Replace plaintext password in ovf-env.xml with the hash.

6 years ago · 01e02ae0aa
2 changed files with 18 additions and 1 deletions
--- a/agent/azure.c
+++ b/agent/azure.c
@ -720,6 +720,21 @@ azure_getovfenv(struct system_config *sc)
 			log_debug("%s: password failed", __func__);
 			goto done;
 		}
+
+		free(xe->xe_tag);
+		free(xe->xe_data);
+		explicit_bzero(xe->xe_data, xe->xe_datalen);
+
+		/* Replace unencrypted password with hash */
+		xe->xe_tag = strdup("UserPasswordHash");
+		xe->xe_data = strdup(sc->sc_password);
+		xe->xe_datalen = strlen(sc->sc_password);
+	} else if ((xe = xml_findl(&xp->xe_head,
+	    "UserPasswordHash", NULL)) != NULL) {
+		if ((sc->sc_password = strdup(xe->xe_data)) != NULL) {
+			log_debug("%s: password hash failed", __func__);
+			goto done;
+		}
 	}

 	if ((fd = open(sc->sc_ovfenv, O_WRONLY|O_CREAT|O_TRUNC, 0600)) == -1 ||
--- a/agent/xml.c
+++ b/agent/xml.c
@ -239,8 +239,10 @@ xml_end_element(void *data, const char *el)
 		fatal("missing element");
 	if (strcmp(xe->xe_tag, el) != 0)
 		fatal("unexpected closing tag: %s <> %s", el, xe->xe_tag);
-	if (xe->xe_data == NULL)
+	if (xe->xe_data == NULL) {
 		xe->xe_data = strdup("");
+		xe->xe_datalen = 0;
+	}

 	env->ox_cur = xe->xe_parent;
 	env->ox_depth--;