Alex Dehnert [Mon, 24 Dec 2012 08:28:00 +0000 (03:28 -0500)]
Set a password of UNUSABLE_PASSWORD
* Changes ScriptsRemoteUserBackend's configure_user method to set the default
password to UNUSABLE_PASSWORD instead of ScriptsSSLAuth. UNUSABLE_PASSWORD
displays in the admin as "Password: None", instead of an ugly error message.
This should fix "Unknown password hashing algorithm" errors for users
correctly created in the future. (ASA-#132)
* Adds a migration to change current users with passwords of "" or
"ScriptsSSLAuth" to a password of UNUSABLE_PASSWORD ("!"). This will fix
ASA-#132 and the symptoms of ASA-#133 for already-existent users.
Alex Dehnert [Sun, 16 Sep 2012 01:53:40 +0000 (21:53 -0400)]
Wrappers for safely calling commands in a new PAG
The usual mechanism for starting a new PAG is pagsh(1). Unfortunately, because
it basically just execvp(3) /bin/sh passing the appropriate arguments, it isn't
immediately obvious how to safely pass arguments that may contain shell
metacharacters. By using the shell's exec and taking advantage of the fact that
later arguments to /bin/sh end up in $@ we can safely avoid shell
metacharacters. We wrap subprocess.check_{call,output} in
pag_check_{call,output}, which perform appropriate contortions to establish the
PAG before safely executing the passed commands without evaluating any
metacharacters.
Alex Dehnert [Sun, 18 Dec 2011 05:49:59 +0000 (00:49 -0500)]
Function to create an MIT user with LDAP data
This adds a function get_or_create_mit_user. As with the "get_or_create"
methods on managers, this returns an object satisfying some conditions,
creating it if necessary. In this case, we return a User object that's
populated using data from MIT's LDAP. If the user does not exist and
cannot be found in LDAP, we raise an exception.