URL: https://github.com/freeipa/freeipa/pull/347 Author: martbab Title: #347: Improvements in {get|set}_directive functions Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/347/head:pr347 git checkout pr347
From 80ff504d8d9a493fd23b0775d071252df50016ef Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 16 Dec 2016 12:14:20 +0100 Subject: [PATCH 1/3] Fix the installutils.get_directive docstring Add missing parameter descriptions and fix incorrect indentation https://fedorahosted.org/freeipa/ticket/6354 --- ipaserver/install/installutils.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index e7fd69f..43b9a21 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -388,11 +388,14 @@ def set_directive(filename, directive, value, quotes=True, separator=' ', This has only been tested with nss.conf - :param directive: directive name - :param value: value of the directive - :param quotes: whether to quote `value` in `quote_char`. If true, then - the `quote_char` are first escaped to avoid unparseable directives - :param quote_char: the character used for quoting `value` + :param filename: input filename + :param directive: directive name + :param value: value of the directive + :param quotes: whether to quote `value` in `quote_char`. If true, then + the `quote_char` are first escaped to avoid unparseable directives. + :param separator: character serving as separator between directive and + value + :param quote_char: the character used for quoting `value` """ def format_directive(directive, value, separator, quotes, quote_char): From a2a75a1eaeef1aa295442e6c9b9f76672dfe6a07 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 16 Dec 2016 13:34:57 +0100 Subject: [PATCH 2/3] installutils: improve directive value parsing in `get_directive` `get_directive` value parsing was improved in order to bring its logic more in-line to changes in `set_directive`: a specified quoting character is now unquoted and stripped from the retrieved value. The function will now also error out when malformed directive is encountered. https://fedorahosted.org/freeipa/ticket/6460 --- ipaserver/install/installutils.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 43b9a21..5c15a75 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -436,16 +436,31 @@ def format_directive(directive, value, separator, quotes, quote_char): fd.close() os.chown(filename, st.st_uid, st.st_gid) # reset perms -def get_directive(filename, directive, separator=' '): + +def get_directive(filename, directive, separator=' ', quote_char='\"'): """ A rather inefficient way to get a configuration directive. + + :param filename: input filename + :param directive: directive name + :param separator: separator between directive and value + :param quote_char: the characters that are used in this particular config + file to quote values. This character will be stripped and unescaped + from the raw value. + + :returns: The (unquoted) value if the directive was found, None otherwise """ fd = open(filename, "r") for line in fd: if line.lstrip().startswith(directive): line = line.strip() - result = line.split(separator, 1)[1] - result = result.strip('"') + + (directive, sep, value) = line.partition(separator) + if not sep or not value: + raise ValueError("Malformed directive: {}".format(line)) + + result = value.strip().strip(quote_char) + result = ipautil.unescape_seq(quote_char, result)[0] result = result.strip(' ') fd.close() return result From 3de19d3c21afcdef2741ee509fd33a5ec510faf4 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 16 Dec 2016 13:42:05 +0100 Subject: [PATCH 3/3] ipa-server-certinstall: correctly handle NSSNickname directive Utilize improved `set_directive`/`get_directive` symmetry to correctly interpret NSSNickname of existing and to-be-added HTTP certificate https://fedorahosted.org/freeipa/ticket/6460 --- ipaserver/install/ipa_server_certinstall.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py index 8ef25ee..3f41c64 100644 --- a/ipaserver/install/ipa_server_certinstall.py +++ b/ipaserver/install/ipa_server_certinstall.py @@ -134,14 +134,18 @@ def install_http_cert(self): dirname = certs.NSS_DIR old_cert = installutils.get_directive(paths.HTTPD_NSS_CONF, - 'NSSNickname') + 'NSSNickname', quote_char="'") server_cert = self.import_cert(dirname, self.options.pin, old_cert, 'HTTP/%s' % api.env.host, 'restart_httpd') - installutils.set_directive(paths.HTTPD_NSS_CONF, - 'NSSNickname', server_cert) + installutils.set_directive( + paths.HTTPD_NSS_CONF, + 'NSSNickname', + server_cert, + quotes=True, + quote_char="'") # Fix the database permissions os.chmod(os.path.join(dirname, 'cert8.db'), 0o640)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code