From deb3dfb3dd2eb47f73efe74fcbc487f5f3796945 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Tue, 8 Oct 2013 15:22:01 -0700
Subject: Ticket 757 - Allow unescaped '%' characters in deployment file
 password values

This patch allows password values in pkispawn deployment files to
contain unescaped '%' characters.  Non password settings support
interpolation, so they still require escaping.

This patch has been tested with deployment file based installs as
well as interactive installs.  The way it works is that we escape
the password settings internally immediately after reading the
deployment config file.  The interactive installation code already
escapes password values as it receives them from the user.  This
approach allows the rest of the installation code to remain as-is.
---
 .../python/pki/server/deployment/pkiparser.py      | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)

(limited to 'base/server/python/pki')

diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index d4062bf88..ba9c5b836 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -325,10 +325,43 @@ class PKIConfigParser:
         rv = 0
         try:
             if config.user_deployment_cfg:
+                # We don't allow interpolation in password settings, which
+                # means that we need to deal with escaping '%' characters
+                # that might be present.
+                no_interpolation = ('pki_admin_password', 'pki_backup_password',
+                                    'pki_client_database_password',
+                                    'pki_client_pkcs12_password',
+                                    'pki_ds_password', 'pki_security_domain_password')
+
                 print 'Loading deployment configuration from ' + config.user_deployment_cfg + '.'
                 self.pki_config.read([config.user_deployment_cfg])
                 config.user_config.read([config.user_deployment_cfg])
 
+                # Look through each section and see if any password settings
+                # are present.  If so, escape any '%' characters.
+                sections = self.pki_config.sections()
+                if sections:
+                    sections.append('DEFAULT')
+                    for section in sections:
+                        for key in no_interpolation:
+                            try:
+                                val =  self.pki_config.get(section, key, raw=True)
+                                if val:
+                                    self.pki_config.set(section, key, val.replace("%", "%%"))
+                            except ConfigParser.NoOptionError:
+                                continue
+
+                sections = config.user_config.sections()
+                if sections:
+                    sections.append('DEFAULT')
+                    for section in sections:
+                        for key in no_interpolation:
+                            try:
+                                val =  config.user_config.get(section, key, raw=True)
+                                if val:
+                                    config.user_config.set(section, key, val.replace("%", "%%"))
+                            except ConfigParser.NoOptionError:
+                                continue
         except ConfigParser.ParsingError, err:
             print err
             rv = err
-- 
cgit