From 05279ef447fbd3b59d47db51824e410728913064 Mon Sep 17 00:00:00 2001 From: Antonio Torres Date: Wed, 15 Mar 2023 11:24:06 +0100 Subject: [PATCH] ipaserver: deepcopy objectclasses list from IPA config We need to deepcopy the list of default objectlasses from IPA config before assigning it to an entry, in order to avoid further modifications of the entry affect the cached IPA config. Fixes: https://pagure.io/freeipa/issue/9349 Signed-off-by: Antonio Torres Reviewed-By: Francisco Trivino Reviewed-By: Thomas Woerner --- ipaserver/plugins/baseldap.py | 8 ++++---- ipaserver/plugins/stageuser.py | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index 5c122d6c5..e5fc77318 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -888,9 +888,9 @@ class LDAPObject(Object): objectclasses = self.object_class if self.object_class_config: config = ldap.get_ipa_config() - objectclasses = config.get( + objectclasses = deepcopy(config.get( self.object_class_config, objectclasses - ) + )) objectclasses = objectclasses + self.possible_objectclasses # Get list of available attributes for this object for use # in the ACI UI. @@ -1257,9 +1257,9 @@ class LDAPCreate(BaseLDAPCommand, crud.Create): if self.obj.object_class_config: config = ldap.get_ipa_config() - entry_attrs['objectclass'] = config.get( + entry_attrs['objectclass'] = deepcopy(config.get( self.obj.object_class_config, entry_attrs['objectclass'] - ) + )) if self.obj.uuid_attribute: entry_attrs[self.obj.uuid_attribute] = 'autogenerate' diff --git a/ipaserver/plugins/stageuser.py b/ipaserver/plugins/stageuser.py index b3c667937..760dff7ab 100644 --- a/ipaserver/plugins/stageuser.py +++ b/ipaserver/plugins/stageuser.py @@ -573,9 +573,9 @@ class stageuser_activate(LDAPQuery): if self.obj.object_class_config: config = ldap.get_ipa_config() - entry_attrs['objectclass'] = config.get( + entry_attrs['objectclass'] = deepcopy(config.get( self.obj.object_class_config, entry_attrs['objectclass'] - ) + )) return(entry_attrs)