#5213 ipa vault-add does not check type for password and public-key related arguments
Closed: Duplicate None Opened 8 years ago by spoore.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1253498

Description of problem:

It looks like vault-add does not restrict use of arguments by type.  I
confirmed with Endi that the password/public-key related arguments do nothing
for vaults that don't match their type (symmetric/asymmetric).  So, the command
line should show an error.

[root@master ~]# ipa vault-add vname --password=SomePa55w0rd
-------------------
Added vault "vname"
-------------------
  Vault name: vname
  Type: standard
  Owner users: admin
[root@master ~]# ipa vault-archive vname --in=/tmp/secret.in
--------------------------------
Archived data into vault "vname"
--------------------------------
[root@master ~]# ipa vault-retrieve vname
---------------------------------
Retrieved data from vault "vname"
---------------------------------
  Data: dGVzdF9kYXRhMgo=
[root@master ~]# echo dGVzdF9kYXRhMgo=|base64 -d
test_data2
[root@master ~]# ipa vault-add vname_password --password-file=/tmp/stdin.in
----------------------------
Added vault "vname_password"
----------------------------
  Vault name: vname_password
  Type: standard
  Owner users: admin
[root@master ~]# ipa vault-add vname_publickey --public-key-file=public.pem
-----------------------------
Added vault "vname_publickey"
-----------------------------
  Vault name: vname_publickey
  Type: standard
  Owner users: admin


Version-Release number of selected component (if applicable):
ipa-server-4.2.0-4.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1.  ipa-server-install
2.  ipa-kra-install
3.  kinit admin
4.  ipa vault-add --password="something"
5.  ipa vault-add --public-key="somepkblob"
...

Actual results:
arguments excepted but not used.  instead should error that the args don't
match the type

Expected results:
arguments would only be allowed if used by the type

Additional info:

Metadata Update from @spoore:
- Issue assigned to someone
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

7 years ago

Login to comment on this ticket.

Metadata