From a0ea8706fddb0459982c2ae276679cea6b0a812e Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 27 Apr 2017 18:20:06 +0200 Subject: [PATCH] vault: piped input for ipa vault-add fails An exception is raised when using echo "Secret123\n" | ipa vault-add myvault This happens because the code is using (string).decode(sys.stdin.encoding) and sys.stdin.encoding is None when the input is read from a pipe. The fix is using the prompt_password method defined by Backend.textui, which gracefully handles this issue. https://pagure.io/freeipa/issue/6907 Reviewed-By: Christian Heimes Reviewed-By: Abhijeet Kasurde Reviewed-By: Stanislav Laznicka --- ipaclient/plugins/vault.py | 37 ++++++++----------------------------- 1 file changed, 8 insertions(+), 29 deletions(-) diff --git a/ipaclient/plugins/vault.py b/ipaclient/plugins/vault.py index 3fb4900d9cf90e6902c40e1c3d8cfdafec2e28b8..f21dc4dbb6579c0f92ae9ab94d76a6396b26b233 100644 --- a/ipaclient/plugins/vault.py +++ b/ipaclient/plugins/vault.py @@ -21,11 +21,9 @@ from __future__ import print_function import base64 import errno -import getpass import io import json import os -import sys import tempfile from cryptography.fernet import Fernet, InvalidToken @@ -84,29 +82,6 @@ register = Registry() MAX_VAULT_DATA_SIZE = 2**20 # = 1 MB -def get_new_password(): - """ - Gets new password from user and verify it. - """ - while True: - password = getpass.getpass('New password: ').decode( - sys.stdin.encoding) - password2 = getpass.getpass('Verify password: ').decode( - sys.stdin.encoding) - - if password == password2: - return password - - print(' ** Passwords do not match! **') - - -def get_existing_password(): - """ - Gets existing password from user. - """ - return getpass.getpass('Password: ').decode(sys.stdin.encoding) - - def generate_symmetric_key(password, salt): """ Generates symmetric key from password and salt. @@ -304,7 +279,8 @@ class vault_add(Local): password = password.rstrip('\n') else: - password = get_new_password() + password = self.api.Backend.textui.prompt_password( + 'New password') # generate vault salt options['ipavaultsalt'] = os.urandom(16) @@ -887,9 +863,11 @@ class vault_archive(ModVaultData): else: if override_password: - password = get_new_password() + password = self.api.Backend.textui.prompt_password( + 'New password') else: - password = get_existing_password() + password = self.api.Backend.textui.prompt_password( + 'Password', confirm=False) if not override_password: # verify password by retrieving existing data @@ -1112,7 +1090,8 @@ class vault_retrieve(ModVaultData): password = password.rstrip('\n') else: - password = get_existing_password() + password = self.api.Backend.textui.prompt_password( + 'Password', confirm=False) # generate encryption key from password encryption_key = generate_symmetric_key(password, salt) -- 2.12.2