[Freeipa-devel] [freeipa PR#418][opened] replica install: do not log host OTP

Mon, 30 Jan 2017 02:52:36 -0800 

   URL: https://github.com/freeipa/freeipa/pull/418
Author: HonzaCholasta
 Title: #418: replica install: do not log host OTP
Action: opened

PR body:
"""
Do not log the value of the --password option of ipa-client-install when it
is run from ipa-replica-install before replica promotion.

https://fedorahosted.org/freeipa/ticket/6633
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/418/head:pr418
git checkout pr418

From 7cfe3cdabbcd31d1a53509cc9b3c8b151fe1cc9d Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Mon, 30 Jan 2017 10:33:10 +0100
Subject: [PATCH] replica install: do not log host OTP

Do not log the value of the --password option of ipa-client-install when it
is run from ipa-replica-install before replica promotion.

https://fedorahosted.org/freeipa/ticket/6633
---
 ipaserver/install/server/replicainstall.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 18222c8..7d7a499 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -876,6 +876,7 @@ def ensure_enrolled(installer):
 
         args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"]
         stdin = None
+        nolog = []
 
         if installer.domain_name:
             args.extend(["--domain", installer.domain_name])
@@ -888,6 +889,7 @@ def ensure_enrolled(installer):
 
         if installer.password:
             args.extend(["--password", installer.password])
+            nolog.append(installer.password)
         else:
             if installer.admin_password:
                 # Always set principal if password was set explicitly,
@@ -908,7 +910,7 @@ def ensure_enrolled(installer):
         if installer.mkhomedir:
             args.append("--mkhomedir")
 
-        ipautil.run(args, stdin=stdin, redirect_output=True)
+        ipautil.run(args, stdin=stdin, nolog=nolog, redirect_output=True)
         print()
     except Exception:
         raise ScriptError("Configuration of client side components failed!")

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to