[pve-devel] applied: [PATCH storage 2/5] scan_cifs: pass user/pass over environment

[Thomas Lamprecht]

As command line argument they are readable by ever user in the same
PID namespace.

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
 PVE/Storage.pm | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index e2a6fd0..42e769a 100755
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -1196,13 +1196,12 @@ sub scan_cifs {
 
     # we only support Windows 2012 and newer, so just use smb3
     my $cmd = ['/usr/bin/smbclient', '-m', 'smb3', '-d', '0', '-L', $server];
-    if (defined($user)) {
-	die "password is required\n" if !defined($password);
-	push @$cmd, '-U', "$user\%$password";
-    } else {
-	push @$cmd, '-N';
-    }
+    push @$cmd, '-N' if !defined($user);
     push @$cmd, '-W', $domain if defined($domain);
+    die "password is required\n" if defined($user) && !defined($password);
+
+    local $ENV{USER} = $user if defined($user);
+    local $ENV{PASSWD} = $password if defined($password);
 
     my $res = {};
     my $err = '';
-- 
2.20.1