freeipa/ipaserver/plugins
Fraser Tweedale 5f0e13ce9c ca-add: validate Subject DN name attributes
If the Subject DN is syntactically valid but contains unrecognised
name attributes, FreeIPA accepts it but Dogtag rejects it, returning
status 400 and causing the framework to raise RemoteRetrieveError.

Update the ca-add command to perform some additional validation on
the user-supplied Subject DN, making sure that we recognise all the
attributes.

Fixes: https://pagure.io/freeipa/issue/6987
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Felipe Volpone <felipevolpone@gmail.com>
2017-06-01 09:28:36 +02:00
..
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
aci.py wrap long line 2016-11-25 16:18:22 +01:00
automember.py allow 'value' output param in commands without primary key 2016-07-20 13:57:01 +02:00
automount.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
baseldap.py fix minor spelling mistakes 2017-05-19 09:52:46 +02:00
baseuser.py Add --password-expiration to allow admin to force user password expiration 2017-03-31 12:19:40 +02:00
batch.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
ca.py ca-add: validate Subject DN name attributes 2017-06-01 09:28:36 +02:00
caacl.py Conditionally import pyhbac 2017-04-03 13:08:52 +02:00
cert.py Fixing the cert-request comparing whole email address case-sensitively. 2017-05-16 09:50:22 +02:00
certmap.py Re-use trust domain retrieval code in certmap validators 2017-03-14 18:37:10 +01:00
certprofile.py Reuse self.api when executing ca_enabled_check 2017-01-11 15:26:20 +01:00
config.py Add the list of PKINIT servers as a virtual attribute to global config 2017-05-26 16:11:40 +02:00
delegation.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
dns.py Refactor the role/attribute member reporting code 2017-05-26 16:11:40 +02:00
dnsserver.py help: Add dnsserver commands to help topic 'dns' 2016-07-22 13:52:09 +02:00
dogtag.py Refresh Dogtag RestClient.ca_host property 2017-05-02 17:33:25 +02:00
domainlevel.py Check for conflict entries before raising domain level 2016-12-13 12:25:07 +01:00
group.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
hbac.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
hbacrule.py Allow renaming of the HBAC rule objects 2017-03-27 19:08:26 +02:00
hbacsvc.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbacsvcgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbactest.py Add an option to build ipaserver wheels 2017-04-03 13:08:52 +02:00
host.py Fixing adding authenticator indicators to host 2017-05-16 10:29:00 +02:00
hostgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
idrange.py fix minor spelling mistakes 2017-05-19 09:52:46 +02:00
idviews.py fix minor spelling mistakes 2017-05-19 09:52:46 +02:00
internal.py WebUI: Add support for login for AD users 2017-03-27 08:55:41 +02:00
join.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
krbtpolicy.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
ldap2.py ldap2: use LDAP whoami operation to retrieve bind DN for current connection 2017-03-22 17:19:22 +01:00
location.py DNS Location: add list of roles and DNS servers to location-show 2016-06-17 18:05:03 +02:00
migration.py Fix ipa migrate-ds when it finds a search reference 2016-11-17 01:01:05 +01:00
misc.py Make env and plugins commands local again 2016-12-02 13:00:06 +01:00
netgroup.py netgroup: avoid extraneous LDAP search when retrieving primary key from DN 2016-09-09 16:27:53 +02:00
otp.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otpconfig.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otptoken.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
passwd.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
permission.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
ping.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
pkinit.py Add pkinit-status command 2017-05-26 16:11:40 +02:00
privilege.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
pwpolicy.py pwpolicy: do not run klist on import 2016-10-24 14:11:08 +02:00
rabase.py rabase.get_certificate: make serial number arg mandatory 2017-03-07 13:24:16 +01:00
radiusproxy.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
realmdomains.py ipautil: remove get_domain_name() 2016-11-29 14:50:51 +01:00
role.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
schema.py schema: Fix subtopic -> topic mapping 2016-07-15 14:02:17 +02:00
selfservice.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
selinuxusermap.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
server.py server-del: update defaultServerList in cn=default,ou=profile,$BASE 2017-05-19 18:45:52 +02:00
serverrole.py Fix minor typos 2016-06-16 08:47:20 +02:00
serverroles.py Allow for multivalued server attributes 2017-05-26 16:11:40 +02:00
service.py Add SHA256 fingerprints for certs 2017-03-07 19:52:43 +01:00
servicedelegation.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
session.py Fix session logout 2017-02-22 10:15:50 +01:00
stageuser.py Support for Certificate Identity Mapping 2017-03-02 15:09:42 +01:00
sudo.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
sudocmd.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudocmdgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudorule.py Allow renaming of the sudorule objects 2017-03-27 19:08:26 +02:00
topology.py Fix regexp patterns in parameters to not enforce length 2016-09-20 17:35:28 +02:00
trust.py Refactor the role/attribute member reporting code 2017-05-26 16:11:40 +02:00
user.py user.py: replace user_mod with ldap.update_entry() 2017-05-30 12:35:41 +02:00
vault.py Refactor the role/attribute member reporting code 2017-05-26 16:11:40 +02:00
virtual.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
whoami.py add whoami command 2017-03-09 14:10:02 +01:00
xmlserver.py Added new authentication method 2016-08-17 16:55:49 +02:00