IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Added ipaVaultPublicKey attribute.

Browse Source 
A new attribute ipaVaultPublicKey has been added to replace the
existing ipaPublicKey used to store the vault public key.

https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Endi S. Dewata
2015-07-02 15:27:16 -04:00
committed by Jan Cholasta
parent fc5c614950
commit 475ade4bec
5 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
API.txt
View File

@@ -5413,7 +5413,7 @@ arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False,
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('description?', cli_name='desc')
option: Bytes('ipapublickey?', cli_name='public_key')
option: Bytes('ipavaultpublickey?', cli_name='public_key')
option: Str('ipavaulttype?', cli_name='type')
option: Str('password?', cli_name='password')
option: Str('password_file?', cli_name='password_file')
@@ -5432,7 +5432,7 @@ args: 1,10,3
arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=False)
option: Bytes('ipapublickey', attribute=True, cli_name='public_key', multivalue=False, required=False)
option: Bytes('ipavaultpublickey', attribute=True, cli_name='public_key', multivalue=False, required=False)
option: Bytes('ipavaultsalt', attribute=True, cli_name='salt', multivalue=False, required=False)
option: Str('ipavaulttype', attribute=True, autofill=True, cli_name='type', default=u'standard', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
@@ -5511,7 +5511,7 @@ option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('delattr*', cli_name='delattr', exclude='webui')
option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False)
option: Bytes('ipapublickey', attribute=True, autofill=False, cli_name='public_key', multivalue=False, required=False)
option: Bytes('ipavaultpublickey', attribute=True, autofill=False, cli_name='public_key', multivalue=False, required=False)
option: Bytes('ipavaultsalt', attribute=True, autofill=False, cli_name='salt', multivalue=False, required=False)
option: Str('ipavaulttype', attribute=True, autofill=False, cli_name='type', default=u'standard', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')

4
VERSION
View File

@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=138
# Last change: edewata - added symmetric and asymmetric vaults
IPA_API_VERSION_MINOR=139
# Last change: edewata - added ipaVaultPublicKey attribute

3
install/share/60basev3.ldif
View File

@@ -58,6 +58,7 @@ attributeTypes: (2.16.840.1.113730.3.8.11.70 NAME 'ipaPermTargetTo' DESC 'Destin
attributeTypes: (2.16.840.1.113730.3.8.11.71 NAME 'ipaPermTargetFrom' DESC 'Source location from where moving an entry IPA permission ACI' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'IPA v4.0' )
attributeTypes: (2.16.840.1.113730.3.8.18.2.1 NAME 'ipaVaultType' DESC 'IPA vault type' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v4.2')
attributeTypes: (2.16.840.1.113730.3.8.18.2.2 NAME 'ipaVaultSalt' DESC 'IPA vault salt' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'IPA v4.2' )
attributeTypes: (2.16.840.1.113730.3.8.18.2.3 NAME 'ipaVaultPublicKey' DESC 'IPA vault public key' SUP ipaPublicKey X-ORIGIN 'IPA v4.2' )
objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $ memberOf $ description $ owner) X-ORIGIN 'IPA v3' )
objectClasses: (2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) MAY ( ipaNTHash $ ipaNTLogonScript $ ipaNTProfilePath $ ipaNTHomeDirectory $ ipaNTHomeDirectoryDrive ) X-ORIGIN 'IPA v3' )
objectClasses: (2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' )
@@ -81,4 +82,4 @@ objectClasses: (2.16.840.1.113730.3.8.12.24 NAME 'ipaPublicKeyObject' DESC 'Wrap
objectClasses: (2.16.840.1.113730.3.8.12.25 NAME 'ipaPrivateKeyObject' DESC 'Wrapped private keys' SUP top AUXILIARY MUST ( ipaPrivateKey $ ipaWrappingKey $ ipaWrappingMech ) X-ORIGIN 'IPA v4.1' )
objectClasses: (2.16.840.1.113730.3.8.12.26 NAME 'ipaSecretKeyObject' DESC 'Wrapped secret keys' SUP top AUXILIARY MUST ( ipaSecretKey $ ipaWrappingKey $ ipaWrappingMech ) X-ORIGIN 'IPA v4.1' )
objectClasses: (2.16.840.1.113730.3.8.12.34 NAME 'ipaSecretKeyRefObject' DESC 'Indirect storage for encoded key material' SUP top AUXILIARY MUST ( ipaSecretKeyRef ) X-ORIGIN 'IPA v4.1' )
objectClasses: (2.16.840.1.113730.3.8.18.1.1 NAME 'ipaVault' DESC 'IPA vault' SUP top STRUCTURAL MUST ( cn ) MAY ( description $ ipaVaultType $ ipaVaultSalt $ ipaPublicKey ) X-ORIGIN 'IPA v4.2' )
objectClasses: (2.16.840.1.113730.3.8.18.1.1 NAME 'ipaVault' DESC 'IPA vault' SUP top STRUCTURAL MUST ( cn ) MAY ( description $ ipaVaultType $ ipaVaultSalt $ ipaVaultPublicKey ) X-ORIGIN 'IPA v4.2' )

16
ipalib/plugins/vault.py
View File

@@ -233,7 +233,7 @@ class vault(LDAPObject):
'description',
'ipavaulttype',
'ipavaultsalt',
'ipapublickey',
'ipavaultpublickey',
]
search_display_attributes = [
'cn',
@@ -276,7 +276,7 @@ class vault(LDAPObject):
flags=['no_search'],
),
Bytes(
'ipapublickey?',
'ipavaultpublickey?',
cli_name='public_key',
label=_('Public key'),
doc=_('Vault public key'),
@@ -509,7 +509,7 @@ class vault_add(PKQuery, Local):
doc=_('File containing the vault password'),
),
Bytes(
'ipapublickey?',
'ipavaultpublickey?',
cli_name='public_key',
doc=_('Vault public key'),
),
@@ -527,7 +527,7 @@ class vault_add(PKQuery, Local):
vault_type = options.get('ipavaulttype', u'standard')
password = options.get('password')
password_file = options.get('password_file')
public_key = options.get('ipapublickey')
public_key = options.get('ipavaultpublickey')
public_key_file = options.get('public_key_file')
# don't send these parameters to server
@@ -584,11 +584,11 @@ class vault_add(PKQuery, Local):
public_key = f.read()
# store vault public key
options['ipapublickey'] = public_key
options['ipavaultpublickey'] = public_key
else:
raise errors.ValidationError(
name='ipapublickey',
name='ipavaultpublickey',
error=_('Missing vault public key'))
# create vault
@@ -606,7 +606,7 @@ class vault_add(PKQuery, Local):
del opts['ipavaultsalt']
elif vault_type == u'asymmetric':
del opts['ipapublickey']
del opts['ipavaultpublickey']
# archive blank data
self.api.Command.vault_archive(*args, **opts)
@@ -920,7 +920,7 @@ class vault_archive(PKQuery, Local):
elif vault_type == u'asymmetric':
public_key = vault['ipapublickey'][0].encode('utf-8')
public_key = vault['ipavaultpublickey'][0].encode('utf-8')
# generate encryption key
encryption_key = base64.b64encode(os.urandom(32))

4
ipatests/test_xmlrpc/test_vault_plugin.py
View File

@@ -634,7 +634,7 @@ class test_vault_plugin(Declarative):
[asymmetric_vault_name],
{
'ipavaulttype': u'asymmetric',
'ipapublickey': public_key,
'ipavaultpublickey': public_key,
},
),
'expected': {
@@ -646,7 +646,7 @@ class test_vault_plugin(Declarative):
'objectclass': [u'top', u'ipaVault'],
'cn': [asymmetric_vault_name],
'ipavaulttype': [u'asymmetric'],
'ipapublickey': [public_key],
'ipavaultpublickey': [public_key],
},
},
},