[pve-devel] [PATCH storage 2/2] storage add: always extract password from parameters

Thomas Lamprecht t.lamprecht at proxmox.com
Fri Jun 29 13:20:08 CEST 2018


as else we write it to /etc/pve/storage.cfg which is readable by
www-data, a not really private group...

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---

 PVE/API2/Storage/Config.pm | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/PVE/API2/Storage/Config.pm b/PVE/API2/Storage/Config.pm
index 49cf3c8..95ca9b8 100755
--- a/PVE/API2/Storage/Config.pm
+++ b/PVE/API2/Storage/Config.pm
@@ -133,8 +133,15 @@ __PACKAGE__->register_method ({
 	# fix me in section config create never need an empty entity.
 	delete $param->{nodes} if !$param->{nodes};
 
-	my $password = extract_param($param, 'password')
-	    if $type eq 'cifs' && $param->{username};
+	my $password;
+	# always extract pw, else it gets written to the www-data readable scfg
+	if (my $tmp_pw = extract_param($param, 'password')) {
+	    if ($type eq 'cifs' && $param->{username}) {
+		$password = $tmp_pw;
+	    } else {
+		warn "ignore password parameter\n";
+	    }
+	}
 
 	if ($param->{portal}) {
 	    $param->{portal} = PVE::Storage::resolv_portal($param->{portal});
-- 
2.17.1




More information about the pve-devel mailing list