mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Properly quote passwords sent to pkisilent so special characters work.
Also check for url-encoded passwords before logging them. ticket 324
This commit is contained in:
parent
67d1c07112
commit
623abc6bdf
@ -28,6 +28,7 @@ import random
|
||||
import os, sys, traceback, readline
|
||||
import stat
|
||||
import shutil
|
||||
import urllib2
|
||||
|
||||
from ipapython import ipavalidate
|
||||
from types import *
|
||||
@ -129,6 +130,10 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None):
|
||||
args = args.replace(value, 'XXXXXXXX')
|
||||
stdout = stdout.replace(value, 'XXXXXXXX')
|
||||
stderr = stderr.replace(value, 'XXXXXXXX')
|
||||
quoted = urllib2.quote(value)
|
||||
args = args.replace(quoted, 'XXXXXXXX')
|
||||
stdout = stdout.replace(quoted, 'XXXXXXXX')
|
||||
stderr = stderr.replace(quoted, 'XXXXXXXX')
|
||||
logging.info('args=%s' % args)
|
||||
logging.info('stdout=%s' % stdout)
|
||||
logging.info('stderr=%s' % stderr)
|
||||
|
@ -507,12 +507,12 @@ class CAInstance(service.Service):
|
||||
"-cs_hostname", self.host_name,
|
||||
"-cs_port", str(ADMIN_SECURE_PORT),
|
||||
"-client_certdb_dir", self.ca_agent_db,
|
||||
"-client_certdb_pwd", '"%s"' % self.admin_password,
|
||||
"-client_certdb_pwd", "'%s'" % self.admin_password,
|
||||
"-preop_pin" , preop_pin,
|
||||
"-domain_name", self.domain_name,
|
||||
"-admin_user", "admin",
|
||||
"-admin_email", "root@localhost",
|
||||
"-admin_password", '"%s"' % self.admin_password,
|
||||
"-admin_password", "'%s'" % self.admin_password,
|
||||
"-agent_name", "ipa-ca-agent",
|
||||
"-agent_key_size", "2048",
|
||||
"-agent_key_type", "rsa",
|
||||
@ -520,14 +520,14 @@ class CAInstance(service.Service):
|
||||
"-ldap_host", self.host_name,
|
||||
"-ldap_port", str(self.ds_port),
|
||||
"-bind_dn", "\"cn=Directory Manager\"",
|
||||
"-bind_password", '"%s"' % self.dm_password,
|
||||
"-bind_password", "'%s'" % self.dm_password,
|
||||
"-base_dn", self.basedn,
|
||||
"-db_name", "ipaca",
|
||||
"-key_size", "2048",
|
||||
"-key_type", "rsa",
|
||||
"-key_algorithm", "SHA256withRSA",
|
||||
"-save_p12", "true",
|
||||
"-backup_pwd", '"%s"' % self.admin_password,
|
||||
"-backup_pwd", "'%s'" % self.admin_password,
|
||||
"-subsystem_name", self.service_name,
|
||||
"-token_name", "internal",
|
||||
"-ca_subsystem_cert_subject_name", "\"CN=CA Subsystem,%s\"" % self.subject_base,
|
||||
@ -565,7 +565,7 @@ class CAInstance(service.Service):
|
||||
args.append("-clone_p12_file")
|
||||
args.append("ca.p12")
|
||||
args.append("-clone_p12_password")
|
||||
args.append('"%s"' % self.dm_password)
|
||||
args.append("'%s'" % self.dm_password)
|
||||
args.append("-sd_hostname")
|
||||
args.append(self.master_host)
|
||||
args.append("-sd_admin_port")
|
||||
@ -573,7 +573,7 @@ class CAInstance(service.Service):
|
||||
args.append("-sd_admin_name")
|
||||
args.append("admin")
|
||||
args.append("-sd_admin_password")
|
||||
args.append('"%s"' % self.admin_password)
|
||||
args.append("'%s'" % self.admin_password)
|
||||
args.append("-clone_uri")
|
||||
args.append("https://%s:%d" % (self.master_host, EE_SECURE_PORT))
|
||||
else:
|
||||
@ -775,7 +775,7 @@ class CAInstance(service.Service):
|
||||
pwd_file = self.ra_agent_pwd
|
||||
new_args = ["/usr/bin/certutil", "-d", database, "-f", pwd_file]
|
||||
new_args = new_args + args
|
||||
return ipautil.run(new_args, stdin)
|
||||
return ipautil.run(new_args, stdin, nolog=(pwd_file,))
|
||||
|
||||
def __create_ra_agent_db(self):
|
||||
if ipautil.file_exists(self.ra_agent_db + "/cert8.db"):
|
||||
|
Loading…
Reference in New Issue
Block a user