Merge pull request #11665 from ClickHouse/clear-password-from-command-line

Clear password from command line
2024-11-21 15:12:02 +00:00 · 2020-06-15 02:17:21 +03:00 · 2020-06-15 02:17:21 +03:00 · 814265b66e
commit 814265b66e
parent 71dd46bd64 22366471d0
7 changed files with 56 additions and 1 deletions
--- a/programs/benchmark/Benchmark.cpp
+++ b/programs/benchmark/Benchmark.cpp
@ -18,6 +18,7 @@
 #include <Common/ConcurrentBoundedQueue.h>
 #include <Common/Exception.h>
 #include <Common/randomSeed.h>
+#include <Common/clearPasswordFromCommandLine.h>
 #include <Core/Types.h>
 #include <IO/ReadBufferFromFileDescriptor.h>
 #include <IO/WriteBufferFromFileDescriptor.h>
@ -539,7 +540,7 @@ int mainEntryClickHouseBenchmark(int argc, char ** argv)
            ("password",      value<std::string>()->default_value(""),          "")
            ("database",      value<std::string>()->default_value("default"),   "")
            ("stacktrace",                                                      "print stack traces of exceptions")
-            ("confidence",    value<size_t>()->default_value(5),                "set the level of confidence for T-test [0=80%, 1=90%, 2=95%, 3=98%, 4=99%, 5=99.5%(default)")
+            ("confidence",    value<size_t>()->default_value(5), "set the level of confidence for T-test [0=80%, 1=90%, 2=95%, 3=98%, 4=99%, 5=99.5%(default)")
            ("query_id",      value<std::string>()->default_value(""),         "")
        ;

@ -550,6 +551,8 @@ int mainEntryClickHouseBenchmark(int argc, char ** argv)
        boost::program_options::store(boost::program_options::parse_command_line(argc, argv, desc), options);
        boost::program_options::notify(options);

+        clearPasswordFromCommandLine(argc, argv);
+
        if (options.count("help"))
        {
            std::cout << "Usage: " << argv[0] << " [options] < queries.txt\n";
--- a/programs/client/Client.cpp
+++ b/programs/client/Client.cpp
@ -38,6 +38,7 @@
 #include <Common/Throttler.h>
 #include <Common/StringUtils/StringUtils.h>
 #include <Common/typeid_cast.h>
+#include <Common/clearPasswordFromCommandLine.h>
 #include <Common/Config/ConfigProcessor.h>
 #include <Core/Types.h>
 #include <Core/QueryProcessingStage.h>
@ -2006,6 +2007,7 @@ public:

        argsToConfig(common_arguments, config(), 100);

+        clearPasswordFromCommandLine(argc, argv);
    }
 };

--- a/src/Common/clearPasswordFromCommandLine.cpp
+++ b/src/Common/clearPasswordFromCommandLine.cpp
@ -0,0 +1,18 @@
+#include <string.h>
+#include "clearPasswordFromCommandLine.h"
+
+void clearPasswordFromCommandLine(int argc, char ** argv)
+{
+    for (int arg = 1; arg < argc; ++arg)
+    {
+        if (arg + 1 < argc && 0 == strcmp(argv[arg], "--password"))
+        {
+            ++arg;
+            memset(argv[arg], 0, strlen(argv[arg]));
+        }
+        else if (0 == strncmp(argv[arg], "--password=", strlen("--password=")))
+        {
+            memset(argv[arg] + strlen("--password="), 0, strlen(argv[arg]) - strlen("--password="));
+        }
+    }
+}
--- a/src/Common/clearPasswordFromCommandLine.h
+++ b/src/Common/clearPasswordFromCommandLine.h
@ -0,0 +1,6 @@
+#pragma once
+
+/** If there are --password=... or --password ... arguments in command line, replace their values with zero bytes.
+  * This is needed to prevent password exposure in 'ps' and similar tools.
+  */
+void clearPasswordFromCommandLine(int argc, char ** argv);
--- a/src/Common/ya.make
+++ b/src/Common/ya.make
@ -30,6 +30,7 @@ SRCS(
    Config/configReadClient.cpp
    Config/ConfigReloader.cpp
    createHardLink.cpp
+    clearPasswordFromCommandLine.cpp
    CurrentMetrics.cpp
    CurrentThread.cpp
    DNSResolver.cpp
--- a/tests/queries/0_stateless/01317_no_password_in_command_line.reference
+++ b/tests/queries/0_stateless/01317_no_password_in_command_line.reference
@ -0,0 +1,2 @@
+0
+0
--- a/tests/queries/0_stateless/01317_no_password_in_command_line.sh
+++ b/tests/queries/0_stateless/01317_no_password_in_command_line.sh
@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+. $CURDIR/../shell_config.sh
+
+set -e
+
+$CLICKHOUSE_CLIENT --query "DROP USER IF EXISTS user"
+$CLICKHOUSE_CLIENT --query "CREATE USER user IDENTIFIED WITH PLAINTEXT_PASSWORD BY 'hello'"
+
+# False positive result due to race condition with sleeps is Ok.
+
+$CLICKHOUSE_CLIENT --user user --password hello --query "SELECT sleep(1)" &
+sleep 0.1
+ps auxw | grep -F -- '--password' | grep -F hello ||:
+wait
+
+$CLICKHOUSE_CLIENT --user user --password=hello --query "SELECT sleep(1)" &
+sleep 0.1
+ps auxw | grep -F -- '--password' | grep -F hello ||:
+wait
+
+$CLICKHOUSE_CLIENT --query "DROP USER user"