[Libguestfs] [PATCH] v2v: -o openstack: Don't echo full commands (RHBZ#1664310).

[Richard W.M. Jones]

They can contain passwords or tokens if for example the
‘-oo os-password’ option is used.

Thanks: Tomáš Golembiovský, Brett Thurber.
---
 v2v/output_openstack.ml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/v2v/output_openstack.ml b/v2v/output_openstack.ml
index 95c42cbed..3ff1e1269 100644
--- a/v2v/output_openstack.ml
+++ b/v2v/output_openstack.ml
@@ -177,8 +177,10 @@ class output_openstack output_conn output_password output_storage
     let stdout_fd =
       if verbose () then None
       else Some (openfile "/dev/null" [O_WRONLY] 0) in
-    (* Note that run_command will close stdout_fd if defined. *)
-    Tools_utils.run_command ?stdout_fd cmd
+    (* Note that run_command will close stdout_fd if defined.
+     * Don't echo the command because it can contain passwords.
+     *)
+    Tools_utils.run_command ~echo_cmd:false ?stdout_fd cmd
   in
 
   (* Similar to above, run the openstack command and capture the
@@ -192,8 +194,10 @@ class output_openstack output_conn output_password output_storage
     unlink_on_exit json;
     let fd = descr_of_out_channel chan in
 
-    (* Note that Tools_utils.run_command closes fd. *)
-    if Tools_utils.run_command ~stdout_fd:fd cmd <> 0 then
+    (* Note that Tools_utils.run_command closes fd.
+     * Don't echo the command because it can contain passwords.
+     *)
+    if Tools_utils.run_command ~echo_cmd:false ~stdout_fd:fd cmd <> 0 then
       None
     else (
       let json = json_parser_tree_parse_file json in
-- 
2.19.2