From 83d03dc07446c0051a9404da6b487d6c0213e40d Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 1 Apr 2021 19:37:39 +0200 Subject: [PATCH] Simplify migration / be more explicit about what new rdn to inject --- locales/en.json | 1 - .../0020_ssh_sftp_permissions.py | 21 ++++++++----------- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/locales/en.json b/locales/en.json index 4c731863d..20a0c7703 100644 --- a/locales/en.json +++ b/locales/en.json @@ -451,7 +451,6 @@ "migration_0018_failed_to_reset_legacy_rules": "Failed to reset legacy iptables rules: {error}", "migration_0019_add_new_attributes_in_ldap": "Add new attributes for permissions in LDAP database", "migration_0019_slapd_config_will_be_overwritten": "It looks like you manually edited the slapd configuration. For this critical migration, YunoHost needs to force the update of the slapd configuration. The original files will be backuped in {conf_backup_folder}.", - "migration_0020_ssh_sftp_permissions": "SSH/SFTP permissions", "migrations_already_ran": "Those migrations are already done: {ids}", "migrations_cant_reach_migration_file": "Could not access migrations files at the path '%s'", "migrations_dependencies_not_satisfied": "Run these migrations: '{dependencies_id}', before migration {id}.", diff --git a/src/yunohost/data_migrations/0020_ssh_sftp_permissions.py b/src/yunohost/data_migrations/0020_ssh_sftp_permissions.py index 9796ca10d..18c00d25e 100644 --- a/src/yunohost/data_migrations/0020_ssh_sftp_permissions.py +++ b/src/yunohost/data_migrations/0020_ssh_sftp_permissions.py @@ -19,25 +19,19 @@ class MyMigration(Migration): Add new permissions around SSH/SFTP features """ + dependencies = ["extend_permissions_features"] + @ldap_migration def run(self, *args): - logger.info(m18n.n("migration_0020_ssh_sftp_permissions")) from yunohost.utils.ldap import _get_ldap_interface ldap = _get_ldap_interface() - add_perm_to_users = False - # Add SSH and SFTP permissions ldap_map = read_yaml('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml') - for rdn, attr_dict in ldap_map['depends_children'].items(): - try: - ldap.search(rdn + ",dc=yunohost,dc=org") - # ldap search will raise an exception if no corresponding object is found >.> ... - except Exception: - if rdn == "cn=ssh.main,ou=permission": - add_perm_to_users = True - ldap.add(rdn, attr_dict) + + ldap.add("cn=ssh.main,ou=permission", ldap_map['depends_children']["cn=ssh.main,ou=permission"]) + ldap.add("cn=sftp.main,ou=permission", ldap_map['depends_children']["cn=sftp.main,ou=permission"]) # Add a bash terminal to each users users = ldap.search('ou=users,dc=yunohost,dc=org', filter="(loginShell=*)", attrs=["dn", "uid", "loginShell"]) @@ -45,9 +39,12 @@ class MyMigration(Migration): if user['loginShell'][0] == '/bin/false': dn=user['dn'][0].replace(',dc=yunohost,dc=org', '') ldap.update(dn, {'loginShell': ['/bin/bash']}) - elif add_perm_to_users: + else: user_permission_update("ssh.main", add=user["uid"][0], sync_perm=False) + permission_sync_to_user() + + # Somehow this is needed otherwise the PAM thing doesn't forget about the # old loginShell value ? subprocess.call(['nscd', '-i', 'passwd'])