Dan Kenigsberg has submitted this change and it was merged.
Change subject: password: Prevent password logging and persisting
......................................................................
password: Prevent password logging and persisting
Vdsm should not expose passwords in log messages. We have code in HSM,
protecting some methods that accept connection lists, which may include
a password parameter. However this is not the right place to protect
passwords, as they are logged now by the jsonrpc server.
This patch introduces the password library, providing:
ProtectedPassword class for wrapping password value, so it is not
logged or persisted by mistake.
protect_passwords replace passwords value with ProtectedPassword
object in nested structures.
unprotect_passwords replace ProtectedPassword objects with the
actual password value.
The jsonprc server protect passwords in request parameters, and
unprotect passwords in response result. This is safest and simplest
way, as we cannot forget to protect a method.
The xmlrpc server handle protecting and unprotecting in the method
level, since this is the only place where we can detect a password
parameter.
Passwords read from iscsi session and libvirt password file are also
protected when they enter the application.
Code that needs to access protected password value must access the
password.value attribute.
Note that xmlrpc server has incomplete and fragile password protection
for non-irs methods (see wrapApiMethod). Fixing this needs more work.
Change-Id: Icc849ad8bdc1b1fd09884e18038427d96e66110f
Bug-Url: https://bugzilla.redhat.com/1220039
Signed-off-by: Nir Soffer <[email protected]>
Reviewed-on: https://gerrit.ovirt.org/40707
Reviewed-by: Piotr Kliczewski <[email protected]>
Reviewed-by: Francesco Romani <[email protected]>
Reviewed-by: Dan Kenigsberg <[email protected]>
Continuous-Integration: Jenkins CI
---
M debian/vdsm-python.install
M lib/vdsm/Makefile.am
M lib/vdsm/libvirtconnection.py
A lib/vdsm/password.py
M lib/yajsonrpc/__init__.py
M tests/Makefile.am
A tests/passwordsTests.py
M tests/samplingTests.py
M tests/v2vTests.py
M tests/vmTests.py
M vdsm.spec.in
M vdsm/API.py
M vdsm/rpc/BindingXMLRPC.py
M vdsm/storage/hsm.py
M vdsm/storage/iscsi.py
M vdsm/v2v.py
M vdsm/virt/guestagent.py
M vdsm/virt/vm.py
18 files changed, 354 insertions(+), 60 deletions(-)
Approvals:
Piotr Kliczewski: Looks good to me, but someone else must approve
Nir Soffer: Verified
Jenkins CI: Passed CI tests
Dan Kenigsberg: Looks good to me, approved
Francesco Romani: Looks good to me, but someone else must approve
--
To view, visit https://gerrit.ovirt.org/40707
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Icc849ad8bdc1b1fd09884e18038427d96e66110f
Gerrit-PatchSet: 7
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer <[email protected]>
Gerrit-Reviewer: Adam Litke <[email protected]>
Gerrit-Reviewer: Allon Mureinik <[email protected]>
Gerrit-Reviewer: Dan Kenigsberg <[email protected]>
Gerrit-Reviewer: Federico Simoncelli <[email protected]>
Gerrit-Reviewer: Francesco Romani <[email protected]>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Martin Peřina <[email protected]>
Gerrit-Reviewer: Nir Soffer <[email protected]>
Gerrit-Reviewer: Piotr Kliczewski <[email protected]>
Gerrit-Reviewer: Shahar Havivi <[email protected]>
Gerrit-Reviewer: Vinzenz Feenstra <[email protected]>
Gerrit-Reviewer: Yaniv Bronhaim <[email protected]>
Gerrit-Reviewer: [email protected]
_______________________________________________
vdsm-patches mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
