factor out populate_remote_domain method into module-level function

This allows for re-use of this method in cases where the caller can not or wishes not to instantiate local Samba domain to retrieve information about remote ones. https://fedorahosted.org/freeipa/ticket/6057 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-09-01 18:09:05 +02:00 · 2016-09-01 18:09:05 +02:00 · c789b17b2e
commit c789b17b2e
parent 33f8685513
1 changed files with 53 additions and 41 deletions
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@ -1534,6 +1534,52 @@ def fetch_domains(api, mydomain, trustdomain, creds=None, server=None):
    return result
 def retrieve_remote_domain(hostname, local_flatname,
                           realm, realm_server=None,
                           realm_admin=None, realm_passwd=None):
    def get_instance(local_flatname):
        # Fetch data from foreign domain using password only
        rd = TrustDomainInstance('')
        rd.parm.set('workgroup', local_flatname)
        rd.creds = credentials.Credentials()
        rd.creds.set_kerberos_state(credentials.DONT_USE_KERBEROS)
        rd.creds.guess(rd.parm)
        return rd
    rd = get_instance(local_flatname)
    rd.creds.set_anonymous()
    rd.creds.set_workstation(hostname)
    if realm_server is None:
        rd.retrieve_anonymously(realm, discover_srv=True, search_pdc=True)
    else:
        rd.retrieve_anonymously(realm_server,
                                discover_srv=False, search_pdc=True)
    rd.read_only = True
    if realm_admin and realm_passwd:
        if 'name' in rd.info:
            names = realm_admin.split('\\')
            if len(names) > 1:
                # realm admin is in DOMAIN\user format
                # strip DOMAIN part as we'll enforce the one discovered
                realm_admin = names[-1]
            auth_string = u"%s\%s%%%s" \
                          % (rd.info['name'], realm_admin, realm_passwd)
            td = get_instance(local_flatname)
            td.creds.parse_string(auth_string)
            td.creds.set_workstation(hostname)
            if realm_server is None:
                # we must have rd.info['dns_hostname'] then
                # as it is part of the anonymous discovery
                td.retrieve(rd.info['dns_hostname'])
            else:
                td.retrieve(realm_server)
            td.read_only = False
            return td
    # Otherwise, use anonymously obtained data
    return rd
 class TrustDomainJoins(object):
    def __init__(self, api):
        self.api = api
@ -1565,47 +1611,13 @@ class TrustDomainJoins(object):
    def populate_remote_domain(self, realm, realm_server=None,
                               realm_admin=None, realm_passwd=None):
-        def get_instance(self):
+        self.remote_domain = retrieve_remote_domain(
-            # Fetch data from foreign domain using password only
+            self.local_domain.hostname,
-            rd = TrustDomainInstance('')
+            self.local_domain.info['name'],
-            rd.parm.set('workgroup', self.local_domain.info['name'])
+            realm,
-            rd.creds = credentials.Credentials()
+            realm_server=realm_server,
-            rd.creds.set_kerberos_state(credentials.DONT_USE_KERBEROS)
+            realm_admin=realm_admin,
-            rd.creds.guess(rd.parm)
+            realm_passwd=realm_passwd)
            return rd
        rd = get_instance(self)
        rd.creds.set_anonymous()
        rd.creds.set_workstation(self.local_domain.hostname)
        if realm_server is None:
            rd.retrieve_anonymously(realm, discover_srv=True, search_pdc=True)
        else:
            rd.retrieve_anonymously(realm_server,
                                    discover_srv=False, search_pdc=True)
        rd.read_only = True
        if realm_admin and realm_passwd:
            if 'name' in rd.info:
                names = realm_admin.split('\\')
                if len(names) > 1:
                    # realm admin is in DOMAIN\user format
                    # strip DOMAIN part as we'll enforce the one discovered
                    realm_admin = names[-1]
                auth_string = u"%s\%s%%%s" \
                              % (rd.info['name'], realm_admin, realm_passwd)
                td = get_instance(self)
                td.creds.parse_string(auth_string)
                td.creds.set_workstation(self.local_domain.hostname)
                if realm_server is None:
                    # we must have rd.info['dns_hostname'] then
                    # as it is part of the anonymous discovery
                    td.retrieve(rd.info['dns_hostname'])
                else:
                    td.retrieve(realm_server)
                td.read_only = False
                self.remote_domain = td
                return
        # Otherwise, use anonymously obtained data
        self.remote_domain = rd
    def get_realmdomains(self):
        """