From e05400dad83adabe09e57e9eb04b718c01019e32 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 31 Aug 2010 16:50:47 -0400 Subject: Remove passwords when running commands including stdout and stderr This replaces the old no logging mechanism that only handled not logging passwords passed on the command-line. The dogtag installer was including passwords in the output. This also adds no password logging to the sslget invocations and removes a couple of extraneous log commands. ticket 156 --- ipapython/ipautil.py | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) (limited to 'ipapython') diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index e7bcbc04..3f8bba90 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -99,21 +99,19 @@ def run(args, stdin=None, raiseonerr=True, nolog=()): raiseonerr raises an exception if the return code is not zero - nolog is a tuple of tuple values that describes things in the argument - list that shouldn't be logged, like passwords. Each tuple consists of - a value to search for in the argument list and an offset from this - location to set to XXX. + nolog is a tuple of strings that shouldn't be logged, like passwords. + Each tuple consists of a string to be replaced by XXXXXXXX. For example, the command ['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser'] We don't want to log the password so nolog would be set to: - (('--password', 1),) + ('Secret123',) The resulting log output would be: /usr/bin/setpasswd --password XXXXXXXX someuser - If an argument isn't found in the list it is silently ignored. + If an value isn't found in the list it is silently ignored. """ if stdin: p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) @@ -122,20 +120,19 @@ def run(args, stdin=None, raiseonerr=True, nolog=()): p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) stdout,stderr = p.communicate() - # The command may include passwords that we don't want to log. Run through - # the nolog items - for (item, offset) in nolog: - try: - item_offset = args.index(item) + offset - args[item_offset] = 'XXXXXXXX' - except ValueError: - pass - logging.info('args=%s' % ' '.join(args)) + # The command and its output may include passwords that we don't want + * to log. Run through the nolog items. + args = ' '.join(args) + for value in nolog: + args = args.replace(value, 'XXXXXXXX') + stdout = stdout.replace(value, 'XXXXXXXX') + stderr = stderr.replace(value, 'XXXXXXXX') + logging.info('args=%s' % args) logging.info('stdout=%s' % stdout) logging.info('stderr=%s' % stderr) if p.returncode != 0 and raiseonerr: - raise CalledProcessError(p.returncode, ' '.join(args)) + raise CalledProcessError(p.returncode, args) return (stdout, stderr, p.returncode) -- cgit