Skip to content

slapos
slapos
Commit 08b68618 authored by Sebastien Robin's avatar Sebastien Robin
Browse files
Options

erp5testnode: store shellinabox password in a dedicated file (part 2)

parent f11280ab
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 11 deletions
slapos/recipe/shellinabox.py
View file @ 08b68618
...@@ -25,6 +25,7 @@ ...@@ -25,6 +25,7 @@
# #
############################################################################## ##############################################################################
from getpass import getpass from getpass import getpass
import hmac
import pwd import pwd
import grp import grp
import os import os
...@@ -33,9 +34,9 @@ import shlex ...@@ -33,9 +34,9 @@ import shlex
from slapos.recipe.librecipe import GenericBaseRecipe from slapos.recipe.librecipe import GenericBaseRecipe
def login_shell(args): def login_shell(args):
shellinabox_password_file = args['shellinabox-password-file'] password_file = args['password-file']
if shellinabox_password_file: if password_file:
with open(shellinabox_password_file, 'r') as password_file: with open(password_file, 'r') as password_file:
password = password_file.read() password = password_file.read()
if (password != ''): if (password != ''):
...@@ -43,7 +44,7 @@ def login_shell(args): ...@@ -43,7 +44,7 @@ def login_shell(args):
else: else:
entered_password = '' entered_password = ''
if entered_password != password: if not hmac.compare_digest(entered_password, password):
return 1 return 1
else: else:
commandline = shlex.split(args['shell']) commandline = shlex.split(args['shell'])
...@@ -100,15 +101,12 @@ class Recipe(GenericBaseRecipe): ...@@ -100,15 +101,12 @@ class Recipe(GenericBaseRecipe):
self.options['login-shell'], self.options['login-shell'],
'%s.login_shell' % __name__, '%s.login_shell' % __name__,
{ {
'shellinabox-password-file': self.options['shellinabox-password-file'], 'password-file': self.options['password-file'],
'shell': self.options['shell'] 'shell': self.options['shell']
} }
) )
path_list.append(login_shell) path_list.append(login_shell)
with open(self.options['shellinabox-password-file'], 'w') as password_file:
password_file.write(self.options['password'])
wrapper = self.createPythonScript( wrapper = self.createPythonScript(
self.options['wrapper'], self.options['wrapper'],
'%s.shellinabox' % __name__, '%s.shellinabox' % __name__,
......
software/erp5testnode/instance-default.cfg
View file @ 08b68618
...@@ -94,8 +94,7 @@ port = 8080 ...@@ -94,8 +94,7 @@ port = 8080
shell = $${shell:wrapper} shell = $${shell:wrapper}
wrapper = $${rootdirectory:bin}/shellinaboxd wrapper = $${rootdirectory:bin}/shellinaboxd
shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd
shellinabox-password-file = $${rootdirectory:etc}/shellinabox-password password-file = $${pwgen:storage-path}
password = $${pwgen:passwd}
directory = $${buildout:directory}/ directory = $${buildout:directory}/
login-shell = $${rootdirectory:bin}/login login-shell = $${rootdirectory:bin}/login
certificate-directory = $${directory:shellinabox} certificate-directory = $${directory:shellinabox}
......
software/erp5testnode/software.cfg
View file @ 08b68618
...@@ -56,7 +56,7 @@ recipe = slapos.recipe.template ...@@ -56,7 +56,7 @@ recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-default.cfg url = ${:_profile_base_location_}/instance-default.cfg
output = ${buildout:directory}/template-default.cfg output = ${buildout:directory}/template-default.cfg
mode = 0644 mode = 0644
md5sum = 4cff4f92ab230ccf02283bf924e32089 md5sum = 05519f3887a309d3ec069e0aa9f52ebc
[versions] [versions]
PyXML = 0.8.5 PyXML = 0.8.5
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7