#50251 dscreate and dsconf print DM's password in verbose mode
Closed: wontfix 2 years ago by mreynolds. Opened 2 years ago by mhonek.

Issue Description

When dscreate is executed in verbose mode, it prints Directory Manager's password to stderr. The same happens with dsconf when I change the password.

Package Version and Platform

389-ds-base-1.4.0.19-2.

Steps to reproduce

  1. dscreate -v interactive
  2. dsconf -v localhost directory_manager password_change

Actual results

$ dscreate -v interactive
...
DEBUG: cn=config set REPLACE: ('nsslapd-rootpw', 'Directory_Manager_Password')


$ dsconf -v localhost directory_manager password_change
...
Enter new directory manager password : 
CONFIRM - Enter new directory manager password : 
DEBUG: cn=config set REPLACE: ('nsslapd-rootpw', 'new_password')

Expected results

Actual value should not be printed in the debug logs. Python logging module supports filters that should be used to redact sensitive information from the logs


Metadata Update from @mhonek:
- Custom field origin adjusted to QE
- Custom field reviewstatus adjusted to None
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1654059

2 years ago

So I think a way to fix this could be in DSLdapObject inside the set function, we can say "if field in <sensitive dataset>" then we display * instead - but in DEBUGGING=True maybe we still display it?

I'm thinking of having a class variable DSLdapObject._sensitive_attributes: List[str] and using it wherever required (for now in DSLdapObject.set()). And yes, DEBUGGING=True should override this.

@mhonek I think this seems like a good approach. I would have done the same, have a class variable of that signature, and then to use it to filter or replace the content with **** or similar.

Metadata Update from @mreynolds:
- Issue assigned to mreynolds (was: mhonek)

2 years ago

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to review (was: None)

2 years ago

One thing I thought I put down but seemingly haven't, was that in the simplest implementation case, we should have a method, e.g. DSLdapObject.display_attr_value(attr, value, hide_sensitive=True) that would handle the displaying and would be used where necessary; that in order to have consistent behaviour across our library. Something like...

def display_attr_value(self, attr, value, hide_sesitive=True):
    if DEBUGGING or hide_sensitive:
        return value
    else:
        if attr.lower() in self._sensitive_attributes:
            return '********'
        else:
            return value

@mhonek Another option is to wrap / over-load the str/unicode method on the str we return. But that could be complex ....

commit 632ecb9

64a784f..1bb8882 389-ds-base-1.4.0 -> 389-ds-base-1.4.0

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/3310

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)

7 months ago

Login to comment on this ticket.

Metadata