[Freeipa-devel] [PATCH] 829 Generate a database password by default

Sun, 17 Jul 2011 14:47:49 -0700

If the password passed in when creating a NSS certificate database is None then a random password is generated. If it is empty ('') then an empty password is set.
Because of this the HTTP instance on replicas were created with an empty password. 

https://fedorahosted.org/freeipa/ticket/1407

>From 4dcc6b97cbac28727c00516a0b60c070c18a4ec8 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Sun, 17 Jul 2011 12:55:54 -0400
Subject: [PATCH] Generate a database password by default in all cases.

If the password passed in when creating a NSS certificate database is None
then a random password is generated. If it is empty ('') then an empty
password is set.

Because of this the HTTP instance on replicas were created with an empty
password.

https://fedorahosted.org/freeipa/ticket/1407
---
 ipaserver/install/certs.py        |    2 +-
 ipaserver/install/httpinstance.py |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 522d3f5760e7f6698a21784e76cf1074bb1ea034..1bbcbabe6b57f03e5b45e76f2859a6316fc4ea63 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -914,7 +914,7 @@ class CertDB(object):
         self.export_ca_cert(self.cacert_name, True)
         self.create_pin_file()
 
-    def create_from_cacert(self, cacert_fname, passwd=""):
+    def create_from_cacert(self, cacert_fname, passwd=None):
         if ipautil.file_exists(self.certdb_fname):
             # We already have a cert db, see if it is for the same CA.
             # If it is we leave things as they are.
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 26fde51f92d35ed1cab46746a30442470eb695bb..d2eb27c96eb2dbf6baf5f1b24edf579cd6d0881a 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -177,7 +177,7 @@ class HTTPInstance(service.Service):
 
         db = certs.CertDB(self.realm, subject_base=self.subject_base)
         if self.pkcs12_info:
-            db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1], passwd="")
+            db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1], passwd=None)
             server_certs = db.find_server_certs()
             if len(server_certs) == 0:
                 raise RuntimeError("Could not find a suitable server cert in import in %s" % self.pkcs12_info[0])
-- 
1.7.4


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel





















					Reply via email to