ipaserver/install/plugins/update_passsync.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

#
# Copyright (C) 2014  FreeIPA Contributors see COPYING for license
#

from ipalib import api, errors
from ipalib import Updater
from ipapython.dn import DN
from ipapython.ipa_log_manager import root_logger
from ipaserver.install import sysupgrade

class update_passync_privilege_check(Updater):

    def execute(self, **options):
        update_done = sysupgrade.get_upgrade_state('winsync', 'passsync_privilege_updated')
        if update_done:
            root_logger.debug("PassSync privilege update pre-check not needed")
            return False, []

        root_logger.debug("Check if there is existing PassSync privilege")

        passsync_privilege_dn = DN(('cn','PassSync Service'),
                self.api.env.container_privilege,
                self.api.env.basedn)

        ldap = self.api.Backend.ldap2
        try:
            ldap.get_entry(passsync_privilege_dn, [''])
        except errors.NotFound:
            root_logger.debug("PassSync privilege not found, this is a new update")
            sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', False)
        else:
            root_logger.debug("PassSync privilege found, skip updating PassSync")
            sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)

        return False, []

api.register(update_passync_privilege_check)

class update_passync_privilege_update(Updater):
    """
        Add PassSync user as a member of PassSync privilege, if it exists
    """

    def execute(self, **options):
        update_done = sysupgrade.get_upgrade_state('winsync', 'passsync_privilege_updated')
        if update_done:
            root_logger.debug("PassSync privilege update not needed")
            return False, []

        root_logger.debug("Add PassSync user as a member of PassSync privilege")
        ldap = self.api.Backend.ldap2
        passsync_dn = DN(('uid','passsync'), ('cn', 'sysaccounts'), ('cn', 'etc'),
            self.api.env.basedn)
        passsync_privilege_dn = DN(('cn','PassSync Service'),
                self.api.env.container_privilege,
                self.api.env.basedn)

        try:
            entry = ldap.get_entry(passsync_dn, [''])
        except errors.NotFound:
            root_logger.debug("PassSync user not found, no update needed")
            sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
            return False, []
        else:
            root_logger.debug("PassSync user found, do update")

        update = {'dn': passsync_privilege_dn,
                  'updates': [
                      dict(action='add', attr='member', value=passsync_dn),
                  ]
        }

        sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
        return False, [update]

api.register(update_passync_privilege_update)