DNSSEC: Detect invalid master keys in LDAP.

This should never happen ... https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Martin Basti <mbasti@redhat.com>
author: Petr Spacek <pspacek@redhat.com> 2015-06-26 16:04:00 +0200
committer: Tomas Babej <tbabej@redhat.com> 2015-06-29 14:32:26 +0200
commit: c37e83f4b3c19df305648bab9a12e81956c8e232 (patch)
tree: a2f672847d105f6c3209166a3c73613385f086e6 /daemons
parent: 99b8499513915646dd6efe6d0f6a320b3e969190 (diff)
download: freeipa-c37e83f4b3c19df305648bab9a12e81956c8e232.tar.gz
freeipa-c37e83f4b3c19df305648bab9a12e81956c8e232.tar.xz
freeipa-c37e83f4b3c19df305648bab9a12e81956c8e232.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/daemons/dnssec/ipa-dnskeysync-replica b/daemons/dnssec/ipa-dnskeysync-replica
index c2c4c2725..551c2f21d 100755
--- a/daemons/dnssec/ipa-dnskeysync-replica
+++ b/daemons/dnssec/ipa-dnskeysync-replica
@@ -74,6 +74,7 @@ def ldap2replica_master_keys_sync(log, ldapkeydb, localhsm):
     log.debug("new master keys in LDAP HSM: %s", hex_set(new_keys))
     for mkey_id in new_keys:
         mkey_ldap = ldapkeydb.master_keys[mkey_id]
+        assert mkey_ldap.wrapped_entries, "Master key 0x%s in LDAP is missing key material referenced by ipaSecretKeyRefObject attribute" % hexlify(mkey_id)
         for wrapped_ldap in mkey_ldap.wrapped_entries:
             unwrapping_key = find_unwrapping_key(log, localhsm,
                     wrapped_ldap.single_value['ipaWrappingKey'])
author	Petr Spacek <pspacek@redhat.com>	2015-06-26 16:04:00 +0200
committer	Tomas Babej <tbabej@redhat.com>	2015-06-29 14:32:26 +0200
commit	c37e83f4b3c19df305648bab9a12e81956c8e232 (patch)
tree	a2f672847d105f6c3209166a3c73613385f086e6 /daemons
parent	99b8499513915646dd6efe6d0f6a320b3e969190 (diff)
download	freeipa-c37e83f4b3c19df305648bab9a12e81956c8e232.tar.gz freeipa-c37e83f4b3c19df305648bab9a12e81956c8e232.tar.xz freeipa-c37e83f4b3c19df305648bab9a12e81956c8e232.zip