Project

General

Profile

Tâche #25885

Scénario #25625: Traitement express MEN (47-49)

Amon 2.6.2 : Un nom machine supérieur à 15 caractères empêches l'intégration au domaine Kerberos

Added by Emmanuel GARETTE over 2 years ago. Updated over 2 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
11/16/2018
Due date:
% Done:

100%

Remaining (hours):
0.0

Description

Cas d'utilisation

La variable nom_machine avait une valeur supérieur à 15 caractères.
L'authentification NTLM/Kerberos est activé sur le proxy.
Il est impossible d'intégrer un domaine Windows 20xx

Proposition

Ajouter une contrainte qui vérifie la taille de nom_machine en cas d'activation de l'authentification NTLM/Kerberos.

Problème découvert avec Rennes Métropole


Related issues

Copied to Documentations - Tâche #26325: Amon 2.7.0 : Suppression d'une variable dans "Proxy authentifié" en mode Kerberos Fermé 05/24/2019

Associated revisions

Revision 9bbf42a4 (diff)
Added by Joël Cuissinat over 2 years ago

Deduce AD workgroup from REALM for KERBEROS auth proxy

Ref: #25885

Revision dd2d12b0 (diff)
Added by Joël Cuissinat over 2 years ago

Serveur name should have less than 15 characters for Kerberos proxy authentication

Ref: #25885

Revision feb6f166 (diff)
Added by Joël Cuissinat over 2 years ago

hidden='True' should always work in param

Ref: #25885

Revision 4e5c64cd (diff)
Added by Joël Cuissinat over 2 years ago

Add "valid_krb_name" new eosfunc

Ref: #25885

Revision 7374d743 (diff)
Added by Joël Cuissinat over 2 years ago

Update creole french translations

Ref: #25885

Revision 2bf1b561 (diff)
Added by Joël Cuissinat over 2 years ago

Update translations Ref: #25885

Revision 7e95388e (diff)
Added by Joël Cuissinat almost 2 years ago

aca.proxy 2.7.1 : nom_domaine_windows est calculé

Ref: #25885

History

#1 Updated by Scrum Master over 2 years ago

  • Assigned To set to Scrum Master
  • Parent task set to #25625

#2 Updated by Joël Cuissinat over 2 years ago

  • Project changed from eole-proxy to Distribution EOLE
  • Assigned To changed from Scrum Master to Joël Cuissinat

#3 Updated by Joël Cuissinat over 2 years ago

  • Status changed from Nouveau to En cours

#4 Updated by Joël Cuissinat over 2 years ago

Proposition :

  • fonction eosfunc :
    def valid_krb_name(name, auth):
        """ 
        Vérifie la longeur du nom de machine en mode Kerberos #25885
        """ 
        if auth == u'NTLM/KERBEROS' and len(name) > 15:
            raise ValueError(_(u"Serveur name should have less than 15 characters for Kerberos proxy authentication"))
        return True
    
    
  • dico :
            <check name='valid_krb_name' target='nom_machine'>
                <param type='eole' hidden="False">type_squid_auth</param>
            </check>
    

#5 Updated by Emmanuel GARETTE over 2 years ago

Hidden = False n'est pas pris en compte à cause d'un bug Creole (deuxième version du patch qui est plus conforme à ce qu'on veut) :

diff --git a/creole/annotator.py b/creole/annotator.py
index a71ab22a..adffeb01 100644
--- a/creole/annotator.py
+++ b/creole/annotator.py
@@ -1438,20 +1438,32 @@ class SpaceAnnotator(object):
         for idx in remove_indexes:
             del space[idx]

-        #convert level to "warnings_only" and hidden to "transitive" 
+        #convert level to "warnings_only" and hidden to "transitive" for consistencies
         for check in space:
             if check.level == 'warning':
                 check.warnings_only = True
             else:
                 check.warnings_only = False
             check.level = None
-            transitive = True
-            if hasattr(check, 'param'):
-                for param in check.param:
-                    if not param.hidden is True:
-                        transitive = False
-                    param.hidden = None
-            check.transitive = transitive
+            if check.name == 'valid_differ':
+                all_param_eole = True
+                if hasattr(check, 'param'):
+                    for param in check.param:
+                        if param.type != 'eole':
+                            all_param_eole = False
+                            break
+            if check.name in ['valid_enum',
+                              'valid_networknetmask',
+                              'valid_ipnetmask',
+                              'valid_broadcast',
+                              'valid_in_network'] or (check.name == 'valid_differ' and all_param_eole):
+                transitive = True
+                if hasattr(check, 'param'):
+                    for param in check.param:
+                        if not param.hidden is True:
+                            transitive = False
+                        param.hidden = None
+                check.transitive = transitive

     def filter_fill(self, space):  # pylint: disable=C0111,R0912
         fills = {}
diff --git a/tests/flattener_dicos/10check_base/result/00-base.xml b/tests/flattener_dicos/10check_base/result/00-base.xml
index fc43e800..173eec0e 100644
--- a/tests/flattener_dicos/10check_base/result/00-base.xml
+++ b/tests/flattener_dicos/10check_base/result/00-base.xml
@@ -1,9 +1,9 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <creole>
   <constraints>
-    <check name="valid_entier" target="creole.general.int" transitive="True" warnings_only="False">
-      <param name="mini" type="string">0</param>
-      <param name="maxi" type="string">100</param>
+    <check name="valid_entier" target="creole.general.int" warnings_only="False">
+      <param hidden="True" name="mini" type="string">0</param>
+      <param hidden="True" name="maxi" type="string">100</param>
     </check>
   </constraints>
   <family name="containers">
diff --git a/tests/flattener_dicos/10check_option/result/00-base.xml b/tests/flattener_dicos/10check_option/result/00-base.xml
index e4ef7c99..da19202a 100644
--- a/tests/flattener_dicos/10check_option/result/00-base.xml
+++ b/tests/flattener_dicos/10check_option/result/00-base.xml
@@ -1,9 +1,9 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <creole>
   <constraints>
-    <check name="valid_entier" target="creole.general.int" transitive="True" warnings_only="False">
-      <param name="mini" type="string">0</param>
-      <param name="maxi" type="eole">creole.general.int2</param>
+    <check name="valid_entier" target="creole.general.int" warnings_only="False">
+      <param hidden="True" name="mini" type="string">0</param>
+      <param hidden="True" name="maxi" type="eole">creole.general.int2</param>
     </check>
   </constraints>
   <family name="containers">

#6 Updated by Joël Cuissinat over 2 years ago

  • Status changed from En cours to Résolu
  • % Done changed from 0 to 100

Demande originale traitée en 2.7.0.

Rétro-portage en 2.6.2 du patch creole uniquement.

#7 Updated by Joël Cuissinat over 2 years ago

  • Copied to Tâche #26325: Amon 2.7.0 : Suppression d'une variable dans "Proxy authentifié" en mode Kerberos added

#8 Updated by Joël Cuissinat over 2 years ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) set to 0.0

Also available in: Atom PDF