IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

certdb: use a temporary file to pass password to pk12util

Browse Source 
Currently the PKCS#12 file password is passed via stdin and pk12util reads
it from /dev/stdin, which is platform-specific.

Use a temporary file instead.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Jan Cholasta 2016-11-24 10:07:50 +01:00 committed by Martin Basti
parent fba6c21da3
commit f919ab4ee0
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ipaplatform/base/paths.py
View File

@ -33,7 +33,6 @@ class BasePathNamespace(object):
SYSTEMCTL = "/bin/systemctl"
TAR = "/bin/tar"
BIN_TRUE = "/bin/true"
DEV_STDIN = "/dev/stdin"
AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
ETC_DIRSRV = "/etc/dirsrv"
DS_KEYTAB = "/etc/dirsrv/ds.keytab"

10
ipapython/certdb.py
View File

@ -155,11 +155,12 @@ class NSSDatabase(object):
args = [paths.PK12UTIL, "-d", self.secdir,
"-i", pkcs12_filename,
"-k", db_password_filename, '-v']
pkcs12_password_file = None
if pkcs12_passwd is not None:
pkcs12_passwd = pkcs12_passwd + '\n'
args = args + ["-w", paths.DEV_STDIN]
pkcs12_password_file = ipautil.write_tmp_file(pkcs12_passwd)
args = args + ["-w", pkcs12_password_file.name]
try:
ipautil.run(args, stdin=pkcs12_passwd)
ipautil.run(args)
except ipautil.CalledProcessError as e:
if e.returncode == 17:
raise RuntimeError("incorrect password for pkcs#12 file %s" %
@ -169,6 +170,9 @@ class NSSDatabase(object):
else:
raise RuntimeError("unknown error import pkcs#12 file %s" %
pkcs12_filename)
finally:
if pkcs12_password_file is not None:
pkcs12_password_file.close()
def import_files(self, files, db_password_filename, import_keys=False,
key_password=None, key_nickname=None):