Imported Debian patch 4.0.5-6~numeezy

2016-02-17 15:07:45 +01:00
parent c44de33144
commit 10dfc9587b
1203 changed files with 53869 additions and 241462 deletions
--- a/install/migration/migration.py
+++ b/install/migration/migration.py
@@ -22,12 +22,14 @@ Password migration script

 import cgi
 import errno
+import glob
 from wsgiref.util import request_uri

 from ipapython.ipa_log_manager import root_logger
+from ipapython.ipautil import get_ipa_basedn
 from ipapython.dn import DN
 from ipapython.ipaldap import IPAdmin
-from ipalib import errors, create_api
+from ipalib import errors
 from ipaplatform.paths import paths


@@ -43,6 +45,23 @@ def get_ui_url(environ):
    return full_url[:index] + "/ipa/ui"


+def get_base_dn(ldap_uri):
+    """
+    Retrieve LDAP server base DN.
+    """
+    try:
+        conn = IPAdmin(ldap_uri=ldap_uri)
+        conn.do_simple_bind(DN(), '')
+        base_dn = get_ipa_basedn(conn)
+    except Exception, e:
+        root_logger.error('migration context search failed: %s' % e)
+        return ''
+    finally:
+        conn.unbind()
+
+    return base_dn
+
+
 def bind(ldap_uri, base_dn, username, password):
    if not base_dn:
        root_logger.error('migration unable to get base dn')
@@ -51,12 +70,12 @@ def bind(ldap_uri, base_dn, username, password):
    try:
        conn = IPAdmin(ldap_uri=ldap_uri)
        conn.do_simple_bind(bind_dn, password)
-    except (errors.ACIError, errors.DatabaseError, errors.NotFound) as e:
+    except (errors.ACIError, errors.DatabaseError, errors.NotFound), e:
        root_logger.error(
            'migration invalid credentials for %s: %s' % (bind_dn, e))
        raise IOError(
            errno.EPERM, 'Invalid LDAP credentials for user %s' % username)
-    except Exception as e:
+    except Exception, e:
        root_logger.error('migration bind failed: %s' % e)
        raise IOError(errno.EIO, 'Bind error')
    finally:
@@ -68,14 +87,19 @@ def application(environ, start_response):
        return wsgi_redirect(start_response, 'index.html')

    form_data = cgi.FieldStorage(fp=environ['wsgi.input'], environ=environ)
-    if 'username' not in form_data or 'password' not in form_data:
+    if not form_data.has_key('username') or not form_data.has_key('password'):
        return wsgi_redirect(start_response, 'invalid.html')

-    # API object only for configuration, finalize() not needed
-    api = create_api(mode=None)
-    api.bootstrap(context='server', in_server=True)
+    slapd_sockets = glob.glob(paths.ALL_SLAPD_INSTANCE_SOCKETS)
+    if slapd_sockets:
+        ldap_uri = 'ldapi://%s' % slapd_sockets[0].replace('/', '%2f')
+    else:
+        ldap_uri = 'ldaps://localhost:636'
+
+    base_dn = get_base_dn(ldap_uri)
+
    try:
-        bind(api.env.ldap_uri, api.env.basedn,
+        bind(ldap_uri, base_dn,
             form_data['username'].value, form_data['password'].value)
    except IOError as err:
        if err.errno == errno.EPERM: