summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Dennis <jdennis@redhat.com>2011-07-28 14:32:26 -0400
committerMartin Kosek <mkosek@redhat.com>2011-07-29 13:13:55 +0200
commit442973edc5bffc1e215c22327369f66df7aeec08 (patch)
tree54d4e87c13c107142c937ce81e1c614a5068f87f
parent44b3521fad01c860afd84d409af9b2bcb06e1207 (diff)
downloadfreeipa-442973edc5bffc1e215c22327369f66df7aeec08.tar.gz
freeipa-442973edc5bffc1e215c22327369f66df7aeec08.tar.xz
freeipa-442973edc5bffc1e215c22327369f66df7aeec08.zip
Clean up existing DN object usage
-rwxr-xr-xinstall/tools/ipa-server-install6
-rw-r--r--ipaserver/install/cainstance.py8
-rw-r--r--ipaserver/install/certs.py14
-rw-r--r--ipaserver/install/replication.py8
-rw-r--r--ipaserver/ipaldap.py7
5 files changed, 19 insertions, 24 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index f47741244..564d8a88a 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -89,9 +89,9 @@ def subject_callback(option, opt_str, value, parser):
v = unicode(value, 'utf-8')
try:
dn = DN(v)
- for x in xrange(len(dn)):
- if dn[x][0].attr.lower() not in VALID_SUBJECT_ATTRS:
- raise ValueError('invalid attribute: %s' % dn[x][0].attr.lower())
+ for rdn in dn:
+ if rdn.attr.lower() not in VALID_SUBJECT_ATTRS:
+ raise ValueError('invalid attribute: %s' % rdn.attr)
except ValueError, e:
raise ValueError('Invalid subject base format: %s' % str(e))
parser.values.subject = str(dn) # may as well normalize it
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 3561dc9e4..d62f232cc 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -933,7 +933,7 @@ class CAInstance(service.Service):
st = 1
en = 0
subid = 0
- normalized_base = str(DN(self.subject_base))
+ ca_dn = DN(('CN','Certificate Authority'), self.subject_base)
while st > 0:
st = certlist.find('-----BEGIN', en)
en = certlist.find('-----END', en+1)
@@ -942,11 +942,11 @@ class CAInstance(service.Service):
(chain_fd, chain_name) = tempfile.mkstemp()
os.write(chain_fd, certlist[st:en+25])
os.close(chain_fd)
- (rdn, subject) = certs.get_cert_nickname(certlist[st:en+25])
- if subject.lower() == ('CN=Certificate Authority,%s' % normalized_base).lower():
+ (rdn, subject_dn) = certs.get_cert_nickname(certlist[st:en+25])
+ if subject_dn == ca_dn:
nick = get_ca_nickname(self.realm)
else:
- nick = subject
+ nick = str(subject_dn)
self.__run_certutil(
['-A', '-t', 'CT,C,C', '-n', nick, '-a',
'-i', chain_name]
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 1bbcbabe6..738b329a6 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -89,13 +89,15 @@ def get_cert_nickname(cert):
for NSS. The caller can decide whether to use just the RDN
or the whole subject.
- Returns a tuple of (rdn, subject)
+ Returns a tuple of (rdn, subject_dn) when rdn is the string
+ representation of the first RDN in the subject and subject_dn
+ is a DN object.
"""
nsscert = x509.load_certificate(cert)
subject = str(nsscert.subject)
dn = DN(subject)
- return (str(dn[0]), str(dn))
+ return (str(dn[0]), dn)
def next_serial(serial_file=CA_SERIALNO):
"""
@@ -430,16 +432,16 @@ class CertDB(object):
certs = fd.read()
fd.close()
- normalized_base = str(DN(self.subject_base))
+ ca_dn = DN(('CN','Certificate Authority'), self.subject_base)
st = 0
while True:
try:
(cert, st) = find_cert_from_txt(certs, st)
- (nick, subject) = get_cert_nickname(cert)
- if subject.lower() == ('CN=Certificate Authority,%s' % normalized_base).lower():
+ (rdn, subject_dn) = get_cert_nickname(cert)
+ if subject_dn == ca_dn:
nick = get_ca_nickname(self.realm)
else:
- nick = subject
+ nick = str(subject_dn)
self.run_certutil(["-A", "-n", nick,
"-t", "CT,,C",
"-a"],
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 7186a18e8..fbf9c95b5 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -121,7 +121,7 @@ class ReplicationManager(object):
self.realm = realm
self.starttls = starttls
tmp = util.realm_to_suffix(realm)
- self.suffix = ipaldap.IPAdmin.normalizeDN(tmp)
+ self.suffix = str(DN(tmp)).lower()
# If we are passed a password we'll use it as the DM password
# otherwise we'll do a GSSAPI bind.
@@ -162,7 +162,7 @@ class ReplicationManager(object):
# Ok, either the entry doesn't exist or the attribute isn't set
# so get it from the other master
retval = -1
- dn = str(DN("cn=replication, cn=etc, %s" % self.suffix))
+ dn = str(DN(('cn','replication'),('cn','etc'), self.suffix))
try:
replica = master_conn.search_s(dn, ldap.SCOPE_BASE, "objectclass=*")[0]
if not replica.getValue('nsDS5ReplicaId'):
@@ -258,7 +258,7 @@ class ReplicationManager(object):
return "2"
def replica_dn(self):
- return str(DN('cn=replica, cn="%s", cn=mapping tree, cn=config' % self.suffix))
+ return str(DN(('cn','replica'),('cn',self.suffix),('cn','mapping tree'),('cn','config')))
def replica_config(self, conn, replica_id, replica_binddn):
dn = self.replica_dn()
@@ -754,7 +754,7 @@ class ReplicationManager(object):
logging.info("Agreement is ready, starting replication . . .")
# Add winsync replica to the public DIT
- dn = str(DN('cn=%s,cn=replicas,cn=ipa,cn=etc,%s' % (ad_dc_name, self.suffix)))
+ dn = str(DN(('cn',ad_dc_name),('cn','replicas'),('cn','ipa'),('cn','etc'), self.suffix))
entry = ipaldap.Entry(dn)
entry.setValues("objectclass", ["nsContainer", "ipaConfigObject"])
entry.setValues("cn", ad_dc_name)
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index 77f5b289a..4de09f1e5 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -709,13 +709,6 @@ class IPAdmin(SimpleLDAPObject):
obj = self.schema.get_obj(ldap.schema.AttributeType, attr)
return obj and obj.single_value
- def normalizeDN(dn):
- # not great, but will do until we use a newer version of python-ldap
- # that has DN utilities
- ary = ldap.explode_dn(dn.lower())
- return ",".join(ary)
- normalizeDN = staticmethod(normalizeDN)
-
def get_dns_sorted_by_length(self, entries, reverse=False):
"""
Sorts a list of entries [(dn, entry_attrs)] based on their DN.