Passwords now sent over stdin instead of command line.

Fixes Issue #166:
Don't pass passwords on command line
https://github.com/freedombox/Plinth/issues/166

This issue was for 4 modules: Transmission, Pagekite, DynamicDNS, and Ikiwiki.

actions/dynamicdns

@@ -81,7 +81,9 @@ doGetOpt()
                 user=${OPTARG}
             ;;
             p)
-                pass=${OPTARG}
+                if read -t 0; then
+                    IFS= read -r pass
+                fi
             ;;
             I)
                 if [ "${OPTARG}" != "${EMPTYSTRING}" ];then
@@ -426,7 +428,7 @@ case ${cmd} in
         echo "-s <server>             Gnudip Server address"
         echo "-d <domain>             Domain to be updated"
         echo "-u <user>               Account username"
-        echo "-p <password>           Account Password"
+        echo "-p                      Read Account Password from stdin"
         echo "-I <IP check URL>       A URL which returns the IP of the client who is requesting"
         echo "-U <update URL>         The update URL (a HTTP GET on this URL will be done)"
         echo "-c <1|0>                disable SSL check on Update URL"

actions/ikiwiki

@@ -24,6 +24,7 @@ import argparse
 import os
 import shutil
 import subprocess
+import sys
 
 from plinth import action_utils
 
@@ -55,15 +56,11 @@ def parse_arguments():
     create_wiki = subparsers.add_parser('create-wiki', help='Create a wiki')
     create_wiki.add_argument('--wiki_name', help='Name of new wiki')
     create_wiki.add_argument('--admin_name', help='Administrator account name')
-    create_wiki.add_argument('--admin_password',
-                             help='Administrator account password')
 
     # Create a blog
     create_blog = subparsers.add_parser('create-blog', help='Create a blog')
     create_blog.add_argument('--blog_name', help='Name of new blog')
     create_blog.add_argument('--admin_name', help='Administrator account name')
-    create_blog.add_argument('--admin_password',
-                             help='Administrator account password')
 
     # Delete a wiki or blog
     delete = subparsers.add_parser('delete', help='Delete a wiki or blog.')
@@ -98,7 +95,7 @@ def subcommand_get_sites(_):
 
 def subcommand_create_wiki(arguments):
     """Create a wiki."""
-    pw_bytes = arguments.admin_password.encode()
+    pw_bytes = sys.stdin.readline().encode()
     proc = subprocess.Popen(
         ['ikiwiki', '-setup', SETUP_WIKI,
          arguments.wiki_name, arguments.admin_name],
@@ -110,7 +107,7 @@ def subcommand_create_wiki(arguments):
 
 def subcommand_create_blog(arguments):
     """Create a blog."""
-    pw_bytes = arguments.admin_password.encode()
+    pw_bytes = sys.stdin.readline().encode()
     proc = subprocess.Popen(
         ['ikiwiki', '-setup', SETUP_BLOG,
          arguments.blog_name, arguments.admin_name],

actions/pagekite

@@ -25,6 +25,7 @@ import argparse
 import augeas
 import json
 import os
+import sys
 
 from plinth import action_utils
 from plinth.modules.pagekite import utils
@@ -61,11 +62,11 @@ def parse_arguments():
     # Kite details (name + secret)
     subparsers.add_parser('get-kite',
                           help='Get configured kite name and secret')
-    set_kite = subparsers.add_parser('set-kite',
-                                     help='Configure kite name and its secret')
+    set_kite = subparsers.add_parser(
+        'set-kite',
+        help='Configure kite name and its secret. Secret is read from stdin.')
     set_kite.add_argument('--kite-name',
                           help='Name of the kite (eg: mybox.pagekite.me)')
-    set_kite.add_argument('--kite-secret', help='Secret for the kite')
 
     # Add/remove pagekite services (service_on entries)
     subparsers.add_parser('get-services', help='Get list of enabled services')
@@ -223,7 +224,7 @@ def subcommand_get_kite(_):
 def subcommand_set_kite(arguments):
     """Set details of the kite"""
     aug.set(PATHS['kitename'], arguments.kite_name)
-    aug.set(PATHS['kitesecret'], arguments.kite_secret)
+    aug.set(PATHS['kitesecret'], sys.stdin.readline())
     aug.save()
 
 

actions/transmission

@@ -24,6 +24,7 @@ Configuration helper for Transmission daemon.
 import argparse
 import json
 import subprocess
+import sys
 
 from plinth import action_utils
 
@@ -44,12 +45,9 @@ def parse_arguments():
     subparsers.add_parser('disable', help='Disable Transmission service')
 
     # Merge given JSON configration with existing
-    merge_configuration = subparsers.add_parser(
-        'merge-configuration',
-        help='Merge given JSON configration with existing')
-    merge_configuration.add_argument(
-        'configuration',
-        help='JSON encoded configuration to merge')
+    subparsers.add_parser(
+        'merge-configuration', 
+        help='Merge JSON configuration from stdin with existing')
 
     return parser.parse_args()
 
@@ -68,7 +66,7 @@ def subcommand_disable(_):
 
 def subcommand_merge_configuration(arguments):
     """Merge given JSON configuration with existing configuration."""
-    configuration = arguments.configuration
+    configuration = ''.join(sys.stdin.readlines())
     configuration = json.loads(configuration)
 
     current_configuration = open(TRANSMISSION_CONFIG, 'r').read()

plinth/modules/dynamicdns/dynamicdns.py

@@ -361,11 +361,12 @@ def _apply_changes(request, old_status, new_status):
         _run(['configure', '-s', new_status['dynamicdns_server'],
               '-d', new_status['dynamicdns_domain'],
               '-u', new_status['dynamicdns_user'],
-              '-p', new_status['dynamicdns_secret'],
+              '-p',
               '-I', new_status['dynamicdns_ipurl'],
               '-U', new_status['dynamicdns_update_url'],
               '-c', disable_ssl_check,
-              '-b', use_http_basic_auth])
+              '-b', use_http_basic_auth],
+             input = new_status['dynamicdns_secret'].encode())
 
         if old_status['enabled']:
             _run(['stop'])
@@ -378,11 +379,11 @@ def _apply_changes(request, old_status, new_status):
         LOGGER.info('nothing changed')
 
 
-def _run(arguments, superuser=False):
+def _run(arguments, superuser=False, input=None):
     """Run a given command and raise exception if there was an error"""
     command = 'dynamicdns'
 
     if superuser:
-        return actions.superuser_run(command, arguments)
+        return actions.superuser_run(command, arguments, input=input)
     else:
-        return actions.run(command, arguments)
+        return actions.run(command, arguments, input=input)

plinth/modules/ikiwiki/views.py

@@ -139,7 +139,8 @@ def _create_wiki(request, name, admin_name, admin_password):
         actions.superuser_run(
             'ikiwiki',
             ['create-wiki', '--wiki_name', name,
-             '--admin_name', admin_name, '--admin_password', admin_password])
+             '--admin_name', admin_name],
+            input=admin_password.encode())
         messages.success(request, _('Created wiki %s.') % name)
     except actions.ActionError as err:
         messages.error(request, _('Could not create wiki: %s') % err)
@@ -151,7 +152,8 @@ def _create_blog(request, name, admin_name, admin_password):
         actions.superuser_run(
             'ikiwiki',
             ['create-blog', '--blog_name', name,
-             '--admin_name', admin_name, '--admin_password', admin_password])
+             '--admin_name', admin_name],
+            input=admin_password.encode())
         messages.success(request, _('Created blog %s.') % name)
     except actions.ActionError as err:
         messages.error(request, _('Could not create blog: %s') % err)

plinth/modules/pagekite/forms.py

@@ -74,8 +74,8 @@ for your account if no secret is set on the kite'))
 
             if old['kite_name'] != new['kite_name'] or \
                     old['kite_secret'] != new['kite_secret']:
-                utils.run(['set-kite', '--kite-name', new['kite_name'],
-                           '--kite-secret', new['kite_secret']])
+                utils.run(['set-kite', '--kite-name', new['kite_name']],
+                          input=new['kite_secret'].encode())
                 messages.success(request, _('Kite details set'))
                 config_changed = True
 

plinth/modules/pagekite/utils.py

@@ -142,14 +142,14 @@ def prepare_service_for_display(service):
     return service
 
 
-def run(arguments, superuser=True):
+def run(arguments, superuser=True, input=None):
     """Run a given command and raise exception if there was an error"""
     command = 'pagekite'
 
     if superuser:
-        return actions.superuser_run(command, arguments)
+        return actions.superuser_run(command, arguments, input=input)
     else:
-        return actions.run(command, arguments)
+        return actions.run(command, arguments, input=input)
 
 
 def convert_service_to_string(service):

plinth/modules/transmission/views.py

@@ -96,8 +96,8 @@ def _apply_changes(request, old_status, new_status):
             'rpc-password': new_status['rpc_password'],
         }
 
-        actions.superuser_run('transmission', ['merge-configuration',
-                                               json.dumps(new_configuration)])
+        actions.superuser_run('transmission', ['merge-configuration'],
+                              input=json.dumps(new_configuration).encode())
         modified = True
 
     if modified: