diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2008-05-19 14:31:02 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2008-05-19 17:07:41 -0400 |
| commit | 6c87f831806af51539824244d684c2431b8e7af7 (patch) | |
| tree | 8f0801a38501419fc9f5b81160bedb351374a062 | |
| parent | 6119f83799a70738170e19f3e2d833fdf4ecbc86 (diff) | |
| download | freeipa-6c87f831806af51539824244d684c2431b8e7af7.tar.gz freeipa-6c87f831806af51539824244d684c2431b8e7af7.tar.xz freeipa-6c87f831806af51539824244d684c2431b8e7af7.zip | |
Don't pass the Directory Manager password on the command-line to ldapmodify.
446865
| -rw-r--r-- | ipa-server/ipaserver/dsinstance.py | 16 | ||||
| -rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 15 |
2 files changed, 23 insertions, 8 deletions
diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py index 9a8054819..f0ff2da7b 100644 --- a/ipa-server/ipaserver/dsinstance.py +++ b/ipa-server/ipaserver/dsinstance.py @@ -26,6 +26,7 @@ import sys import os import re import time +import tempfile from ipa import ipautil @@ -279,13 +280,20 @@ class DsInstance(service.Service): fd = ipautil.write_tmp_file(txt) path = fd.name + [pw_fd, pw_name] = tempfile.mkstemp() + os.write(pw_fd, self.dm_password) + os.close(pw_fd) + args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", - "-D", "cn=Directory Manager", "-w", self.dm_password, "-f", path] + "-D", "cn=Directory Manager", "-y", pw_name, "-f", path] try: - ipautil.run(args) - except ipautil.CalledProcessError, e: - logging.critical("Failed to load %s: %s" % (ldif, str(e))) + try: + ipautil.run(args) + except ipautil.CalledProcessError, e: + logging.critical("Failed to load %s: %s" % (ldif, str(e))) + finally: + os.remove(pw_name) if not fd is None: fd.close() diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index 50250f638..7ad03e1c3 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -211,13 +211,20 @@ class KrbInstance(service.Service): txt = ipautil.template_file(ipautil.SHARE_DIR + ldif, self.sub_dict) fd = ipautil.write_tmp_file(txt) + [pw_fd, pw_name] = tempfile.mkstemp() + os.write(pw_fd, self.admin_password) + os.close(pw_fd) + args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", - "-D", "cn=Directory Manager", "-w", self.admin_password, "-f", fd.name] + "-D", "cn=Directory Manager", "-y", pw_name, "-f", fd.name] try: - ipautil.run(args) - except ipautil.CalledProcessError, e: - logging.critical("Failed to load %s: %s" % (ldif, str(e))) + try: + ipautil.run(args) + except ipautil.CalledProcessError, e: + logging.critical("Failed to load %s: %s" % (ldif, str(e))) + finally: + os.remove(pw_name) fd.close() |