[Freeipa-devel] [freeipa PR#1939][opened] [Backport][ipa-4-6] Radius proxy multiservers fix

Thu, 17 May 2018 15:38:12 -0700 

   URL: https://github.com/freeipa/freeipa/pull/1939
Author: rcritten
 Title: #1939: [Backport][ipa-4-6] Radius proxy multiservers fix
Action: opened

PR body:
"""
This PR was opened automatically because PR #1922 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1939/head:pr1939
git checkout pr1939

From 9ea7a774be2a78e55e5158cec661aec7a1c23c7c Mon Sep 17 00:00:00 2001
From: Aleksei Slaikovskii <aslai...@redhat.com>
Date: Mon, 14 May 2018 08:55:56 +0200
Subject: [PATCH] Radius proxy multiservers fix

Now radius proxy plugin allows to add more then one radius server
into radius proxy but the first one from ldap response is being
parsed (you can see ./daemons/ipa-optd/parse.c).

So this kind of behaviour is a bug, as it was determined on IRC.

This patch removes possibility to add more then one radius server
into radius proxy.

Pagure: https://pagure.io/freeipa/issue/7542
---
 API.txt                               |  6 +++---
 install/ui/src/freeipa/radiusproxy.js | 12 +++---------
 ipaserver/plugins/radiusproxy.py      |  2 +-
 3 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/API.txt b/API.txt
index 05dec4475c..96c1548331 100644
--- a/API.txt
+++ b/API.txt
@@ -3958,7 +3958,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False)
 option: Str('description?', cli_name='desc')
 option: Int('ipatokenradiusretries?', cli_name='retries')
 option: Password('ipatokenradiussecret', cli_name='secret', confirm=True)
-option: Str('ipatokenradiusserver+', cli_name='server')
+option: Str('ipatokenradiusserver', cli_name='server')
 option: Int('ipatokenradiustimeout?', cli_name='timeout')
 option: Str('ipatokenusermapattribute?', cli_name='userattr')
 option: Flag('raw', autofill=True, cli_name='raw', default=False)
@@ -3983,7 +3983,7 @@ option: Str('cn?', autofill=False, cli_name='name')
 option: Str('description?', autofill=False, cli_name='desc')
 option: Int('ipatokenradiusretries?', autofill=False, cli_name='retries')
 option: Password('ipatokenradiussecret?', autofill=False, cli_name='secret', confirm=True)
-option: Str('ipatokenradiusserver*', autofill=False, cli_name='server')
+option: Str('ipatokenradiusserver?', autofill=False, cli_name='server')
 option: Int('ipatokenradiustimeout?', autofill=False, cli_name='timeout')
 option: Str('ipatokenusermapattribute?', autofill=False, cli_name='userattr')
 option: Flag('pkey_only?', autofill=True, default=False)
@@ -4004,7 +4004,7 @@ option: Str('delattr*', cli_name='delattr')
 option: Str('description?', autofill=False, cli_name='desc')
 option: Int('ipatokenradiusretries?', autofill=False, cli_name='retries')
 option: Password('ipatokenradiussecret?', autofill=False, cli_name='secret', confirm=True)
-option: Str('ipatokenradiusserver*', autofill=False, cli_name='server')
+option: Str('ipatokenradiusserver?', autofill=False, cli_name='server')
 option: Int('ipatokenradiustimeout?', autofill=False, cli_name='timeout')
 option: Str('ipatokenusermapattribute?', autofill=False, cli_name='userattr')
 option: Flag('raw', autofill=True, cli_name='raw', default=False)
diff --git a/install/ui/src/freeipa/radiusproxy.js b/install/ui/src/freeipa/radiusproxy.js
index 056d9504c1..d4283f72cd 100644
--- a/install/ui/src/freeipa/radiusproxy.js
+++ b/install/ui/src/freeipa/radiusproxy.js
@@ -66,10 +66,7 @@ return {
                             $type: 'textarea',
                             name: 'description'
                         },
-                        {
-                            $type: 'multivalued',
-                            name: 'ipatokenradiusserver' // TODO: add validation
-                        },
+                        'ipatokenradiusserver', // TODO: add validation
                         'ipatokenusermapattribute', // TODO: add validation
                         'ipatokenradiustimeout',
                         'ipatokenradiusretries'
@@ -90,10 +87,7 @@ return {
     adder_dialog: {
         fields: [
             'cn',
-            {
-                $type: 'multivalued',
-                name: 'ipatokenradiusserver'
-            },
+            'ipatokenradiusserver',
             {
                 $type: 'password',
                 name: 'ipatokenradiussecret'
@@ -130,4 +124,4 @@ radiusproxy.register = function() {
 phases.on('registration', radiusproxy.register);
 
 return radiusproxy;
-});
\ No newline at end of file
+});
diff --git a/ipaserver/plugins/radiusproxy.py b/ipaserver/plugins/radiusproxy.py
index be77c62432..f638431f69 100644
--- a/ipaserver/plugins/radiusproxy.py
+++ b/ipaserver/plugins/radiusproxy.py
@@ -116,7 +116,7 @@ class radiusproxy(LDAPObject):
             label=_('Description'),
             doc=_('A description of this RADIUS proxy server'),
         ),
-        Str('ipatokenradiusserver+', validate_radiusserver,
+        Str('ipatokenradiusserver', validate_radiusserver,
             cli_name='server',
             label=_('Server'),
             doc=_('The hostname or IP (with or without port)'),

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/LTZ7K5AHOQRQ7TDSTSST3KFONRP7AXAK/

Reply via email to