mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Convert ipa-httpd-pwdreader into Python script
and use paths from ipaplatform. Fixes: https://pagure.io/freeipa/issue/8401 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com>
This commit is contained in:
parent
664007e031
commit
8f6502db03
3
.gitignore
vendored
3
.gitignore
vendored
@ -133,6 +133,7 @@ makeaci
|
||||
makeapi
|
||||
client/ipa-certupdate
|
||||
client/ipa-client-automount
|
||||
client/certbot-dns-ipa
|
||||
client/ipa-client-install
|
||||
client/ipa-client-samba
|
||||
client/ipa-epn
|
||||
@ -156,6 +157,7 @@ install/restart_scripts/renew_ra_cert_pre
|
||||
install/restart_scripts/restart_dirsrv
|
||||
install/restart_scripts/restart_httpd
|
||||
install/restart_scripts/stop_pkicad
|
||||
install/tools/ipa-acme-manage
|
||||
install/tools/ipa-adtrust-install
|
||||
install/tools/ipa-advise
|
||||
install/tools/ipa-backup
|
||||
@ -170,6 +172,7 @@ install/tools/ipa-custodia
|
||||
install/tools/ipa-custodia-check
|
||||
install/tools/ipa-dns-install
|
||||
install/tools/ipa-httpd-kdcproxy
|
||||
install/tools/ipa-httpd-pwdreader
|
||||
install/tools/ipa-kra-install
|
||||
install/tools/ipa-ldap-updater
|
||||
install/tools/ipa-managed-entries
|
||||
|
@ -33,6 +33,7 @@ dist_noinst_DATA = \
|
||||
ipa-custodia.in \
|
||||
ipa-custodia-check.in \
|
||||
ipa-httpd-kdcproxy.in \
|
||||
ipa-httpd-pwdreader.in \
|
||||
ipa-pki-retrieve-key.in \
|
||||
ipa-pki-wait-running.in \
|
||||
ipa-acme-manage.in \
|
||||
@ -72,14 +73,11 @@ nodist_app_SCRIPTS = \
|
||||
ipa-custodia \
|
||||
ipa-custodia-check \
|
||||
ipa-httpd-kdcproxy \
|
||||
ipa-httpd-pwdreader \
|
||||
ipa-pki-retrieve-key \
|
||||
ipa-pki-wait-running \
|
||||
$(NULL)
|
||||
|
||||
dist_app_SCRIPTS = \
|
||||
ipa-httpd-pwdreader \
|
||||
$(NULL)
|
||||
|
||||
PYTHON_SHEBANG = \
|
||||
$(nodist_sbin_SCRIPTS) \
|
||||
$(nodist_app_SCRIPTS) \
|
||||
|
@ -1,25 +0,0 @@
|
||||
#!/bin/bash
|
||||
# This program is a handler written for Apache mod_ssl's SSLPassPhraseDialog.
|
||||
#
|
||||
# If you'd like to write your custom binary providing passwords to mod_ssl,
|
||||
# see the documentation of the aforementioned directive of the mod_ssl module.
|
||||
|
||||
USAGE="./ipa-pwdreader host:port RSA|DSA|ECC|number"
|
||||
|
||||
if [ "$#" -ne 2 ]; then
|
||||
echo "Wrong number of arguments!" 1>&2
|
||||
echo "$USAGE" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
fname=${1/:/-}-$2
|
||||
pwdpath=/var/lib/ipa/passwds/$fname
|
||||
|
||||
# Make sure the values passed in do not contain path information
|
||||
checkpath=$(/usr/bin/realpath -e ${pwdpath} 2>/dev/null)
|
||||
|
||||
if [ $pwdpath == "${checkpath}" ]; then
|
||||
cat $pwdpath
|
||||
else
|
||||
echo "Invalid path ${pwdpath}" 1>&2
|
||||
fi
|
43
install/tools/ipa-httpd-pwdreader.in
Executable file
43
install/tools/ipa-httpd-pwdreader.in
Executable file
@ -0,0 +1,43 @@
|
||||
#!/usr/bin/python3
|
||||
"""mod_ssl password reader
|
||||
This program is a handler written for Apache mod_ssl's SSLPassPhraseDialog.
|
||||
|
||||
If you'd like to write your custom binary providing passwords to mod_ssl,
|
||||
see the documentation of the aforementioned directive of the mod_ssl module.
|
||||
"""
|
||||
import argparse
|
||||
import os
|
||||
|
||||
from ipaplatform.paths import paths
|
||||
|
||||
HTTPD_PASSWD_DIR = os.path.realpath(
|
||||
os.path.dirname(paths.HTTPD_PASSWD_FILE_FMT)
|
||||
)
|
||||
|
||||
parser = argparse.ArgumentParser(description="mod_ssl password reader")
|
||||
parser.add_argument(
|
||||
"host_port", help="host:port",
|
||||
)
|
||||
parser.add_argument(
|
||||
"keytype", help="RSA|DSA|ECC|number",
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
args = parser.parse_args()
|
||||
host_port = args.host_port.replace(":", "-")
|
||||
keytype = args.keytype
|
||||
pwdpath = os.path.realpath(
|
||||
os.path.join(HTTPD_PASSWD_DIR, f"{host_port}-{keytype}")
|
||||
)
|
||||
if not pwdpath.startswith(HTTPD_PASSWD_DIR):
|
||||
parser.error(f"Invalid path {pwdpath}\n")
|
||||
try:
|
||||
with open(pwdpath) as f:
|
||||
print(f.read(), end="")
|
||||
except OSError as e:
|
||||
parser.error(str(e))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
@ -24,6 +24,7 @@ class FedoraContainerPathNamespace(FedoraPathNamespace):
|
||||
PKI_CONFIGURATION = data(FedoraPathNamespace.PKI_CONFIGURATION)
|
||||
SAMBA_DIR = data(FedoraPathNamespace.SAMBA_DIR)
|
||||
HTTPD_IPA_WSGI_MODULES_CONF = None
|
||||
HTTPD_PASSWD_FILE_FMT = data(FedoraPathNamespace.HTTPD_PASSWD_FILE_FMT)
|
||||
|
||||
|
||||
paths = FedoraContainerPathNamespace()
|
||||
|
@ -24,6 +24,7 @@ class RHELContainerPathNamespace(RHELPathNamespace):
|
||||
PKI_CONFIGURATION = data(RHELPathNamespace.PKI_CONFIGURATION)
|
||||
SAMBA_DIR = data(RHELPathNamespace.SAMBA_DIR)
|
||||
HTTPD_IPA_WSGI_MODULES_CONF = None
|
||||
HTTPD_PASSWD_FILE_FMT = data(RHELPathNamespace.HTTPD_PASSWD_FILE_FMT)
|
||||
|
||||
|
||||
paths = RHELContainerPathNamespace()
|
||||
|
Loading…
Reference in New Issue
Block a user