scan_cifs: pass user/pass over environment

As command line argument they are readable by ever user in the same
PID namespace.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index e2a6fd0f99d007cce4ccf2f2ac6782c6fc0f05ed..42e769ab4f91c0731cdcf42cf84ec1bc3a3cd17b 100755 (executable)
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -1196,13 +1196,12 @@ sub scan_cifs {
 
     # we only support Windows 2012 and newer, so just use smb3
     my $cmd = ['/usr/bin/smbclient', '-m', 'smb3', '-d', '0', '-L', $server];
-    if (defined($user)) {
-       die "password is required\n" if !defined($password);
-       push @$cmd, '-U', "$user\%$password";
-    } else {
-       push @$cmd, '-N';
-    }
+    push @$cmd, '-N' if !defined($user);
     push @$cmd, '-W', $domain if defined($domain);
+    die "password is required\n" if defined($user) && !defined($password);
+
+    local $ENV{USER} = $user if defined($user);
+    local $ENV{PASSWD} = $password if defined($password);
 
     my $res = {};
     my $err = '';