diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2008-05-20 10:17:20 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2008-05-20 15:07:24 -0400 |
| commit | fcd3260955f38bda970b6cba16b72b576d727b63 (patch) | |
| tree | 9b38ab3849eca20c8ecafd98ca6e1d8c937c3916 | |
| parent | fe2f69718f51b932aa0faf7f7d72569bd05b12a1 (diff) | |
| download | freeipa-fcd3260955f38bda970b6cba16b72b576d727b63.tar.gz freeipa-fcd3260955f38bda970b6cba16b72b576d727b63.tar.xz freeipa-fcd3260955f38bda970b6cba16b72b576d727b63.zip | |
Ensure hostnames are lower during installation and when adding service princs
447381
| -rw-r--r-- | ipa-server/ipa-install/ipa-server-install | 4 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 40 |
2 files changed, 30 insertions, 14 deletions
diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index 916527c9e..7bbd1515f 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -393,11 +393,15 @@ def main(): else: host_name = read_host_name(host_default) + host_name = host_name.lower() + if not options.domain_name: domain_name = read_domain_name(host_name[host_name.find(".")+1:], options.unattended) else: domain_name = options.domain_name + domain_name = domain_name.lower() + # Check we have a public IP that is associated with the hostname ip = resolve_host(host_name) if not ip: diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 435c9afdb..3b197a73d 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1951,32 +1951,43 @@ class IPAServer: f = 1 logging.debug("IPA: add service principal %s (%d)" % (name, f)) - p = name.split('/') - if len(p) != 2: + # Break down the principal into its component parts, which may or + # may not include the realm. + sp = name.split('/') + if len(sp) != 2: + raise ipaerror.gen_exception(ipaerror.INPUT_MALFORMED_SERVICE_PRINCIPAL) + service = sp[0] + + sr = sp[1].split('@') + if len(sr) == 1: + hostname = sr[0].lower() + realm = self.realm + elif len(sr) == 2: + hostname = sr[0].lower() + realm = sr[1] + else: raise ipaerror.gen_exception(ipaerror.INPUT_MALFORMED_SERVICE_PRINCIPAL) if not f: - fqdn = p[1] + "." + fqdn = hostname + "." rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, dnsclient.DNS_T_A) if len(rs) == 0: - logging.debug("IPA: DNS A record lookup failed for %s" % name) + logging.debug("IPA: DNS A record lookup failed for %s" % hostname) raise ipaerror.gen_exception(ipaerror.INPUT_NOT_DNS_A_RECORD) else: - logging.debug("IPA: found %d records for %s" % (len(rs), name)) + logging.debug("IPA: found %d records for %s" % (len(rs), hostname)) service_container = DefaultServiceContainer - # Don't let the user set the realm - if name.find('@') > 0: - r = name[name.find('@')+1:] - if (r != self.realm): - raise ipaerror.gen_exception(ipaerror.INPUT_REALM_MISMATCH) - princ_name = name - else: - princ_name = name + "@" + self.realm + # At some point we'll support multiple realms + if (realm != self.realm): + raise ipaerror.gen_exception(ipaerror.INPUT_REALM_MISMATCH) + + # Put the principal back together again + princ_name = service + "/" + hostname + "@" + realm conn = self.getConnection(opts) - if not self.__is_service_unique(name, opts): + if not self.__is_service_unique(princ_name, opts): raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE) dn = "krbprincipalname=%s,%s,%s" % (ldap.dn.escape_dn_chars(princ_name), @@ -2037,6 +2048,7 @@ class IPAServer: search_fields = ["krbprincipalname"] criteria = self.__safe_filter(criteria) + criteria = criteria.lower() criteria_words = re.split(r'\s+', criteria) criteria_words = filter(lambda value:value!="", criteria_words) if len(criteria_words) == 0: |