[PATCH 1/2] s3fs-popt: Add function to burn the commandline password.
Andreas Schneider
asn at samba.org
Mon Nov 5 10:52:14 MST 2012
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/include/popt_common.h | 1 +
source3/lib/popt_common.c | 47 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 48 insertions(+)
diff --git a/source3/include/popt_common.h b/source3/include/popt_common.h
index 2125ed6..5266f36 100644
--- a/source3/include/popt_common.h
+++ b/source3/include/popt_common.h
@@ -49,5 +49,6 @@ extern const struct poptOption popt_common_dynconfig[];
#define POPT_COMMON_OPTION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_option, 0, "Common samba commandline config:", NULL },
void popt_common_set_auth_info(struct user_auth_info *auth_info);
+void popt_burn_cmdline_password(int argc, char *argv[]);
#endif /* _POPT_COMMON_H */
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index 94e551d..a7bc998 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -605,6 +605,53 @@ void popt_common_set_auth_info(struct user_auth_info *auth_info)
global_auth_info = auth_info;
}
+/**
+ * @brief Burn the commandline password.
+ *
+ * This function removes the password from the command line so we
+ * don't leak the password e.g. in 'ps aux'.
+ *
+ * It should be called after processing the options and you should pass down
+ * argv from main().
+ *
+ * @param[in] argc The number of arguments.
+ *
+ * @param[in] argv[] The argument array we will find the array.
+ */
+void popt_burn_cmdline_password(int argc, char *argv[])
+{
+ bool found = false;
+ char *p = NULL;
+ int i, ulen = 0;
+
+ for (i = 0; i < argc; i++) {
+ p = argv[i];
+ if (strncmp(p, "-U", 2) == 0) {
+ ulen = 2;
+ found = true;
+ } else if (strncmp(p, "--user", 6) == 0) {
+ ulen = 6;
+ found = true;
+ }
+
+ if (found) {
+ if (strlen(p) == ulen) {
+ continue;
+ }
+ break;
+ }
+ }
+
+ if (p == NULL) {
+ return;
+ }
+
+ p = strchr_m(p, '%');
+ if (p != NULL) {
+ memset(p, '\0', strlen(p));
+ }
+}
+
struct poptOption popt_common_credentials[] = {
{ NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE,
(void *)popt_common_credentials_callback, 0,
--
1.8.0
More information about the samba-technical
mailing list