diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-10-06 08:22:08 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-10-06 08:28:15 +0200 |
| commit | 185ca8f6fc5e69e989e473c8b1d066aa2d8e5cb1 (patch) | |
| tree | 5e74685f51c038463b24e9de7fe231fd84fc5c3e | |
| parent | 7d5106de976140e8425152a83a300be9dc49372a (diff) | |
| download | freeipa.git-185ca8f6fc5e69e989e473c8b1d066aa2d8e5cb1.tar.gz freeipa.git-185ca8f6fc5e69e989e473c8b1d066aa2d8e5cb1.tar.xz freeipa.git-185ca8f6fc5e69e989e473c8b1d066aa2d8e5cb1.zip | |
Install tools crash when password prompt is interrupted
When getpass.getpass() function is interrupted via CTRL+D, EOFError
exception is thrown. Most of the install tools are not prepared for
this event and crash with this exception. Make sure that it is
handled properly and nice error message is printed.
https://fedorahosted.org/freeipa/ticket/1916
| -rwxr-xr-x | install/tools/ipa-ca-install | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-compat-manage | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-csreplica-manage | 7 | ||||
| -rwxr-xr-x | install/tools/ipa-dns-install | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-ldap-updater | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-managed-entries | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-nis-manage | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-conncheck | 8 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-install | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-manage | 7 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-prepare | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-server-certinstall | 8 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 7 | ||||
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 13 | ||||
| -rw-r--r-- | ipaserver/install/installutils.py | 49 |
15 files changed, 81 insertions, 34 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 37fa6269..bfb947bc 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -98,6 +98,8 @@ def main(): dirman_password = get_dirman_password() except KeyboardInterrupt: sys.exit(0) + if dirman_password is None: + sys.exit("\nDirectory Manager password required") if not options.admin_password and not options.skip_conncheck and \ options.unattended: diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index 07531fdd..898a797c 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -100,6 +100,8 @@ def main(): dirman_password = pw.strip() else: dirman_password = get_dirman_password() + if dirman_password is None: + sys.exit("\nDirectory Manager password required") api.bootstrap(context='cli', debug=options.debug) api.finalize() diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index c33f3bc5..3b08abd4 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -22,7 +22,7 @@ import sys import os -import getpass, ldap, krbV +import ldap, krbV import logging from ipapython import ipautil @@ -400,7 +400,10 @@ def main(): if options.dirman_passwd: dirman_passwd = options.dirman_passwd else: - dirman_passwd = getpass.getpass("Directory Manager password: ") + dirman_passwd = installutils.read_password("Directory Manager", confirm=False, + validate=False, retry=False) + if dirman_passwd is None: + sys.exit("\nDirectory Manager password required") options.dirman_passwd = dirman_passwd diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 9869eae8..d81b6a2e 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -128,6 +128,8 @@ def main(): dm_password = options.dm_password or read_password("Directory Manager", confirm=False, validate=False) + if dm_password is None: + sys.exit("\nDirectory Manager password required") bind = bindinstance.BindInstance(fstore, dm_password) # try the connection diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater index 5b63c120..6ecb8c15 100755 --- a/install/tools/ipa-ldap-updater +++ b/install/tools/ipa-ldap-updater @@ -96,6 +96,8 @@ def main(): else: if (options.ask_password or not options.ldapi) and not options.upgrade: dirman_password = get_dirman_password() + if dirman_password is None: + sys.exit("\nDirectory Manager password required") files = [] if len(args) > 0: diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries index 9b3f5471..16f0a956 100755 --- a/install/tools/ipa-managed-entries +++ b/install/tools/ipa-managed-entries @@ -112,6 +112,8 @@ def main(): dirman_password = options.dirman_password else: dirman_password = get_dirman_password() + if dirman_password is None: + sys.exit("\nDirectory Manager password required") conn.do_simple_bind(bindpw=dirman_password) except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server.\n%s\n" % diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index 542736a8..886f23ab 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -111,6 +111,8 @@ def main(): dirman_password = pw.strip() else: dirman_password = get_dirman_password() + if dirman_password is None: + sys.exit("\nDirectory Manager password required") if not dirman_password: sys.exit("No password supplied") diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 09567d6e..e9d78a06 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -22,6 +22,7 @@ from ipapython.config import IPAOptionParser from ipapython import version from ipapython import ipautil from ipapython.ipautil import CalledProcessError +from ipaserver.install import installutils import ipaclient.ipachangeconf from optparse import OptionGroup import logging @@ -29,7 +30,6 @@ import sys import os import signal import tempfile -import getpass import socket import time import threading @@ -314,7 +314,11 @@ def main(): if options.password: password=options.password else: - password = getpass.getpass("Password for %s: " % principal) + password = installutils.read_password(principal, confirm=False, + validate=False, retry=False) + if password is None: + sys.exit("\nPrincipal password required") + stderr='' (stdout, stderr, returncode) = ipautil.run(['/usr/bin/kinit', principal], diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 624e6ea8..356e533c 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -310,6 +310,8 @@ def main(): dirman_password = get_dirman_password() except KeyboardInterrupt: sys.exit(0) + if dirman_password is None: + sys.exit("\nDirectory Manager password required") try: top_dir, dir = expand_replica_info(filename, dirman_password) diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index c3dd0b3f..84cfd8f3 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -20,7 +20,7 @@ import sys import os -import getpass, ldap, re, krbV +import ldap, re, krbV import traceback, logging from ipapython import ipautil @@ -444,7 +444,10 @@ def main(): dirman_passwd = options.dirman_passwd else: if not test_connection(realm, host): - dirman_passwd = getpass.getpass("Directory Manager password: ") + dirman_passwd = installutils.read_password("Directory Manager", + confirm=False, validate=False, retry=False) + if dirman_passwd is None: + sys.exit("\nDirectory Manager password required") options.dirman_passwd = dirman_passwd diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 038fd69c..eb93bc85 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -292,6 +292,8 @@ def main(): dirman_password = get_dirman_password() except KeyboardInterrupt: sys.exit(0) + if dirman_password is None: + sys.exit("\nDirectory Manager password required") # Try out the password try: diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall index 312d4120..901678b2 100755 --- a/install/tools/ipa-server-certinstall +++ b/install/tools/ipa-server-certinstall @@ -25,14 +25,13 @@ import tempfile import traceback -import krbV, getpass +import krbV from ipapython.ipautil import user_input from ipaserver.install import certs, dsinstance, httpinstance, installutils from ipalib import api from ipaserver.plugins.ldap2 import ldap2 -from ipaserver.install import installutils def get_realm_name(): c = krbV.default_context() @@ -132,7 +131,10 @@ def main(): try: if options.dirsrv: - dm_password = getpass.getpass("Directory Manager password: ") + dm_password = installutils.read_password("Directory Manager", + confirm=False, validate=False, retry=False) + if dm_password is None: + sys.exit("\nDirectory Manager password required") realm = get_realm_name() dirname = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm)) fd = open(dirname + "/pwdfile.txt") diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index cf00d5fa..fe91fe5b 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -642,6 +642,8 @@ def main(): # This will override any settings passed in on the cmdline if ipautil.file_exists(ANSWER_CACHE): dm_password = read_password("Directory Manager", confirm=False) + if dm_password is None: + sys.exit("\nDirectory Manager password required") options._update_loose(read_cache(dm_password)) if options.external_cert_file: @@ -807,6 +809,9 @@ def main(): if not options.dm_password: dm_password = read_dm_password() + + if dm_password is None: + sys.exit("\nDirectory Manager password required") else: dm_password = options.dm_password @@ -817,6 +822,8 @@ def main(): if not options.admin_password: admin_password = read_admin_password() + if admin_password is None: + sys.exit("\nIPA admin password required") else: admin_password = options.admin_password diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 1c28e87c..27104fc1 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -942,7 +942,10 @@ def install(options, env, fstore, statestore): stdin = options.password else: if not options.unattended: - stdin = getpass.getpass("Password for %s: " % principal) + try: + stdin = getpass.getpass("Password for %s: " % principal) + except EOFError: + stdin = None if not stdin: print "Password must be provided for %s. " % \ principal @@ -967,7 +970,13 @@ def install(options, env, fstore, statestore): if options.unattended: print "Password must be provided in non-interactive mode" return CLIENT_INSTALL_ERROR - password = getpass.getpass("Password: ") + try: + password = getpass.getpass("Password: ") + except EOFError: + password = None + if not password: + print "Password must be provided." + return CLIENT_INSTALL_ERROR join_args.append("-w") join_args.append(password) nolog = (password,) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 6ae117cb..b3ee7e99 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -319,30 +319,33 @@ def _read_password_default_validator(password): def read_password(user, confirm=True, validate=True, retry=True, validator=_read_password_default_validator): correct = False - pwd = "" - while not correct: - if not retry: - correct = True - pwd = get_password(user + " password: ") - if not pwd: - continue - if validate: - try: - validator(pwd) - except ValueError, e: - print str(e) - pwd = "" + pwd = None + try: + while not correct: + if not retry: + correct = True + pwd = get_password(user + " password: ") + if not pwd: continue - if not confirm: - correct = True - continue - pwd_confirm = get_password("Password (confirm): ") - if pwd != pwd_confirm: - print "Password mismatch!" - print "" - pwd = "" - else: - correct = True + if validate: + try: + validator(pwd) + except ValueError, e: + print str(e) + pwd = None + continue + if not confirm: + correct = True + continue + pwd_confirm = get_password("Password (confirm): ") + if pwd != pwd_confirm: + print "Password mismatch!" + print "" + pwd = None + else: + correct = True + except EOFError: + return None print "" return pwd |