Create temporary files used in self-signed cert requests in a temporary directory and ensure that it gets cleaned up when we're done with it.

458159

1 files changed, 8 insertions, 2 deletions

diff --git a/ipa-server/ipaserver/certs.py b/ipa-server/ipaserver/certs.py
index 41d983cea..886632dab 100644
--- a/ipa-server/ipaserver/certs.py
+++ b/ipa-server/ipaserver/certs.py
@@ -20,8 +20,10 @@
 import os, stat, subprocess, re
 import sha
 import errno
+import tempfile
 
 from ipa import sysrestore
+from ipa import shutil
 from ipa import ipautil
 
 CA_SERIALNO="/var/lib/ipa/ca_serialno"
@@ -38,8 +40,9 @@ class CertDB(object):
         self.cacert_fname = self.secdir + "/cacert.asc"
         self.pk12_fname = self.secdir + "/cacert.p12"
         self.pin_fname = self.secdir + "/pin.txt"
-        self.certreq_fname = self.secdir + "/tmpcertreq"
-        self.certder_fname = self.secdir + "/tmpcert.der"
+        self.reqdir = tempfile.mkdtemp('', 'ipa-', '/var/lib/ipa')
+        self.certreq_fname = self.reqdir + "/tmpcertreq"
+        self.certder_fname = self.reqdir + "/tmpcert.der"
 
         # Making this a starting value that will generate
         # unique values for the current DB is the
@@ -66,6 +69,9 @@ class CertDB(object):
         else:
             self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
 
+    def __del__(self):
+        shutil.rmtree(self.reqdir, ignore_errors=True)
+
     def set_serial_from_pkcs12(self):
         """A CA cert was loaded from a PKCS#12 file. Set up our serial file"""