URL: https://github.com/freeipa/freeipa/pull/747 Author: flo-renaud Title: #747: vault: piped input for ipa vault-add fails Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/747/head:pr747 git checkout pr747
From 4b11def7359308d43bda011a622339156a4b0b43 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Thu, 27 Apr 2017 18:20:06 +0200 Subject: [PATCH] vault: piped input for ipa vault-add fails An exception is raised when using echo "Secret123\n" | ipa vault-add myvault This happens because the code is using (string).decode(sys.stdin.encoding) and sys.stdin.encoding is None when the input is read from a pipe. The fix is using the prompt_password method defined by Backend.textui, which gracefully handles this issue. https://pagure.io/freeipa/issue/6907 --- ipaclient/plugins/vault.py | 37 ++++++++----------------------------- 1 file changed, 8 insertions(+), 29 deletions(-) diff --git a/ipaclient/plugins/vault.py b/ipaclient/plugins/vault.py index 3fb4900..f21dc4d 100644 --- a/ipaclient/plugins/vault.py +++ b/ipaclient/plugins/vault.py @@ -21,11 +21,9 @@ import base64 import errno -import getpass import io import json import os -import sys import tempfile from cryptography.fernet import Fernet, InvalidToken @@ -84,29 +82,6 @@ def validated_read(argname, filename, mode='r', encoding=None): MAX_VAULT_DATA_SIZE = 2**20 # = 1 MB -def get_new_password(): - """ - Gets new password from user and verify it. - """ - while True: - password = getpass.getpass('New password: ').decode( - sys.stdin.encoding) - password2 = getpass.getpass('Verify password: ').decode( - sys.stdin.encoding) - - if password == password2: - return password - - print(' ** Passwords do not match! **') - - -def get_existing_password(): - """ - Gets existing password from user. - """ - return getpass.getpass('Password: ').decode(sys.stdin.encoding) - - def generate_symmetric_key(password, salt): """ Generates symmetric key from password and salt. @@ -304,7 +279,8 @@ def forward(self, *args, **options): password = password.rstrip('\n') else: - password = get_new_password() + password = self.api.Backend.textui.prompt_password( + 'New password') # generate vault salt options['ipavaultsalt'] = os.urandom(16) @@ -887,9 +863,11 @@ def forward(self, *args, **options): else: if override_password: - password = get_new_password() + password = self.api.Backend.textui.prompt_password( + 'New password') else: - password = get_existing_password() + password = self.api.Backend.textui.prompt_password( + 'Password', confirm=False) if not override_password: # verify password by retrieving existing data @@ -1112,7 +1090,8 @@ def forward(self, *args, **options): password = password.rstrip('\n') else: - password = get_existing_password() + password = self.api.Backend.textui.prompt_password( + 'Password', confirm=False) # generate encryption key from password encryption_key = generate_symmetric_key(password, salt)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
