diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-03-22 09:26:20 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-03-22 09:26:20 -0700 |
commit | 82e3b9b2b5528a02a901e1b698bb8b35496eada1 (patch) | |
tree | cc2cc5f9ddab48333679c4058a2e8ab79556672b /src/connection/sudo.lisp | |
parent | 1eb52e08aa5608d3434bc6530abf43f4d2f632d3 (diff) | |
download | consfigurator-82e3b9b2b5528a02a901e1b698bb8b35496eada1.tar.gz |
add MAKE-PASSPHRASE and use it to protect more sudo passwords
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'src/connection/sudo.lisp')
-rw-r--r-- | src/connection/sudo.lisp | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/connection/sudo.lisp b/src/connection/sudo.lisp index 5e2dbf9..dc1bf58 100644 --- a/src/connection/sudo.lisp +++ b/src/connection/sudo.lisp @@ -68,8 +68,9 @@ ;; stdin. use CODE-CHAR in this way so that we can be sure ;; ASCII ^M is what will get emitted. :password (and password - (strcat (passphrase password) - (string (code-char 13)))))) + (make-passphrase + (strcat (passphrase password) + (string (code-char 13))))))) (defclass sudo-connection (shell-wrap-connection) ((user @@ -77,6 +78,9 @@ (password :initarg :password))) +(defmethod get-sudo-password ((connection sudo-connection)) + (passphrase (slot-value connection 'password))) + (defmethod connection-shell-wrap ((connection sudo-connection) cmd) ;; wrap in sh -c so that it is more likely we are either asked for a ;; password for all our commands or not asked for one for any @@ -85,15 +89,15 @@ (escape-sh-token (strcat "cd \"$HOME\"; " cmd)))) (defmethod connection-run ((c sudo-connection) cmd (input null)) - (call-next-method c cmd (slot-value c 'password))) + (call-next-method c cmd (get-sudo-password c))) (defmethod connection-run ((c sudo-connection) cmd (input string)) - (call-next-method c cmd (strcat (slot-value c 'password) input))) + (call-next-method c cmd (strcat (get-sudo-password c) input))) (defmethod connection-run ((connection sudo-connection) cmd (input stream)) (call-next-method connection cmd - (if-let ((password (slot-value connection 'password))) + (if-let ((password (get-sudo-password connection))) (make-concatenated-stream (if (subtypep (stream-element-type input) 'character) (make-string-input-stream password) |