[GitHub] qpid-dispatch issue #124: Allow passing the password via env variable

[ted-ross]

Github user ted-ross commented on the issue:

    https://github.com/apache/qpid-dispatch/pull/124
  
    Dan,
    
    I committed a modified version of this patch yesterday.  Instead of 
    processing the password at connector/listener setup time, it does it at 
    ssl_profile setup time.  This ensures that the password is interpreted 
    only once, eliminating the possible issues of re-processing.
    
    -Ted
    
    On 12/12/2016 07:53 PM, Daniel Skarbek wrote:
    > dskarbek commented on this pull request.
    >
    >
    >
    >> +{
    > +    char *pw = ssl_profile->ssl_password;
    > +    if (!pw) return pw;
    > +
    > +    /* if the "password" starts with "env:" or "env: " then the remaining
    > +     * text is the environment variable that contains the password
    > +     */
    > +    if (strncmp(pw, "env:", 4) == 0) {
    > +        char *env = pw + 4;
    > +        /* skip the space if it is there */
    > +        if (*env == ' ') ++env;
    > +
    > +        const char* passwd = getenv(env);
    > +        if (passwd) {
    > +            free(ssl_profile->ssl_password);
    > +            pw = ssl_profile->ssl_password = strdup(passwd);
    >
    > Yes, this is replacing the value, and true, could cause problems if the 
literal value started with "env:".  Actually, the fix you mention would not be 
so great.  On the first time through the "literal" may or may not be handled 
depending on a subtle change in the code, and on the 3rd time, might have 
trouble or not.  I think that the "env:" and "literal:" keywords are supposed 
to be in-effect on the config file value, and should not apply to the env-var 
value.  That keeps it cleaner and simpler.  So, that would mean that I 
shouldn't re-write the ssl_profile value.  What do you think of just assigning 
the result of getenv() directly?  Can we change the ssl_password member to be a 
const char*?  Otherwise, I'd have to cast away const.
    >



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org