Import Upstream version 4.12.4

2025-08-12 22:28:56 +02:00
parent 03a8170b15
commit 9181ee2487
1629 changed files with 874094 additions and 554378 deletions
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -20,20 +20,18 @@
 from __future__ import absolute_import, print_function

 import logging
-import optparse  # pylint: disable=deprecated-module
 import os
 import shutil
 import sys
 import tempfile
 import time
-import pwd

 import six

 from ipaplatform.paths import paths
 from ipaplatform import services
 from ipalib import api, errors
-from ipapython import version
+from ipapython import version, config
 from ipapython.ipautil import run, write_tmp_file
 from ipapython import admintool, certdb
 from ipapython.dn import DN
@@ -42,6 +40,7 @@ from ipaserver.install import installutils
 from ipapython import ipaldap
 from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
+from lib389.cli_ctl.dblib import run_dbscan

 # pylint: disable=import-error
 if six.PY3:
@@ -126,6 +125,7 @@ class Backup(admintool.AdminTool):
        paths.NAMED_CONF,
        paths.NAMED_CUSTOM_CONF,
        paths.NAMED_CUSTOM_OPTIONS_CONF,
+        paths.NAMED_LOGGING_OPTIONS_CONF,
        paths.NAMED_KEYTAB,
        paths.RESOLV_CONF,
        paths.SYSCONFIG_PKI_TOMCAT,
@@ -185,6 +185,7 @@ class Backup(admintool.AdminTool):
        paths.OPENDNSSEC_KASP_FILE,
        paths.OPENDNSSEC_ZONELIST_FILE,
        paths.OPENDNSSEC_KASP_DB,
+        paths.DNSSEC_OPENSSL_CONF,
        paths.DNSSEC_SOFTHSM2_CONF,
        paths.DNSSEC_SOFTHSM_PIN_SO,
        paths.IPA_ODS_EXPORTER_KEYTAB,
@@ -194,6 +195,8 @@ class Backup(admintool.AdminTool):
        paths.GSSPROXY_CONF,
        paths.HOSTS,
        paths.SYSTEMD_PKI_TOMCAT_IPA_CONF,
+        paths.NETWORK_MANAGER_IPA_CONF,
+        paths.SYSTEMD_RESOLVED_IPA_CONF,
    ) + tuple(
        os.path.join(paths.IPA_NSSDB_DIR, file)
        for file in (certdb.NSS_DBM_FILES + certdb.NSS_SQL_FILES)
@@ -203,6 +206,12 @@ class Backup(admintool.AdminTool):
      paths.VAR_LOG_PKI_DIR,
      paths.VAR_LOG_HTTPD_DIR,
      paths.IPASERVER_INSTALL_LOG,
+      paths.IPASERVER_ADTRUST_INSTALL_LOG,
+      paths.IPASERVER_DNS_INSTALL_LOG,
+      paths.IPASERVER_KRA_INSTALL_LOG,
+      paths.IPAREPLICA_INSTALL_LOG,
+      paths.IPAREPLICA_CONNCHECK_LOG,
+      paths.IPAREPLICA_CA_INSTALL_LOG,
      paths.KADMIND_LOG,
      paths.MESSAGES,
      paths.IPACLIENT_INSTALL_LOG,
@@ -235,7 +244,7 @@ class Backup(admintool.AdminTool):

        parser.add_option(
            "--gpg-keyring", dest="gpg_keyring",
-            help=optparse.SUPPRESS_HELP)
+            help=config.SUPPRESS_HELP)
        parser.add_option(
            "--gpg", dest="gpg", action="store_true",
            default=False, help="Encrypt the backup")
@@ -294,19 +303,16 @@ class Backup(admintool.AdminTool):

        logger.info("Preparing backup on %s", api.env.host)

-        pent = pwd.getpwnam(constants.DS_USER)
-
        self.top_dir = tempfile.mkdtemp("ipa")
-        os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
+        constants.DS_USER.chown(self.top_dir)
        os.chmod(self.top_dir, 0o750)
        self.dir = os.path.join(self.top_dir, "ipa")
        os.mkdir(self.dir, 0o750)
-        os.chown(self.dir, pent.pw_uid, pent.pw_gid)
+        constants.DS_USER.chown(self.dir)
        self.tarfile = None

        self.header = os.path.join(self.top_dir, 'header')

-        cwd = os.getcwd()
        try:
            dirsrv = services.knownservices.dirsrv

@@ -331,8 +337,11 @@ class Backup(admintool.AdminTool):
            instance = ipaldap.realm_to_serverid(api.env.realm)
            if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE %
                              instance):
-                if os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE %
-                                  (instance, 'ipaca')):
+                # Check existence of ipaca backend
+                dbpath = (paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE %
+                          (instance, ""))
+                output = run_dbscan(['-L', dbpath])
+                if 'ipaca/' in output:
                    self.db2ldif(instance, 'ipaca', online=options.online)
                self.db2ldif(instance, 'userRoot', online=options.online)
                self.db2bak(instance, online=options.online)
@@ -359,10 +368,6 @@ class Backup(admintool.AdminTool):
                                 options.gpg_keyring)

        finally:
-            try:
-                os.chdir(cwd)
-            except Exception as e:
-                logger.error('Cannot change directory to %s: %s', cwd, e)
            shutil.rmtree(self.top_dir)

    def check_roles(self, raiseonerr=True):
@@ -495,7 +500,8 @@ class Backup(admintool.AdminTool):
        '''
        logger.info('Backing up %s in %s to LDIF', backend, instance)

-        cn = time.strftime('export_%Y_%m_%d_%H_%M_%S')
+        cn = 'export_{}_{}'.format(
+            backend, time.strftime('%Y_%m_%d_%H_%M_%S'))
        dn = DN(('cn', cn), ('cn', 'export'), ('cn', 'tasks'), ('cn', 'config'))

        ldifname = '%s-%s.ldif' % (instance, backend)
@@ -625,7 +631,7 @@ class Backup(admintool.AdminTool):
    def file_backup(self, options):

        def verify_directories(dirs):
-            return [s for s in dirs if os.path.exists(s)]
+            return [s for s in dirs if s and os.path.exists(s)]

        self.tarfile = os.path.join(self.dir, 'files.tar')

@@ -761,11 +767,10 @@ class Backup(admintool.AdminTool):
                'Unexpected error: %s' % e
            )

-        os.chdir(self.dir)
        args = [
            'tar', '--xattrs', '--selinux', '-czf', filename, '.'
        ]
-        result = run(args, raiseonerr=False)
+        result = run(args, raiseonerr=False, cwd=self.dir)
        if result.returncode != 0:
            raise admintool.ScriptError(
                'tar returned non-zero code %s: %s' %