subject:"Re\: \[Freeipa\-devel\] \[PATCH\] 0107 Fix cert revocation when removing all certs via host\/service\-mod"

Re: [Freeipa-devel] [PATCH] 0107 Fix cert revocation when removing all certs via host/service-mod

2016-09-23 Thread Jan Cholasta


On 23.9.2016 05:30, Fraser Tweedale wrote:

Bump for review.


Works for me, ACK.

Pushed to master: 97d4ffc2dc5db00fd7ed10b0b290cc97a506d0ef

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0107 Fix cert revocation when removing all certs via host/service-mod

2016-09-22 Thread Fraser Tweedale

Bump for review.

On Wed, Sep 07, 2016 at 04:06:25PM +0700, Fraser Tweedale wrote:
> Attached patch fixes https://fedorahosted.org/freeipa/ticket/6305
> 
> Thanks,
> Fraser

> From d4d7e77795f96a4970058e61d99c70522689b22d Mon Sep 17 00:00:00 2001
> From: Fraser Tweedale 
> Date: Wed, 7 Sep 2016 19:00:18 +1000
> Subject: [PATCH] Fix cert revocation when removing all certs via
>  host/service-mod
> 
> When removing all host/service certificates via host/service-mod
> --certificate=, the removed certificates should be revoked, but they
> are not.  Examine whether the --certificate option was provided to
> determine whether certs should be revoked, instead of looking for a
> cert list in the options (which in this case is empty).
> 
> Fixes: https://fedorahosted.org/freeipa/ticket/6305
> ---
>  ipaserver/plugins/host.py| 3 ++-
>  ipaserver/plugins/service.py | 3 ++-
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py
> index 
> 2362b6247af87b4ce63c21083e6bc8ac39db0804..7f63e94849b4a6f2ce871ec77b188c54d640ba94
>  100644
> --- a/ipaserver/plugins/host.py
> +++ b/ipaserver/plugins/host.py
> @@ -898,7 +898,8 @@ class host_mod(LDAPUpdate):
>  certs_der = [x509.normalize_certificate(c) for c in certs]
>  
>  # revoke removed certificates
> -if certs and self.api.Command.ca_is_enabled()['result']:
> +ca_is_enabled = self.api.Command.ca_is_enabled()['result']
> +if 'usercertificate' in options and ca_is_enabled:
>  try:
>  entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
>  except errors.NotFound:
> diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py
> index 
> 093525f2e7cb84b18f0658dcb5d7c786e45c6ab6..c0590732470ac1200d4dd4ea1f089e4384a509b3
>  100644
> --- a/ipaserver/plugins/service.py
> +++ b/ipaserver/plugins/service.py
> @@ -701,7 +701,8 @@ class service_mod(LDAPUpdate):
>  certs = entry_attrs.get('usercertificate') or []
>  certs_der = [x509.normalize_certificate(c) for c in certs]
>  # revoke removed certificates
> -if certs and self.api.Command.ca_is_enabled()['result']:
> +ca_is_enabled = self.api.Command.ca_is_enabled()['result']
> +if 'usercertificate' in options and ca_is_enabled:
>  try:
>  entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
>  except errors.NotFound:
> -- 
> 2.5.5
> 

> -- 
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0107 Fix cert revocation when removing all certs via host/service-mod

Re: [Freeipa-devel] [PATCH] 0107 Fix cert revocation when removing all certs via host/service-mod

2 matches

Site Navigation

Mail list logo

Footer information