From 21b9a5b02a93bcd926384f03b11d855a3a1edc62 Mon Sep 17 00:00:00 2001 From: Sean Alexandre Date: Thu, 20 Aug 2015 07:19:06 -0400 Subject: [PATCH] Passwords now sent over stdin instead of command line. Fixes Issue #166: Don't pass passwords on command line https://github.com/freedombox/Plinth/issues/166 This issue was for 4 modules: Transmission, Pagekite, DynamicDNS, and Ikiwiki. --- actions/dynamicdns | 6 ++++-- actions/ikiwiki | 9 +++------ actions/pagekite | 9 +++++---- actions/transmission | 12 +++++------- plinth/modules/dynamicdns/dynamicdns.py | 11 ++++++----- plinth/modules/ikiwiki/views.py | 6 ++++-- plinth/modules/pagekite/forms.py | 4 ++-- plinth/modules/pagekite/utils.py | 6 +++--- plinth/modules/transmission/views.py | 4 ++-- 9 files changed, 34 insertions(+), 33 deletions(-) diff --git a/actions/dynamicdns b/actions/dynamicdns index c8e6d673d..6b6f554a4 100755 --- a/actions/dynamicdns +++ b/actions/dynamicdns @@ -81,7 +81,9 @@ doGetOpt() user=${OPTARG} ;; p) - pass=${OPTARG} + if read -t 0; then + IFS= read -r pass + fi ;; I) if [ "${OPTARG}" != "${EMPTYSTRING}" ];then @@ -426,7 +428,7 @@ case ${cmd} in echo "-s Gnudip Server address" echo "-d Domain to be updated" echo "-u Account username" - echo "-p Account Password" + echo "-p Read Account Password from stdin" echo "-I A URL which returns the IP of the client who is requesting" echo "-U The update URL (a HTTP GET on this URL will be done)" echo "-c <1|0> disable SSL check on Update URL" diff --git a/actions/ikiwiki b/actions/ikiwiki index 866202d26..35bf7d7cd 100755 --- a/actions/ikiwiki +++ b/actions/ikiwiki @@ -24,6 +24,7 @@ import argparse import os import shutil import subprocess +import sys from plinth import action_utils @@ -55,15 +56,11 @@ def parse_arguments(): create_wiki = subparsers.add_parser('create-wiki', help='Create a wiki') create_wiki.add_argument('--wiki_name', help='Name of new wiki') create_wiki.add_argument('--admin_name', help='Administrator account name') - create_wiki.add_argument('--admin_password', - help='Administrator account password') # Create a blog create_blog = subparsers.add_parser('create-blog', help='Create a blog') create_blog.add_argument('--blog_name', help='Name of new blog') create_blog.add_argument('--admin_name', help='Administrator account name') - create_blog.add_argument('--admin_password', - help='Administrator account password') # Delete a wiki or blog delete = subparsers.add_parser('delete', help='Delete a wiki or blog.') @@ -98,7 +95,7 @@ def subcommand_get_sites(_): def subcommand_create_wiki(arguments): """Create a wiki.""" - pw_bytes = arguments.admin_password.encode() + pw_bytes = sys.stdin.readline().encode() proc = subprocess.Popen( ['ikiwiki', '-setup', SETUP_WIKI, arguments.wiki_name, arguments.admin_name], @@ -110,7 +107,7 @@ def subcommand_create_wiki(arguments): def subcommand_create_blog(arguments): """Create a blog.""" - pw_bytes = arguments.admin_password.encode() + pw_bytes = sys.stdin.readline().encode() proc = subprocess.Popen( ['ikiwiki', '-setup', SETUP_BLOG, arguments.blog_name, arguments.admin_name], diff --git a/actions/pagekite b/actions/pagekite index 5169bcf29..f700d681c 100755 --- a/actions/pagekite +++ b/actions/pagekite @@ -25,6 +25,7 @@ import argparse import augeas import json import os +import sys from plinth import action_utils from plinth.modules.pagekite import utils @@ -61,11 +62,11 @@ def parse_arguments(): # Kite details (name + secret) subparsers.add_parser('get-kite', help='Get configured kite name and secret') - set_kite = subparsers.add_parser('set-kite', - help='Configure kite name and its secret') + set_kite = subparsers.add_parser( + 'set-kite', + help='Configure kite name and its secret. Secret is read from stdin.') set_kite.add_argument('--kite-name', help='Name of the kite (eg: mybox.pagekite.me)') - set_kite.add_argument('--kite-secret', help='Secret for the kite') # Add/remove pagekite services (service_on entries) subparsers.add_parser('get-services', help='Get list of enabled services') @@ -223,7 +224,7 @@ def subcommand_get_kite(_): def subcommand_set_kite(arguments): """Set details of the kite""" aug.set(PATHS['kitename'], arguments.kite_name) - aug.set(PATHS['kitesecret'], arguments.kite_secret) + aug.set(PATHS['kitesecret'], sys.stdin.readline()) aug.save() diff --git a/actions/transmission b/actions/transmission index 9ad6bced0..7ff354f5f 100755 --- a/actions/transmission +++ b/actions/transmission @@ -24,6 +24,7 @@ Configuration helper for Transmission daemon. import argparse import json import subprocess +import sys from plinth import action_utils @@ -44,12 +45,9 @@ def parse_arguments(): subparsers.add_parser('disable', help='Disable Transmission service') # Merge given JSON configration with existing - merge_configuration = subparsers.add_parser( - 'merge-configuration', - help='Merge given JSON configration with existing') - merge_configuration.add_argument( - 'configuration', - help='JSON encoded configuration to merge') + subparsers.add_parser( + 'merge-configuration', + help='Merge JSON configuration from stdin with existing') return parser.parse_args() @@ -68,7 +66,7 @@ def subcommand_disable(_): def subcommand_merge_configuration(arguments): """Merge given JSON configuration with existing configuration.""" - configuration = arguments.configuration + configuration = ''.join(sys.stdin.readlines()) configuration = json.loads(configuration) current_configuration = open(TRANSMISSION_CONFIG, 'r').read() diff --git a/plinth/modules/dynamicdns/dynamicdns.py b/plinth/modules/dynamicdns/dynamicdns.py index 49890ab14..2d0dc4219 100644 --- a/plinth/modules/dynamicdns/dynamicdns.py +++ b/plinth/modules/dynamicdns/dynamicdns.py @@ -361,11 +361,12 @@ def _apply_changes(request, old_status, new_status): _run(['configure', '-s', new_status['dynamicdns_server'], '-d', new_status['dynamicdns_domain'], '-u', new_status['dynamicdns_user'], - '-p', new_status['dynamicdns_secret'], + '-p', '-I', new_status['dynamicdns_ipurl'], '-U', new_status['dynamicdns_update_url'], '-c', disable_ssl_check, - '-b', use_http_basic_auth]) + '-b', use_http_basic_auth], + input = new_status['dynamicdns_secret'].encode()) if old_status['enabled']: _run(['stop']) @@ -378,11 +379,11 @@ def _apply_changes(request, old_status, new_status): LOGGER.info('nothing changed') -def _run(arguments, superuser=False): +def _run(arguments, superuser=False, input=None): """Run a given command and raise exception if there was an error""" command = 'dynamicdns' if superuser: - return actions.superuser_run(command, arguments) + return actions.superuser_run(command, arguments, input=input) else: - return actions.run(command, arguments) + return actions.run(command, arguments, input=input) diff --git a/plinth/modules/ikiwiki/views.py b/plinth/modules/ikiwiki/views.py index 7952f3c02..a6b0e7028 100644 --- a/plinth/modules/ikiwiki/views.py +++ b/plinth/modules/ikiwiki/views.py @@ -139,7 +139,8 @@ def _create_wiki(request, name, admin_name, admin_password): actions.superuser_run( 'ikiwiki', ['create-wiki', '--wiki_name', name, - '--admin_name', admin_name, '--admin_password', admin_password]) + '--admin_name', admin_name], + input=admin_password.encode()) messages.success(request, _('Created wiki %s.') % name) except actions.ActionError as err: messages.error(request, _('Could not create wiki: %s') % err) @@ -151,7 +152,8 @@ def _create_blog(request, name, admin_name, admin_password): actions.superuser_run( 'ikiwiki', ['create-blog', '--blog_name', name, - '--admin_name', admin_name, '--admin_password', admin_password]) + '--admin_name', admin_name], + input=admin_password.encode()) messages.success(request, _('Created blog %s.') % name) except actions.ActionError as err: messages.error(request, _('Could not create blog: %s') % err) diff --git a/plinth/modules/pagekite/forms.py b/plinth/modules/pagekite/forms.py index 49ebb37e7..28ed5a6fb 100644 --- a/plinth/modules/pagekite/forms.py +++ b/plinth/modules/pagekite/forms.py @@ -74,8 +74,8 @@ for your account if no secret is set on the kite')) if old['kite_name'] != new['kite_name'] or \ old['kite_secret'] != new['kite_secret']: - utils.run(['set-kite', '--kite-name', new['kite_name'], - '--kite-secret', new['kite_secret']]) + utils.run(['set-kite', '--kite-name', new['kite_name']], + input=new['kite_secret'].encode()) messages.success(request, _('Kite details set')) config_changed = True diff --git a/plinth/modules/pagekite/utils.py b/plinth/modules/pagekite/utils.py index 849e6af60..dd7a930fe 100644 --- a/plinth/modules/pagekite/utils.py +++ b/plinth/modules/pagekite/utils.py @@ -142,14 +142,14 @@ def prepare_service_for_display(service): return service -def run(arguments, superuser=True): +def run(arguments, superuser=True, input=None): """Run a given command and raise exception if there was an error""" command = 'pagekite' if superuser: - return actions.superuser_run(command, arguments) + return actions.superuser_run(command, arguments, input=input) else: - return actions.run(command, arguments) + return actions.run(command, arguments, input=input) def convert_service_to_string(service): diff --git a/plinth/modules/transmission/views.py b/plinth/modules/transmission/views.py index d02f22ce1..2ca0dffbe 100644 --- a/plinth/modules/transmission/views.py +++ b/plinth/modules/transmission/views.py @@ -96,8 +96,8 @@ def _apply_changes(request, old_status, new_status): 'rpc-password': new_status['rpc_password'], } - actions.superuser_run('transmission', ['merge-configuration', - json.dumps(new_configuration)]) + actions.superuser_run('transmission', ['merge-configuration'], + input=json.dumps(new_configuration).encode()) modified = True if modified: