diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-08-31 16:50:47 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-08-31 16:50:47 -0400 |
| commit | e05400dad83adabe09e57e9eb04b718c01019e32 (patch) | |
| tree | 8e5a2a79cd798912988971df6ce943b2d3d2f46c /ipaserver/install/cainstance.py | |
| parent | 99399cc7073204bb125d0f8c848ae9e1ab9b334f (diff) | |
| download | freeipa-e05400dad83adabe09e57e9eb04b718c01019e32.tar.gz freeipa-e05400dad83adabe09e57e9eb04b718c01019e32.tar.xz freeipa-e05400dad83adabe09e57e9eb04b718c01019e32.zip | |
Remove passwords when running commands including stdout and stderr
This replaces the old no logging mechanism that only handled not logging
passwords passed on the command-line. The dogtag installer was including
passwords in the output.
This also adds no password logging to the sslget invocations and removes
a couple of extraneous log commands.
ticket 156
Diffstat (limited to 'ipaserver/install/cainstance.py')
| -rw-r--r-- | ipaserver/install/cainstance.py | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 6babd440f..d356ef82d 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -580,15 +580,8 @@ class CAInstance(service.Service): args.append("false") # Define the things we don't want logged - nolog = (('-client_certdb_pwd', 1), - ('-admin_password', 1), - ('-bind_password', 1), - ('-backup_pwd', 1), - ('-clone_p12_password', 1), - ('-sd_admin_password', 1), - ) + nolog = (self.admin_password, self.dm_password,) - logging.debug(args) ipautil.run(args, nolog=nolog) if self.external == 1: @@ -682,8 +675,7 @@ class CAInstance(service.Service): '-r', '/ca/agent/ca/profileReview?requestId=%s' % self.requestId, '%s:%d' % (self.host_name, AGENT_SECURE_PORT), ] - logging.debug("running sslget %s" % args) - (stdout, stderr, returncode) = ipautil.run(args) + (stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,)) data = stdout.split('\r\n') params = get_defList(data) @@ -703,8 +695,7 @@ class CAInstance(service.Service): '-r', '/ca/agent/ca/profileProcess', '%s:%d' % (self.host_name, AGENT_SECURE_PORT), ] - logging.debug("running sslget %s" % args) - (stdout, stderr, returncode) = ipautil.run(args) + (stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,)) data = stdout.split('\r\n') outputList = get_outputList(data) |