diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2016-12-06 09:14:54 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-02-17 10:14:23 +0100 |
commit | ca457eb5ce12291f555f1bf771114d6d7d191987 (patch) | |
tree | 0bb991ae4d78e70f8766f84c12cd66ff8a0178c7 /ipaclient | |
parent | 79b3fbf97d66adb1f5c960e5473b90f85cbe145a (diff) | |
download | freeipa-ca457eb5ce12291f555f1bf771114d6d7d191987.tar.gz freeipa-ca457eb5ce12291f555f1bf771114d6d7d191987.tar.xz freeipa-ca457eb5ce12291f555f1bf771114d6d7d191987.zip |
Add password to certutil calls in NSSDatabase
NSSDatabases should call certutil with a password. Also, removed
`password_filename` argument from `.create_db()`.
https://fedorahosted.org/freeipa/ticket/5695
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaclient')
-rw-r--r-- | ipaclient/install/client.py | 17 |
1 files changed, 3 insertions, 14 deletions
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 2b01b0dfa..e43ec7bb6 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -2284,18 +2284,8 @@ def install_check(options): def create_ipa_nssdb(): db = certdb.NSSDatabase(paths.IPA_NSSDB_DIR) - pwdfile = os.path.join(db.secdir, 'pwdfile.txt') - - ipautil.backup_file(pwdfile) - ipautil.backup_file(os.path.join(db.secdir, 'cert8.db')) - ipautil.backup_file(os.path.join(db.secdir, 'key3.db')) - ipautil.backup_file(os.path.join(db.secdir, 'secmod.db')) - - with open(pwdfile, 'w') as f: - f.write(ipautil.ipa_generate_password()) - os.chmod(pwdfile, 0o600) - - db.create_db(pwdfile) + db.create_db(backup=True) + os.chmod(db.pwd_file, 0o600) os.chmod(os.path.join(db.secdir, 'cert8.db'), 0o644) os.chmod(os.path.join(db.secdir, 'key3.db'), 0o644) os.chmod(os.path.join(db.secdir, 'secmod.db'), 0o644) @@ -2667,8 +2657,7 @@ def _install(options): for cert in ca_certs ] try: - pwd_file = ipautil.write_tmp_file(ipautil.ipa_generate_password()) - tmp_db.create_db(pwd_file.name) + tmp_db.create_db() for i, cert in enumerate(ca_certs): tmp_db.add_cert(cert, 'CA certificate %d' % (i + 1), 'C,,') |