diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-05-08 17:42:54 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-05-13 14:17:21 -0400 |
| commit | 5e3cdb96432d820fcfcb0f951f9670736c1e5c6c (patch) | |
| tree | 05e6d356ce82e316e997a500b44884a87adccfba /ipalib/plugins/service.py | |
| parent | 014f3ff1c63eeff6d6bc36cbdce7f082676d6925 (diff) | |
| download | freeipa-5e3cdb96432d820fcfcb0f951f9670736c1e5c6c.tar.gz freeipa-5e3cdb96432d820fcfcb0f951f9670736c1e5c6c.tar.xz freeipa-5e3cdb96432d820fcfcb0f951f9670736c1e5c6c.zip | |
Remove all services when a host is removed Revoke certificate (if any) when a service is removed
Diffstat (limited to 'ipalib/plugins/service.py')
| -rw-r--r-- | ipalib/plugins/service.py | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 5e8178d4b..15d7e62fb 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -26,39 +26,44 @@ from ipalib import api, crud, errors from ipalib import Object # Plugin base classes from ipalib import Str, Flag, Bytes # Parameter types import base64 +from OpenSSL import crypto default_attributes = ['krbprincipalname', 'usercertificate'] def validate_principal(ugettext, principal): + (service, hostname, principal) = split_principal(principal) + +def split_principal(principal): + service = hostname = realm = None + # Break down the principal into its component parts, which may or # may not include the realm. sp = principal.split('/') if len(sp) != 2: raise errors.MalformedServicePrincipal(reason="missing service") + service = sp[0] sr = sp[1].split('@') if len(sr) > 2: raise errors.MalformedServicePrincipal(reason="unable to determine realm") + hostname = sr[0].lower() + if len(sr) == 2: realm = sr[1].upper() # At some point we'll support multiple realms if (realm != api.env.realm): raise errors.RealmMismatch() + else: + realm = api.env.realm + + # Note that realm may be None. + return (service, hostname, realm) def normalize_principal(principal): # The principal is already validated when it gets here - sp = principal.split('/') - service = sp[0] - - sr = sp[1].split('@') - if len(sr) == 1: - hostname = sr[0].lower() - realm = api.env.realm - elif len(sr) == 2: - hostname = sr[0].lower() - realm = sr[1].upper() + (service, hostname, realm) = split_principal(principal) # Put the principal back together again principal = service + "/" + hostname + "@" + realm @@ -124,10 +129,9 @@ class service_add(crud.Add): except: pass - sp = principal.split('/') - service = sp[0] + (service, hostname, realm) = split_principal(principal) - if service.lower() == "host": + if service.lower() == "host" and not force: raise errors.HostService() """ @@ -176,6 +180,12 @@ class service_del(crud.Del): """ ldap = self.api.Backend.ldap dn = ldap.find_entry_dn("krbprincipalname", principal, object_type="ipaService") + entry = ldap.retrieve(dn) + if entry.has_key('usercertificate'): + cert = entry.get('usercertificate') + x509 = crypto.load_certificate(crypto.FILETYPE_ASN1, cert) + serial = str(x509.get_serial_number()) + api.Command['cert_revoke'](unicode(serial, ), **{'revocation_reason': 5}) return ldap.delete(dn) def output_to_cli(self, ret): |