|
|
403b09 |
From 808772d7426dae6924c62ca327116c3152729a8e Mon Sep 17 00:00:00 2001
|
|
|
403b09 |
From: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
403b09 |
Date: Fri, 1 Jul 2016 11:55:47 +0200
|
|
|
403b09 |
Subject: [PATCH] Fix incorrect check for principal type when evaluating CA
|
|
|
403b09 |
ACLs
|
|
|
403b09 |
|
|
|
403b09 |
This error prevented hosts to request certificates for themselves.
|
|
|
403b09 |
|
|
|
403b09 |
https://fedorahosted.org/freeipa/ticket/3864
|
|
|
403b09 |
|
|
|
403b09 |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
403b09 |
---
|
|
|
403b09 |
ipaserver/plugins/caacl.py | 4 +++-
|
|
|
403b09 |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
403b09 |
|
|
|
403b09 |
diff --git a/ipaserver/plugins/caacl.py b/ipaserver/plugins/caacl.py
|
|
|
403b09 |
index 3f813a7efb9e554abcb8dd2946eea73065c93414..9a60f7e27809c4f41b160647efafde94dbe90bf0 100644
|
|
|
403b09 |
--- a/ipaserver/plugins/caacl.py
|
|
|
403b09 |
+++ b/ipaserver/plugins/caacl.py
|
|
|
403b09 |
@@ -64,8 +64,10 @@ def _acl_make_request(principal_type, principal, ca_id, profile_id):
|
|
|
403b09 |
req = pyhbac.HbacRequest()
|
|
|
403b09 |
req.targethost.name = ca_id
|
|
|
403b09 |
req.service.name = profile_id
|
|
|
403b09 |
- if principal_type == 'user' or principal_type == 'host':
|
|
|
403b09 |
+ if principal_type == 'user':
|
|
|
403b09 |
req.user.name = principal.username
|
|
|
403b09 |
+ elif principal_type == 'host':
|
|
|
403b09 |
+ req.user.name = principal.hostname
|
|
|
403b09 |
elif principal_type == 'service':
|
|
|
403b09 |
req.user.name = unicode(principal)
|
|
|
403b09 |
groups = []
|
|
|
403b09 |
--
|
|
|
403b09 |
2.9.0
|
|
|
403b09 |
|