pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0040-store-certificates-issued-for-user-entries-as-userCe.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   590d180adcbf36133f0b1a25f8e6e746d9658a53
  2.   SOURCES
  3.   0040-store-certificates-issued-for-user-entries-as-userCe.patch
Blob History Raw
590d18 
From 180f571e60aaedaacdaa272d2a34719ce0ce0565 Mon Sep 17 00:00:00 2001
590d18 
From: Martin Babinsky <mbabinsk@redhat.com>
590d18 
Date: Mon, 3 Aug 2015 13:36:29 +0200
590d18 
Subject: [PATCH] store certificates issued for user entries as
590d18 
 userCertificate;binary
590d18
590d18 
This patch forces the user management CLI command to store certificates as
590d18 
userCertificate;binary attribute. The code to retrieve of user information was
590d18 
modified to enable outputting of userCertificate;binary attribute to the
590d18 
command line.
590d18
590d18 
The modification also fixes https://fedorahosted.org/freeipa/ticket/5173
590d18
590d18 
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
590d18 
---
590d18 
 ipalib/plugins/baseuser.py | 23 ++++++++++++++++++++++-
590d18 
 ipalib/plugins/user.py     | 21 +++++++++------------
590d18 
 2 files changed, 31 insertions(+), 13 deletions(-)
590d18
590d18 
diff --git a/ipalib/plugins/baseuser.py b/ipalib/plugins/baseuser.py
590d18 
index bd66cf5a3e3a4e6c18d1a54408f969668c834fab..5eede7a98e7e6d9bf31a6d553b0ce60c7cf3527c 100644
590d18 
--- a/ipalib/plugins/baseuser.py
590d18 
+++ b/ipalib/plugins/baseuser.py
590d18 
@@ -187,7 +187,7 @@ class baseuser(LDAPObject):
590d18 
         'telephonenumber', 'title', 'memberof', 'nsaccountlock',
590d18 
         'memberofindirect', 'ipauserauthtype', 'userclass',
590d18 
         'ipatokenradiusconfiglink', 'ipatokenradiususername',
590d18 
-        'krbprincipalexpiration', 'usercertificate',
590d18 
+        'krbprincipalexpiration', 'usercertificate;binary',
590d18 
     ]
590d18 
     search_display_attributes = [
590d18 
         'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
590d18 
@@ -465,10 +465,27 @@ class baseuser(LDAPObject):
590d18 
         assert isinstance(user, DN)
590d18 
         return self._user_status(user, DN(self.delete_container_dn, api.env.basedn))
590d18
590d18 
+    def convert_usercertificate_pre(self, entry_attrs):
590d18 
+        if 'usercertificate' in entry_attrs:
590d18 
+            entry_attrs['usercertificate;binary'] = entry_attrs.pop(
590d18 
+                'usercertificate')
590d18 
+
590d18 
+    def convert_usercertificate_post(self, entry_attrs, **options):
590d18 
+        if 'usercertificate;binary' in entry_attrs:
590d18 
+            entry_attrs['usercertificate'] = entry_attrs.pop(
590d18 
+                'usercertificate;binary')
590d18 
+
590d18 
 class baseuser_add(LDAPCreate):
590d18 
     """
590d18 
     Prototype command plugin to be implemented by real plugin
590d18 
     """
590d18 
+    def pre_common_callback(self, ldap, dn, entry_attrs, **options):
590d18 
+        assert isinstance(dn, DN)
590d18 
+        self.obj.convert_usercertificate_pre(entry_attrs)
590d18 
+
590d18 
+    def post_common_callback(self, ldap, dn, entry_attrs, **options):
590d18 
+        assert isinstance(dn, DN)
590d18 
+        self.obj.convert_usercertificate_post(entry_attrs, **options)
590d18
590d18 
 class baseuser_del(LDAPDelete):
590d18 
     """
590d18 
@@ -542,6 +559,7 @@ class baseuser_mod(LDAPUpdate):
590d18 
         self.check_userpassword(entry_attrs, **options)
590d18
590d18 
         self.check_objectclass(ldap, dn, entry_attrs)
590d18 
+        self.obj.convert_usercertificate_pre(entry_attrs)
590d18
590d18 
     def post_common_callback(self, ldap, dn, entry_attrs, **options):
590d18 
         assert isinstance(dn, DN)
590d18 
@@ -554,6 +572,7 @@ class baseuser_mod(LDAPUpdate):
590d18 
         convert_nsaccountlock(entry_attrs)
590d18 
         self.obj.convert_manager(entry_attrs, **options)
590d18 
         self.obj.get_password_attributes(ldap, dn, entry_attrs)
590d18 
+        self.obj.convert_usercertificate_post(entry_attrs, **options)
590d18 
         convert_sshpubkey_post(ldap, dn, entry_attrs)
590d18 
         radius_dn2pk(self.api, entry_attrs)
590d18
590d18 
@@ -584,6 +603,7 @@ class baseuser_find(LDAPSearch):
590d18 
         for attrs in entries:
590d18 
             self.obj.convert_manager(attrs, **options)
590d18 
             self.obj.get_password_attributes(ldap, attrs.dn, attrs)
590d18 
+            self.obj.convert_usercertificate_post(attrs, **options)
590d18 
             if (lockout):
590d18 
                 attrs['nsaccountlock'] = True
590d18 
             else:
590d18 
@@ -598,5 +618,6 @@ class baseuser_show(LDAPRetrieve):
590d18 
         assert isinstance(dn, DN)
590d18 
         self.obj.convert_manager(entry_attrs, **options)
590d18 
         self.obj.get_password_attributes(ldap, dn, entry_attrs)
590d18 
+        self.obj.convert_usercertificate_post(entry_attrs, **options)
590d18 
         convert_sshpubkey_post(ldap, dn, entry_attrs)
590d18 
         radius_dn2pk(self.api, entry_attrs)
590d18 
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
590d18 
index 0209b29b130f2377c04f497f95c8ad39e98f2587..859939205f903fa4832524c8d2601141f3674bb5 100644
590d18 
--- a/ipalib/plugins/user.py
590d18 
+++ b/ipalib/plugins/user.py
590d18 
@@ -510,6 +510,8 @@ class user_add(baseuser_add):
590d18 
             answer = self.api.Object['radiusproxy'].get_dn_if_exists(rcl)
590d18 
             entry_attrs['ipatokenradiusconfiglink'] = answer
590d18
590d18 
+        self.pre_common_callback(ldap, dn, entry_attrs, **options)
590d18 
+
590d18 
         return dn
590d18
590d18 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
590d18 
@@ -557,6 +559,9 @@ class user_add(baseuser_add):
590d18 
         convert_sshpubkey_post(ldap, dn, entry_attrs)
590d18 
         radius_dn2pk(self.api, entry_attrs)
590d18 
         self.obj.get_preserved_attribute(entry_attrs, options)
590d18 
+
590d18 
+        self.post_common_callback(ldap, dn, entry_attrs, **options)
590d18 
+
590d18 
         return dn
590d18
590d18
590d18 
@@ -1034,18 +1039,14 @@ class user_add_cert(LDAPAddAttribute):
590d18 
                      **options):
590d18 
         assert isinstance(dn, DN)
590d18
590d18 
-        new_attr_name = '%s;binary' % self.attribute
590d18 
-        if self.attribute in entry_attrs:
590d18 
-            entry_attrs[new_attr_name] = entry_attrs.pop(self.attribute)
590d18 
+        self.obj.convert_usercertificate_pre(entry_attrs)
590d18
590d18 
         return dn
590d18
590d18 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
590d18 
         assert isinstance(dn, DN)
590d18
590d18 
-        old_attr_name = '%s;binary' % self.attribute
590d18 
-        if old_attr_name in entry_attrs:
590d18 
-            entry_attrs[self.attribute] = entry_attrs.pop(old_attr_name)
590d18 
+        self.obj.convert_usercertificate_post(entry_attrs, **options)
590d18
590d18 
         return dn
590d18
590d18 
@@ -1060,17 +1061,13 @@ class user_remove_cert(LDAPRemoveAttribute):
590d18 
                      **options):
590d18 
         assert isinstance(dn, DN)
590d18
590d18 
-        new_attr_name = '%s;binary' % self.attribute
590d18 
-        if self.attribute in entry_attrs:
590d18 
-            entry_attrs[new_attr_name] = entry_attrs.pop(self.attribute)
590d18 
+        self.obj.convert_usercertificate_pre(entry_attrs)
590d18
590d18 
         return dn
590d18
590d18 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
590d18 
         assert isinstance(dn, DN)
590d18
590d18 
-        old_attr_name = '%s;binary' % self.attribute
590d18 
-        if old_attr_name in entry_attrs:
590d18 
-            entry_attrs[self.attribute] = entry_attrs.pop(old_attr_name)
590d18 
+        self.obj.convert_usercertificate_post(entry_attrs, **options)
590d18
590d18 
         return dn
590d18 
--
590d18 
2.4.3
590d18

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation