replica install: add remote connection check over API

Add server_conncheck command which calls ipa-replica-conncheck --replica over oddjob. https://fedorahosted.org/freeipa/ticket/5497 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2015-12-09 08:18:21 +0100
committer: Tomas Babej <tbabej@redhat.com> 2015-12-11 18:44:13 +0100
commit: 8d7f67e08c8320712321501451e4a444b89a4423 (patch)
tree: ced31cce2bf2c83a8d1e3106d6b72f8b5c9bff80 /install/oddjob
parent: 00f591d4e93cfe1f6f020a1c708a3d90b5b34288 (diff)
download: freeipa-8d7f67e08c8320712321501451e4a444b89a4423.tar.gz
freeipa-8d7f67e08c8320712321501451e4a444b89a4423.tar.xz
freeipa-8d7f67e08c8320712321501451e4a444b89a4423.zip
4 files changed, 46 insertions, 0 deletions
diff --git a/install/oddjob/Makefile.am b/install/oddjob/Makefile.am
index 5cdaf2b29..fb64f6cf4 100644
--- a/install/oddjob/Makefile.am
+++ b/install/oddjob/Makefile.am
@@ -6,14 +6,17 @@ dbusconfdir = $(sysconfdir)/dbus-1/system.d
 
 oddjob_SCRIPTS =				\
 	com.redhat.idm.trust-fetch-domains	\
+	org.freeipa.server.conncheck		\
 	$(NULL)
 
 dbusconf_DATA =						\
 	etc/dbus-1/system.d/oddjob-ipa-trust.conf	\
+	etc/dbus-1/system.d/org.freeipa.server.conf	\
 	$(NULL)
 
 oddjobconf_DATA =					\
 	etc/oddjobd.conf.d/oddjobd-ipa-trust.conf	\
+	etc/oddjobd.conf.d/ipa-server.conf		\
 	$(NULL)
 
 
diff --git a/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf b/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf
new file mode 100644
index 000000000..b2cbf746f
--- /dev/null
+++ b/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf
@@ -0,0 +1,21 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+
+  <policy user="root">
+    <allow own="org.freeipa.server"/>
+
+    <allow send_destination="org.freeipa.server" send_interface="org.freeipa.server"/>
+  </policy>
+
+  <policy user="apache">
+    <allow send_destination="org.freeipa.server" send_interface="org.freeipa.server"/>
+  </policy>
+
+  <policy context="default">
+    <allow send_destination="org.freeipa.server" send_interface="org.freedesktop.DBus.Introspectable"/>
+  </policy>
+
+</busconfig>
diff --git a/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf b/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
new file mode 100644
index 000000000..3f806966b
--- /dev/null
+++ b/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<oddjobconfig>
+  <service name="org.freeipa.server">
+    <allow user="root"/>
+    <allow user="apache"/>
+    <object name="/">
+      <interface name="org.freeipa.server">
+        <method name="conncheck">
+          <helper exec="/usr/libexec/ipa/oddjob/org.freeipa.server.conncheck"
+                  arguments="1"
+                  prepend_user_name="no"
+                  argument_passing_method="cmdline"/>
+        </method>
+      </interface>
+      <interface name="org.freedesktop.DBus.Introspectable">
+        <allow min_uid="0" max_uid="0"/>
+      </interface>
+    </object>
+  </service>
+</oddjobconfig>
diff --git a/install/oddjob/org.freeipa.server.conncheck b/install/oddjob/org.freeipa.server.conncheck
new file mode 100755
index 000000000..ab7a46a86
--- /dev/null
+++ b/install/oddjob/org.freeipa.server.conncheck
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/sbin/ipa-replica-conncheck --replica "$1" 2>&1
author	Jan Cholasta <jcholast@redhat.com>	2015-12-09 08:18:21 +0100
committer	Tomas Babej <tbabej@redhat.com>	2015-12-11 18:44:13 +0100
commit	8d7f67e08c8320712321501451e4a444b89a4423 (patch)
tree	ced31cce2bf2c83a8d1e3106d6b72f8b5c9bff80 /install/oddjob
parent	00f591d4e93cfe1f6f020a1c708a3d90b5b34288 (diff)
download	freeipa-8d7f67e08c8320712321501451e4a444b89a4423.tar.gz freeipa-8d7f67e08c8320712321501451e4a444b89a4423.tar.xz freeipa-8d7f67e08c8320712321501451e4a444b89a4423.zip