freeipa/ipaserver
Rob Crittenden 02ce407f5e CVE-2019-10195: Don't log passwords embedded in commands in calls using batch
A raw batch request was fully logged which could expose parameters
we don't want logged, like passwords.

Override _repr_iter to use the individual commands to log the
values so that values are properly obscured.

In case of errors log the full value on when the server is in
debug mode.

Reported by Jamison Bennett from Cloudera

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by:  Florence Blanc-Renaud <frenaud@redhat.com>
2019-11-26 15:24:20 +02:00
..
advise smartcard: make the ipa-advise script compatible with authselect/authconfig 2019-11-08 12:57:54 +01:00
dnssec Add ODS manager abstraction to ipaplatform 2019-04-24 14:08:20 +02:00
install Do not run trust upgrade code if master lacks Samba bindings 2019-11-20 16:19:00 +01:00
plugins CVE-2019-10195: Don't log passwords embedded in commands in calls using batch 2019-11-26 15:24:20 +02:00
secrets NSSWrappedCertDB: accept optional symmetric algorithm 2019-09-25 12:42:06 +10:00
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
dcerpc_common.py Py3: Replace six.text_type with str 2018-09-27 16:11:18 +02:00
dcerpc.py Fixes pylint errors introduced by version 2.4.0. 2019-09-27 09:38:32 +02:00
dns_data_management.py Removed unnecessary imports after code review. 2019-09-27 09:38:32 +02:00
Makefile.am Build: Makefiles for Python packages 2016-11-09 13:08:32 +01:00
masters.py Add hidden replica feature 2019-03-28 17:57:58 +01:00
p11helper.py Add PKCS#11 module name to p11helper errors 2019-07-25 15:16:33 -04:00
rpcserver.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
servroles.py Consider configured servers as valid 2019-04-29 16:51:40 +02:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Move Custodia secrets handler to scripts 2019-04-26 12:09:22 +02:00
topology.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00