Univention Bugzilla – Attachment 6749 Details for
Bug 30005
endless loop in univention-join if no host certificate available
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Always create missing SSL certificates.
30005-SSL-Create-missing-certificates.patch (text/plain), 3.41 KB, created by
Philipp Hahn
on 2015-03-08 13:19:09 CET
(
hide
)
Description:
Always create missing SSL certificates.
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2015-03-08 13:19:09 CET
Size:
3.41 KB
patch
obsolete
>From 2f27db1257e1ba2b2e21d5a9dd2ca201237406e8 Mon Sep 17 00:00:00 2001 >Message-Id: <2f27db1257e1ba2b2e21d5a9dd2ca201237406e8.1425817135.git.hahn@univention.de> >From: Philipp Hahn <hahn@univention.de> >Date: Sun, 8 Mar 2015 13:10:21 +0100 >Subject: [PATCH] Bug #30005 SSL: Create missing certificates >Organization: Univention GmbH, Bremen, Germany > >Always create missing SSL certificates. >--- > .../base/univention-ssl/gencertificate.py | 77 ++++++++-------------- > 1 file changed, 29 insertions(+), 48 deletions(-) > >diff --git a/branches/ucs-4.0/ucs-4.0-1/base/univention-ssl/gencertificate.py b/branches/ucs-4.0/ucs-4.0-1/base/univention-ssl/gencertificate.py >index 3863f24..1153400 100644 >--- a/branches/ucs-4.0/ucs-4.0-1/base/univention-ssl/gencertificate.py >+++ b/branches/ucs-4.0/ucs-4.0-1/base/univention-ssl/gencertificate.py >@@ -62,58 +62,39 @@ def initialize(): > > def handler(dn, new, old): > """Handle changes to 'dn'.""" >- setuid(0) >+ if configRegistry['server/role'] != 'domaincontroller_master': >+ return >+ >+ global uidNumber > try: >- if configRegistry['server/role'] != 'domaincontroller_master': >- return >+ uidNumber = int(new.get('uidNumber', ['0'])[0]) >+ except (LookupError, TypeError, ValueError): >+ uidNumber = 0 > >- global uidNumber >- try: >- uidNumber = int(new.get('uidNumber', ['0'])[0]) >- except (LookupError, TypeError, ValueError): >- uidNumber = 0 >- >- global gidNumber >- try: >- gidNumber = int(grp.getgrnam('DC Backup Hosts')[2]) >- except (LookupError, TypeError, ValueError): >- ud.debug(ud.LISTENER, ud.WARN, >- 'CERTIFICATE: Failed to get groupID for "%s"' % dn) >- gidNumber = 0 >- >- if new and not old: >- # changeType: add >- try: >- domain = new['associatedDomain'][0] >- except LookupError: >- domain = configRegistry['domainname'] >- create_certificate(new['cn'][0], domainname=domain) >- elif old and not new: >- # changeType: delete >- try: >- domain = old['associatedDomain'][0] >- except LookupError: >- domain = configRegistry['domainname'] >- remove_certificate(old['cn'][0], domainname=domain) >- else: >- # changeType: modify >- try: >- old_domain = old['associatedDomain'][0] >- except LookupError: >- old_domain = configRegistry['domainname'] >- >- try: >- new_domain = new['associatedDomain'][0] >- except LookupError: >- new_domain = configRegistry['domainname'] >- >- if new_domain != old_domain: >- remove_certificate(old['cn'][0], domainname=old_domain) >+ global gidNumber >+ try: >+ gidNumber = int(grp.getgrnam('DC Backup Hosts')[2]) >+ except (LookupError, TypeError, ValueError): >+ ud.debug(ud.LISTENER, ud.WARN, >+ 'CERTIFICATE: Failed to get groupID for "%s"' % dn) >+ gidNumber = 0 >+ >+ old_domain = new_domain = configRegistry['domainname'] >+ if old and 'associatedDomain' in old: >+ old_domain = old['associatedDomain'][0] >+ if new and 'associatedDomain' in new: >+ old_domain = new['associatedDomain'][0] >+ >+ setuid(0) >+ try: >+ if not new or new_domain != old_domain: >+ remove_certificate(old['cn'][0], domainname=old_domain) >+ if new: >+ fqdn = "%s.%s" % (new['cn'][0], new_domain) >+ certpath = os.path.join(SSLDIR, fqdn) >+ if new_domain != old_domain or not os.path.exists(certpath): > create_certificate(new['cn'][0], domainname=new_domain) > else: >- # Reset permissions >- fqdn = "%s.%s" % (new['cn'][0], new_domain) >- certpath = os.path.join(SSLDIR, fqdn) > os.path.walk(certpath, set_permissions, None) > finally: > unsetuid() >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6749">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 30005
: 6749