rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0119-ipa-kra-install-fix-check_host_keys.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   460745326ba253b5c4924b624dbc2f0714a2af42
  2.   SOURCES
  3.   0119-ipa-kra-install-fix-check_host_keys.patch
Blob History Raw
ac7d03 
From 85cd84580f45c99b6ab49814ead7eb2f259ca444 Mon Sep 17 00:00:00 2001
ac7d03 
From: Florence Blanc-Renaud <flo@redhat.com>
ac7d03 
Date: Fri, 5 May 2017 17:06:09 +0200
ac7d03 
Subject: [PATCH] ipa-kra-install: fix check_host_keys
ac7d03
ac7d03 
ipa-kra-install on a replica checks that the keys are available before
ac7d03 
going further to avoid race condition due to replication. The issue is
ac7d03 
that the check_host_keys method expects to find exactly one key for
ac7d03 
cn=env/host but 2 may exist: one below cn=custodia and one below
ac7d03 
cn=dogtag,cn=custodia.
ac7d03 
The fix is to check that at least one key exist (not exactly one key).
ac7d03
ac7d03 
https://pagure.io/freeipa/issue/6934
ac7d03
ac7d03 
Reviewed-By: Martin Basti <mbasti@redhat.com>
ac7d03 
---
ac7d03 
 ipaserver/secrets/kem.py | 7 +++----
ac7d03 
 1 file changed, 3 insertions(+), 4 deletions(-)
ac7d03
ac7d03 
diff --git a/ipaserver/secrets/kem.py b/ipaserver/secrets/kem.py
ac7d03 
index c1991c6b2ae00ed7147b2ec18389e463784b9f98..3363d82fef54c463f498edeb95ddee454b20d31d 100644
ac7d03 
--- a/ipaserver/secrets/kem.py
ac7d03 
+++ b/ipaserver/secrets/kem.py
ac7d03 
@@ -72,7 +72,7 @@ class KEMLdap(iSecLdap):
ac7d03 
                                          'princ': principal})
ac7d03 
         r = conn.search_s(self.keysbase, scope, ldap_filter)
ac7d03 
         if len(r) != 1:
ac7d03 
-            raise ValueError("Incorrect number of results (%d) searching for"
ac7d03 
+            raise ValueError("Incorrect number of results (%d) searching for "
ac7d03 
                              "public key for %s" % (len(r), principal))
ac7d03 
         ipa_public_key = r[0][1]['ipaPublicKey'][0]
ac7d03 
         jwk = self._parse_public_key(ipa_public_key)
ac7d03 
@@ -85,9 +85,8 @@ class KEMLdap(iSecLdap):
ac7d03
ac7d03 
         ldap_filter = self.build_filter(IPA_CHECK_QUERY, {'host': host})
ac7d03 
         r = conn.search_s(self.keysbase, scope, ldap_filter)
ac7d03 
-        if len(r) != 1:
ac7d03 
-            raise ValueError("Incorrect number of results (%d) searching for"
ac7d03 
-                             "public key for %s" % (len(r), host))
ac7d03 
+        if not r:
ac7d03 
+            raise ValueError("No public keys were found for %s" % host)
ac7d03 
         return True
ac7d03
ac7d03 
     def _format_public_key(self, key):
ac7d03 
--
ac7d03 
2.12.2
ac7d03

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation