On 26.6.2015 16:04, Petr Spacek wrote: > Hello, > > DNSSEC: Detect invalid master keys in LDAP.
Corrected patch is attached. -- Petr^2 Spacek
From 69feceff3ceecf31f0f184ce632f3ae471f5fc3a Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Fri, 26 Jun 2015 16:04:00 +0200 Subject: [PATCH] DNSSEC: Detect invalid master keys in LDAP. --- daemons/dnssec/ipa-dnskeysync-replica | 1 + 1 file changed, 1 insertion(+) diff --git a/daemons/dnssec/ipa-dnskeysync-replica b/daemons/dnssec/ipa-dnskeysync-replica index c2c4c2725a9c46db4db04894a326ddf40e254eab..551c2f21d5b85b76a7281f719ce722a6c5830cf7 100755 --- a/daemons/dnssec/ipa-dnskeysync-replica +++ b/daemons/dnssec/ipa-dnskeysync-replica @@ -74,6 +74,7 @@ def ldap2replica_master_keys_sync(log, ldapkeydb, localhsm): log.debug("new master keys in LDAP HSM: %s", hex_set(new_keys)) for mkey_id in new_keys: mkey_ldap = ldapkeydb.master_keys[mkey_id] + assert mkey_ldap.wrapped_entries, "Master key 0x%s in LDAP is missing key material referenced by ipaSecretKeyRefObject attribute" % hexlify(mkey_id) for wrapped_ldap in mkey_ldap.wrapped_entries: unwrapping_key = find_unwrapping_key(log, localhsm, wrapped_ldap.single_value['ipaWrappingKey']) -- 2.1.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code