diff options
author | Simo Sorce <ssorce@redhat.com> | 2008-08-08 08:53:55 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2008-08-11 18:30:57 -0400 |
commit | 0368d4329ae54d97b6fb5da60580beefa29d07bc (patch) | |
tree | 768449ab9174e3d826919b1d18c84cc523c2d27d /ipa-server/ipa-install/ipa-replica-install | |
parent | 5cbc453d89af0ef79b7c99849778f1982abeda05 (diff) | |
download | freeipa-0368d4329ae54d97b6fb5da60580beefa29d07bc.tar.gz freeipa-0368d4329ae54d97b6fb5da60580beefa29d07bc.tar.xz freeipa-0368d4329ae54d97b6fb5da60580beefa29d07bc.zip |
Used the encrypt_file and decrypt_file utility functions to encrypt replica
information. This way we do not risk to leave around sensitive data.
Set the destination host in the replica file too and do checks against
in ipa-replica-install
Diffstat (limited to 'ipa-server/ipa-install/ipa-replica-install')
-rw-r--r-- | ipa-server/ipa-install/ipa-replica-install | 42 |
1 files changed, 25 insertions, 17 deletions
diff --git a/ipa-server/ipa-install/ipa-replica-install b/ipa-server/ipa-install/ipa-replica-install index e9d962915..d1f859179 100644 --- a/ipa-server/ipa-install/ipa-replica-install +++ b/ipa-server/ipa-install/ipa-replica-install @@ -61,10 +61,13 @@ def parse_options(): def get_dirman_password(): return installutils.read_password("Directory Manager (existing master)", confirm=False, validate=False) -def expand_info(filename): +def expand_info(filename, password): top_dir = tempfile.mkdtemp("ipa") + tarfile = top_dir+"/files.tar" dir = top_dir + "/realm_info" - ipautil.run(["tar", "xfz", filename, "-C", top_dir]) + ipautil.decrypt_file(filename, tarfile, password, top_dir) + ipautil.run(["tar", "xf", tarfile, "-C", top_dir]) + os.remove(tarfile) return top_dir, dir @@ -78,6 +81,7 @@ def read_info(dir, rconfig): rconfig.master_host_name = config.get("realm", "master_host_name") rconfig.ds_user = config.get("realm", "ds_user") rconfig.domain_name = config.get("realm", "domain_name") + rconfig.host_name = config.get("realm", "destination_host") def get_host_name(): hostname = installutils.get_fqdn() @@ -179,33 +183,37 @@ def main(): check_dirsrv() - top_dir, dir = expand_info(filename) + # get the directory manager password + dirman_password = options.password + if not dirman_password: + try: + dirman_password = get_dirman_password() + except KeyboardInterrupt: + sys.exit(0) + + try: + top_dir, dir = expand_info(filename, dirman_password) + except Exception, e: + print "ERROR: Failed to decrypt or open the replica file." + print "Verify you entered the correct Directory Manager password." + sys.exit(1) config = ReplicaConfig() read_info(dir, config) - config.host_name = get_host_name() - p = filename.split('-') - host = '-'.join(p[2:]) - if host != config.host_name: + config.dirman_password = dirman_password + host = get_host_name() + if config.host_name != host: try: - print "This replica was created for '%s' but this machine is named '%s'" % (host, config.host_name) + print "This replica was created for '%s' but this machine is named '%s'" % (config.host_name, host) if not ipautil.user_input("This may cause problems. Continue?", True): sys.exit(0) + config.host_name = host print "" except KeyboardInterrupt: sys.exit(0) config.repl_password = ipautil.ipa_generate_password() config.dir = dir - # get the directory manager password - if not options.password: - try: - config.dirman_password = get_dirman_password() - except KeyboardInterrupt: - sys.exit(0) - else: - config.dirman_password = options.password - # Try out the password try: conn = ipaldap.IPAdmin(config.master_host_name) |