From 75f080132421d7f3cfe6f82ab0d446f563a5d7bf Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Thu, 11 Apr 2013 16:59:41 +0200
Subject: Add nfs:NONE to default PAC types only when needed

We need to add nfs:NONE as a default PAC type only if there's no
other default PAC type for nfs. Adds a update plugin which
determines whether default PAC type for nfs is set and adds
nfs:NONE PAC type accordingly.

https://fedorahosted.org/freeipa/ticket/3555
---
 ipaserver/install/plugins/update_pacs.py | 57 ++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 ipaserver/install/plugins/update_pacs.py

(limited to 'ipaserver/install/plugins/update_pacs.py')

diff --git a/ipaserver/install/plugins/update_pacs.py b/ipaserver/install/plugins/update_pacs.py
new file mode 100644
index 00000000..653456bb
--- /dev/null
+++ b/ipaserver/install/plugins/update_pacs.py
@@ -0,0 +1,57 @@
+# Authors:
+#   Tomas Babej <tbabej@redhat.com>
+#
+# Copyright (C) 2013  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from ipaserver.install.plugins import MIDDLE
+from ipaserver.install.plugins.baseupdate import PostUpdate
+from ipalib import api, errors
+from ipapython.dn import DN
+
+
+class update_pacs(PostUpdate):
+    """
+    Includes default nfs:None only if no nfs: PAC present in ipakrbauthzdata.
+    """
+
+    order = MIDDLE
+
+    def execute(self, **options):
+        ldap = self.obj.backend
+
+        try:
+            dn = DN('cn=ipaConfig', 'cn=etc', api.env.basedn)
+            entry = ldap.get_entry(dn, ['ipakrbauthzdata'])
+            pacs = entry.get('ipakrbauthzdata', [])
+        except errors.NotFound:
+            self.log.warning('Error retrieving: %s' % str(dn))
+            return (False, False, [])
+
+        nfs_pac_set = any(pac.startswith('nfs:') for pac in pacs)
+
+        if not nfs_pac_set:
+            self.log.debug('Adding nfs:NONE to default PAC types')
+
+            updated_pacs = pacs + [u'nfs:NONE']
+            entry['ipakrbauthzdata'] = updated_pacs
+            ldap.update_entry(entry)
+        else:
+            self.log.debug('PAC for nfs is already set, not adding nfs:NONE.')
+
+        return (False, False, [])
+
+api.register(update_pacs)
-- 
cgit