145 lines
4.1 KiB
Diff
145 lines
4.1 KiB
Diff
Index: git/keystoneclient/shell.py
|
|
===================================================================
|
|
--- git.orig/keystoneclient/shell.py 2014-09-17 13:06:07.761186569 -0400
|
|
+++ git/keystoneclient/shell.py 2014-09-22 15:10:36.326737219 -0400
|
|
@@ -24,6 +24,7 @@
|
|
|
|
from __future__ import print_function
|
|
|
|
+import os
|
|
import argparse
|
|
import getpass
|
|
import logging
|
|
@@ -32,6 +33,8 @@
|
|
|
|
import six
|
|
|
|
+import keyring
|
|
+
|
|
import keystoneclient
|
|
from keystoneclient import access
|
|
from keystoneclient.contrib.bootstrap import shell as shell_bootstrap
|
|
@@ -333,6 +336,11 @@
|
|
'--os-username or env[OS_USERNAME]')
|
|
|
|
if not args.os_password:
|
|
+ # priviledge check (only allow Keyring retrieval if we are root)
|
|
+ if os.geteuid() == 0:
|
|
+ args.os_password = keyring.get_password('CGCS', args.os_username)
|
|
+
|
|
+ if not args.os_password:
|
|
# No password, If we've got a tty, try prompting for it
|
|
if hasattr(sys.stdin, 'isatty') and sys.stdin.isatty():
|
|
# Check for Ctl-D
|
|
Index: git/keystoneclient/probe.py
|
|
===================================================================
|
|
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
|
+++ git/keystoneclient/probe.py 2014-09-23 10:41:57.758412311 -0400
|
|
@@ -0,0 +1,106 @@
|
|
+#
|
|
+# Copyright (c) 2014 Wind River Systems, Inc.
|
|
+# SPDX-License-Identifier: Apache-2.0
|
|
+#
|
|
+#
|
|
+#
|
|
+#
|
|
+
|
|
+"""
|
|
+OCF sanity probe to prevent cleartext password
|
|
+"""
|
|
+
|
|
+import os
|
|
+import sys
|
|
+import json
|
|
+import urllib2
|
|
+import datetime
|
|
+import keyring
|
|
+import logging
|
|
+import logging.handlers
|
|
+
|
|
+_loggers = {}
|
|
+
|
|
+def get_logger(name):
|
|
+ """ Get a logger or create one """
|
|
+ if name not in _loggers:
|
|
+ _loggers[name] = logging.getLogger(name)
|
|
+
|
|
+ return _loggers[name]
|
|
+
|
|
+
|
|
+def setup_logger(logger):
|
|
+ """ Setup a logger """
|
|
+ syslog_facility = logging.handlers.SysLogHandler.LOG_SYSLOG
|
|
+
|
|
+ formatter = logging.Formatter("probe_keyring[%(process)d] " +
|
|
+ "%(pathname)s:%(lineno)s " +
|
|
+ "%(levelname)8s [%(name)s] %(message)s")
|
|
+
|
|
+ handler = logging.handlers.SysLogHandler(address='/dev/log',
|
|
+ facility=syslog_facility)
|
|
+ handler.setLevel(logging.INFO)
|
|
+ handler.setFormatter(formatter)
|
|
+
|
|
+ logger.addHandler(handler)
|
|
+ logger.setLevel(logging.INFO)
|
|
+
|
|
+def configure():
|
|
+ """ Setup logging """
|
|
+ for logger in _loggers:
|
|
+ setup_logger(_loggers[logger])
|
|
+
|
|
+LOG = get_logger(__name__)
|
|
+
|
|
+def probe(auth_url, tenant, login):
|
|
+ """ Asks OpenStack Keystone for a token """
|
|
+
|
|
+ try:
|
|
+ url = auth_url + "tokens"
|
|
+ request_info = urllib2.Request(url)
|
|
+ request_info.add_header("Content-type", "application/json")
|
|
+ request_info.add_header("Accept", "application/json")
|
|
+ payload = json.dumps(
|
|
+ {"auth": {"tenantName": tenant,
|
|
+ "passwordCredentials": {"username": login,
|
|
+ "password": keyring.get_password('CGCS',login)}}})
|
|
+ request_info.add_data(payload)
|
|
+
|
|
+ request = urllib2.urlopen(request_info)
|
|
+ response = json.loads(request.read())
|
|
+ request.close()
|
|
+ return response['access']['token']['id']
|
|
+
|
|
+ except Exception as e:
|
|
+ LOG.error("%s, %s" % (e.code, e.read()))
|
|
+ return None
|
|
+
|
|
+def main():
|
|
+
|
|
+ global cmd_auth_url
|
|
+ global cmd_tenant
|
|
+ global cmd_os_username
|
|
+
|
|
+ cmd_auth_url = "http://127.0.0.1:5000/v2.0/tokens"
|
|
+ cmd_tenant = "tenant"
|
|
+ cmd_os_username = "username"
|
|
+
|
|
+ configure()
|
|
+
|
|
+# priviledge check (only allow Keyring retrieval if we are root)
|
|
+ if os.geteuid() == 0:
|
|
+ arg = 1
|
|
+ cmd_auth_url = sys.argv[arg]
|
|
+ arg += 1
|
|
+ cmd_tenant = sys.argv[arg]
|
|
+ arg += 1
|
|
+ cmd_os_username = sys.argv[arg]
|
|
+
|
|
+ try:
|
|
+ token_id = probe(cmd_auth_url, cmd_tenant, cmd_os_username)
|
|
+ if token_id is None:
|
|
+ sys.exit(-1)
|
|
+ sys.exit(0)
|
|
+ except Exception as e:
|
|
+ sys.exit(-1)
|
|
+
|