client: move custom env variable into client module

There is no need to have env as parameter because this is used only once, so it can eb safely moved to client.py module NOTE: PATH should be overwritten to safe values before we execute any command https://www.securecoding.cert.org/confluence/display/c/ENV03-C.+Sanitize+the+environment+when+invoking+external+programs https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-10-31 10:27:24 +01:00 · 2016-10-31 10:27:24 +01:00 · 83fe6b626f
commit 83fe6b626f
parent fcea3b3fb8
2 changed files with 13 additions and 7 deletions
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@ -229,20 +229,18 @@ def main():
    root_logger.debug("missing options might be asked for interactively later")
    root_logger.debug('IPA version %s' % version.VENDOR_VERSION)

-    env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
-
    if options.uninstall:
        rval_check = client.uninstall_check(options)
        if rval_check != client.SUCCESS:
            return rval_check

-        return client.uninstall(options, env)
+        return client.uninstall(options)

    rval_check = client.install_check(options)
    if rval_check != client.SUCCESS:
        return rval_check

-    rval = client.install(options, env)
+    rval = client.install(options)
    if rval == client.CLIENT_INSTALL_ERROR:
        if options.force:
            root_logger.warning(
@ -255,7 +253,7 @@ def main():
        else:
            root_logger.error("Installation failed. Rolling back changes.")
            options.unattended = True
-            client.uninstall(options, env)
+            client.uninstall(options)

    return rval

--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@ -78,6 +78,10 @@ CLIENT_NOT_CONFIGURED = 2
 CLIENT_ALREADY_CONFIGURED = 3
 CLIENT_UNINSTALL_ERROR = 4  # error after restoring files/state

+SECURE_PATH = (
+    "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"
+)
+
 # global variables
 hostname = None
 hostname_source = None
@ -2280,7 +2284,9 @@ def install_check(options):
    return SUCCESS


-def install(options, env):
+def install(options):
+    env = {'PATH': SECURE_PATH}
+
    fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
    statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)

@ -2884,7 +2890,9 @@ def uninstall_check(options):
    return SUCCESS


-def uninstall(options, env):
+def uninstall(options):
+    env = {'PATH': SECURE_PATH}
+
    fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
    statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)