freeipa/ipaserver/plugins
Fraser Tweedale a7b18372ed certprofile: reject config with multiple profileIds
In certprofile-import if the config file contains two profileId
directives with different values, with the first matching the
profile ID CLI argument and the second differing, the profile gets
imported under the second ID.  This leads to:

- failure to enable the profile
- failure to add the IPA "tracking" certprofile object
- inability to delete the misnamed profile from Dogtag (via ipa CLI)

To avert this scenario, detect and reject profile configurations
where profileId is specified multiple times (whether or not the
values differ).

https://pagure.io/freeipa/issue/7503

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-04-19 08:57:53 -04:00
..
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
aci.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
automember.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
automount.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
baseldap.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
baseuser.py Revert "Don't allow OTP or RADIUS in FIPS mode" 2018-03-12 13:29:19 -04:00
batch.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
ca.py ldap2: fix implementation of can_add 2018-02-09 08:57:41 +01:00
caacl.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
cert.py cert-request: avoid internal error when cert malformed 2018-02-06 11:42:34 +01:00
certmap.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
certprofile.py certprofile: reject config with multiple profileIds 2018-04-19 08:57:53 -04:00
config.py Remove NTP server role while upgrading 2018-04-09 11:00:02 -04:00
delegation.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
dns.py ipa host-add --ip-address: properly handle NoNameservers 2018-02-12 17:30:52 +01:00
dnsserver.py dnsserver.py: dnsserver-find no longer returns internal server error 2017-06-15 13:51:06 +02:00
dogtag.py Use TLS for the cert-find operation 2017-09-18 11:44:08 +02:00
domainlevel.py Check for conflict entries before raising domain level 2016-12-13 12:25:07 +01:00
group.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
hbac.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
hbacrule.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
hbacsvc.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbacsvcgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbactest.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
host.py ipa host-add: do not raise exception when reverse record not added 2018-02-23 14:39:34 +01:00
hostgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
idrange.py Error message while adding idrange with untrusted domain 2018-03-15 07:31:37 +01:00
idviews.py Idviews: fix objectclass violation on idview-add 2018-01-09 07:58:52 +01:00
internal.py More log in verbs 2017-12-12 12:53:21 +01:00
join.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
krbtpolicy.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
ldap2.py ldap2: fix implementation of can_add 2018-02-09 08:57:41 +01:00
location.py DNS Location: add list of roles and DNS servers to location-show 2016-06-17 18:05:03 +02:00
migration.py Generate same API.txt under Python 2 and 3 2018-02-15 09:41:30 +01:00
misc.py Make env and plugins commands local again 2016-12-02 13:00:06 +01:00
netgroup.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
otp.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otpconfig.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otptoken.py use LDAP Whoami command when creating an OTP token 2018-03-22 11:33:17 +01:00
passwd.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
permission.py LGTM: unnecessary else in for loop 2018-01-09 07:53:28 +01:00
ping.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
pkinit.py pkinit: don't fail when no pkinit servers found 2017-09-12 15:59:20 +02:00
privilege.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
pwpolicy.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
rabase.py rabase.get_certificate: make serial number arg mandatory 2017-03-07 13:24:16 +01:00
radiusproxy.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
realmdomains.py realm domains: improve doc text 2018-03-21 15:29:50 +01:00
role.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
schema.py Fixing translation problems 2018-01-31 16:03:19 +01:00
selfservice.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
selinuxusermap.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
server.py preventing ldap principal to be deleted 2018-01-31 12:35:03 +01:00
serverrole.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
serverroles.py Fix ipa config-mod --ca-renewal-master 2017-09-05 14:13:46 +02:00
service.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
servicedelegation.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
session.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
stageuser.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
sudo.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
sudocmd.py sudocmd: fix unsupported assignment 2017-09-08 15:42:07 +02:00
sudocmdgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudorule.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
topology.py Fix regexp patterns in parameters to not enforce length 2016-09-20 17:35:28 +02:00
trust.py Generate same API.txt under Python 2 and 3 2018-02-15 09:41:30 +01:00
user.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
vault.py Fixing vault-add-member to be compatible with py3 2018-01-24 19:09:03 +01:00
virtual.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
whoami.py whoami.py: Type error when running tests 2017-07-07 14:44:42 +02:00
xmlserver.py Added new authentication method 2016-08-17 16:55:49 +02:00