storage add: always extract password from parameters

as else we write it to /etc/pve/storage.cfg which is readable by
www-data, a not really private group...

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/PVE/API2/Storage/Config.pm b/PVE/API2/Storage/Config.pm
index 49cf3c883d1fdf5d6a0fee9a8a6ecac530bd91b3..95ca9b86d9f637ea5d41e8c0142064dad7c3428d 100755 (executable)
--- a/PVE/API2/Storage/Config.pm
+++ b/PVE/API2/Storage/Config.pm
@@ -133,8 +133,15 @@ __PACKAGE__->register_method ({
        # fix me in section config create never need an empty entity.
        delete $param->{nodes} if !$param->{nodes};
 
-       my $password = extract_param($param, 'password')
-           if $type eq 'cifs' && $param->{username};
+       my $password;
+       # always extract pw, else it gets written to the www-data readable scfg
+       if (my $tmp_pw = extract_param($param, 'password')) {
+           if ($type eq 'cifs' && $param->{username}) {
+               $password = $tmp_pw;
+           } else {
+               warn "ignore password parameter\n";
+           }
+       }
 
        if ($param->{portal}) {
            $param->{portal} = PVE::Storage::resolv_portal($param->{portal});