diff options
author | Petr Viktorin <pviktori@redhat.com> | 2012-02-13 08:10:16 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-26 23:26:54 -0500 |
commit | a09063cbb83aa9c3c77886fe43d70ba15fe4ef48 (patch) | |
tree | 9a28dac715d0eef50c4e29e06099ed268c748b1e /ipapython | |
parent | 7fe63f823388648c671389e7146b91c2fec7b2ca (diff) | |
download | freeipa-a09063cbb83aa9c3c77886fe43d70ba15fe4ef48.tar.gz freeipa-a09063cbb83aa9c3c77886fe43d70ba15fe4ef48.tar.xz freeipa-a09063cbb83aa9c3c77886fe43d70ba15fe4ef48.zip |
Make sure the nolog argument to ipautil.run is not a bare string
ipautil.run expects a tuple of passwords for nolog; passing a
single string causes all individual letters from that string to
be replaced by Xes.
This fixes such a call, and adds a sanity check to ipautil.run
that prevents lone strings from being used in nolog.
https://fedorahosted.org/freeipa/ticket/2419
Diffstat (limited to 'ipapython')
-rw-r--r-- | ipapython/ipautil.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 3cb3683b8..20f7578ce 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -241,6 +241,14 @@ def run(args, stdin=None, raiseonerr=True, p_out = None p_err = None + if isinstance(nolog, basestring): + # We expect a tuple (or list, or other iterable) of nolog strings. + # Passing just a single string is bad: strings are also, so this + # would result in every individual character of that string being + # replaced by XXXXXXXX. + # This is a sanity check to prevent that. + raise ValueError('nolog must be a tuple of strings.') + if env is None: # copy default env env = copy.deepcopy(os.environ) |