On 05/15/2013 01:36 PM, Ana Krivokapic wrote:
On 05/15/2013 12:29 PM, Petr Viktorin wrote:
On 05/15/2013 12:04 PM, Tomas Babej wrote:
On 05/15/2013 11:40 AM, Ana Krivokapic wrote:
Hello,
See the commit message for details.
https://fedorahosted.org/freeipa/ticket/3594
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
+ def regenerate_ca_file(self, ca_file):
+ dm_pwd_fd, dm_pwd_fname = tempfile.mkstemp()
+ keydb_pwd_fd, keydb_pwd_fname = tempfile.mkstemp()
+
+ os.write(dm_pwd_fd, self.dirman_password)
+ os.close(dm_pwd_fd)
+
+ keydb_pwd = ''
+ with open('/etc/pki/pki-tomcat/password.conf') as f:
+ for line in f.readlines():
+ key, value = line.strip().split('=')
+ if key == 'internal':
+ keydb_pwd = value
+ break
+
+ os.write(keydb_pwd_fd, keydb_pwd)
+ os.close(keydb_pwd_fd)
+
+ ipautil.run([
+ '/usr/bin/PKCS12Export',
+ '-d', '/etc/pki/pki-tomcat/alias/',
+ '-p', keydb_pwd_fname,
+ '-w', dm_pwd_fname,
+ '-o', ca_file
+ ])
+
If the PKCS12Export call fails (returns non-zero code), we raise
exception here, and the temporary files are never removed.
+ os.remove(dm_pwd_fname)
+ os.remove(keydb_pwd_fname)
This might not be a big issue since mkstemp() call creates temporary
file readable and writable only be given user ID,
however, we should not leave files with passwords in plaintext on the
disk if it is not necessary.
This can be easily prevented by wrapping the call up with
try-chatch-finally block, or using raiseonerr=False options of run
method.
Or by using ipautil.write_tmp_file() -- the file it creates is always
removed after it's closed/garbage collected, and it has a name attribute.
Updated patch uses `ipautil.write_tmp_file()`.
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I'm testing on a fairly updated F19 VM:
I'm getting the following error when preparing the replica info file:
[root@vm-002 ~]# ipa-replica-prepare vm-003.ipa.com --ip-address
192.168.122.213
Directory Manager (existing master) password:
Preparing replica for vm-003.ipa.com from vm-002.ipa.com
Command '/usr/bin/PKCS12Export -d /etc/pki/pki-tomcat/alias/ -p
/tmp/tmp15Je9R -w /tmp/tmpCGD5Sr -o /root/cacert.p12' returned non
When trying that manually:
[root@vm-002 ~]# /usr/bin/PKCS12Export -d /etc/pki/pki-tomcat/alias/ -p
/tmp/tmp15Je9R -w /tmp/tmpCGD5Sr -o /root/cacert.p12
Exception in thread "main" java.lang.NoClassDefFoundError:
org/mozilla/jss/util/PasswordCallback
at java.lang.Class.getDeclaredMethods0(Native Method)
at java.lang.Class.privateGetDeclaredMethods(Class.java:2451)
at java.lang.Class.getMethod0(Class.java:2694)
at java.lang.Class.getMethod(Class.java:1622)
at sun.launcher.LauncherHelper.getMainMethod(LauncherHelper.java:494)
at
sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:486)
Caused by: java.lang.ClassNotFoundException:
org.mozilla.jss.util.PasswordCallback
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:423)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
... 6 more
We might need to investigate what causes this, and if the issue is not
on our side, file appropriate bugs.
Tomas
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
