[Freeipa-devel] [PATCH] 881 don't log OTP in client install log

Thu, 22 Sep 2011 08:56:26 -0700 

Obfuscate the one-time password in the client installer log.

rob

>From e454f840460b6703d8327a235844adcbc310f48d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Thu, 22 Sep 2011 11:52:58 -0400
Subject: [PATCH] Don't log one-time password in logs when configuring client.

https://fedorahosted.org/freeipa/ticket/1801
---
 ipa-client/ipa-install/ipa-client-install |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 44c2f5fbc40c9f3a6d5f4378d91e048b63bf0e7a..413e2d2909aed4990905e70579d9a86c07193fe9 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -23,17 +23,15 @@ try:
     import sys
 
     import os
-    import stat
     import time
     import socket
     import logging
     import tempfile
     import getpass
-    import re
     from ipaclient import ipadiscovery
     import ipaclient.ipachangeconf
     import ipaclient.ntpconf
-    from ipapython.ipautil import run, user_input, CalledProcessError, file_exists, install_file
+    from ipapython.ipautil import run, user_input, CalledProcessError, file_exists
     import ipapython.services as ipaservices
     from ipapython import ipautil
     from ipapython import dnsclient
@@ -888,6 +886,7 @@ def install(options, env, fstore, statestore):
         return CLIENT_INSTALL_ERROR
 
     if not options.on_master:
+        nolog = tuple()
         # First test out the kerberos configuration
         try:
             (krb_fd, krb_name) = tempfile.mkstemp()
@@ -929,6 +928,7 @@ def install(options, env, fstore, statestore):
                     print stdout
                     return CLIENT_INSTALL_ERROR
             elif options.password:
+                nolog = (options.password,)
                 join_args.append("-w")
                 join_args.append(options.password)
             elif options.prompt_password:
@@ -940,7 +940,7 @@ def install(options, env, fstore, statestore):
                 join_args.append(password)
 
             # Now join the domain
-            (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env)
+            (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env, nolog=nolog)
 
             if returncode != 0:
                 print >>sys.stderr, "Joining realm failed: %s" % stderr,
-- 
1.7.6


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to