Imported Debian patch 4.7.2-3

2019-05-06 08:43:34 +03:00
parent 27edeba051
commit 8bc559c5a1
917 changed files with 1068993 additions and 1184676 deletions
--- a/ipaserver/dnssec/odsmgr.py
+++ b/ipaserver/dnssec/odsmgr.py
@@ -5,14 +5,12 @@
 import logging

 import dns.name
-import re
 try:
    from xml.etree import cElementTree as etree
 except ImportError:
    from xml.etree import ElementTree as etree

 from ipapython import ipa_log_manager, ipautil
-from ipaserver.dnssec.opendnssec import tasks

 logger = logging.getLogger(__name__)

@@ -21,7 +19,7 @@ ENTRYUUID_PREFIX = "/var/lib/ipa/dns/zone/entryUUID/"
 ENTRYUUID_PREFIX_LEN = len(ENTRYUUID_PREFIX)


-class ZoneListReader:
+class ZoneListReader(object):
    def __init__(self):
        self.names = set()  # dns.name
        self.uuids = set()  # UUID strings
@@ -121,7 +119,7 @@ class LDAPZoneListReader(ZoneListReader):
            self._del_zone(zone_ldap['idnsname'][0], uuid)


-class ODSMgr:
+class ODSMgr(object):
    """OpenDNSSEC zone manager. It does LDAP->ODS synchronization.

    Zones with idnsSecInlineSigning attribute = TRUE in LDAP are added
@@ -132,75 +130,42 @@ class ODSMgr:
        self.zl_ldap = LDAPZoneListReader()

    def ksmutil(self, params):
-        """Call ods-ksmutil / ods-enforcer with parameters and return stdout.
+        """Call ods-ksmutil with given parameters and return stdout.

        Raises CalledProcessError if returncode != 0.
        """
-        result = tasks.run_ods_manager(params, capture_output=True)
+        cmd = ['ods-ksmutil'] + params
+        result = ipautil.run(cmd, capture_output=True)
        return result.output

    def get_ods_zonelist(self):
        stdout = self.ksmutil(['zonelist', 'export'])
-        try:
-            reader = ODSZoneListReader(stdout)
-        except etree.ParseError:
-            # With OpenDNSSEC 2, the above command returns a message
-            # containing the zonelist filename instead of the XML text:
-            # "Exported zonelist to /etc/opendnssec/zonelist.xml successfully"
-            # extract the filename and read its content
-            pattern = re.compile(r'.* (/.*) .*')
-            matches = re.findall(pattern, stdout)
-            if matches:
-                with open(matches[0]) as f:
-                    content = f.read()
-                reader = ODSZoneListReader(content)
-
+        reader = ODSZoneListReader(stdout)
        return reader

    def add_ods_zone(self, uuid, name):
        zone_path = '%s%s' % (ENTRYUUID_PREFIX, uuid)
-        if name != dns.name.root:
-            name = name.relativize(dns.name.root)
        cmd = ['zone', 'add', '--zone', str(name), '--input', zone_path]
-        output = None
-        try:
-            output = self.ksmutil(cmd)
-        except ipautil.CalledProcessError as e:
-            # Zone already exists in HSM
-            if e.returncode == 1 \
-                    and str(e.output).endswith(str(name) + ' already exists!'):
-                # Just return
-                return
-        if output is not None:
-            logger.info('%s', output)
-            self.notify_enforcer()
+        output = self.ksmutil(cmd)
+        logger.info('%s', output)
+        self.notify_enforcer()

    def del_ods_zone(self, name):
        # ods-ksmutil blows up if zone name has period at the end
-        if name != dns.name.root:
-            name = name.relativize(dns.name.root)
+        name = name.relativize(dns.name.root)
        # detect if name is root zone
        if name == dns.name.empty:
            name = dns.name.root
        cmd = ['zone', 'delete', '--zone', str(name)]
-        output = None
-        try:
-            output = self.ksmutil(cmd)
-        except ipautil.CalledProcessError as e:
-            # Zone already doesn't exist in HSM
-            if e.returncode == 1 \
-                    and str(e.output).endswith(str(name) + ' not found!'):
-                # Just cleanup signer, no need to notify enforcer
-                self.cleanup_signer(name)
-                return
-        if output is not None:
-            logger.info('%s', output)
-            self.notify_enforcer()
-            self.cleanup_signer(name)
+        output = self.ksmutil(cmd)
+        logger.info('%s', output)
+        self.notify_enforcer()
+        self.cleanup_signer(name)

    def notify_enforcer(self):
-        result = tasks.run_ods_notify(capture_output=True)
-        logger.info('%s', result.output)
+        cmd = ['notify']
+        output = self.ksmutil(cmd)
+        logger.info('%s', output)

    def cleanup_signer(self, zone_name):
        cmd = ['ods-signer', 'ldap-cleanup', str(zone_name)]