[prev in list] [next in list] [prev in thread] [next in thread]
List: amanda-hackers
Subject:
From: JOERG SPECHT <joerg.specht () ins ! uni-stuttgart ! de>
Date: 2001-01-09 9:16:12
[Download RAW message or body]
Hello,
the password for smbclient is passed as command-line argument.
On most systems, one can view that with the `ps' command.
So I think that solution is inacceptable.
smbclient offers the possiblity to pass $PASSWD_FD or $PASSWD_FILE, so
I have choosen $PASSWD_FD. The password is written in a pipe(), whose
reading end stays open until execution of smbclient. The file
descriptor number is written into $PASSWD_FD.
["diffed-amanda-2.4.2-PASSWD_FD" (text/plain)]
diff -ur old/amanda-2.4.2/client-src/findpass.c new/amanda-2.4.2/client-src/findpass.c
--- old/amanda-2.4.2/client-src/findpass.c Wed Oct 11 04:08:26 2000
+++ new/amanda-2.4.2/client-src/findpass.c Tue Jan 9 09:27:53 2001
@@ -29,22 +29,35 @@
* Support routines for Amanda SAMBA support
*/
+#include <limits.h>
#include "findpass.h"
/*
* Find the Samba password and optional domain for a given disk.
* Returns pointers into an alloc-ed area. The caller should clear them
* as soon as reasonable.
+ *
+ * Secret part is written into a pipe and $PASSWD_FD ist set,
+ * use findpass(NULL, NULL) to explicitly clear it.
*/
char *findpass(disk, domain)
char *disk, **domain;
{
+ static int pw_fd = -1;
FILE *fp;
static char *buffer = NULL;
char *s, *d, *pw = NULL;
int ch;
+ /* in any case: reset $PASSWD_FD-pipe */
+ if(pw_fd >= 0)
+ close(pw_fd);
+ pw_fd = -1;
+ putenv("PASSWD_FD");
+ if(disk == NULL && domain == NULL)
+ return NULL;
+
*domain = NULL; /* just to be sure */
if ( (fp = fopen("/etc/amandapass", "r")) ) {
amfree(buffer);
@@ -80,6 +93,34 @@
}
afclose(fp);
}
+
+ if(pw) {
+ static char putenv_buf[100];
+ int l, pipe_fd[2];
+ char *secret;
+
+ secret = strchr(pw, '%');
+ if(secret != NULL)
+ *(secret++) = '\0'; /* string ends after username */
+ else
+ secret = pw + strlen(pw); /* empty secret */
+ l = strlen(secret);
+
+#ifndef PIPE_BUF
+#define PIPE_BUF _POSIX_PIPE_BUF
+#endif
+ /* necessary: secret must be written by one write() atomically. */
+ if(l <= PIPE_BUF && pipe(pipe_fd) >= 0) { /* pipe() has not FD_CLOEXEC */
+ write(pipe_fd[1], secret, l); /* buffered in kernel */
+ close(pipe_fd[1]); /* hopefully does not wait */
+ pw_fd = pipe_fd[0]; /* must be held open */
+ sprintf(putenv_buf, "PASSWD_FD=%d", pw_fd);
+ putenv(putenv_buf); /* putenv_buf must be static */
+ }
+
+ memset(secret, '\0', l); /* surely make it unreadable */
+ }
+
return pw;
}
diff -ur old/amanda-2.4.2/client-src/selfcheck.c new/amanda-2.4.2/client-src/selfcheck.c
--- old/amanda-2.4.2/client-src/selfcheck.c Tue Oct 31 02:00:24 2000
+++ new/amanda-2.4.2/client-src/selfcheck.c Tue Jan 9 09:32:24 2001
@@ -298,6 +298,7 @@
return;
}
if ((device = makesharename(disk, 1)) == NULL) {
+ findpass(NULL, NULL);
memset(pass, '\0', strlen(pass));
amfree(pass);
if(domain) {
@@ -329,6 +330,7 @@
printf("ERROR [PC SHARE %s access error: host down or invalid password?]\n", disk);
else
printf("OK %s\n", disk);
+ findpass(NULL, NULL);
memset(cmd, '\0', strlen(cmd));
amfree(cmd);
return;
diff -ur old/amanda-2.4.2/client-src/sendbackup-gnutar.c new/amanda-2.4.2/client-src/sendbackup-gnutar.c
--- old/amanda-2.4.2/client-src/sendbackup-gnutar.c Wed Oct 11 04:08:26 2000
+++ new/amanda-2.4.2/client-src/sendbackup-gnutar.c Tue Jan 9 09:47:16 2001
@@ -302,6 +302,7 @@
error("[invalid samba host or password not found?]");
}
if ((sharename = makesharename(disk, 0)) == 0) {
+ findpass(NULL, NULL);
memset(pass, '\0', strlen(pass));
amfree(pass);
if(domain) {
@@ -367,6 +368,7 @@
estr ? estr : skip_argument,
(char *) 0);
tarpid = dumppid;
+ findpass(NULL, NULL);
memset(pass, '\0', strlen(pass));
amfree(pass);
if(domain) {
diff -ur old/amanda-2.4.2/client-src/sendsize.c new/amanda-2.4.2/client-src/sendsize.c
--- old/amanda-2.4.2/client-src/sendsize.c Wed Oct 11 04:08:26 2000
+++ new/amanda-2.4.2/client-src/sendsize.c Mon Jan 8 14:14:58 2001
@@ -933,6 +933,7 @@
error("[sendsize : error in smbtar diskline, unable to find password]");
}
if ((sharename = makesharename(disk, 0)) == NULL) {
+ findpass(NULL, NULL);
memset(pass, '\0', strlen(pass));
amfree(pass);
if(domain) {
@@ -969,6 +970,7 @@
domain ? domain : skip_argument,
"-c", tarkeys,
(char *)0);
+ findpass(NULL, NULL);
memset(pass, '\0', strlen(pass));
amfree(pass);
if(domain) {
diff -ur old/amanda-2.4.2/common-src/alloc.c new/amanda-2.4.2/common-src/alloc.c
--- old/amanda-2.4.2/common-src/alloc.c Thu Sep 9 01:26:35 1999
+++ new/amanda-2.4.2/common-src/alloc.c Mon Jan 8 12:41:55 2001
@@ -451,6 +451,7 @@
{
static char *safe_env_list[] = {
"TZ",
+ "PASSWD_FD",
NULL
};
Bugs:
- User is not informed about errors, he may just wonder why it does
not work
Compatibility (those worked on SunOS-5.7):
- I hope PIPE_BUF (or _POSIX_PIPE_BUF) is defined on most systems
- close() of the writing end of the pipe should have no delay
- putenv() is a SYSV function, maybe BSD should use setenv()
Anyway, good luck
=09=09-- J=F6rg Specht --
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic