1 |
prometheanfire 13/05/24 14:26:59 |
2 |
|
3 |
Added: 0.2.3-CVE-2013-2013.patch |
4 |
Log: |
5 |
updating keystoneclient for CVE-2013-2013 |
6 |
|
7 |
(Portage version: 2.1.11.62/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 dev-python/python-keystoneclient/files/0.2.3-CVE-2013-2013.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/python-keystoneclient/files/0.2.3-CVE-2013-2013.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/python-keystoneclient/files/0.2.3-CVE-2013-2013.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: 0.2.3-CVE-2013-2013.patch |
16 |
=================================================================== |
17 |
From f2e0818bc97bfbeba83f6abbb07909a8debcad77 Mon Sep 17 00:00:00 2001 |
18 |
From: Pradeep Kilambi <pkilambi@×××××.com> |
19 |
Date: Thu, 9 May 2013 09:29:02 -0700 |
20 |
Subject: [PATCH] Allow secure user password update. |
21 |
|
22 |
This patch allows the ability for user password to be updated via |
23 |
a command prompt so the password doesnt show up in the bash history. |
24 |
The prompted password is asked twice to verify the match. |
25 |
If user cntl-D's the prompt a message appears suggesting user to use |
26 |
either of the options to update the password. |
27 |
|
28 |
Fixes: bug#938315 |
29 |
|
30 |
Change-Id: I4271ae569b922f33c34f9b015a7ee6f760414e39 |
31 |
--- |
32 |
keystoneclient/utils.py | 23 ++++++++++++++++++++++- |
33 |
keystoneclient/v2_0/shell.py | 10 ++++++++-- |
34 |
2 files changed, 30 insertions(+), 3 deletions(-) |
35 |
|
36 |
diff --git a/keystoneclient/utils.py b/keystoneclient/utils.py |
37 |
index 3d708ca..f45ec34 100644 |
38 |
--- a/keystoneclient/utils.py |
39 |
+++ b/keystoneclient/utils.py |
40 |
@@ -1,5 +1,7 @@ |
41 |
-import uuid |
42 |
+import getpass |
43 |
import hashlib |
44 |
+import sys |
45 |
+import uuid |
46 |
|
47 |
import prettytable |
48 |
|
49 |
@@ -128,3 +130,22 @@ def hash_signed_token(signed_text): |
50 |
hash_ = hashlib.md5() |
51 |
hash_.update(signed_text) |
52 |
return hash_.hexdigest() |
53 |
+ |
54 |
+ |
55 |
+def prompt_for_password(): |
56 |
+ """ |
57 |
+ Prompt user for password if not provided so the password |
58 |
+ doesn't show up in the bash history. |
59 |
+ """ |
60 |
+ if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()): |
61 |
+ # nothing to do |
62 |
+ return |
63 |
+ |
64 |
+ while True: |
65 |
+ try: |
66 |
+ new_passwd = getpass.getpass('New Password: ') |
67 |
+ rep_passwd = getpass.getpass('Repeat New Password: ') |
68 |
+ if new_passwd == rep_passwd: |
69 |
+ return new_passwd |
70 |
+ except EOFError: |
71 |
+ return |
72 |
diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py |
73 |
index 4c53cf7..0c7c233 100755 |
74 |
--- a/keystoneclient/v2_0/shell.py |
75 |
+++ b/keystoneclient/v2_0/shell.py |
76 |
@@ -17,6 +17,7 @@ |
77 |
|
78 |
import argparse |
79 |
import getpass |
80 |
+import sys |
81 |
|
82 |
from keystoneclient.v2_0 import client |
83 |
from keystoneclient import utils |
84 |
@@ -103,14 +104,19 @@ def do_user_update(kc, args): |
85 |
print 'Unable to update user: %s' % e |
86 |
|
87 |
|
88 |
-@×××××.arg('--pass', metavar='<password>', dest='passwd', required=True, |
89 |
+@×××××.arg('--pass', metavar='<password>', dest='passwd', required=False, |
90 |
help='Desired new password') |
91 |
@utils.arg('user', metavar='<user>', |
92 |
help='Name or ID of user to update password') |
93 |
def do_user_password_update(kc, args): |
94 |
"""Update user password""" |
95 |
user = utils.find_resource(kc.users, args.user) |
96 |
- kc.users.update_password(user, args.passwd) |
97 |
+ new_passwd = args.passwd or utils.prompt_for_password() |
98 |
+ if new_passwd is None: |
99 |
+ msg = ("\nPlease specify password using the --pass option " |
100 |
+ "or using the prompt") |
101 |
+ sys.exit(msg) |
102 |
+ kc.users.update_password(user, new_passwd) |
103 |
|
104 |
|
105 |
@utils.arg('--current-password', metavar='<current-password>', |
106 |
-- |
107 |
1.8.1.5 |