IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Misc Python 3 fixes for ipaserver.secrets

Browse Source 
bytes/str fixes for LDAP data, JSON encoding and temp files.

Require jwcrpyto 0.4.2 with fix for RHBZ #1476150

https://pagure.io/freeipa/issue/4985

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Christian Heimes 2017-07-31 16:53:06 +02:00 committed by Tomas Krizek
parent 038d192065
commit 5f03329051
No known key found for this signature in database
GPG Key ID: 22A2A94B5E49415A
4 changed files with 28 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
freeipa.spec.in
View File

@ -191,7 +191,8 @@ BuildRequires: python2-yubico
BuildRequires: pki-base-python2 BuildRequires: pki-base-python2
BuildRequires: python-pytest-multihost BuildRequires: python-pytest-multihost
BuildRequires: python-pytest-sourceorder BuildRequires: python-pytest-sourceorder
BuildRequires: python-jwcrypto # 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
BuildRequires: python-jwcrypto >= 0.4.2
# 0.3: sd_notify (https://pagure.io/freeipa/issue/5825) # 0.3: sd_notify (https://pagure.io/freeipa/issue/5825)
BuildRequires: python2-custodia >= 0.3.1 BuildRequires: python2-custodia >= 0.3.1
BuildRequires: dbus-python BuildRequires: dbus-python
@ -228,7 +229,8 @@ BuildRequires: python3-yubico
BuildRequires: pki-base-python3 BuildRequires: pki-base-python3
BuildRequires: python3-pytest-multihost BuildRequires: python3-pytest-multihost
BuildRequires: python3-pytest-sourceorder BuildRequires: python3-pytest-sourceorder
BuildRequires: python3-jwcrypto # 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
BuildRequires: python3-jwcrypto >= 0.4.2
# 0.3: sd_notify (https://pagure.io/freeipa/issue/5825) # 0.3: sd_notify (https://pagure.io/freeipa/issue/5825)
BuildRequires: python3-custodia >= 0.3.1 BuildRequires: python3-custodia >= 0.3.1
BuildRequires: python3-dbus BuildRequires: python3-dbus
@ -679,7 +681,8 @@ Requires: python2-sss-murmur
Requires: dbus-python Requires: dbus-python
Requires: python2-setuptools Requires: python2-setuptools
Requires: python-six Requires: python-six
Requires: python-jwcrypto # 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
Requires: python-jwcrypto >= 0.4.2
Requires: python2-cffi Requires: python2-cffi
Requires: python-ldap >= 2.4.15 Requires: python-ldap >= 2.4.15
Requires: python2-requests Requires: python2-requests
@ -727,7 +730,8 @@ Requires: python3-sss-murmur
Requires: python3-dbus Requires: python3-dbus
Requires: python3-setuptools Requires: python3-setuptools
Requires: python3-six Requires: python3-six
Requires: python3-jwcrypto # 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
Requires: python3-jwcrypto >= 0.4.2
Requires: python3-cffi Requires: python3-cffi
Requires: python3-pyldap >= 2.4.15 Requires: python3-pyldap >= 2.4.15
Requires: python3-requests Requires: python3-requests

2
ipaserver/install/custodiainstance.py
View File

@ -180,7 +180,7 @@ class CustodiaInstance(SimpleServiceInstance):
with open(pk12pwfile, 'w+') as f: with open(pk12pwfile, 'w+') as f:
f.write(v['export password']) f.write(v['export password'])
pk12file = os.path.join(tmpnssdir, 'pk12file') pk12file = os.path.join(tmpnssdir, 'pk12file')
with open(pk12file, 'w+') as f: with open(pk12file, 'wb') as f:
f.write(b64decode(v['pkcs12 data'])) f.write(b64decode(v['pkcs12 data']))
ipautil.run([paths.PK12UTIL, ipautil.run([paths.PK12UTIL,
'-d', tmpdb.secdir, '-d', tmpdb.secdir,

33
ipaserver/secrets/store.py
View File

@ -84,14 +84,14 @@ class NSSWrappedCertDB(DBMAPHandler):
paths.CERTUTIL, '-d', self.nssdb_path, paths.CERTUTIL, '-d', self.nssdb_path,
'-L', '-n', self.target_nick, '-L', '-n', self.target_nick,
'-a', '-o', certificate_file]) '-a', '-o', certificate_file])
with open(wrapped_key_file, 'r') as f: with open(wrapped_key_file, 'rb') as f:
wrapped_key = f.read() wrapped_key = f.read()
with open(certificate_file, 'r') as f: with open(certificate_file, 'r') as f:
certificate = f.read() certificate = f.read()
finally: finally:
shutil.rmtree(tdir) shutil.rmtree(tdir)
return json_encode({ return json_encode({
'wrapped_key': b64encode(wrapped_key), 'wrapped_key': b64encode(wrapped_key).decode('ascii'),
'certificate': certificate}) 'certificate': certificate})
@ -113,11 +113,11 @@ class NSSCertDB(DBMAPHandler):
tdir = tempfile.mkdtemp(dir=paths.TMP) tdir = tempfile.mkdtemp(dir=paths.TMP)
try: try:
nsspwfile = os.path.join(tdir, 'nsspwfile') nsspwfile = os.path.join(tdir, 'nsspwfile')
with open(nsspwfile, 'w+') as f: with open(nsspwfile, 'w') as f:
f.write(self.nssdb_password) f.write(self.nssdb_password)
pk12pwfile = os.path.join(tdir, 'pk12pwfile') pk12pwfile = os.path.join(tdir, 'pk12pwfile')
password = ipautil.ipa_generate_password() password = ipautil.ipa_generate_password()
with open(pk12pwfile, 'w+') as f: with open(pk12pwfile, 'w') as f:
f.write(password) f.write(password)
pk12file = os.path.join(tdir, 'pk12file') pk12file = os.path.join(tdir, 'pk12file')
ipautil.run([paths.PK12UTIL, ipautil.run([paths.PK12UTIL,
@ -126,25 +126,25 @@ class NSSCertDB(DBMAPHandler):
"-n", self.nickname, "-n", self.nickname,
"-k", nsspwfile, "-k", nsspwfile,
"-w", pk12pwfile]) "-w", pk12pwfile])
with open(pk12file, 'r') as f: with open(pk12file, 'rb') as f:
data = f.read() data = f.read()
finally: finally:
shutil.rmtree(tdir) shutil.rmtree(tdir)
return json_encode({'export password': password, return json_encode({'export password': password,
'pkcs12 data': b64encode(data)}) 'pkcs12 data': b64encode(data).decode('ascii')})
def import_key(self, value): def import_key(self, value):
v = json_decode(value) v = json_decode(value)
tdir = tempfile.mkdtemp(dir=paths.TMP) tdir = tempfile.mkdtemp(dir=paths.TMP)
try: try:
nsspwfile = os.path.join(tdir, 'nsspwfile') nsspwfile = os.path.join(tdir, 'nsspwfile')
with open(nsspwfile, 'w+') as f: with open(nsspwfile, 'w') as f:
f.write(self.nssdb_password) f.write(self.nssdb_password)
pk12pwfile = os.path.join(tdir, 'pk12pwfile') pk12pwfile = os.path.join(tdir, 'pk12pwfile')
with open(pk12pwfile, 'w+') as f: with open(pk12pwfile, 'w') as f:
f.write(v['export password']) f.write(v['export password'])
pk12file = os.path.join(tdir, 'pk12file') pk12file = os.path.join(tdir, 'pk12file')
with open(pk12file, 'w+') as f: with open(pk12file, 'wb') as f:
f.write(b64decode(v['pkcs12 data'])) f.write(b64decode(v['pkcs12 data']))
ipautil.run([paths.PK12UTIL, ipautil.run([paths.PK12UTIL,
"-d", self.nssdb_path, "-d", self.nssdb_path,
@ -176,12 +176,14 @@ class DMLDAP(DBMAPHandler):
attrlist=['nsslapd-rootpw']) attrlist=['nsslapd-rootpw'])
if len(r) != 1: if len(r) != 1:
raise RuntimeError('DM Hash not found!') raise RuntimeError('DM Hash not found!')
return json_encode({'dmhash': r[0][1]['nsslapd-rootpw'][0]}) rootpw = r[0][1]['nsslapd-rootpw'][0]
return json_encode({'dmhash': rootpw.decode('ascii')})
def import_key(self, value): def import_key(self, value):
v = json_decode(value) v = json_decode(value)
rootpw = v['dmhash'].encode('ascii')
conn = self.ldap.connect() conn = self.ldap.connect()
mods = [(ldap.MOD_REPLACE, 'nsslapd-rootpw', str(v['dmhash']))] mods = [(ldap.MOD_REPLACE, 'nsslapd-rootpw', rootpw)]
conn.modify_s('cn=config', mods) conn.modify_s('cn=config', mods)
@ -208,12 +210,12 @@ class PEMFileHandler(DBMAPHandler):
try: try:
ipautil.run(args, nolog=(password, )) ipautil.run(args, nolog=(password, ))
with open(tmpfile, 'r') as f: with open(tmpfile, 'rb') as f:
data = f.read() data = f.read()
finally: finally:
os.remove(tmpfile) os.remove(tmpfile)
return json_encode({'export password': password, return json_encode({'export password': password,
'pkcs12 data': b64encode(data)}) 'pkcs12 data': b64encode(data).decode('ascii')})
def import_key(self, value): def import_key(self, value):
v = json_decode(value) v = json_decode(value)
@ -221,7 +223,8 @@ class PEMFileHandler(DBMAPHandler):
password = v['export password'] password = v['export password']
try: try:
_fd, tmpdata = tempfile.mkstemp(dir=paths.TMP) _fd, tmpdata = tempfile.mkstemp(dir=paths.TMP)
with open(tmpdata, 'w') as f: os.close(_fd)
with open(tmpdata, 'wb') as f:
f.write(data) f.write(data)
# get the certificate from the file # get the certificate from the file
@ -291,7 +294,7 @@ class IPASecStore(CSStore):
key_handler = self._get_handler(key) key_handler = self._get_handler(key)
value = key_handler.export_key() value = key_handler.export_key()
except Exception as e: # pylint: disable=broad-except except Exception as e: # pylint: disable=broad-except
log_error('Error retrievieng key "%s": %s' % (key, str(e))) log_error('Error retrieving key "%s": %s' % (key, str(e)))
value = None value = None
return value return value

1
ipasetup.py.in
View File

@ -73,6 +73,7 @@ PACKAGE_VERSION = {
'ipaplatform': 'ipaplatform == {}'.format(VERSION), 'ipaplatform': 'ipaplatform == {}'.format(VERSION),
'ipapython': 'ipapython == {}'.format(VERSION), 'ipapython': 'ipapython == {}'.format(VERSION),
'ipaserver': 'ipaserver == {}'.format(VERSION), 'ipaserver': 'ipaserver == {}'.format(VERSION),
'jwcrypto': 'jwcrpyto >= 0.4.2',
'kdcproxy': 'kdcproxy >= 0.3', 'kdcproxy': 'kdcproxy >= 0.3',
'netifaces': 'netifaces >= 0.10.4', 'netifaces': 'netifaces >= 0.10.4',
'pyldap': 'pyldap >= 2.4.15', 'pyldap': 'pyldap >= 2.4.15',