direct-io.hg

changeset 12778:78528a88d082

Scrub VNC passwords from the logs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
author Ewan Mellor <ewan@xensource.com>
date Thu Dec 07 12:14:22 2006 +0000 (2006-12-07)
parents 531c67ed64f4
children e98c84468b72
files tools/python/xen/xend/XendConfig.py tools/python/xen/xend/XendDomainInfo.py
line diff
     1.1 --- a/tools/python/xen/xend/XendConfig.py	Thu Dec 07 12:11:40 2006 +0000
     1.2 +++ b/tools/python/xen/xend/XendConfig.py	Thu Dec 07 12:14:22 2006 +0000
     1.3 @@ -42,6 +42,39 @@ def reverse_dict(adict):
     1.4  def bool0(v):
     1.5      return v != '0' and bool(v)
     1.6  
     1.7 +# Recursively copy a data struct, scrubbing out VNC passwords.
     1.8 +# Will scrub any dict entry with a key of 'vncpasswd' or any
     1.9 +# 2-element list whose first member is 'vncpasswd'. It will
    1.10 +# also scrub a string matching '(vncpasswd XYZ)'. Everything
    1.11 +# else is no-op passthrough
    1.12 +def scrub_password(data):
    1.13 +    if type(data) == dict or type(data) == XendConfig:
    1.14 +        scrubbed = {}
    1.15 +        for key in data.keys():
    1.16 +            if key == "vncpasswd":
    1.17 +                scrubbed[key] = "XXXXXXXX"
    1.18 +            else:
    1.19 +                scrubbed[key] = scrub_password(data[key])
    1.20 +        return scrubbed
    1.21 +    elif type(data) == list:
    1.22 +        if len(data) == 2 and type(data[0]) == str and data[0] == 'vncpasswd':
    1.23 +            return ['vncpasswd', 'XXXXXXXX']
    1.24 +        else:
    1.25 +            scrubbed = []
    1.26 +            for entry in data:
    1.27 +                scrubbed.append(scrub_password(entry))
    1.28 +            return scrubbed
    1.29 +    elif type(data) == tuple:
    1.30 +        scrubbed = []
    1.31 +        for entry in data:
    1.32 +            scrubbed.append(scrub_password(entry))
    1.33 +        return tuple(scrubbed)
    1.34 +    elif type(data) == str:
    1.35 +        return re.sub(r'\(vncpasswd\s+[^\)]+\)','(vncpasswd XXXXXX)', data)
    1.36 +    else:
    1.37 +        return data
    1.38 +
    1.39 +
    1.40  # Mapping from XendConfig configuration keys to the old
    1.41  # legacy configuration keys that map directly.
    1.42  
    1.43 @@ -269,7 +302,7 @@ class XendConfig(dict):
    1.44              # output from xc.domain_getinfo
    1.45              self._dominfo_to_xapi(dominfo)
    1.46  
    1.47 -        log.debug('XendConfig.init: %s' % self)
    1.48 +        log.debug('XendConfig.init: %s' % scrub_password(self))
    1.49  
    1.50          # validators go here
    1.51          self.validate()
    1.52 @@ -478,7 +511,7 @@ class XendConfig(dict):
    1.53              else:
    1.54                  for opt, val in config[1:]:
    1.55                      dev_info[opt] = val
    1.56 -                log.debug("XendConfig: reading device: %s" % dev_info)
    1.57 +                log.debug("XendConfig: reading device: %s" % scrub_password(dev_info))
    1.58                  # create uuid if it doesn't
    1.59                  dev_uuid = dev_info.get('uuid', uuid.createString())
    1.60                  dev_info['uuid'] = dev_uuid
     2.1 --- a/tools/python/xen/xend/XendDomainInfo.py	Thu Dec 07 12:11:40 2006 +0000
     2.2 +++ b/tools/python/xen/xend/XendDomainInfo.py	Thu Dec 07 12:14:22 2006 +0000
     2.3 @@ -40,6 +40,7 @@ from xen.util import security
     2.4  from xen.xend import balloon, sxp, uuid, image, arch
     2.5  from xen.xend import XendRoot, XendNode, XendConfig
     2.6  
     2.7 +from xen.xend.XendConfig import scrub_password
     2.8  from xen.xend.XendBootloader import bootloader
     2.9  from xen.xend.XendError import XendError, VmError
    2.10  from xen.xend.XendDevices import XendDevices
    2.11 @@ -148,7 +149,7 @@ def create(config):
    2.12      @raise VmError: Invalid configuration or failure to start.
    2.13      """
    2.14  
    2.15 -    log.debug("XendDomainInfo.create(%s)", config)
    2.16 +    log.debug("XendDomainInfo.create(%s)", scrub_password(config))
    2.17      vm = XendDomainInfo(XendConfig.XendConfig(sxp_obj = config))
    2.18      try:
    2.19          vm.start()
    2.20 @@ -175,7 +176,7 @@ def recreate(info, priv):
    2.21      @raise XendError: Errors with configuration.
    2.22      """
    2.23  
    2.24 -    log.debug("XendDomainInfo.recreate(%s)", info)
    2.25 +    log.debug("XendDomainInfo.recreate(%s)", scrub_password(info))
    2.26  
    2.27      assert not info['dying']
    2.28  
    2.29 @@ -257,7 +258,7 @@ def restore(config):
    2.30      @raise XendError: Errors with configuration.
    2.31      """
    2.32  
    2.33 -    log.debug("XendDomainInfo.restore(%s)", config)
    2.34 +    log.debug("XendDomainInfo.restore(%s)", scrub_password(config))
    2.35      vm = XendDomainInfo(XendConfig.XendConfig(sxp_obj = config),
    2.36                          resume = True)
    2.37      try:
    2.38 @@ -280,7 +281,7 @@ def createDormant(domconfig):
    2.39      @raise XendError: Errors with configuration.    
    2.40      """
    2.41      
    2.42 -    log.debug("XendDomainInfo.createDormant(%s)", domconfig)
    2.43 +    log.debug("XendDomainInfo.createDormant(%s)", scrub_password(domconfig))
    2.44      
    2.45      # domid does not make sense for non-running domains.
    2.46      domconfig.pop('domid', None)
    2.47 @@ -520,11 +521,11 @@ class XendDomainInfo:
    2.48          @param dev_config: device configuration
    2.49          @type  dev_config: SXP object (parsed config)
    2.50          """
    2.51 -        log.debug("XendDomainInfo.device_create: %s" % dev_config)
    2.52 +        log.debug("XendDomainInfo.device_create: %s" % scrub_password(dev_config))
    2.53          dev_type = sxp.name(dev_config)
    2.54          dev_uuid = self.info.device_add(dev_type, cfg_sxp = dev_config)
    2.55          dev_config_dict = self.info['devices'][dev_uuid][1]
    2.56 -        log.debug("XendDomainInfo.device_create: %s" % dev_config_dict)
    2.57 +        log.debug("XendDomainInfo.device_create: %s" % scrub_password(dev_config_dict))
    2.58          devid = self._createDevice(dev_type, dev_config_dict)
    2.59          self._waitForDevice(dev_type, devid)
    2.60          return self.getDeviceController(dev_type).sxpr(devid)
    2.61 @@ -746,7 +747,7 @@ class XendDomainInfo:
    2.62  
    2.63          to_store.update(self._vcpuDomDetails())
    2.64  
    2.65 -        log.debug("Storing domain details: %s", to_store)
    2.66 +        log.debug("Storing domain details: %s", scrub_password(to_store))
    2.67  
    2.68          self._writeDom(to_store)
    2.69  
    2.70 @@ -1188,7 +1189,7 @@ class XendDomainInfo:
    2.71          """
    2.72          for (devclass, config) in self.info.get('devices', {}).values():
    2.73              if devclass in XendDevices.valid_devices():            
    2.74 -                log.info("createDevice: %s : %s" % (devclass, config))
    2.75 +                log.info("createDevice: %s : %s" % (devclass, scrub_password(config)))
    2.76                  self._createDevice(devclass, config)
    2.77  
    2.78          if self.image:
    2.79 @@ -1667,7 +1668,7 @@ class XendDomainInfo:
    2.80          if not self._readVm('xend/restart_count'):
    2.81              to_store['xend/restart_count'] = str(0)
    2.82  
    2.83 -        log.debug("Storing VM details: %s", to_store)
    2.84 +        log.debug("Storing VM details: %s", scrub_password(to_store))
    2.85  
    2.86          self._writeVm(to_store)
    2.87          self._setVmPermissions()