diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-10-06 08:22:08 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-10-06 08:28:15 +0200 |
| commit | 185ca8f6fc5e69e989e473c8b1d066aa2d8e5cb1 (patch) | |
| tree | 5e74685f51c038463b24e9de7fe231fd84fc5c3e | |
| parent | 7d5106de976140e8425152a83a300be9dc49372a (diff) | |
| download | freeipa-185ca8f6fc5e69e989e473c8b1d066aa2d8e5cb1.tar.gz freeipa-185ca8f6fc5e69e989e473c8b1d066aa2d8e5cb1.tar.xz freeipa-185ca8f6fc5e69e989e473c8b1d066aa2d8e5cb1.zip | |
Install tools crash when password prompt is interrupted
When getpass.getpass() function is interrupted via CTRL+D, EOFError
exception is thrown. Most of the install tools are not prepared for
this event and crash with this exception. Make sure that it is
handled properly and nice error message is printed.
https://fedorahosted.org/freeipa/ticket/1916
| -rwxr-xr-x | install/tools/ipa-ca-install | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-compat-manage | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-csreplica-manage | 7 | ||||
| -rwxr-xr-x | install/tools/ipa-dns-install | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-ldap-updater | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-managed-entries | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-nis-manage | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-conncheck | 8 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-install | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-manage | 7 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-prepare | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-server-certinstall | 8 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 7 | ||||
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 13 | ||||
| -rw-r--r-- | ipaserver/install/installutils.py | 49 |
15 files changed, 81 insertions, 34 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 37fa6269b..bfb947bcd 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -98,6 +98,8 @@ def main(): dirman_password = get_dirman_password() except KeyboardInterrupt: sys.exit(0) + if dirman_password is None: + sys.exit("\nDirectory Manager password required") if not options.admin_password and not options.skip_conncheck and \ options.unattended: diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index 07531fddc..898a797cf 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -100,6 +100,8 @@ def main(): dirman_password = pw.strip() else: dirman_password = get_dirman_password() + if dirman_password is None: + sys.exit("\nDirectory Manager password required") api.bootstrap(context='cli', debug=options.debug) api.finalize() diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index c33f3bc5f..3b08abd4b 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -22,7 +22,7 @@ import sys import os -import getpass, ldap, krbV +import ldap, krbV import logging from ipapython import ipautil @@ -400,7 +400,10 @@ def main(): if options.dirman_passwd: dirman_passwd = options.dirman_passwd else: - dirman_passwd = getpass.getpass("Directory Manager password: ") + dirman_passwd = installutils.read_password("Directory Manager", confirm=False, + validate=False, retry=False) + if dirman_passwd is None: + sys.exit("\nDirectory Manager password required") options.dirman_passwd = dirman_passwd diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 9869eae8b..d81b6a2e8 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -128,6 +128,8 @@ def main(): dm_password = options.dm_password or read_password("Directory Manager", confirm=False, validate=False) + if dm_password is None: + sys.exit("\nDirectory Manager password required") bind = bindinstance.BindInstance(fstore, dm_password) # try the connection diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater index 5b63c120e..6ecb8c155 100755 --- a/install/tools/ipa-ldap-updater +++ b/install/tools/ipa-ldap-updater @@ -96,6 +96,8 @@ def main(): else: if (options.ask_password or not options.ldapi) and not options.upgrade: dirman_password = get_dirman_password() + if dirman_password is None: + sys.exit("\nDirectory Manager password required") files = [] if len(args) > 0: diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries index 9b3f54714..16f0a956c 100755 --- a/install/tools/ipa-managed-entries +++ b/install/tools/ipa-managed-entries @@ -112,6 +112,8 @@ def main(): dirman_password = options.dirman_password else: dirman_password = get_dirman_password() + if dirman_password is None: + sys.exit("\nDirectory Manager password required") conn.do_simple_bind(bindpw=dirman_password) except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server.\n%s\n" % diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index 542736a8d..886f23ab8 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -111,6 +111,8 @@ def main(): dirman_password = pw.strip() else: dirman_password = get_dirman_password() + if dirman_password is None: + sys.exit("\nDirectory Manager password required") if not dirman_password: sys.exit("No password supplied") diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 09567d6eb..e9d78a065 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -22,6 +22,7 @@ from ipapython.config import IPAOptionParser from ipapython import version from ipapython import ipautil from ipapython.ipautil import CalledProcessError +from ipaserver.install import installutils import ipaclient.ipachangeconf from optparse import OptionGroup import logging @@ -29,7 +30,6 @@ import sys import os import signal import tempfile -import getpass import socket import time import threading @@ -314,7 +314,11 @@ def main(): if options.password: password=options.password else: - password = getpass.getpass("Password for %s: " % principal) + password = installutils.read_password(principal, confirm=False, + validate=False, retry=False) + if password is None: + sys.exit("\nPrincipal password required") + stderr='' (stdout, stderr, returncode) = ipautil.run(['/usr/bin/kinit', principal], diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 624e6ea82..356e533ca 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -310,6 +310,8 @@ def main(): dirman_password = get_dirman_password() except KeyboardInterrupt: sys.exit(0) + if dirman_password is None: + sys.exit("\nDirectory Manager password required") try: top_dir, dir = expand_replica_info(filename, dirman_password) diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index c3dd0b3fe..84cfd8f3e 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -20,7 +20,7 @@ import sys import os -import getpass, ldap, re, krbV +import ldap, re, krbV import traceback, logging from ipapython import ipautil @@ -444,7 +444,10 @@ def main(): dirman_passwd = options.dirman_passwd else: if not test_connection(realm, host): - dirman_passwd = getpass.getpass("Directory Manager password: ") + dirman_passwd = installutils.read_password("Directory Manager", + confirm=False, validate=False, retry=False) + if dirman_passwd is None: + sys.exit("\nDirectory Manager password required") options.dirman_passwd = dirman_passwd diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 038fd69c9..eb93bc851 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -292,6 +292,8 @@ def main(): dirman_password = get_dirman_password() except KeyboardInterrupt: sys.exit(0) + if dirman_password is None: + sys.exit("\nDirectory Manager password required") # Try out the password try: diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall index 312d41202..901678b2e 100755 --- a/install/tools/ipa-server-certinstall +++ b/install/tools/ipa-server-certinstall @@ -25,14 +25,13 @@ import tempfile import traceback -import krbV, getpass +import krbV from ipapython.ipautil import user_input from ipaserver.install import certs, dsinstance, httpinstance, installutils from ipalib import api from ipaserver.plugins.ldap2 import ldap2 -from ipaserver.install import installutils def get_realm_name(): c = krbV.default_context() @@ -132,7 +131,10 @@ def main(): try: if options.dirsrv: - dm_password = getpass.getpass("Directory Manager password: ") + dm_password = installutils.read_password("Directory Manager", + confirm=False, validate=False, retry=False) + if dm_password is None: + sys.exit("\nDirectory Manager password required") realm = get_realm_name() dirname = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm)) fd = open(dirname + "/pwdfile.txt") diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index cf00d5fac..fe91fe5b7 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -642,6 +642,8 @@ def main(): # This will override any settings passed in on the cmdline if ipautil.file_exists(ANSWER_CACHE): dm_password = read_password("Directory Manager", confirm=False) + if dm_password is None: + sys.exit("\nDirectory Manager password required") options._update_loose(read_cache(dm_password)) if options.external_cert_file: @@ -807,6 +809,9 @@ def main(): if not options.dm_password: dm_password = read_dm_password() + + if dm_password is None: + sys.exit("\nDirectory Manager password required") else: dm_password = options.dm_password @@ -817,6 +822,8 @@ def main(): if not options.admin_password: admin_password = read_admin_password() + if admin_password is None: + sys.exit("\nIPA admin password required") else: admin_password = options.admin_password diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 1c28e87c2..27104fc19 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -942,7 +942,10 @@ def install(options, env, fstore, statestore): stdin = options.password else: if not options.unattended: - stdin = getpass.getpass("Password for %s: " % principal) + try: + stdin = getpass.getpass("Password for %s: " % principal) + except EOFError: + stdin = None if not stdin: print "Password must be provided for %s. " % \ principal @@ -967,7 +970,13 @@ def install(options, env, fstore, statestore): if options.unattended: print "Password must be provided in non-interactive mode" return CLIENT_INSTALL_ERROR - password = getpass.getpass("Password: ") + try: + password = getpass.getpass("Password: ") + except EOFError: + password = None + if not password: + print "Password must be provided." + return CLIENT_INSTALL_ERROR join_args.append("-w") join_args.append(password) nolog = (password,) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 6ae117cb4..b3ee7e991 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -319,30 +319,33 @@ def _read_password_default_validator(password): def read_password(user, confirm=True, validate=True, retry=True, validator=_read_password_default_validator): correct = False - pwd = "" - while not correct: - if not retry: - correct = True - pwd = get_password(user + " password: ") - if not pwd: - continue - if validate: - try: - validator(pwd) - except ValueError, e: - print str(e) - pwd = "" + pwd = None + try: + while not correct: + if not retry: + correct = True + pwd = get_password(user + " password: ") + if not pwd: continue - if not confirm: - correct = True - continue - pwd_confirm = get_password("Password (confirm): ") - if pwd != pwd_confirm: - print "Password mismatch!" - print "" - pwd = "" - else: - correct = True + if validate: + try: + validator(pwd) + except ValueError, e: + print str(e) + pwd = None + continue + if not confirm: + correct = True + continue + pwd_confirm = get_password("Password (confirm): ") + if pwd != pwd_confirm: + print "Password mismatch!" + print "" + pwd = None + else: + correct = True + except EOFError: + return None print "" return pwd |