password anti-disclosure for python script

2015-07-10 14:25:02 +03:00
parent e39023e6fd
commit 36241cc688
2 changed files with 11 additions and 5 deletions
--- a/action.sh
+++ b/action.sh
@@ -29,9 +29,10 @@
 if [ ! -e config.cfg ]; then echo "Missing config.cfg file. Edit and rename config.cfg.sample"; exit 1; fi
 source config.cfg

-ACTION="$1"   # adduser, changepw, listusers, userdetail, deluser, sizeall, sizeuser, viewdata
-USER="$2"
-PASS=$(cat "$3")  # $3 is a file containing the password
+ACTION=$1     # adduser, changepw, listusers, userdetail, deluser, sizeall, sizeuser, viewdata
+USER=$2
+PASSFILE=$3   # $3 is a file containing the password
+PASS=$(cat "$3")

 ## FUNCTIONS
 function checkaction {
@@ -199,7 +200,7 @@ if [ "$ACTION" == "changepw" ]; then
    exit 1
  fi
  
-  python changepw.py "$USER" "$PASS"
+  python changepw.py "$USER" "$PASSFILE"
  
  if [ $? == 0 ]; then
    # Send infomail
--- a/changepw.py
+++ b/changepw.py
@@ -5,7 +5,12 @@ import pexpect

 # Read variables of first and second given argument
 user = str(sys.argv[1])
-password = str(sys.argv[2])
+passwordfile = str(sys.argv[2])
+
+# Read content of passwordfile and put as variable "password"
+with open (passwordfile, "r") as myfile:
+    password=myfile.read().replace('\n', '')
+

 # Define function
 def _vchangepw(user, password):