summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
authorMartin Basti <mbasti@redhat.com>2015-06-03 13:11:58 +0200
committerJan Cholasta <jcholast@redhat.com>2015-06-03 17:52:30 +0000
commitb6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e (patch)
treec1ad8096462cd84e64845e8ab266721d0a3bb94c /ipalib
parent8457edc14dade724b486540800bcdafb7d9a6f76 (diff)
downloadfreeipa-b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e.tar.gz
freeipa-b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e.tar.xz
freeipa-b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e.zip
Fix: regression in host and service plugin
Test failures: * wrong error message * mod operation always delete usercertificates https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Milan Kubik <mkubik@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/plugins/host.py10
-rw-r--r--ipalib/plugins/service.py11
2 files changed, 14 insertions, 7 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 9ad087e26..e81dca94e 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -871,8 +871,11 @@ class host_mod(LDAPUpdate):
x509.verify_cert_subject(ldap, keys[-1], cert)
# revoke removed certificates
- if self.api.Command.ca_is_enabled()['result']:
- entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
+ if certs and self.api.Command.ca_is_enabled()['result']:
+ try:
+ entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
+ except errors.NotFound:
+ self.obj.handle_not_found(*keys)
old_certs = entry_attrs_old.get('usercertificate', [])
old_certs_der = map(x509.normalize_certificate, old_certs)
removed_certs_der = set(old_certs_der) - set(certs_der)
@@ -899,7 +902,8 @@ class host_mod(LDAPUpdate):
nsprerr.args[1])
else:
raise nsprerr
- entry_attrs['usercertificate'] = certs_der
+ if certs:
+ entry_attrs['usercertificate'] = certs_der
if options.get('random'):
entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars)
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index c290344cf..d8bd03523 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -602,10 +602,12 @@ class service_mod(LDAPUpdate):
certs_der = map(x509.normalize_certificate, certs)
for dercert in certs_der:
x509.verify_cert_subject(ldap, hostname, dercert)
-
# revoke removed certificates
- if self.api.Command.ca_is_enabled()['result']:
- entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
+ if certs and self.api.Command.ca_is_enabled()['result']:
+ try:
+ entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
+ except errors.NotFound:
+ self.obj.handle_not_found(*keys)
old_certs = entry_attrs_old.get('usercertificate', [])
old_certs_der = map(x509.normalize_certificate, old_certs)
removed_certs_der = set(old_certs_der) - set(certs_der)
@@ -632,7 +634,8 @@ class service_mod(LDAPUpdate):
nsprerr.args[1])
else:
raise nsprerr
- entry_attrs['usercertificate'] = certs_der
+ if certs:
+ entry_attrs['usercertificate'] = certs_der
update_krbticketflags(ldap, entry_attrs, attrs_list, options, True)