dovecot/imapsync_cron: Use passfiles to hide passwords from ps

This commit is contained in:
Markus Frosch 2017-06-19 11:40:50 +02:00
parent 036c51f053
commit 4be67ccd64

View File

@ -1,11 +1,11 @@
#!/usr/bin/perl #!/usr/bin/perl
use DBI; use DBI;
use File::Temp qw/ mkstemp /;
use LockFile::Simple qw(lock trylock unlock); use LockFile::Simple qw(lock trylock unlock);
use Data::Dumper qw(Dumper); use Data::Dumper qw(Dumper);
use IPC::Run 'run'; use IPC::Run 'run';
use String::Util 'trim'; use String::Util 'trim';
use File::Temp;
$DBNAME = ''; $DBNAME = '';
$DBUSER = ''; $DBUSER = '';
@ -43,6 +43,13 @@ while ($row = $sth->fetchrow_arrayref()) {
if ($enc1 eq "TLS") { $enc1 = "--tls1"; } elsif ($enc1 eq "SSL") { $enc1 = "--ssl1"; } else { undef $enc1; } if ($enc1 eq "TLS") { $enc1 = "--tls1"; } elsif ($enc1 eq "SSL") { $enc1 = "--ssl1"; } else { undef $enc1; }
my $template = $run_dir . '/imapsync.XXXXXXX';
my $passfile1 = File::Temp->new(TEMPLATE => $template);
my $passfile2 = File::Temp->new(TEMPLATE => $template);
print $passfile1 "$password1\n";
print $passfile2 trim($master_pass) . "\n";
run [ "/usr/local/bin/imapsync", run [ "/usr/local/bin/imapsync",
"--timeout1", "10", "--timeout1", "10",
"--tmpdir", "/tmp", "--tmpdir", "/tmp",
@ -55,11 +62,11 @@ while ($row = $sth->fetchrow_arrayref()) {
(!defined($enc1) ? () : ($enc1)), (!defined($enc1) ? () : ($enc1)),
"--host1", $host1, "--host1", $host1,
"--user1", $user1, "--user1", $user1,
"--password1", $password1, "--passfile1", $passfile1->filename,
"--port1", $port1, "--port1", $port1,
"--host2", "localhost", "--host2", "localhost",
"--user2", $user2 . '*' . trim($master_user), "--user2", $user2 . '*' . trim($master_user),
"--password2", trim($master_pass), "--passfile2", $passfile2->filename,
'--no-modulesversion'], ">", \my $stdout; '--no-modulesversion'], ">", \my $stdout;
$update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, last_run = NOW() WHERE id = ?"); $update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, last_run = NOW() WHERE id = ?");