DietPi-Drive_Manager | Move Samba credentials from /etc/fstab to separate per-mount credentials file

CHANGELOG.txt

@@ -13,6 +13,7 @@ Changes:
 - DietPi-NordVPN | The script reveived a major rework to allow being setup as ProtonVPN client and even with a custom OVPN config. For this reason it has been renamed to "DietPi-VPN", with the script moved to /boot/dietpi/dietpi-vpn and the console command alias changed to "dietpi-vpn" accordingly. Additionally a killswitch feature has been added which forcefully drops all WAN packets not sent through the VPN, when the connection got lost, until the VPN is disconnected manually/intentionally. Further is IPv6 now automatically disabled when the VPN connection is established. This is required to prevent IPv6 leaks as most publish VPN providers/servers do not support IPv6. When it has not been disabled before, IPv6 is re-enabled automatically once the VPN connection stops. Many thanks to @ravenclaw900 for doing this major rework: https://github.com/MichaIng/DietPi/pull/4180
 - DietPi-FS_partition_resize | Added support to automatically resize F2FS and Btrfs filesystems on first boot.
 - DietPi-Drive_Manager | Added support for resizing F2FS and Btrfs filesystems as well as format- and filesystem check & repair support for XFS filesystems.
+- DietPi-Drive_Manager | When adding Samba mounts, credentials are not added in plain text to /etc/fstab anymore, but stored instead in a separate per-mount credential file with strict root-only read permissions. Many thanks to @TheOriginalMrWolf for doing this suggestion: https://github.com/MichaIng/DietPi/issues/4082
 - DietPi-Config | Added a safe overclocking profile for RPi 3+ models. Many thanks to @lone for doing long-term stability tests and reporting back the result: https://dietpi.com/phpbb/viewtopic.php?p=32285#p32285
 - DietPi-Config | When disabling the RPi camera feature, the bcm2835_isp kernel module is now additionally blacklisted. Since kernel 5.X it is otherwise loaded automatically and pulls in the whole camera modules stack as dependency, adding some additional memory usage and boot overhead. Many thanks to @ferbar for making us aware of this: https://github.com/MichaIng/DietPi/issues/4203
 - DietPi-Software | The "optimised" and "additional" software menus have been merged. The separation did not follow consistent rules and this change allows us to have development tools and platforms in a more prominent position. Also it simplifies the software selection and addresses possible confusion about that separation among our users.

dietpi/dietpi-drive_manager

@@ -1218,6 +1218,12 @@ Do you wish to ignore this warning, and, mount the drive regardless?" || return
  - ${aDRIVE_MOUNT_SOURCE[$MENU_DRIVE_INDEX]} > ${aDRIVE_MOUNT_TARGET[$MENU_DRIVE_INDEX]}
 \nNB: You can add additional network shares at a later date through the 'dietpi-drive_manager' main menu."; then
 
+						# Remove credentials file
+						local cred="/var/lib/dietpi/dietpi-drive_manager${aDRIVE_MOUNT_TARGET[$MENU_DRIVE_INDEX]//\//-}.cred"
+						cred=${cred/drive_manager-mnt-/drive_manager\/mnt-}
+						[[ -f $cred ]] && G_EXEC rm "$cred"
+						[[ -d '/var/lib/dietpi/dietpi-drive_manager' ]] && G_EXEC rmdir --ignore-fail-on-non-empty /var/lib/dietpi/dietpi-drive_manager
+
 						Unmount_Drive "${aDRIVE_MOUNT_TARGET[$MENU_DRIVE_INDEX]}"
 						TARGETMENUID=0 # Main menu
 
@@ -1758,14 +1764,24 @@ NB: If you are planning to dedicate the drive to this system, it is recommended
 		local i
 		for i in '3.1.1' '3.0' '2.1' '2.0' '1.0'
 		do
-
 			G_DIETPI-NOTIFY 2 "Attempting to mount with CIFS version: $i"
 			if mount -t cifs -o username="$samba_clientuser",password="$samba_clientpassword",iocharset=utf8,uid=dietpi,gid=dietpi,file_mode=0770,dir_mode=0770,vers=$i "//$samba_clientname/$samba_clientshare" "$samba_fp_mount_target" &>> $fp_tmp; then
 
+				# Create credentials file
+				G_EXEC mkdir -p /var/lib/dietpi/dietpi-drive_manager
+				local cred="/var/lib/dietpi/dietpi-drive_manager${samba_fp_mount_target//\//-}.cred"
+				cred=${cred/drive_manager-mnt-/drive_manager\/mnt-}
+				> "$cred"
+				G_EXEC chmod 0600 "$cred"
+				G_EXEC chown root:root "$cred"
+				cat << _EOF_ > "$cred"
+username=$samba_clientuser
+password=$samba_clientpassword
+_EOF_
 				# Apply to fstab
 				sed -i "\#[[:space:]]${samba_fp_mount_target}[[:space:]]#d" /etc/fstab
 				# - NB: Convert spaces to '\040': https://github.com/MichaIng/DietPi/issues/1201#issuecomment-339720271
-				echo "//$samba_clientname/${samba_clientshare//[[:space:]]/\\040} $samba_fp_mount_target cifs username=$samba_clientuser,password=$samba_clientpassword,iocharset=utf8,uid=dietpi,gid=dietpi,file_mode=0770,dir_mode=0770,vers=$i,nofail,noauto,x-systemd.automount" >> /etc/fstab
+				echo "//$samba_clientname/${samba_clientshare//[[:space:]]/\\040} $samba_fp_mount_target cifs cred=$cred,iocharset=utf8,uid=dietpi,gid=dietpi,file_mode=0770,dir_mode=0770,vers=$i,nofail,noauto,x-systemd.automount" >> /etc/fstab
 
 				MENU_DRIVE_TARGET=$samba_fp_mount_target
 				Init_Drives_and_Refresh
@@ -1776,7 +1792,6 @@ NB: If you are planning to dedicate the drive to this system, it is recommended
 				return 0
 
 			fi
-
 		done
 
 		# Failure