freeipa/ipapython
Fraser Tweedale 5f0e13ce9c ca-add: validate Subject DN name attributes
If the Subject DN is syntactically valid but contains unrecognised
name attributes, FreeIPA accepts it but Dogtag rejects it, returning
status 400 and causing the framework to raise RemoteRetrieveError.

Update the ca-add command to perform some additional validation on
the user-supplied Subject DN, making sure that we recognise all the
attributes.

Fixes: https://pagure.io/freeipa/issue/6987
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Felipe Volpone <felipevolpone@gmail.com>
2017-06-01 09:28:36 +02:00
..
install Fix Python 3 pylint errors 2017-03-15 19:11:32 +01:00
__init__.py Rename ipa-python directory to ipapython so it is a real python library 2009-02-09 14:35:15 -05:00
admintool.py Python3 pylint fixes 2016-11-25 16:18:22 +01:00
certdb.py Add Subject Key Identifier to CA cert validity check 2017-05-30 12:39:15 +02:00
config.py pylint_plugins: add forbidden import checker 2017-03-10 13:04:59 +01:00
cookie.py pylint_plugins: add forbidden import checker 2017-03-10 13:04:59 +01:00
dn.py ca-add: validate Subject DN name attributes 2017-06-01 09:28:36 +02:00
dnsutil.py Py3: Fix ToASCII method 2017-01-06 12:48:10 +01:00
dogtag.py ca_status: add HTTP timeout 30 seconds 2017-05-04 14:09:50 +02:00
errors.py Replace StandardError with Exception 2015-09-30 10:51:36 +02:00
graph.py Remove unused variables in the code 2016-09-27 13:35:58 +02:00
ipa_log_manager.py install: allow specifying verbosity and console log format in CLI 2016-11-11 12:17:25 +01:00
ipaldap.py py3: ipaldap: encode Boolean as bytes 2017-06-01 09:24:24 +02:00
ipautil.py ipapython.ipautil.run: Add option to set umask before executing command 2017-05-19 12:31:24 +02:00
ipavalidate.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
kerberos.py Principal: validate type of input parameter 2017-01-31 18:33:27 +01:00
kernel_keyring.py Fix session cookies 2016-07-22 16:30:32 +02:00
log_manager.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
Makefile.am ipapython: fix DEFAULT_PLUGINS in version.py 2017-03-09 18:39:48 +01:00
nsslib.py Remove ipapython.nsslib as it is not used anymore 2017-03-01 09:43:41 +00:00
README Replace DNS client based on acutil with python-dns 2012-05-24 13:55:56 +02:00
session_storage.py Fix libkrb5 filename for macOS 2017-05-17 14:07:13 +02:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Correct PyPI package dependencies 2017-04-26 12:31:11 +02:00
ssh.py py3: fingerprint_hex_sha256: fix encoding/decoding 2017-01-31 18:33:27 +01:00
version.py.in ipapython: fix DEFAULT_PLUGINS in version.py 2017-03-09 18:39:48 +01:00

This is a set of libraries common to IPA clients and servers though mostly
geared currently towards command-line tools.

A brief overview:

config.py - identify the IPA server domain and realm. It uses python-dns to
            try to detect this information first and will fall back to
            /etc/ipa/default.conf if that fails.

ipautil.py - helper functions

entity.py - entity is the main data type. User and Group extend this class
            (but don't add anything currently).

ipavalidate.py - basic data validation routines