# HG changeset patch
# User Ewan Mellor <ewan@xxxxxxxxxxxxx>
# Node ID 78528a88d08204e40bb3c945ffbd4d94006c646c
# Parent 531c67ed64f4937e8351ee4e90f2b8d507d63b14
Scrub VNC passwords from the logs.
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
tools/python/xen/xend/XendConfig.py | 37 ++++++++++++++++++++++++++++++--
tools/python/xen/xend/XendDomainInfo.py | 19 ++++++++--------
2 files changed, 45 insertions(+), 11 deletions(-)
diff -r 531c67ed64f4 -r 78528a88d082 tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py Thu Dec 07 12:11:40 2006 +0000
+++ b/tools/python/xen/xend/XendConfig.py Thu Dec 07 12:14:22 2006 +0000
@@ -41,6 +41,39 @@ def reverse_dict(adict):
def bool0(v):
return v != '0' and bool(v)
+
+# Recursively copy a data struct, scrubbing out VNC passwords.
+# Will scrub any dict entry with a key of 'vncpasswd' or any
+# 2-element list whose first member is 'vncpasswd'. It will
+# also scrub a string matching '(vncpasswd XYZ)'. Everything
+# else is no-op passthrough
+def scrub_password(data):
+ if type(data) == dict or type(data) == XendConfig:
+ scrubbed = {}
+ for key in data.keys():
+ if key == "vncpasswd":
+ scrubbed[key] = "XXXXXXXX"
+ else:
+ scrubbed[key] = scrub_password(data[key])
+ return scrubbed
+ elif type(data) == list:
+ if len(data) == 2 and type(data[0]) == str and data[0] == 'vncpasswd':
+ return ['vncpasswd', 'XXXXXXXX']
+ else:
+ scrubbed = []
+ for entry in data:
+ scrubbed.append(scrub_password(entry))
+ return scrubbed
+ elif type(data) == tuple:
+ scrubbed = []
+ for entry in data:
+ scrubbed.append(scrub_password(entry))
+ return tuple(scrubbed)
+ elif type(data) == str:
+ return re.sub(r'\(vncpasswd\s+[^\)]+\)','(vncpasswd XXXXXX)', data)
+ else:
+ return data
+
# Mapping from XendConfig configuration keys to the old
# legacy configuration keys that map directly.
@@ -269,7 +302,7 @@ class XendConfig(dict):
# output from xc.domain_getinfo
self._dominfo_to_xapi(dominfo)
- log.debug('XendConfig.init: %s' % self)
+ log.debug('XendConfig.init: %s' % scrub_password(self))
# validators go here
self.validate()
@@ -478,7 +511,7 @@ class XendConfig(dict):
else:
for opt, val in config[1:]:
dev_info[opt] = val
- log.debug("XendConfig: reading device: %s" % dev_info)
+ log.debug("XendConfig: reading device: %s" %
scrub_password(dev_info))
# create uuid if it doesn't
dev_uuid = dev_info.get('uuid', uuid.createString())
dev_info['uuid'] = dev_uuid
diff -r 531c67ed64f4 -r 78528a88d082 tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py Thu Dec 07 12:11:40 2006 +0000
+++ b/tools/python/xen/xend/XendDomainInfo.py Thu Dec 07 12:14:22 2006 +0000
@@ -40,6 +40,7 @@ from xen.xend import balloon, sxp, uuid,
from xen.xend import balloon, sxp, uuid, image, arch
from xen.xend import XendRoot, XendNode, XendConfig
+from xen.xend.XendConfig import scrub_password
from xen.xend.XendBootloader import bootloader
from xen.xend.XendError import XendError, VmError
from xen.xend.XendDevices import XendDevices
@@ -148,7 +149,7 @@ def create(config):
@raise VmError: Invalid configuration or failure to start.
"""
- log.debug("XendDomainInfo.create(%s)", config)
+ log.debug("XendDomainInfo.create(%s)", scrub_password(config))
vm = XendDomainInfo(XendConfig.XendConfig(sxp_obj = config))
try:
vm.start()
@@ -175,7 +176,7 @@ def recreate(info, priv):
@raise XendError: Errors with configuration.
"""
- log.debug("XendDomainInfo.recreate(%s)", info)
+ log.debug("XendDomainInfo.recreate(%s)", scrub_password(info))
assert not info['dying']
@@ -257,7 +258,7 @@ def restore(config):
@raise XendError: Errors with configuration.
"""
- log.debug("XendDomainInfo.restore(%s)", config)
+ log.debug("XendDomainInfo.restore(%s)", scrub_password(config))
vm = XendDomainInfo(XendConfig.XendConfig(sxp_obj = config),
resume = True)
try:
@@ -280,7 +281,7 @@ def createDormant(domconfig):
@raise XendError: Errors with configuration.
"""
- log.debug("XendDomainInfo.createDormant(%s)", domconfig)
+ log.debug("XendDomainInfo.createDormant(%s)", scrub_password(domconfig))
# domid does not make sense for non-running domains.
domconfig.pop('domid', None)
@@ -520,11 +521,11 @@ class XendDomainInfo:
@param dev_config: device configuration
@type dev_config: SXP object (parsed config)
"""
- log.debug("XendDomainInfo.device_create: %s" % dev_config)
+ log.debug("XendDomainInfo.device_create: %s" %
scrub_password(dev_config))
dev_type = sxp.name(dev_config)
dev_uuid = self.info.device_add(dev_type, cfg_sxp = dev_config)
dev_config_dict = self.info['devices'][dev_uuid][1]
- log.debug("XendDomainInfo.device_create: %s" % dev_config_dict)
+ log.debug("XendDomainInfo.device_create: %s" %
scrub_password(dev_config_dict))
devid = self._createDevice(dev_type, dev_config_dict)
self._waitForDevice(dev_type, devid)
return self.getDeviceController(dev_type).sxpr(devid)
@@ -746,7 +747,7 @@ class XendDomainInfo:
to_store.update(self._vcpuDomDetails())
- log.debug("Storing domain details: %s", to_store)
+ log.debug("Storing domain details: %s", scrub_password(to_store))
self._writeDom(to_store)
@@ -1188,7 +1189,7 @@ class XendDomainInfo:
"""
for (devclass, config) in self.info.get('devices', {}).values():
if devclass in XendDevices.valid_devices():
- log.info("createDevice: %s : %s" % (devclass, config))
+ log.info("createDevice: %s : %s" % (devclass,
scrub_password(config)))
self._createDevice(devclass, config)
if self.image:
@@ -1667,7 +1668,7 @@ class XendDomainInfo:
if not self._readVm('xend/restart_count'):
to_store['xend/restart_count'] = str(0)
- log.debug("Storing VM details: %s", to_store)
+ log.debug("Storing VM details: %s", scrub_password(to_store))
self._writeVm(to_store)
self._setVmPermissions()
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home