From a09c50671ecc53af63765afca13edd27ee598081 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 4 Feb 2013 09:47:00 +0100 Subject: Use full DNs in plugin code. --- ipalib/plugins/aci.py | 8 ++++++-- ipalib/plugins/automember.py | 13 ++++++++----- ipalib/plugins/automount.py | 6 ++++-- ipalib/plugins/baseldap.py | 14 ++++++++------ ipalib/plugins/config.py | 2 +- ipalib/plugins/dns.py | 4 ++-- ipalib/plugins/entitle.py | 14 +++++++++----- ipalib/plugins/host.py | 8 ++++---- ipalib/plugins/krbtpolicy.py | 2 +- ipalib/plugins/migration.py | 9 ++++++--- ipalib/plugins/pwpolicy.py | 5 +++-- ipalib/plugins/selinuxusermap.py | 2 +- ipalib/plugins/sudocmd.py | 2 +- ipalib/plugins/user.py | 2 +- ipaserver/plugins/ldap2.py | 10 ++++------ 15 files changed, 59 insertions(+), 42 deletions(-) diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index eddb26a47..dab209e63 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -245,7 +245,10 @@ def _make_aci(ldap, current, aciname, kw): if 'test' in kw and not kw.get('test'): raise e else: - entry_attrs = {'dn': DN(('cn', kw['permission']), api.env.container_permission)} + entry_attrs = { + 'dn': DN(('cn', kw['permission']), + api.env.container_permission, api.env.basedn), + } elif group: # Not so friendly with groups. This will raise try: @@ -366,7 +369,8 @@ def _aci_to_kw(ldap, a, test=False, pkey_only=False): except errors.NotFound, e: # FIXME, use real name here if test: - dn = DN(('cn', 'test'), api.env.container_permission) + dn = DN(('cn', 'test'), api.env.container_permission, + api.env.basedn) entry_attrs = {'cn': [u'test']} if api.env.container_permission in dn: kw['permission'] = entry_attrs['cn'][0] diff --git a/ipalib/plugins/automember.py b/ipalib/plugins/automember.py index 520f8a03c..8bd5edc00 100644 --- a/ipalib/plugins/automember.py +++ b/ipalib/plugins/automember.py @@ -197,7 +197,7 @@ class automember(LDAPObject): if self.parent_object: parent_dn = self.api.Object[self.parent_object].get_dn(*keys[:-1]) else: - parent_dn = self.container_dn + parent_dn = DN(self.container_dn, api.env.basedn) grouptype = options['type'] try: ndn = DN(('cn', keys[-1]), ('cn', grouptype), parent_dn) @@ -221,7 +221,7 @@ api.register(automember) def automember_container_exists(ldap): try: - ldap.get_entry(api.env.container_automember, []) + ldap.get_entry(DN(api.env.container_automember, api.env.basedn), []) except errors.NotFound: return False return True @@ -524,7 +524,8 @@ class automember_default_group_set(LDAPUpdate): msg_summary = _('Set default (fallback) group for automember "%(value)s"') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): - dn = DN(('cn', options['type']), api.env.container_automember) + dn = DN(('cn', options['type']), api.env.container_automember, + api.env.basedn) entry_attrs['automemberdefaultgroup'] = self.obj.dn_exists(options['type'], options['automemberdefaultgroup']) return dn @@ -545,7 +546,8 @@ class automember_default_group_remove(LDAPUpdate): msg_summary = _('Removed default (fallback) group for automember "%(value)s"') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): - dn = DN(('cn', options['type']), api.env.container_automember) + dn = DN(('cn', options['type']), api.env.container_automember, + api.env.basedn) attr = 'automemberdefaultgroup' (dn, entry_attrs_) = ldap.get_entry( @@ -579,7 +581,8 @@ class automember_default_group_show(LDAPRetrieve): takes_options = group_type def pre_callback(self, ldap, dn, attrs_list, *keys, **options): - dn = DN(('cn', options['type']), api.env.container_automember) + dn = DN(('cn', options['type']), api.env.container_automember, + api.env.basedn) return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): diff --git a/ipalib/plugins/automount.py b/ipalib/plugins/automount.py index fcda0a102..417d6a311 100644 --- a/ipalib/plugins/automount.py +++ b/ipalib/plugins/automount.py @@ -605,7 +605,7 @@ class automountmap_del(LDAPDelete): try: (dn_, entry_attrs) = ldap.find_entry_by_attr( 'automountinformation', keys[0], 'automount', - base_dn=self.obj.container_dn + base_dn=DN(self.obj.container_dn, api.env.basedn) ) ldap.delete_entry(dn_) except errors.NotFound: @@ -724,7 +724,9 @@ class automountkey(LDAPObject): (kwargs['automountkey'], kwargs['automountinformation']) else: sfilter = '(automountkey=%s)' % kwargs['automountkey'] - basedn = DN(('automountmapname', parent_keys[1]), ('cn', parent_keys[0]), self.container_dn) + basedn = DN(('automountmapname', parent_keys[1]), + ('cn', parent_keys[0]), self.container_dn, + api.env.basedn) attrs_list = ['*'] (entries, truncated) = ldap.find_entries(sfilter, attrs_list, basedn, _ldap.SCOPE_ONELEVEL) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 20ae1cbee..b125b531c 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -470,12 +470,12 @@ class LDAPObject(Object): if self.parent_object: parent_dn = self.api.Object[self.parent_object].get_dn(*keys[:-1]) else: - parent_dn = self.container_dn + parent_dn = DN(self.container_dn, api.env.basedn) if self.rdn_attribute: try: (dn, entry_attrs) = self.backend.find_entry_by_attr( self.primary_key.name, keys[-1], self.object_class, [''], - self.container_dn + DN(self.container_dn, api.env.basedn) ) except errors.NotFound: pass @@ -534,7 +534,8 @@ class LDAPObject(Object): for member in entry_attrs.setdefault(attr, []): for ldap_obj_name in self.attribute_members[attr]: ldap_obj = self.api.Object[ldap_obj_name] - if ldap_obj.container_dn in member: + container_dn = DN(ldap_obj.container_dn, api.env.basedn) + if member.endswith(container_dn): new_attr = '%s_%s' % (attr, ldap_obj.name) entry_attrs.setdefault(new_attr, []).append( ldap_obj.get_primary_key_from_dn(member) @@ -1012,7 +1013,8 @@ class LDAPCreate(BaseLDAPCommand, crud.Create): if dn_attr != self.obj.primary_key.name: self.obj.handle_duplicate_entry(*keys) dn = ldap.make_dn( - entry_attrs, self.obj.rdn_attribute, self.obj.container_dn + entry_attrs, self.obj.rdn_attribute, + DN(self.obj.container_dn, api.env.basedn) ) if options.get('all', False): @@ -1059,7 +1061,7 @@ class LDAPCreate(BaseLDAPCommand, crud.Create): object_class = None (dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.find_entry_by_attr)( self.obj.primary_key.name, keys[-1], object_class, attrs_list, - self.obj.container_dn + DN(self.obj.container_dn, api.env.basedn) ) assert isinstance(dn, DN) else: @@ -1807,7 +1809,7 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): if self.obj.parent_object: base_dn = self.api.Object[self.obj.parent_object].get_dn(*args[:-1]) else: - base_dn = self.obj.container_dn + base_dn = DN(self.obj.container_dn, api.env.basedn) assert isinstance(base_dn, DN) search_kw = self.args_options_2_entry(**options) diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index 5f916903b..db7fce7cb 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -200,7 +200,7 @@ class config(LDAPObject): ) def get_dn(self, *keys, **kwargs): - return DN(('cn', 'ipaconfig'), ('cn', 'etc')) + return DN(('cn', 'ipaconfig'), ('cn', 'etc'), api.env.basedn) api.register(config) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index ff21c694d..e0a5a151c 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -1528,7 +1528,7 @@ def check_ns_rec_resolvable(zone, name): def dns_container_exists(ldap): try: - ldap.get_entry(api.env.container_dns, []) + ldap.get_entry(DN(api.env.container_dns, api.env.basedn), []) except errors.NotFound: return False return True @@ -2954,7 +2954,7 @@ class dnsconfig(LDAPObject): ) def get_dn(self, *keys, **kwargs): - return api.env.container_dns + return DN(api.env.container_dns, api.env.basedn) def get_dnsconfig(self, ldap): (dn, entry) = ldap.get_entry(self.get_dn(), None, diff --git a/ipalib/plugins/entitle.py b/ipalib/plugins/entitle.py index 1b821053d..e7d66a1c2 100644 --- a/ipalib/plugins/entitle.py +++ b/ipalib/plugins/entitle.py @@ -144,7 +144,8 @@ def get_uuid(ldap): entry_attrs = dict(ipaentitlementid=uuid) dn = ldap.make_dn( - entry_attrs, 'ipaentitlementid', api.env.container_entitlements, + entry_attrs, 'ipaentitlementid', + DN(api.env.container_entitlements, api.env.basedn) ) if not ldap.can_read(dn, 'userpkcs12'): raise errors.ACIError( @@ -196,7 +197,7 @@ class entitle(LDAPObject): try: (dn, entry_attrs) = self.backend.find_entry_by_attr( self.primary_key.name, keys[-1], self.object_class, [''], - self.container_dn + DN(self.container_dn, api.env.basedn) ) except errors.NotFound: dn = super(entitle, self).get_dn(*keys, **kwargs) @@ -328,7 +329,8 @@ class entitle_consume(LDAPUpdate): (db, uuid, certfile, keyfile) = get_uuid(ldap) entry_attrs['ipaentitlementid'] = uuid dn = ldap.make_dn( - entry_attrs, self.obj.uuid_attribute, self.obj.container_dn + entry_attrs, self.obj.uuid_attribute, + DN(self.obj.container_dn, api.env.basedn) ) if db is None: raise errors.NotRegisteredError() @@ -562,7 +564,8 @@ class entitle_register(LDAPCreate): raise errors.ACIError(info=e.args[1]) dn = ldap.make_dn( - entry_attrs, self.obj.uuid_attribute, self.obj.container_dn + entry_attrs, self.obj.uuid_attribute, + DN(self.obj.container_dn, api.env.basedn) ) return dn @@ -718,7 +721,8 @@ class entitle_sync(LDAPUpdate): shutil.rmtree(db, ignore_errors=True) dn = ldap.make_dn( - entry_attrs, self.obj.uuid_attribute, self.obj.container_dn + entry_attrs, self.obj.uuid_attribute, + DN(self.obj.container_dn, api.env.basedn) ) return dn diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index affc3d77c..e798d23bf 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -334,8 +334,7 @@ class host(LDAPObject): try: (dn, entry_attrs) = self.backend.find_entry_by_attr( 'serverhostname', hostname, self.object_class, [''], - self.container_dn - ) + DN(self.container_dn, api.env.basedn)) except errors.NotFound: pass return dn @@ -347,8 +346,9 @@ class host(LDAPObject): managed_hosts = [] try: - (hosts, truncated) = ldap.find_entries(base_dn=self.container_dn, - filter=host_filter, attrs_list=host_attrs) + (hosts, truncated) = ldap.find_entries( + base_dn=DN(self.container_dn, api.env.basedn), + filter=host_filter, attrs_list=host_attrs) for host in hosts: managed_hosts.append(host[0]) diff --git a/ipalib/plugins/krbtpolicy.py b/ipalib/plugins/krbtpolicy.py index 976f92b3c..a383d6845 100644 --- a/ipalib/plugins/krbtpolicy.py +++ b/ipalib/plugins/krbtpolicy.py @@ -103,7 +103,7 @@ class krbtpolicy(LDAPObject): def get_dn(self, *keys, **kwargs): if keys[-1] is not None: return self.api.Object.user.get_dn(*keys, **kwargs) - return self.container_dn + return DN(self.container_dn, api.env.basedn) api.register(krbtpolicy) diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index 7b6dc78bf..d94484331 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -336,10 +336,12 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwarg if m.endswith(search_bases['user']): api.log.info('migrating %s user %s' % (member_attr, m)) - m = DN((api.Object.user.primary_key.name, rdnval), api.env.container_user) + m = DN((api.Object.user.primary_key.name, rdnval), + api.env.container_user, api.env.basedn) elif m.endswith(search_bases['group']): api.log.info('migrating %s group %s' % (member_attr, m)) - m = DN((api.Object.group.primary_key.name, rdnval), api.env.container_group) + m = DN((api.Object.group.primary_key.name, rdnval), + api.env.container_group, api.env.basedn) else: api.log.error('entry %s does not belong into any known container' % m) continue @@ -359,7 +361,8 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwarg new_members = [] entry_attrs.setdefault(member_attr, []) for m in entry_attrs[member_attr]: - memberdn = DN((api.Object.user.primary_key.name, m), api.env.container_user) + memberdn = DN((api.Object.user.primary_key.name, m), + api.env.container_user, api.env.basedn) new_members.append(ldap.normalize_dn(memberdn)) entry_attrs['member'] = new_members diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py index 6c8ad8dbf..c92b268b5 100644 --- a/ipalib/plugins/pwpolicy.py +++ b/ipalib/plugins/pwpolicy.py @@ -93,7 +93,7 @@ class cosentry(LDAPObject): def get_dn(self, *keys, **options): group_dn = self.api.Object.group.get_dn(keys[-1]) return self.backend.make_dn_from_attr( - 'cn', group_dn, self.container_dn + 'cn', group_dn, DN(self.container_dn, api.env.basedn) ) def check_priority_uniqueness(self, *keys, **options): @@ -272,7 +272,8 @@ class pwpolicy(LDAPObject): def get_dn(self, *keys, **options): if keys[-1] is not None: return self.backend.make_dn_from_attr( - self.primary_key.name, keys[-1], self.container_dn + self.primary_key.name, keys[-1], + DN(self.container_dn, api.env.basedn) ) return global_policy_dn diff --git a/ipalib/plugins/selinuxusermap.py b/ipalib/plugins/selinuxusermap.py index 60eb053a1..e0e995ee4 100644 --- a/ipalib/plugins/selinuxusermap.py +++ b/ipalib/plugins/selinuxusermap.py @@ -222,7 +222,7 @@ class selinuxusermap(LDAPObject): seealso, self.api.Object['hbacrule'].object_class, [''], - self.api.Object['hbacrule'].container_dn) + DN(self.api.Object['hbacrule'].container_dn, api.env.basedn)) seealso = dn except errors.NotFound: raise errors.NotFound(reason=_('HBAC rule %(rule)s not found') % dict(rule=seealso)) diff --git a/ipalib/plugins/sudocmd.py b/ipalib/plugins/sudocmd.py index f6ea88a25..0c2160c8f 100644 --- a/ipalib/plugins/sudocmd.py +++ b/ipalib/plugins/sudocmd.py @@ -89,7 +89,7 @@ class sudocmd(LDAPObject): try: (dn, entry_attrs) = self.backend.find_entry_by_attr( 'sudocmd', keys[-1], self.object_class, [''], - self.container_dn + DN(self.container_dn, api.env.basedn) ) except errors.NotFound: pass diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 979ade1a7..13f36ce29 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -411,7 +411,7 @@ class user(LDAPObject): continue (dn, entry_attrs) = self.backend.find_entry_by_attr( self.primary_key.name, manager[m], self.object_class, [''], - self.container_dn + container_dn ) manager[m] = dn except errors.NotFound: diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 9483611bd..93d546500 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -199,10 +199,8 @@ class ldap2(LDAPClient, CrudBackend): def get_ipa_config(self, attrs_list=None): """Returns the IPA configuration entry (dn, entry_attrs).""" - odn = api.Object.config.get_dn() - assert isinstance(odn, DN) - assert isinstance(api.env.basedn, DN) - cdn = DN(odn, api.env.basedn) + dn = api.Object.config.get_dn() + assert isinstance(dn, DN) try: config_entry = getattr(context, 'config_entry') @@ -213,14 +211,14 @@ class ldap2(LDAPClient, CrudBackend): pass try: (entry, truncated) = self.find_entries( - None, attrs_list, base_dn=cdn, scope=self.SCOPE_BASE, + None, attrs_list, base_dn=dn, scope=self.SCOPE_BASE, time_limit=2, size_limit=10 ) if truncated: raise errors.LimitsExceeded() config_entry = entry[0] except errors.NotFound: - config_entry = self.make_entry(cdn) + config_entry = self.make_entry(dn) for a in self.config_defaults: if a not in config_entry: config_entry[a] = self.config_defaults[a] -- cgit