From e7aa0b6c5e4eb472d09744e4c8c1ed916c5ca1ac Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 20 May 2008 10:17:20 -0400 Subject: Ensure hostnames are lower during installation and when adding service princs 447381 --- ipa-server/ipa-install/ipa-server-install | 4 ++++ ipa-server/xmlrpc-server/funcs.py | 40 ++++++++++++++++++++----------- 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index 916527c9..7bbd1515 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -393,11 +393,15 @@ def main(): else: host_name = read_host_name(host_default) + host_name = host_name.lower() + if not options.domain_name: domain_name = read_domain_name(host_name[host_name.find(".")+1:], options.unattended) else: domain_name = options.domain_name + domain_name = domain_name.lower() + # Check we have a public IP that is associated with the hostname ip = resolve_host(host_name) if not ip: diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 435c9afd..3b197a73 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1951,32 +1951,43 @@ class IPAServer: f = 1 logging.debug("IPA: add service principal %s (%d)" % (name, f)) - p = name.split('/') - if len(p) != 2: + # Break down the principal into its component parts, which may or + # may not include the realm. + sp = name.split('/') + if len(sp) != 2: + raise ipaerror.gen_exception(ipaerror.INPUT_MALFORMED_SERVICE_PRINCIPAL) + service = sp[0] + + sr = sp[1].split('@') + if len(sr) == 1: + hostname = sr[0].lower() + realm = self.realm + elif len(sr) == 2: + hostname = sr[0].lower() + realm = sr[1] + else: raise ipaerror.gen_exception(ipaerror.INPUT_MALFORMED_SERVICE_PRINCIPAL) if not f: - fqdn = p[1] + "." + fqdn = hostname + "." rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, dnsclient.DNS_T_A) if len(rs) == 0: - logging.debug("IPA: DNS A record lookup failed for %s" % name) + logging.debug("IPA: DNS A record lookup failed for %s" % hostname) raise ipaerror.gen_exception(ipaerror.INPUT_NOT_DNS_A_RECORD) else: - logging.debug("IPA: found %d records for %s" % (len(rs), name)) + logging.debug("IPA: found %d records for %s" % (len(rs), hostname)) service_container = DefaultServiceContainer - # Don't let the user set the realm - if name.find('@') > 0: - r = name[name.find('@')+1:] - if (r != self.realm): - raise ipaerror.gen_exception(ipaerror.INPUT_REALM_MISMATCH) - princ_name = name - else: - princ_name = name + "@" + self.realm + # At some point we'll support multiple realms + if (realm != self.realm): + raise ipaerror.gen_exception(ipaerror.INPUT_REALM_MISMATCH) + + # Put the principal back together again + princ_name = service + "/" + hostname + "@" + realm conn = self.getConnection(opts) - if not self.__is_service_unique(name, opts): + if not self.__is_service_unique(princ_name, opts): raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE) dn = "krbprincipalname=%s,%s,%s" % (ldap.dn.escape_dn_chars(princ_name), @@ -2037,6 +2048,7 @@ class IPAServer: search_fields = ["krbprincipalname"] criteria = self.__safe_filter(criteria) + criteria = criteria.lower() criteria_words = re.split(r'\s+', criteria) criteria_words = filter(lambda value:value!="", criteria_words) if len(criteria_words) == 0: -- cgit