subject:"\[Freeipa\-devel\] \[PATCH\] 0077 Check for CA subject name collision before attempting creation"

Re: [Freeipa-devel] [PATCH] 0077 Check for CA subject name collision before attempting creation

2016-06-30 Thread Martin Basti




On 24.06.2016 10:34, Milan Kubík wrote:

On 06/24/2016 09:34 AM, Fraser Tweedale wrote:

Hi,

Attached patch fixes https://fedorahosted.org/freeipa/ticket/5981.

Cheers,
Fraser

Thanks for the patch, ACK.


Pushed to master: 16f33ddb51523fe9a4c68e9151901ece10a5

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0077 Check for CA subject name collision before attempting creation

2016-06-24 Thread Milan Kubík


On 06/24/2016 09:34 AM, Fraser Tweedale wrote:

Hi,

Attached patch fixes https://fedorahosted.org/freeipa/ticket/5981.

Cheers,
Fraser

Thanks for the patch, ACK.

--
Milan Kubik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH] 0077 Check for CA subject name collision before attempting creation

2016-06-24 Thread Fraser Tweedale

Hi,

Attached patch fixes https://fedorahosted.org/freeipa/ticket/5981.

Cheers,
Fraser
From 905bef9ca787cea6ae66e2dbe3df33a2420bbd8b Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Fri, 24 Jun 2016 17:29:51 +1000
Subject: [PATCH] Check for CA subject name collision before attempting
 creation

Lightweight CA subject name collisions are prevented by Dogtag
(response code 409 Conflict), however, we do not want to expose the
Dogtag error.  Perform the check in the IPA framework as well,
raising DuplicateEntry on collision.

Fixes: https://fedorahosted.org/freeipa/ticket/5981
---
 ipaserver/plugins/ca.py | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py
index 
ee98f0a2a9dc469d67676a3123d82ce519ba6d59..966ae2b1bdb4bb0207dfa58f0e9c951bc930f766
 100644
--- a/ipaserver/plugins/ca.py
+++ b/ipaserver/plugins/ca.py
@@ -163,6 +163,13 @@ class ca_add(LDAPCreate):
 except errors.NotFound:
 pass
 
+# check for subject collision before creating CA in Dogtag
+result = api.Command.ca_find(ipacasubjectdn=options['ipacasubjectdn'])
+if result['count'] > 0:
+raise errors.DuplicateEntry(message=_(
+"Subject DN is already used by CA '%s'"
+) % result['result'][0]['cn'][0])
+
 # Create the CA in Dogtag.
 with self.api.Backend.ra_lightweight_ca as ca_api:
 resp = ca_api.create_ca(options['ipacasubjectdn'])
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0077 Check for CA subject name collision before attempting creation

Re: [Freeipa-devel] [PATCH] 0077 Check for CA subject name collision before attempting creation

[Freeipa-devel] [PATCH] 0077 Check for CA subject name collision before attempting creation

3 matches

Site Navigation

Mail list logo

Footer information