IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-12 09:11:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Reuse self.api when executing ca_enabled_check

Browse Source 
The ca_enabled_check function is a wrapper around
api.Command.ca_is_enabled.  When using remote_api (e.g. during
installer), ca_enabled_check invokes the *global* api instead of the
remote_api.

Update ca_enabled_check to explicitly receive an api object from the
caller and invoke Command.ca_is_enabled through it.

Part of: https://fedorahosted.org/freeipa/ticket/2614

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Fraser Tweedale 2016-12-19 14:31:14 +10:00 committed by Jan Cholasta
parent f54df62aba
commit 09a65df684
3 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ipaserver/plugins/ca.py
View File

@ -193,7 +193,7 @@ class ca_find(LDAPSearch):
) )
def execute(self, *keys, **options): def execute(self, *keys, **options):
ca_enabled_check() ca_enabled_check(self.api)
result = super(ca_find, self).execute(*keys, **options) result = super(ca_find, self).execute(*keys, **options)
if not options.get('pkey_only', False): if not options.get('pkey_only', False):
for entry in result['result']: for entry in result['result']:
@ -217,7 +217,7 @@ class ca_show(LDAPRetrieve):
) )
def execute(self, *keys, **options): def execute(self, *keys, **options):
ca_enabled_check() ca_enabled_check(self.api)
result = super(ca_show, self).execute(*keys, **options) result = super(ca_show, self).execute(*keys, **options)
set_certificate_attrs(result['result'], options) set_certificate_attrs(result['result'], options)
return result return result
@ -233,7 +233,7 @@ class ca_add(LDAPCreate):
) )
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options): def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options):
ca_enabled_check() ca_enabled_check(self.api)
if not ldap.can_add(dn[1:]): if not ldap.can_add(dn[1:]):
raise errors.ACIError( raise errors.ACIError(
info=_("Insufficient 'add' privilege for entry '%s'.") % dn) info=_("Insufficient 'add' privilege for entry '%s'.") % dn)
@ -276,7 +276,7 @@ class ca_del(LDAPDelete):
msg_summary = _('Deleted CA "%(value)s"') msg_summary = _('Deleted CA "%(value)s"')
def pre_callback(self, ldap, dn, *keys, **options): def pre_callback(self, ldap, dn, *keys, **options):
ca_enabled_check() ca_enabled_check(self.api)
if keys[0] == IPA_CA_CN: if keys[0] == IPA_CA_CN:
raise errors.ProtectedEntryError( raise errors.ProtectedEntryError(
@ -298,7 +298,7 @@ class ca_mod(LDAPUpdate):
msg_summary = _('Modified CA "%(value)s"') msg_summary = _('Modified CA "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
ca_enabled_check() ca_enabled_check(self.api)
if 'rename' in options or 'cn' in entry_attrs: if 'rename' in options or 'cn' in entry_attrs:
if keys[0] == IPA_CA_CN: if keys[0] == IPA_CA_CN:
@ -314,7 +314,7 @@ class CAQuery(LDAPQuery):
has_output = output.standard_value has_output = output.standard_value
def execute(self, cn, **options): def execute(self, cn, **options):
ca_enabled_check() ca_enabled_check(self.api)
ca_id = self.api.Command.ca_show(cn)['result']['ipacaid'][0] ca_id = self.api.Command.ca_show(cn)['result']['ipacaid'][0]
with self.api.Backend.ra_lightweight_ca as ca_api: with self.api.Backend.ra_lightweight_ca as ca_api:

16
ipaserver/plugins/cert.py
View File

@ -196,8 +196,8 @@ def normalize_serial_number(num):
return unicode(num) return unicode(num)
def ca_enabled_check(): def ca_enabled_check(_api):
if not api.Command.ca_is_enabled()['result']: if not _api.Command.ca_is_enabled()['result']:
raise errors.NotFound(reason=_('CA is not configured')) raise errors.NotFound(reason=_('CA is not configured'))
def caacl_check(principal_type, principal, ca, profile_id): def caacl_check(principal_type, principal, ca, profile_id):
@ -538,7 +538,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
yield arg yield arg
def execute(self, csr, all=False, raw=False, **kw): def execute(self, csr, all=False, raw=False, **kw):
ca_enabled_check() ca_enabled_check(self.api)
ldap = self.api.Backend.ldap2 ldap = self.api.Backend.ldap2
realm = unicode(self.api.env.realm) realm = unicode(self.api.env.realm)
@ -898,7 +898,7 @@ class cert_status(Retrieve, BaseCertMethod, VirtualCommand):
operation = "certificate status" operation = "certificate status"
def execute(self, request_id, **kw): def execute(self, request_id, **kw):
ca_enabled_check() ca_enabled_check(self.api)
self.check_access() self.check_access()
# Dogtag requests are uniquely identified by their number; # Dogtag requests are uniquely identified by their number;
@ -1006,7 +1006,7 @@ class cert_show(Retrieve, CertMethod, VirtualCommand):
def execute(self, serial_number, all=False, raw=False, no_members=False, def execute(self, serial_number, all=False, raw=False, no_members=False,
**options): **options):
ca_enabled_check() ca_enabled_check(self.api)
# Dogtag lightweight CAs have shared serial number domain, so # Dogtag lightweight CAs have shared serial number domain, so
# we don't tell Dogtag the issuer (but we check the cert after). # we don't tell Dogtag the issuer (but we check the cert after).
@ -1069,7 +1069,7 @@ class cert_revoke(PKQuery, CertMethod, VirtualCommand):
yield option yield option
def execute(self, serial_number, **kw): def execute(self, serial_number, **kw):
ca_enabled_check() ca_enabled_check(self.api)
# Make sure that the cert specified by issuer+serial exists. # Make sure that the cert specified by issuer+serial exists.
# Will raise NotFound if it does not. # Will raise NotFound if it does not.
@ -1105,7 +1105,7 @@ class cert_remove_hold(PKQuery, CertMethod, VirtualCommand):
operation = "certificate remove hold" operation = "certificate remove hold"
def execute(self, serial_number, **kw): def execute(self, serial_number, **kw):
ca_enabled_check() ca_enabled_check(self.api)
# Make sure that the cert specified by issuer+serial exists. # Make sure that the cert specified by issuer+serial exists.
# Will raise NotFound if it does not. # Will raise NotFound if it does not.
@ -1312,7 +1312,7 @@ class cert_find(Search, CertMethod):
complete = bool(ra_options) complete = bool(ra_options)
try: try:
ca_enabled_check() ca_enabled_check(self.api)
except errors.NotFound: except errors.NotFound:
if ra_options: if ra_options:
raise raise

14
ipaserver/plugins/certprofile.py
View File

@ -75,14 +75,14 @@ The following restrictions apply to profiles managed by FreeIPA:
register = Registry() register = Registry()
def ca_enabled_check(): def ca_enabled_check(_api):
"""Raise NotFound if CA is not enabled. """Raise NotFound if CA is not enabled.
This function is defined in multiple plugins to avoid circular imports This function is defined in multiple plugins to avoid circular imports
(cert depends on certprofile, so we cannot import cert here). (cert depends on certprofile, so we cannot import cert here).
""" """
if not api.Command.ca_is_enabled()['result']: if not _api.Command.ca_is_enabled()['result']:
raise errors.NotFound(reason=_('CA is not configured')) raise errors.NotFound(reason=_('CA is not configured'))
@ -191,7 +191,7 @@ class certprofile_find(LDAPSearch):
) )
def execute(self, *args, **kwargs): def execute(self, *args, **kwargs):
ca_enabled_check() ca_enabled_check(self.api)
return super(certprofile_find, self).execute(*args, **kwargs) return super(certprofile_find, self).execute(*args, **kwargs)
@ -206,7 +206,7 @@ class certprofile_show(LDAPRetrieve):
) )
def execute(self, *keys, **options): def execute(self, *keys, **options):
ca_enabled_check() ca_enabled_check(self.api)
result = super(certprofile_show, self).execute(*keys, **options) result = super(certprofile_show, self).execute(*keys, **options)
if 'out' in options: if 'out' in options:
@ -233,7 +233,7 @@ class certprofile_import(LDAPCreate):
PROFILE_ID_PATTERN = re.compile('^profileId=([a-zA-Z]\w*)', re.MULTILINE) PROFILE_ID_PATTERN = re.compile('^profileId=([a-zA-Z]\w*)', re.MULTILINE)
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options): def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options):
ca_enabled_check() ca_enabled_check(self.api)
context.profile = options['file'] context.profile = options['file']
match = self.PROFILE_ID_PATTERN.search(options['file']) match = self.PROFILE_ID_PATTERN.search(options['file'])
@ -271,7 +271,7 @@ class certprofile_del(LDAPDelete):
msg_summary = _('Deleted profile "%(value)s"') msg_summary = _('Deleted profile "%(value)s"')
def pre_callback(self, ldap, dn, *keys, **options): def pre_callback(self, ldap, dn, *keys, **options):
ca_enabled_check() ca_enabled_check(self.api)
if keys[0] in [p.profile_id for p in INCLUDED_PROFILES]: if keys[0] in [p.profile_id for p in INCLUDED_PROFILES]:
raise errors.ValidationError(name='profile_id', raise errors.ValidationError(name='profile_id',
@ -304,7 +304,7 @@ class certprofile_mod(LDAPUpdate):
) )
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
ca_enabled_check() ca_enabled_check(self.api)
# Once a profile id is set it cannot be changed # Once a profile id is set it cannot be changed
if 'cn' in entry_attrs: if 'cn' in entry_attrs:
raise errors.ProtectedEntryError(label='certprofile', key=keys[0], raise errors.ProtectedEntryError(label='certprofile', key=keys[0],