diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2016-12-16 13:42:05 +0100 |
---|---|---|
committer | Martin Babinsky <mbabinsk@redhat.com> | 2017-01-25 15:02:16 +0100 |
commit | 86f4a93fb3aeb6742acab5abaa1c17b525ea4223 (patch) | |
tree | 4c3e07b7b9a510982306d45770b2f968b65f0681 /ipaserver/install | |
parent | 2831b30e9a9de947481c058d8d32e174f951b1c0 (diff) | |
download | freeipa-86f4a93fb3aeb6742acab5abaa1c17b525ea4223.tar.gz freeipa-86f4a93fb3aeb6742acab5abaa1c17b525ea4223.tar.xz freeipa-86f4a93fb3aeb6742acab5abaa1c17b525ea4223.zip |
Explicitly handle quoting/unquoting of NSSNickname directive
Improve the single/double quote handling during parsing/unparsing of
nss.conf's NSSNickname directive. Single quotes are now added/stripped
explicitly when handling the certificate nickname.
https://fedorahosted.org/freeipa/ticket/6460
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/httpinstance.py | 4 | ||||
-rw-r--r-- | ipaserver/install/ipa_server_certinstall.py | 14 |
2 files changed, 14 insertions, 4 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index ded055308..a4e895cb4 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -253,8 +253,10 @@ class HTTPInstance(service.Service): print("Updating port in %s failed." % paths.HTTPD_NSS_CONF) def __set_mod_nss_nickname(self, nickname): + quoted_nickname = installutils.quote_directive_value( + nickname, quote_char="'") installutils.set_directive( - paths.HTTPD_NSS_CONF, 'NSSNickname', nickname, quote_char="'") + paths.HTTPD_NSS_CONF, 'NSSNickname', quoted_nickname, quotes=False) def set_mod_nss_protocol(self): installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSProtocol', 'TLSv1.0,TLSv1.1,TLSv1.2', False) diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py index 8ef25ee7b..d07c7de7a 100644 --- a/ipaserver/install/ipa_server_certinstall.py +++ b/ipaserver/install/ipa_server_certinstall.py @@ -136,12 +136,20 @@ class ServerCertInstall(admintool.AdminTool): old_cert = installutils.get_directive(paths.HTTPD_NSS_CONF, 'NSSNickname') + unquoted_cert = installutils.unquote_directive_value( + old_cert, quote_char="'") + server_cert = self.import_cert(dirname, self.options.pin, - old_cert, 'HTTP/%s' % api.env.host, + unquoted_cert, 'HTTP/%s' % api.env.host, 'restart_httpd') - installutils.set_directive(paths.HTTPD_NSS_CONF, - 'NSSNickname', server_cert) + quoted_server_cert = installutils.quote_directive_value( + server_cert, quote_char="'") + installutils.set_directive( + paths.HTTPD_NSS_CONF, + 'NSSNickname', + quoted_server_cert, + quotes=False) # Fix the database permissions os.chmod(os.path.join(dirname, 'cert8.db'), 0o640) |