CA-46669: xensource.log contains password in cleartext --- FIXED.

Only added a code line (+ the import):

  let params = List.replace_assoc "password" "null" params in

'params' is only passed to the debug output, so the semantics could not
have changed.

Signed-off-by: Rok Strnisa <rok.strnisa@citrix.com>

diff --git a/ocaml/xapi/xapi_cli.ml b/ocaml/xapi/xapi_cli.ml
index 7f7b16886d1b53055c3f36c6141b2625e9847fff..97c8b86cbf214bbdcbd533748fdc87e6162a2267 100644 (file)
--- a/ocaml/xapi/xapi_cli.ml
+++ b/ocaml/xapi/xapi_cli.ml
@@ -15,8 +15,9 @@
  * @group Command-Line Interface (CLI)
  *)
  
-open Stringext
 open Pervasiveext
+open Listext
+open Stringext
 open Cli_frontend
 open Cli_cmdtable
 open Cli_protocol
@@ -144,30 +145,31 @@ let do_help is_compat cmd minimal s =
   marshal s (Command (Exit 0))
 
 let exec_command req is_compat cmd s session args =
-  let params = get_params cmd in
-  let minimal = 
-    if (List.mem_assoc "minimal" params)
-    then bool_of_string (List.assoc "minimal" params)
-    else false in
-  let u = try List.assoc "username" params with _ -> "" in
-  let p = try List.assoc "password" params with _ -> "" in
-  let rpc = Helpers.get_rpc () req s in
-  Cli_frontend.populate_cmdtable rpc Ref.null;
-  (* Log the actual CLI command to help diagnose failures like CA-25516 *)
-  let cmd_name = get_cmdname cmd in
-  if String.startswith "secret-" cmd_name
+       let params = get_params cmd in
+       let minimal =
+               if (List.mem_assoc "minimal" params)
+               then bool_of_string (List.assoc "minimal" params)
+               else false in
+       let u = try List.assoc "username" params with _ -> "" in
+       let p = try List.assoc "password" params with _ -> "" in
+       let params = List.replace_assoc "password" "null" params in
+       let rpc = Helpers.get_rpc () req s in
+       Cli_frontend.populate_cmdtable rpc Ref.null;
+       (* Log the actual CLI command to help diagnose failures like CA-25516 *)
+       let cmd_name = get_cmdname cmd in
+       if String.startswith "secret-" cmd_name
        then
                debug "xe %s %s" cmd_name (String.concat " " (List.map (fun (k, v) -> let v' = if k = "value" then "(omitted)" else v in k ^ "=" ^ v') params))
        else
                debug "xe %s %s" cmd_name (String.concat " " (List.map (fun (k, v) -> k ^ "=" ^ v) params));
-  if cmd_name = "help"
-  then do_help is_compat cmd minimal s 
-  else do_rpcs req s u p minimal is_compat cmd session args
-       
+       if cmd_name = "help"
+       then do_help is_compat cmd minimal s
+       else do_rpcs req s u p minimal is_compat cmd session args
+
 
 let get_line str i =
   try
-    let next_endl = String.index_from str i '\n' in 
+    let next_endl = String.index_from str i '\n' in
     (Some (next_endl+1),String.sub str i (next_endl - i))
   with
       Not_found -> (None,String.sub str i (String.length str - i))