IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Don't assume local directory is valid or writable.

Browse Source 
certutil writes to the local directory when issuing a certificate.
Change to the security database directory when issuing the self-signed CA.

Also handle the case where a user is in a non-existent directory when doing
the install.
This commit is contained in:
Rob Crittenden 2010-02-03 17:40:18 -05:00
parent 4e6373cf95
commit 33a30fef12
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ipaserver/install/certs.py
View File

@ -190,7 +190,10 @@ class CertDB(object):
self.certreq_fname = None self.certreq_fname = None
self.certder_fname = None self.certder_fname = None
self.host_name = host_name self.host_name = host_name
try:
self.cwd = os.getcwd() self.cwd = os.getcwd()
except OSError, e:
raise RuntimeError("Unable to determine the current directory: %s" % str(e))
self.self_signed_ca = ipa_self_signed() self.self_signed_ca = ipa_self_signed()
@ -352,6 +355,7 @@ class CertDB(object):
return False return False
def create_ca_cert(self): def create_ca_cert(self):
os.chdir(self.secdir)
p = subprocess.Popen(["/usr/bin/certutil", p = subprocess.Popen(["/usr/bin/certutil",
"-d", self.secdir, "-d", self.secdir,
"-S", "-n", self.cacert_name, "-S", "-n", self.cacert_name,
@ -382,6 +386,7 @@ class CertDB(object):
p.stdin.write("y\n\ny\n") p.stdin.write("y\n\ny\n")
p.stdin.write("5\n6\n7\n9\nn\n") p.stdin.write("5\n6\n7\n9\nn\n")
p.wait() p.wait()
os.chdir(self.cwd)
def export_ca_cert(self, nickname, create_pkcs12=False): def export_ca_cert(self, nickname, create_pkcs12=False):
"""create_pkcs12 tells us whether we should create a PKCS#12 file """create_pkcs12 tells us whether we should create a PKCS#12 file