From 5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6 Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Wed, 28 Nov 2012 09:27:16 -0500
Subject: Reorganized sensitive parameters.

Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.

To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.

Ticket #399
---
 base/deploy/src/scriptlets/security_databases.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'base/deploy/src/scriptlets/security_databases.py')

diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py
index 0cc660b3a..a74a4c157 100644
--- a/base/deploy/src/scriptlets/security_databases.py
+++ b/base/deploy/src/scriptlets/security_databases.py
@@ -22,7 +22,6 @@
 # PKI Deployment Imports
 import pkiconfig as config
 from pkiconfig import pki_master_dict as master
-from pkiconfig import pki_sensitive_dict as sensitive
 import pkihelper as util
 import pkimessages as log
 import pkiscriptlet
@@ -41,14 +40,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                             extra=config.PKI_INDENTATION_LEVEL_1)
         util.password.create_password_conf(
             master['pki_shared_password_conf'],
-            sensitive['pki_pin'])
+            master['pki_pin'])
         # Since 'certutil' does NOT strip the 'token=' portion of
         # the 'token=password' entries, create a temporary server 'pfile'
         # which ONLY contains the 'password' for the purposes of
         # allowing 'certutil' to generate the security databases
         util.password.create_password_conf(
             master['pki_shared_pfile'],
-            sensitive['pki_pin'], pin_sans_token=True)
+            master['pki_pin'], pin_sans_token=True)
         util.file.modify(master['pki_shared_password_conf'])
         util.certutil.create_security_databases(
             master['pki_database_path'],
-- 
cgit