diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/man/sss_obfuscate.8.xml | 4 | ||||
-rw-r--r-- | src/tools/sss_obfuscate | 33 |
2 files changed, 23 insertions, 14 deletions
diff --git a/src/man/sss_obfuscate.8.xml b/src/man/sss_obfuscate.8.xml index 55bb1c331..8b6a1727a 100644 --- a/src/man/sss_obfuscate.8.xml +++ b/src/man/sss_obfuscate.8.xml @@ -34,8 +34,8 @@ section of the SSSD config file. </para> <para> - The cleartext password can be specified as an extra argument to the - program or read from standard input. + The cleartext password can be specified as an argument to the + program, read from standard input or entered interactively. The obfuscated password is put into <quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the <quote>ldap_default_authtok_type</quote> parameter is set to diff --git a/src/tools/sss_obfuscate b/src/tools/sss_obfuscate index 220cd9bef..cd9116151 100644 --- a/src/tools/sss_obfuscate +++ b/src/tools/sss_obfuscate @@ -5,12 +5,19 @@ from optparse import OptionParser import pysss import SSSDConfig +import getpass def parse_options(): parser = OptionParser() + parser.set_description("sss_obfuscate converts a given password into \ + human-unreadable format and places it into \ + appropriate domain section of the SSSD config \ + file. The password can be passed in by stdin, \ + specified on the command-line or entered \ + interactively") parser.add_option("-s", "--stdin", action="store_true", dest="stdin", default=False, - help="Read input from stdin") + help="Read the password from stdin.") parser.add_option("-d", "--domain", dest="domain", default="default", help="The domain to use the password in (default: default)", @@ -19,26 +26,28 @@ def parse_options(): dest="filename", default=None, help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)", metavar="FILE") + parser.add_option("-p", "--password", + dest="password", default=None, + help="Password to obfuscate.", + metavar="PASSWORD") (options, args) = parser.parse_args() - # If no password given as positional paramater, read up from stdin - if len(args) == 0: - options.stdin = True - return options, args def main(): options, args = parse_options() if not options: - print >>sys.stderr, "Cannot parse options" + print >> sys.stderr, "Cannot parse options" return 1 - if not options.stdin: - try: - password = args[0] - except IndexError: # should never happen - print "Missing password parameter!" - return 1 + if not options.stdin and not options.password: + pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: ")) + p1, p2 = pprompt() + while p1 != p2: + print('Passwords do not match. Try again') + p1, p2 = pprompt() + password = p1 + else: try: password = sys.stdin.read() |