mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
gp: Convert CA certificates to base64
I don't know whether this applies universally, but in our case the contents of `es['cACertificate'][0]` are binary, so cleanly converting to a string fails with the following: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte We found a fix to be encoding the certificate to base64 when constructing the CA list. Section 4.4.5.2 of MS-CAESO also suggests that the content of `cACertificate` is binary (OCTET string). Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@samba.org>
This commit is contained in:
parent
1ef722cf66
commit
157335ee93
@ -158,7 +158,7 @@ def fetch_certification_authorities(ldb):
|
||||
for es in res:
|
||||
data = { 'name': get_string(es['cn'][0]),
|
||||
'hostname': get_string(es['dNSHostName'][0]),
|
||||
'cACertificate': get_string(es['cACertificate'][0])
|
||||
'cACertificate': get_string(base64.b64encode(es['cACertificate'][0]))
|
||||
}
|
||||
result.append(data)
|
||||
return result
|
||||
@ -176,8 +176,7 @@ def fetch_template_attrs(ldb, name, attrs=None):
|
||||
return {'msPKI-Minimal-Key-Size': ['2048']}
|
||||
|
||||
def format_root_cert(cert):
|
||||
cert = base64.b64encode(cert.encode())
|
||||
return cert_wrap % re.sub(b"(.{64})", b"\\1\n", cert, 0, re.DOTALL)
|
||||
return cert_wrap % re.sub(b"(.{64})", b"\\1\n", cert.encode(), 0, re.DOTALL)
|
||||
|
||||
def find_cepces_submit():
|
||||
certmonger_dirs = [os.environ.get("PATH"), '/usr/lib/certmonger',
|
||||
|
@ -1,13 +0,0 @@
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_user_centrify_crontab_ext
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_user_scripts_ext
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_rsop
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_access
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_files
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_issue
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_motd
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_openssh
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_startup_scripts
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_sudoers
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_symlink
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||
^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
Loading…
Reference in New Issue
Block a user