URL: https://github.com/freeipa/freeipa/pull/231 Author: stlaz Title: #231: Do not log DM password in ca/kra installation logs Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/231/head:pr231 git checkout pr231
From 630ffb267f465921cdacf21f0884addd42778bae Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 10 Nov 2016 14:24:26 +0100 Subject: [PATCH] Do not log DM password in ca/kra installation logs https://fedorahosted.org/freeipa/ticket/6461 --- ipaserver/install/cainstance.py | 5 ++++- ipaserver/install/dogtaginstance.py | 12 +++--------- ipaserver/install/krainstance.py | 5 ++++- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 1c31281..90b4349 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -576,7 +576,10 @@ def __spawn_instance(self): self.backup_state('installed', True) try: - DogtagInstance.spawn_instance(self, cfg_file) + DogtagInstance.spawn_instance( + self, cfg_file, + nolog_list=(self.dm_password, self.admin_password) + ) finally: os.remove(cfg_file) diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index cbe3e43..6d6f0c5 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -150,19 +150,13 @@ def is_installed(self): return os.path.exists(os.path.join( paths.VAR_LIB_PKI_TOMCAT_DIR, self.subsystem.lower())) - def spawn_instance(self, cfg_file, nolog_list=None): + def spawn_instance(self, cfg_file, nolog_list=()): """ Create and configure a new Dogtag instance using pkispawn. Passes in a configuration file with IPA-specific parameters. """ subsystem = self.subsystem - - # Define the things we don't want logged - if nolog_list is None: - nolog_list = [] - nolog = tuple(nolog_list) + (self.admin_password,) - args = [paths.PKISPAWN, "-s", subsystem, "-f", cfg_file] @@ -170,10 +164,10 @@ def spawn_instance(self, cfg_file, nolog_list=None): with open(cfg_file) as f: self.log.debug( 'Contents of pkispawn configuration file (%s):\n%s', - cfg_file, ipautil.nolog_replace(f.read(), nolog)) + cfg_file, ipautil.nolog_replace(f.read(), nolog_list)) try: - ipautil.run(args, nolog=nolog) + ipautil.run(args, nolog=nolog_list) except ipautil.CalledProcessError as e: self.handle_setup_error(e) diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index 77f23c1..5363ec2 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -257,7 +257,10 @@ def __spawn_instance(self): config.write(f) try: - DogtagInstance.spawn_instance(self, cfg_file) + DogtagInstance.spawn_instance( + self, cfg_file, + nolog_list=(self.dm_password, self.admin_password) + ) finally: os.remove(p12_tmpfile_name) os.remove(cfg_file)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
