This is an automated email from the ASF dual-hosted git repository.
sureshanaparti pushed a commit to branch 4.20
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.20 by this push:
new dd0b863e225 sensitive information leak to log (#12018)
dd0b863e225 is described below
commit dd0b863e22579caa77e399855df690d350c80d3e
Author: Edward-x <[email protected]>
AuthorDate: Wed Jan 28 12:41:23 2026 +0800
sensitive information leak to log (#12018)
* sensitive information leak to log
* Update
agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
* Update
core/src/main/java/com/cloud/storage/template/HttpTemplateDownloader.java
* Update engine/schema/src/main/java/com/cloud/upgrade/DatabaseCreator.java
* Update
plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalDnsmasqResource.java
* Update
plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalDnsmasqResource.java
* Update
plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalKickStartPxeResource.java
* Update
plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java
* Update
plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java
* Update
plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java
* Update utils/src/main/java/com/cloud/utils/UriUtils.java
Co-authored-by: dahn <[email protected]>
* Update
plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalKickStartPxeResource.java
Co-authored-by: Abhisar Sinha <[email protected]>
* Sync with 4.20 and fix conflict in BaremetalPingPxeResource
* Apply suggestions from code review
Co-authored-by: Suresh Kumar Anaparti <[email protected]>
---------
Co-authored-by: [email protected] <[email protected]>
Co-authored-by: dahn <[email protected]>
Co-authored-by: dahn <[email protected]>
Co-authored-by: Abhisar Sinha <[email protected]>
Co-authored-by: Suresh Kumar Anaparti <[email protected]>
---
.../agent/resource/consoleproxy/ConsoleProxyResource.java | 2 +-
.../baremetal/networkservice/BaremetalDnsmasqResource.java | 4 ++--
.../networkservice/BaremetalKickStartPxeResource.java | 6 +++---
.../baremetal/networkservice/BaremetalPingPxeResource.java | 10 +++++-----
utils/src/main/java/com/cloud/utils/UriUtils.java | 8 ++++++--
5 files changed, 17 insertions(+), 13 deletions(-)
diff --git
a/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
b/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
index b0b1e487a26..83b11418f2c 100644
---
a/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
+++
b/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
@@ -331,7 +331,7 @@ public class ConsoleProxyResource extends
ServerResourceBase implements ServerRe
final Object resource = this;
logger.info("Building class loader for
com.cloud.consoleproxy.ConsoleProxy");
if (consoleProxyMain == null) {
- logger.info("Running com.cloud.consoleproxy.ConsoleProxy with
encryptor password={}", encryptorPassword);
+ logger.info("Running com.cloud.consoleproxy.ConsoleProxy");
consoleProxyMain = new Thread(new ManagedContextRunnable() {
@Override
protected void runInContext() {
diff --git
a/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalDnsmasqResource.java
b/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalDnsmasqResource.java
index 51acfe93d39..8e7efedfca3 100644
---
a/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalDnsmasqResource.java
+++
b/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalDnsmasqResource.java
@@ -46,10 +46,10 @@ public class BaremetalDnsmasqResource extends
BaremetalDhcpResourceBase {
com.trilead.ssh2.Connection sshConnection = null;
try {
super.configure(name, params);
- logger.debug(String.format("Trying to connect to DHCP
server(IP=%1$s, username=%2$s, password=%3$s)", _ip, _username, _password));
+ logger.debug(String.format("Trying to connect to DHCP
server(IP=%1$s, username=%2$s", _ip, _username));
sshConnection = SSHCmdHelper.acquireAuthorizedConnection(_ip,
_username, _password);
if (sshConnection == null) {
- throw new ConfigurationException(String.format("Cannot connect
to DHCP server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username,
_password));
+ throw new ConfigurationException(String.format("Cannot connect
to DHCP server(IP=%1$s, username=%2$s", _ip, _username));
}
if (!SSHCmdHelper.sshExecuteCmd(sshConnection, "[ -f
'/usr/sbin/dnsmasq' ]")) {
diff --git
a/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalKickStartPxeResource.java
b/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalKickStartPxeResource.java
index 3775f4effc1..88c4dea96b3 100644
---
a/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalKickStartPxeResource.java
+++
b/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalKickStartPxeResource.java
@@ -130,8 +130,8 @@ public class BaremetalKickStartPxeResource extends
BaremetalPxeResourceBase {
sshConnection.connect(null, 60000, 60000);
if (!sshConnection.authenticateWithPassword(_username, _password))
{
- logger.debug("SSH Failed to authenticate");
- throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username,
_password));
+ logger.debug("SSH Failed to authenticate with user {}
credentials", _username);
+ throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s", _ip, _username));
}
String script = String.format("python
/usr/bin/baremetal_user_data.py '%s'", arg);
@@ -167,7 +167,7 @@ public class BaremetalKickStartPxeResource extends
BaremetalPxeResourceBase {
sshConnection.connect(null, 60000, 60000);
if (!sshConnection.authenticateWithPassword(_username, _password))
{
logger.debug("SSH Failed to authenticate");
- throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username,
_password));
+ throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s", _ip, _username));
}
String copyTo = String.format("%s/%s", _tftpDir,
cmd.getTemplateUuid());
diff --git
a/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java
b/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java
index 96b2dbfeb93..a54cd4a1a11 100644
---
a/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java
+++
b/plugins/hypervisors/baremetal/src/main/java/com/cloud/baremetal/networkservice/BaremetalPingPxeResource.java
@@ -101,7 +101,7 @@ public class BaremetalPingPxeResource extends
BaremetalPxeResourceBase {
sshConnection.connect(null, 60000, 60000);
if (!sshConnection.authenticateWithPassword(_username, _password))
{
logger.debug("SSH Failed to authenticate");
- throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username,
"******"));
+ throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s, password=******", _ip, _username));
}
String cmd = String.format("[ -f /%1$s/pxelinux.0 ] && [ -f
/%2$s/kernel ] && [ -f /%3$s/initrd.gz ] ", _tftpDir, _tftpDir, _tftpDir);
@@ -150,8 +150,8 @@ public class BaremetalPingPxeResource extends
BaremetalPxeResourceBase {
try {
sshConnection.connect(null, 60000, 60000);
if (!sshConnection.authenticateWithPassword(_username, _password))
{
- logger.debug("SSH Failed to authenticate");
- throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username,
_password));
+ logger.debug("SSH Failed to authenticate with user {}
credentials", _username);
+ throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s", _ip, _username));
}
String script =
@@ -179,7 +179,7 @@ public class BaremetalPingPxeResource extends
BaremetalPxeResourceBase {
sshConnection.connect(null, 60000, 60000);
if (!sshConnection.authenticateWithPassword(_username, _password))
{
logger.debug("SSH Failed to authenticate");
- throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username,
_password));
+ throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s", _ip, _username));
}
String script =
@@ -237,7 +237,7 @@ public class BaremetalPingPxeResource extends
BaremetalPxeResourceBase {
sshConnection.connect(null, 60000, 60000);
if (!sshConnection.authenticateWithPassword(_username, _password))
{
logger.debug("SSH Failed to authenticate");
- throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username,
_password));
+ throw new ConfigurationException(String.format("Cannot connect
to PING PXE server(IP=%1$s, username=%2$s", _ip, _username));
}
String script = String.format("python
/usr/bin/baremetal_user_data.py '%s'", arg);
diff --git a/utils/src/main/java/com/cloud/utils/UriUtils.java
b/utils/src/main/java/com/cloud/utils/UriUtils.java
index 961c121597f..4722e3c540a 100644
--- a/utils/src/main/java/com/cloud/utils/UriUtils.java
+++ b/utils/src/main/java/com/cloud/utils/UriUtils.java
@@ -500,8 +500,12 @@ public class UriUtils {
if ((user != null) && (password != null)) {
httpclient.getParams().setAuthenticationPreemptive(true);
Credentials defaultcreds = new
UsernamePasswordCredentials(user, password);
- httpclient.getState().setCredentials(new
AuthScope(hostAndPort.first(), hostAndPort.second(), AuthScope.ANY_REALM),
defaultcreds);
- LOGGER.info("Added username=" + user + ", password=" +
password + "for host " + hostAndPort.first() + ":" + hostAndPort.second());
+ httpclient.getState().setCredentials(
+ new AuthScope(hostAndPort.first(),
hostAndPort.second(), AuthScope.ANY_REALM), defaultcreds);
+ LOGGER.info("Added username={} along with password for host
{}:{}"
+ , user
+ , hostAndPort.first()
+ , hostAndPort.second());
}
// Execute the method.
GetMethod method = new GetMethod(url);
