Univention Bugzilla – Attachment 9531 Details for
Bug 46842
admin credentials are printed as plaintext in process list
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
qa-feedback.patch
qa-feedback.patch (text/plain), 4.76 KB, created by
Arvid Requate
on 2018-05-15 16:59:04 CEST
(
hide
)
Description:
qa-feedback.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2018-05-15 16:59:04 CEST
Size:
4.76 KB
patch
obsolete
>diff --git a/management/univention-directory-manager-modules/univention-dnsedit b/management/univention-directory-manager-modules/univention-dnsedit >index 5322eb6052..cc84cd3e15 100755 >--- a/management/univention-directory-manager-modules/univention-dnsedit >+++ b/management/univention-directory-manager-modules/univention-dnsedit >@@ -102,7 +102,7 @@ def parse(): > if options.bindpwdfile: > options.bindpwd = open(options.bindpwdfile).read().strip() > if options.binddn and not options.bindpwd: >- msg = 'authentication error: missing --bindpwd' >+ msg = 'authentication error: missing any of --bindpwdfile or --bindpwd' > elif not options.binddn and options.bindpwd: > msg = 'authentication error: missing --binddn' > if msg: >diff --git a/management/univention-join/joinscripthelper.lib b/management/univention-join/joinscripthelper.lib >index 4728323add..275aa1f123 100644 >--- a/management/univention-join/joinscripthelper.lib >+++ b/management/univention-join/joinscripthelper.lib >@@ -294,21 +294,22 @@ joinscript_log_error() { > done > } > >-# 1 binddn, 2 bindpwdfile, create join credential files /var/univention-join/binddn and /var/univention-join/bindpwd >+# 1 binddn, 2 bindpwdfile, create join credential files /var/run/univention-join/binddn and /var/run/univention-join/bindpwd > joinscript_create_credentialfiles () { >- mkdir -p /var/univention-join >- touch /var/univention-join/binddn >- chmod 600 /var/univention-join/binddn >- echo "$1" > /var/univention-join/binddn >- touch /var/univention-join/bindpwd >- chmod 600 /var/univention-join/bindpwd >- cp "$2" /var/univention-join/bindpwd >+ mkdir -p /var/run/univention-join >+ chmod 700 /var/run/univention-join >+ touch /var/run/univention-join/binddn >+ chmod 600 /var/run/univention-join/binddn >+ echo "$1" > /var/run/univention-join/binddn >+ touch /var/run/univention-join/bindpwd >+ chmod 600 /var/run/univention-join/bindpwd >+ cp "$2" /var/run/univention-join/bindpwd > } > > # remove join credential files > joinscript_remove_credentialfiles () { >- test -e /var/univention-join/bindpwd && rm /var/univention-join/bindpwd >- test -e /var/univention-join/binddn && rm /var/univention-join/binddn >+ rm -f /var/run/univention-join/bindpwd \ >+ /var/run/univention-join/binddn > } > > # join script can be called with --bindpwdfile >@@ -319,7 +320,7 @@ joinscript_check_api_bindpwdfile () { > return 1 > } > >-# join script does not need domain credentials at all >+# join script does not require domain credentials to be passed > joinscript_check_api_nocredentials () { > if grep -q '^## joinscript api: nocredentials$' "$1"; then > return 0 >@@ -327,12 +328,4 @@ joinscript_check_api_nocredentials () { > return 1 > } > >-# join script gets credentials from /var/univention-join/binddn and /var/univention-join/bindpwd by itself >-joinscript_check_api_credentialfiles () { >- if grep -q '^## joinscript api: credentialfiles$' "$1"; then >- return 0 >- fi >- return 1 >-} >- > # vim:set ft=sh: >diff --git a/management/univention-join/univention-join b/management/univention-join/univention-join >index 55a6712aa8..38eddacf46 100755 >--- a/management/univention-join/univention-join >+++ b/management/univention-join/univention-join >@@ -191,6 +191,7 @@ run_join_scripts () { > > LC_COLLATE="C" > joinscript_check_status_file >+ trap "rm -f '$DCPWD' /var/run/univention-join/binddn /var/run/univention-join/bindpwd" EXIT > joinscript_create_credentialfiles "$binddn" "$DCPWD" > > if test -d "/usr/lib/univention-install/"; then >@@ -207,7 +208,7 @@ run_join_scripts () { > local args=() > if joinscript_check_api_bindpwdfile "$i"; then > args=(--binddn "$binddn" --bindpwdfile "$DCPWD") >- elif joinscript_check_api_nocredentials "$i" || joinscript_check_api_credentialfiles "$i"; then >+ elif joinscript_check_api_nocredentials "$i"; then > args=() > else > args=(--binddn "$binddn" --bindpwd "$(<"$DCPWD")") >diff --git a/management/univention-join/univention-run-join-scripts b/management/univention-join/univention-run-join-scripts >index a4dfa42c26..755afe6b02 100755 >--- a/management/univention-join/univention-run-join-scripts >+++ b/management/univention-join/univention-run-join-scripts >@@ -143,7 +143,7 @@ if [ ! "$server_role" = "domaincontroller_master" ] || [ -n "$ASK_PASS" ] ; then > echo -n "Enter DC Master Password: " > read -s password > DCPWD=$(mktemp) >- trap "rm -f '$DCPWD'" EXIT >+ trap "rm -f '$DCPWD' /var/run/univention-join/binddn /var/run/univention-join/bindpwd" EXIT > echo -n "$password" >>"$DCPWD" > echo "" > echo "" >@@ -246,7 +246,7 @@ then > args=() > if joinscript_check_api_bindpwdfile "$i"; then > args=(--binddn "$binddn" --bindpwdfile "$DCPWD") >- elif joinscript_check_api_nocredentials "$i" || joinscript_check_api_credentialfiles "$i"; then >+ elif joinscript_check_api_nocredentials "$i"; then > args=() > else > args=(--binddn "$binddn" --bindpwd "$(<"$DCPWD")")
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9531">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 46842
: 9531