diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-01-18 12:31:16 +0100 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2011-01-18 10:03:55 -0500 |
| commit | e73efb9a9000c2efb73297340c6268d59a11b6fc (patch) | |
| tree | 7ea1a3543c2d39d3598fa78d1a8312f5a0bca3e9 /ipaserver | |
| parent | 38bce669da7887df5f2d518b675299167b440f8e (diff) | |
| download | freeipa-e73efb9a9000c2efb73297340c6268d59a11b6fc.tar.gz freeipa-e73efb9a9000c2efb73297340c6268d59a11b6fc.tar.xz freeipa-e73efb9a9000c2efb73297340c6268d59a11b6fc.zip | |
Password generation and logging in ipa-server-install
When a randomly generated password contains a space character
as the first or the last character, installation fails on
kdb5_ldap_util calling, which does not accept that. This patch
fixes the generator to generate space only on allowed position.
This patch also ensures that no password is printed to
server install log.
https://fedorahosted.org/freeipa/ticket/731
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/krbinstance.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/service.py | 7 |
2 files changed, 7 insertions, 2 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index d89ad0b33..e7c111637 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -335,7 +335,7 @@ class KrbInstance(service.Service): #populate the directory with the realm structure args = ["kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"] try: - ipautil.run(args) + ipautil.run(args, nolog=(self.kdc_password, self.master_password)) except ipautil.CalledProcessError, e: print "Failed to populate the realm structure in kerberos", e diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 27c55618e..ef3becdf3 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -124,12 +124,17 @@ class Service: fd = None path = ipautil.SHARE_DIR + ldif hostname = installutils.get_fqdn() + nologlist=() if sub_dict is not None: txt = ipautil.template_file(path, sub_dict) fd = ipautil.write_tmp_file(txt) path = fd.name + # do not log passwords + if sub_dict.has_key('PASSWORD'): + nologlist = sub_dict['PASSWORD'], + if self.dm_password: [pw_fd, pw_name] = tempfile.mkstemp() os.write(pw_fd, self.dm_password) @@ -143,7 +148,7 @@ class Service: try: try: - ipautil.run(args) + ipautil.run(args, nolog=nologlist) except ipautil.CalledProcessError, e: logging.critical("Failed to load %s: %s" % (ldif, str(e))) finally: |