Rework config.py and change cli tools. Maintain order of IPA servers from command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234

author: Martin Nagy <mnagy@redhat.com> 2008-08-15 18:08:01 +0200
committer: Martin Nagy <mnagy@redhat.com> 2008-09-11 23:34:01 +0200
commit: 885103c32127d10250564e25c5895464fb366f9e (patch)
tree: 5db92cd0d4282b3e1aacbfc04c9d076a0d515bec /ipa-server
parent: 57669ba43224eee0d90556aeea03d14873b4bd7f (diff)
download: freeipa-885103c32127d10250564e25c5895464fb366f9e.tar.gz
freeipa-885103c32127d10250564e25c5895464fb366f9e.tar.xz
freeipa-885103c32127d10250564e25c5895464fb366f9e.zip
2 files changed, 29 insertions, 25 deletions
diff --git a/ipa-server/ipa-fix-CVE-2008-3274 b/ipa-server/ipa-fix-CVE-2008-3274
index 0bcdf2b8e..3d8324e00 100644
--- a/ipa-server/ipa-fix-CVE-2008-3274
+++ b/ipa-server/ipa-fix-CVE-2008-3274
@@ -30,7 +30,7 @@ try:
     from ldap import LDAPError
     from ldap import ldapobject
 
-    from ipaclient import ipachangeconf    
+    from ipaclient import ipachangeconf
     from ipaserver import ipaldap
 
     from pyasn1.type import univ, namedtype
@@ -48,23 +48,23 @@ error was:
 """ % sys.exc_value
     sys.exit(1)
 
-def usage():
-    print "ipa-fix-CVE-2008-3274 [--check] [--fix] [--fix-replica]"
-    sys.exit(1)
-
 def parse_options():
-    parser = OptionParser()
+    parser = OptionParser("%prog [--check] [--fix] [--fix-replica]")
     parser.add_option("--check", dest="check", action="store_true",
                       help="Just check for the vulnerability and report (default action)")
     parser.add_option("--fix", dest="fix", action="store_true",
                       help="Run checks and start procedure to fix the problem")
     parser.add_option("--fix-replica", dest="fix_replica", action="store_true",
                       help="Fix a replica after the tool has been tun with --fix on another master")
-    parser.add_option("--usage", action="store_true",
-                      help="Program usage")
 
-    args = ipa.config.init_config(sys.argv)
-    options, args = parser.parse_args(args)
+    ipa.config.add_standard_options(parser)
+    options, args = parser.parse_args()
+
+    ipa.config.verify_args(parser, args)
+    if not options.fix and not options.fix_replica and not options.check:
+        parser.error("please specify at least one option")
+
+    ipa.config.init_config(options)
 
     return options, args
 
@@ -99,9 +99,20 @@ def check_vuln(realm, suffix):
 # We support only des3 encoded stash files for now
 def generate_new_stash_file(file):
 
-    odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b', '\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c', '\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8', ';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T', 'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p', 's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86', '\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98', '\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab', '\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc', '\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce', '\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0', '\xe3',
-'\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2', '\xf4', '\xf7',
-'\xf8', '\xfb', '\xfd', '\xfe']
+    odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b',
+        '\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c',
+        '\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8',
+        ';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T',
+        'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p',
+        's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86',
+        '\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98',
+        '\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab',
+        '\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc',
+        '\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce',
+        '\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0',
+        '\xe3', '\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2',
+        '\xf4', '\xf7', '\xf8', '\xfb', '\xfd', '\xfe']
+
     pool_len = len(odd_parity_bytes_pool)
     keytype = 16 # des3
     keydata = ""
@@ -467,13 +478,6 @@ def main():
 
     options, args = parse_options()
 
-    if options.usage:
-        usage()
-
-    if not options.fix and not options.fix_replica and not options.check:
-        print "use --help for more info"
-        usage()
-
     if options.fix or options.fix_replica:
         password = getpass.getpass("Directory Manager password: ")
 
diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare
index ab2e6af8f..67445e394 100644
--- a/ipa-server/ipa-install/ipa-replica-prepare
+++ b/ipa-server/ipa-install/ipa-replica-prepare
@@ -39,8 +39,6 @@ def usage():
 def parse_options():
     parser = OptionParser(version=version.VERSION)
 
-    args = ipa.config.init_config(sys.argv)
-
     parser.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12",
                       help="install certificate for the directory server")
     parser.add_option("--http_pkcs12", dest="http_pkcs12",
@@ -52,7 +50,7 @@ def parse_options():
     parser.add_option("-p", "--password", dest="password", 
                       help="Directory Manager (existing master) password")
 
-    options, args = parser.parse_args(args)
+    options, args = parser.parse_args()
 
     # If any of the PKCS#12 options are selected, all are required. Create a
     # list of the options and count it to enforce that all are required without
@@ -62,9 +60,11 @@ def parse_options():
     if cnt > 0 and cnt < 4:
         parser.error("error: All PKCS#12 options are required if any are used.")
 
-    if len(args) != 2:
+    if len(args) != 1:
         parser.error("must provide the fully-qualified name of the replica")
 
+    ipa.config.init_config(options)
+
     return options, args
 
 def get_host_name():
@@ -171,7 +171,7 @@ def get_dirman_password():
 def main():
     options, args = parse_options()
 
-    replica_fqdn = args[1]
+    replica_fqdn = args[0]
 
     if not ipautil.file_exists(certs.CA_SERIALNO) and not options.dirsrv_pin:
         sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")
author	Martin Nagy <mnagy@redhat.com>	2008-08-15 18:08:01 +0200
committer	Martin Nagy <mnagy@redhat.com>	2008-09-11 23:34:01 +0200
commit	885103c32127d10250564e25c5895464fb366f9e (patch)
tree	5db92cd0d4282b3e1aacbfc04c9d076a0d515bec /ipa-server
parent	57669ba43224eee0d90556aeea03d14873b4bd7f (diff)
download	freeipa-885103c32127d10250564e25c5895464fb366f9e.tar.gz freeipa-885103c32127d10250564e25c5895464fb366f9e.tar.xz freeipa-885103c32127d10250564e25c5895464fb366f9e.zip