diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2016-06-23 18:54:49 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-07-01 09:37:25 +0200 |
| commit | c2af032c0333f7e210c54369159d1d9f5e3fec74 (patch) | |
| tree | 5aae121cbe6be08755e8b4c6484a316b99eb997e /ipaserver/plugins/host.py | |
| parent | 974eb7b5efd20ad2195b0ad578637ab31f4c1df4 (diff) | |
| download | freeipa-c2af032c0333f7e210c54369159d1d9f5e3fec74.tar.gz freeipa-c2af032c0333f7e210c54369159d1d9f5e3fec74.tar.xz freeipa-c2af032c0333f7e210c54369159d1d9f5e3fec74.zip | |
Migrate management framework plugins to use Principal parameter
All plugins will now use this parameter and common code for all operations on
Kerberos principals. Additional semantic validators and normalizers were
added to determine or append a correct realm so that the previous behavior is
kept intact.
https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/plugins/host.py')
| -rw-r--r-- | ipaserver/plugins/host.py | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index de0aca5ca..6210e8c16 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -25,6 +25,7 @@ import six from ipalib import api, errors, util from ipalib import messages from ipalib import Str, Flag, Bytes +from ipalib.parameters import Principal from ipalib.plugable import Registry from .baseldap import (LDAPQuery, LDAPObject, LDAPCreate, LDAPDelete, LDAPUpdate, LDAPSearch, @@ -32,7 +33,8 @@ from .baseldap import (LDAPQuery, LDAPObject, LDAPCreate, LDAPRemoveMember, host_is_master, pkey_to_value, add_missing_object_class, LDAPAddAttribute, LDAPRemoveAttribute) -from .service import (split_principal, validate_certificate, +from ipaserver.plugins.service import ( + validate_realm, normalize_principal, validate_certificate, set_certificate_attrs, ticket_flags_params, update_krbticketflags, set_kerberos_attrs, rename_ipaallowedtoperform_from_ldap, rename_ipaallowedtoperform_to_ldap, revoke_certs) @@ -56,6 +58,7 @@ from ipapython.ipautil import ipa_generate_password, CheckedIPAddress from ipapython.dnsutil import DNSName from ipapython.ssh import SSHPublicKey from ipapython.dn import DN +from ipapython import kerberos from functools import reduce if six.PY3: @@ -509,8 +512,11 @@ class host(LDAPObject): label=_('Revocation reason'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, ), - Str('krbprincipalname?', + Principal( + 'krbprincipalname?', + validate_realm, label=_('Principal name'), + normalizer=normalize_principal, flags=['no_create', 'no_update', 'no_search'], ), Str('macaddress*', @@ -758,8 +764,9 @@ class host_del(LDAPDelete): break else: for entry_attrs in services: - principal = entry_attrs['krbprincipalname'][0] - (service, hostname, realm) = split_principal(principal) + principal = kerberos.Principal( + entry_attrs['krbprincipalname'][0]) + hostname = principal.hostname if hostname.lower() == fqdn: api.Command['service_del'](principal) updatedns = options.get('updatedns', False) @@ -830,10 +837,13 @@ class host_mod(LDAPUpdate): member_attributes = ['managedby'] takes_options = LDAPUpdate.takes_options + ( - Str('krbprincipalname?', + Principal( + 'krbprincipalname?', + validate_realm, cli_name='principalname', label=_('Principal name'), doc=_('Kerberos principal name for this host'), + normalizer=normalize_principal, attribute=True, ), Flag('updatedns?', @@ -1155,8 +1165,9 @@ class host_disable(LDAPQuery): break else: for entry_attrs in services: - principal = entry_attrs['krbprincipalname'][0] - (service, hostname, realm) = split_principal(principal) + principal = kerberos.Principal( + entry_attrs['krbprincipalname'][0]) + hostname = principal.hostname if hostname.lower() == fqdn: try: api.Command['service_disable'](principal) |