summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/man/sss_obfuscate.8.xml4
-rw-r--r--src/tools/sss_obfuscate33
2 files changed, 23 insertions, 14 deletions
diff --git a/src/man/sss_obfuscate.8.xml b/src/man/sss_obfuscate.8.xml
index 55bb1c33..8b6a1727 100644
--- a/src/man/sss_obfuscate.8.xml
+++ b/src/man/sss_obfuscate.8.xml
@@ -34,8 +34,8 @@
section of the SSSD config file.
</para>
<para>
- The cleartext password can be specified as an extra argument to the
- program or read from standard input.
+ The cleartext password can be specified as an argument to the
+ program, read from standard input or entered interactively.
The obfuscated password is put into <quote>ldap_default_authtok</quote>
parameter of a given SSSD domain and the
<quote>ldap_default_authtok_type</quote> parameter is set to
diff --git a/src/tools/sss_obfuscate b/src/tools/sss_obfuscate
index 220cd9be..cd911615 100644
--- a/src/tools/sss_obfuscate
+++ b/src/tools/sss_obfuscate
@@ -5,12 +5,19 @@ from optparse import OptionParser
import pysss
import SSSDConfig
+import getpass
def parse_options():
parser = OptionParser()
+ parser.set_description("sss_obfuscate converts a given password into \
+ human-unreadable format and places it into \
+ appropriate domain section of the SSSD config \
+ file. The password can be passed in by stdin, \
+ specified on the command-line or entered \
+ interactively")
parser.add_option("-s", "--stdin", action="store_true",
dest="stdin", default=False,
- help="Read input from stdin")
+ help="Read the password from stdin.")
parser.add_option("-d", "--domain",
dest="domain", default="default",
help="The domain to use the password in (default: default)",
@@ -19,26 +26,28 @@ def parse_options():
dest="filename", default=None,
help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)",
metavar="FILE")
+ parser.add_option("-p", "--password",
+ dest="password", default=None,
+ help="Password to obfuscate.",
+ metavar="PASSWORD")
(options, args) = parser.parse_args()
- # If no password given as positional paramater, read up from stdin
- if len(args) == 0:
- options.stdin = True
-
return options, args
def main():
options, args = parse_options()
if not options:
- print >>sys.stderr, "Cannot parse options"
+ print >> sys.stderr, "Cannot parse options"
return 1
- if not options.stdin:
- try:
- password = args[0]
- except IndexError: # should never happen
- print "Missing password parameter!"
- return 1
+ if not options.stdin and not options.password:
+ pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: "))
+ p1, p2 = pprompt()
+ while p1 != p2:
+ print('Passwords do not match. Try again')
+ p1, p2 = pprompt()
+ password = p1
+
else:
try:
password = sys.stdin.read()