e386e22 cert: use context.principal only when it is defined

1 file Authored by abbra 8 months ago, Committed by antorres 8 months ago,
    cert: use context.principal only when it is defined
    
    In server-like context we use LDAPI connection with auto-binding to LDAP
    object based on the UID of the process connecting to LDAPI UNIX domain
    socket. This means context.principal is not set and we cannot use it.
    
    When processing certificate issuance requests a care has to be done to
    match operations done as LDAP auto-bind to actual principals for
    validation. This is a tough one as we have no principal to match for
    cn=Directory Manager. Use fake principal to fail validation here and
    rely on LDAP ACIs instead.
    
    Fixes: https://pagure.io/freeipa/issue/9583
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Thomas Woerner <twoerner@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
    
        
file modified
+13 -2