IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix: regression in host and service plugin

Browse Source 
Test failures:
 * wrong error message
 * mod operation always delete usercertificates

https://fedorahosted.org/freeipa/ticket/4238

Reviewed-By: Milan Kubik <mkubik@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
Martin Basti 2015-06-03 13:11:58 +02:00 committed by Jan Cholasta
parent 8457edc14d
commit b6924c00ab
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ipalib/plugins/host.py
View File

@ -871,8 +871,11 @@ class host_mod(LDAPUpdate):
x509.verify_cert_subject(ldap, keys[-1], cert) x509.verify_cert_subject(ldap, keys[-1], cert)
# revoke removed certificates # revoke removed certificates
if self.api.Command.ca_is_enabled()['result']: if certs and self.api.Command.ca_is_enabled()['result']:
entry_attrs_old = ldap.get_entry(dn, ['usercertificate']) try:
entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
old_certs = entry_attrs_old.get('usercertificate', []) old_certs = entry_attrs_old.get('usercertificate', [])
old_certs_der = map(x509.normalize_certificate, old_certs) old_certs_der = map(x509.normalize_certificate, old_certs)
removed_certs_der = set(old_certs_der) - set(certs_der) removed_certs_der = set(old_certs_der) - set(certs_der)
@ -899,7 +902,8 @@ class host_mod(LDAPUpdate):
nsprerr.args[1]) nsprerr.args[1])
else: else:
raise nsprerr raise nsprerr
entry_attrs['usercertificate'] = certs_der if certs:
entry_attrs['usercertificate'] = certs_der
if options.get('random'): if options.get('random'):
entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars) entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars)

11
ipalib/plugins/service.py
View File

@ -602,10 +602,12 @@ class service_mod(LDAPUpdate):
certs_der = map(x509.normalize_certificate, certs) certs_der = map(x509.normalize_certificate, certs)
for dercert in certs_der: for dercert in certs_der:
x509.verify_cert_subject(ldap, hostname, dercert) x509.verify_cert_subject(ldap, hostname, dercert)
# revoke removed certificates # revoke removed certificates
if self.api.Command.ca_is_enabled()['result']: if certs and self.api.Command.ca_is_enabled()['result']:
entry_attrs_old = ldap.get_entry(dn, ['usercertificate']) try:
entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
old_certs = entry_attrs_old.get('usercertificate', []) old_certs = entry_attrs_old.get('usercertificate', [])
old_certs_der = map(x509.normalize_certificate, old_certs) old_certs_der = map(x509.normalize_certificate, old_certs)
removed_certs_der = set(old_certs_der) - set(certs_der) removed_certs_der = set(old_certs_der) - set(certs_der)
@ -632,7 +634,8 @@ class service_mod(LDAPUpdate):
nsprerr.args[1]) nsprerr.args[1])
else: else:
raise nsprerr raise nsprerr
entry_attrs['usercertificate'] = certs_der if certs:
entry_attrs['usercertificate'] = certs_der
update_krbticketflags(ldap, entry_attrs, attrs_list, options, True) update_krbticketflags(ldap, entry_attrs, attrs_list, options, True)