diff options
| author | Jack Magne <jmagne@localhost.localdomain> | 2015-05-06 16:49:59 -0700 |
|---|---|---|
| committer | Jack Magne <jmagne@localhost.localdomain> | 2015-05-07 15:46:21 -0700 |
| commit | 73fb345e06b70d23a852743e4dc81ef6063e738a (patch) | |
| tree | 520bab7b169746ceecda50e47540193b9f041746 /base/server/python/pki/server/deployment/pkihelper.py | |
| parent | 141fc3c9fdfd87b9726a87493331ad6585488461 (diff) | |
| download | pki-73fb345e06b70d23a852743e4dc81ef6063e738a.tar.gz pki-73fb345e06b70d23a852743e4dc81ef6063e738a.tar.xz pki-73fb345e06b70d23a852743e4dc81ef6063e738a.zip | |
Fix #1351 pki securitydomain-get-install-token fails when run with caadmin user.
The short term solution to this problem was to remove the man page information and all references to the command line module reponsible for this issue.
The installer already has an alternative method to remove a subsystem from the security domain list. We now assume the alternate method and don't even try to find the token at this point.
A user at the command line of the pki command will no longer be able to attempt this as well.
Tested this to verify that the man page for the "securtydomain" command no longer mentions or documents the "get-install-token" variant. Tested to verify that this command can't be manually called from the command line using "pki". This attempt results in an "unknown module". Tested by installing and uninstalling a subsytem. The security domain was kept up to date as expected for each install over remove attempted.
Diffstat (limited to 'base/server/python/pki/server/deployment/pkihelper.py')
| -rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index b9d48eea3..e6f001910 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -3232,67 +3232,6 @@ class SecurityDomain: return None - def get_installation_token(self, secuser, secpass, critical_failure=True): - if not secuser or not secpass: - return None - - # process this PKI subsystem instance's 'CS.cfg' - cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.mdict['pki_target_cs_cfg']) - - # assign key name/value pairs - machinename = cs_cfg.get('service.machineName') - cstype = cs_cfg.get('cs.type', '') - sechost = cs_cfg.get('securitydomain.host') - secadminport = cs_cfg.get('securitydomain.httpsadminport') - #secselect = cs_cfg.get('securitydomain.select') - Selected - # security domain - - command = ["/bin/pki", - "-p", str(secadminport), - "-h", sechost, - "-P", "https", - "-u", secuser, - "-w", secpass, - "-d", self.mdict['pki_database_path'], - "securitydomain-get-install-token", - "--hostname", machinename, - "--subsystem", cstype] - try: - output = subprocess.check_output( - command, - stderr=subprocess.STDOUT, - shell=True) - - token_list = re.findall("Install token: \"(.*)\"", output) - if not token_list: - config.pki_log.error( - log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2, - str(sechost), - str(secadminport), - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.error( - log.PKI_SUBPROCESS_ERROR_1, output, - extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure: - raise Exception( - log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2 % - (str(sechost), str(secadminport))) - else: - token = token_list[0] - return token - except subprocess.CalledProcessError as exc: - config.pki_log.error( - log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2, - str(sechost), - str(secadminport), - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure: - raise - return None - class Systemd(object): """PKI Deployment Execution Management Class""" |