Bug 1829787

Summary: ipa service-del deletes the required principal when specified in lower/upper case
Product: Red Hat Enterprise Linux 7 Reporter: Mohammad Rizwan <myusuf>
Component: ipaAssignee: Florence Blanc-Renaud <frenaud>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.9CC: cheimes, rcritten, ssidhaye, tscherf
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.6.8-3.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-29 19:59:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1822123    
Attachments:
Description Flags
report.html none

Description Mohammad Rizwan 2020-04-30 11:22:35 UTC 
Description of problem:
ipa service-del deletes the required principal when specified in lower/upper case

Version-Release number of selected component (if applicable):
ipa-server-4.6.8-1.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Install ipa server
2. try to delete services: HTTP, DNS, ldap
3. try to delete services: http, dns, LDAP

Actual results:
Step 2 throws error
Step 3 deletes services

Expected results:
Step 3 should not delete services.


[root@master79 ~]# ipa service-find
------------------
5 services matched
------------------
  Principal name: DNS/master79.testrelm.test
  Principal alias: DNS/master79.testrelm.test
  Keytab: True

  Principal name: HTTP/master79.testrelm.test
  Principal alias: HTTP/master79.testrelm.test
  Certificate: MIIExzCCA6+gAwIBAgIBCTANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1URVNUUkVMTS5URVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAwNDMwMDk1MDA1WhcNMjIwNTAxMDk1MDA1WjA5MRYwFAYDVQQKDA1URVNUUkVMTS5URVNUMR8wHQYDVQQDDBZtYXN0ZXI3OS50ZXN0cmVsbS50ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4Ert8I/HSLcXBYwFt1D9KjSkWdGeM9GwjrTFW4UE5z2yoKJRjZWalfWDs21Qbk2bY8lURNUWnrwxOXzNhmHGERHKehlvDzV/wI+U8uHwR+vV/r6EXdfZ1/4KTcYdW44Sglsc4Q4nYrLoZ2sUVTKYN6hFFCoHH+XmOHBNQZ5+itV9RAanSjTm1O2ejXAS9ytSB9d6xMZ/aOsM/Chrkyb8vzNd2nnFeyJg3mMZIW8v7AhU990rUz0XQmJEneaD8R4YdF6zGWWVFzVNOf/baClhP0SyGBK4GBFLlm1AwXc1/sLiGs6w/eA3n8u2ezRX1p+Ts8lFU4mKIwlNqGUYkG2xwIDAQABo4IB2TCCAdUwHwYDVR0jBBgwFoAU0YYMtZwKxPDhk2Ero9aKR1DAke4wPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vaXBhLWNhLnRlc3RyZWxtLnRlc3QvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHgGA1UdHwRxMG8wbaA1oDOGMWh0dHA6Ly9pcGEtY2EudGVzdHJlbG0udGVzdC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFJIYwsrZ1wjX1+QSXRdmOQ0jlshDMIGoBgNVHREEgaAwgZ2CFm1hc3Rlcjc5LnRlc3RyZWxtLnRlc3SgOQYKKwYBBAGCNxQCA6ArDClIVFRQL21hc3Rlcjc5LnRlc3RyZWxtLnRlc3RAVEVTVFJFTE0uVEVTVKBIBgYrBgEFAgKgPjA8oA8bDVRFU1RSRUxNLlRFU1ShKTAnoAMCAQGhIDAeGwRIVFRQGxZtYXN0ZXI3OS50ZXN0cmVsbS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQBTesoKbTxPF5GJQRXMAa36zlEUWmWoAjvOoWJhsnGfRCMpVX7z/mRRv0k/q2IN6pmA5Wk5+MHA4gZ2kRA0rGI1HPXuAO6y9runkPLPgKUxnXqrDEhJt/yu0nLabjTtQYaVuytiChfYs63nVinYS6wlkRwL8KYtrLu/3tEMhaDuSjY+iYr3rm9XekbEkx/3emo5YxKjUZfoG71qFLC8RYzIldltmV0N8sTVURv1u0SqEwSi2WBh30ArsBTs/5Al1gm+GSZRy7chZM8D8sjCfkOhPO58dUxfX0hihvocSCmo774lztDCiGXyEVL6rJtGhwDjDtNBsvKIpdndENRGVvhQ
  Subject: CN=master79.testrelm.test,O=TESTRELM.TEST
  Serial Number: 9
  Serial Number (hex): 0x9
  Issuer: CN=Certificate Authority,O=TESTRELM.TEST
  Not Before: Thu Apr 30 09:50:05 2020 UTC
  Not After: Sun May 01 09:50:05 2022 UTC
  Fingerprint (SHA1): 92:89:b1:30:52:c1:b2:88:ce:49:36:35:06:98:8b:81:dd:9a:48:8e
  Fingerprint (SHA256): 19:44:61:ff:62:3b:63:49:77:cc:a4:f7:f7:de:9a:fc:07:c3:fc:d7:0d:0b:8c:14:1f:5d:b4:37:f5:35:e2:20
  Keytab: True

  Principal name: dogtag/master79.testrelm.test
  Principal alias: dogtag/master79.testrelm.test
  Keytab: True

  Principal name: ipa-dnskeysyncd/master79.testrelm.test
  Principal alias: ipa-dnskeysyncd/master79.testrelm.test
  Keytab: True

  Principal name: ldap/master79.testrelm.test
  Principal alias: ldap/master79.testrelm.test
  Certificate: MIIExzCCA6+gAwIBAgIBCDANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1URVNUUkVMTS5URVNUMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAwNDMwMDk0OTMzWhcNMjIwNTAxMDk0OTMzWjA5MRYwFAYDVQQKDA1URVNUUkVMTS5URVNUMR8wHQYDVQQDDBZtYXN0ZXI3OS50ZXN0cmVsbS50ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlQaZF2wQvCb9vH/ssXYLhAu2x6/9e1hpJNweghfpjT/3yYMwPFv1Kjn67qd3LDqkVAymWPoRAv3aSIc4EneDvnCg+QLnlUsVuMgkCLqNmFgR9YjTJgLBgp2HvyBUTKXmK5yPnZdfg/yWPy5mKhRWRw1Jyf+UiEAGoHRZ3Z8jllQOvN/INaAZCqHOvFdqi7cbuBMMTUjhqoOHK7kLtUphL/5nNvo7oO/iW/JyS71+4f7aHcqvF/qE3eOxR2Qc1Rqu8n9j29bDJN9YreQ1ANtI2QKjAomaW9XykJ1ihY5G2VxP3pRMVsrnRX8hnVIxyMMDFuvYqSE6IU7Ty/6JFdc2QIDAQABo4IB2TCCAdUwHwYDVR0jBBgwFoAU0YYMtZwKxPDhk2Ero9aKR1DAke4wPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vaXBhLWNhLnRlc3RyZWxtLnRlc3QvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHgGA1UdHwRxMG8wbaA1oDOGMWh0dHA6Ly9pcGEtY2EudGVzdHJlbG0udGVzdC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFPhzEyOlqGvZdAEI7pM7iqgYBmDxMIGoBgNVHREEgaAwgZ2CFm1hc3Rlcjc5LnRlc3RyZWxtLnRlc3SgOQYKKwYBBAGCNxQCA6ArDClsZGFwL21hc3Rlcjc5LnRlc3RyZWxtLnRlc3RAVEVTVFJFTE0uVEVTVKBIBgYrBgEFAgKgPjA8oA8bDVRFU1RSRUxNLlRFU1ShKTAnoAMCAQGhIDAeGwRsZGFwGxZtYXN0ZXI3OS50ZXN0cmVsbS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQCDAumdt5bkTNGawYKLPHE12ni4pNmiNzOgAeUGaIcwP7n5dm7uJbIWq5XyxQQ0g1xT1KMDdGekvhZB2Jquz/gbsq7PObJCwmC/MQIRyNVqtt5tYZnltpHYjINfghnbm1ob0So2+CgDtBG/rdy9pNKydaZgAG0CE5b0HGi47ln4TFZUL9XV9hgezWtix65Sw8QS+0L8U7YQMtzSVJUO5hVBzWtvUL4aCezCY8FR1J5hba5yO1TVtzwohVqXeWvnnHZqa/XC1/EK77UOuXanI0kW8UeAyjpz3GnD7KKlfCApFl/oEAhDsHqgif8CePlFibC2HacD+Uv2J0AmCBjqaHzC
  Subject: CN=master79.testrelm.test,O=TESTRELM.TEST
  Serial Number: 8
  Serial Number (hex): 0x8
  Issuer: CN=Certificate Authority,O=TESTRELM.TEST
  Not Before: Thu Apr 30 09:49:33 2020 UTC
  Not After: Sun May 01 09:49:33 2022 UTC
  Fingerprint (SHA1): 60:a4:59:95:c8:02:6f:15:9f:a1:07:04:3f:34:85:8b:fb:c9:1e:eb
  Fingerprint (SHA256): fd:1d:8c:47:bb:3d:d5:4b:2a:c5:17:2e:b3:e8:ec:12:23:87:25:f3:9f:ba:ea:33:de:a4:69:4d:c7:6d:2c:eb
  Keytab: True
----------------------------
Number of entries returned 5
----------------------------
[root@master79 ~]# ipa service-del HTTP/master79.testrelm.test
ipa: ERROR: invalid 'principal': This principal is required by the IPA master
[root@master79 ~]# 
[root@master79 ~]# 
[root@master79 ~]# ipa service-del DNS/master79.testrelm.test
ipa: ERROR: invalid 'principal': This principal is required by the IPA master
[root@master79 ~]# 
[root@master79 ~]# ipa service-del ldap/master79.testrelm.test
ipa: ERROR: invalid 'principal': This principal is required by the IPA master
[root@master79 ~]# 
[root@master79 ~]# 
[root@master79 ~]# ipa service-del http/master79.testrelm.test
-----------------------------------------------------------
Deleted service "http/master79.testrelm.test"
-----------------------------------------------------------
[root@master79 ~]# 
[root@master79 ~]# ipa service-del dns/master79.testrelm.test
----------------------------------------------------------
Deleted service "dns/master79.testrelm.test"
----------------------------------------------------------
[root@master79 ~]# 
[root@master79 ~]# ipa service-del LDAP/master79.testrelm.test
-----------------------------------------------------------
Deleted service "LDAP/master79.testrelm.test"
-----------------------------------------------------------
[root@master79 ~]# 
[root@master79 ~]# ipa service-find
------------------
2 services matched
------------------
  Principal name: dogtag/master79.testrelm.test
  Principal alias: dogtag/master79.testrelm.test
  Keytab: True

  Principal name: ipa-dnskeysyncd/master79.testrelm.test
  Principal alias: ipa-dnskeysyncd/master79.testrelm.test
  Keytab: True
----------------------------
Number of entries returned 2
----------------------------


Same behavior observed on RHEL8.2 ipa-server-4.8.4-7.module+el8.2.0+6046+aaa49f96.x86_64
Comment 3 Mohammad Rizwan 2020-05-04 10:37:22 UTC 
upstream ticket:

https://pagure.io/freeipa/issue/8308
Comment 4 Florence Blanc-Renaud 2020-05-05 08:44:55 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/8308
Comment 5 Christian Heimes 2020-05-05 09:48:52 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/fefd1153d5e7bed9627a3b89de8d6a86f7a0bdfb
Comment 6 Christian Heimes 2020-05-05 10:26:26 UTC 
Fixed upstream
ipa-4-8:
https://pagure.io/freeipa/c/b590a674e7134333b14eeeef5bda077e7e831a62
ipa-4-6:
https://pagure.io/freeipa/c/c78ac69a127bb3bcf119e832b81aea1b59d9f14c
Comment 9 Mohammad Rizwan 2020-05-18 09:36:07 UTC 
Created attachment 1689565 [details]
report.html
Comment 10 Mohammad Rizwan 2020-05-18 09:36:35 UTC 
XMLRPC Test passed, Hence marking the bug as verified.
Comment 12 errata-xmlrpc 2020-09-29 19:59:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: ipa security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3936