Yedidyah Bar David has uploaded a new change for review. Change subject: packaging: engine-backup: Prevent password on command line ......................................................................
packaging: engine-backup: Prevent password on command line Prevent having a password on a command line. Either read it from a file or interactively. Bug-Url: https://bugzilla.redhat.com/1002401 Change-Id: Icbc497af2653417beab54a9be307332cdf69a48a Signed-off-by: Yedidyah Bar David <d...@redhat.com> --- M packaging/bin/engine-backup.sh 1 file changed, 21 insertions(+), 5 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/23/20423/1 diff --git a/packaging/bin/engine-backup.sh b/packaging/bin/engine-backup.sh index 5b4b3b2..12769a5 100755 --- a/packaging/bin/engine-backup.sh +++ b/packaging/bin/engine-backup.sh @@ -36,9 +36,11 @@ FILE="" DB_BACKUP_FILE_NAME="engine_backup.db" FILES="files" +NOECHO= cleanup() { [ -n "${TEMP_FOLDER}" ] && rm -rf "${TEMP_FOLDER}" + [ -n "${NOECHO}" ] && stty echo } trap cleanup 0 @@ -62,8 +64,8 @@ --db-host=host set database host --db-port=port set database port --db-user=user set database user + --db-password set database password - interactively --db-passfile=file set database password - read from file - --db-password=pass set database password --db-name=name set database name --db-secured set a secured connection --db-secured-validation validate host @@ -121,14 +123,23 @@ --db-user=*) MY_DB_USER="${v}" ;; + --db-password) + [ -t 0 ] || \ + die "Standard input is not a terminal" + stty -echo || \ + die "Failed disabling terminal input echo" + NOECHO=1 + echo -n "Enter database password: " + read MY_DB_PASSWORD + stty echo + echo + NOECHO= + ;; --db-passfile=*) DB_PASSFILE="${v}" [ -r "${DB_PASSFILE}" ] || \ die "Can not read password file ${DB_PASSFILE}" read MY_DB_PASSWORD < "${DB_PASSFILE}" - ;; - --db-password=*) - MY_DB_PASSWORD="${v}" ;; --db-name=*) MY_DB_DATABASE="${v}" @@ -337,11 +348,16 @@ [ -n "${options}" ] && options="${options#&}" + local encpass="$(sed 's;\(["\$]\);\\\1;g' << __EOF__ +${MY_DB_PASSWORD} +__EOF__ +)" + MY_DB_CREDS="$(cat << __EOF__ ENGINE_DB_HOST="${MY_DB_HOST}" ENGINE_DB_PORT="${MY_DB_PORT}" ENGINE_DB_USER="${MY_DB_USER}" -ENGINE_DB_PASSWORD="$(echo ${MY_DB_PASSWORD} | sed 's;\(["\$]\);\\\1;g')" +ENGINE_DB_PASSWORD="${encpass}" ENGINE_DB_DATABASE="${MY_DB_DATABASE}" ENGINE_DB_SECURED="${MY_DB_SECURED}" ENGINE_DB_SECURED_VALIDATION="${MY_DB_SECURED_VALIDATION}" -- To view, visit http://gerrit.ovirt.org/20423 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Icbc497af2653417beab54a9be307332cdf69a48a Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yedidyah Bar David <d...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
