._new_config.set(to_section, 'enumerate', 'FALSE')
+ elif enumvalue > 0:
+ self._new_config.set(to_section, 'enumerate', 'TRUE')
+ else:
+ raise ValueError('Cannot convert value %s in domain %s' % (enumvalue, from_section))
+
+ def _migrate_domain(self, domain):
+ new_domsec = 'domain/%s' % domain
+ old_domsec = 'domains/%s' % domain
+ self._new_config.add_section(new_domsec)
+
+ # Generic options - new:old
+ generic_kw = { 'min_id' : 'minID',
+ 'max_id': 'maxID',
+ 'timeout': 'timeout',
+ 'magic_private_groups' : 'magicPrivateGroups',
+ 'cache_credentials' : 'cache-credentials',
+ 'id_provider' : 'provider',
+ 'auth_provider' : 'auth-module',
+ 'access_provider' : 'access-module',
+ 'chpass_provider' : 'chpass-module',
+ 'use_fully_qualified_names' : 'useFullyQualifiedNames',
+ }
+ # Proxy options
+ proxy_kw = { 'proxy_pam_target' : 'pam-target',
+ 'proxy_lib_name' : 'libName',
+ }
+ # LDAP options - new:old
+ ldap_kw = { 'ldap_uri' : 'ldapUri',
+ 'ldap_schema' : 'ldapSchema',
+ 'ldap_default_bind_dn' : 'defaultBindDn',
+ 'ldap_default_authtok_type' : 'defaultAuthtokType',
+ 'ldap_default_authtok' : 'defaultAuthtok',
+ 'ldap_user_search_base' : 'userSearchBase',
+ 'ldap_user_search_scope' : 'userSearchScope',
+ 'ldap_user_search_filter' : 'userSearchFilter',
+ 'ldap_user_object_class' : 'userObjectClass',
+ 'ldap_user_name' : 'userName',
+ 'ldap_user_pwd' : 'userPassword',
+ 'ldap_user_uid_number' : 'userUidNumber',
+ 'ldap_user_gid_number' : 'userGidNumber',
+ 'ldap_user_gecos' : 'userGecos',
+ 'ldap_user_home_directory' : 'userHomeDirectory',
+ 'ldap_user_shell' : 'userShell',
+ 'ldap_user_uuid' : 'userUUID',
+ 'ldap_user_principal' : 'userPrincipal',
+ 'ldap_force_upper_case_realm' : 'force_upper_case_realm',
+ 'ldap_user_fullname' : 'userFullname',
+ 'ldap_user_member_of' : 'userMemberOf',
+ 'ldap_user_modify_timestamp' : 'modifyTimestamp',
+ 'ldap_group_search_base' : 'groupSearchBase',
+ 'ldap_group_search_scope' : 'groupSearchScope',
+ 'ldap_group_search_filter' : 'groupSearchFilter',
+ 'ldap_group_object_class' : 'groupObjectClass',
+ 'ldap_group_name' : 'groupName',
+ 'ldap_group_pwd' : 'userPassword',
+ 'ldap_group_gid_number' : 'groupGidNumber',
+ 'ldap_group_member' : 'groupMember',
+ 'ldap_group_uuid' : 'groupUUID',
+ 'ldap_group_modify_timestamp' : 'modifyTimestamp',
+ 'ldap_network_timeout' : 'network_timeout',
+ 'ldap_offline_timeout' : 'offline_timeout',
+ 'ldap_enumeration_refresh_timeout' : 'enumeration_refresh_timeout',
+ 'ldap_stale_time' : 'stale_time',
+ 'ldap_opt_timeout' : 'opt_timeout',
+ 'ldap_tls_reqcert' : 'tls_reqcert',
+ }
+ krb5_kw = { 'krb5_kdcip' : 'krb5KDCIP',
+ 'krb5_realm' : 'krb5REALM',
+ 'krb5_try_simple_upn' : 'krb5try_simple_upn',
+ 'krb5_changepw_principle' : 'krb5changepw_principle',
+ 'krb5_ccachedir' : 'krb5ccache_dir',
+ 'krb5_auth_timeout' : 'krb5auth_timeout',
+ 'krb5_ccname_template' : 'krb5ccname_template',
+ }
+ user_defaults_kw = { 'default_shell' : 'defaultShell',
+ 'base_directory' : 'baseDirectory',
+ }
+
+ self._migrate_enumerate(new_domsec, old_domsec)
+ self._migrate_kw(new_domsec, old_domsec, generic_kw)
+ self._migrate_kw(new_domsec, old_domsec, proxy_kw)
+ self._migrate_kw(new_domsec, old_domsec, ldap_kw)
+ self._migrate_kw(new_domsec, old_domsec, krb5_kw)
+
+ # if domain was local, update with parameters from [user_defaults]
+ if self._new_config.get(new_domsec, 'id_provider') == 'local':
+ self._migrate_kw(new_domsec, 'user_defaults', user_defaults_kw)
+
+
+ def _migrate_domains(self):
+ for domain in [ s.replace('domains/','') for s in self._config.sections() if s.startswith("domains/") ]:
+ domain = domain.strip()
+ self._migrate_domain(domain)
+
+ def upgrade_v2(self, out_file_name, backup=True):
+ """
+ Upgrade the config file to V2 format and write the result into
+ ``out_file_name```.
+ """
+ if backup:
+ self._backup_file()
+
+ # [service] - options common to all services, no section as in v1
+ service_kw = { 'reconnection_retries' : 'reconnection_retries',
+ 'debug_level' : 'debug-level',
+ 'debug_timestamps' : 'debug-timestamps',
+ 'command' : 'command',
+ 'timeout' : 'timeout',
+ }
+
+ # [sssd] - monitor service
+ self._new_config.add_section('sssd')
+ self._new_config.set('sssd', 'config_file_version', '2')
+ self._migrate_if_exists('sssd', 'domains',
+ 'domains', 'domains')
+ self._migrate_if_exists('sssd', 'services',
+ 'services', 'activeServices')
+ self._migrate_if_exists('sssd', 'sbus_timeout',
+ 'services/monitor', 'sbusTimeout')
+ self._migrate_if_exists('sssd', 're_expression',
+ 'names', 're-expression')
+ self._migrate_if_exists('sssd', 're_expression',
+ 'names', 'full-name-format')
+ self._migrate_kw('sssd', 'services', service_kw)
+ self._migrate_kw('sssd', 'services/monitor', service_kw)
+
+ # [nss] - Name service
+ self._new_config.add_section('nss')
+ nss_kw = { 'enum_cache_timeout' : 'EnumCacheTimeout',
+ 'entry_cache_timeout' : 'EntryCacheTimeout',
+ 'entry_cache_nowait_timeout' : 'EntryCacheNoWaitRefreshTimeout',
+ 'entry_negative_timeout ' : 'EntryNegativeTimeout',
+ 'filter_users' : 'filterUsers',
+ 'filter_groups' : 'filterGroups',
+ 'filter_users_in_groups' : 'filterUsersInGroups',
+ }
+ nss_kw.update(service_kw)
+ self._migrate_kw('nss', 'services', service_kw)
+ self._migrate_kw('nss', 'services/nss', nss_kw)
+
+ # [pam] - Authentication service
+ self._new_config.add_section('pam')
+ pam_kw = {}
+ pam_kw.update(service_kw)
+ self._migrate_kw('pam', 'services', service_kw)
+ self._migrate_kw('pam', 'services/pam', pam_kw)
+
+ # [dp] - Data provider
+ self._new_config.add_section('dp')
+ provider_kw = {'sbus_timeout' : 'sbusTimeout',
+ }
+ provider_kw.update(service_kw)
+ self._migrate_kw('dp', 'services', service_kw)
+ self._migrate_kw('dp', 'services/dp', provider_kw)
+
+ # Migrate domains
+ self._migrate_domains()
+
+ # all done, write the file
+ of = open(out_file_name, "wb")
+ self._new_config.write(of)
+
+def parse_options():
+ parser = OptionParser()
+ parser.add_option("-f", "--file",
+ dest="filename", default="/etc/sssd/sssd.conf",
+ help="Set input file to FILE", metavar="FILE")
+ parser.add_option("-o", "--outfile",
+ dest="outfile", default=None,
+ help="Set output file to OUTFILE", metavar="OUTFILE")
+ parser.add_option("", "--no-backup", action="store_false",
+ dest="backup", default=True,
+ help="""Do not provide backup file after conversion.
+The script copies the original file with the suffix .bak
+by default""")
+ parser.add_option("-v", "--verbose", action="store_true",
+ dest="verbose", default=False,
+ help="Be verbose")
+ (options, args) = parser.parse_args()
+ if len(args) > 0:
+ print >>sys.stderr, "Stray arguments: %s" % ' '.join([a for a in args])
+ return None
+
+ # do the conversion in place by default
+ if not options.outfile:
+ options.outfile = options.filename
+
+ return options
+
+def verbose(msg, verbose):
+ if verbose:
+ print msg
+
+def main():
+ options = parse_options()
+ if not options:
+ print >>sys.stderr, "Cannot parse options"
+ return 1
+
+ try:
+ config = SSSDConfigFile(options.filename)
+ except SSSDConfigParser.ParsingError:
+ print >>sys.stderr, "Cannot parse config file %s" % options.filename
+ return 1
+
+ if config.get_version() == 2:
+ #Config file is already at the correct version. No upgrade needed
+ print >>sys.stderr, "Config file is v2. No upgrade required."
+ return 0
+
+ if config.get_version() != 1:
+ print >>sys.stderr, "Can only upgrade from v1 to v2, file %s looks like version %d" % (options.filename, config.get_version())
+ return 1
+
+ try:
+ config.upgrade_v2(options.outfile, options.backup)
+ except Exception, e:
+ print "ERROR: %s" % e
+ verbose(traceback.format_exc(), options.verbose)
+ return 1
+
+ return 0
+
+if __name__ == "__main__":
+ ret = main()
+ sys.exit(ret)
+