erp5testnode: make shellinabox reusing password file of pwgen

57707289 · Sebastien Robin · bb2c875c · 57707289 · 57707289 · 57707289
Commit 57707289 authored Mar 16, 2017 by Sebastien Robin
3 changed files
--- a/slapos/recipe/shellinabox.py
+++ b/slapos/recipe/shellinabox.py
@@ -25,6 +25,7 @@
 #
 ##############################################################################
 from getpass import getpass
+import hmac
 import pwd
 import grp
 import os
@@ -33,19 +34,24 @@ import shlex
 from slapos.recipe.librecipe import GenericBaseRecipe

 def login_shell(args):
-  password = args['password']
-  
-  if (password != ''):
-    entered_password = getpass()
-  else:
-    entered_password = ''
+  password_file = args['password-file']
+  if password_file:
+    with open(password_file, 'r') as password_file:
+      password = password_file.read()

-  if entered_password != password:
-    return 1
+    if (password != ''):
+      entered_password = getpass()
+    else:
+      entered_password = ''
+
+    if not hmac.compare_digest(entered_password, password):
+      return 1
+    else:
+      commandline = shlex.split(args['shell'])
+      path = commandline[0]
+      os.execv(path, commandline)
  else:
-    commandline = shlex.split(args['shell'])
-    path = commandline[0]
-    os.execv(path, commandline)
+    return 1

 def shellinabox(args):
  certificate_dir = args['certificate_dir']
@@ -95,7 +101,7 @@ class Recipe(GenericBaseRecipe):
      self.options['login-shell'],
      '%s.login_shell' % __name__,
      {
-        'password': self.options['password'],
+        'password-file': self.options['password-file'],
        'shell': self.options['shell']
      }
    )

--- a/software/erp5testnode/instance-default.cfg
+++ b/software/erp5testnode/instance-default.cfg
@@ -94,7 +94,7 @@ port = 8080
 shell = $${shell:wrapper}
 wrapper = $${rootdirectory:bin}/shellinaboxd
 shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd
-password = $${pwgen:passwd}
+password-file = $${pwgen:storage-path}
 directory = $${buildout:directory}/
 login-shell = $${rootdirectory:bin}/login
 certificate-directory = $${directory:shellinabox}

--- a/software/erp5testnode/software.cfg
+++ b/software/erp5testnode/software.cfg
@@ -56,7 +56,7 @@ recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-default.cfg
 output = ${buildout:directory}/template-default.cfg
 mode = 0644
-md5sum =  8e171816b6caef52ac75c2f8f6a69fc3
+md5sum = 05519f3887a309d3ec069e0aa9f52ebc

 [versions]
 PyXML = 0.8.5