def _enable_sid(self, ldap, options):
# the user must have the Replication Administrators privilege
privilege = 'Replication Administrators'
if not principal_has_privilege(self.api, context.principal, privilege):
raise errors.ACIError(
info=_("not allowed to enable SID generation"))
# NetBIOS name is either taken from options or generated
try:
netbios_name, reset_netbios_name = set_and_check_netbios_name(
options.get('netbios_name', None), True, self.api)
except ScriptError:
raise errors.ValidationError(
name="NetBIOS name",
error=_('Up to 15 characters and only uppercase ASCII letters'
', digits and dashes are allowed. Empty string is '
'not allowed.'))
_ret = 0
_stdout = ''
_stderr = ''
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
method_options = []
if options.get('add_sids', False):
method_options.extend(["--add-sids"])
method_options.extend(["--netbios-name", netbios_name])
if reset_netbios_name:
method_options.append("--reset-netbios-name")
# Dbus definition expects up to 10 arguments
method_options.extend([''] * (10 - len(method_options)))
try:
bus = dbus.SystemBus()
obj = bus.get_object('org.freeipa.server',
'/',
follow_name_owner_changes=True)
server = dbus.Interface(obj, 'org.freeipa.server')
_ret, _stdout, _stderr = server.config_enable_sid(*method_options)
except dbus.DBusException as e:
logger.error(
'Failed to call org.freeipa.server.config_enable_sid.'
'DBus exception is %s', str(e))
raise errors.ExecutionError(message=_('Failed to call DBus'))
# The oddjob restarts dirsrv, we need to re-establish the conn
if self.api.Backend.ldap2.isconnected():
self.api.Backend.ldap2.disconnect()
self.api.Backend.ldap2.connect(ccache=context.ccache_name)
if _ret != 0:
logger.error("Helper config_enable_sid return code is %d", _ret)
raise errors.ExecutionError(
message=_('Configuration of SID failed. '
'See details in the error log'))
def execute(self, *keys, **options):
# the server must be the local host
if keys[-2] != api.env.host:
raise errors.ValidationError(name='cn',
error=_("must be \"%s\"") %
api.env.host)
# the server entry must exist
try:
self.obj.get_dn_if_exists(*keys[:-1])
except errors.NotFound:
raise self.obj.handle_not_found(keys[-2])
# the user must have the Replication Administrators privilege
privilege = u'Replication Administrators'
if not principal_has_privilege(self.api, context.principal, privilege):
raise errors.ACIError(
info=_("not allowed to perform server connection check"))
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
bus = dbus.SystemBus()
obj = bus.get_object('org.freeipa.server',
'/',
follow_name_owner_changes=True)
server = dbus.Interface(obj, 'org.freeipa.server')
ret, stdout, _stderr = server.conncheck(keys[-1])
result = dict(
result=(ret == 0),
value=keys[-2],
)
for line in stdout.splitlines():
messages.add_message(options['version'], result,
messages.ExternalCommandOutput(line=line))
return result