You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
93 lines
2.9 KiB
93 lines
2.9 KiB
11 years ago
|
From f2e0818bc97bfbeba83f6abbb07909a8debcad77 Mon Sep 17 00:00:00 2001
|
||
|
From: Pradeep Kilambi <pkilambi@cisco.com>
|
||
|
Date: Thu, 9 May 2013 09:29:02 -0700
|
||
|
Subject: [PATCH] Allow secure user password update.
|
||
|
|
||
|
This patch allows the ability for user password to be updated via
|
||
|
a command prompt so the password doesnt show up in the bash history.
|
||
|
The prompted password is asked twice to verify the match.
|
||
|
If user cntl-D's the prompt a message appears suggesting user to use
|
||
|
either of the options to update the password.
|
||
|
|
||
|
Fixes: bug#938315
|
||
|
|
||
|
Change-Id: I4271ae569b922f33c34f9b015a7ee6f760414e39
|
||
|
---
|
||
|
keystoneclient/utils.py | 23 ++++++++++++++++++++++-
|
||
|
keystoneclient/v2_0/shell.py | 10 ++++++++--
|
||
|
2 files changed, 30 insertions(+), 3 deletions(-)
|
||
|
|
||
|
diff --git a/keystoneclient/utils.py b/keystoneclient/utils.py
|
||
|
index 3d708ca..f45ec34 100644
|
||
|
--- a/keystoneclient/utils.py
|
||
|
+++ b/keystoneclient/utils.py
|
||
|
@@ -1,5 +1,7 @@
|
||
|
-import uuid
|
||
|
+import getpass
|
||
|
import hashlib
|
||
|
+import sys
|
||
|
+import uuid
|
||
|
|
||
|
import prettytable
|
||
|
|
||
|
@@ -128,3 +130,22 @@ def hash_signed_token(signed_text):
|
||
|
hash_ = hashlib.md5()
|
||
|
hash_.update(signed_text)
|
||
|
return hash_.hexdigest()
|
||
|
+
|
||
|
+
|
||
|
+def prompt_for_password():
|
||
|
+ """
|
||
|
+ Prompt user for password if not provided so the password
|
||
|
+ doesn't show up in the bash history.
|
||
|
+ """
|
||
|
+ if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()):
|
||
|
+ # nothing to do
|
||
|
+ return
|
||
|
+
|
||
|
+ while True:
|
||
|
+ try:
|
||
|
+ new_passwd = getpass.getpass('New Password: ')
|
||
|
+ rep_passwd = getpass.getpass('Repeat New Password: ')
|
||
|
+ if new_passwd == rep_passwd:
|
||
|
+ return new_passwd
|
||
|
+ except EOFError:
|
||
|
+ return
|
||
|
diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py
|
||
|
index 4c53cf7..0c7c233 100755
|
||
|
--- a/keystoneclient/v2_0/shell.py
|
||
|
+++ b/keystoneclient/v2_0/shell.py
|
||
|
@@ -17,6 +17,7 @@
|
||
|
|
||
|
import argparse
|
||
|
import getpass
|
||
|
+import sys
|
||
|
|
||
|
from keystoneclient.v2_0 import client
|
||
|
from keystoneclient import utils
|
||
|
@@ -103,14 +104,19 @@ def do_user_update(kc, args):
|
||
|
print 'Unable to update user: %s' % e
|
||
|
|
||
|
|
||
|
-@utils.arg('--pass', metavar='<password>', dest='passwd', required=True,
|
||
|
+@utils.arg('--pass', metavar='<password>', dest='passwd', required=False,
|
||
|
help='Desired new password')
|
||
|
@utils.arg('user', metavar='<user>',
|
||
|
help='Name or ID of user to update password')
|
||
|
def do_user_password_update(kc, args):
|
||
|
"""Update user password"""
|
||
|
user = utils.find_resource(kc.users, args.user)
|
||
|
- kc.users.update_password(user, args.passwd)
|
||
|
+ new_passwd = args.passwd or utils.prompt_for_password()
|
||
|
+ if new_passwd is None:
|
||
|
+ msg = ("\nPlease specify password using the --pass option "
|
||
|
+ "or using the prompt")
|
||
|
+ sys.exit(msg)
|
||
|
+ kc.users.update_password(user, new_passwd)
|
||
|
|
||
|
|
||
|
@utils.arg('--current-password', metavar='<current-password>',
|
||
|
--
|
||
|
1.8.1.5
|
||
|
|