IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Unify display of principal names/aliases across entities

Browse Source 
Since now users, hosts, and service all support assigning multiple principal
aliases to them, the display of kerberos principal names should be consistent
across all these objects. Principal aliases and canonical names will now be
displayed in all add, mod, show, and find operations.

https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Martin Babinsky
2016-06-29 14:54:54 +02:00
committed by Martin Basti
parent e6ff83e361
commit acf2234ebc
11 changed files with 57 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
VERSION
View File

@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=208
# Last change: mbabinsk: Provide API for management of host, service, and user principal aliases
IPA_API_VERSION_MINOR=209
# Last change: mbabinsk: Unify display of principal names/aliases across entities

4
ipaserver/plugins/baseuser.py
View File

@@ -149,9 +149,11 @@ class baseuser(LDAPObject):
'memberofindirect', 'ipauserauthtype', 'userclass',
'ipatokenradiusconfiglink', 'ipatokenradiususername',
'krbprincipalexpiration', 'usercertificate;binary',
'krbprincipalname', 'krbcanonicalname'
]
search_display_attributes = [
'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
'uid', 'givenname', 'sn', 'homedirectory', 'krbcanonicalname',
'krbprincipalname', 'loginshell',
'mail', 'telephonenumber', 'title', 'nsaccountlock',
'uidnumber', 'gidnumber', 'sshpubkeyfp',
]

7
ipaserver/plugins/host.py
View File

@@ -263,11 +263,12 @@ class host(LDAPObject):
permission_filter_objectclasses = ['ipahost']
# object_class_config = 'ipahostobjectclasses'
search_attributes = [
'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname',
'nshardwareplatform', 'nsosversion', 'managedby',
'fqdn', 'description', 'l', 'nshostlocation', 'krbcanonicalname',
'krbprincipalname', 'nshardwareplatform', 'nsosversion', 'managedby',
]
default_attributes = [
'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname',
'fqdn', 'description', 'l', 'nshostlocation', 'krbcanonicalname',
'krbprincipalname',
'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof',
'managedby', 'memberofindirect', 'macaddress',
'userclass', 'ipaallowedtoperform', 'ipaassignedidview', 'krbprincipalauthind'

6
ipaserver/plugins/service.py
View File

@@ -361,8 +361,10 @@ class service(LDAPObject):
possible_objectclasses = ['ipakrbprincipal', 'ipaallowedoperations']
permission_filter_objectclasses = ['ipaservice']
search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata']
default_attributes = ['krbprincipalname', 'usercertificate', 'managedby',
'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform', 'krbprincipalauthind']
default_attributes = [
'krbprincipalname', 'krbcanonicalname', 'usercertificate', 'managedby',
'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform',
'krbprincipalauthind']
uuid_attribute = 'ipauniqueid'
attribute_members = {
'managedby': ['host'],

1
ipatests/test_xmlrpc/test_netgroup_plugin.py
View File

@@ -231,6 +231,7 @@ class test_netgroup(Declarative):
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (host1, api.env.realm)],
krbcanonicalname=[u'host/%s@%s' % (host1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[host1],

1
ipatests/test_xmlrpc/test_selinuxusermap_plugin.py
View File

@@ -272,6 +272,7 @@ class test_selinuxusermap(Declarative):
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (host1, api.env.realm)],
krbcanonicalname=[u'host/%s@%s' % (host1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[host1],

37
ipatests/test_xmlrpc/test_service_plugin.py
View File

@@ -114,6 +114,7 @@ class test_service(Declarative):
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
krbcanonicalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn1],
@@ -142,6 +143,7 @@ class test_service(Declarative):
description=[u'Test host 2'],
l=[u'Undisclosed location 2'],
krbprincipalname=[u'host/%s@%s' % (fqdn2, api.env.realm)],
krbcanonicalname=[u'host/%s@%s' % (fqdn2, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn2],
@@ -170,6 +172,8 @@ class test_service(Declarative):
description=[u'Test host 3'],
l=[u'Undisclosed location 3'],
krbprincipalname=[u'host/%s@%s' % (fqdn3.lower(), api.env.realm)],
krbcanonicalname=[u'host/%s@%s' % (
fqdn3.lower(), api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn3.lower()],
@@ -223,6 +227,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=[service1],
has_keytab=False,
managedby_host=[fqdn1],
),
@@ -263,7 +268,7 @@ class test_service(Declarative):
dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=service1,
krbcanonicalname=[service1],
managedby_host=[fqdn1],
has_keytab=False,
),
@@ -283,7 +288,7 @@ class test_service(Declarative):
dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=service1,
krbcanonicalname=[service1],
has_keytab=False,
),
],
@@ -325,6 +330,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -340,6 +346,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -355,6 +362,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1, fqdn2],
),
),
@@ -370,6 +378,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -385,6 +394,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1, fqdn3.lower()],
),
),
@@ -400,6 +410,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -428,6 +439,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
@@ -463,6 +475,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
@@ -488,6 +501,7 @@ class test_service(Declarative):
dn=service1dn,
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
krbcanonicalname=[service1],
has_keytab=False,
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
@@ -515,6 +529,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
@@ -542,6 +557,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
@@ -567,6 +583,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
@@ -623,7 +640,7 @@ class test_service(Declarative):
desc='Create service with malformed principal "foo"',
command=('service_add', [u'foo'], {}),
expected=errors.ValidationError(
name='principal',
name='canonical_principal',
error='Service principal is required')
),
@@ -702,6 +719,7 @@ class test_service_in_role(Declarative):
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
krbcanonicalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn1],
@@ -776,6 +794,7 @@ class test_service_in_role(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
memberof_role=[role1],
has_keytab=False,
@@ -889,6 +908,7 @@ class test_service_allowed_to(Declarative):
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
krbcanonicalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn1],
@@ -952,6 +972,7 @@ class test_service_allowed_to(Declarative):
dn=service1dn,
ipaallowedtoperform_read_keys_user=[user1],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -975,6 +996,7 @@ class test_service_allowed_to(Declarative):
dn=service1dn,
ipaallowedtoperform_read_keys_user=[user1],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1003,6 +1025,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_read_keys_host=[fqdn1],
ipaallowedtoperform_read_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1029,6 +1052,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_read_keys_host=[fqdn1],
ipaallowedtoperform_read_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1055,6 +1079,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_read_keys_host=[fqdn1],
ipaallowedtoperform_read_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1087,6 +1112,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_host=[fqdn1],
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1118,6 +1144,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_host=[fqdn1],
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1148,6 +1175,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_host=[fqdn1],
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1178,6 +1206,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_host=[fqdn1],
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1201,6 +1230,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_host=[fqdn1],
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1225,6 +1255,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
ipakrbokasdelegate=True,
krbprincipalname=[service1],
krbcanonicalname=[service1],
krbticketflags=[u'1048704'],
managedby_host=[fqdn1],
),

2
ipatests/test_xmlrpc/test_user_plugin.py
View File

@@ -955,6 +955,8 @@ def get_user_result(uid, givenname, sn, operation='show', omit=[],
uid=[uid],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)],
krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
mail=[u'%s@%s' % (uid, api.env.domain)],
has_keytab=False,
has_password=False,

3
ipatests/test_xmlrpc/tracker/host_plugin.py
View File

@@ -22,7 +22,8 @@ class HostTracker(Tracker):
``fqdn`` and ``dn``.
"""
retrieve_keys = {
'dn', 'fqdn', 'description', 'l', 'krbprincipalname', 'managedby_host',
'dn', 'fqdn', 'description', 'l', 'krbcanonicalname',
'krbprincipalname', 'managedby_host',
'has_keytab', 'has_password', 'issuer', 'md5_fingerprint',
'serial_number', 'serial_number_hex', 'sha1_fingerprint',
'subject', 'usercertificate', 'valid_not_after', 'valid_not_before',

5
ipatests/test_xmlrpc/tracker/stageuser_plugin.py
View File

@@ -44,11 +44,10 @@ class StageUserTracker(Tracker):
u'usercertificate', u'dn', u'has_keytab', u'has_password',
u'street', u'postalcode', u'facsimiletelephonenumber',
u'carlicense', u'ipasshpubkey', u'sshpubkeyfp', u'l',
u'st', u'mobile', u'pager', }
u'st', u'mobile', u'pager', u'krbcanonicalname', u'krbprincipalname'}
retrieve_all_keys = retrieve_keys | {
u'cn', u'ipauniqueid', u'objectclass', u'description',
u'displayname', u'gecos', u'initials', u'krbcanonicalname',
u'krbprincipalname', u'manager'}
u'displayname', u'gecos', u'initials', u'manager'}
create_keys = retrieve_all_keys | {
u'objectclass', u'ipauniqueid', u'randompassword',

4
ipatests/test_xmlrpc/tracker/user_plugin.py
View File

@@ -28,6 +28,7 @@ class UserTracker(Tracker):
u'ipatokenradiusconfiglink', u'ipatokenradiususername',
u'krbprincipalexpiration', u'usercertificate;binary',
u'has_keytab', u'has_password', u'memberof_group', u'sshpubkeyfp',
u'krbcanonicalname', 'krbprincipalname'
}
retrieve_all_keys = retrieve_keys | {
@@ -36,8 +37,7 @@ class UserTracker(Tracker):
u'l', u'mobile', u'krbextradata', u'krblastpwdchange',
u'krbpasswordexpiration', u'pager', u'st', u'manager', u'cn',
u'ipauniqueid', u'objectclass', u'mepmanagedentry',
u'displayname', u'gecos', u'initials', u'krbcanonicalname',
'krbprincipalname', u'preserved'}
u'displayname', u'gecos', u'initials', u'preserved'}
retrieve_preserved_keys = (retrieve_keys - {u'memberof_group'}) | {
u'preserved'}