Fix setting passwords with special characters
Password strings with special characters were not being correctly escaped. If --insecure is used the argument should be wrapped in single quotes or escaped per character and there is nothing that can be done about that since the shell messes with the arguments before even passed to the command. Change-Id: Ida14fa62faad4b5793f9736ce079fcfd4af6523e
This commit is contained in:
parent
8b2f52e2c6
commit
a0441f7455
|
@ -19,6 +19,7 @@ from kolla_cli.common.passwords import init_passwords
|
|||
from kolla_cli.common.passwords import set_password
|
||||
from kolla_cli.common.passwords import set_password_sshkey
|
||||
from kolla_cli.common.utils import check_arg
|
||||
from kolla_cli.common.utils import disallow_chars
|
||||
|
||||
|
||||
class PasswordApi(object):
|
||||
|
@ -32,9 +33,13 @@ class PasswordApi(object):
|
|||
:param value: value of the password
|
||||
:type value: string
|
||||
"""
|
||||
check_arg(name, u._('Password name'), str)
|
||||
check_arg(value, u._('Password value'), str, display_param=False,
|
||||
password_name_string = u._('Password name')
|
||||
password_value_string = u._('Password value')
|
||||
check_arg(name, password_name_string, str)
|
||||
disallow_chars(name, password_name_string, '\'')
|
||||
check_arg(value, password_value_string, str, display_param=False,
|
||||
empty_ok=True, none_ok=True)
|
||||
disallow_chars(value, password_value_string, '\'')
|
||||
set_password(name, value)
|
||||
|
||||
def password_set_sshkey(self, name, private_key, public_key):
|
||||
|
@ -48,9 +53,15 @@ class PasswordApi(object):
|
|||
:param public_key: ssh public key
|
||||
:type value: string
|
||||
"""
|
||||
check_arg(name, u._('Password name'), str)
|
||||
check_arg(private_key, u._('Private key'), str, display_param=False)
|
||||
check_arg(public_key, u._('Public key'), str, display_param=False)
|
||||
password_name_string = u._('Password name')
|
||||
private_key_string = u._('Private key')
|
||||
public_key_string = u._('Public key')
|
||||
check_arg(name, password_name_string, str)
|
||||
disallow_chars(name, password_name_string, '\'')
|
||||
check_arg(private_key, private_key_string, str, display_param=False)
|
||||
disallow_chars(private_key, private_key_string, '\'')
|
||||
check_arg(public_key, public_key_string, str, display_param=False)
|
||||
disallow_chars(public_key, public_key_string, '\'')
|
||||
set_password_sshkey(name, private_key, public_key)
|
||||
|
||||
def password_clear(self, name):
|
||||
|
@ -60,7 +71,9 @@ class PasswordApi(object):
|
|||
:param name: name of the password
|
||||
:type name: string
|
||||
"""
|
||||
check_arg(name, u._('Password name'), str)
|
||||
password_name_string = u._('Password name')
|
||||
check_arg(name, password_name_string, str)
|
||||
disallow_chars(name, password_name_string, '\'')
|
||||
clear_password(name)
|
||||
|
||||
def password_get_names(self):
|
||||
|
|
|
@ -31,8 +31,8 @@ def set_password(pwd_key, pwd_value):
|
|||
if not pwd_value:
|
||||
pwd_value = ''
|
||||
value_switch = ''
|
||||
cmd = '%s -k %s %s %s' % (_get_cmd_prefix(), pwd_key, value_switch,
|
||||
pwd_value)
|
||||
cmd = '%s -k \'%s\' %s \'%s\'' % (_get_cmd_prefix(), pwd_key, value_switch,
|
||||
pwd_value)
|
||||
err_msg, output = utils.run_cmd(cmd, print_output=False)
|
||||
if err_msg:
|
||||
raise FailedOperation(
|
||||
|
@ -41,8 +41,8 @@ def set_password(pwd_key, pwd_value):
|
|||
|
||||
|
||||
def set_password_sshkey(pwd_key, private_key, public_key):
|
||||
cmd = '%s -k %s -r "%s" -u "%s"' % (_get_cmd_prefix(), pwd_key,
|
||||
private_key, public_key)
|
||||
cmd = '%s -k \'%s\' -r \'%s\' -u \'%s\'' % (_get_cmd_prefix(), pwd_key,
|
||||
private_key, public_key)
|
||||
err_msg, output = utils.run_cmd(cmd, print_output=False)
|
||||
if err_msg:
|
||||
raise FailedOperation(
|
||||
|
@ -55,7 +55,7 @@ def clear_password(pwd_key):
|
|||
|
||||
if the password exists, it will be removed from the passwords file
|
||||
"""
|
||||
cmd = '%s -k %s -c' % (_get_cmd_prefix(), pwd_key)
|
||||
cmd = '%s -k \'%s\' -c' % (_get_cmd_prefix(), pwd_key)
|
||||
err_msg, output = utils.run_cmd(cmd, print_output=False)
|
||||
if err_msg:
|
||||
raise FailedOperation('%s %s' % (err_msg, output))
|
||||
|
|
|
@ -163,7 +163,6 @@ def run_cmd(cmd, print_output=True):
|
|||
not None=command failed
|
||||
- output: string: all the output of the run command
|
||||
"""
|
||||
err = None
|
||||
output = None
|
||||
try:
|
||||
process = subprocess.Popen(cmd, shell=True, # nosec
|
||||
|
@ -464,6 +463,17 @@ def check_arg(param, param_name, expected_type, none_ok=False, empty_ok=False,
|
|||
type=expected_type))
|
||||
|
||||
|
||||
def disallow_chars(param, param_name, chars):
|
||||
if param is None:
|
||||
return
|
||||
|
||||
for char in chars:
|
||||
if char in param:
|
||||
raise InvalidArgument(
|
||||
u._('{name} contains invalid character {chars}')
|
||||
.format(name=param_name, chars=chars))
|
||||
|
||||
|
||||
class Lock(object):
|
||||
"""Object which represents an exclusive resource lock
|
||||
|
||||
|
|
Loading…
Reference in New Issue