Explicitly handle quoting/unquoting of NSSNickname directive

Improve the single/double quote handling during parsing/unparsing of nss.conf's NSSNickname directive. Single quotes are now added/stripped explicitly when handling the certificate nickname. https://fedorahosted.org/freeipa/ticket/6460 Reviewed-By: Tomas Krizek <tkrizek@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
author: Martin Babinsky <mbabinsk@redhat.com> 2016-12-16 13:42:05 +0100
committer: Martin Babinsky <mbabinsk@redhat.com> 2017-01-25 15:02:16 +0100
commit: 86f4a93fb3aeb6742acab5abaa1c17b525ea4223 (patch)
tree: 4c3e07b7b9a510982306d45770b2f968b65f0681 /ipaserver/install
parent: 2831b30e9a9de947481c058d8d32e174f951b1c0 (diff)
download: freeipa-86f4a93fb3aeb6742acab5abaa1c17b525ea4223.tar.gz
freeipa-86f4a93fb3aeb6742acab5abaa1c17b525ea4223.tar.xz
freeipa-86f4a93fb3aeb6742acab5abaa1c17b525ea4223.zip
2 files changed, 14 insertions, 4 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index ded055308..a4e895cb4 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -253,8 +253,10 @@ class HTTPInstance(service.Service):
             print("Updating port in %s failed." % paths.HTTPD_NSS_CONF)
 
     def __set_mod_nss_nickname(self, nickname):
+        quoted_nickname = installutils.quote_directive_value(
+            nickname, quote_char="'")
         installutils.set_directive(
-            paths.HTTPD_NSS_CONF, 'NSSNickname', nickname, quote_char="'")
+            paths.HTTPD_NSS_CONF, 'NSSNickname', quoted_nickname, quotes=False)
 
     def set_mod_nss_protocol(self):
         installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSProtocol', 'TLSv1.0,TLSv1.1,TLSv1.2', False)
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index 8ef25ee7b..d07c7de7a 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -136,12 +136,20 @@ class ServerCertInstall(admintool.AdminTool):
         old_cert = installutils.get_directive(paths.HTTPD_NSS_CONF,
                                               'NSSNickname')
 
+        unquoted_cert = installutils.unquote_directive_value(
+            old_cert, quote_char="'")
+
         server_cert = self.import_cert(dirname, self.options.pin,
-                                       old_cert, 'HTTP/%s' % api.env.host,
+                                       unquoted_cert, 'HTTP/%s' % api.env.host,
                                        'restart_httpd')
 
-        installutils.set_directive(paths.HTTPD_NSS_CONF,
-                                   'NSSNickname', server_cert)
+        quoted_server_cert = installutils.quote_directive_value(
+            server_cert, quote_char="'")
+        installutils.set_directive(
+            paths.HTTPD_NSS_CONF,
+            'NSSNickname',
+            quoted_server_cert,
+            quotes=False)
 
         # Fix the database permissions
         os.chmod(os.path.join(dirname, 'cert8.db'), 0o640)
author	Martin Babinsky <mbabinsk@redhat.com>	2016-12-16 13:42:05 +0100
committer	Martin Babinsky <mbabinsk@redhat.com>	2017-01-25 15:02:16 +0100
commit	86f4a93fb3aeb6742acab5abaa1c17b525ea4223 (patch)
tree	4c3e07b7b9a510982306d45770b2f968b65f0681 /ipaserver/install
parent	2831b30e9a9de947481c058d8d32e174f951b1c0 (diff)
download	freeipa-86f4a93fb3aeb6742acab5abaa1c17b525ea4223.tar.gz freeipa-86f4a93fb3aeb6742acab5abaa1c17b525ea4223.tar.xz freeipa-86f4a93fb3aeb6742acab5abaa1c17b525ea4223.zip