diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-09-30 14:41:51 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-10-01 13:41:45 -0400 |
| commit | 25848ed17315937f0daabf710b1c92e6f794a725 (patch) | |
| tree | d5e5214a5713730101ab08e442b6d807196efc5f /ipaserver | |
| parent | aac7badb773d575449eb7af589b1f505f7c66b52 (diff) | |
| download | freeipa-25848ed17315937f0daabf710b1c92e6f794a725.tar.gz freeipa-25848ed17315937f0daabf710b1c92e6f794a725.tar.xz freeipa-25848ed17315937f0daabf710b1c92e6f794a725.zip | |
Quote passwords when calling pkisilent
ticket 243
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/cainstance.py | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index cc203d5ec..f1dcc9b51 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -507,12 +507,12 @@ class CAInstance(service.Service): "-cs_hostname", self.host_name, "-cs_port", str(ADMIN_SECURE_PORT), "-client_certdb_dir", self.ca_agent_db, - "-client_certdb_pwd", self.admin_password, + "-client_certdb_pwd", '"%s"' % self.admin_password, "-preop_pin" , preop_pin, "-domain_name", self.domain_name, "-admin_user", "admin", "-admin_email", "root@localhost", - "-admin_password", self.admin_password, + "-admin_password", '"%s"' % self.admin_password, "-agent_name", "ipa-ca-agent", "-agent_key_size", "2048", "-agent_key_type", "rsa", @@ -520,14 +520,14 @@ class CAInstance(service.Service): "-ldap_host", self.host_name, "-ldap_port", str(self.ds_port), "-bind_dn", "\"cn=Directory Manager\"", - "-bind_password", self.dm_password, + "-bind_password", '"%s"' % self.dm_password, "-base_dn", self.basedn, "-db_name", "ipaca", "-key_size", "2048", "-key_type", "rsa", "-key_algorithm", "SHA256withRSA", "-save_p12", "true", - "-backup_pwd", self.admin_password, + "-backup_pwd", '"%s"' % self.admin_password, "-subsystem_name", self.service_name, "-token_name", "internal", "-ca_subsystem_cert_subject_name", "\"CN=CA Subsystem,%s\"" % self.subject_base, @@ -565,7 +565,7 @@ class CAInstance(service.Service): args.append("-clone_p12_file") args.append("ca.p12") args.append("-clone_p12_password") - args.append(self.dm_password) + args.append('"%s"' % self.dm_password) args.append("-sd_hostname") args.append(self.master_host) args.append("-sd_admin_port") @@ -573,7 +573,7 @@ class CAInstance(service.Service): args.append("-sd_admin_name") args.append("admin") args.append("-sd_admin_password") - args.append(self.admin_password) + args.append('"%s"' % self.admin_password) args.append("-clone_uri") args.append("https://%s:%d" % (self.master_host, EE_SECURE_PORT)) else: @@ -604,6 +604,7 @@ class CAInstance(service.Service): logging.debug("completed creating ca instance") except ipautil.CalledProcessError, e: logging.critical("failed to restart ca instance %s" % e) + raise RuntimeError('Configuration of CA failed') # Turn off Nonces (again) if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: |