[Ovirt-devel] [PATCH node] Password configuration script for the root password and sasl users
Jim Meyering
jim at meyering.net
Thu Nov 13 15:17:37 UTC 2008
Bryan Kearney <bkearney at redhat.com> wrote:
> diff --git a/scripts/ovirt-config-password b/scripts/ovirt-config-password
> index 8b13789..af99915 100755
> --- a/scripts/ovirt-config-password
> +++ b/scripts/ovirt-config-password
> @@ -1 +1,93 @@
> +#!/bin/bash
> +#
> +# Set the root password and others
> +
> +ROOT_PASSWORD=""
> +
> +function sasl_password {
> + printf "adding user $1 to the sasl list for libvirt\n"
> + echo $2 | saslpasswd2 -a libvirt -p $1
You need quotes here.
Otherwise, a password with e.g., "foo bar" would be
shortened (tokenized) to "foo bar". Also, you can't use
echo, because that would honor (i.e., ignore) a leading -n, -e, or -E
option in the password string.
printf '%s\n' "$2" | saslpasswd2 -a libvirt -p "$1"
Even with a tiny function like this, it's more readable and slightly
more maintainable (less risk of confusing $1 and $2) to give names
to the parameters, e.g.,
function sasl_password {
user=$1
passwd=$2
printf "adding user $user to the sasl list for libvirt\n"
printf '%s\n' "$passwd" | saslpasswd2 -a libvirt -p "$user"
}
> +}
> +
> +function set_root_password {
> + while true; do
> + printf "\nPlease enter the new root password (hit return to skip) "
> + read -s
> + if [[ $REPLY == "" ]]; then
> + return 1
> + fi
> + ROOT_PASSWORD=$REPLY
> + printf "\nPlease enter again to confirm "
> + read -s
> + ROOT_PASSWORD_CONFIRM=$REPLY
> + if [[ $ROOT_PASSWORD == $ROOT_PASSWORD_CONFIRM ]]; then
> + echo $ROOT_PASSWORD | passwd --stdin root
> + sasl_password root $ROOT_PASSWORD
Both of the above require quotes, too:
printf '%s\n' "$ROOT_PASSWORD" | passwd --stdin root
sasl_password root "$ROOT_PASSWORD"
> + break
> + else
> + printf "\nPaswords did not match. Please try again"
Don't you want a "\n" at the end, here?
Probably instead of the one at the beginning.
> + fi
> + done
> + return 0
> +}
These two functions are similar enough that they should use the
same code.
> +# Prompts the user for a single username, password combo
> +function prompt_sasl_user {
> + while true; do
> + printf "\nPlease enter a new user (hit return to skip) "
> + read
> + if [[ $REPLY == "" ]]; then
> + break
> + fi
> + SASL_USER=$REPLY
> + printf "\nPlease enter the password for $SASL_USER (hit return to skip) "
> + read -s
> + if [[ $REPLY == "" ]]; then
> + return 1
> + fi
> + SASL_PASSWORD=$REPLY
> + printf "\nPlease enter again to confirm "
> + read -s
> + SASL_PASSWORD_CONFIRM=$REPLY
> + if [[ $SASL_PASSWORD == $SASL_PASSWORD_CONFIRM ]]; then
> + sasl_password $SASL_USER $SASL_PASSWORD
> + break
> + else
> + printf "\nPaswords did not match. Please try again"
> + fi
> + done
> +
> +}
How about this (untested):
# Usage: set_SASL_password USER
# Prompt(twice) for a password for the specified USER.
# If they match, set that user's system password,
# and add USER to the SASL list for libvirt.
set_SASL_password()
{
user=$1
while : ; do
printf "\nPlease enter the new $user password (hit return to skip) "
read -s
test -z "$REPLY" && return 1
local passwd=$REPLY
printf "\nPlease enter again to confirm "
read -s
local confirm=$REPLY
if test "$passwd" = "$confirm"; then
printf '%s\n' "$passwd" | passwd --stdin "$user"
sasl_password "$user" "$passwd"
return 0
fi
printf "Paswords did not match. Please try again\n"
done
}
Then you'd use
set_SASL_passwd root
Prompt for SASL_USER separately, then
set_SASL_passwd $SASL_USER
> +#Check for the root user first
> +while true ; do
> + printf "\nWould you like to set the root password (Y|N) "
> + read
> + case $REPLY in
> + Y|y)
> + set_root_password
> + if [[ $? == 0 ]] ; then
> + break ;
> + fi
The more maintainable/readable idiom for the above 4 lines is like this:
set_root_password && break
> + ;;
> + N|n)
> + break ;
> + ;;
This makes the code treat any non-Y/y response like "N".
If you want to treat a response like "yes" differently,
you can add a catch-all case:
*)
printf "invalid response: %s\n" "$REPLY"
;;
> + esac
> +done
> +
> +#Check for any sasl users
> +while true ; do
> + printf "\nWould you like to add a new sasl user for libvirt (Y|N) "
> + read
> + case $REPLY in
> + Y|y)
> + prompt_sasl_user
> + ;;
> + N|n)
> + break ;
> + ;;
> + esac
> +done
> +
More information about the ovirt-devel
mailing list