0

I'm trying to do a basic password encryption script with two parameters but I can't make it work:

#!/usr/bin/bash
set -x
trap read debug
export ppwd=$2;
export usr=$1;

pwd=$(python -c 'import crypt, os,base64; print crypt.crypt("str(os.environ['ppwd'])", "$6$"+base64.b64encode(os.urandom(24))+"$")');

echo $ppwd;
echo $usr:$pwd|chpasswd -ec

I tried using regular bash scripting variables, print os.environ['ppwd'] instead of str(os.environ['ppwd']. The script it's supposed to change the password for AIX environment but it doesn't work. It works if I do it manually using the python command and chpasswd. My guess is that it doesn't pass the variable to the python command.. Debug:

./sc.sh testuser MyPass134

+ trap read debug
++ read
+ export ppwd=MyPass134
+ ppwd=MyPass134
++ read
+ export usr=testuser
+ usr=testuser
++ read
++ python -c 'import crypt, os,base64; print 
crypt.crypt("str(os.environ[ppwd]", "$6$"+base64.b64encode(os.urandom(24))+"$")'
+ pwd=bbdf5picgZM4.
++ read
+ echo
++ read
+ echo testuser:bbdf5picgZM4.
++ read
+ chpasswd -ec
Misha
  • 19
  • 6
  • 1
    Do you just have a typo? `ppw` vs `ppwd`? – busybear Jan 29 '19 at 00:03
  • 2
    You set the *ppw* variable but you call `os.environ['ppwd']`. Is that a typo? – CristiFati Jan 29 '19 at 00:03
  • 1
    When you type `python -c 'import crypt ... "str(os.environ['ppwd'])"` . It is exactly the same as if you had typed `python -c 'import crypt ... "str(os.environ[ppwd])"` because the first single quote before `ppwd` closes the quote started by the first single quote after `-c`, and the two strings are concatenated. – William Pursell Jan 29 '19 at 00:13
  • Sorry guys, that was a typo, issue is still unsolved :( – Misha Jan 29 '19 at 07:54
  • I made more tests, commented the python command in the script, ran the command separately , replaced $ppwd manually in the script with username as input and worked perfectly. So the issue, like I suspected, it doesn't substitute $ppwd correctly in the python command – Misha Jan 29 '19 at 08:41
  • As a hint, using the script above, the password is changed to <> – Misha Jan 29 '19 at 08:51

1 Answers1

1

"str(os.environ['ppwd'])" is just a string. If you want to pass in os.environ['ppwd'] then that's what you have to say.

python -c 'import crypt, os,base64; print 
crypt.crypt(os.environ["ppwd"], "$6$"+base64.b64encode(os.urandom(24))+"$")'

An environment variable is already a string by definition, so the str() is entirely superfluous.

Also, you cannot nest single-quoted strings. I trivially switched to double quotes to fix that.

Putting the variable in the environment with export is a rather roundabout way of passing a string to Python. The best way would probably be a temporary pipe but making this properly secure is a significant undertaking. Here's a simpler way to pass in a string:

python -c 'import crypt, os, base64, sys; 
    print(crypt.crypt(sys.argv[1], "$6$"+base64.b64encode(os.urandom(24))+"$"))' "password"

Finally, over in the shell script, you really should quote your variables.

echo "$ppwd"
echo "$usr:$pwd"|chpasswd -ec
tripleee
  • 175,061
  • 34
  • 275
  • 318
  • You are right, @tripleee , I added the answer but somehow it wasn't saved... this is the correct answer. I used sys.argv[1] – Misha Jan 29 '19 at 11:24