IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

certmonger: Use explicit storage format

Browse Source 
Add storage='NSSDB' to various places. It makes it a bit easier to track
down NSSDB usage.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Christian Heimes 2018-01-16 13:43:25 +01:00
parent 2d8d5ad8d9
commit 88fd3f9435
5 changed files with 27 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ipaclient/install/client.py
View File

@ -788,8 +788,13 @@ def configure_certmonger(
try:
certmonger.request_cert(
certpath=paths.IPA_NSSDB_DIR,
nickname='Local IPA host', subject=subject, dns=[hostname],
principal=principal, passwd_fname=passwd_fname)
storage='NSSDB',
nickname='Local IPA host',
subject=subject,
dns=[hostname],
principal=principal,
passwd_fname=passwd_fname
)
except Exception as ex:
logger.error(
"%s request for host certificate failed: %s",

7
ipaserver/install/certs.py
View File

@ -639,11 +639,14 @@ class CertDB(object):
return self.nssdb.export_pem_cert(nickname, location)
def request_service_cert(self, nickname, principal, host):
certmonger.request_and_wait_for_cert(certpath=self.secdir,
certmonger.request_and_wait_for_cert(
certpath=self.secdir,
storage='NSSDB',
nickname=nickname,
principal=principal,
subject=host,
passwd_fname=self.passwd_fname)
passwd_fname=self.passwd_fname
)
def is_ipa_issued_cert(self, api, nickname):
"""

4
ipaserver/install/dsinstance.py
View File

@ -832,6 +832,7 @@ class DsInstance(service.Service):
cmd = 'restart_dirsrv %s' % self.serverid
certmonger.request_and_wait_for_cert(
certpath=dirname,
storage='NSSDB',
nickname=self.nickname,
principal=self.principal,
passwd_fname=dsdb.passwd_fname,
@ -839,7 +840,8 @@ class DsInstance(service.Service):
ca='IPA',
profile=dogtag.DEFAULT_PROFILE,
dns=[self.fqdn],
post_command=cmd)
post_command=cmd
)
finally:
if prev_helper is not None:
certmonger.modify_ca_helper('IPA', prev_helper)

3
ipaserver/install/httpinstance.py
View File

@ -361,8 +361,7 @@ class HTTPInstance(service.Service):
ca='IPA',
profile=dogtag.DEFAULT_PROFILE,
dns=[self.fqdn],
post_command='restart_httpd',
storage='FILE',
post_command='restart_httpd'
)
finally:
if prev_helper is not None:

13
ipaserver/install/krbinstance.py
View File

@ -430,18 +430,21 @@ class KrbInstance(service.Service):
'--agent-submit'
]
helper = " ".join(ca_args)
prev_helper = certmonger.modify_ca_helper(certmonger_ca, helper)
prev_helper = certmonger.modify_ca_helper(
certmonger_ca, helper
)
certmonger.request_and_wait_for_cert(
certpath,
subject,
krbtgt,
certpath=certpath,
subject=subject,
principal=krbtgt,
ca=certmonger_ca,
dns=self.fqdn,
storage='FILE',
profile=KDC_PROFILE,
post_command='renew_kdc_cert',
perms=(0o644, 0o600))
perms=(0o644, 0o600)
)
except dbus.DBusException as e:
# if the certificate is already tracked, ignore the error
name = e.get_dbus_name()