Make sure the nolog argument to ipautil.run is not a bare string

ipautil.run expects a tuple of passwords for nolog; passing a
single string causes all individual letters from that string to
be replaced by Xes.

This fixes such a call, and adds a sanity check to ipautil.run
that prevents lone strings from being used in nolog.

https://fedorahosted.org/freeipa/ticket/2419

ipapython/ipautil.py

@@ -241,6 +241,14 @@ def run(args, stdin=None, raiseonerr=True,
     p_out = None
     p_err = None
 
+    if isinstance(nolog, basestring):
+        # We expect a tuple (or list, or other iterable) of nolog strings.
+        # Passing just a single string is bad: strings are also, so this
+        # would result in every individual character of that string being
+        # replaced by XXXXXXXX.
+        # This is a sanity check to prevent that.
+        raise ValueError('nolog must be a tuple of strings.')
+
     if env is None:
         # copy default env
         env = copy.deepcopy(os.environ)

ipaserver/install/krbinstance.py

@@ -305,7 +305,7 @@ class KrbInstance(service.Service):
             self.master_password + '\n',
         )
         try:
-            ipautil.run(args, nolog=(self.master_password), stdin=''.join(dialogue))
+            ipautil.run(args, nolog=(self.master_password,), stdin=''.join(dialogue))
         except ipautil.CalledProcessError, e:
             print "Failed to initialize the realm container"