diff options
-rw-r--r-- | ipalib/plugins/host.py | 13 | ||||
-rw-r--r-- | ipalib/plugins/service.py | 36 |
2 files changed, 35 insertions, 14 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index a7a590b63..c136ccabd 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -140,7 +140,7 @@ class host_add(crud.Add): current = util.get_current_principal() if not current: - raise errors.NotFound('Unable to determine current user') + raise errors.NotFound(reason='Unable to determine current user') kw['enrolledby'] = ldap.find_entry_dn("krbPrincipalName", current, "posixAccount") # Get our configuration @@ -186,6 +186,17 @@ class host_del(crud.Del): """ ldap = self.api.Backend.ldap dn = get_host(hostname) + + # Remove all service records for this host + services=api.Command['service_find'](hostname, **{}) + + counter = services[0] + services = services[1:] + if counter > 0: + for s in services: + principal = s.get('krbprincipalname').decode('UTF-8') + api.Command['service_del'](principal, **{}) + return ldap.delete(dn) def output_for_cli(self, textui, result, *args, **options): """ diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 5e8178d4b..15d7e62fb 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -26,39 +26,44 @@ from ipalib import api, crud, errors from ipalib import Object # Plugin base classes from ipalib import Str, Flag, Bytes # Parameter types import base64 +from OpenSSL import crypto default_attributes = ['krbprincipalname', 'usercertificate'] def validate_principal(ugettext, principal): + (service, hostname, principal) = split_principal(principal) + +def split_principal(principal): + service = hostname = realm = None + # Break down the principal into its component parts, which may or # may not include the realm. sp = principal.split('/') if len(sp) != 2: raise errors.MalformedServicePrincipal(reason="missing service") + service = sp[0] sr = sp[1].split('@') if len(sr) > 2: raise errors.MalformedServicePrincipal(reason="unable to determine realm") + hostname = sr[0].lower() + if len(sr) == 2: realm = sr[1].upper() # At some point we'll support multiple realms if (realm != api.env.realm): raise errors.RealmMismatch() + else: + realm = api.env.realm + + # Note that realm may be None. + return (service, hostname, realm) def normalize_principal(principal): # The principal is already validated when it gets here - sp = principal.split('/') - service = sp[0] - - sr = sp[1].split('@') - if len(sr) == 1: - hostname = sr[0].lower() - realm = api.env.realm - elif len(sr) == 2: - hostname = sr[0].lower() - realm = sr[1].upper() + (service, hostname, realm) = split_principal(principal) # Put the principal back together again principal = service + "/" + hostname + "@" + realm @@ -124,10 +129,9 @@ class service_add(crud.Add): except: pass - sp = principal.split('/') - service = sp[0] + (service, hostname, realm) = split_principal(principal) - if service.lower() == "host": + if service.lower() == "host" and not force: raise errors.HostService() """ @@ -176,6 +180,12 @@ class service_del(crud.Del): """ ldap = self.api.Backend.ldap dn = ldap.find_entry_dn("krbprincipalname", principal, object_type="ipaService") + entry = ldap.retrieve(dn) + if entry.has_key('usercertificate'): + cert = entry.get('usercertificate') + x509 = crypto.load_certificate(crypto.FILETYPE_ASN1, cert) + serial = str(x509.get_serial_number()) + api.Command['cert_revoke'](unicode(serial, ), **{'revocation_reason': 5}) return ldap.delete(dn) def output_to_cli(self, ret): |