|
 |
3f51ca |
From 8ea1652c64956eea6dd0708f61b3330befcf1a31 Mon Sep 17 00:00:00 2001
|
|
|
3f51ca |
From: Fraser Tweedale <ftweedal@redhat.com>
|
|
|
3f51ca |
Date: Sat, 21 Nov 2020 08:47:57 +1100
|
|
|
3f51ca |
Subject: [PATCH] Prevent set_directive from clobbering other keys
|
|
|
3f51ca |
|
|
|
3f51ca |
`set_directive` only looks for a prefix of the line matching the
|
|
|
3f51ca |
given directive (key). If a directive is encountered for which the
|
|
|
3f51ca |
given key is prefix, it will be vanquished.
|
|
|
3f51ca |
|
|
|
3f51ca |
This occurs in the case of `{ca,kra}.sslserver.cert[req]`; the
|
|
|
3f51ca |
`cert` directive gets updated after certificate renewal, and the
|
|
|
3f51ca |
`certreq` directive gets clobbered. This can cause failures later
|
|
|
3f51ca |
on during KRA installation, and possibly cloning.
|
|
|
3f51ca |
|
|
|
3f51ca |
Match the whole directive to avoid this issue.
|
|
|
3f51ca |
|
|
|
3f51ca |
Fixes: https://pagure.io/freeipa/issue/7288
|
|
|
3f51ca |
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
|
|
3f51ca |
---
|
|
|
3f51ca |
ipaserver/install/cainstance.py | 2 +-
|
|
|
3f51ca |
ipaserver/install/dogtaginstance.py | 2 +-
|
|
|
3f51ca |
ipaserver/install/installutils.py | 6 +++---
|
|
|
3f51ca |
3 files changed, 5 insertions(+), 5 deletions(-)
|
|
|
3f51ca |
|
|
|
3f51ca |
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
|
|
|
3f51ca |
index 62f79b28000b015edb66f4c39a270097ab3ed666..f45d2c8b89ba4b81be5acbbe85f256e85ef630fb 100644
|
|
|
3f51ca |
--- a/ipaserver/install/cainstance.py
|
|
|
3f51ca |
+++ b/ipaserver/install/cainstance.py
|
|
|
3f51ca |
@@ -931,7 +931,7 @@ class CAInstance(DogtagInstance):
|
|
|
3f51ca |
installutils.set_directive(caconfig, 'ca.publish.rule.instance.FileCrlRule.enable', 'true', quotes=False, separator='=')
|
|
|
3f51ca |
installutils.set_directive(caconfig, 'ca.publish.rule.instance.FileCrlRule.mapper', 'NoMap', quotes=False, separator='=')
|
|
|
3f51ca |
installutils.set_directive(caconfig, 'ca.publish.rule.instance.FileCrlRule.pluginName', 'Rule', quotes=False, separator='=')
|
|
|
3f51ca |
- installutils.set_directive(caconfig, 'ca.publish.rule.instance.FileCrlRule.predicate=', '', quotes=False, separator='')
|
|
|
3f51ca |
+ installutils.set_directive(caconfig, 'ca.publish.rule.instance.FileCrlRule.predicate', '', quotes=False, separator='=')
|
|
|
3f51ca |
installutils.set_directive(caconfig, 'ca.publish.rule.instance.FileCrlRule.publisher', 'FileBaseCRLPublisher', quotes=False, separator='=')
|
|
|
3f51ca |
installutils.set_directive(caconfig, 'ca.publish.rule.instance.FileCrlRule.type', 'crl', quotes=False, separator='=')
|
|
|
3f51ca |
|
|
|
3f51ca |
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
|
|
|
3f51ca |
index 1fdc3e50a46877374e4f1aa8435d09f6b4e62180..9470e1a13608a8a84aab8a36c269a708e3f3e9f4 100644
|
|
|
3f51ca |
--- a/ipaserver/install/dogtaginstance.py
|
|
|
3f51ca |
+++ b/ipaserver/install/dogtaginstance.py
|
|
|
3f51ca |
@@ -212,7 +212,7 @@ class DogtagInstance(service.Service):
|
|
|
3f51ca |
separator='=')
|
|
|
3f51ca |
# Remove internaldb password as is not needed anymore
|
|
|
3f51ca |
installutils.set_directive(paths.PKI_TOMCAT_PASSWORD_CONF,
|
|
|
3f51ca |
- 'internaldb', None)
|
|
|
3f51ca |
+ 'internaldb', None, separator='=')
|
|
|
3f51ca |
|
|
|
3f51ca |
def uninstall(self):
|
|
|
3f51ca |
if self.is_installed():
|
|
|
3f51ca |
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
|
|
|
3f51ca |
index 01930c4de6f0edd16b31aeba1c926fe581e9635b..821609beb533fcc9064500a88ccd07b35142f1df 100644
|
|
|
3f51ca |
--- a/ipaserver/install/installutils.py
|
|
|
3f51ca |
+++ b/ipaserver/install/installutils.py
|
|
|
3f51ca |
@@ -433,7 +433,7 @@ def set_directive(filename, directive, value, quotes=True, separator=' '):
|
|
|
3f51ca |
|
|
|
3f51ca |
A value of None means to drop the directive.
|
|
|
3f51ca |
|
|
|
3f51ca |
- This has only been tested with nss.conf
|
|
|
3f51ca |
+ Does not tolerate (or put) spaces around the separator.
|
|
|
3f51ca |
|
|
|
3f51ca |
:param filename: input filename
|
|
|
3f51ca |
:param directive: directive name
|
|
|
3f51ca |
@@ -442,7 +442,7 @@ def set_directive(filename, directive, value, quotes=True, separator=' '):
|
|
|
3f51ca |
any existing double quotes are first escaped to avoid
|
|
|
3f51ca |
unparseable directives.
|
|
|
3f51ca |
:param separator: character serving as separator between directive and
|
|
|
3f51ca |
- value
|
|
|
3f51ca |
+ value. Correct value required even when dropping a directive.
|
|
|
3f51ca |
"""
|
|
|
3f51ca |
|
|
|
3f51ca |
new_directive_value = ""
|
|
|
3f51ca |
@@ -457,7 +457,7 @@ def set_directive(filename, directive, value, quotes=True, separator=' '):
|
|
|
3f51ca |
fd = open(filename)
|
|
|
3f51ca |
newfile = []
|
|
|
3f51ca |
for line in fd:
|
|
|
3f51ca |
- if line.lstrip().startswith(directive):
|
|
|
3f51ca |
+ if re.match(r'\s*{}'.format(re.escape(directive + separator)), line):
|
|
|
3f51ca |
valueset = True
|
|
|
3f51ca |
if value is not None:
|
|
|
3f51ca |
newfile.append(new_directive_value)
|
|
|
3f51ca |
--
|
|
|
3f51ca |
2.13.6
|
|
|
3f51ca |
|