Patch attached
--
Martin^2 Basti
From f7e6c6d17562d4d5bcdbddaefbaf279fd1b901db Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Thu, 3 Jul 2014 15:50:27 +0200
Subject: [PATCH] Restore privileges after forward zones update
Ticket: https://fedorahosted.org/freeipa/ticket/3210
---
ipaserver/install/plugins/dns.py | 43 +++-
1 file changed, 42 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py
index d2a9500c5bb58a81950bc2077fa611fcfd0c973a..07c0325d7a7c6062c1827d08f211d317bdc63db4 100644
--- a/ipaserver/install/plugins/dns.py
+++ b/ipaserver/install/plugins/dns.py
@@ -210,6 +210,10 @@ class update_master_to_dnsforwardzones(PostUpdate):
# add time to filename
self.backup_path = time.strftime(self.backup_path)
+# DNs of privileges which contain dns managed permissions
+privileges_to_ldif = set() # store priviledges only once
+zone_to_privileges = {} # zone: [privileges cn]
+
self.log.info('Zones with specified forwarders with policy different'
' than none will be transformed to forward zones.')
self.log.info('Original zones will be saved in LDIF format in '
@@ -228,8 +232,14 @@ class update_master_to_dnsforwardzones(PostUpdate):
if 'managedBy' in zone:
entry = ldap.get_entry(DN(zone['managedBy'][0]))
+for privilege_member_dn in entry.get('member', []):
+privileges_to_ldif.add(privilege_member_dn)
writer.unparse(str(entry.dn), dict(entry.raw))
+# privileges where permission is used
+if entry.get('member'):
+zone_to_privileges[zone['idnsname'][0]] = entry['member']
+
# raw values are required to store into ldif
records = api.Command['dnsrecord_find'](
zone['idnsname'][0],
@@ -249,6 +259,17 @@ class update_master_to_dnsforwardzones(PostUpdate):
zone['idnsname'][0])
self.log.error(traceback.format_exc())
return (False, False, [])
+
+for privilege_dn in privileges_to_ldif:
+try:
+entry = ldap.get_entry(privilege_dn)
+writer.unparse(str(entry.dn), dict(entry.raw))
+except Exception, e:
+self.log.error('Unable to backup privilege %s' %
+ privilege_dn)
+self.log.error(traceback.format_exc())
+return (False, False, [])
+
f.close()
except Exception:
self.log.error('Unable to create backup file')
@@ -285,7 +306,8 @@ class update_master_to_dnsforwardzones(PostUpdate):
# create permission if original zone has one
if 'managedBy' in zone:
try:
-api.Command['dnsforwardzone_add_permission'](zone['idnsname'][0])
+perm_name = api.Command['dnsforwardzone_add_permission'](
+zone['idnsname'][0])['value']
except Exception, e:
self.log.error('Transform to forwardzone terminated: '
'Adding managed by permission to forward zone'
@@ -296,9 +318,28 @@ class update_master_to_dnsforwardzones(PostUpdate):
zone['idnsname'][0])
continue
+else:
+if zone['idnsname'][0] in zone_to_privileges:
+privileges = [
+dn[0].value for dn in zone_to_privileges[zone['idnsname'][0]]
+]
+try:
+api.Command['permission_add_member'](perm_name,
+privilege=privileges)
+except Exception, e:
+self.log.error('Unable to restore privileges for '
+ 'permission %s, for zone %s'
+% (perm_name, zone['idnsname']))
+self.log.error(traceback.format_exc())
+self.log.info('Zone %s was transformed to forward zone'
+ ' without restored privileges',
+ zone['idnsname'][0])
+