|
 |
403b09 |
From 590c3649471832092a20a5eaf09ed0418ae468f6 Mon Sep 17 00:00:00 2001
|
|
|
403b09 |
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
403b09 |
Date: Sat, 6 Aug 2016 11:12:13 +0300
|
|
|
403b09 |
Subject: [PATCH] trust: make sure ID range is created for the child domain
|
|
|
403b09 |
even if it exists
|
|
|
403b09 |
|
|
|
403b09 |
ID ranges for child domains of a forest trust were created incorrectly
|
|
|
403b09 |
in FreeIPA 4.4.0 due to refactoring of -- if the domain was already
|
|
|
403b09 |
existing, we never attempted to create the ID range for it.
|
|
|
403b09 |
|
|
|
403b09 |
At the same time, when domain was missing, we attempted to add ID range
|
|
|
403b09 |
and passed both forest root and the child domain names to add_range().
|
|
|
403b09 |
However, add_range() only looks at the first positional argument which
|
|
|
403b09 |
was the forest root name. That ID range always exists (it is created
|
|
|
403b09 |
before child domains are processed).
|
|
|
403b09 |
|
|
|
403b09 |
Modify the code to make sure child domain name is passed as the first
|
|
|
403b09 |
positional argument. In addition, the oddjob helper should explicitly
|
|
|
403b09 |
set context='server' so that idrange code will be able to see and use
|
|
|
403b09 |
ipaserver/dcerpc.py helpers.
|
|
|
403b09 |
|
|
|
403b09 |
Resolves: https://fedorahosted.org/freeipa/ticket/5738
|
|
|
403b09 |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
403b09 |
---
|
|
|
403b09 |
install/oddjob/com.redhat.idm.trust-fetch-domains | 2 +-
|
|
|
403b09 |
ipaserver/plugins/trust.py | 10 +++++++---
|
|
|
403b09 |
2 files changed, 8 insertions(+), 4 deletions(-)
|
|
|
403b09 |
|
|
|
403b09 |
diff --git a/install/oddjob/com.redhat.idm.trust-fetch-domains b/install/oddjob/com.redhat.idm.trust-fetch-domains
|
|
|
403b09 |
index 7c948fd53bd54bf3638ef3cc4407576b9011f4fb..bffa021cd4f01d31b7271d1ad84420884ce8d99e 100755
|
|
|
403b09 |
--- a/install/oddjob/com.redhat.idm.trust-fetch-domains
|
|
|
403b09 |
+++ b/install/oddjob/com.redhat.idm.trust-fetch-domains
|
|
|
403b09 |
@@ -76,7 +76,7 @@ env._bootstrap(debug=options.debug, log=None)
|
|
|
403b09 |
env._finalize_core(**dict(DEFAULT_CONFIG))
|
|
|
403b09 |
|
|
|
403b09 |
# Initialize the API with the proper debug level
|
|
|
403b09 |
-api.bootstrap(in_server=True, debug=env.debug, log=None)
|
|
|
403b09 |
+api.bootstrap(in_server=True, debug=env.debug, log=None, context='server')
|
|
|
403b09 |
api.finalize()
|
|
|
403b09 |
|
|
|
403b09 |
# Only import trust plugin after api is initialized or internal imports
|
|
|
403b09 |
diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py
|
|
|
403b09 |
index 8a25b560f9ae086ba8524cca22f39e8f67696146..b9d9b122a90de62946307b99b44932129eb611e8 100644
|
|
|
403b09 |
--- a/ipaserver/plugins/trust.py
|
|
|
403b09 |
+++ b/ipaserver/plugins/trust.py
|
|
|
403b09 |
@@ -1690,15 +1690,19 @@ def add_new_domains_from_trust(myapi, trustinstance, trust_entry, domains, **opt
|
|
|
403b09 |
if 'raw' in options:
|
|
|
403b09 |
dom['raw'] = options['raw']
|
|
|
403b09 |
|
|
|
403b09 |
- res = myapi.Command.trustdomain_add(trust_name, name, **dom)
|
|
|
403b09 |
- result.append(res['result'])
|
|
|
403b09 |
+ try:
|
|
|
403b09 |
+ res = myapi.Command.trustdomain_add(trust_name, name, **dom)
|
|
|
403b09 |
+ result.append(res['result'])
|
|
|
403b09 |
+ except errors.DuplicateEntry:
|
|
|
403b09 |
+ # Ignore updating duplicate entries
|
|
|
403b09 |
+ pass
|
|
|
403b09 |
|
|
|
403b09 |
if idrange_type != u'ipa-ad-trust-posix':
|
|
|
403b09 |
range_name = name.upper() + '_id_range'
|
|
|
403b09 |
dom['range_type'] = u'ipa-ad-trust'
|
|
|
403b09 |
add_range(myapi, trustinstance,
|
|
|
403b09 |
range_name, dom['ipanttrusteddomainsid'],
|
|
|
403b09 |
- trust_name, name, **dom)
|
|
|
403b09 |
+ name, **dom)
|
|
|
403b09 |
except errors.DuplicateEntry:
|
|
|
403b09 |
# Ignore updating duplicate entries
|
|
|
403b09 |
pass
|
|
|
403b09 |
--
|
|
|
403b09 |
2.7.4
|
|
|
403b09 |
|