diff options
| author | Nathan Kinder <nkinder@redhat.com> | 2013-10-08 15:22:01 -0700 |
|---|---|---|
| committer | Nathan Kinder <nkinder@redhat.com> | 2013-10-09 13:51:42 -0700 |
| commit | deb3dfb3dd2eb47f73efe74fcbc487f5f3796945 (patch) | |
| tree | a8942c81fbcf01f9f11b0b369ade7813d13651bd /base/server/python/pki/server/deployment/pkiparser.py | |
| parent | 53ef3a1a1c80539a470537a03ec77cdcb71b2fd3 (diff) | |
| download | pki-deb3dfb3dd2eb47f73efe74fcbc487f5f3796945.tar.gz pki-deb3dfb3dd2eb47f73efe74fcbc487f5f3796945.tar.xz pki-deb3dfb3dd2eb47f73efe74fcbc487f5f3796945.zip | |
Ticket 757 - Allow unescaped '%' characters in deployment file password values
This patch allows password values in pkispawn deployment files to
contain unescaped '%' characters. Non password settings support
interpolation, so they still require escaping.
This patch has been tested with deployment file based installs as
well as interactive installs. The way it works is that we escape
the password settings internally immediately after reading the
deployment config file. The interactive installation code already
escapes password values as it receives them from the user. This
approach allows the rest of the installation code to remain as-is.
Diffstat (limited to 'base/server/python/pki/server/deployment/pkiparser.py')
| -rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index d4062bf88..ba9c5b836 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -325,10 +325,43 @@ class PKIConfigParser: rv = 0 try: if config.user_deployment_cfg: + # We don't allow interpolation in password settings, which + # means that we need to deal with escaping '%' characters + # that might be present. + no_interpolation = ('pki_admin_password', 'pki_backup_password', + 'pki_client_database_password', + 'pki_client_pkcs12_password', + 'pki_ds_password', 'pki_security_domain_password') + print 'Loading deployment configuration from ' + config.user_deployment_cfg + '.' self.pki_config.read([config.user_deployment_cfg]) config.user_config.read([config.user_deployment_cfg]) + # Look through each section and see if any password settings + # are present. If so, escape any '%' characters. + sections = self.pki_config.sections() + if sections: + sections.append('DEFAULT') + for section in sections: + for key in no_interpolation: + try: + val = self.pki_config.get(section, key, raw=True) + if val: + self.pki_config.set(section, key, val.replace("%", "%%")) + except ConfigParser.NoOptionError: + continue + + sections = config.user_config.sections() + if sections: + sections.append('DEFAULT') + for section in sections: + for key in no_interpolation: + try: + val = config.user_config.get(section, key, raw=True) + if val: + config.user_config.set(section, key, val.replace("%", "%%")) + except ConfigParser.NoOptionError: + continue except ConfigParser.ParsingError, err: print err rv = err |