[Ddclient-support] better password handling for ddclient
Brought to you by:
supersandro2000,
wimpunk
Menu
▾
▴
[Ddclient-support] better password handling for ddclient
|
From: Ingo S. <isc...@as...> - 2008-09-30 19:48:30
|
Dear colleagues,
reading the ddclient-3.7.3 source code, you will notice that the config
file parser tries to handle some of the subtleties of passwords,
in particular passwords containing the sharp character ('#').
All the same, there are still a few problems:
1. If there is white space before the keyword 'password',
the sharp handling is bypassed. For example,
the following line is parsed as password='very'
instead of password='very#secret':
user=joe, password=very#secret my.host # special password!
2. If there is whitespace behind the password, the rest of
the line is lost, including any trailing backslash.
For example, with the following pair of lines, password=secret
is parsed into the global scope, and user=joe starts a new
host line.
password=secret, \
user=joe my.host
3. The worst problem is that passwords containing white space
cannot be used. Escaping them is not possible.
For example, the following line is parsed as password='very'
instead of password='very secret':
password=very secret
At this point i stopped checking, maybe passwords containing the
comma character also cause trouble.
The patch included below fixes all this by parsing the passwords
into a temporary hash and feeding them back once the main parser
has finished splitting on whitespace and commas.
Optionally, each password can be included in single quotes ("''").
This is required when the password contains white space or itself
starts with a single quote. For example, the password "'secret"
must be specified as "password=''secret'".
The patch is expected to be backward compatible with the exception
of passwords starting with a single quote.
Feedback is welcome, but expect some delay; i shall be offline
for about two weeks starting on Thurday.
Yours,
Ingo
--
Ingo Schwarze <isc...@as...> | Software Engineer | Framework Team
Astaro AG | www.astaro.com | 76227 Karlsruhe | Germany
----- 8< ----- schnipp ----- >8 ----- 8< ----- schnapp ----- >8 -----
#
# Patch to improve password handling in ddclient-3.7.3
# Copyright (C) 2008 Astaro AG www.astaro.com
# Author: Ingo Schwarze <isc...@as...> 30.09.2008
#
# This patch is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This patch is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with the ddclient program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA,
# or look up http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt .
#
Index: ddclient
===================================================================
RCS file: /home/cvs/sources/d/ddclient/ddclient,v
retrieving revision 1.1.1.2
diff -u -p -r1.1.1.2 ddclient
--- ddclient 15 Sep 2008 11:13:55 -0000 1.1.1.2
+++ ddclient 30 Sep 2008 18:55:52 -0000
@@ -888,6 +888,7 @@ sub _read_config {
local $lineno = 0;
my $continuation = '';
+ my %passwords = ();
while (<FD>) {
s/[\r\n]//g;
@@ -903,10 +904,17 @@ sub _read_config {
}
$content .= "$_\n" unless /^#/;
- # lines contain passwords are a special case, we don't want to
- # arbitrarily strip out '#'
- if (/^(\S*password\S*)\s*=\s*(\S+)/i) { $_ = "$1=$2"; }
- if (/^#/ || !(/password/i) || /#.*password/i) { s/#.*//; } # remove comments
+
+ ## parsing passwords is special
+ if (/^([^#]*\s)?([^#]*?password\S*?)\s*=\s*('.*'|[^']\S*)(.*)/) {
+ my ($head, $key, $value, $tail) = ($1 || '', $2, $3, $4);
+ $value = $1 if $value =~ /^'(.*)'$/;
+ $passwords{$key} = $value;
+ $_ = "${head}${key}=dummy${tail}";
+ }
+
+ ## remove comments
+ s/#.*//;
## handle continuation lines
$_ = "$continuation$_";
@@ -931,6 +939,7 @@ sub _read_config {
## verify that keywords are valid...and check the value
foreach my $k (keys %locals) {
+ $locals{$k} = $passwords{$k} if defined $passwords{$k};
if (!exists $variables{'merged'}{$k}) {
warning("unrecognized keyword '%s' (ignored)", $k);
delete $locals{$k};
@@ -969,6 +978,7 @@ sub _read_config {
$config{$h}{'host'} = $h;
}
}
+ %passwords = ();
}
close(FD);
|