freeipa/ipaserver/plugins
Rob Crittenden 02ce407f5e CVE-2019-10195: Don't log passwords embedded in commands in calls using batch
A raw batch request was fully logged which could expose parameters
we don't want logged, like passwords.

Override _repr_iter to use the individual commands to log the
values so that values are properly obscured.

In case of errors log the full value on when the server is in
debug mode.

Reported by Jamison Bennett from Cloudera

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by:  Florence Blanc-Renaud <frenaud@redhat.com>
2019-11-26 15:24:20 +02:00
..
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
aci.py Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
automember.py Fixes pylint errors introduced by version 2.4.0. 2019-09-27 09:38:32 +02:00
automount.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
baseldap.py Allow presence of LDAP attribute options 2019-11-21 11:13:12 -05:00
baseuser.py Extend the list of supported pre-auth mechanisms in IPA server API 2019-09-10 12:33:21 +03:00
batch.py CVE-2019-10195: Don't log passwords embedded in commands in calls using batch 2019-11-26 15:24:20 +02:00
ca.py Handle missing LWCA certificate or chain 2019-06-18 10:36:24 +10:00
caacl.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
cert.py Adapt cert-find performance workaround for users 2019-04-09 09:13:27 +02:00
certmap.py certmap rules: altSecurityIdentities should only be used for trusted domains 2019-07-17 17:50:07 +03:00
certprofile.py Sprinkle raw strings across the code base 2018-09-27 10:23:03 +02:00
config.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
delegation.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
dns.py Fixes pylint errors introduced by version 2.4.0. 2019-09-27 09:38:32 +02:00
dnsserver.py dnsserver.py: dnsserver-find no longer returns internal server error 2017-06-15 13:51:06 +02:00
dogtag.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
domainlevel.py Use api.env.container_masters 2019-03-28 00:21:00 +01:00
group.py Show group-add/remove-member-manager failures 2019-11-20 17:08:40 +01:00
hbac.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
hbacrule.py Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
hbacsvc.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbacsvcgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbactest.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
host.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
hostgroup.py Show group-add/remove-member-manager failures 2019-11-20 17:08:40 +01:00
idrange.py Show a notification that sssd needs restarting after idrange-mod 2019-03-29 14:04:04 +01:00
idviews.py Resolve user/group names in idoverride*-find 2018-12-07 11:39:23 +01:00
internal.py Add group membership management 2019-11-11 09:31:14 +01:00
join.py Fix some untranslatable commands in Web UI API Browser 2018-06-21 18:42:05 +02:00
krbtpolicy.py Add Authentication Indicator Kerberos ticket policy options 2019-11-21 11:13:12 -05:00
ldap2.py ldap2.can_read: fix py3 compatibility 2019-05-28 09:55:51 +03:00
location.py DNS Location: add list of roles and DNS servers to location-show 2016-06-17 18:05:03 +02:00
migration.py Allow insecure binds for migration 2019-08-13 18:43:58 +02:00
misc.py Make env and plugins commands local again 2016-12-02 13:00:06 +01:00
netgroup.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
otp.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otpconfig.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otptoken.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
passwd.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
permission.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
ping.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
pkinit.py Don't fail if config-show does not return servers 2019-03-28 17:57:58 +01:00
privilege.py Fix Pylint 2.0 violations 2018-07-14 12:04:19 +02:00
pwpolicy.py Fix translation of commands description in API Browser 2018-06-12 08:38:56 +02:00
rabase.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
radiusproxy.py radiusproxy: add permission for reading radius proxy servers 2018-11-13 12:40:44 +01:00
realmdomains.py Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
role.py Fix Pylint 2.0 violations 2018-07-14 12:04:19 +02:00
schema.py Fix translation of commands description in API Browser 2018-06-12 08:38:56 +02:00
selfservice.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
selinuxusermap.py Make use of single configuration point for SELinux 2019-07-01 14:44:57 +03:00
server.py Don't fail if config-show does not return servers 2019-03-28 17:57:58 +01:00
serverrole.py Add hidden replica feature 2019-03-28 17:57:58 +01:00
serverroles.py Improve config-show to show hidden servers 2019-03-28 17:57:58 +01:00
service.py Extend the list of supported pre-auth mechanisms in IPA server API 2019-09-10 12:33:21 +03:00
servicedelegation.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
session.py Fix some untranslatable commands in Web UI API Browser 2018-06-21 18:42:05 +02:00
stageuser.py stageuser-find: fix search with non-posix user 2019-06-25 11:02:59 -04:00
sudo.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
sudocmd.py sudocmd: fix unsupported assignment 2017-09-08 15:42:07 +02:00
sudocmdgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudorule.py Convert members into types in sudorule-*-option 2018-08-15 12:52:52 +02:00
topology.py domainlevel-get: fix various issues when running as non-admin 2019-03-25 09:48:31 +01:00
trust.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
user.py ipa user_add: do not check group if UPG is disabled 2019-09-27 15:33:15 +02:00
vault.py Consolidate container_masters queries 2019-03-28 00:21:00 +01:00
virtual.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
whoami.py whoami.py: Type error when running tests 2017-07-07 14:44:42 +02:00
xmlserver.py Add endpoint for serving i18n requests 2018-07-17 15:32:28 -04:00