URL: https://github.com/freeipa/freeipa/pull/561 Author: HonzaCholasta Title: #561: ldap2: fix crash in development mode Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/561/head:pr561 git checkout pr561
From 208c95ecd36cb6944d6c0bbc8bef795edbfba922 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Thu, 9 Mar 2017 11:42:12 +0000 Subject: [PATCH] backend plugins: fix crashes in development mode Do not set or delete attributes directly on ldap2 and ra_lightweight_ca instances, as that raises an AttributeError in development mode because of ReadOnly locking. Use the usual workaround of `object.__setattr__` and `object.__delattr__` to fix the issue. https://pagure.io/freeipa/issue/6625 --- .test_runner_config.yaml | 2 ++ ipaserver/plugins/dogtag.py | 4 ++-- ipaserver/plugins/ldap2.py | 28 ++++++++++++++-------------- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/.test_runner_config.yaml b/.test_runner_config.yaml index b7896c3..f119034 100644 --- a/.test_runner_config.yaml +++ b/.test_runner_config.yaml @@ -48,6 +48,8 @@ steps: install_server: - ipa-server-install -U --domain ${server_domain} --realm ${server_realm} -p ${server_password} -a ${server_password} --setup-dns --setup-kra --auto-forwarders + - sed -ri 's/mode = production/#\0/' /etc/ipa/default.conf + - systemctl restart httpd.service lint: - PYTHON=/usr/bin/python2 make V=0 lint - PYTHON=/usr/bin/python3 make V=0 pylint diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 05b759d..d1dd707 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1289,7 +1289,7 @@ def __enter__(self): cookies = ipapython.cookie.Cookie.parse(resp_headers.get('set-cookie', '')) if status != 200 or len(cookies) == 0: raise errors.RemoteRetrieveError(reason=_('Failed to authenticate to CA REST API')) - self.cookie = str(cookies[0]) + object.__setattr__(self, 'cookie', str(cookies[0])) return self def __exit__(self, exc_type, exc_value, traceback): @@ -1302,7 +1302,7 @@ def __exit__(self, exc_type, exc_value, traceback): client_keyfile=self.client_keyfile, method='GET' ) - self.cookie = None + object.__setattr__(self, 'cookie', None) def _ssldo(self, method, path, headers=None, body=None, use_session=True): """ diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index e671ecb..def1245 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -77,42 +77,42 @@ def __init__(self, api, ldap_uri=None): LDAPClient.__init__(self, ldap_uri, force_schema_updates=force_schema_updates) - self.__time_limit = float(LDAPClient.time_limit) - self.__size_limit = int(LDAPClient.size_limit) + self._time_limit = float(LDAPClient.time_limit) + self._size_limit = int(LDAPClient.size_limit) @property def time_limit(self): - if self.__time_limit is None: + if self._time_limit is None: return float(self.get_ipa_config().single_value.get( 'ipasearchtimelimit', 2)) - return self.__time_limit + return self._time_limit @time_limit.setter def time_limit(self, val): if val is not None: val = float(val) - self.__time_limit = val + object.__setattr__(self, '_time_limit', val) @time_limit.deleter def time_limit(self): - self.__time_limit = int(LDAPClient.size_limit) + object.__setattr__(self, '_time_limit', int(LDAPClient.size_limit)) @property def size_limit(self): - if self.__size_limit is None: + if self._size_limit is None: return int(self.get_ipa_config().single_value.get( 'ipasearchrecordslimit', 0)) - return self.__size_limit + return self._size_limit @size_limit.setter def size_limit(self, val): if val is not None: val = int(val) - self.__size_limit = val + object.__setattr__(self, '_size_limit', val) @size_limit.deleter def size_limit(self): - self.__size_limit = float(LDAPClient.time_limit) + object.__setattr__(self, '_size_limit', float(LDAPClient.time_limit)) def _connect(self): # Connectible.conn is a proxy to thread-local storage; @@ -158,9 +158,9 @@ def create_connection( cacert = paths.IPA_CA_CRT if time_limit is not _missing: - self.time_limit = time_limit + object.__setattr__(self, 'time_limit', time_limit) if size_limit is not _missing: - self.size_limit = size_limit + object.__setattr__(self, 'size_limit', size_limit) client = LDAPClient(self.ldap_uri, force_schema_updates=self._force_schema_updates, @@ -219,8 +219,8 @@ def destroy_connection(self): # ignore when trying to unbind multiple times pass - del self.time_limit - del self.size_limit + object.__delattr__(self, 'time_limit') + object.__delattr__(self, 'size_limit') def get_ipa_config(self, attrs_list=None): """Returns the IPA configuration entry (dn, entry_attrs)."""
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code