diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-06-13 18:35:08 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-06-18 14:45:51 +0200 |
| commit | 700ac6c11627137db758ad376c44745db579dc84 (patch) | |
| tree | 977e49e2dbbb33adc54355dedc1d4438a5515cfb /ipaserver | |
| parent | 853b6ef4ce5f2dd5fd459672521c5e32467192bc (diff) | |
| download | freeipa-700ac6c11627137db758ad376c44745db579dc84.tar.gz freeipa-700ac6c11627137db758ad376c44745db579dc84.tar.xz freeipa-700ac6c11627137db758ad376c44745db579dc84.zip | |
Remove the update_dns_permissions plugin
This plugin created permissions that the managed permission
updater would remove right away.
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/plugins/dns.py | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py index 6e6c52f26..76c57f2f0 100644 --- a/ipaserver/install/plugins/dns.py +++ b/ipaserver/install/plugins/dns.py @@ -81,62 +81,6 @@ class update_dnszones(PostUpdate): api.register(update_dnszones) -class update_dns_permissions(PostUpdate): - """ - New DNS permissions need to be added only for updated machines with - enabled DNS. LDIF loaded by DNS installer would fail because of duplicate - entries otherwise. - """ - - _write_dns_perm_dn = DN(('cn', 'Write DNS Configuration'), - api.env.container_permission, api.env.basedn) - _write_dns_perm_entry = ['objectClass:groupofnames', - 'objectClass:top', - 'cn:Write DNS Configuration', - 'description:Write DNS Configuration', - 'member:%s' % DN(('cn', 'DNS Administrators'), ('cn', 'privileges'), ('cn', 'pbac'), - api.env.basedn), - 'member:%s' % DN(('cn', 'DNS Servers'), ('cn', 'privileges'), ('cn', 'pbac'), - api.env.basedn)] - - _read_dns_perm_dn = DN(('cn', 'Read DNS Entries'), - api.env.container_permission, api.env.basedn) - _read_dns_perm_entry = ['objectClass:top', - 'objectClass:groupofnames', - 'objectClass:ipapermission', - 'cn:Read DNS Entries', - 'description:Read DNS entries', - 'ipapermissiontype:SYSTEM', - 'member:%s' % DN(('cn', 'DNS Administrators'), ('cn', 'privileges'), ('cn', 'pbac'), - api.env.basedn), - 'member:%s' % DN(('cn', 'DNS Servers'), ('cn', 'privileges'), ('cn', 'pbac'), - api.env.basedn),] - - _write_dns_aci_dn = DN(api.env.basedn) - _write_dns_aci_entry = ['add:aci:\'(targetattr = "idnsforwardpolicy || idnsforwarders || idnsallowsyncptr || idnszonerefresh || idnspersistentsearch")(target = "ldap:///cn=dns,%(realm)s")(version 3.0;acl "permission:Write DNS Configuration";allow (write) groupdn = "ldap:///cn=Write DNS Configuration,cn=permissions,cn=pbac,%(realm)s";)\'' % dict(realm=api.env.basedn)] - - _read_dns_aci_dn = DN(api.env.container_dns, api.env.basedn) - _read_dns_aci_entry = ['add:aci:\'(targetattr = "*")(version 3.0; acl "Allow read access"; allow (read,search,compare) groupdn = "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,%(realm)s" or userattr = "parent[0,1].managedby#GROUPDN";)\'' % dict(realm=api.env.basedn) ] - - def execute(self, **options): - ldap = self.obj.backend - - if not dns_container_exists(ldap): - return (False, False, []) - - dnsupdates = {} - - # add default and updated entries - for dn, container, entry in ((self._write_dns_perm_dn, 'default', self._write_dns_perm_entry), - (self._read_dns_perm_dn, 'default', self._read_dns_perm_entry), - (self._write_dns_aci_dn, 'updates', self._write_dns_aci_entry), - (self._read_dns_aci_dn, 'updates', self._read_dns_aci_entry)): - - dnsupdates[dn] = {'dn': dn, container: entry} - - return (False, True, [dnsupdates]) - -api.register(update_dns_permissions) class update_dns_limits(PostUpdate): """ |