IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

dsinstance: add proflie when tracking certificate

Browse Source 
When the DS certificate gets untracked then tracked again (via
dsinstance.start_tracking_certificate()), it loses its profile
configuration.  Although it is the default profile, we want to
retain the explicit reference.  Ensure we add the profile when
re-tracking the DS certificate.

Part of: https://pagure.io/freeipa/issue/7991

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Fraser Tweedale 2019-07-19 14:38:58 +10:00
parent f5822e3a25
commit b7ad11572d
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ipaserver/install/certs.py
View File

@ -377,14 +377,16 @@ class CertDB:
except ipautil.CalledProcessError: except ipautil.CalledProcessError:
return None return None
def track_server_cert(self, nickname, principal, password_file=None, command=None): def track_server_cert(
self, nickname, principal,
password_file=None, command=None, profile=None):
""" """
Tell certmonger to track the given certificate nickname. Tell certmonger to track the given certificate nickname.
""" """
try: try:
request_id = certmonger.start_tracking( request_id = certmonger.start_tracking(
self.secdir, nickname=nickname, pinfile=password_file, self.secdir, nickname=nickname, pinfile=password_file,
post_command=command) post_command=command, profile=profile)
except RuntimeError as e: except RuntimeError as e:
logger.error("certmonger failed starting to track certificate: %s", logger.error("certmonger failed starting to track certificate: %s",
str(e)) str(e))

9
ipaserver/install/dsinstance.py
View File

@ -1185,9 +1185,12 @@ class DsInstance(service.Service):
dirname = config_dirname(serverid)[:-1] dirname = config_dirname(serverid)[:-1]
dsdb = certs.CertDB(self.realm, nssdir=dirname) dsdb = certs.CertDB(self.realm, nssdir=dirname)
if dsdb.is_ipa_issued_cert(api, nickname): if dsdb.is_ipa_issued_cert(api, nickname):
dsdb.track_server_cert(nickname, self.principal, dsdb.track_server_cert(
dsdb.passwd_fname, nickname,
'restart_dirsrv %s' % serverid) self.principal,
password_file=dsdb.passwd_fname,
command='restart_dirsrv %s' % serverid,
profile=dogtag.DEFAULT_PROFILE)
else: else:
logger.debug("Will not track DS server certificate %s as it is " logger.debug("Will not track DS server certificate %s as it is "
"not issued by IPA", nickname) "not issued by IPA", nickname)