[lxc-devel] [lxd/master] Prevent empty passwords during init if password authentication is enabled

Sat, 03 Oct 2020 09:33:24 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7975

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
fixes #7944 

Signed-off-by: Jose R. Gonzalez <josegonzale...@gmail.com>

**Summary**
When initializing using `lxd init`, don't allow for a user to initialize a cluster with an empty password if password authentication is enabled.

**Change Description**
- Updated `AskPassword()` to ensure that checking for empty input from the user will result in a call to `invalidInput()`
- Updated `AskPasswordOnce()` to do the same check, which required putting it into a `for` loop (previously it did not have any validation). I also converted it to a string one line earlier so that the length check matches what was done in `AskPassword()`.

Thanks for participating in Hacktoberfest!

From 98193b9ee0b79a2e3dc2312384964993eb5d7245 Mon Sep 17 00:00:00 2001
From: "Jose R. Gonzalez" <josegonzale...@gmail.com>
Date: Sat, 3 Oct 2020 07:36:22 -0500
Subject: [PATCH] refuse empty passwords

Signed-off-by: Jose R. Gonzalez <josegonzale...@gmail.com>
---
 shared/cmd/ask.go | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/shared/cmd/ask.go b/shared/cmd/ask.go
index a8eace979e..eb5edd078b 100644
--- a/shared/cmd/ask.go
+++ b/shared/cmd/ask.go
@@ -110,7 +110,8 @@ func AskPassword(question string) string {
                inSecond := string(pwd)
                inSecond = strings.TrimSuffix(inSecond, "\n")
 
-               if inFirst == inSecond {
+               // refuse empty password or if password inputs do not match
+               if len(inFirst) > 0 && inFirst == inSecond {
                        return inFirst
                }
 
@@ -122,11 +123,19 @@ func AskPassword(question string) string {
 //
 // It's the same as AskPassword, but it won't ask to enter it again.
 func AskPasswordOnce(question string) string {
-       fmt.Printf(question)
-       pwd, _ := terminal.ReadPassword(0)
-       fmt.Println("")
+       for {
+               fmt.Printf(question)
+               pwd, _ := terminal.ReadPassword(0)
+               fmt.Println("")
 
-       return string(pwd)
+               // refuse empty password
+               spwd := string(pwd)
+               if len(spwd) > 0 {
+                       return spwd
+               }
+
+               invalidInput()
+       }
 }
 
 // Ask a question on the output stream and read the answer from the input 
stream

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to