fix change rights in bootstrap

12 years ago · c4fe3051d1
parent 10dbb89a00
commit c4fe3051d1
1 changed files with 23 additions and 3 deletions
--- a/core/server/bootstrap.py
+++ b/core/server/bootstrap.py
@ -128,7 +128,7 @@ def create_client_cert(server_cert, cert_path, data_path, certbase, user_name):
        print _('not exists client certificate path')
        return 1
    req_id = create_request(server_cert, cert_path, data_path, certbase, \
-                            client_cert_path)
+                            client_cert_path, user_name)
    sign_certificate(req_id, cert_path, data_path)
    get_certificate(cert_path, data_path, certbase, client_cert_path, user_name)

@ -162,7 +162,8 @@ def check_user_path(user_name):

    return cert_dir

-def create_request(server_cert, cert_path, data_path, certbase,client_cert_path):
+def create_request(server_cert, cert_path, data_path, certbase, \
+                   client_cert_path, user_name):
    server_host_name = socket.getfqdn()

    key = os.path.join(client_cert_path, server_host_name + '.key')
@ -171,6 +172,16 @@ def create_request(server_cert, cert_path, data_path, certbase,client_cert_path)

    client_req_file = new_key_req(key, client_cert_path, server_host_name, auto = True)

+    try:
+        pwdObj = pwd.getpwnam(user_name)
+    except KeyError, e:
+        print e
+        return None
+    for files in [key, client_req_file, key+'_pub']:
+        if os.path.exists(files):
+            os.chown(files,pwdObj.pw_uid,pwdObj.pw_gid)
+            os.chmod(files, 0644)
+
    ip, mac, client_type = get_ip_mac_type()
    data = open(client_req_file).read()

@ -251,6 +262,8 @@ def get_certificate(cert_path, data_path, certbase, client_cert_path,user_name):
        ca_dir = os.path.join(client_cert_path, 'ca')
        if not os.path.isdir(ca_dir):
            os.makedirs(ca_dir)
+            os.chown(ca_dir, pwdObj.pw_uid, pwdObj.pw_gid)
+            os.chmod(ca_dir, 0755)
        root_cert_md5 = os.path.join(ca_dir, "cert_list")

        md5 = hashlib.md5()
@ -281,19 +294,26 @@ def get_certificate(cert_path, data_path, certbase, client_cert_path,user_name):
            fc = open(root_cert_md5,"a")
            fc.write('%s %s\n' %(md5sum, filename))
            fc.close()
+            os.chown(root_cert_md5, pwdObj.pw_uid, pwdObj.pw_gid)
+            os.chmod(root_cert_md5, 0644)

            if not filename:
                print _('Not found field "CN" in certificate!')
                return 1

-            fd = open(os.path.join(ca_dir, filename), 'w')
+            ca_cert = os.path.join(ca_dir, filename)
+            fd = open(ca_cert, 'w')
            fd.write(ca_root)
            fd.close()
+            os.chown(ca_cert, pwdObj.pw_uid, pwdObj.pw_gid)
+            os.chmod(ca_cert, 0644)

            user_root_cert = os.path.join(ca_dir, 'ca_root.crt')
            fa = open(user_root_cert, 'a')
            fa.write(ca_root)
            fa.close()
+            os.chown(user_root_cert, pwdObj.pw_uid, pwdObj.pw_gid)
+            os.chmod(user_root_cert, 0644)
            print _("CERTIFICATE ADD")
        else:
            print _("file with ca certificates exists")