From f2e0818bc97bfbeba83f6abbb07909a8debcad77 Mon Sep 17 00:00:00 2001 From: Pradeep Kilambi Date: Thu, 9 May 2013 09:29:02 -0700 Subject: [PATCH] Allow secure user password update. This patch allows the ability for user password to be updated via a command prompt so the password doesnt show up in the bash history. The prompted password is asked twice to verify the match. If user cntl-D's the prompt a message appears suggesting user to use either of the options to update the password. Fixes: bug#938315 Change-Id: I4271ae569b922f33c34f9b015a7ee6f760414e39 --- keystoneclient/utils.py | 23 ++++++++++++++++++++++- keystoneclient/v2_0/shell.py | 10 ++++++++-- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/keystoneclient/utils.py b/keystoneclient/utils.py index 3d708ca..f45ec34 100644 --- a/keystoneclient/utils.py +++ b/keystoneclient/utils.py @@ -1,5 +1,7 @@ -import uuid +import getpass import hashlib +import sys +import uuid import prettytable @@ -128,3 +130,22 @@ def hash_signed_token(signed_text): hash_ = hashlib.md5() hash_.update(signed_text) return hash_.hexdigest() + + +def prompt_for_password(): + """ + Prompt user for password if not provided so the password + doesn't show up in the bash history. + """ + if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()): + # nothing to do + return + + while True: + try: + new_passwd = getpass.getpass('New Password: ') + rep_passwd = getpass.getpass('Repeat New Password: ') + if new_passwd == rep_passwd: + return new_passwd + except EOFError: + return diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py index 4c53cf7..0c7c233 100755 --- a/keystoneclient/v2_0/shell.py +++ b/keystoneclient/v2_0/shell.py @@ -17,6 +17,7 @@ import argparse import getpass +import sys from keystoneclient.v2_0 import client from keystoneclient import utils @@ -103,14 +104,19 @@ def do_user_update(kc, args): print 'Unable to update user: %s' % e -@utils.arg('--pass', metavar='', dest='passwd', required=True, +@utils.arg('--pass', metavar='', dest='passwd', required=False, help='Desired new password') @utils.arg('user', metavar='', help='Name or ID of user to update password') def do_user_password_update(kc, args): """Update user password""" user = utils.find_resource(kc.users, args.user) - kc.users.update_password(user, args.passwd) + new_passwd = args.passwd or utils.prompt_for_password() + if new_passwd is None: + msg = ("\nPlease specify password using the --pass option " + "or using the prompt") + sys.exit(msg) + kc.users.update_password(user, new_passwd) @utils.arg('--current-password', metavar='', -- 1.8.1.5