X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Finstall%2Fipsilon-client-install;h=d48df1b8bbfff065a6af2be8b409dd8a7719bdf3;hp=8802ea1d97fe894168db9858e959439111955134;hb=f139821010d71a07e011b257132b4acbc872a21b;hpb=a0374da67060c6e69ff6f1c2d25d2df357c25751 diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install index 8802ea1..d48df1b 100755 --- a/ipsilon/install/ipsilon-client-install +++ b/ipsilon/install/ipsilon-client-install @@ -21,7 +21,7 @@ from ipsilon.tools.saml2metadata import Metadata from ipsilon.tools.saml2metadata import SAML2_NAMEID_MAP from ipsilon.tools.saml2metadata import SAML2_SERVICE_MAP from ipsilon.tools.certs import Certificate -from string import Template +from ipsilon.tools import files import argparse import logging import os @@ -78,7 +78,7 @@ def saml2(): raise path = None - if args['saml_httpd']: + if not args['saml_no_httpd']: path = os.path.join(SAML2_HTTPDIR, args['hostname']) os.makedirs(path, 0750) else: @@ -100,7 +100,7 @@ def saml2(): sp_metafile = os.path.join(path, 'metadata.xml') m.output(sp_metafile) - if args['saml_httpd']: + if not args['saml_no_httpd']: idp_metafile = os.path.join(path, 'idp-metadata.xml') with open(idp_metafile, 'w+') as f: f.write(idpmeta) @@ -118,31 +118,18 @@ def saml2(): # default location, enable the default page psp = '' - with open(SAML2_TEMPLATE) as f: - template = f.read() - t = Template(template) - hunk = t.substitute(saml_base=args['saml_base'], - saml_protect=saml_protect, - saml_sp_key=c.key, - saml_sp_cert=c.cert, - saml_sp_meta=sp_metafile, - saml_idp_meta=idp_metafile, - saml_sp=args['saml_sp'], - saml_auth=saml_auth, sp=psp) - - with open(SAML2_CONFFILE, 'w+') as f: - f.write(hunk) - - pw = pwd.getpwnam(args['httpd_user']) - for root, dirs, files in os.walk(SAML2_HTTPDIR): - for name in dirs: - target = os.path.join(root, name) - os.chown(target, pw.pw_uid, pw.pw_gid) - os.chmod(target, 0700) - for name in files: - target = os.path.join(root, name) - os.chown(target, pw.pw_uid, pw.pw_gid) - os.chmod(target, 0600) + samlopts = {'saml_base': args['saml_base'], + 'saml_protect': saml_protect, + 'saml_sp_key': c.key, + 'saml_sp_cert': c.cert, + 'saml_sp_meta': sp_metafile, + 'saml_idp_meta': idp_metafile, + 'saml_sp': args['saml_sp'], + 'saml_auth': saml_auth, + 'sp': psp} + files.write_from_template(SAML2_CONFFILE, SAML2_TEMPLATE, samlopts) + + files.fix_user_dirs(SAML2_HTTPDIR, args['httpd_user']) logger.info('SAML Service Provider configured.') logger.info('You should be able to restart the HTTPD server and' + @@ -197,12 +184,12 @@ def parse_args(): help="Account allowed to create a SP") parser.add_argument('--httpd-user', default='apache', help="Web server account used to read certs") - parser.add_argument('--saml', action='store_true', default=False, + parser.add_argument('--saml', action='store_true', default=True, help="Whether to install a saml2 SP") parser.add_argument('--saml-idp-metadata', default=None, help="A URL pointing at the IDP Metadata (FILE or HTTP)") - parser.add_argument('--saml-httpd', action='store_true', default=False, - help="Automatically configure httpd") + parser.add_argument('--saml-no-httpd', action='store_true', default=False, + help="Do not configure httpd") parser.add_argument('--saml-base', default='/', help="Where saml2 authdata is available") parser.add_argument('--saml-auth', default=SAML2_PROTECTED,