Bug 699059

Summary: ipa-getcert request : give wrong suggest value when command failed
Product: Red Hat Enterprise Linux 6 Reporter: Yi Zhang <yzhang>
Component: certmongerAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.1CC: dpal, jgalipea, kchamart, ksiddiqu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: certmonger-0.45-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 17:37:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Yi Zhang 2011-04-22 21:22:05 UTC 
Description of problem:
[i386.c yi@dhcp-120 /iparhts/acceptance/ipa-getcert] sudo ipa-getcert request -k /tmp/getcert28343/request_1036.key.pem -f request_1036/28364/NoSuchPem

Path "request_1036/28364/NoSuchPem" is not absolute, using "/iparhts/acceptance/ipa-getcert/request_1036/28364/NoSuchPem" instead.
The parent of location "/iparhts/acceptance/ipa-getcert/request_1036/28364/NoSuchPem" must be a valid directory.

In this test, the file value "request_1036/28364/NoSuchPem" is not acceptable since absolute value required.
However, the suggested value "/iparhts/acceptance/ipa-getcert/request_1036/28364/NoSuchPem", which being automatic applied, is also not valid due to suggested file does not exist.  

--- this is a minor issue, since the command does fail as expected. but giving an incorrect suggesting (and also failed in such scenario) might not be the best implementation. 

Version-Release number of selected component (if applicable):ipa-client-2.0.0-23.el6.i686


How reproducible: always


Steps to Reproduce:
1. install ipa server
2. install ipa client and config it connect to ipa server
3. as root, run command:
ipa-getcert request -k /tmp/getcert28343/request_1036.key.pem -f request_1036/28364/NoSuchPem
  
Actual results: failed


Expected results: failed, command also recommend a value to use, but also failed after recommend value applied


Additional info:
Comment 2 RHEL Program Management 2011-04-23 06:00:19 UTC 
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 4 Kaleem 2011-10-05 10:21:13 UTC 
Verified.

RHEL Version:
=============
[root@dhcp201-220 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.2 Beta (Santiago)

Certmonger Version:
==================
[root@dhcp201-220 ~]# rpm -q certmonger 
certmonger-0.48-1.el6.x86_64
[root@dhcp201-220 ~]#

Steps used to verify:
=====================
(1)Install certmonger 

[root@dhcp201-220 ~]# yum install certmonger -y
Loaded plugins: product-id, subscription-manager
.
.
Installed:
  certmonger.x86_64 0:0.48-1.el6                                                                    [root@dhcp201-220 ~]#

(2)start certmonger service

[root@dhcp201-220 ~]# service certmonger start
Starting certmonger:                                       [  OK  ]
[root@dhcp201-220 ~]#

(3)Generate a cert request with non-existent file storage 

[root@dhcp201-220 ~]# getcert request -k /tmp/kaleem/tmp.key -f non-existent/tmp.pem
Path "non-existent/tmp.pem" is not absolute, attempting to use "/root/non-existent/tmp.pem" instead.
Path "/root/non-existent": No such file or directory.
[root@dhcp201-220 ~]#

Result:
=======
 Now certmonger prompts proper error message "No such file or directory" if
suggested path does not exists instead of earlier error message "The
parent of location /non-existent/tmp.pem must be a valid directory".
Comment 5 errata-xmlrpc 2011-12-06 17:37:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1708.html