15 files changed, 81 insertions, 34 deletions

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 37fa6269b..bfb947bcd 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -98,6 +98,8 @@ def main():
             dirman_password = get_dirman_password()
         except KeyboardInterrupt:
             sys.exit(0)
+        if dirman_password is None:
+            sys.exit("\nDirectory Manager password required")
 
     if not options.admin_password and not options.skip_conncheck and \
         options.unattended:
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage
index 07531fddc..898a797cf 100755
--- a/install/tools/ipa-compat-manage
+++ b/install/tools/ipa-compat-manage
@@ -100,6 +100,8 @@ def main():
         dirman_password = pw.strip()
     else:
         dirman_password = get_dirman_password()
+        if dirman_password is None:
+            sys.exit("\nDirectory Manager password required")
 
     api.bootstrap(context='cli', debug=options.debug)
     api.finalize()
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage
index c33f3bc5f..3b08abd4b 100755
--- a/install/tools/ipa-csreplica-manage
+++ b/install/tools/ipa-csreplica-manage
@@ -22,7 +22,7 @@
 import sys
 import os
 
-import getpass, ldap, krbV
+import ldap, krbV
 import logging
 
 from ipapython import ipautil
@@ -400,7 +400,10 @@ def main():
     if options.dirman_passwd:
         dirman_passwd = options.dirman_passwd
     else:
-        dirman_passwd = getpass.getpass("Directory Manager password: ")
+        dirman_passwd = installutils.read_password("Directory Manager", confirm=False,
+            validate=False, retry=False)
+        if dirman_passwd is None:
+            sys.exit("\nDirectory Manager password required")
 
     options.dirman_passwd = dirman_passwd
 
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 9869eae8b..d81b6a2e8 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -128,6 +128,8 @@ def main():
 
     dm_password = options.dm_password or read_password("Directory Manager",
                                              confirm=False, validate=False)
+    if dm_password is None:
+        sys.exit("\nDirectory Manager password required")
     bind = bindinstance.BindInstance(fstore, dm_password)
 
     # try the connection
diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater
index 5b63c120e..6ecb8c155 100755
--- a/install/tools/ipa-ldap-updater
+++ b/install/tools/ipa-ldap-updater
@@ -96,6 +96,8 @@ def main():
     else:
         if (options.ask_password or not options.ldapi) and not options.upgrade:
             dirman_password = get_dirman_password()
+            if dirman_password is None:
+                sys.exit("\nDirectory Manager password required")
 
     files = []
     if len(args) > 0:
diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries
index 9b3f54714..16f0a956c 100755
--- a/install/tools/ipa-managed-entries
+++ b/install/tools/ipa-managed-entries
@@ -112,6 +112,8 @@ def main():
             dirman_password = options.dirman_password
         else:
             dirman_password = get_dirman_password()
+            if dirman_password is None:
+                sys.exit("\nDirectory Manager password required")
         conn.do_simple_bind(bindpw=dirman_password)
     except errors.ExecutionError, lde:
         sys.exit("An error occurred while connecting to the server.\n%s\n" %
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
index 542736a8d..886f23ab8 100755
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -111,6 +111,8 @@ def main():
         dirman_password = pw.strip()
     else:
         dirman_password = get_dirman_password()
+        if dirman_password is None:
+            sys.exit("\nDirectory Manager password required")
 
     if not dirman_password:
         sys.exit("No password supplied")
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 09567d6eb..e9d78a065 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -22,6 +22,7 @@ from ipapython.config import IPAOptionParser
 from ipapython import version
 from ipapython import ipautil
 from ipapython.ipautil import CalledProcessError
+from ipaserver.install import installutils
 import ipaclient.ipachangeconf
 from optparse import OptionGroup
 import logging
@@ -29,7 +30,6 @@ import sys
 import os
 import signal
 import tempfile
-import getpass
 import socket
 import time
 import threading
@@ -314,7 +314,11 @@ def main():
             if options.password:
                 password=options.password
             else:
-                password = getpass.getpass("Password for %s: " % principal)
+                password = installutils.read_password(principal, confirm=False,
+                           validate=False, retry=False)
+                if password is None:
+                    sys.exit("\nPrincipal password required")
+
 
             stderr=''
             (stdout, stderr, returncode) = ipautil.run(['/usr/bin/kinit', principal],
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 624e6ea82..356e533ca 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -310,6 +310,8 @@ def main():
             dirman_password = get_dirman_password()
         except KeyboardInterrupt:
             sys.exit(0)
+        if dirman_password is None:
+            sys.exit("\nDirectory Manager password required")
 
     try:
         top_dir, dir = expand_replica_info(filename, dirman_password)
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index c3dd0b3fe..84cfd8f3e 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -20,7 +20,7 @@
 import sys
 import os
 
-import getpass, ldap, re, krbV
+import ldap, re, krbV
 import traceback, logging
 
 from ipapython import ipautil
@@ -444,7 +444,10 @@ def main():
         dirman_passwd = options.dirman_passwd
     else:
         if not test_connection(realm, host):
-            dirman_passwd = getpass.getpass("Directory Manager password: ")
+            dirman_passwd = installutils.read_password("Directory Manager",
+                confirm=False, validate=False, retry=False)
+            if dirman_passwd is None:
+                sys.exit("\nDirectory Manager password required")
 
     options.dirman_passwd = dirman_passwd
 
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 038fd69c9..eb93bc851 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -292,6 +292,8 @@ def main():
             dirman_password = get_dirman_password()
         except KeyboardInterrupt:
             sys.exit(0)
+        if dirman_password is None:
+            sys.exit("\nDirectory Manager password required")
 
     # Try out the password
     try:
diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall
index 312d41202..901678b2e 100755
--- a/install/tools/ipa-server-certinstall
+++ b/install/tools/ipa-server-certinstall
@@ -25,14 +25,13 @@ import tempfile
 
 import traceback
 
-import krbV, getpass
+import krbV
 
 from ipapython.ipautil import user_input
 
 from ipaserver.install import certs, dsinstance, httpinstance, installutils
 from ipalib import api
 from ipaserver.plugins.ldap2 import ldap2
-from ipaserver.install import installutils
 
 def get_realm_name():
     c = krbV.default_context()
@@ -132,7 +131,10 @@ def main():
 
     try:
         if options.dirsrv:
-            dm_password = getpass.getpass("Directory Manager password: ")
+            dm_password = installutils.read_password("Directory Manager",
+                confirm=False, validate=False, retry=False)
+            if dm_password is None:
+                sys.exit("\nDirectory Manager password required")
             realm = get_realm_name()
             dirname = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm))
             fd = open(dirname + "/pwdfile.txt")
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index cf00d5fac..fe91fe5b7 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -642,6 +642,8 @@ def main():
     # This will override any settings passed in on the cmdline
     if ipautil.file_exists(ANSWER_CACHE):
         dm_password = read_password("Directory Manager", confirm=False)
+        if dm_password is None:
+            sys.exit("\nDirectory Manager password required")
         options._update_loose(read_cache(dm_password))
 
     if options.external_cert_file:
@@ -807,6 +809,9 @@ def main():
 
     if not options.dm_password:
         dm_password = read_dm_password()
+
+        if dm_password is None:
+            sys.exit("\nDirectory Manager password required")
     else:
         dm_password = options.dm_password
 
@@ -817,6 +822,8 @@ def main():
 
     if not options.admin_password:
         admin_password = read_admin_password()
+        if admin_password is None:
+            sys.exit("\nIPA admin password required")
     else:
         admin_password = options.admin_password
 
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 1c28e87c2..27104fc19 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -942,7 +942,10 @@ def install(options, env, fstore, statestore):
                     stdin = options.password
                 else:
                     if not options.unattended:
-                        stdin = getpass.getpass("Password for %s: " % principal)
+                        try:
+                            stdin = getpass.getpass("Password for %s: " % principal)
+                        except EOFError:
+                            stdin = None
                         if not stdin:
                             print "Password must be provided for %s. " % \
                                 principal
@@ -967,7 +970,13 @@ def install(options, env, fstore, statestore):
                 if options.unattended:
                     print "Password must be provided in non-interactive mode"
                     return CLIENT_INSTALL_ERROR
-                password = getpass.getpass("Password: ")
+                try:
+                    password = getpass.getpass("Password: ")
+                except EOFError:
+                    password = None
+                if not password:
+                    print "Password must be provided."
+                    return CLIENT_INSTALL_ERROR
                 join_args.append("-w")
                 join_args.append(password)
                 nolog = (password,)
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 6ae117cb4..b3ee7e991 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -319,30 +319,33 @@ def _read_password_default_validator(password):
 
 def read_password(user, confirm=True, validate=True, retry=True, validator=_read_password_default_validator):
     correct = False
-    pwd = ""
-    while not correct:
-        if not retry:
-            correct = True
-        pwd = get_password(user + " password: ")
-        if not pwd:
-            continue
-        if validate:
-            try:
-                validator(pwd)
-            except ValueError, e:
-                print str(e)
-                pwd = ""
+    pwd = None
+    try:
+        while not correct:
+            if not retry:
+                correct = True
+            pwd = get_password(user + " password: ")
+            if not pwd:
                 continue
-        if not confirm:
-            correct = True
-            continue
-        pwd_confirm = get_password("Password (confirm): ")
-        if pwd != pwd_confirm:
-            print "Password mismatch!"
-            print ""
-            pwd = ""
-        else:
-            correct = True
+            if validate:
+                try:
+                    validator(pwd)
+                except ValueError, e:
+                    print str(e)
+                    pwd = None
+                    continue
+            if not confirm:
+                correct = True
+                continue
+            pwd_confirm = get_password("Password (confirm): ")
+            if pwd != pwd_confirm:
+                print "Password mismatch!"
+                print ""
+                pwd = None
+            else:
+                correct = True
+    except EOFError:
+        return None
     print ""
     return pwd