diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2016-09-01 18:09:05 +0200 |
---|---|---|
committer | Martin Babinsky <mbabinsk@redhat.com> | 2016-09-05 09:20:55 +0200 |
commit | c789b17b2e28ed9008fee076a0db72fe90f7e93f (patch) | |
tree | 8edbb3c069c32f788a1fbd246e532412977bff4c /ipaserver/dcerpc.py | |
parent | 33f8685513e06f6a398036a78407d61c3ac2db86 (diff) | |
download | freeipa-c789b17b2e28ed9008fee076a0db72fe90f7e93f.tar.gz freeipa-c789b17b2e28ed9008fee076a0db72fe90f7e93f.tar.xz freeipa-c789b17b2e28ed9008fee076a0db72fe90f7e93f.zip |
factor out `populate_remote_domain` method into module-level function
This allows for re-use of this method in cases where the caller can not or
wishes not to instantiate local Samba domain to retrieve information about
remote ones.
https://fedorahosted.org/freeipa/ticket/6057
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver/dcerpc.py')
-rw-r--r-- | ipaserver/dcerpc.py | 94 |
1 files changed, 53 insertions, 41 deletions
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 4d98485e1..71b8ba6f1 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -1534,6 +1534,52 @@ def fetch_domains(api, mydomain, trustdomain, creds=None, server=None): return result +def retrieve_remote_domain(hostname, local_flatname, + realm, realm_server=None, + realm_admin=None, realm_passwd=None): + def get_instance(local_flatname): + # Fetch data from foreign domain using password only + rd = TrustDomainInstance('') + rd.parm.set('workgroup', local_flatname) + rd.creds = credentials.Credentials() + rd.creds.set_kerberos_state(credentials.DONT_USE_KERBEROS) + rd.creds.guess(rd.parm) + return rd + + rd = get_instance(local_flatname) + rd.creds.set_anonymous() + rd.creds.set_workstation(hostname) + if realm_server is None: + rd.retrieve_anonymously(realm, discover_srv=True, search_pdc=True) + else: + rd.retrieve_anonymously(realm_server, + discover_srv=False, search_pdc=True) + rd.read_only = True + if realm_admin and realm_passwd: + if 'name' in rd.info: + names = realm_admin.split('\\') + if len(names) > 1: + # realm admin is in DOMAIN\user format + # strip DOMAIN part as we'll enforce the one discovered + realm_admin = names[-1] + auth_string = u"%s\%s%%%s" \ + % (rd.info['name'], realm_admin, realm_passwd) + td = get_instance(local_flatname) + td.creds.parse_string(auth_string) + td.creds.set_workstation(hostname) + if realm_server is None: + # we must have rd.info['dns_hostname'] then + # as it is part of the anonymous discovery + td.retrieve(rd.info['dns_hostname']) + else: + td.retrieve(realm_server) + td.read_only = False + return td + + # Otherwise, use anonymously obtained data + return rd + + class TrustDomainJoins(object): def __init__(self, api): self.api = api @@ -1565,47 +1611,13 @@ class TrustDomainJoins(object): def populate_remote_domain(self, realm, realm_server=None, realm_admin=None, realm_passwd=None): - def get_instance(self): - # Fetch data from foreign domain using password only - rd = TrustDomainInstance('') - rd.parm.set('workgroup', self.local_domain.info['name']) - rd.creds = credentials.Credentials() - rd.creds.set_kerberos_state(credentials.DONT_USE_KERBEROS) - rd.creds.guess(rd.parm) - return rd - - rd = get_instance(self) - rd.creds.set_anonymous() - rd.creds.set_workstation(self.local_domain.hostname) - if realm_server is None: - rd.retrieve_anonymously(realm, discover_srv=True, search_pdc=True) - else: - rd.retrieve_anonymously(realm_server, - discover_srv=False, search_pdc=True) - rd.read_only = True - if realm_admin and realm_passwd: - if 'name' in rd.info: - names = realm_admin.split('\\') - if len(names) > 1: - # realm admin is in DOMAIN\user format - # strip DOMAIN part as we'll enforce the one discovered - realm_admin = names[-1] - auth_string = u"%s\%s%%%s" \ - % (rd.info['name'], realm_admin, realm_passwd) - td = get_instance(self) - td.creds.parse_string(auth_string) - td.creds.set_workstation(self.local_domain.hostname) - if realm_server is None: - # we must have rd.info['dns_hostname'] then - # as it is part of the anonymous discovery - td.retrieve(rd.info['dns_hostname']) - else: - td.retrieve(realm_server) - td.read_only = False - self.remote_domain = td - return - # Otherwise, use anonymously obtained data - self.remote_domain = rd + self.remote_domain = retrieve_remote_domain( + self.local_domain.hostname, + self.local_domain.info['name'], + realm, + realm_server=realm_server, + realm_admin=realm_admin, + realm_passwd=realm_passwd) def get_realmdomains(self): """ |