diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2016-06-29 14:54:54 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-07-01 09:37:25 +0200 |
commit | acf2234ebc8609a35a8f45598d5d817cbdbff121 (patch) | |
tree | 5549b77b1c0868fb8ef63df06070635318fcc444 | |
parent | e6ff83e3610d553f6ff98e3adbfbe3c6984b2f17 (diff) | |
download | freeipa-acf2234ebc8609a35a8f45598d5d817cbdbff121.tar.gz freeipa-acf2234ebc8609a35a8f45598d5d817cbdbff121.tar.xz freeipa-acf2234ebc8609a35a8f45598d5d817cbdbff121.zip |
Unify display of principal names/aliases across entities
Since now users, hosts, and service all support assigning multiple principal
aliases to them, the display of kerberos principal names should be consistent
across all these objects. Principal aliases and canonical names will now be
displayed in all add, mod, show, and find operations.
https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
-rw-r--r-- | VERSION | 4 | ||||
-rw-r--r-- | ipaserver/plugins/baseuser.py | 4 | ||||
-rw-r--r-- | ipaserver/plugins/host.py | 7 | ||||
-rw-r--r-- | ipaserver/plugins/service.py | 6 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_netgroup_plugin.py | 1 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_selinuxusermap_plugin.py | 1 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_service_plugin.py | 37 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_user_plugin.py | 2 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/tracker/host_plugin.py | 3 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/tracker/stageuser_plugin.py | 5 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/tracker/user_plugin.py | 4 |
11 files changed, 57 insertions, 17 deletions
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=208 -# Last change: mbabinsk: Provide API for management of host, service, and user principal aliases +IPA_API_VERSION_MINOR=209 +# Last change: mbabinsk: Unify display of principal names/aliases across entities diff --git a/ipaserver/plugins/baseuser.py b/ipaserver/plugins/baseuser.py index c80d5ac0d..0052e718a 100644 --- a/ipaserver/plugins/baseuser.py +++ b/ipaserver/plugins/baseuser.py @@ -149,9 +149,11 @@ class baseuser(LDAPObject): 'memberofindirect', 'ipauserauthtype', 'userclass', 'ipatokenradiusconfiglink', 'ipatokenradiususername', 'krbprincipalexpiration', 'usercertificate;binary', + 'krbprincipalname', 'krbcanonicalname' ] search_display_attributes = [ - 'uid', 'givenname', 'sn', 'homedirectory', 'loginshell', + 'uid', 'givenname', 'sn', 'homedirectory', 'krbcanonicalname', + 'krbprincipalname', 'loginshell', 'mail', 'telephonenumber', 'title', 'nsaccountlock', 'uidnumber', 'gidnumber', 'sshpubkeyfp', ] diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 1c1e934b9..2c5cf48cb 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -263,11 +263,12 @@ class host(LDAPObject): permission_filter_objectclasses = ['ipahost'] # object_class_config = 'ipahostobjectclasses' search_attributes = [ - 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', - 'nshardwareplatform', 'nsosversion', 'managedby', + 'fqdn', 'description', 'l', 'nshostlocation', 'krbcanonicalname', + 'krbprincipalname', 'nshardwareplatform', 'nsosversion', 'managedby', ] default_attributes = [ - 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', + 'fqdn', 'description', 'l', 'nshostlocation', 'krbcanonicalname', + 'krbprincipalname', 'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof', 'managedby', 'memberofindirect', 'macaddress', 'userclass', 'ipaallowedtoperform', 'ipaassignedidview', 'krbprincipalauthind' diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py index 417be0011..28ea364e9 100644 --- a/ipaserver/plugins/service.py +++ b/ipaserver/plugins/service.py @@ -361,8 +361,10 @@ class service(LDAPObject): possible_objectclasses = ['ipakrbprincipal', 'ipaallowedoperations'] permission_filter_objectclasses = ['ipaservice'] search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata'] - default_attributes = ['krbprincipalname', 'usercertificate', 'managedby', - 'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform', 'krbprincipalauthind'] + default_attributes = [ + 'krbprincipalname', 'krbcanonicalname', 'usercertificate', 'managedby', + 'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform', + 'krbprincipalauthind'] uuid_attribute = 'ipauniqueid' attribute_members = { 'managedby': ['host'], diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py index 6194fa4d4..b6f004ef2 100644 --- a/ipatests/test_xmlrpc/test_netgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py @@ -231,6 +231,7 @@ class test_netgroup(Declarative): description=[u'Test host 1'], l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (host1, api.env.realm)], + krbcanonicalname=[u'host/%s@%s' % (host1, api.env.realm)], objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[host1], diff --git a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py index 1acb38804..18fcebfdb 100644 --- a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py +++ b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py @@ -272,6 +272,7 @@ class test_selinuxusermap(Declarative): description=[u'Test host 1'], l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (host1, api.env.realm)], + krbcanonicalname=[u'host/%s@%s' % (host1, api.env.realm)], objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[host1], diff --git a/ipatests/test_xmlrpc/test_service_plugin.py b/ipatests/test_xmlrpc/test_service_plugin.py index 69af06873..54ae55963 100644 --- a/ipatests/test_xmlrpc/test_service_plugin.py +++ b/ipatests/test_xmlrpc/test_service_plugin.py @@ -114,6 +114,7 @@ class test_service(Declarative): description=[u'Test host 1'], l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], + krbcanonicalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn1], @@ -142,6 +143,7 @@ class test_service(Declarative): description=[u'Test host 2'], l=[u'Undisclosed location 2'], krbprincipalname=[u'host/%s@%s' % (fqdn2, api.env.realm)], + krbcanonicalname=[u'host/%s@%s' % (fqdn2, api.env.realm)], objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn2], @@ -170,6 +172,8 @@ class test_service(Declarative): description=[u'Test host 3'], l=[u'Undisclosed location 3'], krbprincipalname=[u'host/%s@%s' % (fqdn3.lower(), api.env.realm)], + krbcanonicalname=[u'host/%s@%s' % ( + fqdn3.lower(), api.env.realm)], objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn3.lower()], @@ -223,6 +227,7 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], + krbcanonicalname=[service1], has_keytab=False, managedby_host=[fqdn1], ), @@ -263,7 +268,7 @@ class test_service(Declarative): dict( dn=service1dn, krbprincipalname=[service1], - krbcanonicalname=service1, + krbcanonicalname=[service1], managedby_host=[fqdn1], has_keytab=False, ), @@ -283,7 +288,7 @@ class test_service(Declarative): dict( dn=service1dn, krbprincipalname=[service1], - krbcanonicalname=service1, + krbcanonicalname=[service1], has_keytab=False, ), ], @@ -325,6 +330,7 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -340,6 +346,7 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -355,6 +362,7 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1, fqdn2], ), ), @@ -370,6 +378,7 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -385,6 +394,7 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1, fqdn3.lower()], ), ), @@ -400,6 +410,7 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -428,6 +439,7 @@ class test_service(Declarative): result=dict( usercertificate=[base64.b64decode(servercert)], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], valid_not_before=fuzzy_date, valid_not_after=fuzzy_date, @@ -463,6 +475,7 @@ class test_service(Declarative): result=dict( usercertificate=[base64.b64decode(servercert)], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ipakrbauthzdata=[u'MS-PAC'], valid_not_before=fuzzy_date, @@ -488,6 +501,7 @@ class test_service(Declarative): dn=service1dn, usercertificate=[base64.b64decode(servercert)], krbprincipalname=[service1], + krbcanonicalname=[service1], has_keytab=False, managedby_host=[fqdn1], ipakrbauthzdata=[u'MS-PAC'], @@ -515,6 +529,7 @@ class test_service(Declarative): result=dict( usercertificate=[base64.b64decode(servercert)], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ipakrbauthzdata=[u'MS-PAC'], valid_not_before=fuzzy_date, @@ -542,6 +557,7 @@ class test_service(Declarative): result=dict( usercertificate=[base64.b64decode(servercert)], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ipakrbauthzdata=[u'MS-PAC'], valid_not_before=fuzzy_date, @@ -567,6 +583,7 @@ class test_service(Declarative): result=dict( usercertificate=[base64.b64decode(servercert)], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ipakrbauthzdata=[u'MS-PAC'], valid_not_before=fuzzy_date, @@ -623,7 +640,7 @@ class test_service(Declarative): desc='Create service with malformed principal "foo"', command=('service_add', [u'foo'], {}), expected=errors.ValidationError( - name='principal', + name='canonical_principal', error='Service principal is required') ), @@ -702,6 +719,7 @@ class test_service_in_role(Declarative): description=[u'Test host 1'], l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], + krbcanonicalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn1], @@ -776,6 +794,7 @@ class test_service_in_role(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], memberof_role=[role1], has_keytab=False, @@ -889,6 +908,7 @@ class test_service_allowed_to(Declarative): description=[u'Test host 1'], l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], + krbcanonicalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn1], @@ -952,6 +972,7 @@ class test_service_allowed_to(Declarative): dn=service1dn, ipaallowedtoperform_read_keys_user=[user1], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -975,6 +996,7 @@ class test_service_allowed_to(Declarative): dn=service1dn, ipaallowedtoperform_read_keys_user=[user1], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -1003,6 +1025,7 @@ class test_service_allowed_to(Declarative): ipaallowedtoperform_read_keys_host=[fqdn1], ipaallowedtoperform_read_keys_hostgroup=[hostgroup1], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -1029,6 +1052,7 @@ class test_service_allowed_to(Declarative): ipaallowedtoperform_read_keys_host=[fqdn1], ipaallowedtoperform_read_keys_hostgroup=[hostgroup1], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -1055,6 +1079,7 @@ class test_service_allowed_to(Declarative): ipaallowedtoperform_read_keys_host=[fqdn1], ipaallowedtoperform_read_keys_hostgroup=[hostgroup1], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -1087,6 +1112,7 @@ class test_service_allowed_to(Declarative): ipaallowedtoperform_write_keys_host=[fqdn1], ipaallowedtoperform_write_keys_hostgroup=[hostgroup1], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -1118,6 +1144,7 @@ class test_service_allowed_to(Declarative): ipaallowedtoperform_write_keys_host=[fqdn1], ipaallowedtoperform_write_keys_hostgroup=[hostgroup1], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -1148,6 +1175,7 @@ class test_service_allowed_to(Declarative): ipaallowedtoperform_write_keys_host=[fqdn1], ipaallowedtoperform_write_keys_hostgroup=[hostgroup1], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -1178,6 +1206,7 @@ class test_service_allowed_to(Declarative): ipaallowedtoperform_write_keys_host=[fqdn1], ipaallowedtoperform_write_keys_hostgroup=[hostgroup1], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -1201,6 +1230,7 @@ class test_service_allowed_to(Declarative): ipaallowedtoperform_write_keys_host=[fqdn1], ipaallowedtoperform_write_keys_hostgroup=[hostgroup1], krbprincipalname=[service1], + krbcanonicalname=[service1], managedby_host=[fqdn1], ), ), @@ -1225,6 +1255,7 @@ class test_service_allowed_to(Declarative): ipaallowedtoperform_write_keys_hostgroup=[hostgroup1], ipakrbokasdelegate=True, krbprincipalname=[service1], + krbcanonicalname=[service1], krbticketflags=[u'1048704'], managedby_host=[fqdn1], ), diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py index 8245dc7f0..def522814 100644 --- a/ipatests/test_xmlrpc/test_user_plugin.py +++ b/ipatests/test_xmlrpc/test_user_plugin.py @@ -955,6 +955,8 @@ def get_user_result(uid, givenname, sn, operation='show', omit=[], uid=[uid], uidnumber=[fuzzy_digits], gidnumber=[fuzzy_digits], + krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)], + krbprincipalname=[u'%s@%s' % (uid, api.env.realm)], mail=[u'%s@%s' % (uid, api.env.domain)], has_keytab=False, has_password=False, diff --git a/ipatests/test_xmlrpc/tracker/host_plugin.py b/ipatests/test_xmlrpc/tracker/host_plugin.py index 21088f22c..03113b8fe 100644 --- a/ipatests/test_xmlrpc/tracker/host_plugin.py +++ b/ipatests/test_xmlrpc/tracker/host_plugin.py @@ -22,7 +22,8 @@ class HostTracker(Tracker): ``fqdn`` and ``dn``. """ retrieve_keys = { - 'dn', 'fqdn', 'description', 'l', 'krbprincipalname', 'managedby_host', + 'dn', 'fqdn', 'description', 'l', 'krbcanonicalname', + 'krbprincipalname', 'managedby_host', 'has_keytab', 'has_password', 'issuer', 'md5_fingerprint', 'serial_number', 'serial_number_hex', 'sha1_fingerprint', 'subject', 'usercertificate', 'valid_not_after', 'valid_not_before', diff --git a/ipatests/test_xmlrpc/tracker/stageuser_plugin.py b/ipatests/test_xmlrpc/tracker/stageuser_plugin.py index c741e3eb4..9bcb1069f 100644 --- a/ipatests/test_xmlrpc/tracker/stageuser_plugin.py +++ b/ipatests/test_xmlrpc/tracker/stageuser_plugin.py @@ -44,11 +44,10 @@ class StageUserTracker(Tracker): u'usercertificate', u'dn', u'has_keytab', u'has_password', u'street', u'postalcode', u'facsimiletelephonenumber', u'carlicense', u'ipasshpubkey', u'sshpubkeyfp', u'l', - u'st', u'mobile', u'pager', } + u'st', u'mobile', u'pager', u'krbcanonicalname', u'krbprincipalname'} retrieve_all_keys = retrieve_keys | { u'cn', u'ipauniqueid', u'objectclass', u'description', - u'displayname', u'gecos', u'initials', u'krbcanonicalname', - u'krbprincipalname', u'manager'} + u'displayname', u'gecos', u'initials', u'manager'} create_keys = retrieve_all_keys | { u'objectclass', u'ipauniqueid', u'randompassword', diff --git a/ipatests/test_xmlrpc/tracker/user_plugin.py b/ipatests/test_xmlrpc/tracker/user_plugin.py index 3585e7585..1a85e9332 100644 --- a/ipatests/test_xmlrpc/tracker/user_plugin.py +++ b/ipatests/test_xmlrpc/tracker/user_plugin.py @@ -28,6 +28,7 @@ class UserTracker(Tracker): u'ipatokenradiusconfiglink', u'ipatokenradiususername', u'krbprincipalexpiration', u'usercertificate;binary', u'has_keytab', u'has_password', u'memberof_group', u'sshpubkeyfp', + u'krbcanonicalname', 'krbprincipalname' } retrieve_all_keys = retrieve_keys | { @@ -36,8 +37,7 @@ class UserTracker(Tracker): u'l', u'mobile', u'krbextradata', u'krblastpwdchange', u'krbpasswordexpiration', u'pager', u'st', u'manager', u'cn', u'ipauniqueid', u'objectclass', u'mepmanagedentry', - u'displayname', u'gecos', u'initials', u'krbcanonicalname', - 'krbprincipalname', u'preserved'} + u'displayname', u'gecos', u'initials', u'preserved'} retrieve_preserved_keys = (retrieve_keys - {u'memberof_group'}) | { u'preserved'} |