IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove passwords when running commands including stdout and stderr

Browse Source 
This replaces the old no logging mechanism that only handled not logging
passwords passed on the command-line. The dogtag installer was including
passwords in the output.

This also adds no password logging to the sslget invocations and removes
a couple of extraneous log commands.

ticket 156
This commit is contained in:
Rob Crittenden 2010-08-31 16:50:47 -04:00
parent 99399cc707
commit e05400dad8
2 changed files with 16 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
ipapython/ipautil.py
View File

@ -99,21 +99,19 @@ def run(args, stdin=None, raiseonerr=True, nolog=()):
raiseonerr raises an exception if the return code is not zero
nolog is a tuple of tuple values that describes things in the argument
list that shouldn't be logged, like passwords. Each tuple consists of
a value to search for in the argument list and an offset from this
location to set to XXX.
nolog is a tuple of strings that shouldn't be logged, like passwords.
Each tuple consists of a string to be replaced by XXXXXXXX.
For example, the command ['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser']
We don't want to log the password so nolog would be set to:
(('--password', 1),)
('Secret123',)
The resulting log output would be:
/usr/bin/setpasswd --password XXXXXXXX someuser
If an argument isn't found in the list it is silently ignored.
If an value isn't found in the list it is silently ignored.
"""
if stdin:
p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
@ -122,20 +120,19 @@ def run(args, stdin=None, raiseonerr=True, nolog=()):
p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
stdout,stderr = p.communicate()
# The command may include passwords that we don't want to log. Run through
# the nolog items
for (item, offset) in nolog:
try:
item_offset = args.index(item) + offset
args[item_offset] = 'XXXXXXXX'
except ValueError:
pass
logging.info('args=%s' % ' '.join(args))
# The command and its output may include passwords that we don't want
* to log. Run through the nolog items.
args = ' '.join(args)
for value in nolog:
args = args.replace(value, 'XXXXXXXX')
stdout = stdout.replace(value, 'XXXXXXXX')
stderr = stderr.replace(value, 'XXXXXXXX')
logging.info('args=%s' % args)
logging.info('stdout=%s' % stdout)
logging.info('stderr=%s' % stderr)
if p.returncode != 0 and raiseonerr:
raise CalledProcessError(p.returncode, ' '.join(args))
raise CalledProcessError(p.returncode, args)
return (stdout, stderr, p.returncode)

15
ipaserver/install/cainstance.py
View File

@ -580,15 +580,8 @@ class CAInstance(service.Service):
args.append("false")
# Define the things we don't want logged
nolog = (('-client_certdb_pwd', 1),
('-admin_password', 1),
('-bind_password', 1),
('-backup_pwd', 1),
('-clone_p12_password', 1),
('-sd_admin_password', 1),
)
nolog = (self.admin_password, self.dm_password,)
logging.debug(args)
ipautil.run(args, nolog=nolog)
if self.external == 1:
@ -682,8 +675,7 @@ class CAInstance(service.Service):
'-r', '/ca/agent/ca/profileReview?requestId=%s' % self.requestId,
'%s:%d' % (self.host_name, AGENT_SECURE_PORT),
]
logging.debug("running sslget %s" % args)
(stdout, stderr, returncode) = ipautil.run(args)
(stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,))
data = stdout.split('\r\n')
params = get_defList(data)
@ -703,8 +695,7 @@ class CAInstance(service.Service):
'-r', '/ca/agent/ca/profileProcess',
'%s:%d' % (self.host_name, AGENT_SECURE_PORT),
]
logging.debug("running sslget %s" % args)
(stdout, stderr, returncode) = ipautil.run(args)
(stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,))
data = stdout.split('\r\n')
outputList = get_outputList(data)