[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Nov 8 13:25:02 MST 2012
The branch, master has been updated
via 50d47fc s3fs-client: Burn commandline password of client utils.
via c51abb3 s3fs-popt: Add function to burn the commandline password.
from d236709 Remove two unused variables
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 50d47fc0816c842717a5c0bfb3c0863d99eed78c
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 09:27:43 2012 +0100
s3fs-client: Burn commandline password of client utils.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 8 21:24:21 CET 2012 on sn-devel-104
commit c51abb35dfff86cb503d36a844184f7a95f29cdb
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 09:27:42 2012 +0100
s3fs-popt: Add function to burn the commandline password.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/client/client.c | 2 +
source3/include/popt_common.h | 1 +
source3/lib/popt_common.c | 47 +++++++++++++++++++++++++++++++++++++++++
source3/rpcclient/rpcclient.c | 1 +
source3/utils/net.c | 2 +
source3/utils/smbcacls.c | 2 +
source3/utils/smbcquotas.c | 2 +
source3/utils/smbtree.c | 1 +
8 files changed, 58 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/client/client.c b/source3/client/client.c
index ab0e77f..f8cc27d 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5408,6 +5408,7 @@ static int do_message_op(struct user_auth_info *a_info)
poptGetArg(pc));
}
+
switch (opt) {
case 'M':
/* Messages are sent to NetBIOS name type 0x3
@@ -5555,6 +5556,7 @@ static int do_message_op(struct user_auth_info *a_info)
}
poptFreeContext(pc);
+ popt_burn_cmdline_password(argc, argv);
DEBUG(3,("Client started (version %s).\n", samba_version_string()));
diff --git a/source3/include/popt_common.h b/source3/include/popt_common.h
index 2125ed6..5266f36 100644
--- a/source3/include/popt_common.h
+++ b/source3/include/popt_common.h
@@ -49,5 +49,6 @@ extern const struct poptOption popt_common_dynconfig[];
#define POPT_COMMON_OPTION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_option, 0, "Common samba commandline config:", NULL },
void popt_common_set_auth_info(struct user_auth_info *auth_info);
+void popt_burn_cmdline_password(int argc, char *argv[]);
#endif /* _POPT_COMMON_H */
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index 94e551d..c072839 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -605,6 +605,53 @@ void popt_common_set_auth_info(struct user_auth_info *auth_info)
global_auth_info = auth_info;
}
+/**
+ * @brief Burn the commandline password.
+ *
+ * This function removes the password from the command line so we
+ * don't leak the password e.g. in 'ps aux'.
+ *
+ * It should be called after processing the options and you should pass down
+ * argv from main().
+ *
+ * @param[in] argc The number of arguments.
+ *
+ * @param[in] argv[] The argument array we will find the array.
+ */
+void popt_burn_cmdline_password(int argc, char *argv[])
+{
+ bool found = false;
+ char *p = NULL;
+ int i, ulen = 0;
+
+ for (i = 0; i < argc; i++) {
+ p = argv[i];
+ if (strncmp(p, "-U", 2) == 0) {
+ ulen = 2;
+ found = true;
+ } else if (strncmp(p, "--user", 6) == 0) {
+ ulen = 6;
+ found = true;
+ }
+
+ if (found) {
+ if (p == NULL) {
+ return;
+ }
+
+ if (strlen(p) == ulen) {
+ continue;
+ }
+
+ p = strchr_m(p, '%');
+ if (p != NULL) {
+ memset(p, '\0', strlen(p));
+ }
+ found = false;
+ }
+ }
+}
+
struct poptOption popt_common_credentials[] = {
{ NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE,
(void *)popt_common_credentials_callback, 0,
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 0dad971..d204d7f 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -960,6 +960,7 @@ out_free:
}
poptFreeContext(pc);
+ popt_burn_cmdline_password(argc, argv);
if (!init_names()) {
result = 1;
diff --git a/source3/utils/net.c b/source3/utils/net.c
index 85fe2f6..465d2a0 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -945,6 +945,8 @@ static struct functable net_func[] = {
c->opt_password = getenv("PASSWD");
}
+ popt_burn_cmdline_password(argc, argv);
+
/* Failing to init the msg_ctx isn't a fatal error. Only
root-level things (joining/leaving domains etc.) will be denied. */
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 7df4e48..d22e2f3 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -1371,6 +1371,7 @@ static struct cli_state *connect_one(struct user_auth_info *auth_info,
popt_common_set_auth_info(auth_info);
pc = poptGetContext("smbcacls", argc, argv, long_options, 0);
+ popt_burn_cmdline_password(argc, argv);
poptSetOtherOptionHelp(pc, "//server1/share1 filename\nACLs look like: "
"'ACL:user:[ALLOWED|DENIED]/flags/permissions'");
@@ -1436,6 +1437,7 @@ static struct cli_state *connect_one(struct user_auth_info *auth_info,
}
poptFreeContext(pc);
+ popt_burn_cmdline_password(argc, argv);
string_replace(path,'/','\\');
diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c
index b962103..d248bbe 100644
--- a/source3/utils/smbcquotas.c
+++ b/source3/utils/smbcquotas.c
@@ -608,6 +608,7 @@ FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" },
popt_common_set_auth_info(smbcquotas_auth_info);
pc = poptGetContext("smbcquotas", argc, argv, long_options, 0);
+ popt_burn_cmdline_password(argc, argv);
poptSetOtherOptionHelp(pc, "//server1/share1");
@@ -689,6 +690,7 @@ FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" },
}
poptFreeContext(pc);
+ popt_burn_cmdline_password(argc, argv);
string_replace(path, '/', '\\');
diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c
index e2f109e..40b1f09 100644
--- a/source3/utils/smbtree.c
+++ b/source3/utils/smbtree.c
@@ -317,6 +317,7 @@ static bool print_tree(struct user_auth_info *user_info)
POPT_CONTEXT_KEEP_FIRST);
while(poptGetNextOpt(pc) != -1);
poptFreeContext(pc);
+ popt_burn_cmdline_password(argc, argv);
lp_load_global(get_dyn_CONFIGFILE());
load_interfaces();
--
Samba Shared Repository
More information about the samba-cvs
mailing list