mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
68ada5f204
The 'cert_request' command accumulates DNS names from the CSR, before checking that all IP addresses in the CSR are reachable from those DNS names. Before adding a DNS name to the set, we check that that it corresponds to the FQDN of a known host/service principal (including principal aliases). When a DNS name maps to a "alternative" principal (i.e. not the one given via the 'principal' argument), this check was not being performed correctly. Specifically, we were looking for the 'krbprincipalname' field on the RPC response object directly, instead of its 'result' field. To resolve the issue, dereference the RPC response to its 'result' field before invoking the '_dns_name_matches_principal' subroutine. Fixes: https://pagure.io/freeipa/issue/8368 Reviewed-By: Rob Crittenden <rcritten@redhat.com> |
||
|---|---|---|
| .. | ||
| advise | ||
| dnssec | ||
| install | ||
| plugins | ||
| secrets | ||
| __init__.py | ||
| dcerpc_common.py | ||
| dcerpc.py | ||
| dns_data_management.py | ||
| Makefile.am | ||
| masters.py | ||
| p11helper.py | ||
| rpcserver.py | ||
| servroles.py | ||
| setup.cfg | ||
| setup.py | ||
| topology.py | ||