diff options
Diffstat (limited to 'ipa-server')
| -rw-r--r-- | ipa-server/ipa-fix-CVE-2008-3274 | 44 | ||||
| -rw-r--r-- | ipa-server/ipa-install/ipa-replica-prepare | 10 |
2 files changed, 29 insertions, 25 deletions
diff --git a/ipa-server/ipa-fix-CVE-2008-3274 b/ipa-server/ipa-fix-CVE-2008-3274 index 0bcdf2b8e..3d8324e00 100644 --- a/ipa-server/ipa-fix-CVE-2008-3274 +++ b/ipa-server/ipa-fix-CVE-2008-3274 @@ -30,7 +30,7 @@ try: from ldap import LDAPError from ldap import ldapobject - from ipaclient import ipachangeconf + from ipaclient import ipachangeconf from ipaserver import ipaldap from pyasn1.type import univ, namedtype @@ -48,23 +48,23 @@ error was: """ % sys.exc_value sys.exit(1) -def usage(): - print "ipa-fix-CVE-2008-3274 [--check] [--fix] [--fix-replica]" - sys.exit(1) - def parse_options(): - parser = OptionParser() + parser = OptionParser("%prog [--check] [--fix] [--fix-replica]") parser.add_option("--check", dest="check", action="store_true", help="Just check for the vulnerability and report (default action)") parser.add_option("--fix", dest="fix", action="store_true", help="Run checks and start procedure to fix the problem") parser.add_option("--fix-replica", dest="fix_replica", action="store_true", help="Fix a replica after the tool has been tun with --fix on another master") - parser.add_option("--usage", action="store_true", - help="Program usage") - args = ipa.config.init_config(sys.argv) - options, args = parser.parse_args(args) + ipa.config.add_standard_options(parser) + options, args = parser.parse_args() + + ipa.config.verify_args(parser, args) + if not options.fix and not options.fix_replica and not options.check: + parser.error("please specify at least one option") + + ipa.config.init_config(options) return options, args @@ -99,9 +99,20 @@ def check_vuln(realm, suffix): # We support only des3 encoded stash files for now def generate_new_stash_file(file): - odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b', '\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c', '\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8', ';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T', 'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p', 's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86', '\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98', '\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab', '\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc', '\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce', '\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0', '\xe3', -'\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2', '\xf4', '\xf7', -'\xf8', '\xfb', '\xfd', '\xfe'] + odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b', + '\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c', + '\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8', + ';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T', + 'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p', + 's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86', + '\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98', + '\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab', + '\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc', + '\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce', + '\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0', + '\xe3', '\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2', + '\xf4', '\xf7', '\xf8', '\xfb', '\xfd', '\xfe'] + pool_len = len(odd_parity_bytes_pool) keytype = 16 # des3 keydata = "" @@ -467,13 +478,6 @@ def main(): options, args = parse_options() - if options.usage: - usage() - - if not options.fix and not options.fix_replica and not options.check: - print "use --help for more info" - usage() - if options.fix or options.fix_replica: password = getpass.getpass("Directory Manager password: ") diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index ab2e6af8f..67445e394 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -39,8 +39,6 @@ def usage(): def parse_options(): parser = OptionParser(version=version.VERSION) - args = ipa.config.init_config(sys.argv) - parser.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12", help="install certificate for the directory server") parser.add_option("--http_pkcs12", dest="http_pkcs12", @@ -52,7 +50,7 @@ def parse_options(): parser.add_option("-p", "--password", dest="password", help="Directory Manager (existing master) password") - options, args = parser.parse_args(args) + options, args = parser.parse_args() # If any of the PKCS#12 options are selected, all are required. Create a # list of the options and count it to enforce that all are required without @@ -62,9 +60,11 @@ def parse_options(): if cnt > 0 and cnt < 4: parser.error("error: All PKCS#12 options are required if any are used.") - if len(args) != 2: + if len(args) != 1: parser.error("must provide the fully-qualified name of the replica") + ipa.config.init_config(options) + return options, args def get_host_name(): @@ -171,7 +171,7 @@ def get_dirman_password(): def main(): options, args = parse_options() - replica_fqdn = args[1] + replica_fqdn = args[0] if not ipautil.file_exists(certs.CA_SERIALNO) and not options.dirsrv_pin: sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.") |