From d2b483cbb3ca15a68115cf32cfaf89572259914e Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 8 Jun 2011 14:39:50 +0200
Subject: Fix directory manager password validation in ipa-nis-manage.

ticket 1283, 1284
---
 install/tools/ipa-nis-manage      | 10 ++++++++--
 ipaserver/install/installutils.py |  6 +++++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
index 69db06ab8..2c0936b49 100755
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -62,7 +62,7 @@ def get_dirman_password():
     """Prompt the user for the Directory Manager password and verify its
        correctness.
     """
-    password = installutils.read_password("Directory Manager", confirm=False, validate=False)
+    password = installutils.read_password("Directory Manager", confirm=False, validate=False, retry=False)
 
     return password
 
@@ -101,11 +101,17 @@ def main():
 
     dirman_password = ""
     if options.password:
-        pw = ipautil.template_file(options.password, [])
+        try:
+            pw = ipautil.template_file(options.password, [])
+        except IOError:
+            sys.exit("File \"%s\" not found or not readable" % options.password)
         dirman_password = pw.strip()
     else:
         dirman_password = get_dirman_password()
 
+    if not dirman_password:
+        sys.exit("No password supplied")
+
     api.bootstrap(context='cli', debug=options.debug)
     api.finalize()
 
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 8d93a60b3..f5a862599 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -288,15 +288,18 @@ def get_password(prompt):
     else:
         return sys.stdin.readline().rstrip()
 
-def read_password(user, confirm=True, validate=True):
+def read_password(user, confirm=True, validate=True, retry=True):
     correct = False
     pwd = ""
     while not correct:
+        if not retry:
+            correct = True
         pwd = get_password(user + " password: ")
         if not pwd:
             continue
         if validate and len(pwd) < 8:
             print "Password must be at least 8 characters long"
+            pwd = ""
             continue
         if not confirm:
             correct = True
@@ -305,6 +308,7 @@ def read_password(user, confirm=True, validate=True):
         if pwd != pwd_confirm:
             print "Password mismatch!"
             print ""
+            pwd = ""
         else:
             correct = True
     print ""
-- 
cgit