Imported Debian patch 4.7.2-3

2019-05-06 08:43:34 +03:00
parent 27edeba051
commit 8bc559c5a1
917 changed files with 1068993 additions and 1184676 deletions
--- a/daemons/dnssec/ipa-dnskeysync-replica.in
+++ b/daemons/dnssec/ipa-dnskeysync-replica.in
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+@PYTHONSHEBANG@
 #
 # Copyright (C) 2014  FreeIPA Contributors see COPYING for license
 #
@@ -14,7 +14,6 @@ import os
 import sys

 import ipalib
-from ipalib import errors
 from ipalib.constants import SOFTHSM_DNSSEC_TOKEN_LABEL
 from ipalib.install.kinit import kinit_keytab
 from ipapython.dn import DN
@@ -58,7 +57,6 @@ def find_unwrapping_key(localhsm, wrapping_key_uri):
        unwrap_keys = localhsm.find_keys(id=key_id, cka_unwrap=True)
        if len(unwrap_keys) > 0:
            return unwrap_keys.popitem()[1]
-    return None

 def ldap2replica_master_keys_sync(ldapkeydb, localhsm):
    ## LDAP -> replica master key synchronization
@@ -164,33 +162,23 @@ except GSSError as e:
 os.environ['KRB5CCNAME'] = ccache_filename
 logger.debug('Got TGT')

-keys_dn = DN(
-    ('cn', 'keys'), ('cn', 'sec'),
-    ipalib.api.env.container_dns,
-    ipalib.api.env.basedn
-)
+# LDAP initialization
+ldap = ipaldap.LDAPClient(ipalib.api.env.ldap_uri)
+logger.debug('Connecting to LDAP')
+ldap.gssapi_bind()
+logger.debug('Connected')

-with open(paths.DNSSEC_SOFTHSM_PIN) as f:
-    localhsm = LocalHSM(
-        paths.LIBSOFTHSM2_SO,
-        SOFTHSM_DNSSEC_TOKEN_LABEL,
-        f.read()
-    )

-try:
-    # LDAP initialization
-    ldap = ipaldap.LDAPClient(ipalib.api.env.ldap_uri)
-    logger.debug('Connecting to LDAP')
-    ldap.gssapi_bind()
-    logger.debug('Connected')
+### DNSSEC master: key synchronization
+ldapkeydb = LdapKeyDB(ldap, DN(('cn', 'keys'),
+                               ('cn', 'sec'),
+                               ipalib.api.env.container_dns,
+                               ipalib.api.env.basedn))

-    ### DNSSEC master: key synchronization
-    ldapkeydb = LdapKeyDB(ldap, keys_dn)
-    ldap2replica_master_keys_sync(ldapkeydb, localhsm)
-    ldap2replica_zone_keys_sync(ldapkeydb, localhsm)
-except (errors.NetworkError, errors.DatabaseError) as e:
-    # SERVER_DOWN, CONNECT_ERROR
-    logger.error("LDAP server is down: %s", e)
-    sys.exit(1)
-else:
-    sys.exit(0)
+localhsm = LocalHSM(paths.LIBSOFTHSM2_SO, SOFTHSM_DNSSEC_TOKEN_LABEL,
+        open(paths.DNSSEC_SOFTHSM_PIN).read())
+
+ldap2replica_master_keys_sync(ldapkeydb, localhsm)
+ldap2replica_zone_keys_sync(ldapkeydb, localhsm)
+
+sys.exit(0)