nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-27 10:44:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Passwords now sent over stdin instead of command line.

Browse Source 
Fixes Issue #166:
Don't pass passwords on command line
https://github.com/freedombox/Plinth/issues/166

This issue was for 4 modules: Transmission, Pagekite, DynamicDNS, and Ikiwiki.
This commit is contained in:
Sean Alexandre 2015-08-20 07:19:06 -04:00 committed by Sunil Mohan Adapa
parent ef156dab91
commit 21b9a5b02a
9 changed files with 34 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
actions/dynamicdns
View File

@ -81,7 +81,9 @@ doGetOpt()
user=${OPTARG} user=${OPTARG}
;; ;;
p) p)
pass=${OPTARG} if read -t 0; then
IFS= read -r pass
fi
;; ;;
I) I)
if [ "${OPTARG}" != "${EMPTYSTRING}" ];then if [ "${OPTARG}" != "${EMPTYSTRING}" ];then
@ -426,7 +428,7 @@ case ${cmd} in
echo "-s <server> Gnudip Server address" echo "-s <server> Gnudip Server address"
echo "-d <domain> Domain to be updated" echo "-d <domain> Domain to be updated"
echo "-u <user> Account username" echo "-u <user> Account username"
echo "-p <password> Account Password" echo "-p Read Account Password from stdin"
echo "-I <IP check URL> A URL which returns the IP of the client who is requesting" echo "-I <IP check URL> A URL which returns the IP of the client who is requesting"
echo "-U <update URL> The update URL (a HTTP GET on this URL will be done)" echo "-U <update URL> The update URL (a HTTP GET on this URL will be done)"
echo "-c <1|0> disable SSL check on Update URL" echo "-c <1|0> disable SSL check on Update URL"

9
actions/ikiwiki
View File

@ -24,6 +24,7 @@ import argparse
import os import os
import shutil import shutil
import subprocess import subprocess
import sys
from plinth import action_utils from plinth import action_utils
@ -55,15 +56,11 @@ def parse_arguments():
create_wiki = subparsers.add_parser('create-wiki', help='Create a wiki') create_wiki = subparsers.add_parser('create-wiki', help='Create a wiki')
create_wiki.add_argument('--wiki_name', help='Name of new wiki') create_wiki.add_argument('--wiki_name', help='Name of new wiki')
create_wiki.add_argument('--admin_name', help='Administrator account name') create_wiki.add_argument('--admin_name', help='Administrator account name')
create_wiki.add_argument('--admin_password',
help='Administrator account password')
# Create a blog # Create a blog
create_blog = subparsers.add_parser('create-blog', help='Create a blog') create_blog = subparsers.add_parser('create-blog', help='Create a blog')
create_blog.add_argument('--blog_name', help='Name of new blog') create_blog.add_argument('--blog_name', help='Name of new blog')
create_blog.add_argument('--admin_name', help='Administrator account name') create_blog.add_argument('--admin_name', help='Administrator account name')
create_blog.add_argument('--admin_password',
help='Administrator account password')
# Delete a wiki or blog # Delete a wiki or blog
delete = subparsers.add_parser('delete', help='Delete a wiki or blog.') delete = subparsers.add_parser('delete', help='Delete a wiki or blog.')
@ -98,7 +95,7 @@ def subcommand_get_sites(_):
def subcommand_create_wiki(arguments): def subcommand_create_wiki(arguments):
"""Create a wiki.""" """Create a wiki."""
pw_bytes = arguments.admin_password.encode() pw_bytes = sys.stdin.readline().encode()
proc = subprocess.Popen( proc = subprocess.Popen(
['ikiwiki', '-setup', SETUP_WIKI, ['ikiwiki', '-setup', SETUP_WIKI,
arguments.wiki_name, arguments.admin_name], arguments.wiki_name, arguments.admin_name],
@ -110,7 +107,7 @@ def subcommand_create_wiki(arguments):
def subcommand_create_blog(arguments): def subcommand_create_blog(arguments):
"""Create a blog.""" """Create a blog."""
pw_bytes = arguments.admin_password.encode() pw_bytes = sys.stdin.readline().encode()
proc = subprocess.Popen( proc = subprocess.Popen(
['ikiwiki', '-setup', SETUP_BLOG, ['ikiwiki', '-setup', SETUP_BLOG,
arguments.blog_name, arguments.admin_name], arguments.blog_name, arguments.admin_name],

9
actions/pagekite
View File

@ -25,6 +25,7 @@ import argparse
import augeas import augeas
import json import json
import os import os
import sys
from plinth import action_utils from plinth import action_utils
from plinth.modules.pagekite import utils from plinth.modules.pagekite import utils
@ -61,11 +62,11 @@ def parse_arguments():
# Kite details (name + secret) # Kite details (name + secret)
subparsers.add_parser('get-kite', subparsers.add_parser('get-kite',
help='Get configured kite name and secret') help='Get configured kite name and secret')
set_kite = subparsers.add_parser('set-kite', set_kite = subparsers.add_parser(
help='Configure kite name and its secret') 'set-kite',
help='Configure kite name and its secret. Secret is read from stdin.')
set_kite.add_argument('--kite-name', set_kite.add_argument('--kite-name',
help='Name of the kite (eg: mybox.pagekite.me)') help='Name of the kite (eg: mybox.pagekite.me)')
set_kite.add_argument('--kite-secret', help='Secret for the kite')
# Add/remove pagekite services (service_on entries) # Add/remove pagekite services (service_on entries)
subparsers.add_parser('get-services', help='Get list of enabled services') subparsers.add_parser('get-services', help='Get list of enabled services')
@ -223,7 +224,7 @@ def subcommand_get_kite(_):
def subcommand_set_kite(arguments): def subcommand_set_kite(arguments):
"""Set details of the kite""" """Set details of the kite"""
aug.set(PATHS['kitename'], arguments.kite_name) aug.set(PATHS['kitename'], arguments.kite_name)
aug.set(PATHS['kitesecret'], arguments.kite_secret) aug.set(PATHS['kitesecret'], sys.stdin.readline())
aug.save() aug.save()

12
actions/transmission
View File

@ -24,6 +24,7 @@ Configuration helper for Transmission daemon.
import argparse import argparse
import json import json
import subprocess import subprocess
import sys
from plinth import action_utils from plinth import action_utils
@ -44,12 +45,9 @@ def parse_arguments():
subparsers.add_parser('disable', help='Disable Transmission service') subparsers.add_parser('disable', help='Disable Transmission service')
# Merge given JSON configration with existing # Merge given JSON configration with existing
merge_configuration = subparsers.add_parser( subparsers.add_parser(
'merge-configuration', 'merge-configuration',
help='Merge given JSON configration with existing') help='Merge JSON configuration from stdin with existing')
merge_configuration.add_argument(
'configuration',
help='JSON encoded configuration to merge')
return parser.parse_args() return parser.parse_args()
@ -68,7 +66,7 @@ def subcommand_disable(_):
def subcommand_merge_configuration(arguments): def subcommand_merge_configuration(arguments):
"""Merge given JSON configuration with existing configuration.""" """Merge given JSON configuration with existing configuration."""
configuration = arguments.configuration configuration = ''.join(sys.stdin.readlines())
configuration = json.loads(configuration) configuration = json.loads(configuration)
current_configuration = open(TRANSMISSION_CONFIG, 'r').read() current_configuration = open(TRANSMISSION_CONFIG, 'r').read()

11
plinth/modules/dynamicdns/dynamicdns.py
View File

@ -361,11 +361,12 @@ def _apply_changes(request, old_status, new_status):
_run(['configure', '-s', new_status['dynamicdns_server'], _run(['configure', '-s', new_status['dynamicdns_server'],
'-d', new_status['dynamicdns_domain'], '-d', new_status['dynamicdns_domain'],
'-u', new_status['dynamicdns_user'], '-u', new_status['dynamicdns_user'],
'-p', new_status['dynamicdns_secret'], '-p',
'-I', new_status['dynamicdns_ipurl'], '-I', new_status['dynamicdns_ipurl'],
'-U', new_status['dynamicdns_update_url'], '-U', new_status['dynamicdns_update_url'],
'-c', disable_ssl_check, '-c', disable_ssl_check,
'-b', use_http_basic_auth]) '-b', use_http_basic_auth],
input = new_status['dynamicdns_secret'].encode())
if old_status['enabled']: if old_status['enabled']:
_run(['stop']) _run(['stop'])
@ -378,11 +379,11 @@ def _apply_changes(request, old_status, new_status):
LOGGER.info('nothing changed') LOGGER.info('nothing changed')
def _run(arguments, superuser=False): def _run(arguments, superuser=False, input=None):
"""Run a given command and raise exception if there was an error""" """Run a given command and raise exception if there was an error"""
command = 'dynamicdns' command = 'dynamicdns'
if superuser: if superuser:
return actions.superuser_run(command, arguments) return actions.superuser_run(command, arguments, input=input)
else: else:
return actions.run(command, arguments) return actions.run(command, arguments, input=input)

6
plinth/modules/ikiwiki/views.py
View File

@ -139,7 +139,8 @@ def _create_wiki(request, name, admin_name, admin_password):
actions.superuser_run( actions.superuser_run(
'ikiwiki', 'ikiwiki',
['create-wiki', '--wiki_name', name, ['create-wiki', '--wiki_name', name,
'--admin_name', admin_name, '--admin_password', admin_password]) '--admin_name', admin_name],
input=admin_password.encode())
messages.success(request, _('Created wiki %s.') % name) messages.success(request, _('Created wiki %s.') % name)
except actions.ActionError as err: except actions.ActionError as err:
messages.error(request, _('Could not create wiki: %s') % err) messages.error(request, _('Could not create wiki: %s') % err)
@ -151,7 +152,8 @@ def _create_blog(request, name, admin_name, admin_password):
actions.superuser_run( actions.superuser_run(
'ikiwiki', 'ikiwiki',
['create-blog', '--blog_name', name, ['create-blog', '--blog_name', name,
'--admin_name', admin_name, '--admin_password', admin_password]) '--admin_name', admin_name],
input=admin_password.encode())
messages.success(request, _('Created blog %s.') % name) messages.success(request, _('Created blog %s.') % name)
except actions.ActionError as err: except actions.ActionError as err:
messages.error(request, _('Could not create blog: %s') % err) messages.error(request, _('Could not create blog: %s') % err)

4
plinth/modules/pagekite/forms.py
View File

@ -74,8 +74,8 @@ for your account if no secret is set on the kite'))
if old['kite_name'] != new['kite_name'] or \ if old['kite_name'] != new['kite_name'] or \
old['kite_secret'] != new['kite_secret']: old['kite_secret'] != new['kite_secret']:
utils.run(['set-kite', '--kite-name', new['kite_name'], utils.run(['set-kite', '--kite-name', new['kite_name']],
'--kite-secret', new['kite_secret']]) input=new['kite_secret'].encode())
messages.success(request, _('Kite details set')) messages.success(request, _('Kite details set'))
config_changed = True config_changed = True

6
plinth/modules/pagekite/utils.py
View File

@ -142,14 +142,14 @@ def prepare_service_for_display(service):
return service return service
def run(arguments, superuser=True): def run(arguments, superuser=True, input=None):
"""Run a given command and raise exception if there was an error""" """Run a given command and raise exception if there was an error"""
command = 'pagekite' command = 'pagekite'
if superuser: if superuser:
return actions.superuser_run(command, arguments) return actions.superuser_run(command, arguments, input=input)
else: else:
return actions.run(command, arguments) return actions.run(command, arguments, input=input)
def convert_service_to_string(service): def convert_service_to_string(service):

4
plinth/modules/transmission/views.py
View File

@ -96,8 +96,8 @@ def _apply_changes(request, old_status, new_status):
'rpc-password': new_status['rpc_password'], 'rpc-password': new_status['rpc_password'],
} }
actions.superuser_run('transmission', ['merge-configuration', actions.superuser_run('transmission', ['merge-configuration'],
json.dumps(new_configuration)]) input=json.dumps(new_configuration).encode())
modified = True modified = True
if modified: if modified: