Validate the Directory Manager password before starting restore

The password was only indirectly validated when trying to disable replication agreements for the restoration. Only validate the password if the IPA configuration is available and dirsrv is running. https://pagure.io/freeipa/issue/7136 https://pagure.io/freeipa/issue/7535 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-05-01 10:05:05 -04:00
parent fb16bc933c
commit 2256f9ef6a
1 changed files with 20 additions and 1 deletions
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -216,6 +216,10 @@ class Restore(admintool.AdminTool):
        options = self.options
        super(Restore, self).ask_for_options()

+        # no IPA config means we are reinstalling from nothing so
+        # there is no need for the DM password
+        if not os.path.exists(paths.IPA_DEFAULT_CONF):
+            return
        # get the directory manager password
        self.dirman_password = options.password
        if not options.password:
@@ -676,7 +680,7 @@ class Restore(admintool.AdminTool):
        '''
        Restore paths.IPA_DEFAULT_CONF to temporary directory.

-        Primary purpose of this method is to get cofiguration for api
+        Primary purpose of this method is to get configuration for api
        finalization when restoring ipa after uninstall.
        '''
        cwd = os.getcwd()
@@ -889,3 +893,18 @@ class Restore(admintool.AdminTool):

        self.instances = [installutils.realm_to_serverid(api.env.realm)]
        self.backends = ['userRoot', 'ipaca']
+
+        # no IPA config means we are reinstalling from nothing so
+        # there is nothing to test the DM password against.
+        if os.path.exists(paths.IPA_DEFAULT_CONF):
+            instance_name = installutils.realm_to_serverid(api.env.realm)
+            if not services.knownservices.dirsrv.is_running(instance_name):
+                raise admintool.ScriptError(
+                    "directory server instance is not running"
+                )
+            try:
+                ReplicationManager(api.env.realm, api.env.host,
+                                   self.dirman_password)
+            except errors.ACIError:
+                logger.error("Incorrect Directory Manager password provided")
+                raise