From 8d00718b943ab8b326320feb50820f0663031817 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Mon, 17 Jan 2011 10:31:52 -0500
Subject: Fix usability of sss_obfuscate command

---
 src/man/sss_obfuscate.8.xml |  4 ++--
 src/tools/sss_obfuscate     | 33 +++++++++++++++++++++------------
 2 files changed, 23 insertions(+), 14 deletions(-)

(limited to 'src')

diff --git a/src/man/sss_obfuscate.8.xml b/src/man/sss_obfuscate.8.xml
index 55bb1c331..8b6a1727a 100644
--- a/src/man/sss_obfuscate.8.xml
+++ b/src/man/sss_obfuscate.8.xml
@@ -34,8 +34,8 @@
             section of the SSSD config file.
         </para>
         <para>
-            The cleartext password can be specified as an extra argument to the
-            program or read from standard input.
+            The cleartext password can be specified as an argument to the
+            program, read from standard input or entered interactively.
             The obfuscated password is put into <quote>ldap_default_authtok</quote>
             parameter of a given SSSD domain and the
             <quote>ldap_default_authtok_type</quote> parameter is set to
diff --git a/src/tools/sss_obfuscate b/src/tools/sss_obfuscate
index 220cd9bef..cd9116151 100644
--- a/src/tools/sss_obfuscate
+++ b/src/tools/sss_obfuscate
@@ -5,12 +5,19 @@ from optparse import OptionParser
 
 import pysss
 import SSSDConfig
+import getpass
 
 def parse_options():
     parser = OptionParser()
+    parser.set_description("sss_obfuscate converts a given password into \
+                            human-unreadable format and places it into \
+                            appropriate domain section of the SSSD config \
+                            file. The password can be passed in by stdin, \
+                            specified on the command-line or entered \
+                            interactively")
     parser.add_option("-s", "--stdin", action="store_true",
                       dest="stdin", default=False,
-                      help="Read input from stdin")
+                      help="Read the password from stdin.")
     parser.add_option("-d", "--domain",
                       dest="domain", default="default",
                       help="The domain to use the password in (default: default)",
@@ -19,26 +26,28 @@ def parse_options():
                       dest="filename", default=None,
                       help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)",
                       metavar="FILE")
+    parser.add_option("-p", "--password",
+                      dest="password", default=None,
+                      help="Password to obfuscate.",
+                      metavar="PASSWORD")
     (options, args) = parser.parse_args()
 
-    # If no password given as positional paramater, read up from stdin
-    if len(args) == 0:
-        options.stdin = True
-
     return options, args
 
 def main():
     options, args = parse_options()
     if not options:
-        print >>sys.stderr, "Cannot parse options"
+        print >> sys.stderr, "Cannot parse options"
         return 1
 
-    if not options.stdin:
-        try:
-            password = args[0]
-        except IndexError:  # should never happen
-            print "Missing password parameter!"
-            return 1
+    if not options.stdin and not options.password:
+        pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: "))
+        p1, p2 = pprompt()
+        while p1 != p2:
+            print('Passwords do not match. Try again')
+            p1, p2 = pprompt()
+        password = p1
+
     else:
         try:
             password = sys.stdin.read()
-- 
cgit