nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-06-03 10:50:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Send LDAP user passwords to actions through stdin, not as arguments.

Browse Source
This commit is contained in:
James Valleroy 2015-07-19 21:35:53 -04:00 committed by Sunil Mohan Adapa
parent 86580c9121
commit cb7c9c26f7
5 changed files with 30 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
actions/change-ldap-user-password
View File

@ -19,7 +19,14 @@
# Must be run as root.
username="$1"
password=$(slappasswd -s "$2")
IFS= read -r password
if [ -z "$password" ]; then
echo "Error: Could not read password from stdin."
exit 2
fi
password=$(slappasswd -s "$password")
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
dn: uid=$username,ou=users,dc=thisbox

9
actions/create-ldap-user
View File

@ -19,7 +19,14 @@
# Must be run as root.
username="$1"
password=$(slappasswd -s "$2")
IFS= read -r password
if [ -z "$password" ]; then
echo "Error: Could not read password from stdin."
exit 3
fi
password=$(slappasswd -s "$password")
cat <<EOF |ldapadd -Y EXTERNAL -H ldapi:///
dn: uid=$username,ou=users,dc=thisbox

14
plinth/actions.py
View File

@ -102,27 +102,28 @@ from plinth.errors import ActionError
LOGGER = logging.getLogger(__name__)
def run(action, options=None, async=False):
def run(action, options=None, input=None, async=False):
"""Safely run a specific action as the current user.
See actions._run for more information.
"""
return _run(action, options, async, False)
return _run(action, options, input, async, False)
def superuser_run(action, options=None, async=False):
def superuser_run(action, options=None, input=None, async=False):
"""Safely run a specific action as root.
See actions._run for more information.
"""
return _run(action, options, async, True)
return _run(action, options, input, async, True)
def _run(action, options=None, async=False, run_as_root=False):
def _run(action, options=None, input=None, async=False, run_as_root=False):
"""Safely run a specific action as a normal user or root.
Actions are pulled from the actions directory.
- options are added to the action command.
- input: data (as bytes) that will be sent to the action command's stdin.
- async: run asynchronously or wait for the command to complete.
- run_as_root: execute the command through sudo.
"""
@ -165,12 +166,13 @@ def _run(action, options=None, async=False, run_as_root=False):
# Contract 5 (and 6-ish).
proc = subprocess.Popen(
cmd,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
shell=False)
if not async:
output, error = proc.communicate()
output, error = proc.communicate(input=input)
output, error = output.decode(), error.decode()
if proc.returncode != 0:
LOGGER.error('Error executing command - %s, %s, %s', cmd, output,

3
plinth/modules/first_boot/forms.py
View File

@ -68,7 +68,8 @@ than 63 characters in length.'),
try:
actions.superuser_run(
'create-ldap-user',
[user.get_username(), self.cleaned_data['password']])
[user.get_username()],
input=self.cleaned_data['password'])
except ActionError:
messages.error(self.request,
_('Creating LDAP user failed.'))

6
plinth/modules/users/forms.py
View File

@ -62,7 +62,8 @@ class CreateUserForm(UserCreationForm):
try:
actions.superuser_run(
'create-ldap-user',
[user.get_username(), self.cleaned_data['password1']])
[user.get_username()],
input=self.cleaned_data['password1'])
except ActionError:
messages.error(self.request,
_('Creating LDAP user failed.'))
@ -157,7 +158,8 @@ class UserChangePasswordForm(SetPasswordForm):
try:
actions.superuser_run(
'change-ldap-user-password',
[user.get_username(), self.cleaned_data['new_password1']])
[user.get_username()],
input=self.cleaned_data['new_password1'])
except ActionError:
messages.error(
self.request,