Bug 622907 - support piped passwords to perl-based maintenance commands
support piped passwords to perl-based maintenance commands
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Command Line Utilities (Show other bugs)
1.2.6
All All
medium Severity medium
: ---
: ---
Assigned To: Nathan Kinder
Viktor Ashirov
:
Depends On:
Blocks: 639035 389_1.2.8
  Show dependency treegraph
 
Reported: 2010-08-10 14:34 EDT by Ulf Weltman
Modified: 2015-12-07 12:15 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 12:15:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch proposal (8.04 KB, patch)
2010-08-10 14:36 EDT, Ulf Weltman
no flags Details | Diff

  None (edit)
Description Ulf Weltman 2010-08-10 14:34:31 EDT
The perl-based maintenance commands (db2index.pl, etc) call stty to disable and enable terminal echo.  A password can be piped in ("echo secret12 | db2index.pl -w - .." which succeeds, but prints a funky error.  On HP-UX it's "stty: : Not a typewriter", on Linux "stty: standard input: Invalid argument".
Comment 1 Ulf Weltman 2010-08-10 14:36:33 EDT
Created attachment 437968 [details]
patch proposal

The perl file test operator -t makes it easy to test whether the file is connected to a TTY.
Comment 4 Rich Megginson 2011-01-21 19:30:01 EST
Well, the test works, but
 system("stty -echo");
does not.  However,
 system("/bin/stty", "-echo");
does work, but is not portable.  I guess if you specify just plain "stty" it has to invoke the shell to do the $PATH lookup, which I guess negates the stty -echo somehow.  Need to investigate this some more.
Comment 5 Rich Megginson 2011-01-24 10:53:18 EST
To ssh://git.fedorahosted.org/git/389/ds.git
   f2a1d62..07d9cb2  master -> master
commit 07d9cb2b67b32d321ebfca0a4f1e57791c5bf411
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Mon Jan 24 08:37:52 2011 -0700
    Author: ulf.weltman@hp.com
    Reviewed by: rmeggins
    Branch: master
    Fix Description: Use -t STDIN to check if the terminal is a tty
    Platforms tested: RHEL6 x86_64
    Flag Day: no
    Doc impact: no
Comment 6 Jenny Galipeau 2011-06-07 08:19:26 EDT
Which perl scripts should support piped passwords?
Comment 7 Rich Megginson 2011-06-07 11:56:05 EDT
bak2db.pl db2bak.pl db2index.pl db2ldif.pl fixup-linkedattrs.pl fixup-memberof.pl ldif2db.pl ns-accountstatus.pl ns-activate.pl ns-inactivate.pl schema-reload.pl syntax-validate.pl usn-tombstone-cleanup.pl
Comment 8 Amita Sharma 2011-06-16 09:42:09 EDT
1.
[root@rhel61 slapd-rhel61]# echo "Secret123" | ./db2index.pl -D "cn=Directory Manager" -n userRoot -w -
Bind Password: 
adding new entry "cn=db2index_2011_6_16_18_57_12, cn=index, cn=tasks, cn=config"

2.
[root@rhel61 slapd-rhel61]#  echo "Secret123" | ./db2bak.pl -D "cn=Directory Manager" -w -
Bind Password: 
Back up directory: /var/lib/dirsrv/slapd-rhel61/bak/rhel61-2011_6_16_18_59_19
adding new entry "cn=backup_2011_6_16_18_59_19, cn=backup, cn=tasks, cn=config"

3.
[root@rhel61 slapd-rhel61]# echo "Secret123" | ./bak2db.pl -D "cn=Directory Manager" -w - -a /var/lib/dirsrv/slapd-rhel61/bak/rhel61-2011_6_16_18_59_19
Bind Password: 
adding new entry "cn=restore_2011_6_16_19_0_29, cn=restore, cn=tasks, cn=config"

4.
[root@rhel61 slapd-rhel61]# echo "Secret123" | ./db2ldif.pl -D "cn=Directory Manager" -w - -n userRoot
Bind Password: 

5. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./fixup-linkedattrs.pl -D "cn=Directory Manager" -w -
Bind Password: 
adding new entry "cn=linked_attrs_fixup_2011_6_16_19_4_27, cn=fixup linked attributes, cn=tasks, cn=config"

6. 
[root@rhel61 slapd-rhel61]# echo "Secret123" | ./fixup-memberof.pl -D "cn=Directory Manager" -w - -b "dc=example,dc=com"
Bind Password: 
adding new entry "cn=memberOf_fixup_2011_6_16_19_5_45, cn=memberOf task, cn=tasks, cn=config"

7.
[root@rhel61 slapd-rhel61]# echo "Secret123" | ./ns-accountstatus.pl -D "cn=Directory Manager"  -w - -I "dn:uid=aami,ou=people,dc=example,dc=com"
Bind Password: 
No such object (32)
Matched DN: ou=people,dc=example,dc=com

8. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./ns-activate.pl -D "cn=Directory Manager"  -w - -I "dn:uid=aami,ou=people,dc=example,dc=com"
Bind Password: 
No such object (32)
Matched DN: ou=people,dc=example,dc=com

9. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./ns-inactivate.pl -D "cn=Directory Manager"  -w - -I "dn:uid=aami,ou=people,dc=example,dc=com"
Bind Password: 
No such object (32)
Matched DN: ou=people,dc=example,dc=com

10. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./schema-reload.pl -D "cn=Directory Manager"  -w -
Bind Password: 
adding new entry "cn=schema_reload_2011_6_16_19_10_12, cn=schema reload task, cn=tasks, cn=config"

11. 
[root@rhel61 slapd-rhel61]# echo "Secret123" | ./syntax-validate.pl -D "cn=Directory Manager"  -w - -b "dn:uid=aami,ou=people,dc=example,dc=com"
Bind Password: 
adding new entry "cn=syntax_validate_2011_6_16_19_11_0, cn=syntax validate, cn=tasks, cn=config"


12.
[root@rhel61 slapd-rhel61]# echo "Secret123" | ./usn-tombstone-cleanup.pl -D "cn=Directory Manager"  -w - -n userRoot
Bind Password: 
adding new entry "cn=usn_cleanup_2011_6_16_19_11_46, cn=USN tombstone cleanup task, cn=tasks, cn=config"


hence Verified.

Note You need to log in before you can comment on or make changes to this bug.