The perl-based maintenance commands (db2index.pl, etc) call stty to disable and enable terminal echo. A password can be piped in ("echo secret12 | db2index.pl -w - .." which succeeds, but prints a funky error. On HP-UX it's "stty: : Not a typewriter", on Linux "stty: standard input: Invalid argument".
Created attachment 437968 [details] patch proposal The perl file test operator -t makes it easy to test whether the file is connected to a TTY.
Well, the test works, but system("stty -echo"); does not. However, system("/bin/stty", "-echo"); does work, but is not portable. I guess if you specify just plain "stty" it has to invoke the shell to do the $PATH lookup, which I guess negates the stty -echo somehow. Need to investigate this some more.
To ssh://git.fedorahosted.org/git/389/ds.git f2a1d62..07d9cb2 master -> master commit 07d9cb2b67b32d321ebfca0a4f1e57791c5bf411 Author: Rich Megginson <rmeggins> Date: Mon Jan 24 08:37:52 2011 -0700 Author: ulf.weltman Reviewed by: rmeggins Branch: master Fix Description: Use -t STDIN to check if the terminal is a tty Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no
Which perl scripts should support piped passwords?
bak2db.pl db2bak.pl db2index.pl db2ldif.pl fixup-linkedattrs.pl fixup-memberof.pl ldif2db.pl ns-accountstatus.pl ns-activate.pl ns-inactivate.pl schema-reload.pl syntax-validate.pl usn-tombstone-cleanup.pl
1. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./db2index.pl -D "cn=Directory Manager" -n userRoot -w - Bind Password: adding new entry "cn=db2index_2011_6_16_18_57_12, cn=index, cn=tasks, cn=config" 2. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./db2bak.pl -D "cn=Directory Manager" -w - Bind Password: Back up directory: /var/lib/dirsrv/slapd-rhel61/bak/rhel61-2011_6_16_18_59_19 adding new entry "cn=backup_2011_6_16_18_59_19, cn=backup, cn=tasks, cn=config" 3. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./bak2db.pl -D "cn=Directory Manager" -w - -a /var/lib/dirsrv/slapd-rhel61/bak/rhel61-2011_6_16_18_59_19 Bind Password: adding new entry "cn=restore_2011_6_16_19_0_29, cn=restore, cn=tasks, cn=config" 4. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./db2ldif.pl -D "cn=Directory Manager" -w - -n userRoot Bind Password: 5. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./fixup-linkedattrs.pl -D "cn=Directory Manager" -w - Bind Password: adding new entry "cn=linked_attrs_fixup_2011_6_16_19_4_27, cn=fixup linked attributes, cn=tasks, cn=config" 6. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./fixup-memberof.pl -D "cn=Directory Manager" -w - -b "dc=example,dc=com" Bind Password: adding new entry "cn=memberOf_fixup_2011_6_16_19_5_45, cn=memberOf task, cn=tasks, cn=config" 7. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./ns-accountstatus.pl -D "cn=Directory Manager" -w - -I "dn:uid=aami,ou=people,dc=example,dc=com" Bind Password: No such object (32) Matched DN: ou=people,dc=example,dc=com 8. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./ns-activate.pl -D "cn=Directory Manager" -w - -I "dn:uid=aami,ou=people,dc=example,dc=com" Bind Password: No such object (32) Matched DN: ou=people,dc=example,dc=com 9. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./ns-inactivate.pl -D "cn=Directory Manager" -w - -I "dn:uid=aami,ou=people,dc=example,dc=com" Bind Password: No such object (32) Matched DN: ou=people,dc=example,dc=com 10. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./schema-reload.pl -D "cn=Directory Manager" -w - Bind Password: adding new entry "cn=schema_reload_2011_6_16_19_10_12, cn=schema reload task, cn=tasks, cn=config" 11. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./syntax-validate.pl -D "cn=Directory Manager" -w - -b "dn:uid=aami,ou=people,dc=example,dc=com" Bind Password: adding new entry "cn=syntax_validate_2011_6_16_19_11_0, cn=syntax validate, cn=tasks, cn=config" 12. [root@rhel61 slapd-rhel61]# echo "Secret123" | ./usn-tombstone-cleanup.pl -D "cn=Directory Manager" -w - -n userRoot Bind Password: adding new entry "cn=usn_cleanup_2011_6_16_19_11_46, cn=USN tombstone cleanup task, cn=tasks, cn=config" hence Verified.