[elbe-devel] [PATCH v1 12/15] xmlpreprocess: detect plain-text password removal conflicts
Holger Dengler
holger at hdengler.de
Wed Jun 8 22:39:55 CEST 2022
The login action requires the plain-text password in XML. Raise an early
error, if such an action is defined in the XML and the removal of the
plain-text root password will cause a later conflict during the
processing of the action.
Signed-off-by: Holger Dengler <holger at hdengler.de>
---
elbepack/xmlpreprocess.py | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/elbepack/xmlpreprocess.py b/elbepack/xmlpreprocess.py
index 9d6cd1ac6..82b86dff1 100644
--- a/elbepack/xmlpreprocess.py
+++ b/elbepack/xmlpreprocess.py
@@ -292,6 +292,13 @@ def preprocess_root_password(xml):
parent.remove(passwd)
print('[INFO] remove plain-text password for root.')
+ # Fail early. Raise error in cases, where a plain-text password for
+ # root is required.
+ if xml.find('.//action/login') is not None:
+ raise XMLPreprocessError('Plain-text password for root is '
+ 'required for login action, but '
+ '\'keep_plain\' is not set or false.')
+
def preprocess_adduser_passwords(xml):
"""Preprocess the plain-text passwords for addusers. A given plain-text
--
2.36.1
More information about the elbe-devel
mailing list