From 62fe608390c41115edf4e356a6cff2ab1a6d0daf Mon Sep 17 00:00:00 2001 From: Antonio Torres Date: Mar 23 2023 16:50:13 +0000 Subject: ipaserver: deepcopy objectclasses list from IPA config We need to deepcopy the list of default objectlasses from IPA config before assigning it to an entry, in order to avoid further modifications of the entry affect the cached IPA config. Fixes: https://pagure.io/freeipa/issue/9349 Signed-off-by: Antonio Torres Reviewed-By: Francisco Trivino Reviewed-By: Thomas Woerner --- diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index 5c122d6..e5fc773 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -888,9 +888,9 @@ class LDAPObject(Object): objectclasses = self.object_class if self.object_class_config: config = ldap.get_ipa_config() - objectclasses = config.get( + objectclasses = deepcopy(config.get( self.object_class_config, objectclasses - ) + )) objectclasses = objectclasses + self.possible_objectclasses # Get list of available attributes for this object for use # in the ACI UI. @@ -1257,9 +1257,9 @@ class LDAPCreate(BaseLDAPCommand, crud.Create): if self.obj.object_class_config: config = ldap.get_ipa_config() - entry_attrs['objectclass'] = config.get( + entry_attrs['objectclass'] = deepcopy(config.get( self.obj.object_class_config, entry_attrs['objectclass'] - ) + )) if self.obj.uuid_attribute: entry_attrs[self.obj.uuid_attribute] = 'autogenerate' diff --git a/ipaserver/plugins/stageuser.py b/ipaserver/plugins/stageuser.py index b3c6679..760dff7 100644 --- a/ipaserver/plugins/stageuser.py +++ b/ipaserver/plugins/stageuser.py @@ -573,9 +573,9 @@ class stageuser_activate(LDAPQuery): if self.obj.object_class_config: config = ldap.get_ipa_config() - entry_attrs['objectclass'] = config.get( + entry_attrs['objectclass'] = deepcopy(config.get( self.obj.object_class_config, entry_attrs['objectclass'] - ) + )) return(entry_attrs)