IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Validate that the certificate subject base is in valid DN format.

Browse Source 
https://fedorahosted.org/freeipa/ticket/1176
This commit is contained in:
Rob Crittenden
2011-07-07 11:55:20 -04:00
parent bc8be0a41e
commit 038089a0c9
1 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
install/tools/ipa-server-install
View File

@@ -58,10 +58,19 @@ from ipapython.ipautil import *
from ipalib import api, errors, util from ipalib import api, errors, util
from ipalib.parameters import IA5Str from ipalib.parameters import IA5Str
from ipapython.config import IPAOptionParser from ipapython.config import IPAOptionParser
from ipalib.dn import DN
pw_name = None pw_name = None
uninstalling = False uninstalling = False
VALID_SUBJECT_ATTRS = ['cn', 'st', 'o', 'ou', 'dnqualifier', 'c',
'serialnumber', 'l', 'title', 'sn', 'givenname',
'initials', 'generationqualifier', 'dc', 'mail',
'uid', 'postaladdress', 'postalcode', 'postofficebox',
'houseidentifier', 'e', 'street', 'pseudonym',
'incorporationlocality', 'incorporationstate',
'incorporationcountry', 'businesscategory']
def zonemgr_callback(option, opt_str, value, parser): def zonemgr_callback(option, opt_str, value, parser):
""" """
Make sure the zonemgr is an IA5String. Make sure the zonemgr is an IA5String.
@@ -72,6 +81,21 @@ def zonemgr_callback(option, opt_str, value, parser):
ia._convert_scalar(v) ia._convert_scalar(v)
parser.values.zonemgr = value parser.values.zonemgr = value
def subject_callback(option, opt_str, value, parser):
"""
Make sure the certificate subject base is a valid DN
"""
name = opt_str.replace('--','')
v = unicode(value, 'utf-8')
try:
dn = DN(v)
for x in xrange(len(dn)):
if dn[x][0].attr.lower() not in VALID_SUBJECT_ATTRS:
raise ValueError('invalid attribute: %s' % dn[x][0].attr.lower())
except ValueError, e:
raise ValueError('Invalid subject base format: %s' % str(e))
parser.values.subject = value
def parse_options(): def parse_options():
# Guaranteed to give a random 200k range below the 2G mark (uint32_t limit) # Guaranteed to give a random 200k range below the 2G mark (uint32_t limit)
namespace = random.randint(1, 10000) * 200000 namespace = random.randint(1, 10000) * 200000
@@ -142,7 +166,8 @@ def parse_options():
help="The starting value for the IDs range (default random)") help="The starting value for the IDs range (default random)")
parser.add_option("--idmax", dest="idmax", default=0, type=int, parser.add_option("--idmax", dest="idmax", default=0, type=int,
help="The max value value for the IDs range (default: idstart+199999)") help="The max value value for the IDs range (default: idstart+199999)")
parser.add_option("--subject", dest="subject", parser.add_option("--subject", action="callback", callback=subject_callback,
type="string",
help="The certificate subject base (default O=<realm-name>)") help="The certificate subject base (default O=<realm-name>)")
parser.add_option("--no_hbac_allow", dest="hbac_allow", default=False, parser.add_option("--no_hbac_allow", dest="hbac_allow", default=False,
action="store_true", action="store_true",