diff options
-rw-r--r-- | contrib/sssd.spec.in | 8 | ||||
-rw-r--r-- | src/tools/sss_obfuscate | 32 |
2 files changed, 26 insertions, 14 deletions
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 48c0ddd51..c08633a0e 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -136,8 +136,8 @@ make install DESTDIR=$RPM_BUILD_ROOT # Copy default sssd.conf file mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd install -m600 src/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf -install -m400 src/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf -install -m400 src/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/ +install -m444 src/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf +install -m444 src/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/ # Copy default logrotate file mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d @@ -184,12 +184,12 @@ rm -rf $RPM_BUILD_ROOT %attr(755,root,root) %dir %{pubconfpath} %attr(700,root,root) %dir %{pipepath}/private %attr(750,root,root) %dir %{_var}/log/%{name} -%attr(700,root,root) %dir %{_sysconfdir}/sssd +%attr(711,root,root) %dir %{_sysconfdir}/sssd %config(noreplace) %{_sysconfdir}/sssd/sssd.conf %config(noreplace) %{_sysconfdir}/logrotate.d/sssd %config(noreplace) %{_sysconfdir}/rwtab.d/sssd %config %{_sysconfdir}/sssd/sssd.api.conf -%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d +%attr(755,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d %config %{_sysconfdir}/sssd/sssd.api.d/ %{_mandir}/man5/sssd.conf.5* %{_mandir}/man5/sssd-ipa.5* diff --git a/src/tools/sss_obfuscate b/src/tools/sss_obfuscate index cd9116151..506e2c410 100644 --- a/src/tools/sss_obfuscate +++ b/src/tools/sss_obfuscate @@ -19,17 +19,13 @@ def parse_options(): dest="stdin", default=False, help="Read the password from stdin.") parser.add_option("-d", "--domain", - dest="domain", default="default", - help="The domain to use the password in (default: default)", + dest="domain", default=None, + help="The domain to use the password in (mandatory)", metavar="DOMNAME") parser.add_option("-f", "--file", dest="filename", default=None, help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)", metavar="FILE") - parser.add_option("-p", "--password", - dest="password", default=None, - help="Password to obfuscate.", - metavar="PASSWORD") (options, args) = parser.parse_args() return options, args @@ -40,7 +36,11 @@ def main(): print >> sys.stderr, "Cannot parse options" return 1 - if not options.stdin and not options.password: + if not options.domain: + print >> sys.stderr, "No domain specified" + return 1 + + if not options.stdin: pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: ")) p1, p2 = pprompt() while p1 != p2: @@ -59,11 +59,15 @@ def main(): obfpwd = obfobj.encrypt(password, obfobj.AES_256) # Save the obfuscated password into the domain - sssdconfig = SSSDConfig.SSSDConfig() + try: + sssdconfig = SSSDConfig.SSSDConfig() + except IOError: + print "Cannot read internal configuration files." + return 1 try: sssdconfig.import_config(options.filename) except IOError: - print "Cannot open config file %s" % options.filename + print "Permissions error reading config file" return 1 try: @@ -82,7 +86,15 @@ def main(): sssdconfig.save_domain(domain) - sssdconfig.write() + try: + sssdconfig.write() + except IOError: + # File could not be written + print >> sys.stderr, "Could not write to config file. Check that " \ + "you have the appropriate permissions to edit " \ + "this file." + return 1 + return 0 if __name__ == "__main__": |