IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Make check_required_principal() case-insensitive

Browse Source 
service-del deletes services by DN and LDAP DNs are compared
case-insensitive. Make check_required_principal() compare the
service name case insensitive.

Fixes: https://pagure.io/freeipa/issue/8308
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Christian Heimes 2020-05-04 16:13:22 +02:00
parent 490682ac3c
commit fefd1153d5
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ipaserver/plugins/service.py
View File

@ -287,8 +287,8 @@ def check_required_principal(ldap, principal):
try: try:
host_is_master(ldap, principal.hostname) host_is_master(ldap, principal.hostname)
except errors.ValidationError: except errors.ValidationError:
service_types = ['HTTP', 'ldap', 'DNS', 'dogtagldap'] service_types = {'http', 'ldap', 'dns', 'dogtagldap'}
if principal.service_name in service_types: if principal.service_name.lower() in service_types:
raise errors.ValidationError(name='principal', error=_('This principal is required by the IPA master')) raise errors.ValidationError(name='principal', error=_('This principal is required by the IPA master'))
def update_krbticketflags(ldap, entry_attrs, attrs_list, options, existing): def update_krbticketflags(ldap, entry_attrs, attrs_list, options, existing):

23
ipatests/test_xmlrpc/test_service_plugin.py
View File

@ -814,6 +814,18 @@ class test_service(Declarative):
expected=errors.ValidationError(name='principal', error='This principal is required by the IPA master'), expected=errors.ValidationError(name='principal', error='This principal is required by the IPA master'),
), ),
# DN is case insensitive, see https://pagure.io/freeipa/issue/8308
dict(
desc=(
'Delete the current host (master?) %s HTTP service, should '
'be caught'
) % api.env.host,
command=('service_del', ['http/%s' % api.env.host], {}),
expected=errors.ValidationError(
name='principal',
error='This principal is required by the IPA master'
),
),
dict( dict(
desc='Delete the current host (master?) %s ldap service, should be caught' % api.env.host, desc='Delete the current host (master?) %s ldap service, should be caught' % api.env.host,
@ -828,6 +840,17 @@ class test_service(Declarative):
expected=errors.ValidationError(name='principal', error='This principal is required by the IPA master'), expected=errors.ValidationError(name='principal', error='This principal is required by the IPA master'),
), ),
dict(
desc=(
'Disable the current host (master?) %s HTTP service, should '
'be caught'
) % api.env.host,
command=('service_disable', ['http/%s' % api.env.host], {}),
expected=errors.ValidationError(
name='principal',
error='This principal is required by the IPA master'
),
),
dict( dict(
desc='Disable the current host (master?) %s ldap service, should be caught' % api.env.host, desc='Disable the current host (master?) %s ldap service, should be caught' % api.env.host,