* [PATCH phosphor-networkd] Validating user & group names prior to system call and wait() on proc…
@ 2016-02-11 21:00 OpenBMC Patches
2016-02-11 21:00 ` [PATCH phosphor-networkd] Validating user & group names prior to system call and wait() on proc spawned with pexpect OpenBMC Patches
0 siblings, 1 reply; 5+ messages in thread
From: OpenBMC Patches @ 2016-02-11 21:00 UTC (permalink / raw)
To: openbmc
… spawned with pexpect.
https://github.com/openbmc/phosphor-networkd/pull/10
Hariharasubramanian R (1):
Validating user & group names prior to system call and wait() on proc
spawned with pexpect.
userman.py | 106 ++++++++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 76 insertions(+), 30 deletions(-)
--
2.7.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH phosphor-networkd] Validating user & group names prior to system call and wait() on proc spawned with pexpect.
2016-02-11 21:00 [PATCH phosphor-networkd] Validating user & group names prior to system call and wait() on proc… OpenBMC Patches
@ 2016-02-11 21:00 ` OpenBMC Patches
2016-02-11 22:18 ` Stewart Smith
0 siblings, 1 reply; 5+ messages in thread
From: OpenBMC Patches @ 2016-02-11 21:00 UTC (permalink / raw)
To: openbmc
From: Hariharasubramanian R <hramasub@in.ibm.com>
---
userman.py | 106 ++++++++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 76 insertions(+), 30 deletions(-)
diff --git a/userman.py b/userman.py
index 6109582..033d3d1 100755
--- a/userman.py
+++ b/userman.py
@@ -25,7 +25,8 @@ OBJ_NAME_USER = '/org/openbmc/UserManager/User'
Object Path > /org/openbmc/UserManager/Groups
Interface:Method > org.openbmc.Enrol.GroupAddSys string:"groupname"
Interface:Method > org.openbmc.Enrol.GroupAddUsr string:"groupname"
- Interface:Method > org.openbmc.Enrol.GroupList
+ Interface:Method > org.openbmc.Enrol.GroupListUsr
+ Interface:Method > org.openbmc.Enrol.GroupListSys
Object Path > /org/openbmc/UserManager/Group
Interface:Method > org.openbmc.Enrol.GroupDel string:"groupname"
Object Path > /org/openbmc/UserManager/Users
@@ -60,16 +61,26 @@ class UserManGroups (dbus.service.Object):
@dbus.service.method(INTF_NAME, "s", "x")
def GroupAddUsr (self, groupname):
+ if not groupname : return 1
+
+ groups = self.GroupListAll ()
+ if groupname in groups: return 1
+
r = call (["addgroup", groupname])
return r
@dbus.service.method(INTF_NAME, "s", "x")
def GroupAddSys (self, groupname):
+ if not groupname : return 1
+
+ groups = self.GroupListAll ()
+ if groupname in groups: return 1
+
r = call (["addgroup", "-S", groupname])
return 0
@dbus.service.method(INTF_NAME, "", "as")
- def GroupList (self):
+ def GroupListUsr (self):
groupList = []
with open("/etc/group", "r") as f:
for grent in f:
@@ -78,6 +89,23 @@ class UserManGroups (dbus.service.Object):
groupList.append(groupParams[0])
return groupList
+ @dbus.service.method(INTF_NAME, "", "as")
+ def GroupListSys (self):
+ groupList = []
+ with open("/etc/group", "r") as f:
+ for grent in f:
+ groupParams = grent.split (":")
+ if (int(groupParams[2]) > 100 and int(groupParams[2]) < 1000): groupList.append(groupParams[0])
+ return groupList
+
+ def GroupListAll (self):
+ groupList = []
+ with open("/etc/group", "r") as f:
+ for grent in f:
+ groupParams = grent.split (":")
+ groupList.append(groupParams[0])
+ return groupList
+
class UserManGroup (dbus.service.Object):
def __init__(self, bus, name):
self.bus = bus
@@ -93,6 +121,11 @@ class UserManGroup (dbus.service.Object):
@dbus.service.method(INTF_NAME, "", "x")
def GroupDel (self, groupname):
+ if not groupname : return 1
+
+ groups = Groupsobj.GroupListAll ()
+ if groupname not in groups: return 1
+
r = call (["delgroup", groupname])
return r
@@ -111,39 +144,31 @@ class UserManUsers (dbus.service.Object):
@dbus.service.method(INTF_NAME, "ssss", "x")
def UserAdd (self, gecos, username, groupname, passwd):
+ if not username: return 1
+
+ users = self.UserList ()
+ if username in users : return 1
+
if groupname:
- cmd = "adduser " + " -g " + gecos + " -G ", groupname + " " + username
+ groups = Groupsobj.GroupListAll ()
+ if groupname not in groups: return 1
+
+ opts = ""
+ if gecos: opts = " -g " + '"' + gecos + '"'
+
+ if groupname:
+ cmd = "adduser " + opts + " " + " -G " + groupname + " " + username
else:
- cmd = "adduser " + " -g " + gecos + username
+ cmd = "adduser " + opts + " " + username
proc = pexpect.spawn (cmd)
- proc.expect ("[New password: ]")
+ proc.expect (['New password: ', 'Retype password: '])
proc.sendline (passwd)
- proc.expect ("[Retype password: ]")
+ proc.expect (['New password: ', 'Retype password: '])
proc.sendline (passwd)
- return 0
-
-# if groupname:
-# proc = subprocess.Popen(['adduser', "-g", gecos, "-G", groupname, username], shell=False, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, bufsize=1)
-# else:
-# proc = subprocess.Popen(['adduser', "-g", gecos, username], shell=False, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, bufsize=1)
-#
-# with proc.stdout:
-# for prompt in iter(proc.stdout.readline, b''):
-# proc.stdin.write(passwd)
-#
-# return 0
-
-# proc = subprocess.Popen(['passwd', username], shell=False, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-# out,err = proc.communicate(passwd)
-# out,err = proc.communicate(passwd)
-# proc.stdin.write(passwd)
-# proc.stdin.write(passwd)
-# if (not err): return 0
-# print out
-# print err
-# return 0
+ proc.wait()
+ return 0
@dbus.service.method(INTF_NAME, "", "as")
def UserList (self):
@@ -170,20 +195,41 @@ class UserManUser (dbus.service.Object):
@dbus.service.method(INTF_NAME, "s", "x")
def UserDel (self, username):
+ if not username : return 1
+
+ users = Usersobj.UserList ()
+ if username not in users : return 1
+
r = call (["deluser", username])
return r
@dbus.service.method(INTF_NAME, "ss", "x")
def Passwd (self, username, passwd):
- r = call (["echo", "-e", passwd, "passwd", username])
- return r
+ if not username : return 1
+
+ users = self.UserList ()
+ if username not in users : return 1
+ cmd = "passwd" + " " + username
+ proc = pexpect.spawn (cmd)
+ proc.expect (['New password: ', 'Retype password: '])
+ proc.sendline (passwd)
+ proc.expect (['New password: ', 'Retype password: '])
+ proc.sendline (passwd)
+
+ proc.wait()
+ return r
def main():
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
bus = dbus.SystemBus()
name = dbus.service.BusName(DBUS_NAME, bus)
+ global Groupsobj
+ global Groupobj
+ global Usersobj
+ global Userobj
+
Groupsobj = UserManGroups (bus, OBJ_NAME_GROUPS)
Groupobj = UserManGroup (bus, OBJ_NAME_GROUP)
Usersobj = UserManUsers (bus, OBJ_NAME_USERS)
--
2.7.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH phosphor-networkd] Validating user & group names prior to system call and wait() on proc spawned with pexpect.
2016-02-11 21:00 ` [PATCH phosphor-networkd] Validating user & group names prior to system call and wait() on proc spawned with pexpect OpenBMC Patches
@ 2016-02-11 22:18 ` Stewart Smith
2016-02-11 22:39 ` Brad Bishop
0 siblings, 1 reply; 5+ messages in thread
From: Stewart Smith @ 2016-02-11 22:18 UTC (permalink / raw)
To: OpenBMC Patches, openbmc
OpenBMC Patches <openbmc-patches@stwcx.xyz> writes:
> From: Hariharasubramanian R <hramasub@in.ibm.com>
>
> ---
> userman.py | 106 ++++++++++++++++++++++++++++++++++++++++++++-----------------
> 1 file changed, 76 insertions(+), 30 deletions(-)
>
> diff --git a/userman.py b/userman.py
> index 6109582..033d3d1 100755
> --- a/userman.py
> +++ b/userman.py
> @@ -25,7 +25,8 @@ OBJ_NAME_USER = '/org/openbmc/UserManager/User'
> Object Path > /org/openbmc/UserManager/Groups
> Interface:Method > org.openbmc.Enrol.GroupAddSys string:"groupname"
> Interface:Method > org.openbmc.Enrol.GroupAddUsr string:"groupname"
> - Interface:Method > org.openbmc.Enrol.GroupList
> + Interface:Method > org.openbmc.Enrol.GroupListUsr
> + Interface:Method > org.openbmc.Enrol.GroupListSys
> Object Path > /org/openbmc/UserManager/Group
> Interface:Method > org.openbmc.Enrol.GroupDel string:"groupname"
> Object Path > /org/openbmc/UserManager/Users
> @@ -60,16 +61,26 @@ class UserManGroups (dbus.service.Object):
>
> @dbus.service.method(INTF_NAME, "s", "x")
> def GroupAddUsr (self, groupname):
> + if not groupname : return 1
> +
> + groups = self.GroupListAll ()
> + if groupname in groups: return 1
> +
> r = call (["addgroup", groupname])
> return r
>
> @dbus.service.method(INTF_NAME, "s", "x")
> def GroupAddSys (self, groupname):
> + if not groupname : return 1
> +
> + groups = self.GroupListAll ()
> + if groupname in groups: return 1
> +
> r = call (["addgroup", "-S", groupname])
> return 0
>
> @dbus.service.method(INTF_NAME, "", "as")
> - def GroupList (self):
> + def GroupListUsr (self):
> groupList = []
> with open("/etc/group", "r") as f:
> for grent in f:
> @@ -78,6 +89,23 @@ class UserManGroups (dbus.service.Object):
> groupList.append(groupParams[0])
> return groupList
>
> + @dbus.service.method(INTF_NAME, "", "as")
> + def GroupListSys (self):
> + groupList = []
> + with open("/etc/group", "r") as f:
> + for grent in f:
> + groupParams = grent.split (":")
> + if (int(groupParams[2]) > 100 and int(groupParams[2]) < 1000): groupList.append(groupParams[0])
> + return groupList
Why aren't you using an existing python module such as grp rather than
writing your own (likely buggy) parser?
It seems to have existed since at least python 2.6...
https://docs.python.org/2.6/library/grp.html
> @@ -111,39 +144,31 @@ class UserManUsers (dbus.service.Object):
>
> @dbus.service.method(INTF_NAME, "ssss", "x")
> def UserAdd (self, gecos, username, groupname, passwd):
> + if not username: return 1
> +
> + users = self.UserList ()
> + if username in users : return 1
> +
> if groupname:
> - cmd = "adduser " + " -g " + gecos + " -G ", groupname + " " + username
> + groups = Groupsobj.GroupListAll ()
> + if groupname not in groups: return 1
> +
> + opts = ""
> + if gecos: opts = " -g " + '"' + gecos + '"'
> +
> + if groupname:
> + cmd = "adduser " + opts + " " + " -G " + groupname + " " + username
> else:
> - cmd = "adduser " + " -g " + gecos + username
> + cmd = "adduser " + opts + " " + username
I note there's a python-libuser package on ubuntu, is that a library
that could be used instead?
--
Stewart Smith
OPAL Architect, IBM.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH phosphor-networkd] Validating user & group names prior to system call and wait() on proc spawned with pexpect.
2016-02-11 22:18 ` Stewart Smith
@ 2016-02-11 22:39 ` Brad Bishop
2016-02-11 23:11 ` Stewart Smith
0 siblings, 1 reply; 5+ messages in thread
From: Brad Bishop @ 2016-02-11 22:39 UTC (permalink / raw)
To: Stewart Smith; +Cc: OpenBMC Patches, openbmc
[-- Attachment #1: Type: text/plain, Size: 4362 bytes --]
Sorry about the dup Stewart…
grp just parses the file and returns a dictionary. It doesn’t do anything mutable.
The only thing I could find was libuser….
-brad
> On Feb 11, 2016, at 5:18 PM, Stewart Smith <stewart@linux.vnet.ibm.com> wrote:
>
> OpenBMC Patches <openbmc-patches@stwcx.xyz <mailto:openbmc-patches@stwcx.xyz>> writes:
>> From: Hariharasubramanian R <hramasub@in.ibm.com>
>>
>> ---
>> userman.py | 106 ++++++++++++++++++++++++++++++++++++++++++++-----------------
>> 1 file changed, 76 insertions(+), 30 deletions(-)
>>
>> diff --git a/userman.py b/userman.py
>> index 6109582..033d3d1 100755
>> --- a/userman.py
>> +++ b/userman.py
>> @@ -25,7 +25,8 @@ OBJ_NAME_USER = '/org/openbmc/UserManager/User'
>> Object Path > /org/openbmc/UserManager/Groups
>> Interface:Method > org.openbmc.Enrol.GroupAddSys string:"groupname"
>> Interface:Method > org.openbmc.Enrol.GroupAddUsr string:"groupname"
>> - Interface:Method > org.openbmc.Enrol.GroupList
>> + Interface:Method > org.openbmc.Enrol.GroupListUsr
>> + Interface:Method > org.openbmc.Enrol.GroupListSys
>> Object Path > /org/openbmc/UserManager/Group
>> Interface:Method > org.openbmc.Enrol.GroupDel string:"groupname"
>> Object Path > /org/openbmc/UserManager/Users
>> @@ -60,16 +61,26 @@ class UserManGroups (dbus.service.Object):
>>
>> @dbus.service.method(INTF_NAME, "s", "x")
>> def GroupAddUsr (self, groupname):
>> + if not groupname : return 1
>> +
>> + groups = self.GroupListAll ()
>> + if groupname in groups: return 1
>> +
>> r = call (["addgroup", groupname])
>> return r
>>
>> @dbus.service.method(INTF_NAME, "s", "x")
>> def GroupAddSys (self, groupname):
>> + if not groupname : return 1
>> +
>> + groups = self.GroupListAll ()
>> + if groupname in groups: return 1
>> +
>> r = call (["addgroup", "-S", groupname])
>> return 0
>>
>> @dbus.service.method(INTF_NAME, "", "as")
>> - def GroupList (self):
>> + def GroupListUsr (self):
>> groupList = []
>> with open("/etc/group", "r") as f:
>> for grent in f:
>> @@ -78,6 +89,23 @@ class UserManGroups (dbus.service.Object):
>> groupList.append(groupParams[0])
>> return groupList
>>
>> + @dbus.service.method(INTF_NAME, "", "as")
>> + def GroupListSys (self):
>> + groupList = []
>> + with open("/etc/group", "r") as f:
>> + for grent in f:
>> + groupParams = grent.split (":")
>> + if (int(groupParams[2]) > 100 and int(groupParams[2]) < 1000): groupList.append(groupParams[0])
>> + return groupList
>
> Why aren't you using an existing python module such as grp rather than
> writing your own (likely buggy) parser?
>
> It seems to have existed since at least python 2.6...
> https://docs.python.org/2.6/library/grp.html <https://docs.python.org/2.6/library/grp.html>
>
>> @@ -111,39 +144,31 @@ class UserManUsers (dbus.service.Object):
>>
>> @dbus.service.method(INTF_NAME, "ssss", "x")
>> def UserAdd (self, gecos, username, groupname, passwd):
>> + if not username: return 1
>> +
>> + users = self.UserList ()
>> + if username in users : return 1
>> +
>> if groupname:
>> - cmd = "adduser " + " -g " + gecos + " -G ", groupname + " " + username
>> + groups = Groupsobj.GroupListAll ()
>> + if groupname not in groups: return 1
>> +
>> + opts = ""
>> + if gecos: opts = " -g " + '"' + gecos + '"'
>> +
>> + if groupname:
>> + cmd = "adduser " + opts + " " + " -G " + groupname + " " + username
>> else:
>> - cmd = "adduser " + " -g " + gecos + username
>> + cmd = "adduser " + opts + " " + username
>
> I note there's a python-libuser package on ubuntu, is that a library
> that could be used instead?
>
> --
> Stewart Smith
> OPAL Architect, IBM.
>
> _______________________________________________
> openbmc mailing list
> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
> https://lists.ozlabs.org/listinfo/openbmc <https://lists.ozlabs.org/listinfo/openbmc>
[-- Attachment #2: Type: text/html, Size: 19921 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH phosphor-networkd] Validating user & group names prior to system call and wait() on proc spawned with pexpect.
2016-02-11 22:39 ` Brad Bishop
@ 2016-02-11 23:11 ` Stewart Smith
0 siblings, 0 replies; 5+ messages in thread
From: Stewart Smith @ 2016-02-11 23:11 UTC (permalink / raw)
To: Brad Bishop; +Cc: OpenBMC Patches, openbmc
Brad Bishop <bradleyb@fuzziesquirrel.com> writes:
> Sorry about the dup Stewart…
(np)
> grp just parses the file and returns a dictionary. It doesn’t do anything mutable.
>
> The only thing I could find was libuser….
Ahh... okay, I wasn't looking toooo closely.
Possibly worth bringing in libuser? Maybe in the near future at least
rather than immediately.
--
Stewart Smith
OPAL Architect, IBM.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-02-11 23:12 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-11 21:00 [PATCH phosphor-networkd] Validating user & group names prior to system call and wait() on proc… OpenBMC Patches
2016-02-11 21:00 ` [PATCH phosphor-networkd] Validating user & group names prior to system call and wait() on proc spawned with pexpect OpenBMC Patches
2016-02-11 22:18 ` Stewart Smith
2016-02-11 22:39 ` Brad Bishop
2016-02-11 23:11 ` Stewart Smith
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.