From 81a82a5aad746cf42d21a040852c1acbbb30821d Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Jun 21 2012 02:15:51 +0000 Subject: Ticket 365 - passwords in clear text in the audit log Bug Description: after changing a user password, an additional modify is added to the mods: "unhashed#user#password: " e.g. PSEUDO_ATTR_UNHASHEDUSERPASSWORD Fix Description: Added new config param "nsslapd-audit-logging-hide-unhashed-pw". The default is "off". When "on" that single modify op is skipped from the audit logging. https://fedorahosted.org/389/ticket/365 Reviewed by: Noriko (Thanks!) (cherry picked from commit 43fb648fd4d7663c61c7ea7ff649ffddb9cbf006) --- diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c index 9c5ffad..81afe3e 100644 --- a/ldap/servers/slapd/auditlog.c +++ b/ldap/servers/slapd/auditlog.c @@ -55,6 +55,7 @@ char *attr_changetype = ATTR_CHANGETYPE; char *attr_newrdn = ATTR_NEWRDN; char *attr_deleteoldrdn = ATTR_DELETEOLDRDN; char *attr_modifiersname = ATTR_MODIFIERSNAME; +static int hide_unhashed_pw = 0; /* Forward Declarations */ static void write_audit_file( int optype, const char *dn, void *change, int flag, time_t curtime ); @@ -156,6 +157,10 @@ write_audit_file( for ( j = 0; mods[j] != NULL; j++ ) { int operationtype= mods[j]->mod_op & ~LDAP_MOD_BVALUES; + + if((strcmp(mods[j]->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD) == 0) && hide_unhashed_pw){ + continue; + } switch ( operationtype ) { case LDAP_MOD_ADD: @@ -250,3 +255,15 @@ write_audit_file( lenstr_free( &l ); } + +void +auditlog_hide_unhashed_pw() +{ + hide_unhashed_pw = 1; +} + +void +auditlog_expose_unhashed_pw() +{ + hide_unhashed_pw = 0; +} diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c index 6d0db36..2540e25 100644 --- a/ldap/servers/slapd/libglobs.c +++ b/ldap/servers/slapd/libglobs.c @@ -459,6 +459,9 @@ static struct config_get_and_set { {CONFIG_AUDITLOG_LOGGING_ENABLED_ATTRIBUTE, NULL, log_set_logging, SLAPD_AUDIT_LOG, (void**)&global_slapdFrontendConfig.auditlog_logging_enabled, CONFIG_ON_OFF, NULL}, + {CONFIG_AUDITLOG_LOGGING_HIDE_UNHASHED_PW, config_set_auditlog_unhashed_pw, + NULL, 0, + (void**)&global_slapdFrontendConfig.auditlog_logging_hide_unhashed_pw, CONFIG_ON_OFF, NULL}, {CONFIG_ACCESSLOG_BUFFERING_ATTRIBUTE, config_set_accesslogbuffering, NULL, 0, (void**)&global_slapdFrontendConfig.accesslogbuffering, CONFIG_ON_OFF, NULL}, @@ -1072,6 +1075,7 @@ FrontendConfig_init () { cfg->auditlog_minfreespace = 5; cfg->auditlog_exptime = 1; cfg->auditlog_exptimeunit = slapi_ch_strdup("month"); + cfg->auditlog_logging_hide_unhashed_pw = LDAP_OFF; cfg->entryusn_global = LDAP_OFF; cfg->entryusn_import_init = slapi_ch_strdup("0"); @@ -1171,6 +1175,21 @@ get_entry_point( int ep_name, caddr_t *ep_addr ) return rc; } +int +config_set_auditlog_unhashed_pw(const char *attrname, char *value, char *errorbuf, int apply) +{ + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + int retVal = LDAP_SUCCESS; + + retVal = config_set_onoff ( attrname, value, &(slapdFrontendConfig->auditlog_logging_hide_unhashed_pw), + errorbuf, apply); + if(strcasecmp(value,"on") == 0){ + auditlog_hide_unhashed_pw(); + } else { + auditlog_expose_unhashed_pw(); + } + return retVal; +} /* * Utility function called by many of the config_set_XXX() functions. diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index ea6f610..c3ebd79 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -387,6 +387,7 @@ int config_set_disk_threshold( const char *attrname, char *value, char *errorbuf int config_set_disk_grace_period( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_disk_preserve_logging( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_disk_logging_critical( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_auditlog_unhashed_pw(const char *attrname, char *value, char *errorbuf, int apply); #if !defined(_WIN32) && !defined(AIX) int config_set_maxdescriptors( const char *attrname, char *value, char *errorbuf, int apply ); @@ -1190,6 +1191,8 @@ void factory_destroy_extension(int type,void *object,void *parent,void **extensi */ void write_audit_log_entry( Slapi_PBlock *pb); +void auditlog_hide_unhashed_pw(); +void auditlog_expose_unhashed_pw(); /* * eventq.c diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index 7ca9a35..d0f2b33 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1877,6 +1877,7 @@ typedef struct _slapdEntryPoints { #define CONFIG_ACCESSLOG_LOGGING_ENABLED_ATTRIBUTE "nsslapd-accesslog-logging-enabled" #define CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE "nsslapd-errorlog-logging-enabled" #define CONFIG_AUDITLOG_LOGGING_ENABLED_ATTRIBUTE "nsslapd-auditlog-logging-enabled" +#define CONFIG_AUDITLOG_LOGGING_HIDE_UNHASHED_PW "nsslapd-auditlog-logging-hide-unhashed-pw" #define CONFIG_ROOTDN_ATTRIBUTE "nsslapd-rootdn" #define CONFIG_ROOTPW_ATTRIBUTE "nsslapd-rootpw" #define CONFIG_ROOTPWSTORAGESCHEME_ATTRIBUTE "nsslapd-rootpwstoragescheme" @@ -2166,6 +2167,7 @@ typedef struct _slapdFrontendConfig { int auditlog_minfreespace; int auditlog_exptime; char *auditlog_exptimeunit; + int auditlog_logging_hide_unhashed_pw; int return_exact_case; /* Return attribute names with the same case * as they appear in at.conf */