summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-replica-install
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2013-09-25 08:33:35 +0000
committerPetr Viktorin <pviktori@redhat.com>2013-10-04 10:27:23 +0200
commitc123264ac77cd533a08978909f837c8f4d3e224e (patch)
tree965318ce39f7dcec2ff871b0fed07b810f2145d2 /install/tools/ipa-replica-install
parent46b358811210ecb83e5ea092d0d0554c923b9823 (diff)
downloadfreeipa-c123264ac77cd533a08978909f837c8f4d3e224e.tar.gz
freeipa-c123264ac77cd533a08978909f837c8f4d3e224e.tar.xz
freeipa-c123264ac77cd533a08978909f837c8f4d3e224e.zip
Read passwords from stdin when importing PKCS#12 files with pk12util.
This works around pk12util refusing to use empty password files, which prevents the use of PKCS#12 files with empty password. https://fedorahosted.org/freeipa/ticket/3897
Diffstat (limited to 'install/tools/ipa-replica-install')
-rwxr-xr-xinstall/tools/ipa-replica-install34
1 files changed, 22 insertions, 12 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 2a88c1021..5e6941402 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -149,16 +149,31 @@ def set_owner(config, dir):
pw = pwd.getpwnam(dsinstance.DS_USER)
os.chown(dir, pw.pw_uid, pw.pw_gid)
+
+def make_pkcs12_info(directory, cert_name, password_name):
+ """Make pkcs12_info
+
+ :param directory: Base directory (config.dir)
+ :param cert_name: Cert filename (e.g. "dscert.p12")
+ :param password_name: Cert filename (e.g. "dirsrv_pin.txt")
+ :return: a (full cert path, password) tuple, or None if cert is not found
+ """
+ cert_path = os.path.join(directory, cert_name)
+ if ipautil.file_exists(cert_path):
+ password_file = os.path.join(directory, password_name)
+ password = open(password_file).read().strip()
+ return cert_path, password
+ else:
+ return None
+
+
def install_replica_ds(config):
dsinstance.check_ports()
# if we have a pkcs12 file, create the cert db from
# that. Otherwise the ds setup will create the CA
# cert
- pkcs12_info = None
- if ipautil.file_exists(config.dir + "/dscert.p12"):
- pkcs12_info = (config.dir + "/dscert.p12",
- config.dir + "/dirsrv_pin.txt")
+ pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12", "dirsrv_pin.txt")
ds = dsinstance.DsInstance()
ds.create_replica(
@@ -178,10 +193,8 @@ def install_krb(config, setup_pkinit=False):
krb = krbinstance.KrbInstance()
#pkinit files
- pkcs12_info = None
- if ipautil.file_exists(config.dir + "/pkinitcert.p12"):
- pkcs12_info = (config.dir + "/pkinitcert.p12",
- config.dir + "/pkinit_pin.txt")
+ pkcs12_info = make_pkcs12_info(config.dir, "pkinitcert.p12",
+ "pkinit_pin.txt")
krb.create_replica(config.realm_name,
config.master_host_name, config.host_name,
@@ -206,10 +219,7 @@ def install_http(config, auto_redirect):
# if we have a pkcs12 file, create the cert db from
# that. Otherwise the ds setup will create the CA
# cert
- pkcs12_info = None
- if ipautil.file_exists(config.dir + "/httpcert.p12"):
- pkcs12_info = (config.dir + "/httpcert.p12",
- config.dir + "/http_pin.txt")
+ pkcs12_info = make_pkcs12_info(config.dir, "httpcert.p12", "http_pin.txt")
memcache = memcacheinstance.MemcacheInstance()
memcache.create_instance('MEMCACHE', config.host_name, config.dirman_password, ipautil.realm_to_suffix(config.realm_name))
generated by cgit (git 2.34.1) at 2024-06-23 12:08:09 +0000