IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

vault: piped input for ipa vault-add fails

Browse Source 
An exception is raised when using echo "Secret123\n" | ipa vault-add myvault

This happens because the code is using (string).decode(sys.stdin.encoding)
and sys.stdin.encoding is None when the input is read from a pipe.
The fix is using the prompt_password method defined by Backend.textui,
which gracefully handles this issue.

https://pagure.io/freeipa/issue/6907

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Florence Blanc-Renaud
2017-04-27 18:20:06 +02:00
committed by Martin Basti
parent 960e361f68
commit d5c41ed4ad
1 changed files with 8 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
ipaclient/plugins/vault.py
View File

@@ -21,11 +21,9 @@ from __future__ import print_function
import base64 import base64
import errno import errno
import getpass
import io import io
import json import json
import os import os
import sys
import tempfile import tempfile
from cryptography.fernet import Fernet, InvalidToken from cryptography.fernet import Fernet, InvalidToken
@@ -84,29 +82,6 @@ register = Registry()
MAX_VAULT_DATA_SIZE = 2**20 # = 1 MB MAX_VAULT_DATA_SIZE = 2**20 # = 1 MB
def get_new_password():
"""
Gets new password from user and verify it.
"""
while True:
password = getpass.getpass('New password: ').decode(
sys.stdin.encoding)
password2 = getpass.getpass('Verify password: ').decode(
sys.stdin.encoding)
if password == password2:
return password
print(' ** Passwords do not match! **')
def get_existing_password():
"""
Gets existing password from user.
"""
return getpass.getpass('Password: ').decode(sys.stdin.encoding)
def generate_symmetric_key(password, salt): def generate_symmetric_key(password, salt):
""" """
Generates symmetric key from password and salt. Generates symmetric key from password and salt.
@@ -304,7 +279,8 @@ class vault_add(Local):
password = password.rstrip('\n') password = password.rstrip('\n')
else: else:
password = get_new_password() password = self.api.Backend.textui.prompt_password(
'New password')
# generate vault salt # generate vault salt
options['ipavaultsalt'] = os.urandom(16) options['ipavaultsalt'] = os.urandom(16)
@@ -887,9 +863,11 @@ class vault_archive(ModVaultData):
else: else:
if override_password: if override_password:
password = get_new_password() password = self.api.Backend.textui.prompt_password(
'New password')
else: else:
password = get_existing_password() password = self.api.Backend.textui.prompt_password(
'Password', confirm=False)
if not override_password: if not override_password:
# verify password by retrieving existing data # verify password by retrieving existing data
@@ -1112,7 +1090,8 @@ class vault_retrieve(ModVaultData):
password = password.rstrip('\n') password = password.rstrip('\n')
else: else:
password = get_existing_password() password = self.api.Backend.textui.prompt_password(
'Password', confirm=False)
# generate encryption key from password # generate encryption key from password
encryption_key = generate_symmetric_key(password, salt) encryption_key = generate_symmetric_key(password, salt)