Remove passwords when running commands including stdout and stderr

This replaces the old no logging mechanism that only handled not logging passwords passed on the command-line. The dogtag installer was including passwords in the output. This also adds no password logging to the sslget invocations and removes a couple of extraneous log commands. ticket 156
author: Rob Crittenden <rcritten@redhat.com> 2010-08-31 16:50:47 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2010-08-31 16:50:47 -0400
commit: e05400dad83adabe09e57e9eb04b718c01019e32 (patch)
tree: 8e5a2a79cd798912988971df6ce943b2d3d2f46c
parent: 99399cc7073204bb125d0f8c848ae9e1ab9b334f (diff)
2 files changed, 16 insertions, 28 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index e7bcbc046..3f8bba902 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -99,21 +99,19 @@ def run(args, stdin=None, raiseonerr=True, nolog=()):
 
     raiseonerr raises an exception if the return code is not zero
 
-    nolog is a tuple of tuple values that describes things in the argument
-    list that shouldn't be logged, like passwords. Each tuple consists of
-    a value to search for in the argument list and an offset from this
-    location to set to XXX.
+    nolog is a tuple of strings that shouldn't be logged, like passwords.
+    Each tuple consists of a string to be replaced by XXXXXXXX.
 
     For example, the command ['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser']
 
     We don't want to log the password so nolog would be set to:
-    (('--password', 1),)
+    ('Secret123',)
 
     The resulting log output would be:
 
     /usr/bin/setpasswd --password XXXXXXXX someuser
 
-    If an argument isn't found in the list it is silently ignored.
+    If an value isn't found in the list it is silently ignored.
     """
     if stdin:
         p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
@@ -122,20 +120,19 @@ def run(args, stdin=None, raiseonerr=True, nolog=()):
         p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
         stdout,stderr = p.communicate()
 
-    # The command may include passwords that we don't want to log. Run through
-    # the nolog items
-    for (item, offset) in nolog:
-        try:
-            item_offset = args.index(item) + offset
-            args[item_offset] = 'XXXXXXXX'
-        except ValueError:
-            pass
-    logging.info('args=%s' % ' '.join(args))
+    # The command and its output may include passwords that we don't want
+    * to log. Run through the nolog items.
+    args = ' '.join(args)
+    for value in nolog:
+        args = args.replace(value, 'XXXXXXXX')
+        stdout = stdout.replace(value, 'XXXXXXXX')
+        stderr = stderr.replace(value, 'XXXXXXXX')
+    logging.info('args=%s' % args)
     logging.info('stdout=%s' % stdout)
     logging.info('stderr=%s' % stderr)
 
     if p.returncode != 0 and raiseonerr:
-        raise CalledProcessError(p.returncode, ' '.join(args))
+        raise CalledProcessError(p.returncode, args)
 
     return (stdout, stderr, p.returncode)
 
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 6babd440f..d356ef82d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -580,15 +580,8 @@ class CAInstance(service.Service):
                 args.append("false")
 
             # Define the things we don't want logged
-            nolog = (('-client_certdb_pwd', 1),
-                     ('-admin_password', 1),
-                     ('-bind_password', 1),
-                     ('-backup_pwd', 1),
-                     ('-clone_p12_password', 1),
-                     ('-sd_admin_password', 1),
-            )
+            nolog = (self.admin_password, self.dm_password,)
 
-            logging.debug(args)
             ipautil.run(args, nolog=nolog)
 
             if self.external == 1:
@@ -682,8 +675,7 @@ class CAInstance(service.Service):
             '-r', '/ca/agent/ca/profileReview?requestId=%s' % self.requestId,
             '%s:%d' % (self.host_name, AGENT_SECURE_PORT),
         ]
-        logging.debug("running sslget %s" % args)
-        (stdout, stderr, returncode) = ipautil.run(args)
+        (stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,))
 
         data = stdout.split('\r\n')
         params = get_defList(data)
@@ -703,8 +695,7 @@ class CAInstance(service.Service):
             '-r', '/ca/agent/ca/profileProcess',
             '%s:%d' % (self.host_name, AGENT_SECURE_PORT),
         ]
-        logging.debug("running sslget %s" % args)
-        (stdout, stderr, returncode) = ipautil.run(args)
+        (stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,))
 
         data = stdout.split('\r\n')
         outputList = get_outputList(data)
author	Rob Crittenden <rcritten@redhat.com>	2010-08-31 16:50:47 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2010-08-31 16:50:47 -0400
commit	e05400dad83adabe09e57e9eb04b718c01019e32 (patch)
tree	8e5a2a79cd798912988971df6ce943b2d3d2f46c
parent	99399cc7073204bb125d0f8c848ae9e1ab9b334f (diff)