The branch, master has been updated via 50d47fc s3fs-client: Burn commandline password of client utils. via c51abb3 s3fs-popt: Add function to burn the commandline password. from d236709 Remove two unused variables
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 50d47fc0816c842717a5c0bfb3c0863d99eed78c Author: Andreas Schneider <a...@samba.org> Date: Tue Nov 6 09:27:43 2012 +0100 s3fs-client: Burn commandline password of client utils. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Thu Nov 8 21:24:21 CET 2012 on sn-devel-104 commit c51abb35dfff86cb503d36a844184f7a95f29cdb Author: Andreas Schneider <a...@samba.org> Date: Tue Nov 6 09:27:42 2012 +0100 s3fs-popt: Add function to burn the commandline password. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/client/client.c | 2 + source3/include/popt_common.h | 1 + source3/lib/popt_common.c | 47 +++++++++++++++++++++++++++++++++++++++++ source3/rpcclient/rpcclient.c | 1 + source3/utils/net.c | 2 + source3/utils/smbcacls.c | 2 + source3/utils/smbcquotas.c | 2 + source3/utils/smbtree.c | 1 + 8 files changed, 58 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/client.c b/source3/client/client.c index ab0e77f..f8cc27d 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -5408,6 +5408,7 @@ static int do_message_op(struct user_auth_info *a_info) poptGetArg(pc)); } + switch (opt) { case 'M': /* Messages are sent to NetBIOS name type 0x3 @@ -5555,6 +5556,7 @@ static int do_message_op(struct user_auth_info *a_info) } poptFreeContext(pc); + popt_burn_cmdline_password(argc, argv); DEBUG(3,("Client started (version %s).\n", samba_version_string())); diff --git a/source3/include/popt_common.h b/source3/include/popt_common.h index 2125ed6..5266f36 100644 --- a/source3/include/popt_common.h +++ b/source3/include/popt_common.h @@ -49,5 +49,6 @@ extern const struct poptOption popt_common_dynconfig[]; #define POPT_COMMON_OPTION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_option, 0, "Common samba commandline config:", NULL }, void popt_common_set_auth_info(struct user_auth_info *auth_info); +void popt_burn_cmdline_password(int argc, char *argv[]); #endif /* _POPT_COMMON_H */ diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c index 94e551d..c072839 100644 --- a/source3/lib/popt_common.c +++ b/source3/lib/popt_common.c @@ -605,6 +605,53 @@ void popt_common_set_auth_info(struct user_auth_info *auth_info) global_auth_info = auth_info; } +/** + * @brief Burn the commandline password. + * + * This function removes the password from the command line so we + * don't leak the password e.g. in 'ps aux'. + * + * It should be called after processing the options and you should pass down + * argv from main(). + * + * @param[in] argc The number of arguments. + * + * @param[in] argv[] The argument array we will find the array. + */ +void popt_burn_cmdline_password(int argc, char *argv[]) +{ + bool found = false; + char *p = NULL; + int i, ulen = 0; + + for (i = 0; i < argc; i++) { + p = argv[i]; + if (strncmp(p, "-U", 2) == 0) { + ulen = 2; + found = true; + } else if (strncmp(p, "--user", 6) == 0) { + ulen = 6; + found = true; + } + + if (found) { + if (p == NULL) { + return; + } + + if (strlen(p) == ulen) { + continue; + } + + p = strchr_m(p, '%'); + if (p != NULL) { + memset(p, '\0', strlen(p)); + } + found = false; + } + } +} + struct poptOption popt_common_credentials[] = { { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, (void *)popt_common_credentials_callback, 0, diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 0dad971..d204d7f 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -960,6 +960,7 @@ out_free: } poptFreeContext(pc); + popt_burn_cmdline_password(argc, argv); if (!init_names()) { result = 1; diff --git a/source3/utils/net.c b/source3/utils/net.c index 85fe2f6..465d2a0 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -945,6 +945,8 @@ static struct functable net_func[] = { c->opt_password = getenv("PASSWD"); } + popt_burn_cmdline_password(argc, argv); + /* Failing to init the msg_ctx isn't a fatal error. Only root-level things (joining/leaving domains etc.) will be denied. */ diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 7df4e48..d22e2f3 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -1371,6 +1371,7 @@ static struct cli_state *connect_one(struct user_auth_info *auth_info, popt_common_set_auth_info(auth_info); pc = poptGetContext("smbcacls", argc, argv, long_options, 0); + popt_burn_cmdline_password(argc, argv); poptSetOtherOptionHelp(pc, "//server1/share1 filename\nACLs look like: " "'ACL:user:[ALLOWED|DENIED]/flags/permissions'"); @@ -1436,6 +1437,7 @@ static struct cli_state *connect_one(struct user_auth_info *auth_info, } poptFreeContext(pc); + popt_burn_cmdline_password(argc, argv); string_replace(path,'/','\\'); diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c index b962103..d248bbe 100644 --- a/source3/utils/smbcquotas.c +++ b/source3/utils/smbcquotas.c @@ -608,6 +608,7 @@ FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" }, popt_common_set_auth_info(smbcquotas_auth_info); pc = poptGetContext("smbcquotas", argc, argv, long_options, 0); + popt_burn_cmdline_password(argc, argv); poptSetOtherOptionHelp(pc, "//server1/share1"); @@ -689,6 +690,7 @@ FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" }, } poptFreeContext(pc); + popt_burn_cmdline_password(argc, argv); string_replace(path, '/', '\\'); diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c index e2f109e..40b1f09 100644 --- a/source3/utils/smbtree.c +++ b/source3/utils/smbtree.c @@ -317,6 +317,7 @@ static bool print_tree(struct user_auth_info *user_info) POPT_CONTEXT_KEEP_FIRST); while(poptGetNextOpt(pc) != -1); poptFreeContext(pc); + popt_burn_cmdline_password(argc, argv); lp_load_global(get_dyn_CONFIGFILE()); load_interfaces(); -- Samba Shared Repository