From d4a0fa34afd30765e5ea6f0df21976a6494f13d6 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 22 Apr 2013 15:21:04 +0200
Subject: Fix syntax errors in schema files

- add missing closing parenthesis in idnsRecord declaration
- remove extra dollar sign from ipaSudoRule declaration
- handle missing/extraneous X-ORIGIN lines in 10-selinuxusermap.update

This does not use the schema updater because the syntax needs to be
fixed in the files themselves, otherwise 389 1.3.2+ will fail
to start.
Older DS versions transparently fix the syntax errors.

The existing ldap-updater directive for ipaSudoRule is fixed
(ldap-updater runs after upgradeconfig).

https://fedorahosted.org/freeipa/ticket/3578
---
 install/tools/ipa-upgradeconfig | 65 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)

(limited to 'install/tools')

diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 8ae54894..c9574b96 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -777,6 +777,69 @@ def uninstall_selfsign(ds, http):
     ds.stop_tracking_certificates()
     http.stop_tracking_certificates()
 
+
+def fix_schema_file_syntax(ds):
+    """Fix syntax errors in schema files
+
+    https://fedorahosted.org/freeipa/ticket/3578
+    """
+    root_logger.info('[Fix DS schema file syntax]')
+
+    # This is not handled by normal schema updates, because pre-1.3.2 DS will
+    # ignore (auto-fix) these syntax errors, and 1.3.2 and above will choke on
+    # them before checking dynamic schema updates.
+
+    if sysupgrade.get_upgrade_state('ds', 'fix_schema_syntax'):
+        root_logger.info('Syntax already fixed')
+        return
+
+    serverid = dsinstance.realm_to_serverid(api.env.realm)
+
+    ds.stop(serverid)
+
+    ds_dir = dsinstance.config_dirname(serverid)
+
+    # 1. 60ipadns.ldif: Add parenthesis to idnsRecord
+
+    filename = os.path.join(ds_dir, 'schema', '60ipadns.ldif')
+    result_lines = []
+    with open(filename) as file:
+        for line in file:
+            line = line.strip('\n')
+            if (line.startswith('objectClasses:') and
+                    "NAME 'idnsRecord'" in line and
+                    line.count('(') == 2 and
+                    line.count(')') == 1):
+                root_logger.debug('Add closing parenthesis in idnsRecord')
+                line += ' )'
+            result_lines.append(line)
+
+    with open(filename, 'w') as file:
+        file.write('\n'.join(result_lines))
+
+    # 2. 65ipasudo.ldif: Remove extra dollar from ipaSudoRule
+
+    filename = os.path.join(ds_dir, 'schema', '65ipasudo.ldif')
+    result_lines = []
+    with open(filename) as file:
+        for line in file:
+            line = line.strip('\n')
+            if (line.startswith('objectClasses:') and
+                    "NAME 'ipaSudoRule'" in line):
+                root_logger.debug('Remove extra dollar sign in ipaSudoRule')
+                line = line.replace('$$', '$')
+            result_lines.append(line)
+
+    with open(filename, 'w') as file:
+        file.write('\n'.join(result_lines))
+
+    # Done
+
+    ds.start(serverid)
+
+    sysupgrade.set_upgrade_state('ds', 'fix_schema_syntax', True)
+
+
 def main():
     """
     Get some basics about the system. If getting those basics fail then
@@ -856,6 +919,8 @@ def main():
 
     ds = dsinstance.DsInstance()
 
+    fix_schema_file_syntax(ds)
+
     uninstall_selfsign(ds, http)
 
     memcache = memcacheinstance.MemcacheInstance()
-- 
cgit