diff options
author | Jan Cholasta <jcholast@redhat.com> | 2016-11-24 10:07:50 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-11-29 14:50:51 +0100 |
commit | f919ab4ee0ec26d77ee6978e75de5daba4073402 (patch) | |
tree | 96bc34b288db5789f72f69cad79c50a45f8eb4c4 /ipapython/certdb.py | |
parent | fba6c21da3fbe0a62a96118eb32f205249ab3736 (diff) | |
download | freeipa-f919ab4ee0ec26d77ee6978e75de5daba4073402.tar.gz freeipa-f919ab4ee0ec26d77ee6978e75de5daba4073402.tar.xz freeipa-f919ab4ee0ec26d77ee6978e75de5daba4073402.zip |
certdb: use a temporary file to pass password to pk12util
Currently the PKCS#12 file password is passed via stdin and pk12util reads
it from /dev/stdin, which is platform-specific.
Use a temporary file instead.
https://fedorahosted.org/freeipa/ticket/6474
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipapython/certdb.py')
-rw-r--r-- | ipapython/certdb.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ipapython/certdb.py b/ipapython/certdb.py index 309525377..464cc5b43 100644 --- a/ipapython/certdb.py +++ b/ipapython/certdb.py @@ -155,11 +155,12 @@ class NSSDatabase(object): args = [paths.PK12UTIL, "-d", self.secdir, "-i", pkcs12_filename, "-k", db_password_filename, '-v'] + pkcs12_password_file = None if pkcs12_passwd is not None: - pkcs12_passwd = pkcs12_passwd + '\n' - args = args + ["-w", paths.DEV_STDIN] + pkcs12_password_file = ipautil.write_tmp_file(pkcs12_passwd) + args = args + ["-w", pkcs12_password_file.name] try: - ipautil.run(args, stdin=pkcs12_passwd) + ipautil.run(args) except ipautil.CalledProcessError as e: if e.returncode == 17: raise RuntimeError("incorrect password for pkcs#12 file %s" % @@ -169,6 +170,9 @@ class NSSDatabase(object): else: raise RuntimeError("unknown error import pkcs#12 file %s" % pkcs12_filename) + finally: + if pkcs12_password_file is not None: + pkcs12_password_file.close() def import_files(self, files, db_password_filename, import_keys=False, key_password=None, key_nickname=None): |