|
 |
018a91 |
From 78d42fcb8def1c21dc9a82251b760ab1b7a23f88 Mon Sep 17 00:00:00 2001
|
|
|
018a91 |
From: Matthew Harmsen <mharmsen@redhat.com>
|
|
|
018a91 |
Date: Wed, 30 Mar 2016 15:16:06 -0600
|
|
|
018a91 |
Subject: [PATCH] Fixed KRA install problem.
|
|
|
018a91 |
|
|
|
018a91 |
Currently when installing an additional subsystem to an existing
|
|
|
018a91 |
instance the install tool always generates a new random password in
|
|
|
018a91 |
the pki_pin property which would not work with the existing NSS
|
|
|
018a91 |
database. The code has been modified to load the existing NSS
|
|
|
018a91 |
database password from the instance if the instance already exists.
|
|
|
018a91 |
|
|
|
018a91 |
The PKIInstance class has been modified to allow loading partially
|
|
|
018a91 |
created instance to help the installation.
|
|
|
018a91 |
|
|
|
018a91 |
https://fedorahosted.org/pki/ticket/2247
|
|
|
018a91 |
|
|
|
018a91 |
Altered from 'master' (10.3.0) so that it could be applied
|
|
|
018a91 |
to 'DOGTAG_10_2_5_RHEL_BRANCH' (10.2.5).
|
|
|
018a91 |
---
|
|
|
018a91 |
base/server/python/pki/server/__init__.py | 54 ++++++++++++----------
|
|
|
018a91 |
.../python/pki/server/deployment/pkiparser.py | 18 ++++++--
|
|
|
018a91 |
2 files changed, 44 insertions(+), 28 deletions(-)
|
|
|
018a91 |
|
|
|
018a91 |
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
|
|
|
018a91 |
index 22b6fcf..971a3f6 100644
|
|
|
018a91 |
--- a/base/server/python/pki/server/__init__.py
|
|
|
018a91 |
+++ b/base/server/python/pki/server/__init__.py
|
|
|
018a91 |
@@ -413,40 +413,44 @@ class PKIInstance(object):
|
|
|
018a91 |
|
|
|
018a91 |
def load(self):
|
|
|
018a91 |
# load UID and GID
|
|
|
018a91 |
- with open(self.registry_file, 'r') as registry:
|
|
|
018a91 |
- lines = registry.readlines()
|
|
|
018a91 |
+ if os.path.exists(self.registry_file):
|
|
|
018a91 |
|
|
|
018a91 |
- for line in lines:
|
|
|
018a91 |
+ with open(self.registry_file, 'r') as registry:
|
|
|
018a91 |
+ lines = registry.readlines()
|
|
|
018a91 |
|
|
|
018a91 |
- m = re.search('^PKI_USER=(.*)$', line)
|
|
|
018a91 |
- if m:
|
|
|
018a91 |
- self.user = m.group(1)
|
|
|
018a91 |
- self.uid = pwd.getpwnam(self.user).pw_uid
|
|
|
018a91 |
+ for line in lines:
|
|
|
018a91 |
+ m = re.search('^PKI_USER=(.*)$', line)
|
|
|
018a91 |
+ if m:
|
|
|
018a91 |
+ self.user = m.group(1)
|
|
|
018a91 |
+ self.uid = pwd.getpwnam(self.user).pw_uid
|
|
|
018a91 |
|
|
|
018a91 |
- m = re.search('^PKI_GROUP=(.*)$', line)
|
|
|
018a91 |
- if m:
|
|
|
018a91 |
- self.group = m.group(1)
|
|
|
018a91 |
- self.gid = grp.getgrnam(self.group).gr_gid
|
|
|
018a91 |
+ m = re.search('^PKI_GROUP=(.*)$', line)
|
|
|
018a91 |
+ if m:
|
|
|
018a91 |
+ self.group = m.group(1)
|
|
|
018a91 |
+ self.gid = grp.getgrnam(self.group).gr_gid
|
|
|
018a91 |
|
|
|
018a91 |
# load passwords
|
|
|
018a91 |
self.passwords.clear()
|
|
|
018a91 |
- lines = open(self.password_conf).read().splitlines()
|
|
|
018a91 |
+ if os.path.exists(self.password_conf):
|
|
|
018a91 |
|
|
|
018a91 |
- for line in lines:
|
|
|
018a91 |
- parts = line.split('=', 1)
|
|
|
018a91 |
- name = parts[0]
|
|
|
018a91 |
- value = parts[1]
|
|
|
018a91 |
- self.passwords[name] = value
|
|
|
018a91 |
+ lines = open(self.password_conf).read().splitlines()
|
|
|
018a91 |
+
|
|
|
018a91 |
+ for line in lines:
|
|
|
018a91 |
+ parts = line.split('=', 1)
|
|
|
018a91 |
+ name = parts[0]
|
|
|
018a91 |
+ value = parts[1]
|
|
|
018a91 |
+ self.passwords[name] = value
|
|
|
018a91 |
|
|
|
018a91 |
# load subsystems
|
|
|
018a91 |
- for subsystem_name in os.listdir(self.registry_dir):
|
|
|
018a91 |
- if subsystem_name in SUBSYSTEM_TYPES:
|
|
|
018a91 |
- if subsystem_name in SUBSYSTEM_CLASSES:
|
|
|
018a91 |
- subsystem = SUBSYSTEM_CLASSES[subsystem_name](self)
|
|
|
018a91 |
- else:
|
|
|
018a91 |
- subsystem = PKISubsystem(self, subsystem_name)
|
|
|
018a91 |
- subsystem.load()
|
|
|
018a91 |
- self.subsystems.append(subsystem)
|
|
|
018a91 |
+ if os.path.exists(self.registry_dir):
|
|
|
018a91 |
+ for subsystem_name in os.listdir(self.registry_dir):
|
|
|
018a91 |
+ if subsystem_name in SUBSYSTEM_TYPES:
|
|
|
018a91 |
+ if subsystem_name in SUBSYSTEM_CLASSES:
|
|
|
018a91 |
+ subsystem = SUBSYSTEM_CLASSES[subsystem_name](self)
|
|
|
018a91 |
+ else:
|
|
|
018a91 |
+ subsystem = PKISubsystem(self, subsystem_name)
|
|
|
018a91 |
+ subsystem.load()
|
|
|
018a91 |
+ self.subsystems.append(subsystem)
|
|
|
018a91 |
|
|
|
018a91 |
def get_password(self, name):
|
|
|
018a91 |
if name in self.passwords:
|
|
|
018a91 |
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
|
|
|
018a91 |
index 14fe519..a5aaa97 100644
|
|
|
018a91 |
--- a/base/server/python/pki/server/deployment/pkiparser.py
|
|
|
018a91 |
+++ b/base/server/python/pki/server/deployment/pkiparser.py
|
|
|
018a91 |
@@ -569,9 +569,21 @@ class PKIConfigParser:
|
|
|
018a91 |
pin_low = 100000000000
|
|
|
018a91 |
pin_high = 999999999999
|
|
|
018a91 |
|
|
|
018a91 |
- # use user-provided PIN if specified
|
|
|
018a91 |
- if 'pki_pin' not in self.mdict:
|
|
|
018a91 |
- # otherwise generate a random password
|
|
|
018a91 |
+ instance = pki.server.PKIInstance(self.mdict['pki_instance_name'])
|
|
|
018a91 |
+ instance.load()
|
|
|
018a91 |
+
|
|
|
018a91 |
+ internal_password = self.mdict['pki_self_signed_token']
|
|
|
018a91 |
+
|
|
|
018a91 |
+ # if instance already exists and has password, reuse the password
|
|
|
018a91 |
+ if internal_password in instance.passwords:
|
|
|
018a91 |
+ self.mdict['pki_pin'] = instance.passwords.get(internal_password)
|
|
|
018a91 |
+
|
|
|
018a91 |
+ # otherwise, use user-provided password if specified
|
|
|
018a91 |
+ elif 'pki_pin' in self.mdict:
|
|
|
018a91 |
+ pass
|
|
|
018a91 |
+
|
|
|
018a91 |
+ # otherwise, generate a random password
|
|
|
018a91 |
+ else:
|
|
|
018a91 |
self.mdict['pki_pin'] = \
|
|
|
018a91 |
random.randint(pin_low, pin_high)
|
|
|
018a91 |
|
|
|
018a91 |
--
|
|
|
018a91 |
1.8.3.1
|
|
|
018a91 |
|