Bug 737994

Summary: File parameter fails if prompted for
Product: Red Hat Enterprise Linux 6 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: 6.1CC: benl, dpal, jdennis, jgalipea, mkosek, nsoman, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ipa-2.1.2-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: Some IPA commands require a file to be passed. For example, a cert-request command requires a CSR file. If the command contains a validation rule for the required file, it needs to be executed before it can be processed. However, if the file is passed in CLI command interactively (and not as a command option), the validation rule is applied to the file path and not the file contents. Consequence: Validation rule may fail and command then returns an error until the file is passed as a command option. Fix: Make sure that validation rule is applied to file contents only. Result: User can pass the required file in CLI both interactively and via a command option.
 Story Points: ---
Clone Of: 557163 Environment:
Last Closed: 2011-12-06 18:31:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 557163    
Bug Blocks: 431020    

Comment 1 Martin Kosek 2011-09-14 16:28:46 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/29ec63c3813cee5fa8d8b1e9ad032a89992791eb
ipa-2-1: https://fedorahosted.org/freeipa/changeset/e5e17dcbeee5b4b424b45794cb93bf2856435214
Comment 4 Martin Kosek 2011-11-01 11:49:39 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Some IPA commands require a file to be passed. For example, a cert-request command requires a CSR file. If the command contains a validation rule for the required file, it needs to be executed before it can be processed. However, if the file is passed in CLI command interactively (and not as a command option), the validation rule is applied to the file path and not the file contents.
Consequence: Validation rule may fail and command then returns an error until the file is passed as a command option.
Fix: Make sure that validation rule is applied to file contents only.
Result: User can pass the required file in CLI both interactively and via a command option.
Comment 5 Namita Soman 2011-11-07 19:22:55 UTC 
testing
Comment 6 Namita Soman 2011-11-07 20:24:41 UTC 
Verified using ipa-server-2.1.3-8.el6.x86_64

Used both methods to specify csr file successfully.

# ipa cert-request  --principal=servicecert_request_1008_4136/ipa-replica2.testrelm
CSR: /tmp/tmp.YrqjrbaUGk/certrequest.29915.certreq.csr
  Certificate: MIIDejCCAmKgAwIBAgIBDzANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKEwhURVNUUkVMTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTExMTEwNzIwMjMyMloXDTEzMTEwNzIwMjMyMlowMzERMA8GA1UEChMIVEVTVFJFTE0xHjAcBgNVBAMTFWlwYS1yZXBsaWNhMi50ZXN0cmVsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO2yM4a3L5yZsyL04L9JM4jmBIxKSyBWDM4KcQ3WDZ2EV2fAK/nsYWzLZz4LNMv0OVTLiMoYeH2+pqpbDEoCSqhOFZJEUKFUo/I9aoVvlovea3l6Np+T4ihlJYSfq9oB/dZ318ocXQM6BdaYhCeqppTW+MtjZaHRjU2bspwUBmoB9DyySj2U8DR4DdksQDGDxsQj5oTB7hJFZp2zg5O3HvuTmHqn7chzDGA8VmtX1d43s4ZcBWytIlCQW0r90S81rikafpPETVGLmT0CsuScj28upDvC+uqjowh/rWbuhWXvnROzeOSnc9DHwWtMeqFaGP6NZ2vDU8cWvR6iVENLol0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBTVpUXE372Pga4mu7YNw7r9OfJ/azBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtcmVwbGljYTIudGVzdHJlbG06ODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCjcOH+iO/Ak2baTeXw551Yot0u4GPXCvthgcGQoGqQvFBD3d4C9O72gDKkkC/MZQrxpjlOFA6s6YGT1ge2DadMLHvryZmct8WyLAXShZ2jHSwDSwhI+tMMhv8Tj8Bsb1Nsd/9iWDAHce4CzDRLKclpOT0EZnVJDoyyq5IvnA6Zzi8B5QlkcuAlLaBBzbePwyYyERad0jnfwp9ioiGANPy3WL8d4IxFEk4iNWkU6WFleZAXpi3qjUENTgnNnKU8/kalCAHXhgxg5P3rEyFr8o7xKs/N80RKk2P2t6qHRTnEmpKy+j3C4aAn8mq6o8O1Pn7zeIrbpZwlYSg79JqBAdoW
  Subject: CN=ipa-replica2.testrelm,O=TESTRELM
  Issuer: CN=Certificate Authority,O=TESTRELM
  Not Before: Mon Nov 07 20:23:22 2011 UTC
  Not After: Thu Nov 07 20:23:22 2013 UTC
  Fingerprint (MD5): 23:b0:64:4b:be:3c:1e:b4:54:11:98:1d:be:3f:0f:bb
  Fingerprint (SHA1): 05:c4:38:ac:b5:e6:34:77:92:87:2b:ac:2f:84:38:36:77:14:cc:28
  Serial number: 15



[root@ipa-client1 ipa-cert]# ipa cert-request  --principal=servicecert_request_1008_4136/ipa-replica2.testrelm /tmp/tmp.YrqjrbaUGk/certrequest.29915.certreq.csr
  Certificate: MIIDejCCAmKgAwIBAgIBEDANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKEwhURVNUUkVMTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTExMTEwNzIwMjMzMloXDTEzMTEwNzIwMjMzMlowMzERMA8GA1UEChMIVEVTVFJFTE0xHjAcBgNVBAMTFWlwYS1yZXBsaWNhMi50ZXN0cmVsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO2yM4a3L5yZsyL04L9JM4jmBIxKSyBWDM4KcQ3WDZ2EV2fAK/nsYWzLZz4LNMv0OVTLiMoYeH2+pqpbDEoCSqhOFZJEUKFUo/I9aoVvlovea3l6Np+T4ihlJYSfq9oB/dZ318ocXQM6BdaYhCeqppTW+MtjZaHRjU2bspwUBmoB9DyySj2U8DR4DdksQDGDxsQj5oTB7hJFZp2zg5O3HvuTmHqn7chzDGA8VmtX1d43s4ZcBWytIlCQW0r90S81rikafpPETVGLmT0CsuScj28upDvC+uqjowh/rWbuhWXvnROzeOSnc9DHwWtMeqFaGP6NZ2vDU8cWvR6iVENLol0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBTVpUXE372Pga4mu7YNw7r9OfJ/azBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtcmVwbGljYTIudGVzdHJlbG06ODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBEcCVa0UXkU8CkMaXa4MK1mbvnZhgQEHge5H5CskITtIWix0zrQLaxX/4z67KsyQSREeiFeLWfvuUZTfqOnSsuGuSixVPMEiNr8kX9C9m/MZOEn7b72woM5x6g1iBTg2Dc3zRwzBziRVoQgLdmig8W1fNdZczRFul+d4xgCv6RfU0DX4YaPTqY5v5ucCyljW6QrlhdBXqTT9V8zH2oPRJTdGDzJM3i36YuWLlYNpGRhNAi011K4FNZE+LwmfP/2tPWM3ndCZyJEM7IOtuzdX9KOPilaTZDLjdzdN8yy/6us+5Irh4FvkrGJfaqFIo34+Jrbx1y5tmvSLo25TTL6UTv
  Subject: CN=ipa-replica2.testrelm,O=TESTRELM
  Issuer: CN=Certificate Authority,O=TESTRELM
  Not Before: Mon Nov 07 20:23:32 2011 UTC
  Not After: Thu Nov 07 20:23:32 2013 UTC
  Fingerprint (MD5): ed:27:94:c9:81:4d:e1:b2:aa:a5:3e:b7:a4:c3:0a:1d
  Fingerprint (SHA1): 97:39:42:93:84:c4:67:06:bf:1c:25:c5:14:a5:0f:9f:3f:1f:a7:cc
  Serial number: 16
Comment 7 errata-xmlrpc 2011-12-06 18:31:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html