mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 15:13:50 -06:00
Don't try to validate the HSM arguments on a non-HSM installation
If there is no token name it is safe to assume that an HSM installation is not requested. The validator assumes that if there is a token name then the library and password are also provided. Fixes: https://pagure.io/freeipa/issue/9593 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
parent
b34525c76e
commit
f225b3df17
@ -181,6 +181,18 @@ def hsm_version():
|
||||
|
||||
|
||||
def hsm_validator(token_name, token_library, token_password):
|
||||
"""Do some basic validation of the HSM information provided.
|
||||
|
||||
- The local PKI server supports IPA HSM
|
||||
- The token library exists
|
||||
- The token name doesn't have a colon or semi-colon in it
|
||||
- The token name exists after loading the library
|
||||
- The token password works
|
||||
- Super-simple test to see if the SELinux module is loaded
|
||||
"""
|
||||
if not token_name:
|
||||
logger.debug("No token name, assuming not an HSM install")
|
||||
return
|
||||
val, pki_version = hsm_version()
|
||||
if val is False:
|
||||
raise ValueError(
|
||||
|
Loading…
Reference in New Issue
Block a user