def execute(self, **options): ldap = self.api.Backend.ldap2 if not dns_container_exists(ldap): return False, [] dns_principal = 'DNS/%s@%s' % (self.env.host, self.env.realm) dns_service_dn = DN(('krbprincipalname', dns_principal), self.env.container_service, self.env.basedn) try: entry = ldap.get_entry(dns_service_dn, self.limit_attributes) except errors.NotFound: # this host may not have DNS service set root_logger.debug("DNS: service %s not found, no need to update limits" % dns_service_dn) return False, [] if all(entry.get(limit.lower(), [None])[0] == self.limit_value for limit in self.limit_attributes): root_logger.debug("DNS: limits for service %s already set" % dns_service_dn) # service is already updated return False, [] limit_updates = [] for limit in self.limit_attributes: limit_updates.append(dict(action='only', attr=limit, value=self.limit_value)) dnsupdate = {'dn': dns_service_dn, 'updates': limit_updates} root_logger.debug("DNS: limits for service %s will be updated" % dns_service_dn) return False, [dnsupdate]
def execute(self, **options): ldap = self.api.Backend.ldap2 if not dns_container_exists(ldap): return False, [] try: zones = self.api.Command.dnszone_find(all=True)['result'] except errors.NotFound: self.log.debug('No DNS zone to update found') return False, [] for zone in zones: update = {} if not zone.get('idnsallowquery'): # allow query from any client by default update['idnsallowquery'] = u'any;' if not zone.get('idnsallowtransfer'): # do not open zone transfers by default update['idnsallowtransfer'] = u'none;' old_policy = util.get_dns_forward_zone_update_policy( self.api.env.realm, ('A', 'AAAA')) if zone.get('idnsupdatepolicy', [''])[0] == old_policy: update['idnsupdatepolicy'] = util.get_dns_forward_zone_update_policy(\ self.api.env.realm) if update: # FIXME: https://fedorahosted.org/freeipa/ticket/4722 self.api.Command.dnszone_mod( zone[u'idnsname'][0].make_absolute(), **update) return False, []
def execute(self, **options): ldap = self.api.Backend.ldap2 if not dns_container_exists(ldap): return False, [] try: zones = self.api.Command.dnszone_find(all=True)['result'] except errors.NotFound: self.log.debug('No DNS zone to update found') return False, [] for zone in zones: update = {} if not zone.get('idnsallowquery'): # allow query from any client by default update['idnsallowquery'] = u'any;' if not zone.get('idnsallowtransfer'): # do not open zone transfers by default update['idnsallowtransfer'] = u'none;' old_policy = util.get_dns_forward_zone_update_policy( self.api.env.realm, ('A', 'AAAA')) if zone.get('idnsupdatepolicy', [''])[0] == old_policy: update['idnsupdatepolicy'] = util.get_dns_forward_zone_update_policy(\ self.api.env.realm) if update: # FIXME: https://fedorahosted.org/freeipa/ticket/4722 self.api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(), **update) return False, []
def execute(self, **options): ldap = self.api.Backend.ldap2 if not dns_container_exists(ldap): return False, [] dns_principal = 'DNS/%s@%s' % (self.env.host, self.env.realm) dns_service_dn = DN(('krbprincipalname', dns_principal), self.env.container_service, self.env.basedn) try: entry = ldap.get_entry(dns_service_dn, self.limit_attributes) except errors.NotFound: # this host may not have DNS service set root_logger.debug( "DNS: service %s not found, no need to update limits" % dns_service_dn) return False, [] if all( entry.get(limit.lower(), [None])[0] == self.limit_value for limit in self.limit_attributes): root_logger.debug("DNS: limits for service %s already set" % dns_service_dn) # service is already updated return False, [] limit_updates = [] for limit in self.limit_attributes: limit_updates.append( dict(action='only', attr=limit, value=self.limit_value)) dnsupdate = {'dn': dns_service_dn, 'updates': limit_updates} root_logger.debug("DNS: limits for service %s will be updated" % dns_service_dn) return False, [dnsupdate]