From cb7c9c26f7b1b62a7e9ee8202a3dba15d5441040 Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalleroy@mailbox.org>
Date: Sun, 19 Jul 2015 21:35:53 -0400
Subject: [PATCH] Send LDAP user passwords to actions through stdin, not as
 arguments.

---
 actions/change-ldap-user-password  |  9 ++++++++-
 actions/create-ldap-user           |  9 ++++++++-
 plinth/actions.py                  | 14 ++++++++------
 plinth/modules/first_boot/forms.py |  3 ++-
 plinth/modules/users/forms.py      |  6 ++++--
 5 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/actions/change-ldap-user-password b/actions/change-ldap-user-password
index 36f106a73..feddebbd4 100755
--- a/actions/change-ldap-user-password
+++ b/actions/change-ldap-user-password
@@ -19,7 +19,14 @@
 # Must be run as root.
 
 username="$1"
-password=$(slappasswd -s "$2")
+
+IFS= read -r password
+if [ -z "$password" ]; then
+    echo "Error: Could not read password from stdin."
+    exit 2
+fi
+
+password=$(slappasswd -s "$password")
 
 cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
 dn: uid=$username,ou=users,dc=thisbox
diff --git a/actions/create-ldap-user b/actions/create-ldap-user
index 46d6bcf55..dd7273062 100755
--- a/actions/create-ldap-user
+++ b/actions/create-ldap-user
@@ -19,7 +19,14 @@
 # Must be run as root.
 
 username="$1"
-password=$(slappasswd -s "$2")
+
+IFS= read -r password
+if [ -z "$password" ]; then
+    echo "Error: Could not read password from stdin."
+    exit 3
+fi
+
+password=$(slappasswd -s "$password")
 
 cat <<EOF |ldapadd -Y EXTERNAL -H ldapi:///
 dn: uid=$username,ou=users,dc=thisbox
diff --git a/plinth/actions.py b/plinth/actions.py
index eae7a7944..50b86d6ab 100644
--- a/plinth/actions.py
+++ b/plinth/actions.py
@@ -102,27 +102,28 @@ from plinth.errors import ActionError
 LOGGER = logging.getLogger(__name__)
 
 
-def run(action, options=None, async=False):
+def run(action, options=None, input=None, async=False):
     """Safely run a specific action as the current user.
 
     See actions._run for more information.
     """
-    return _run(action, options, async, False)
+    return _run(action, options, input, async, False)
 
 
-def superuser_run(action, options=None, async=False):
+def superuser_run(action, options=None, input=None, async=False):
     """Safely run a specific action as root.
 
     See actions._run for more information.
     """
-    return _run(action, options, async, True)
+    return _run(action, options, input, async, True)
 
 
-def _run(action, options=None, async=False, run_as_root=False):
+def _run(action, options=None, input=None, async=False, run_as_root=False):
     """Safely run a specific action as a normal user or root.
 
     Actions are pulled from the actions directory.
     - options are added to the action command.
+    - input: data (as bytes) that will be sent to the action command's stdin.
     - async: run asynchronously or wait for the command to complete.
     - run_as_root: execute the command through sudo.
     """
@@ -165,12 +166,13 @@ def _run(action, options=None, async=False, run_as_root=False):
     # Contract 5 (and 6-ish).
     proc = subprocess.Popen(
         cmd,
+        stdin=subprocess.PIPE,
         stdout=subprocess.PIPE,
         stderr=subprocess.PIPE,
         shell=False)
 
     if not async:
-        output, error = proc.communicate()
+        output, error = proc.communicate(input=input)
         output, error = output.decode(), error.decode()
         if proc.returncode != 0:
             LOGGER.error('Error executing command - %s, %s, %s', cmd, output,
diff --git a/plinth/modules/first_boot/forms.py b/plinth/modules/first_boot/forms.py
index 8261f2c96..caee55abd 100644
--- a/plinth/modules/first_boot/forms.py
+++ b/plinth/modules/first_boot/forms.py
@@ -68,7 +68,8 @@ than 63 characters in length.'),
             try:
                 actions.superuser_run(
                     'create-ldap-user',
-                    [user.get_username(), self.cleaned_data['password']])
+                    [user.get_username()],
+                    input=self.cleaned_data['password'])
             except ActionError:
                 messages.error(self.request,
                                _('Creating LDAP user failed.'))
diff --git a/plinth/modules/users/forms.py b/plinth/modules/users/forms.py
index 07de9a26c..669f4d955 100644
--- a/plinth/modules/users/forms.py
+++ b/plinth/modules/users/forms.py
@@ -62,7 +62,8 @@ class CreateUserForm(UserCreationForm):
             try:
                 actions.superuser_run(
                     'create-ldap-user',
-                    [user.get_username(), self.cleaned_data['password1']])
+                    [user.get_username()],
+                    input=self.cleaned_data['password1'])
             except ActionError:
                 messages.error(self.request,
                                _('Creating LDAP user failed.'))
@@ -157,7 +158,8 @@ class UserChangePasswordForm(SetPasswordForm):
             try:
                 actions.superuser_run(
                     'change-ldap-user-password',
-                    [user.get_username(), self.cleaned_data['new_password1']])
+                    [user.get_username()],
+                    input=self.cleaned_data['new_password1'])
             except ActionError:
                 messages.error(
                     self.request,