I'm making a web-site where users can log in using the kerberos service. Though, it's quite irrelevant for my problem.
Since I'm using kerberos I want to use a system call to invoke kinit
, but I don't know the best way to do it.
So far I got:
module Kerberos where
system :: String -> IO ExitCode
-- system is loaded through imports
type Username = String
type Password = String
kerberosValidate :: Username -> Password -> IO Bool
kerberosValidate username password = fmap (== ExitSuccess) $
system $ "echo " ++ password ++ " | kinit " ++ username
Something like that, which should work so-so. I have three problems with this though.
username
and password
strings. This is important since there being a website passing any received input to this function.password
should not be passed to kinit
process with echo password |
. Is there some function taking standard in as an argument?username
, username
should be passed as an argument. I think rawSystem
solves this though.Is there any system-function that helps me out here?
Use createProcess
and friends from System.Process
.
A note on security: I'd advise against passing any strings through uninterpreted. You could easily write a parser for your commands, build a Haskell AST out of the result of the parse that is guaranteed to be safe, then render that to the system command. That way you'd get a static guarantee against string injection attacks, enforced by the type of the parser.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With