Convert ipa-httpd-pwdreader into Python script

and use paths from ipaplatform.

Fixes: https://pagure.io/freeipa/issue/8401
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
This commit is contained in:
Christian Heimes 2020-07-28 14:04:34 +02:00
parent 664007e031
commit 8f6502db03
6 changed files with 50 additions and 29 deletions

3
.gitignore vendored
View File

@ -133,6 +133,7 @@ makeaci
makeapi
client/ipa-certupdate
client/ipa-client-automount
client/certbot-dns-ipa
client/ipa-client-install
client/ipa-client-samba
client/ipa-epn
@ -156,6 +157,7 @@ install/restart_scripts/renew_ra_cert_pre
install/restart_scripts/restart_dirsrv
install/restart_scripts/restart_httpd
install/restart_scripts/stop_pkicad
install/tools/ipa-acme-manage
install/tools/ipa-adtrust-install
install/tools/ipa-advise
install/tools/ipa-backup
@ -170,6 +172,7 @@ install/tools/ipa-custodia
install/tools/ipa-custodia-check
install/tools/ipa-dns-install
install/tools/ipa-httpd-kdcproxy
install/tools/ipa-httpd-pwdreader
install/tools/ipa-kra-install
install/tools/ipa-ldap-updater
install/tools/ipa-managed-entries

View File

@ -33,6 +33,7 @@ dist_noinst_DATA = \
ipa-custodia.in \
ipa-custodia-check.in \
ipa-httpd-kdcproxy.in \
ipa-httpd-pwdreader.in \
ipa-pki-retrieve-key.in \
ipa-pki-wait-running.in \
ipa-acme-manage.in \
@ -72,14 +73,11 @@ nodist_app_SCRIPTS = \
ipa-custodia \
ipa-custodia-check \
ipa-httpd-kdcproxy \
ipa-httpd-pwdreader \
ipa-pki-retrieve-key \
ipa-pki-wait-running \
$(NULL)
dist_app_SCRIPTS = \
ipa-httpd-pwdreader \
$(NULL)
PYTHON_SHEBANG = \
$(nodist_sbin_SCRIPTS) \
$(nodist_app_SCRIPTS) \

View File

@ -1,25 +0,0 @@
#!/bin/bash
# This program is a handler written for Apache mod_ssl's SSLPassPhraseDialog.
#
# If you'd like to write your custom binary providing passwords to mod_ssl,
# see the documentation of the aforementioned directive of the mod_ssl module.
USAGE="./ipa-pwdreader host:port RSA|DSA|ECC|number"
if [ "$#" -ne 2 ]; then
echo "Wrong number of arguments!" 1>&2
echo "$USAGE" 1>&2
exit 1
fi
fname=${1/:/-}-$2
pwdpath=/var/lib/ipa/passwds/$fname
# Make sure the values passed in do not contain path information
checkpath=$(/usr/bin/realpath -e ${pwdpath} 2>/dev/null)
if [ $pwdpath == "${checkpath}" ]; then
cat $pwdpath
else
echo "Invalid path ${pwdpath}" 1>&2
fi

View File

@ -0,0 +1,43 @@
#!/usr/bin/python3
"""mod_ssl password reader
This program is a handler written for Apache mod_ssl's SSLPassPhraseDialog.
If you'd like to write your custom binary providing passwords to mod_ssl,
see the documentation of the aforementioned directive of the mod_ssl module.
"""
import argparse
import os
from ipaplatform.paths import paths
HTTPD_PASSWD_DIR = os.path.realpath(
os.path.dirname(paths.HTTPD_PASSWD_FILE_FMT)
)
parser = argparse.ArgumentParser(description="mod_ssl password reader")
parser.add_argument(
"host_port", help="host:port",
)
parser.add_argument(
"keytype", help="RSA|DSA|ECC|number",
)
def main():
args = parser.parse_args()
host_port = args.host_port.replace(":", "-")
keytype = args.keytype
pwdpath = os.path.realpath(
os.path.join(HTTPD_PASSWD_DIR, f"{host_port}-{keytype}")
)
if not pwdpath.startswith(HTTPD_PASSWD_DIR):
parser.error(f"Invalid path {pwdpath}\n")
try:
with open(pwdpath) as f:
print(f.read(), end="")
except OSError as e:
parser.error(str(e))
if __name__ == "__main__":
main()

View File

@ -24,6 +24,7 @@ class FedoraContainerPathNamespace(FedoraPathNamespace):
PKI_CONFIGURATION = data(FedoraPathNamespace.PKI_CONFIGURATION)
SAMBA_DIR = data(FedoraPathNamespace.SAMBA_DIR)
HTTPD_IPA_WSGI_MODULES_CONF = None
HTTPD_PASSWD_FILE_FMT = data(FedoraPathNamespace.HTTPD_PASSWD_FILE_FMT)
paths = FedoraContainerPathNamespace()

View File

@ -24,6 +24,7 @@ class RHELContainerPathNamespace(RHELPathNamespace):
PKI_CONFIGURATION = data(RHELPathNamespace.PKI_CONFIGURATION)
SAMBA_DIR = data(RHELPathNamespace.SAMBA_DIR)
HTTPD_IPA_WSGI_MODULES_CONF = None
HTTPD_PASSWD_FILE_FMT = data(RHELPathNamespace.HTTPD_PASSWD_FILE_FMT)
paths = RHELContainerPathNamespace()