From bed09b7f85a2abf73e2dfec58ea8a094ae847d29 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: Tue, 11 Aug 2020 18:39:24 +0300 Subject: [PATCH] DNSKeySyncInstance: Populate named/ods uid/gid on instantiation Fixes: https://pagure.io/freeipa/issue/8094 Signed-off-by: Stanislav Levin Reviewed-By: Alexander Bokovoy Reviewed-By: Christian Heimes --- ipaserver/install/dnskeysyncinstance.py | 29 ++++++++----------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py index d3637cf79..46838febf 100644 --- a/ipaserver/install/dnskeysyncinstance.py +++ b/ipaserver/install/dnskeysyncinstance.py @@ -56,10 +56,10 @@ class DNSKeySyncInstance(service.Service): keytab=paths.IPA_DNSKEYSYNCD_KEYTAB ) self.extra_config = [u'dnssecVersion 1', ] # DNSSEC enabled - self.named_uid = None - self.named_gid = None - self.ods_uid = None - self.ods_gid = None + self.named_uid = self.__get_named_uid() + self.named_gid = self.__get_named_gid() + self.ods_uid = self.__get_ods_uid() + self.ods_gid = self.__get_ods_gid() suffix = ipautil.dn_attribute_property('_suffix') @@ -67,12 +67,6 @@ class DNSKeySyncInstance(service.Service): """ Setting up correct permissions to allow write/read access for daemons """ - if self.named_uid is None: - self.named_uid = self.__get_named_uid() - - if self.named_gid is None: - self.named_gid = self.__get_named_gid() - if not os.path.exists(paths.BIND_LDAP_DNS_IPA_WORKDIR): os.mkdir(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770) # dnssec daemons require to have access into the directory @@ -133,20 +127,19 @@ class DNSKeySyncInstance(service.Service): except KeyError: raise RuntimeError("Named GID not found") - def __check_dnssec_status(self): - self.named_uid = self.__get_named_uid() - self.named_gid = self.__get_named_gid() - + def __get_ods_uid(self): try: - self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid + return pwd.getpwnam(constants.ODS_USER).pw_uid except KeyError: raise RuntimeError("OpenDNSSEC UID not found") + def __get_ods_gid(self): try: - self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid + return grp.getgrnam(constants.ODS_GROUP).gr_gid except KeyError: raise RuntimeError("OpenDNSSEC GID not found") + def __check_dnssec_status(self): if not dns_container_exists(self.suffix): raise RuntimeError("DNS container does not exist") @@ -220,9 +213,6 @@ class DNSKeySyncInstance(service.Service): quotes=False, separator='=') def __setup_softhsm(self): - assert self.ods_uid is not None - assert self.named_gid is not None - token_dir_exists = os.path.exists(paths.DNSSEC_TOKENS_DIR) # create dnssec directory @@ -430,7 +420,6 @@ class DNSKeySyncInstance(service.Service): logger.error("DNSKeySync service already exists") def __setup_principal(self): - assert self.ods_gid is not None ipautil.remove_keytab(self.keytab) installutils.kadmin_addprinc(self.principal)