[Freeipa-devel] [freeipa PR#920][opened] fix ods-ksmutil for 2.0.x

Fri, 14 Jul 2017 09:12:35 -0700 

   URL: https://github.com/freeipa/freeipa/pull/920
Author: tduehr
 Title: #920: fix ods-ksmutil for 2.0.x
Action: opened

PR body:
"""
It became ods-enforcer and its behavior changed.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/920/head:pr920
git checkout pr920

From 55940573bdccd72db12efc59b2ac7512518702fb Mon Sep 17 00:00:00 2001
From: Timur Duehr <tdu...@gmail.com>
Date: Fri, 14 Jul 2017 11:10:50 -0500
Subject: [PATCH] fix ods-ksmutil for 2.0.x

It became ods-enforcer and its behavior changed.
---
 install/share/opendnssec_conf.template  |  1 -
 ipaplatform/base/paths.py               |  3 ++-
 ipaserver/dnssec/odsmgr.py              | 20 +++++++++++---------
 ipaserver/install/opendnssecinstance.py |  9 ++-------
 4 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/install/share/opendnssec_conf.template b/install/share/opendnssec_conf.template
index 3d01fb4156..1dc3468632 100644
--- a/install/share/opendnssec_conf.template
+++ b/install/share/opendnssec_conf.template
@@ -8,7 +8,6 @@
 			<Module>$SOFTHSM_LIB</Module>
 			<TokenLabel>$TOKEN_LABEL</TokenLabel>
 			<PIN>$PIN</PIN>
-            <AllowExtraction/>
 		</Repository>
 
 	</RepositoryList>
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index de3cdce44b..78f762babf 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -168,7 +168,8 @@ class BasePathNamespace(object):
     NET = "/usr/bin/net"
     BIN_NISDOMAINNAME = "/usr/bin/nisdomainname"
     NSUPDATE = "/usr/bin/nsupdate"
-    ODS_KSMUTIL = "/usr/bin/ods-ksmutil"
+    ODS_ENFORCER = "/usr/bin/ods-enforcer"
+    ODS_ENFORCER_SETUP = "/usr/bin/ods-enforcer-db-setup"
     ODS_SIGNER = "/usr/sbin/ods-signer"
     OPENSSL = "/usr/bin/openssl"
     PK12UTIL = "/usr/bin/pk12util"
diff --git a/ipaserver/dnssec/odsmgr.py b/ipaserver/dnssec/odsmgr.py
index 6b181e2e03..f0f577bff1 100644
--- a/ipaserver/dnssec/odsmgr.py
+++ b/ipaserver/dnssec/odsmgr.py
@@ -12,6 +12,7 @@
     from xml.etree import ElementTree as etree
 
 from ipapython import ipa_log_manager, ipautil
+from ipaplatform.paths import paths
 
 logger = logging.getLogger(__name__)
 
@@ -130,42 +131,43 @@ class ODSMgr(object):
     def __init__(self):
         self.zl_ldap = LDAPZoneListReader()
 
-    def ksmutil(self, params):
-        """Call ods-ksmutil with given parameters and return stdout.
+    def enforcer(self, params):
+        """Call ods-enforcer with given parameters and return stdout.
 
         Raises CalledProcessError if returncode != 0.
         """
-        cmd = ['ods-ksmutil'] + params
+        cmd = ['ods-enforcer'] + params
         result = ipautil.run(cmd, capture_output=True)
         return result.output
 
     def get_ods_zonelist(self):
-        stdout = self.ksmutil(['zonelist', 'export'])
-        reader = ODSZoneListReader(stdout)
+        stdout = self.enforcer(['zonelist', 'export'])
+        with open(paths.OPENDNSSEC_ZONELIST_FILE) as f
+            reader = ODSZoneListReader(f.read())
         return reader
 
     def add_ods_zone(self, uuid, name):
         zone_path = '%s%s' % (ENTRYUUID_PREFIX, uuid)
         cmd = ['zone', 'add', '--zone', str(name), '--input', zone_path]
-        output = self.ksmutil(cmd)
+        output = self.enforcer(cmd)
         logger.info('%s', output)
         self.notify_enforcer()
 
     def del_ods_zone(self, name):
-        # ods-ksmutil blows up if zone name has period at the end
+        # ods-enforcer blows up if zone name has period at the end
         name = name.relativize(dns.name.root)
         # detect if name is root zone
         if name == dns.name.empty:
             name = dns.name.root
         cmd = ['zone', 'delete', '--zone', str(name)]
-        output = self.ksmutil(cmd)
+        output = self.enforcer(cmd)
         logger.info('%s', output)
         self.notify_enforcer()
         self.cleanup_signer(name)
 
     def notify_enforcer(self):
         cmd = ['notify']
-        output = self.ksmutil(cmd)
+        output = self.enforcer(cmd)
         logger.info('%s', output)
 
     def cleanup_signer(self, zone_name):
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 0082b8f26f..3249ed4a93 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -279,20 +279,15 @@ def __setup_dnssec(self):
             os.chmod(paths.OPENDNSSEC_KASP_DB, 0o660)
 
             # regenerate zonelist.xml
-            cmd = [paths.ODS_KSMUTIL, 'zonelist', 'export']
+            cmd = [paths.ODS_ENCFORCER, 'zonelist', 'export']
             result = ipautil.run(cmd,
                                  runas=constants.ODS_USER,
                                  capture_output=True)
-            with open(paths.OPENDNSSEC_ZONELIST_FILE, 'w') as zonelistf:
-                zonelistf.write(result.output)
-                os.chown(paths.OPENDNSSEC_ZONELIST_FILE,
-                         self.ods_uid, self.ods_gid)
-                os.chmod(paths.OPENDNSSEC_ZONELIST_FILE, 0o660)
 
         else:
             # initialize new kasp.db
             command = [
-                paths.ODS_KSMUTIL,
+                paths.ODS_ENCFORCER_SETUP,
                 'setup'
             ]
 

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to