From 36241cc688152a9b30ebc4b89eb99847f85165f5 Mon Sep 17 00:00:00 2001
From: mxmehl <mail@mehl.mx>
Date: Fri, 10 Jul 2015 14:25:02 +0300
Subject: [PATCH] password anti-disclosure for python script

---
 action.sh   | 9 +++++----
 changepw.py | 7 ++++++-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/action.sh b/action.sh
index 4cef8b4..f060e47 100755
--- a/action.sh
+++ b/action.sh
@@ -29,9 +29,10 @@
 if [ ! -e config.cfg ]; then echo "Missing config.cfg file. Edit and rename config.cfg.sample"; exit 1; fi
 source config.cfg
 
-ACTION="$1"   # adduser, changepw, listusers, userdetail, deluser, sizeall, sizeuser, viewdata
-USER="$2"
-PASS=$(cat "$3")  # $3 is a file containing the password
+ACTION=$1     # adduser, changepw, listusers, userdetail, deluser, sizeall, sizeuser, viewdata
+USER=$2
+PASSFILE=$3   # $3 is a file containing the password
+PASS=$(cat "$3")
 
 ## FUNCTIONS
 function checkaction {
@@ -199,7 +200,7 @@ if [ "$ACTION" == "changepw" ]; then
     exit 1
   fi
   
-  python changepw.py "$USER" "$PASS"
+  python changepw.py "$USER" "$PASSFILE"
   
   if [ $? == 0 ]; then
     # Send infomail
diff --git a/changepw.py b/changepw.py
index a06fb19..e2197ce 100755
--- a/changepw.py
+++ b/changepw.py
@@ -5,7 +5,12 @@ import pexpect
 
 # Read variables of first and second given argument
 user = str(sys.argv[1])
-password = str(sys.argv[2])
+passwordfile = str(sys.argv[2])
+
+# Read content of passwordfile and put as variable "password"
+with open (passwordfile, "r") as myfile:
+    password=myfile.read().replace('\n', '')
+
 
 # Define function
 def _vchangepw(user, password):