rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0049-ipaldap.py-fix-method-creating-a-ldap-filter-for-IPA.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   deb4612a954c0495b376f401fc3a6d2843afa1b3
  2.   SOURCES
  3.   0049-ipaldap.py-fix-method-creating-a-ldap-filter-for-IPA.patch
Blob History Raw
21de49 
From 896c438f1dd7e4aa316503fbf68fef13963d7463 Mon Sep 17 00:00:00 2001
21de49 
From: Florence Blanc-Renaud <flo@redhat.com>
21de49 
Date: Thu, 22 Nov 2018 18:31:38 +0100
21de49 
Subject: [PATCH] ipaldap.py: fix method creating a ldap filter for
21de49 
 IPACertificate
21de49
21de49 
ipa user-find --certificate and ipa host-find --certificate
21de49 
fail to return matching entries, because the method transforming
21de49 
the attribute into a LDAP filter does not properly handle
21de49 
IPACertificate objects.
21de49 
Directory Server logs show a filter with
21de49 
(usercertificate=ipalib.x509.IPACertificate object at 0x7fc0a5575b90>)
21de49
21de49 
When the attribute contains a cryptography.x509.Certificate,
21de49 
the method needs to extract the public bytes instead of calling str(value).
21de49
21de49 
Fixes https://pagure.io/freeipa/issue/7770
21de49
21de49 
Reviewed-By: Christian Heimes <cheimes@redhat.com>
21de49 
Reviewed-By: Christian Heimes <cheimes@redhat.com>
21de49 
---
21de49 
 ipapython/ipaldap.py | 3 +++
21de49 
 1 file changed, 3 insertions(+)
21de49
21de49 
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
21de49 
index 53fdf4967868961effea7f3f64dfb3c0edfc75f3..a44246e3ee0de5a78de77a593718ecad1aaa0f67 100644
21de49 
--- a/ipapython/ipaldap.py
21de49 
+++ b/ipapython/ipaldap.py
21de49 
@@ -36,6 +36,7 @@ from six.moves.urllib.parse import urlparse
21de49 
 # pylint: enable=import-error
21de49
21de49 
 from cryptography import x509 as crypto_x509
21de49 
+from cryptography.hazmat.primitives import serialization
21de49
21de49 
 import ldap
21de49 
 import ldap.sasl
21de49 
@@ -1276,6 +1277,8 @@ class LDAPClient(object):
21de49 
             ]
21de49 
             return cls.combine_filters(flts, rules)
21de49 
         elif value is not None:
21de49 
+            if isinstance(value, crypto_x509.Certificate):
21de49 
+                value = value.public_bytes(serialization.Encoding.DER)
21de49 
             if isinstance(value, bytes):
21de49 
                 value = binascii.hexlify(value).decode('ascii')
21de49 
                 # value[-2:0] is empty string for the initial '\\'
21de49 
--
21de49 
2.17.2
21de49

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation