ipaserver/install/plugins/update_nis.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

#
# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
#

from ipalib.plugable import Registry
from ipalib import errors
from ipalib import Updater
from ipaplatform.paths import paths
from ipapython.dn import DN
from ipaserver.install import sysupgrade
from ipaserver.install.ldapupdate import LDAPUpdate

register = Registry()


@register()
class update_nis_configuration(Updater):
    """Update NIS configuration

    NIS configuration can be updated only if NIS Server was configured via
    ipa-nis-manage command.
    """

    def __recover_from_missing_maps(self, ldap):
        # https://fedorahosted.org/freeipa/ticket/5507
        # if all following DNs are missing, but 'NIS Server' container exists
        # we are experiencig bug and maps should be fixed

        if sysupgrade.get_upgrade_state('nis',
                                        'done_recover_from_missing_maps'):
            # this recover must be done only once, a user may deleted some
            # maps, we do not want to restore them again
            return

        self.log.debug("Recovering from missing NIS maps bug")

        suffix = "cn=NIS Server,cn=plugins,cn=config"
        domain = self.api.env.domain
        missing_dn_list = [
            DN(nis_map.format(domain=domain, suffix=suffix)) for nis_map in [
                "nis-domain={domain}+nis-map=passwd.byname,{suffix}",
                "nis-domain={domain}+nis-map=passwd.byuid,{suffix}",
                "nis-domain={domain}+nis-map=group.byname,{suffix}",
                "nis-domain={domain}+nis-map=group.bygid,{suffix}",
                "nis-domain={domain}+nis-map=netid.byname,{suffix}",
                "nis-domain={domain}+nis-map=netgroup,{suffix}",
            ]
        ]

        for dn in missing_dn_list:
            try:
                ldap.get_entry(dn, attrs_list=['cn'])
            except errors.NotFound:
                pass
            else:
                # bug is not effective, at least one of 'possible missing'
                # maps was detected
                return

        sysupgrade.set_upgrade_state('nis', 'done_recover_from_missing_maps',
                                     True)

        # bug is effective run update to recreate missing maps
        ld = LDAPUpdate(sub_dict={}, ldapi=True)
        ld.update([paths.NIS_ULDIF])

    def execute(self, **options):
        ldap = self.api.Backend.ldap2
        dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
        try:
            ldap.get_entry(dn, attrs_list=['cn'])
        except errors.NotFound:
            # NIS is not configured on system, do not execute update
            self.log.debug("Skipping NIS update, NIS Server is not configured")

            # container does not exist, bug #5507 is not effective
            sysupgrade.set_upgrade_state(
                'nis', 'done_recover_from_missing_maps', True)
        else:
            self.__recover_from_missing_maps(ldap)

            self.log.debug("Executing NIS Server update")
            ld = LDAPUpdate(sub_dict={}, ldapi=True)
            ld.update([paths.NIS_UPDATE_ULDIF])

        return False, ()