diff options
author | Martin Nagy <mnagy@redhat.com> | 2008-08-15 18:08:01 +0200 |
---|---|---|
committer | Martin Nagy <mnagy@redhat.com> | 2008-09-11 23:34:01 +0200 |
commit | 885103c32127d10250564e25c5895464fb366f9e (patch) | |
tree | 5db92cd0d4282b3e1aacbfc04c9d076a0d515bec /ipa-server | |
parent | 57669ba43224eee0d90556aeea03d14873b4bd7f (diff) | |
download | freeipa-885103c32127d10250564e25c5895464fb366f9e.tar.gz freeipa-885103c32127d10250564e25c5895464fb366f9e.tar.xz freeipa-885103c32127d10250564e25c5895464fb366f9e.zip |
Rework config.py and change cli tools. Maintain order of IPA servers from command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234
Diffstat (limited to 'ipa-server')
-rw-r--r-- | ipa-server/ipa-fix-CVE-2008-3274 | 44 | ||||
-rw-r--r-- | ipa-server/ipa-install/ipa-replica-prepare | 10 |
2 files changed, 29 insertions, 25 deletions
diff --git a/ipa-server/ipa-fix-CVE-2008-3274 b/ipa-server/ipa-fix-CVE-2008-3274 index 0bcdf2b8e..3d8324e00 100644 --- a/ipa-server/ipa-fix-CVE-2008-3274 +++ b/ipa-server/ipa-fix-CVE-2008-3274 @@ -30,7 +30,7 @@ try: from ldap import LDAPError from ldap import ldapobject - from ipaclient import ipachangeconf + from ipaclient import ipachangeconf from ipaserver import ipaldap from pyasn1.type import univ, namedtype @@ -48,23 +48,23 @@ error was: """ % sys.exc_value sys.exit(1) -def usage(): - print "ipa-fix-CVE-2008-3274 [--check] [--fix] [--fix-replica]" - sys.exit(1) - def parse_options(): - parser = OptionParser() + parser = OptionParser("%prog [--check] [--fix] [--fix-replica]") parser.add_option("--check", dest="check", action="store_true", help="Just check for the vulnerability and report (default action)") parser.add_option("--fix", dest="fix", action="store_true", help="Run checks and start procedure to fix the problem") parser.add_option("--fix-replica", dest="fix_replica", action="store_true", help="Fix a replica after the tool has been tun with --fix on another master") - parser.add_option("--usage", action="store_true", - help="Program usage") - args = ipa.config.init_config(sys.argv) - options, args = parser.parse_args(args) + ipa.config.add_standard_options(parser) + options, args = parser.parse_args() + + ipa.config.verify_args(parser, args) + if not options.fix and not options.fix_replica and not options.check: + parser.error("please specify at least one option") + + ipa.config.init_config(options) return options, args @@ -99,9 +99,20 @@ def check_vuln(realm, suffix): # We support only des3 encoded stash files for now def generate_new_stash_file(file): - odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b', '\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c', '\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8', ';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T', 'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p', 's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86', '\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98', '\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab', '\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc', '\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce', '\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0', '\xe3', -'\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2', '\xf4', '\xf7', -'\xf8', '\xfb', '\xfd', '\xfe'] + odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b', + '\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c', + '\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8', + ';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T', + 'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p', + 's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86', + '\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98', + '\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab', + '\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc', + '\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce', + '\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0', + '\xe3', '\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2', + '\xf4', '\xf7', '\xf8', '\xfb', '\xfd', '\xfe'] + pool_len = len(odd_parity_bytes_pool) keytype = 16 # des3 keydata = "" @@ -467,13 +478,6 @@ def main(): options, args = parse_options() - if options.usage: - usage() - - if not options.fix and not options.fix_replica and not options.check: - print "use --help for more info" - usage() - if options.fix or options.fix_replica: password = getpass.getpass("Directory Manager password: ") diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index ab2e6af8f..67445e394 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -39,8 +39,6 @@ def usage(): def parse_options(): parser = OptionParser(version=version.VERSION) - args = ipa.config.init_config(sys.argv) - parser.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12", help="install certificate for the directory server") parser.add_option("--http_pkcs12", dest="http_pkcs12", @@ -52,7 +50,7 @@ def parse_options(): parser.add_option("-p", "--password", dest="password", help="Directory Manager (existing master) password") - options, args = parser.parse_args(args) + options, args = parser.parse_args() # If any of the PKCS#12 options are selected, all are required. Create a # list of the options and count it to enforce that all are required without @@ -62,9 +60,11 @@ def parse_options(): if cnt > 0 and cnt < 4: parser.error("error: All PKCS#12 options are required if any are used.") - if len(args) != 2: + if len(args) != 1: parser.error("must provide the fully-qualified name of the replica") + ipa.config.init_config(options) + return options, args def get_host_name(): @@ -171,7 +171,7 @@ def get_dirman_password(): def main(): options, args = parse_options() - replica_fqdn = args[1] + replica_fqdn = args[0] if not ipautil.file_exists(certs.CA_SERIALNO) and not options.dirsrv_pin: sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.") |