[Freeipa-devel] [PATCH] 985 no longer shell escape for pkisilent

Tue, 20 Mar 2012 14:35:37 -0700

pkisilent now shell escapes its arguments so we no longer need to do so, and in fact, if we do it ends up with double-escaping breaking all installs of IPA with a dogtag CA. 

rob

>From e47c2786f37827b75b897abdd9cd4b3ed4f6b9b6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 13 Mar 2012 21:53:06 -0400
Subject: [PATCH] No longer shell escape the DM password when calling
 pkisilent.

pkisilent was modified to handle escaping characters itself in
BZ https://bugzilla.redhat.com/show_bug.cgi?id=769388

This removes the workaround from ticket 1636.

https://fedorahosted.org/freeipa/ticket/2529
---
 freeipa.spec.in                 |   18 +++++-------------
 ipaserver/install/cainstance.py |    3 ---
 2 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 9ac4509bc487622ce8947dc4cf88a5b8107e9d71..1682c320bde893d9e5b8355c188b3116f3394d67 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -128,23 +128,15 @@ Requires: selinux-policy >= 3.9.7-27
 %endif
 Requires(post): selinux-policy-base
 Requires: slapi-nis >= 0.21
+Requires: pki-ca >= 9.0.18
+Requires: pki-silent >= 9.0.18
+Requires: pki-setup  >= 9.0.18
+Requires: dogtag-pki-common-theme
+Requires: dogtag-pki-ca-theme
 %if 0%{?fedora} >= 16
-Requires: pki-ca >= 9.0.15
-Requires: pki-silent >= 9.0.15
 # Only tomcat6 greater than this version provides proper systemd support
 Requires: tomcat6 >= 6.0.32-17
-%else
-%if 0%{?fedora} >= 15
-Requires: pki-ca >= 9.0.15
-Requires: pki-silent >= 9.0.15
-Requires: pki-setup  >= 9.0.15
-%else
-Requires: pki-ca >= 9.0.5
-Requires: pki-silent >= 9.0.5
-%endif
 %endif
-Requires: dogtag-pki-common-theme
-Requires: dogtag-pki-ca-theme
 %if 0%{?rhel}
 Requires: subscription-manager
 %endif
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 948bc2d02861dfbae7bbed3f7cbae67e81b95707..f953100be9d8e99abf402ae8453ca39a26758da1 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -660,9 +660,6 @@ class CAInstance(service.Service):
                 args.append("-clone")
                 args.append("false")
 
-            # pkisilent does not escape the arguments before passing them to shell
-            args[2:] = [ipautil.shell_quote(i) for i in args[2:]]
-
             # Define the things we don't want logged
             nolog = (self.admin_password, self.dm_password,)
 
-- 
1.7.6


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to