[pve-devel] [PATCH storage 2/2] storage add: always extract password from parameters
Thomas Lamprecht
t.lamprecht at proxmox.com
Fri Jun 29 13:20:08 CEST 2018
as else we write it to /etc/pve/storage.cfg which is readable by
www-data, a not really private group...
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
PVE/API2/Storage/Config.pm | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Storage/Config.pm b/PVE/API2/Storage/Config.pm
index 49cf3c8..95ca9b8 100755
--- a/PVE/API2/Storage/Config.pm
+++ b/PVE/API2/Storage/Config.pm
@@ -133,8 +133,15 @@ __PACKAGE__->register_method ({
# fix me in section config create never need an empty entity.
delete $param->{nodes} if !$param->{nodes};
- my $password = extract_param($param, 'password')
- if $type eq 'cifs' && $param->{username};
+ my $password;
+ # always extract pw, else it gets written to the www-data readable scfg
+ if (my $tmp_pw = extract_param($param, 'password')) {
+ if ($type eq 'cifs' && $param->{username}) {
+ $password = $tmp_pw;
+ } else {
+ warn "ignore password parameter\n";
+ }
+ }
if ($param->{portal}) {
$param->{portal} = PVE::Storage::resolv_portal($param->{portal});
--
2.17.1
More information about the pve-devel
mailing list