ac7d03
From a0ea8706fddb0459982c2ae276679cea6b0a812e Mon Sep 17 00:00:00 2001
ac7d03
From: Florence Blanc-Renaud <flo@redhat.com>
ac7d03
Date: Thu, 27 Apr 2017 18:20:06 +0200
ac7d03
Subject: [PATCH] vault: piped input for ipa vault-add fails
ac7d03
ac7d03
An exception is raised when using echo "Secret123\n" | ipa vault-add myvault
ac7d03
ac7d03
This happens because the code is using (string).decode(sys.stdin.encoding)
ac7d03
and sys.stdin.encoding is None when the input is read from a pipe.
ac7d03
The fix is using the prompt_password method defined by Backend.textui,
ac7d03
which gracefully handles this issue.
ac7d03
ac7d03
https://pagure.io/freeipa/issue/6907
ac7d03
ac7d03
Reviewed-By: Christian Heimes <cheimes@redhat.com>
ac7d03
Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
ac7d03
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
ac7d03
---
ac7d03
 ipaclient/plugins/vault.py | 37 ++++++++-----------------------------
ac7d03
 1 file changed, 8 insertions(+), 29 deletions(-)
ac7d03
ac7d03
diff --git a/ipaclient/plugins/vault.py b/ipaclient/plugins/vault.py
ac7d03
index 3fb4900d9cf90e6902c40e1c3d8cfdafec2e28b8..f21dc4dbb6579c0f92ae9ab94d76a6396b26b233 100644
ac7d03
--- a/ipaclient/plugins/vault.py
ac7d03
+++ b/ipaclient/plugins/vault.py
ac7d03
@@ -21,11 +21,9 @@ from __future__ import print_function
ac7d03
 
ac7d03
 import base64
ac7d03
 import errno
ac7d03
-import getpass
ac7d03
 import io
ac7d03
 import json
ac7d03
 import os
ac7d03
-import sys
ac7d03
 import tempfile
ac7d03
 
ac7d03
 from cryptography.fernet import Fernet, InvalidToken
ac7d03
@@ -84,29 +82,6 @@ register = Registry()
ac7d03
 MAX_VAULT_DATA_SIZE = 2**20  # = 1 MB
ac7d03
 
ac7d03
 
ac7d03
-def get_new_password():
ac7d03
-    """
ac7d03
-    Gets new password from user and verify it.
ac7d03
-    """
ac7d03
-    while True:
ac7d03
-        password = getpass.getpass('New password: ').decode(
ac7d03
-            sys.stdin.encoding)
ac7d03
-        password2 = getpass.getpass('Verify password: ').decode(
ac7d03
-            sys.stdin.encoding)
ac7d03
-
ac7d03
-        if password == password2:
ac7d03
-            return password
ac7d03
-
ac7d03
-        print('  ** Passwords do not match! **')
ac7d03
-
ac7d03
-
ac7d03
-def get_existing_password():
ac7d03
-    """
ac7d03
-    Gets existing password from user.
ac7d03
-    """
ac7d03
-    return getpass.getpass('Password: ').decode(sys.stdin.encoding)
ac7d03
-
ac7d03
-
ac7d03
 def generate_symmetric_key(password, salt):
ac7d03
     """
ac7d03
     Generates symmetric key from password and salt.
ac7d03
@@ -304,7 +279,8 @@ class vault_add(Local):
ac7d03
                 password = password.rstrip('\n')
ac7d03
 
ac7d03
             else:
ac7d03
-                password = get_new_password()
ac7d03
+                password = self.api.Backend.textui.prompt_password(
ac7d03
+                    'New password')
ac7d03
 
ac7d03
             # generate vault salt
ac7d03
             options['ipavaultsalt'] = os.urandom(16)
ac7d03
@@ -887,9 +863,11 @@ class vault_archive(ModVaultData):
ac7d03
 
ac7d03
             else:
ac7d03
                 if override_password:
ac7d03
-                    password = get_new_password()
ac7d03
+                    password = self.api.Backend.textui.prompt_password(
ac7d03
+                        'New password')
ac7d03
                 else:
ac7d03
-                    password = get_existing_password()
ac7d03
+                    password = self.api.Backend.textui.prompt_password(
ac7d03
+                        'Password', confirm=False)
ac7d03
 
ac7d03
             if not override_password:
ac7d03
                 # verify password by retrieving existing data
ac7d03
@@ -1112,7 +1090,8 @@ class vault_retrieve(ModVaultData):
ac7d03
                 password = password.rstrip('\n')
ac7d03
 
ac7d03
             else:
ac7d03
-                password = get_existing_password()
ac7d03
+                password = self.api.Backend.textui.prompt_password(
ac7d03
+                    'Password', confirm=False)
ac7d03
 
ac7d03
             # generate encryption key from password
ac7d03
             encryption_key = generate_symmetric_key(password, salt)
ac7d03
-- 
ac7d03
2.12.2
ac7d03