pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone

Blame SOURCES/0115-ipa-server-install-with-external-CA-fix-pkinit-cert-.patch

ac7d03
From 23030ef4f4faa9bf3ee13d13dedb2e0a21da1f2a Mon Sep 17 00:00:00 2001
ac7d03
From: Florence Blanc-Renaud <flo@redhat.com>
ac7d03
Date: Wed, 3 May 2017 10:21:12 +0200
ac7d03
Subject: [PATCH] ipa-server-install with external CA: fix pkinit cert issuance
ac7d03
ac7d03
ipa-server-install with external CA fails to issue pkinit certs.
ac7d03
This happens because the installer calls
ac7d03
krb = krbinstance.KrbInstance(fstore)
ac7d03
then
ac7d03
krb.enable_ssl()
ac7d03
and in this code path self.config_pkinit is set to None, leading to a wrong
ac7d03
code path.
ac7d03
ac7d03
The fix initializes the required fields of the krbinstance before calling
ac7d03
krb.enable_ssl.
ac7d03
ac7d03
https://pagure.io/freeipa/issue/6921
ac7d03
ac7d03
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
ac7d03
Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
ac7d03
---
ac7d03
 ipaserver/install/krbinstance.py    | 8 ++++++++
ac7d03
 ipaserver/install/server/install.py | 4 ++++
ac7d03
 2 files changed, 12 insertions(+)
ac7d03
ac7d03
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
ac7d03
index 76ac3029ca6d1cbdd85c6ced6272c6f9a21f04a1..2f14ff592064d3446f73b31e615b2de88d6d786c 100644
ac7d03
--- a/ipaserver/install/krbinstance.py
ac7d03
+++ b/ipaserver/install/krbinstance.py
ac7d03
@@ -108,6 +108,14 @@ class KrbInstance(service.Service):
ac7d03
     suffix = ipautil.dn_attribute_property('_suffix')
ac7d03
     subject_base = ipautil.dn_attribute_property('_subject_base')
ac7d03
 
ac7d03
+    def init_info(self, realm_name, host_name, setup_pkinit=False,
ac7d03
+                  subject_base=None):
ac7d03
+        self.fqdn = host_name
ac7d03
+        self.realm = realm_name
ac7d03
+        self.suffix = ipautil.realm_to_suffix(realm_name)
ac7d03
+        self.subject_base = subject_base
ac7d03
+        self.config_pkinit = setup_pkinit
ac7d03
+
ac7d03
     def get_realm_suffix(self):
ac7d03
         return DN(('cn', self.realm), ('cn', 'kerberos'), self.suffix)
ac7d03
 
ac7d03
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
ac7d03
index b360e0532ce1b9b729be1cc2398cb2b46620901c..0ce60e964cb210708e56fb43a5b70f8e3405caf2 100644
ac7d03
--- a/ipaserver/install/server/install.py
ac7d03
+++ b/ipaserver/install/server/install.py
ac7d03
@@ -768,6 +768,10 @@ def install(installer):
ac7d03
                             setup_pkinit=not options.no_pkinit,
ac7d03
                             pkcs12_info=pkinit_pkcs12_info,
ac7d03
                             subject_base=options.subject_base)
ac7d03
+    else:
ac7d03
+        krb.init_info(realm_name, host_name,
ac7d03
+                      setup_pkinit=not options.no_pkinit,
ac7d03
+                      subject_base=options.subject_base)
ac7d03
 
ac7d03
     if setup_ca:
ac7d03
         if not options.external_cert_files and options.external_ca:
ac7d03
-- 
ac7d03
2.12.2
ac7d03