diff options
| author | Martin Basti <mbasti@redhat.com> | 2014-07-03 15:50:27 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-04 12:48:50 +0200 |
| commit | f8b6595f4999740a704bcdae6d4f9b5021f7f61f (patch) | |
| tree | 54bd25f9f6d1618835aa380502693519f0d358fa | |
| parent | 3461be5c78dcc77a758235dce6f0cc8e370a0310 (diff) | |
| download | freeipa-f8b6595f4999740a704bcdae6d4f9b5021f7f61f.tar.gz freeipa-f8b6595f4999740a704bcdae6d4f9b5021f7f61f.tar.xz freeipa-f8b6595f4999740a704bcdae6d4f9b5021f7f61f.zip | |
Restore privileges after forward zones update
Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Petr Spacek <pspacek@redhat.com>
| -rw-r--r-- | ipaserver/install/plugins/dns.py | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py index d2a9500c5..07c0325d7 100644 --- a/ipaserver/install/plugins/dns.py +++ b/ipaserver/install/plugins/dns.py @@ -210,6 +210,10 @@ class update_master_to_dnsforwardzones(PostUpdate): # add time to filename self.backup_path = time.strftime(self.backup_path) + # DNs of privileges which contain dns managed permissions + privileges_to_ldif = set() # store priviledges only once + zone_to_privileges = {} # zone: [privileges cn] + self.log.info('Zones with specified forwarders with policy different' ' than none will be transformed to forward zones.') self.log.info('Original zones will be saved in LDIF format in ' @@ -228,8 +232,14 @@ class update_master_to_dnsforwardzones(PostUpdate): if 'managedBy' in zone: entry = ldap.get_entry(DN(zone['managedBy'][0])) + for privilege_member_dn in entry.get('member', []): + privileges_to_ldif.add(privilege_member_dn) writer.unparse(str(entry.dn), dict(entry.raw)) + # privileges where permission is used + if entry.get('member'): + zone_to_privileges[zone['idnsname'][0]] = entry['member'] + # raw values are required to store into ldif records = api.Command['dnsrecord_find']( zone['idnsname'][0], @@ -249,6 +259,17 @@ class update_master_to_dnsforwardzones(PostUpdate): zone['idnsname'][0]) self.log.error(traceback.format_exc()) return (False, False, []) + + for privilege_dn in privileges_to_ldif: + try: + entry = ldap.get_entry(privilege_dn) + writer.unparse(str(entry.dn), dict(entry.raw)) + except Exception, e: + self.log.error('Unable to backup privilege %s' % + privilege_dn) + self.log.error(traceback.format_exc()) + return (False, False, []) + f.close() except Exception: self.log.error('Unable to create backup file') @@ -285,7 +306,8 @@ class update_master_to_dnsforwardzones(PostUpdate): # create permission if original zone has one if 'managedBy' in zone: try: - api.Command['dnsforwardzone_add_permission'](zone['idnsname'][0]) + perm_name = api.Command['dnsforwardzone_add_permission']( + zone['idnsname'][0])['value'] except Exception, e: self.log.error('Transform to forwardzone terminated: ' 'Adding managed by permission to forward zone' @@ -296,9 +318,28 @@ class update_master_to_dnsforwardzones(PostUpdate): zone['idnsname'][0]) continue + else: + if zone['idnsname'][0] in zone_to_privileges: + privileges = [ + dn[0].value for dn in zone_to_privileges[zone['idnsname'][0]] + ] + try: + api.Command['permission_add_member'](perm_name, + privilege=privileges) + except Exception, e: + self.log.error('Unable to restore privileges for ' + 'permission %s, for zone %s' + % (perm_name, zone['idnsname'])) + self.log.error(traceback.format_exc()) + self.log.info('Zone %s was transformed to forward zone' + ' without restored privileges', + zone['idnsname'][0]) + continue + self.log.info('Zone %s was sucessfully transformed to forward zone', zone['idnsname'][0]) + sysupgrade.set_upgrade_state('dns', 'update_to_forward_zones', False) return (False, False, []) |