2015-01-13 11:09:17 -06:00
|
|
|
#
|
|
|
|
|
# Copyright (C) 2014 FreeIPA Contributors see COPYING for license
|
|
|
|
|
#
|
|
|
|
|
|
2016-03-03 08:12:19 -06:00
|
|
|
from ipalib import Registry, errors
|
2015-03-18 09:46:00 -05:00
|
|
|
from ipalib import Updater
|
2015-01-13 11:09:17 -06:00
|
|
|
from ipapython.dn import DN
|
|
|
|
|
from ipapython.ipa_log_manager import root_logger
|
|
|
|
|
from ipaserver.install import sysupgrade
|
|
|
|
|
|
2016-03-03 08:12:19 -06:00
|
|
|
register = Registry()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@register()
|
2015-03-18 09:46:00 -05:00
|
|
|
class update_passync_privilege_check(Updater):
|
2015-01-13 11:09:17 -06:00
|
|
|
|
|
|
|
|
def execute(self, **options):
|
|
|
|
|
update_done = sysupgrade.get_upgrade_state('winsync', 'passsync_privilege_updated')
|
|
|
|
|
if update_done:
|
|
|
|
|
root_logger.debug("PassSync privilege update pre-check not needed")
|
2015-03-17 11:56:34 -05:00
|
|
|
return False, []
|
2015-01-13 11:09:17 -06:00
|
|
|
|
|
|
|
|
root_logger.debug("Check if there is existing PassSync privilege")
|
|
|
|
|
|
|
|
|
|
passsync_privilege_dn = DN(('cn','PassSync Service'),
|
|
|
|
|
self.api.env.container_privilege,
|
|
|
|
|
self.api.env.basedn)
|
|
|
|
|
|
2015-03-18 09:46:00 -05:00
|
|
|
ldap = self.api.Backend.ldap2
|
2015-01-13 11:09:17 -06:00
|
|
|
try:
|
|
|
|
|
ldap.get_entry(passsync_privilege_dn, [''])
|
|
|
|
|
except errors.NotFound:
|
|
|
|
|
root_logger.debug("PassSync privilege not found, this is a new update")
|
|
|
|
|
sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', False)
|
|
|
|
|
else:
|
|
|
|
|
root_logger.debug("PassSync privilege found, skip updating PassSync")
|
|
|
|
|
sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
|
|
|
|
|
|
2015-03-17 11:56:34 -05:00
|
|
|
return False, []
|
2015-01-13 11:09:17 -06:00
|
|
|
|
|
|
|
|
|
2016-03-03 08:12:19 -06:00
|
|
|
@register()
|
2015-03-18 09:46:00 -05:00
|
|
|
class update_passync_privilege_update(Updater):
|
2015-01-13 11:09:17 -06:00
|
|
|
"""
|
|
|
|
|
Add PassSync user as a member of PassSync privilege, if it exists
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def execute(self, **options):
|
|
|
|
|
update_done = sysupgrade.get_upgrade_state('winsync', 'passsync_privilege_updated')
|
|
|
|
|
if update_done:
|
|
|
|
|
root_logger.debug("PassSync privilege update not needed")
|
2015-03-17 11:56:34 -05:00
|
|
|
return False, []
|
2015-01-13 11:09:17 -06:00
|
|
|
|
|
|
|
|
root_logger.debug("Add PassSync user as a member of PassSync privilege")
|
2015-03-18 09:46:00 -05:00
|
|
|
ldap = self.api.Backend.ldap2
|
2015-01-13 11:09:17 -06:00
|
|
|
passsync_dn = DN(('uid','passsync'), ('cn', 'sysaccounts'), ('cn', 'etc'),
|
2015-03-19 09:32:21 -05:00
|
|
|
self.api.env.basedn)
|
2015-01-13 11:09:17 -06:00
|
|
|
passsync_privilege_dn = DN(('cn','PassSync Service'),
|
|
|
|
|
self.api.env.container_privilege,
|
|
|
|
|
self.api.env.basedn)
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
entry = ldap.get_entry(passsync_dn, [''])
|
|
|
|
|
except errors.NotFound:
|
|
|
|
|
root_logger.debug("PassSync user not found, no update needed")
|
|
|
|
|
sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
|
2015-03-17 11:56:34 -05:00
|
|
|
return False, []
|
2015-01-13 11:09:17 -06:00
|
|
|
else:
|
|
|
|
|
root_logger.debug("PassSync user found, do update")
|
|
|
|
|
|
|
|
|
|
update = {'dn': passsync_privilege_dn,
|
2015-05-05 08:12:12 -05:00
|
|
|
'updates': [
|
|
|
|
|
dict(action='add', attr='member', value=passsync_dn),
|
|
|
|
|
]
|
|
|
|
|
}
|
2015-01-13 11:09:17 -06:00
|
|
|
|
|
|
|
|
sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
|
2015-03-17 11:56:34 -05:00
|
|
|
return False, [update]
|
