diff options
-rw-r--r-- | ipaserver/install/certs.py | 8 | ||||
-rw-r--r-- | ipaserver/install/dogtaginstance.py | 3 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 5 | ||||
-rw-r--r-- | ipaserver/install/httpinstance.py | 5 | ||||
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 3 | ||||
-rw-r--r-- | ipaserver/secrets/store.py | 2 |
6 files changed, 8 insertions, 18 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 02b03d48b..414a71664 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -25,7 +25,6 @@ import shutil import xml.dom.minidom import pwd import base64 -from hashlib import sha1 import fcntl import time import datetime @@ -159,9 +158,6 @@ class CertDB(object): perms |= stat.S_IWUSR os.chmod(fname, perms) - def gen_password(self): - return sha1(ipautil.ipa_generate_password()).hexdigest() - def run_certutil(self, args, stdin=None, **kwargs): return self.nssdb.run_certutil(args, stdin, **kwargs) @@ -177,7 +173,7 @@ class CertDB(object): if ipautil.file_exists(self.noise_fname): os.remove(self.noise_fname) f = open(self.noise_fname, "w") - f.write(self.gen_password()) + f.write(ipautil.ipa_generate_password(pwd_len=25)) self.set_perms(self.noise_fname) def create_passwd_file(self, passwd=None): @@ -186,7 +182,7 @@ class CertDB(object): if passwd is not None: f.write("%s\n" % passwd) else: - f.write(self.gen_password()) + f.write(ipautil.ipa_generate_password(pwd_len=25)) f.close() self.set_perms(self.passwd_fname) diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index f4856c75e..dc4b5b071 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -18,7 +18,6 @@ # import base64 -import binascii import ldap import os import shutil @@ -428,7 +427,7 @@ class DogtagInstance(service.Service): def setup_admin(self): self.admin_user = "admin-%s" % self.fqdn - self.admin_password = binascii.hexlify(os.urandom(16)) + self.admin_password = ipautil.ipa_generate_password(pwd_len=20) self.admin_dn = DN(('uid', self.admin_user), ('ou', 'people'), ('o', 'ipaca')) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index a0fdc4ae4..89315b6e8 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -508,7 +508,7 @@ class DsInstance(service.Service): idrange_size = None self.sub_dict = dict(FQDN=self.fqdn, SERVERID=self.serverid, PASSWORD=self.dm_password, - RANDOM_PASSWORD=self.generate_random(), + RANDOM_PASSWORD=ipautil.ipa_generate_password(), SUFFIX=self.suffix, REALM=self.realm, USER=DS_USER, SERVER_ROOT=server_root, DOMAIN=self.domain, @@ -775,9 +775,6 @@ class DsInstance(service.Service): def __add_enrollment_module(self): self._ldap_mod("enrollment-conf.ldif", self.sub_dict) - def generate_random(self): - return ipautil.ipa_generate_password() - def __enable_ssl(self): dirname = config_dirname(self.serverid) dsdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index b7ce857ed..e8c706e7a 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -19,7 +19,6 @@ from __future__ import print_function -import binascii import os import os.path import pwd @@ -314,9 +313,9 @@ class HTTPInstance(service.Service): ipautil.backup_file(nss_path) # Create the password file for this db - hex_str = binascii.hexlify(os.urandom(10)) + password = ipautil.ipa_generate_password(pwd_len=15) f = os.open(pwd_file, os.O_CREAT | os.O_RDWR) - os.write(f, hex_str) + os.write(f, password) os.close(f) ipautil.run([paths.CERTUTIL, "-d", database, "-f", pwd_file, "-N"]) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 6e986f7d9..212616908 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -45,7 +45,6 @@ from ipaserver.install.replication import ( ReplicationManager, replica_conn_check) import SSSDConfig from subprocess import CalledProcessError -from binascii import hexlify if six.PY3: unicode = str @@ -1303,7 +1302,7 @@ def install(installer): if conn.isconnected(): conn.disconnect() os.environ['KRB5CCNAME'] = ccache - config.dirman_password = hexlify(ipautil.ipa_generate_password()) + config.dirman_password = ipautil.ipa_generate_password() # FIXME: allow to use passed in certs instead if ca_enabled: diff --git a/ipaserver/secrets/store.py b/ipaserver/secrets/store.py index 1df7191f9..1c369d8cd 100644 --- a/ipaserver/secrets/store.py +++ b/ipaserver/secrets/store.py @@ -122,7 +122,7 @@ class NSSCertDB(DBMAPHandler): with open(nsspwfile, 'w+') as f: f.write(self.nssdb_password) pk12pwfile = os.path.join(tdir, 'pk12pwfile') - password = b64encode(os.urandom(16)) + password = ipautil.ipa_generate_password(pwd_len=20) with open(pk12pwfile, 'w+') as f: f.write(password) pk12file = os.path.join(tdir, 'pk12file') |