[Linux-ha-dev] external/ipmi: Provide opt param "passwd_method" to hide the ipmi password from config and logs

Thu, 19 Aug 2010 02:35:56 -0700 

Hi,
the very sensitive IPMI password now shows up in crm's config, log files and ps 
-ef output.

This patch provides an optional parameter "passwd_method" that can be used to 
hide this information on various levels.

If not defined the old behavior is retained.

Regards
Holger

# HG changeset patch
# User Holger Teutsch <[email protected]>
# Date 1282209948 -7200
# Node ID 7d22ef3abd9ceb0379351cee409679b9587eb7fc
# Parent  ba146a145a3ede967af48e8936ac414984aa1e5f
external/ipmi: Provide opt param "passwd_method" to hide the ipmi password from 
config and logs

diff -r ba146a145a3e -r 7d22ef3abd9c lib/plugins/stonith/external/ipmi
--- a/lib/plugins/stonith/external/ipmi    Thu Aug 12 16:46:02 2010 +0200
+++ b/lib/plugins/stonith/external/ipmi    Thu Aug 19 11:25:48 2010 +0200
@@ -60,9 +60,30 @@
 interface="lan"
 fi
 
+        case "${passwd_method}" in
+            param|'')
+                passwd_method=param
+                M="-P"
+                ;;
+            env)
+                M="-E"
+                ;;
+            file)
+                M="-f"
+                ;;
+            *)
+        ha_log.sh err "invalid passwd_method: \"${passwd_method}\""
+        return 1
+        esac
+
 action="$*"
 
-    ${IPMITOOL} -I ${interface} -H ${ipaddr} -U "${userid}" -P "${passwd}" 
${action} 2>&1
+        if [ $passwd_method = env ]
+        then
+            IPMI_PASSWORD="${passwd}" ${IPMITOOL} -I ${interface} -H ${ipaddr} 
-U "${userid}" -E ${action} 2>&1
+        else
+            ${IPMITOOL} -I ${interface} -H ${ipaddr} -U "${userid}" $M 
"${passwd}" ${action} 2>&1
+        fi
 }
 
 # Yet another convenience wrapper that invokes run_ipmitool, captures
@@ -94,7 +115,6 @@
 esac
 }
 
-
 # Rewrite the hostname to accept "," as a delimeter for hostnames too.
 
 case ${1} in
@@ -195,6 +215,19 @@
 </longdesc>
 </parameter>
 
+<parameter name="passwd_method" unique="1">
+<content type="string" default="param"/>
+<shortdesc lang="en">
+Method for passing passwd parameter
+</shortdesc>
+<longdesc lang="en">
+Method for passing the passwd parameter to ipmitool
+  param: pass as parameter (-P)
+  env:   pass via environment (-E)
+  file:  value of "passwd" is actually a file name, pass with (-f)
+</longdesc>
+</parameter>
+
 <parameter name="interface" unique="1">
 <content type="string" default="lan"/>
 <shortdesc lang="en">
___________________________________________________________
GRATIS für alle WEB.DE Nutzer: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://movieflat.web.de
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

Reply via email to