IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-pki-retrieve-key: ensure we do not crash

Browse Source 
If ipa-pki-retrieve-key fails for some reason (which may be a
"legitimate" reason, e.g. the server it is attempting to contact
being offline), the program terminates with an uncaught exception,
resulting in crash report.

Catch all exceptions; if an exception gets raised, report the
traceback and exit with nonzero status.

Fixes: https://pagure.io/freeipa/issue/7115
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Fraser Tweedale
2017-08-23 11:22:48 +10:00
committed by Stanislav Laznicka
parent c4505f0804
commit 09f746f568
1 changed files with 26 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
install/tools/ipa-pki-retrieve-key
View File

@@ -4,29 +4,39 @@ from __future__ import print_function
import os import os
import sys import sys
import traceback
from ipalib import constants from ipalib import constants
from ipalib.config import Env from ipalib.config import Env
from ipaplatform.paths import paths from ipaplatform.paths import paths
from ipaserver.secrets.client import CustodiaClient from ipaserver.secrets.client import CustodiaClient
env = Env()
env._finalize()
keyname = "ca_wrapped/" + sys.argv[1] def main():
servername = sys.argv[2] env = Env()
env._finalize()
service = constants.PKI_GSSAPI_SERVICE_NAME keyname = "ca_wrapped/" + sys.argv[1]
client_keyfile = os.path.join(paths.PKI_TOMCAT, service + '.keys') servername = sys.argv[2]
client_keytab = os.path.join(paths.PKI_TOMCAT, service + '.keytab')
# pylint: disable=no-member service = constants.PKI_GSSAPI_SERVICE_NAME
client = CustodiaClient( client_keyfile = os.path.join(paths.PKI_TOMCAT, service + '.keys')
client_service='%s@%s' % (service, env.host), server=servername, client_keytab = os.path.join(paths.PKI_TOMCAT, service + '.keytab')
realm=env.realm, ldap_uri="ldaps://" + env.host,
keyfile=client_keyfile, keytab=client_keytab,
)
# Print the response JSON to stdout; it is already in the format # pylint: disable=no-member
# that Dogtag's ExternalProcessKeyRetriever expects client = CustodiaClient(
print(client.fetch_key(keyname, store=False)) client_service='%s@%s' % (service, env.host), server=servername,
realm=env.realm, ldap_uri="ldaps://" + env.host,
keyfile=client_keyfile, keytab=client_keytab,
)
# Print the response JSON to stdout; it is already in the format
# that Dogtag's ExternalProcessKeyRetriever expects
print(client.fetch_key(keyname, store=False))
try:
main()
except BaseException:
traceback.print_exc()
sys.exit(1)