From 02520ab98c5c5614c4b11f1a7c35a2f14001dc06 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Tue, 12 Jul 2011 10:02:09 +0200
Subject: Remove sensitive information from logs

When -w/--password option is passed to ipa-replica-install it is
printed to ipareplica-install.log. Make sure that the value of this
option is hidden.

https://fedorahosted.org/freeipa/ticket/1378
---
 ipaserver/install/replication.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'ipaserver/install/replication.py')

diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index fddb7374..22d4e1ae 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -55,15 +55,16 @@ def replica_conn_check(master_host, host_name, realm, check_ca,
             "--auto-master-check", "--realm", realm,
             "--principal", "admin",
             "--hostname", host_name]
+    nolog=tuple()
 
     if admin_password:
         args.extend(["--password", admin_password])
+        nolog=(admin_password,)
 
     if check_ca:
         args.append('--check-ca')
-    logging.debug("Running ipa-replica-conncheck with following arguments: %s" %
-            " ".join(args))
-    (stdin, stderr, returncode) = ipautil.run(args,raiseonerr=False, capture_output=False)
+    (stdin, stderr, returncode) = ipautil.run(args,raiseonerr=False,capture_output=False,
+                                              nolog=nolog)
 
     if returncode != 0:
         sys.exit("Connection check failed!" +
-- 
cgit