URL: https://github.com/freeipa/freeipa/pull/766
Author: flo-renaud
 Title: #766: ipa-kra-install: fix check_host_keys
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/766/head:pr766
git checkout pr766
From 3e5250cfcd003b0bd72ba77fff5c1d03d23ebc89 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <f...@redhat.com>
Date: Fri, 5 May 2017 17:06:09 +0200
Subject: [PATCH] ipa-kra-install: fix check_host_keys

ipa-kra-install on a replica checks that the keys are available before
going further to avoid race condition due to replication. The issue is
that the check_host_keys method expects to find exactly one key for
cn=env/host but 2 may exist: one below cn=custodia and one below
cn=dogtag,cn=custodia.
The fix is to check that at least one key exist (not exactly one key).

https://pagure.io/freeipa/issue/6934
---
 ipaserver/secrets/kem.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/ipaserver/secrets/kem.py b/ipaserver/secrets/kem.py
index c1991c6..3363d82 100644
--- a/ipaserver/secrets/kem.py
+++ b/ipaserver/secrets/kem.py
@@ -72,7 +72,7 @@ def get_key(self, usage, principal):
                                          'princ': principal})
         r = conn.search_s(self.keysbase, scope, ldap_filter)
         if len(r) != 1:
-            raise ValueError("Incorrect number of results (%d) searching for"
+            raise ValueError("Incorrect number of results (%d) searching for "
                              "public key for %s" % (len(r), principal))
         ipa_public_key = r[0][1]['ipaPublicKey'][0]
         jwk = self._parse_public_key(ipa_public_key)
@@ -85,9 +85,8 @@ def check_host_keys(self, host):
 
         ldap_filter = self.build_filter(IPA_CHECK_QUERY, {'host': host})
         r = conn.search_s(self.keysbase, scope, ldap_filter)
-        if len(r) != 1:
-            raise ValueError("Incorrect number of results (%d) searching for"
-                             "public key for %s" % (len(r), host))
+        if not r:
+            raise ValueError("No public keys were found for %s" % host)
         return True
 
     def _format_public_key(self, key):
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to