|
 |
ac7d03 |
From 391fe8e9d0587ad44a92c320a8d1c9de2c9b980a Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Tomas Krizek <tkrizek@redhat.com>
|
|
|
ac7d03 |
Date: Wed, 3 May 2017 10:16:13 +0200
|
|
|
ac7d03 |
Subject: [PATCH] ca, kra install: validate DM password
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Before proceeding with installation, validate DM password. If the
|
|
|
ac7d03 |
provided DM password is invalid, abort the installation.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Fixes https://pagure.io/freeipa/issue/6892
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
install/tools/ipa-ca-install | 18 ++++++++++--------
|
|
|
ac7d03 |
ipaserver/install/ipa_kra_install.py | 8 ++++++++
|
|
|
ac7d03 |
2 files changed, 18 insertions(+), 8 deletions(-)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
|
|
|
ac7d03 |
index 4bcb59a29d5a64c118649374104ae8f1cd451ea4..f84b4749a3e2a80aca002a2aa057b200e6187f18 100755
|
|
|
ac7d03 |
--- a/install/tools/ipa-ca-install
|
|
|
ac7d03 |
+++ b/install/tools/ipa-ca-install
|
|
|
ac7d03 |
@@ -117,17 +117,19 @@ def parse_options():
|
|
|
ac7d03 |
|
|
|
ac7d03 |
|
|
|
ac7d03 |
def _get_dirman_password(password=None, unattended=False):
|
|
|
ac7d03 |
+ # sys.exit() is used on purpose, because otherwise user is advised to
|
|
|
ac7d03 |
+ # uninstall the component, even though it is not needed
|
|
|
ac7d03 |
if not password:
|
|
|
ac7d03 |
if unattended:
|
|
|
ac7d03 |
sys.exit('Directory Manager password required')
|
|
|
ac7d03 |
- try:
|
|
|
ac7d03 |
- password = installutils.read_password(
|
|
|
ac7d03 |
- "Directory Manager (existing master)", confirm=False,
|
|
|
ac7d03 |
- validate=False)
|
|
|
ac7d03 |
- except KeyboardInterrupt:
|
|
|
ac7d03 |
- sys.exit(0)
|
|
|
ac7d03 |
- if password is None:
|
|
|
ac7d03 |
- sys.exit("Directory Manager password required")
|
|
|
ac7d03 |
+ password = installutils.read_password(
|
|
|
ac7d03 |
+ "Directory Manager (existing master)", confirm=False,
|
|
|
ac7d03 |
+ validate=False)
|
|
|
ac7d03 |
+ try:
|
|
|
ac7d03 |
+ installutils.validate_dm_password_ldap(password)
|
|
|
ac7d03 |
+ except ValueError:
|
|
|
ac7d03 |
+ sys.exit("Directory Manager password is invalid")
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
return password
|
|
|
ac7d03 |
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
|
|
|
ac7d03 |
index b06d49c834d0ffa4f2e35c3241a83e42c4c9c337..8369d2f4082d35b453487ee0f17c9ce050188daf 100644
|
|
|
ac7d03 |
--- a/ipaserver/install/ipa_kra_install.py
|
|
|
ac7d03 |
+++ b/ipaserver/install/ipa_kra_install.py
|
|
|
ac7d03 |
@@ -137,6 +137,14 @@ class KRAInstaller(KRAInstall):
|
|
|
ac7d03 |
def run(self):
|
|
|
ac7d03 |
super(KRAInstaller, self).run()
|
|
|
ac7d03 |
|
|
|
ac7d03 |
+ # Verify DM password. This has to be called after ask_for_options(),
|
|
|
ac7d03 |
+ # so it can't be placed in validate_options().
|
|
|
ac7d03 |
+ try:
|
|
|
ac7d03 |
+ installutils.validate_dm_password_ldap(self.options.password)
|
|
|
ac7d03 |
+ except ValueError:
|
|
|
ac7d03 |
+ raise admintool.ScriptError(
|
|
|
ac7d03 |
+ "Directory Manager password is invalid")
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
if not cainstance.is_ca_installed_locally():
|
|
|
ac7d03 |
raise RuntimeError("Dogtag CA is not installed. "
|
|
|
ac7d03 |
"Please install the CA first")
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.9.4
|
|
|
ac7d03 |
|