IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix incorrect check for principal type when evaluating CA ACLs

Browse Source 
This error prevented hosts to request certificates for themselves.

https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: Petr Spacek <pspacek@redhat.com>
This commit is contained in:
Martin Babinsky 2016-07-01 11:55:47 +02:00 committed by Jan Cholasta
parent 4c1d737656
commit 0ade41abba
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ipaserver/plugins/caacl.py
View File

@ -64,8 +64,10 @@ def _acl_make_request(principal_type, principal, ca_id, profile_id):
req = pyhbac.HbacRequest()
req.targethost.name = ca_id
req.service.name = profile_id
if principal_type == 'user' or principal_type == 'host':
if principal_type == 'user':
req.user.name = principal.username
elif principal_type == 'host':
req.user.name = principal.hostname
elif principal_type == 'service':
req.user.name = unicode(principal)
groups = []