diff options
-rw-r--r-- | install/updates/60-trusts.update | 5 | ||||
-rw-r--r-- | ipaserver/install/plugins/Makefile.am | 1 | ||||
-rw-r--r-- | ipaserver/install/plugins/update_pacs.py | 57 |
3 files changed, 58 insertions, 5 deletions
diff --git a/install/updates/60-trusts.update b/install/updates/60-trusts.update index f63651f7..1b251154 100644 --- a/install/updates/60-trusts.update +++ b/install/updates/60-trusts.update @@ -73,11 +73,6 @@ replace:aci:'(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword | dn: cn=ipaConfig,cn=etc,$SUFFIX addifnew: ipaKrbAuthzData: MS-PAC -# Add authorization data type NONE for NFS because the hardcoded default was -# removed. -dn: cn=ipaConfig,cn=etc,$SUFFIX -add: ipaKrbAuthzData: nfs:NONE - # Fix typo in some installs in the spelling of ORDERING. They were added # with a typo which was silently dropped by 389-ds-base, so add in the # proper ordering syntax now. diff --git a/ipaserver/install/plugins/Makefile.am b/ipaserver/install/plugins/Makefile.am index a0c62ca7..624e8268 100644 --- a/ipaserver/install/plugins/Makefile.am +++ b/ipaserver/install/plugins/Makefile.am @@ -10,6 +10,7 @@ app_PYTHON = \ updateclient.py \ update_services.py \ update_anonymous_aci.py \ + update_pacs.py \ $(NULL) EXTRA_DIST = \ diff --git a/ipaserver/install/plugins/update_pacs.py b/ipaserver/install/plugins/update_pacs.py new file mode 100644 index 00000000..653456bb --- /dev/null +++ b/ipaserver/install/plugins/update_pacs.py @@ -0,0 +1,57 @@ +# Authors: +# Tomas Babej <tbabej@redhat.com> +# +# Copyright (C) 2013 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from ipaserver.install.plugins import MIDDLE +from ipaserver.install.plugins.baseupdate import PostUpdate +from ipalib import api, errors +from ipapython.dn import DN + + +class update_pacs(PostUpdate): + """ + Includes default nfs:None only if no nfs: PAC present in ipakrbauthzdata. + """ + + order = MIDDLE + + def execute(self, **options): + ldap = self.obj.backend + + try: + dn = DN('cn=ipaConfig', 'cn=etc', api.env.basedn) + entry = ldap.get_entry(dn, ['ipakrbauthzdata']) + pacs = entry.get('ipakrbauthzdata', []) + except errors.NotFound: + self.log.warning('Error retrieving: %s' % str(dn)) + return (False, False, []) + + nfs_pac_set = any(pac.startswith('nfs:') for pac in pacs) + + if not nfs_pac_set: + self.log.debug('Adding nfs:NONE to default PAC types') + + updated_pacs = pacs + [u'nfs:NONE'] + entry['ipakrbauthzdata'] = updated_pacs + ldap.update_entry(entry) + else: + self.log.debug('PAC for nfs is already set, not adding nfs:NONE.') + + return (False, False, []) + +api.register(update_pacs) |