X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Finfo%2Finfosssd.py;h=54d0ba247bad3c0526c2671b16cc58c918a31045;hp=ff468a97d6eec7faaaffa7165532b8187e2623b1;hb=485baf6ee7a315d1af1086fe5b5da8cff6c4ba37;hpb=29542bc6407f06edb5bebedc64b84802f1ccb154

diff --git a/ipsilon/info/infosssd.py b/ipsilon/info/infosssd.py
index ff468a9..54d0ba2 100644
--- a/ipsilon/info/infosssd.py
+++ b/ipsilon/info/infosssd.py
@@ -1,6 +1,4 @@
-# Copyright (C) 2014 Ipsilon Project Contributors
-#
-# See the file named COPYING for the project license
+# Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
 
 # Info plugin for mod_lookup_identity Apache module via SSSD
 # http://www.adelton.com/apache/mod_lookup_identity/
@@ -9,11 +7,13 @@ from ipsilon.info.common import InfoProviderBase
 from ipsilon.info.common import InfoProviderInstaller
 from ipsilon.util.plugin import PluginObject
 from ipsilon.util.policy import Policy
+from ipsilon.util import config as pconfig
 from string import Template
 import cherrypy
 import time
 import subprocess
 import SSSDConfig
+import logging
 
 SSSD_CONF = '/etc/sssd/sssd.conf'
 
@@ -46,7 +46,13 @@ class InfoProvider(InfoProviderBase):
         super(InfoProvider, self).__init__(*pargs)
         self.mapper = Policy(sssd_mapping)
         self.name = 'sssd'
-        self.new_config(self.name)
+        self.new_config(
+            self.name,
+            pconfig.Condition(
+                'preconfigured',
+                'SSSD can only be used when pre-configured',
+                False),
+        )
 
     def _get_user_data(self, user):
         reply = dict()
@@ -80,6 +86,18 @@ class InfoProvider(InfoProviderBase):
 
         return reply
 
+    def save_plugin_config(self, *args, **kwargs):
+        raise ValueError('Configuration cannot be modified live for SSSD')
+
+    def get_config_obj(self):
+        return None
+
+    def enable(self):
+        self.refresh_plugin_config()
+        if not self.get_config_value('preconfigured'):
+            raise Exception("SSSD Can be enabled only if pre-configured")
+        super(InfoProvider, self).enable()
+
 
 CONF_TEMPLATE = """
 LoadModule lookup_identity_module modules/mod_lookup_identity.so
@@ -109,22 +127,20 @@ class Installer(InfoProviderInstaller):
                            default='no',
                            help='Use mod_lookup_identity and SSSD to populate'
                                 ' user attrs')
-        group.add_argument('--info-sssd-domain', action='store',
+        group.add_argument('--info-sssd-domain', action='append',
                            help='SSSD domain to enable mod_lookup_identity'
                                 ' for')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['info_sssd'] != 'yes':
             return
 
-        if not opts['info_sssd_domain']:
-            print 'info-identity-domain is required'
-            return False
+        configured = 0
 
         confopts = {'instance': opts['instance']}
 
         tmpl = Template(CONF_TEMPLATE)
-        hunk = tmpl.substitute(**confopts)  # pylint: disable=star-args
+        hunk = tmpl.substitute(**confopts)
         with open(opts['httpd_conf'], 'a') as httpd_conf:
             httpd_conf.write(hunk)
 
@@ -134,17 +150,32 @@ class Installer(InfoProviderInstaller):
         except Exception as e:  # pylint: disable=broad-except
             # Unable to read existing SSSD config so it is probably not
             # configured.
-            print 'Loading SSSD config failed: %s' % e
+            logging.info('Loading SSSD config failed: %s', e)
             return False
 
-        try:
-            domain = sssdconfig.get_domain(opts['info_sssd_domain'])
-        except SSSDConfig.NoDomainError:
-            print 'No domain %s' % opts['info_sssd_domain']
+        if not opts['info_sssd_domain']:
+            domains = sssdconfig.list_domains()
+        else:
+            domains = opts['info_sssd_domain']
+
+        for domain in domains:
+            try:
+                sssd_domain = sssdconfig.get_domain(domain)
+            except SSSDConfig.NoDomainError:
+                logging.info('No SSSD domain %s', domain)
+                continue
+            else:
+                sssd_domain.set_option(
+                    'ldap_user_extra_attrs', ', '.join(SSSD_ATTRS)
+                )
+                sssdconfig.save_domain(sssd_domain)
+                configured += 1
+                logging.info("Configured SSSD domain %s", domain)
+
+        if configured == 0:
+            logging.info('No SSSD domains configured')
             return False
 
-        domain.set_option('ldap_user_extra_attrs', ', '.join(SSSD_ATTRS))
-
         try:
             sssdconfig.new_service('ifp')
         except SSSDConfig.ServiceAlreadyExists:
@@ -157,9 +188,15 @@ class Installer(InfoProviderInstaller):
         ifp.set_option('user_attributes', '+' + ', +'.join(SSSD_ATTRS))
 
         sssdconfig.save_service(ifp)
-        sssdconfig.save_domain(domain)
         sssdconfig.write(SSSD_CONF)
 
+        # for selinux enabled platforms, ignore if it fails just report
+        try:
+            subprocess.call(['/usr/sbin/setsebool', '-P',
+                             'httpd_dbus_sssd=on'])
+        except Exception:  # pylint: disable=broad-except
+            pass
+
         try:
             subprocess.call(['/sbin/service', 'sssd', 'restart'])
         except Exception:  # pylint: disable=broad-except
@@ -173,6 +210,8 @@ class Installer(InfoProviderInstaller):
         po.name = 'sssd'
         po.wipe_data()
         po.wipe_config_values()
+        config = {'preconfigured': 'True'}
+        po.save_plugin_config(config)
 
         # Update global config to add info plugin
         po.is_enabled = True