From 99da0d88f066826fc33562045d47f6cc760633b5 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 15 Mar 2010 17:06:24 -0400
Subject: Provide mechanism in ipautil.run() to not log all arguments.

This is primarily designed to not log passwords but it could have other
uses.

567867
---
 ipaserver/install/cainstance.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'ipaserver/install/cainstance.py')

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 585bccef..aedee8cf 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -614,8 +614,17 @@ class CAInstance(service.Service):
                 args.append("-clone")
                 args.append("false")
 
+            # Define the things we don't want logged
+            nolog = (('-client_certdb_pwd', 1),
+                     ('-admin_password', 1),
+                     ('-bind_password', 1),
+                     ('-backup_pwd', 1),
+                     ('-clone_p12_password', 1),
+                     ('-sd_admin_password', 1),
+            )
+
             logging.debug(args)
-            ipautil.run(args)
+            ipautil.run(args, nolog=nolog)
 
             if self.external == 1:
                 print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file
-- 
cgit