nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-20 10:34:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't print LDAP user passwords in log.

Browse Source
This commit is contained in:
James Valleroy 2015-07-11 23:04:42 -04:00 committed by Sunil Mohan Adapa
parent d65d2c4725
commit b1c9c81d58
3 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
plinth/actions.py
View File

@ -102,29 +102,31 @@ from plinth.errors import ActionError
LOGGER = logging.getLogger(__name__)
def run(action, options=None, async=False):
def run(action, options=None, async=False, log_full_command=True):
"""Safely run a specific action as the current user.
See actions._run for more information.
"""
return _run(action, options, async, False)
return _run(action, options, async, False, log_full_command)
def superuser_run(action, options=None, async=False):
def superuser_run(action, options=None, async=False, log_full_command=True):
"""Safely run a specific action as root.
See actions._run for more information.
"""
return _run(action, options, async, True)
return _run(action, options, async, True, log_full_command)
def _run(action, options=None, async=False, run_as_root=False):
def _run(action, options=None, async=False, run_as_root=False,
log_full_command=True):
"""Safely run a specific action as a normal user or root.
Actions are pulled from the actions directory.
- options are added to the action command.
- async: run asynchronously or wait for the command to complete.
- run_as_root: execute the command through sudo.
- log_full_command: print full command with options in the log.
"""
if options is None:
options = []
@ -159,7 +161,10 @@ def _run(action, options=None, async=False, run_as_root=False):
if run_as_root:
cmd = ['sudo', '-n'] + cmd
LOGGER.info('Executing command - %s', cmd)
if log_full_command:
LOGGER.info('Executing command - %s', cmd)
else:
LOGGER.info('Executing command - %s (options not shown)', action)
# Contract 3C: don't interpret shell escape sequences.
# Contract 5 (and 6-ish).
@ -173,8 +178,12 @@ def _run(action, options=None, async=False, run_as_root=False):
output, error = proc.communicate()
output, error = output.decode(), error.decode()
if proc.returncode != 0:
LOGGER.error('Error executing command - %s, %s, %s', cmd, output,
error)
if log_full_command:
LOGGER.error('Error executing command - %s, %s, %s', cmd,
output, error)
else:
LOGGER.error('Error executing command - %s, %s, %s', action,
output, error)
raise ActionError(action, output, error)
return output

5
plinth/modules/first_boot/forms.py
View File

@ -67,7 +67,8 @@ than 63 characters in length.'),
try:
actions.superuser_run(
'create-ldap-user',
[user.get_username(), self.cleaned_data['password']])
[user.get_username(), self.cleaned_data['password']],
log_full_command=False)
except ActionError:
messages.error(self.request,
_('Creating LDAP user failed.'))
@ -80,7 +81,7 @@ than 63 characters in length.'),
messages.error(self.request,
_('Failed to add new user to admin group.'))
g = Group.objects.create(name='admin')
g = auth.models.Group.objects.create(name='admin')
g.user_set.add(user)
self.login_user()

6
plinth/modules/users/forms.py
View File

@ -62,7 +62,8 @@ class CreateUserForm(UserCreationForm):
try:
actions.superuser_run(
'create-ldap-user',
[user.get_username(), self.cleaned_data['password1']])
[user.get_username(), self.cleaned_data['password1']],
log_full_command=False)
except ActionError:
messages.error(self.request,
_('Creating LDAP user failed.'))
@ -155,7 +156,8 @@ class UserChangePasswordForm(SetPasswordForm):
try:
actions.superuser_run(
'change-ldap-user-password',
[user.get_username(), self.cleaned_data['new_password1']])
[user.get_username(), self.cleaned_data['new_password1']],
log_full_command=False)
except ActionError:
messages.error(
self.request,