websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Debian patch 4.0.5-6~numeezy

Browse Source
This commit is contained in:
Alexandre Ellert
2016-02-17 15:07:45 +01:00
committed by Mario Fetka
parent c44de33144
commit 10dfc9587b
1203 changed files with 53869 additions and 241462 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
ipaserver/install/plugins/dns.py
View File

@@ -18,20 +18,22 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import ldap as _ldap
import re
import traceback
import time
from ldif import LDIFWriter
from ipaserver.install.plugins import MIDDLE, LAST
from ipaserver.install.plugins.baseupdate import (PostUpdate, PreUpdate,
PreSchemaUpdate)
from ipaserver.install import sysupgrade
from ipalib import api, errors, util
from ipalib import Updater
from ipapython.dn import DN
from ipalib.plugins.dns import dns_container_exists
from ipapython.ipa_log_manager import *
class update_dnszones(Updater):
class update_dnszones(PostUpdate):
"""
Update all zones to meet requirements in the new FreeIPA versions
@@ -55,17 +57,18 @@ class update_dnszones(Updater):
This module extends the original policy to allow the SSHFP updates.
"""
order=MIDDLE
def execute(self, **options):
ldap = self.api.Backend.ldap2
ldap = self.obj.backend
if not dns_container_exists(ldap):
return False, []
return (False, False, [])
try:
zones = self.api.Command.dnszone_find(all=True)['result']
zones = api.Command.dnszone_find(all=True)['result']
except errors.NotFound:
self.log.debug('No DNS zone to update found')
return False, []
self.log.info('No DNS zone to update found')
return (False, False, [])
for zone in zones:
update = {}
@@ -77,23 +80,20 @@ class update_dnszones(Updater):
# do not open zone transfers by default
update['idnsallowtransfer'] = u'none;'
old_policy = util.get_dns_forward_zone_update_policy(
self.api.env.realm, ('A', 'AAAA'))
old_policy = util.get_dns_forward_zone_update_policy(api.env.realm, ('A', 'AAAA'))
if zone.get('idnsupdatepolicy', [''])[0] == old_policy:
update['idnsupdatepolicy'] = util.get_dns_forward_zone_update_policy(\
self.api.env.realm)
api.env.realm)
if update:
# FIXME: https://fedorahosted.org/freeipa/ticket/4722
self.api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(),
**update)
api.Command.dnszone_mod(zone[u'idnsname'][0], **update)
return False, []
return (False, False, [])
api.register(update_dnszones)
class update_dns_limits(Updater):
class update_dns_limits(PostUpdate):
"""
bind-dyndb-ldap persistent search queries LDAP for all DNS records.
The LDAP connection must have no size or time limits to work
@@ -104,10 +104,10 @@ class update_dns_limits(Updater):
limit_value = '-1'
def execute(self, **options):
ldap = self.api.Backend.ldap2
ldap = self.obj.backend
if not dns_container_exists(ldap):
return False, []
return (False, False, [])
dns_principal = 'DNS/%s@%s' % (self.env.host, self.env.realm)
dns_service_dn = DN(('krbprincipalname', dns_principal),
@@ -119,29 +119,56 @@ class update_dns_limits(Updater):
except errors.NotFound:
# this host may not have DNS service set
root_logger.debug("DNS: service %s not found, no need to update limits" % dns_service_dn)
return False, []
return (False, False, [])
if all(entry.get(limit.lower(), [None])[0] == self.limit_value for limit in self.limit_attributes):
root_logger.debug("DNS: limits for service %s already set" % dns_service_dn)
# service is already updated
return False, []
return (False, False, [])
limit_updates = []
for limit in self.limit_attributes:
limit_updates.append(dict(action='only', attr=limit,
value=self.limit_value))
limit_updates.append('only:%s:%s' % (limit, self.limit_value))
dnsupdate = {'dn': dns_service_dn, 'updates': limit_updates}
dnsupdates = {}
dnsupdates[dns_service_dn] = {'dn': dns_service_dn,
'updates': limit_updates}
root_logger.debug("DNS: limits for service %s will be updated" % dns_service_dn)
return False, [dnsupdate]
return (False, True, [dnsupdates])
api.register(update_dns_limits)
class update_master_to_dnsforwardzones(Updater):
class update_check_forwardzones(PreSchemaUpdate):
"""
Check if the idnsforwardzone objectclass is in LDAP schema.
If not update is required (update_to_forward_zones), set sysupgrade state
'update_to_forward_zones' to True
"""
def execute(self, **options):
state = sysupgrade.get_upgrade_state('dns', 'update_to_forward_zones')
if state is False:
# no upgrade is needed
return (False, False, [])
ldap = self.obj.backend
if not dns_container_exists(ldap): # No DNS installed
return (False, False, [])
result = ldap.schema.get_obj(_ldap.schema.models.ObjectClass, 'idnsforwardzone')
if result is None:
sysupgrade.set_upgrade_state('dns', 'update_to_forward_zones', True)
self.log.info('Prepared upgrade to forward zones')
else:
sysupgrade.set_upgrade_state('dns', 'update_to_forward_zones', False)
return (False, False, [])
api.register(update_check_forwardzones)
class update_master_to_dnsforwardzones(PostUpdate):
"""
Update all zones to meet requirements in the new FreeIPA versions
@@ -151,59 +178,26 @@ class update_master_to_dnsforwardzones(Updater):
This should be applied only once, and only if original version was lower than 4.0
"""
order = LAST
backup_dir = u'/var/lib/ipa/backup/'
backup_filename = u'dns-forward-zones-backup-%Y-%m-%d-%H-%M-%S.ldif'
backup_path = u'%s%s' % (backup_dir, backup_filename)
def execute(self, **options):
ldap = self.api.Backend.ldap2
# check LDAP if forwardzones already uses new semantics
dns_container_dn = DN(self.api.env.container_dns, self.api.env.basedn)
try:
container_entry = ldap.get_entry(dns_container_dn)
except errors.NotFound:
# DNS container not found, nothing to upgrade
return False, []
ldap = self.obj.backend
if not sysupgrade.get_upgrade_state('dns', 'update_to_forward_zones'):
# forward zones was tranformed before, nothing to do
return (False, False, [])
for config_option in container_entry.get("ipaConfigString", []):
matched = re.match("^DNSVersion\s+(?P<version>\d+)$",
config_option, flags=re.I)
if matched and int(matched.group("version")) >= 1:
# forwardzones already uses new semantics,
# no upgrade is required
return False, []
self.log.debug('Updating forward zones')
# update the DNSVersion, following upgrade can be executed only once
container_entry.setdefault(
'ipaConfigString', []).append(u"DNSVersion 1")
ldap.update_entry(container_entry)
# Updater in IPA version from 4.0 to 4.1.2 doesn't work well, this
# should detect if update in past has been executed, and set proper
# DNSVersion into LDAP
try:
fwzones = self.api.Command.dnsforwardzone_find()['result']
except errors.NotFound:
# No forwardzones found, update probably has not been executed yet
pass
else:
if fwzones:
# fwzones exist, do not execute upgrade again
return False, []
zones = []
try:
# raw values are required to store into ldif
zones = self.api.Command.dnszone_find(all=True,
zones = api.Command.dnszone_find(all=True,
raw=True,
sizelimit=0)['result']
except errors.NotFound:
pass
if not zones:
self.log.debug('No DNS zone to update found')
return False, []
self.log.info('No DNS zone to update found')
return (False, False, [])
zones_to_transform = []
@@ -251,7 +245,7 @@ class update_master_to_dnsforwardzones(Updater):
zone_to_privileges[zone['idnsname'][0]] = entry['member']
# raw values are required to store into ldif
records = self.api.Command['dnsrecord_find'](
records = api.Command['dnsrecord_find'](
zone['idnsname'][0],
all=True,
raw=True,
@@ -264,34 +258,34 @@ class update_master_to_dnsforwardzones(Updater):
del record['dn']
writer.unparse(dn, record)
except Exception as e:
except Exception, e:
self.log.error('Unable to backup zone %s' %
zone['idnsname'][0])
self.log.error(traceback.format_exc())
return False, []
return (False, False, [])
for privilege_dn in privileges_to_ldif:
try:
entry = ldap.get_entry(privilege_dn)
writer.unparse(str(entry.dn), dict(entry.raw))
except Exception as e:
except Exception, e:
self.log.error('Unable to backup privilege %s' %
privilege_dn)
self.log.error(traceback.format_exc())
return False, []
return (False, False, [])
f.close()
except Exception:
self.log.error('Unable to create backup file')
self.log.error(traceback.format_exc())
return False, []
return (False, False, [])
# update
for zone in zones_to_transform:
# delete master zone
try:
self.api.Command['dnszone_del'](zone['idnsname'])
except Exception as e:
api.Command['dnszone_del'](zone['idnsname'])
except Exception, e:
self.log.error('Transform to forwardzone terminated: '
'removing zone %s failed (%s)' % (
zone['idnsname'][0], e)
@@ -305,8 +299,8 @@ class update_master_to_dnsforwardzones(Updater):
'idnsforwarders': zone.get('idnsforwarders', []),
'idnsforwardpolicy': zone.get('idnsforwardpolicy', [u'first'])[0]
}
self.api.Command['dnsforwardzone_add'](zone['idnsname'][0], **kw)
except Exception as e:
api.Command['dnsforwardzone_add'](zone['idnsname'][0], **kw)
except Exception, e:
self.log.error('Transform to forwardzone terminated: creating '
'forwardzone %s failed' %
zone['idnsname'][0])
@@ -316,9 +310,9 @@ class update_master_to_dnsforwardzones(Updater):
# create permission if original zone has one
if 'managedBy' in zone:
try:
perm_name = self.api.Command['dnsforwardzone_add_permission'](
perm_name = api.Command['dnsforwardzone_add_permission'](
zone['idnsname'][0])['value']
except Exception as e:
except Exception, e:
self.log.error('Transform to forwardzone terminated: '
'Adding managed by permission to forward zone'
' %s failed' % zone['idnsname'])
@@ -334,9 +328,9 @@ class update_master_to_dnsforwardzones(Updater):
dn[0].value for dn in zone_to_privileges[zone['idnsname'][0]]
]
try:
self.api.Command['permission_add_member'](perm_name,
api.Command['permission_add_member'](perm_name,
privilege=privileges)
except Exception as e:
except Exception, e:
self.log.error('Unable to restore privileges for '
'permission %s, for zone %s'
% (perm_name, zone['idnsname']))
@@ -346,9 +340,12 @@ class update_master_to_dnsforwardzones(Updater):
zone['idnsname'][0])
continue
self.log.debug('Zone %s was sucessfully transformed to forward zone',
self.log.info('Zone %s was sucessfully transformed to forward zone',
zone['idnsname'][0])
return False, []
sysupgrade.set_upgrade_state('dns', 'update_to_forward_zones', False)
return (False, False, [])
api.register(update_master_to_dnsforwardzones)