diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2017-01-25 16:14:59 +1000 |
---|---|---|
committer | Tomas Krizek <tkrizek@redhat.com> | 2017-03-03 12:09:57 +0100 |
commit | 11c9df25774fbc8ed24b30f75c205d12ca3c5b90 (patch) | |
tree | a0e70104953426624679c1c546836fb013d5d14c | |
parent | 2066a80be21258d9311ae374fe124d9ac3b79acd (diff) | |
download | freeipa-11c9df25774fbc8ed24b30f75c205d12ca3c5b90.tar.gz freeipa-11c9df25774fbc8ed24b30f75c205d12ca3c5b90.tar.xz freeipa-11c9df25774fbc8ed24b30f75c205d12ca3c5b90.zip |
Extract method to map principal to princpal type
Part of: https://pagure.io/freeipa/issue/5011
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
-rw-r--r-- | ipaserver/plugins/cert.py | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 46518d9bd..b53caf493 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -558,29 +558,17 @@ class cert_request(Create, BaseCertMethod, VirtualCommand): principal = kw.get('principal') principal_string = unicode(principal) + principal_type = principal_to_principal_type(principal) - if principal.is_user: - principal_type = USER - elif principal.is_host: - principal_type = HOST - elif principal.service_name == 'krbtgt': - principal_type = KRBTGT + if principal_type == KRBTGT: if profile_id != self.Backend.ra.KDC_PROFILE: raise errors.ACIError( info=_("krbtgt certs can use only the %s profile") % ( self.Backend.ra.KDC_PROFILE)) - else: - principal_type = SERVICE bind_principal = kerberos.Principal(getattr(context, 'principal')) bind_principal_string = unicode(bind_principal) - - if bind_principal.is_user: - bind_principal_type = USER - elif bind_principal.is_host: - bind_principal_type = HOST - else: - bind_principal_type = SERVICE + bind_principal_type = principal_to_principal_type(bind_principal) if (bind_principal_string != principal_string and bind_principal_type != HOST): @@ -834,6 +822,17 @@ class cert_request(Create, BaseCertMethod, VirtualCommand): ) +def principal_to_principal_type(principal): + if principal.is_user: + return USER + elif principal.is_host: + return HOST + elif principal.service_name == 'krbtgt': + return KRBTGT + else: + return SERVICE + + def _dns_name_matches_principal(name, principal, principal_obj): """ Ensure that a DNS name matches the given principal. |