From 64398077fa639032d820dd379c9ecefffbb79bf7 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Fri, 29 May 2015 15:04:40 -0400
Subject: [PATCH] Fixed overwritten deployment property.

The deployment tool has been modified to avoid overwriting the
property default value by moving the assignment after all the
properties are added.

https://fedorahosted.org/pki/ticket/1393
---
 base/server/python/pki/server/deployment/pkiparser.py |  6 ------
 base/server/sbin/pkispawn                             | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index fe1a54a3ade302a201372287cd43c9058436f917..8ed6452a5b21d620db5020c404ca1e9ffa9172b0 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -565,12 +565,6 @@ class PKIConfigParser:
             pin_low = 100000000000
             pin_high = 999999999999
 
-            # use user-provided PIN if specified
-            if not self.mdict['pki_pin']:
-                # otherwise generate a random password
-                self.mdict['pki_pin'] = \
-                    random.randint(pin_low, pin_high)
-
             self.mdict['pki_client_pin'] = \
                 random.randint(pin_low, pin_high)
 
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn
index d4cfe05d73d1b08e98d6db6569fa6918bd0ae2dc..b4bb4d18f3eef06e80231cb25307def2177d9dc3 100755
--- a/base/server/sbin/pkispawn
+++ b/base/server/sbin/pkispawn
@@ -20,6 +20,7 @@
 #
 
 # System Imports
+import random
 import sys
 import signal
 
@@ -570,6 +571,22 @@ def main(argv):
                 print('ERROR:  Unable to access security domain: ' + str(e))
                 sys.exit(1)
 
+    ######################################################################
+    # Default values (e.g. pki_pin) should be assigned after all
+    # properties are added using set_property(). Otherwise, they may get
+    # overwritten in flatten_master_dict().
+    ######################################################################
+
+    # Generate random PIN for use as security database password
+    pin_low = 100000000000
+    pin_high = 999999999999
+
+    # use user-provided PIN if specified
+    if not parser.mdict['pki_pin']:
+        # otherwise generate a random password
+        parser.mdict['pki_pin'] = \
+            random.randint(pin_low, pin_high)
+
     print "Installing " + config.pki_subsystem + " into " + \
           parser.mdict['pki_instance_path'] + "."
 
-- 
1.9.3