From dean@arctic.org Sat Nov 25 23:58:13 2006 Date: Sat, 25 Nov 2006 23:58:13 -0800 (PST) From: dean gaudet To: bugs@ucarp.org Subject: [patch] --passfile option even though boxes with critical services tend not to have random user logins, i'd prefer not to have my password available via ps. this patch adds a --passfile option to supply the password from a file instead of the command-line. -dean Index: ucarp-1.2/src/ucarp.c =================================================================== --- ucarp-1.2.orig/src/ucarp.c 2006-11-25 23:46:08.000000000 -0800 +++ ucarp-1.2/src/ucarp.c 2006-11-25 23:53:44.000000000 -0800 @@ -27,6 +27,7 @@ "--srcip= (-s ): source (real) IP address of that host\n" "--vhid= (-v ): virtual IP identifier (1-255)\n" "--pass= (-p ): password\n" + "--passfile=file : read password from file\n" "--preempt (-P): becomes a master as soon as possible\n" "--neutral (-n): don't run downscript at start if backup\n" "--addr= (-a ): virtual shared IP address\n" @@ -124,6 +125,28 @@ } break; } + case OPT_PASSFILE: { + char buf[512]; + char *p; + FILE *pw = fopen(optarg, "r"); + if (pw == NULL) { + logfile(LOG_ERR, _("unable to open passfile %s for reading: %s"), + optarg, strerror(errno)); + return 1; + } + if (fgets(buf, sizeof(buf), pw) == NULL) { + logfile(LOG_ERR, _("error reading passfile %s: %s"), optarg, + ferror(pw) ? strerror(errno) : _("unexpected end of file")); + return 1; + } + fclose(pw); + p = strchr(buf, '\n'); + if (p) *p = 0; + if ((pass = strdup(buf)) == NULL) { + die_mem(); + } + break; + } case 'P': { preempt = 1; break; Index: ucarp-1.2/src/ucarp_p.h =================================================================== --- ucarp-1.2.orig/src/ucarp_p.h 2006-11-25 23:45:07.000000000 -0800 +++ ucarp-1.2/src/ucarp_p.h 2006-11-25 23:46:05.000000000 -0800 @@ -3,6 +3,8 @@ static const char *GETOPT_OPTIONS = "i:s:v:p:Pa:hb:k:u:d:r:zf:B"; +#define OPT_PASSFILE (1) + static struct option long_options[] = { { "interface", 1, NULL, 'i' }, { "srcip", 1, NULL, 's' }, @@ -20,6 +22,7 @@ { "shutdown", 0, NULL, 'z' }, { "facility", 1, NULL, 'f' }, { "daemonize", 0, NULL, 'B' }, + { "passfile", 1, NULL, OPT_PASSFILE }, { NULL, 0, NULL, 0 } }; Index: ucarp-1.2/ucarp.8 =================================================================== --- ucarp-1.2.orig/ucarp.8 2006-11-25 23:54:59.000000000 -0800 +++ ucarp-1.2/ucarp.8 2006-11-25 23:56:29.000000000 -0800 @@ -24,6 +24,8 @@ .IP "\fB-p \fIpass\fR\fP\fB \-\-pass=\fIpass\fR\fP" 10 The shared password, (this gets encrypted and is not sent in the clear). +.IP "\fB\-\-passfile=\fIfile\fR\fP" 10 +Read the shared password from \fIfile\fR. .IP "\fB-P \fP\fB\-\-preempt\fP" 10 Turn on preemptive failover. This causes an instance of ucarp to take over master status right away.