From b1c9c81d58c80d6b313dd2b8a5c5727ecdf6ac49 Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalleroy@mailbox.org>
Date: Sat, 11 Jul 2015 23:04:42 -0400
Subject: [PATCH] Don't print LDAP user passwords in log.

---
 plinth/actions.py                  | 25 +++++++++++++++++--------
 plinth/modules/first_boot/forms.py |  5 +++--
 plinth/modules/users/forms.py      |  6 ++++--
 3 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/plinth/actions.py b/plinth/actions.py
index eae7a7944..fbb6f273c 100644
--- a/plinth/actions.py
+++ b/plinth/actions.py
@@ -102,29 +102,31 @@ from plinth.errors import ActionError
 LOGGER = logging.getLogger(__name__)
 
 
-def run(action, options=None, async=False):
+def run(action, options=None, async=False, log_full_command=True):
     """Safely run a specific action as the current user.
 
     See actions._run for more information.
     """
-    return _run(action, options, async, False)
+    return _run(action, options, async, False, log_full_command)
 
 
-def superuser_run(action, options=None, async=False):
+def superuser_run(action, options=None, async=False, log_full_command=True):
     """Safely run a specific action as root.
 
     See actions._run for more information.
     """
-    return _run(action, options, async, True)
+    return _run(action, options, async, True, log_full_command)
 
 
-def _run(action, options=None, async=False, run_as_root=False):
+def _run(action, options=None, async=False, run_as_root=False,
+         log_full_command=True):
     """Safely run a specific action as a normal user or root.
 
     Actions are pulled from the actions directory.
     - options are added to the action command.
     - async: run asynchronously or wait for the command to complete.
     - run_as_root: execute the command through sudo.
+    - log_full_command: print full command with options in the log.
     """
     if options is None:
         options = []
@@ -159,7 +161,10 @@ def _run(action, options=None, async=False, run_as_root=False):
     if run_as_root:
         cmd = ['sudo', '-n'] + cmd
 
-    LOGGER.info('Executing command - %s', cmd)
+    if log_full_command:
+        LOGGER.info('Executing command - %s', cmd)
+    else:
+        LOGGER.info('Executing command - %s (options not shown)', action)
 
     # Contract 3C: don't interpret shell escape sequences.
     # Contract 5 (and 6-ish).
@@ -173,8 +178,12 @@ def _run(action, options=None, async=False, run_as_root=False):
         output, error = proc.communicate()
         output, error = output.decode(), error.decode()
         if proc.returncode != 0:
-            LOGGER.error('Error executing command - %s, %s, %s', cmd, output,
-                         error)
+            if log_full_command:
+                LOGGER.error('Error executing command - %s, %s, %s', cmd,
+                             output, error)
+            else:
+                LOGGER.error('Error executing command - %s, %s, %s', action,
+                             output, error)
             raise ActionError(action, output, error)
 
         return output
diff --git a/plinth/modules/first_boot/forms.py b/plinth/modules/first_boot/forms.py
index b4fea529f..50233cb70 100644
--- a/plinth/modules/first_boot/forms.py
+++ b/plinth/modules/first_boot/forms.py
@@ -67,7 +67,8 @@ than 63 characters in length.'),
             try:
                 actions.superuser_run(
                     'create-ldap-user',
-                    [user.get_username(), self.cleaned_data['password']])
+                    [user.get_username(), self.cleaned_data['password']],
+                    log_full_command=False)
             except ActionError:
                 messages.error(self.request,
                                _('Creating LDAP user failed.'))
@@ -80,7 +81,7 @@ than 63 characters in length.'),
                 messages.error(self.request,
                                _('Failed to add new user to admin group.'))
 
-            g = Group.objects.create(name='admin')
+            g = auth.models.Group.objects.create(name='admin')
             g.user_set.add(user)
 
             self.login_user()
diff --git a/plinth/modules/users/forms.py b/plinth/modules/users/forms.py
index 67688d2fe..474670b61 100644
--- a/plinth/modules/users/forms.py
+++ b/plinth/modules/users/forms.py
@@ -62,7 +62,8 @@ class CreateUserForm(UserCreationForm):
             try:
                 actions.superuser_run(
                     'create-ldap-user',
-                    [user.get_username(), self.cleaned_data['password1']])
+                    [user.get_username(), self.cleaned_data['password1']],
+                    log_full_command=False)
             except ActionError:
                 messages.error(self.request,
                                _('Creating LDAP user failed.'))
@@ -155,7 +156,8 @@ class UserChangePasswordForm(SetPasswordForm):
             try:
                 actions.superuser_run(
                     'change-ldap-user-password',
-                    [user.get_username(), self.cleaned_data['new_password1']])
+                    [user.get_username(), self.cleaned_data['new_password1']],
+                    log_full_command=False)
             except ActionError:
                 messages.error(
                     self.request,