aboutsummaryrefslogtreecommitdiff
path: root/src/data.lisp
diff options
context:
space:
mode:
authorSean Whitton <spwhitton@spwhitton.name>2021-03-19 19:44:43 -0700
committerSean Whitton <spwhitton@spwhitton.name>2021-03-19 19:44:43 -0700
commitfac6720737e25688760621dfc0e1e5d483ef2f1f (patch)
treeb538b53d35c72d7d3c24e7e9f9ac7cffce5316a3 /src/data.lisp
parent81ee52dd850fa606d78757ce8e4b1fdbd66a9d21 (diff)
downloadconsfigurator-fac6720737e25688760621dfc0e1e5d483ef2f1f.tar.gz
hide sudo passwords in the debugger
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'src/data.lisp')
-rw-r--r--src/data.lisp39
1 files changed, 33 insertions, 6 deletions
diff --git a/src/data.lisp b/src/data.lisp
index 2869b43..5315762 100644
--- a/src/data.lisp
+++ b/src/data.lisp
@@ -350,6 +350,32 @@ of the current connection, where each entry is of the form
"#+sbcl (require \"sb-cltl2\")"
:test #'equal)
+
+;;;; Passphrases
+
+(defclass passphrase ()
+ ((passphrase :initarg :passphrase :reader passphrase)))
+
+(defun get-data-protected-string (iden1 iden2)
+ "Like GET-DATA-STRING, but wrap the content in an object which is unprintable
+by default. Intended for code which fetches passwords and wants to lessen the
+chance of those passwords showing up in the clear in the Lisp debugger."
+ (make-instance 'passphrase :passphrase (get-data-string iden1 iden2)))
+
+(defvar *allow-printing-passphrases* nil)
+
+(defmethod print-object ((passphrase passphrase) stream)
+ (if *allow-printing-passphrases*
+ (format stream "#.~S"
+ `(make-instance 'passphrase
+ :passphrase ,(passphrase passphrase)))
+ (print-unreadable-object (passphrase stream)
+ (format stream "PASSPHRASE")))
+ passphrase)
+
+
+;;;; Programs for remote Lisp images
+
(defun continue-deploy*-program (remaining-connections)
"Return a program to complete the work of an enclosing call to DEPLOY*.
@@ -402,12 +428,13 @@ Preprocessing must occur in the root Lisp."))
,(wrap `((%consfigure ',remaining-connections ,*host*))))))
(handler-case
(with-standard-io-syntax
- ;; need line breaks in between so that packages exist before we
- ;; try to have remote Lisp read sexps containing symbols from
- ;; those packages
- (format nil "~A~%~{~A~^~%~}"
- +continue-deploy*-program-implementation-specific+
- (mapcar #'prin1-to-string forms)))
+ (let ((*allow-printing-passphrases* t))
+ ;; need line breaks in between so that packages exist before we
+ ;; try to have remote Lisp read sexps containing symbols from
+ ;; those packages
+ (format nil "~A~%~{~A~^~%~}"
+ +continue-deploy*-program-implementation-specific+
+ (mapcar #'prin1-to-string forms))))
(print-not-readable (c)
(error "The Lisp printer could not serialise ~A for
transmission to the remote Lisp.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 02:55:06 +0000