URL: https://github.com/freeipa/freeipa/pull/949 Author: stlaz Title: #949: host, service: fix adding host/svc with a cert Action: opened
PR body: """ ipaldap.LDAPEntry expects that entry attributes, if multi-valued, are lists. The recent cert refactoring made it possible to pass certificate values from options directly to LDAPEntry instance but options store multi-values as tuples. This caused crashes since the whole tuple was stuck in a list instead of the values of the tuples to be extracted in the list. https://pagure.io/freeipa/issue/7077 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/949/head:pr949 git checkout pr949
From 8720f891cead4e8d04063e69eb5ac7dcb3192704 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Tue, 1 Aug 2017 16:14:00 +0200 Subject: [PATCH] host, service: fix adding host/svc with a cert ipaldap.LDAPEntry expects that entry attributes, if multi-valued, are lists. The recent cert refactoring made it possible to pass certificate values from options directly to LDAPEntry instance but options store multi-values as tuples. This caused crashes since the whole tuple was stuck in a list instead of the values of the tuples to be extracted in the list. https://pagure.io/freeipa/issue/7077 --- ipaserver/plugins/host.py | 3 ++- ipaserver/plugins/service.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 672966e876..b1448f1dc4 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -691,7 +691,8 @@ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) - entry_attrs['usercertificate'] = options.get('usercertificate', []) + entry_attrs['usercertificate'] = list( + options.get('usercertificate', [])) entry_attrs['managedby'] = dn entry_attrs['objectclass'].append('ieee802device') entry_attrs['objectclass'].append('ipasshhost') diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py index 0ec71cec15..3d69a30193 100644 --- a/ipaserver/plugins/service.py +++ b/ipaserver/plugins/service.py @@ -623,7 +623,8 @@ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): self.obj.validate_ipakrbauthzdata(entry_attrs) - entry_attrs['usercertificate'] = options.get('usercertificate', []) + entry_attrs['usercertificate'] = list( + options.get('usercertificate', [])) if not options.get('force', False): # We know the host exists if we've gotten this far but we
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
