diff options
author | Jan Pokorný <jpokorny@redhat.com> | 2013-04-19 19:52:38 +0200 |
---|---|---|
committer | Jan Pokorný <jpokorny@redhat.com> | 2013-04-19 19:52:38 +0200 |
commit | b10a3f2dae32f3bfe1e325c4de9ba3af6d513bba (patch) | |
tree | 4195e6de4b2ddba3387338f4a792f008e77c1bd0 | |
parent | d7f115388096714df22052b4917427f7d9200dab (diff) | |
download | watch-bz-b10a3f2dae32f3bfe1e325c4de9ba3af6d513bba.tar.gz watch-bz-b10a3f2dae32f3bfe1e325c4de9ba3af6d513bba.tar.xz watch-bz-b10a3f2dae32f3bfe1e325c4de9ba3af6d513bba.zip |
avoid exposing password as a part of bugzilla command-line
-> new (optional, but recommended) dependency: expect
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
-rwxr-xr-x | watch-bz | 17 |
1 files changed, 16 insertions, 1 deletions
@@ -12,6 +12,7 @@ # (or pass such string as a 1st argument) # - optionally set BZUSER to avoid the need to login manually before # the "watch session"; you can set BZPASSWORD as well but be careful! +# 3. optionally install expect package (-> security++) set -u export LANG=C @@ -88,7 +89,21 @@ do_init () { [ -n "$BZPASSWORD" ] \ || read -s -t 60 -p 'Password (1 min timeout): ' BZPASSWORD \ || exit $? - "$BUGZILLA" --cookiefile="${BUGZILLA_COOKIE}" login "$BZUSER" $BZPASSWORD + if which expect &>/dev/null; then + expect - <<-EOF + log_user 0 + spawn $BUGZILLA --cookiefile=${BUGZILLA_COOKIE} login $BZUSER + expect "Password: " + send "${BZPASSWORD}\r" + send_user "wait a bit..." + expect eof + EOF + else + echo "Passing password through command-line argument is DANGEROUS" + local yn; read -p 'Continue? [yN]' yn + [ "${yn}" -ne "y" ] && exit + spawn $BUGZILLA --cookiefile=${BUGZILLA_COOKIE} login $BZUSER $BZPASSWORD + fi if [ $? -ne 0 ]; then echo "Cannot log in" exit 2 |