Explicitly handle quoting/unquoting of NSSNickname directive

Improve the single/double quote handling during parsing/unparsing of nss.conf's NSSNickname directive. Single quotes are now added/stripped explicitly when handling the certificate nickname. https://fedorahosted.org/freeipa/ticket/6460 Reviewed-By: Tomas Krizek <tkrizek@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-12-16 13:42:05 +01:00 · 2016-12-16 13:42:05 +01:00 · 86f4a93fb3
commit 86f4a93fb3
parent 2831b30e9a
2 changed files with 14 additions and 4 deletions
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@ -253,8 +253,10 @@ class HTTPInstance(service.Service):
            print("Updating port in %s failed." % paths.HTTPD_NSS_CONF)

    def __set_mod_nss_nickname(self, nickname):
+        quoted_nickname = installutils.quote_directive_value(
+            nickname, quote_char="'")
        installutils.set_directive(
-            paths.HTTPD_NSS_CONF, 'NSSNickname', nickname, quote_char="'")
+            paths.HTTPD_NSS_CONF, 'NSSNickname', quoted_nickname, quotes=False)

    def set_mod_nss_protocol(self):
        installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSProtocol', 'TLSv1.0,TLSv1.1,TLSv1.2', False)
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@ -136,12 +136,20 @@ class ServerCertInstall(admintool.AdminTool):
        old_cert = installutils.get_directive(paths.HTTPD_NSS_CONF,
                                              'NSSNickname')

+        unquoted_cert = installutils.unquote_directive_value(
+            old_cert, quote_char="'")
+
        server_cert = self.import_cert(dirname, self.options.pin,
-                                       old_cert, 'HTTP/%s' % api.env.host,
+                                       unquoted_cert, 'HTTP/%s' % api.env.host,
                                       'restart_httpd')

-        installutils.set_directive(paths.HTTPD_NSS_CONF,
-                                   'NSSNickname', server_cert)
+        quoted_server_cert = installutils.quote_directive_value(
+            server_cert, quote_char="'")
+        installutils.set_directive(
+            paths.HTTPD_NSS_CONF,
+            'NSSNickname',
+            quoted_server_cert,
+            quotes=False)

        # Fix the database permissions
        os.chmod(os.path.join(dirname, 'cert8.db'), 0o640)