|
 |
dc4945 |
From 7e4bcabb38991c155b4e6194777e4fcb642b0600 Mon Sep 17 00:00:00 2001
|
|
|
dc4945 |
From: Christian Heimes <cheimes@redhat.com>
|
|
|
dc4945 |
Date: Mon, 4 May 2020 16:13:22 +0200
|
|
|
dc4945 |
Subject: [PATCH] Make check_required_principal() case-insensitive
|
|
|
dc4945 |
|
|
|
dc4945 |
service-del deletes services by DN and LDAP DNs are compared
|
|
|
dc4945 |
case-insensitive. Make check_required_principal() compare the
|
|
|
dc4945 |
service name case insensitive.
|
|
|
dc4945 |
|
|
|
dc4945 |
Fixes: https://pagure.io/freeipa/issue/8308
|
|
|
dc4945 |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
|
dc4945 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
dc4945 |
---
|
|
|
dc4945 |
ipaserver/plugins/service.py | 4 ++--
|
|
|
dc4945 |
ipatests/test_xmlrpc/test_service_plugin.py | 23 +++++++++++++++++++++
|
|
|
dc4945 |
2 files changed, 25 insertions(+), 2 deletions(-)
|
|
|
dc4945 |
|
|
|
dc4945 |
diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py
|
|
|
dc4945 |
index d176adddff8d2590d64ba4059018606ff1eb8d48..a096603552ffb0d0621a7d0f79d907d862e3888f 100644
|
|
|
dc4945 |
--- a/ipaserver/plugins/service.py
|
|
|
dc4945 |
+++ b/ipaserver/plugins/service.py
|
|
|
dc4945 |
@@ -282,8 +282,8 @@ def check_required_principal(ldap, principal):
|
|
|
dc4945 |
try:
|
|
|
dc4945 |
host_is_master(ldap, principal.hostname)
|
|
|
dc4945 |
except errors.ValidationError:
|
|
|
dc4945 |
- service_types = ['HTTP', 'ldap', 'DNS', 'dogtagldap']
|
|
|
dc4945 |
- if principal.service_name in service_types:
|
|
|
dc4945 |
+ service_types = {'http', 'ldap', 'dns', 'dogtagldap'}
|
|
|
dc4945 |
+ if principal.service_name.lower() in service_types:
|
|
|
dc4945 |
raise errors.ValidationError(name='principal', error=_('This principal is required by the IPA master'))
|
|
|
dc4945 |
|
|
|
dc4945 |
def update_krbticketflags(ldap, entry_attrs, attrs_list, options, existing):
|
|
|
dc4945 |
diff --git a/ipatests/test_xmlrpc/test_service_plugin.py b/ipatests/test_xmlrpc/test_service_plugin.py
|
|
|
dc4945 |
index 3d50dfec4532f2e0590e5a05ca9db7d731cbd31e..7c8132cf8ccad3c9feebb58705320285a603fb77 100644
|
|
|
dc4945 |
--- a/ipatests/test_xmlrpc/test_service_plugin.py
|
|
|
dc4945 |
+++ b/ipatests/test_xmlrpc/test_service_plugin.py
|
|
|
dc4945 |
@@ -791,6 +791,18 @@ class test_service(Declarative):
|
|
|
dc4945 |
expected=errors.ValidationError(name='principal', error='This principal is required by the IPA master'),
|
|
|
dc4945 |
),
|
|
|
dc4945 |
|
|
|
dc4945 |
+ # DN is case insensitive, see https://pagure.io/freeipa/issue/8308
|
|
|
dc4945 |
+ dict(
|
|
|
dc4945 |
+ desc=(
|
|
|
dc4945 |
+ 'Delete the current host (master?) %s HTTP service, should '
|
|
|
dc4945 |
+ 'be caught'
|
|
|
dc4945 |
+ ) % api.env.host,
|
|
|
dc4945 |
+ command=('service_del', ['http/%s' % api.env.host], {}),
|
|
|
dc4945 |
+ expected=errors.ValidationError(
|
|
|
dc4945 |
+ name='principal',
|
|
|
dc4945 |
+ error='This principal is required by the IPA master'
|
|
|
dc4945 |
+ ),
|
|
|
dc4945 |
+ ),
|
|
|
dc4945 |
|
|
|
dc4945 |
dict(
|
|
|
dc4945 |
desc='Delete the current host (master?) %s ldap service, should be caught' % api.env.host,
|
|
|
dc4945 |
@@ -805,6 +817,17 @@ class test_service(Declarative):
|
|
|
dc4945 |
expected=errors.ValidationError(name='principal', error='This principal is required by the IPA master'),
|
|
|
dc4945 |
),
|
|
|
dc4945 |
|
|
|
dc4945 |
+ dict(
|
|
|
dc4945 |
+ desc=(
|
|
|
dc4945 |
+ 'Disable the current host (master?) %s HTTP service, should '
|
|
|
dc4945 |
+ 'be caught'
|
|
|
dc4945 |
+ ) % api.env.host,
|
|
|
dc4945 |
+ command=('service_disable', ['http/%s' % api.env.host], {}),
|
|
|
dc4945 |
+ expected=errors.ValidationError(
|
|
|
dc4945 |
+ name='principal',
|
|
|
dc4945 |
+ error='This principal is required by the IPA master'
|
|
|
dc4945 |
+ ),
|
|
|
dc4945 |
+ ),
|
|
|
dc4945 |
|
|
|
dc4945 |
dict(
|
|
|
dc4945 |
desc='Disable the current host (master?) %s ldap service, should be caught' % api.env.host,
|
|
|
dc4945 |
--
|
|
|
dc4945 |
2.25.4
|
|
|
dc4945 |
|