[Freeipa-devel] [freeipa PR#658][synchronized] Hide PKI Client database password in log file

Mon, 27 Mar 2017 08:41:37 -0700 

   URL: https://github.com/freeipa/freeipa/pull/658
Author: Akasurde
 Title: #658: Hide PKI Client database password in log file
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/658/head:pr658
git checkout pr658

From be5facf623a02a8efe41a9ae238975caa47352f9 Mon Sep 17 00:00:00 2001
From: Abhijeet Kasurde <akasu...@redhat.com>
Date: Mon, 27 Mar 2017 16:06:09 +0530
Subject: [PATCH] Hide PKI Client database password in log file

Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com>
---
 ipaserver/install/cainstance.py  | 4 +++-
 ipaserver/install/krainstance.py | 8 +++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index f0d3c23..2fc3741 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -613,7 +613,9 @@ def __spawn_instance(self):
         try:
             DogtagInstance.spawn_instance(
                 self, cfg_file,
-                nolog_list=(self.dm_password, self.admin_password)
+                nolog_list=(self.dm_password,
+                            self.admin_password,
+                            self.tmp_agent_pwd)
             )
         finally:
             os.remove(cfg_file)
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index b41ccb6..739cd25 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -150,6 +150,7 @@ def __spawn_instance(self):
         os.chown(cfg_file, pent.pw_uid, pent.pw_gid)
         self.tmp_agent_db = tempfile.mkdtemp(
                 prefix="tmp-", dir=paths.VAR_LIB_IPA)
+        self.tmp_agent_pwd = ipautil.ipa_generate_password()
 
         # Create KRA configuration
         config = ConfigParser()
@@ -173,8 +174,7 @@ def __spawn_instance(self):
 
         # Client security database
         config.set("KRA", "pki_client_database_dir", self.tmp_agent_db)
-        config.set("KRA", "pki_client_database_password",
-                   ipautil.ipa_generate_password())
+        config.set("KRA", "pki_client_database_password", self.tmp_agent_pwd)
         config.set("KRA", "pki_client_database_purge", "True")
         config.set("KRA", "pki_client_pkcs12_password", self.admin_password)
 
@@ -275,7 +275,9 @@ def __spawn_instance(self):
         try:
             DogtagInstance.spawn_instance(
                 self, cfg_file,
-                nolog_list=(self.dm_password, self.admin_password)
+                nolog_list=(self.dm_password,
+                            self.admin_password,
+                            self.tmp_agent_pwd)
             )
         finally:
             os.remove(p12_tmpfile_name)

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to