From e05400dad83adabe09e57e9eb04b718c01019e32 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 31 Aug 2010 16:50:47 -0400 Subject: Remove passwords when running commands including stdout and stderr This replaces the old no logging mechanism that only handled not logging passwords passed on the command-line. The dogtag installer was including passwords in the output. This also adds no password logging to the sslget invocations and removes a couple of extraneous log commands. ticket 156 --- ipaserver/install/cainstance.py | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) (limited to 'ipaserver/install/cainstance.py') diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 6babd440f..d356ef82d 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -580,15 +580,8 @@ class CAInstance(service.Service): args.append("false") # Define the things we don't want logged - nolog = (('-client_certdb_pwd', 1), - ('-admin_password', 1), - ('-bind_password', 1), - ('-backup_pwd', 1), - ('-clone_p12_password', 1), - ('-sd_admin_password', 1), - ) + nolog = (self.admin_password, self.dm_password,) - logging.debug(args) ipautil.run(args, nolog=nolog) if self.external == 1: @@ -682,8 +675,7 @@ class CAInstance(service.Service): '-r', '/ca/agent/ca/profileReview?requestId=%s' % self.requestId, '%s:%d' % (self.host_name, AGENT_SECURE_PORT), ] - logging.debug("running sslget %s" % args) - (stdout, stderr, returncode) = ipautil.run(args) + (stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,)) data = stdout.split('\r\n') params = get_defList(data) @@ -703,8 +695,7 @@ class CAInstance(service.Service): '-r', '/ca/agent/ca/profileProcess', '%s:%d' % (self.host_name, AGENT_SECURE_PORT), ] - logging.debug("running sslget %s" % args) - (stdout, stderr, returncode) = ipautil.run(args) + (stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,)) data = stdout.split('\r\n') outputList = get_outputList(data) -- cgit