diff options
| author | Matthew Harmsen <mharmsen@redhat.com> | 2013-09-06 19:11:47 -0700 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2013-09-16 12:17:22 -0700 |
| commit | 51920f9c43e5a6ec188a8b042c170953a0b00e07 (patch) | |
| tree | 030b5b36bf841529bbb67c1e662c5506ecf149ae | |
| parent | 9c3cc5e955e9101ffb4e59282d548105dcc42664 (diff) | |
| download | pki-51920f9c43e5a6ec188a8b042c170953a0b00e07.tar.gz pki-51920f9c43e5a6ec188a8b042c170953a0b00e07.tar.xz pki-51920f9c43e5a6ec188a8b042c170953a0b00e07.zip | |
TRAC Ticket #707 - Do not "require" the following pkispawn parameters for GUI-based configuration
| -rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 42 | ||||
| -rwxr-xr-x | base/server/sbin/pkispawn | 20 |
2 files changed, 43 insertions, 19 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 9bbe81010..9257cbfb8 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -452,15 +452,17 @@ class ConfigurationFile: def verify_sensitive_data(self): # Silently verify the existence of 'sensitive' data if self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # Verify existence of Directory Server Password (ALWAYS) - if not self.master_dict.has_key('pki_ds_password') or\ - not len(self.master_dict['pki_ds_password']): - config.pki_log.error( - log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, - "pki_ds_password", - self.master_dict['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_password", + # Verify existence of Directory Server Password + # (unless configuration will not be automatically executed) + if not config.str2bool(self.master_dict['pki_skip_configuration']): + if not self.master_dict.has_key('pki_ds_password') or\ + not len(self.master_dict['pki_ds_password']): + config.pki_log.error( + log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, + "pki_ds_password", + self.master_dict['pki_user_deployment_cfg'], + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_password", self.master_dict['pki_user_deployment_cfg'])) # Verify existence of Admin Password (except for Clones) if not config.str2bool(self.master_dict['pki_clone']): @@ -515,19 +517,21 @@ class ConfigurationFile: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_password", self.master_dict['pki_user_deployment_cfg'])) - # Verify existence of Security Domain Password File - # (ONLY for Clones, KRA, OCSP, TKS, TPS, or Subordinate CA) + # Verify existence of Security Domain Password + # (ONLY for Clones, KRA, OCSP, TKS, TPS, or Subordinate CA + # that will be automatically configured) if config.str2bool(self.master_dict['pki_clone']) or\ not self.master_dict['pki_subsystem'] == "CA" or\ config.str2bool(self.master_dict['pki_subordinate']): - if not self.master_dict.has_key('pki_security_domain_password') or\ - not len(self.master_dict['pki_security_domain_password']): - config.pki_log.error( - log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, - "pki_security_domain_password", - self.master_dict['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_security_domain_password", + if not config.str2bool(self.master_dict['pki_skip_configuration']): + if not self.master_dict.has_key('pki_security_domain_password') or\ + not len(self.master_dict['pki_security_domain_password']): + config.pki_log.error( + log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, + "pki_security_domain_password", + self.master_dict['pki_user_deployment_cfg'], + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_security_domain_password", self.master_dict['pki_user_deployment_cfg'])) # If required, verify existence of Token Password if not self.master_dict['pki_token_name'] == "internal": diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index 988dd6080..72841c938 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -327,6 +327,16 @@ def main(argv): if not interactive and\ not config.str2bool(parser.pki_master_dict['pki_skip_configuration']): try: + # Verify existence of Directory Server Password + if not parser.pki_master_dict.has_key('pki_ds_password') or\ + not len(parser.pki_master_dict['pki_ds_password']): + config.pki_log.error( + log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, + "pki_ds_password", + parser.pki_master_dict['pki_user_deployment_cfg'], + extra=config.PKI_INDENTATION_LEVEL_0) + sys.exit(1) + parser.ds_connect() parser.ds_bind() @@ -345,6 +355,16 @@ def main(argv): config.str2bool(parser.pki_master_dict['pki_clone']) or\ config.str2bool(parser.pki_master_dict['pki_subordinate']): try: + # Verify existence of Security Domain Password + if not parser.pki_master_dict.has_key('pki_security_domain_password') or\ + not len(parser.pki_master_dict['pki_security_domain_password']): + config.pki_log.error( + log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, + "pki_security_domain_password", + parser.pki_master_dict['pki_user_deployment_cfg'], + extra=config.PKI_INDENTATION_LEVEL_0) + sys.exit(1) + parser.sd_connect() info = parser.sd_get_info() parser.set_property(config.pki_subsystem, 'pki_security_domain_name', info.name) |