Fix: regression in host and service plugin

Test failures: * wrong error message * mod operation always delete usercertificates https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Milan Kubik <mkubik@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-06-03 13:11:58 +02:00 · 2015-06-03 13:11:58 +02:00 · b6924c00ab
commit b6924c00ab
parent 8457edc14d
2 changed files with 14 additions and 7 deletions
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@ -871,8 +871,11 @@ class host_mod(LDAPUpdate):
            x509.verify_cert_subject(ldap, keys[-1], cert)

        # revoke removed certificates
-        if self.api.Command.ca_is_enabled()['result']:
+        if certs and self.api.Command.ca_is_enabled()['result']:
+            try:
                entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
+            except errors.NotFound:
+                self.obj.handle_not_found(*keys)
            old_certs = entry_attrs_old.get('usercertificate', [])
            old_certs_der = map(x509.normalize_certificate, old_certs)
            removed_certs_der = set(old_certs_der) - set(certs_der)
@ -899,6 +902,7 @@ class host_mod(LDAPUpdate):
                                      nsprerr.args[1])
                    else:
                        raise nsprerr
+        if certs:
            entry_attrs['usercertificate'] = certs_der

        if options.get('random'):
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@ -602,10 +602,12 @@ class service_mod(LDAPUpdate):
        certs_der = map(x509.normalize_certificate, certs)
        for dercert in certs_der:
            x509.verify_cert_subject(ldap, hostname, dercert)
-
        # revoke removed certificates
-        if self.api.Command.ca_is_enabled()['result']:
+        if certs and self.api.Command.ca_is_enabled()['result']:
+            try:
                entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
+            except errors.NotFound:
+                self.obj.handle_not_found(*keys)
            old_certs = entry_attrs_old.get('usercertificate', [])
            old_certs_der = map(x509.normalize_certificate, old_certs)
            removed_certs_der = set(old_certs_der) - set(certs_der)
@ -632,6 +634,7 @@ class service_mod(LDAPUpdate):
                                      nsprerr.args[1])
                    else:
                        raise nsprerr
+        if certs:
            entry_attrs['usercertificate'] = certs_der

        update_krbticketflags(ldap, entry_attrs, attrs_list, options, True)