mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 00:31:56 -06:00
nss: Raise exception earlier on unsupported DB type
For now FreeIPA handles explicit migration of NSS DB (dbm->sql). But Mozilla's NSS can be built without the support of legacy database (DBM). This implies that neither implicit nor explicit DB migration to SQL will work. So, eventually, this support will be removed from FreeIPA. With this patch, the instantiation of NSS with legacy db(if not supported by NSS) is forbidden. Fixes: https://pagure.io/freeipa/issue/8474 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
a5b23287ae
commit
a102cfe5fa
@ -26,10 +26,11 @@ import io
|
||||
import pwd
|
||||
import grp
|
||||
import re
|
||||
import shutil
|
||||
import stat
|
||||
import tempfile
|
||||
from ctypes.util import find_library
|
||||
from tempfile import NamedTemporaryFile
|
||||
import shutil
|
||||
|
||||
import cryptography.x509
|
||||
|
||||
@ -73,6 +74,10 @@ TRUSTED_PEER_TRUST_FLAGS = TrustFlags(
|
||||
)
|
||||
|
||||
|
||||
def nss_supports_dbm():
|
||||
return bool(find_library("nssdbm3"))
|
||||
|
||||
|
||||
def get_ca_nickname(realm, format=CA_NICKNAME_FMT):
|
||||
return format % realm
|
||||
|
||||
@ -252,14 +257,20 @@ class NSSDatabase:
|
||||
# Generic NSS DB code should be moved here.
|
||||
|
||||
def __init__(self, nssdir=None, dbtype='auto'):
|
||||
if nssdir is not None:
|
||||
self.secdir = nssdir
|
||||
self._is_temporary = False
|
||||
if dbtype == "auto":
|
||||
dbtype = self._detect_dbtype()
|
||||
|
||||
if dbtype == "dbm" and not nss_supports_dbm():
|
||||
raise ValueError(
|
||||
"NSS is built without support of the legacy database(DBM)"
|
||||
)
|
||||
|
||||
if nssdir is None:
|
||||
self.secdir = tempfile.mkdtemp()
|
||||
self._is_temporary = True
|
||||
else:
|
||||
self.secdir = nssdir
|
||||
self._is_temporary = False
|
||||
if dbtype == 'auto':
|
||||
dbtype = self._detect_dbtype()
|
||||
|
||||
self.pwd_file = os.path.join(self.secdir, 'pwdfile.txt')
|
||||
self.dbtype = None
|
||||
|
@ -4,7 +4,11 @@ import os
|
||||
|
||||
import pytest
|
||||
|
||||
from ipapython.certdb import NSSDatabase, TRUSTED_PEER_TRUST_FLAGS
|
||||
from ipapython.certdb import (
|
||||
NSSDatabase,
|
||||
TRUSTED_PEER_TRUST_FLAGS,
|
||||
nss_supports_dbm,
|
||||
)
|
||||
from ipapython import ipautil
|
||||
from ipaplatform.osinfo import osinfo
|
||||
|
||||
@ -40,6 +44,10 @@ def create_selfsigned(nssdb):
|
||||
os.unlink(noisefile)
|
||||
|
||||
|
||||
@pytest.mark.skipif(
|
||||
not nss_supports_dbm(),
|
||||
reason="NSS is built without support of the legacy database(DBM)",
|
||||
)
|
||||
def test_dbm_tmp():
|
||||
with NSSDatabase(dbtype='dbm') as nssdb:
|
||||
assert nssdb.dbtype == 'dbm'
|
||||
@ -60,6 +68,19 @@ def test_dbm_tmp():
|
||||
assert os.path.basename(nssdb.secmod) == 'secmod.db'
|
||||
|
||||
|
||||
@pytest.mark.skipif(
|
||||
nss_supports_dbm(),
|
||||
reason="NSS is built with support of the legacy database(DBM)",
|
||||
)
|
||||
def test_dbm_raise():
|
||||
with pytest.raises(ValueError) as e:
|
||||
NSSDatabase(dbtype="dbm")
|
||||
assert (
|
||||
str(e.value) == "NSS is built without support of the legacy "
|
||||
"database(DBM)"
|
||||
)
|
||||
|
||||
|
||||
def test_sql_tmp():
|
||||
with NSSDatabase(dbtype='sql') as nssdb:
|
||||
assert nssdb.dbtype == 'sql'
|
||||
@ -80,6 +101,10 @@ def test_sql_tmp():
|
||||
assert os.path.basename(nssdb.secmod) == 'pkcs11.txt'
|
||||
|
||||
|
||||
@pytest.mark.skipif(
|
||||
not nss_supports_dbm(),
|
||||
reason="NSS is built without support of the legacy database(DBM)",
|
||||
)
|
||||
def test_convert_db():
|
||||
with NSSDatabase(dbtype='dbm') as nssdb:
|
||||
assert nssdb.dbtype == 'dbm'
|
||||
@ -115,6 +140,10 @@ def test_convert_db():
|
||||
assert os.path.basename(nssdb.secmod) == 'pkcs11.txt'
|
||||
|
||||
|
||||
@pytest.mark.skipif(
|
||||
not nss_supports_dbm(),
|
||||
reason="NSS is built without support of the legacy database(DBM)",
|
||||
)
|
||||
def test_convert_db_nokey():
|
||||
with NSSDatabase(dbtype='dbm') as nssdb:
|
||||
assert nssdb.dbtype == 'dbm'
|
||||
|
Loading…
Reference in New Issue
Block a user