From 46f26084ce59ffcd5c2d66558fee85f4deb53a94 Mon Sep 17 00:00:00 2001 From: Mark Giles Date: Tue, 14 Nov 2017 13:34:40 -0500 Subject: [PATCH] Fix several instances of chap secret being output to logs. Several drivers had cases where chap secrets could be output to the log files. This fixes several such cases by masking the secret. Change-Id: Id74d48348f2a9aa212fe178ac2e2304ff134be9a --- cinder/volume/drivers/dell_emc/xtremio.py | 3 ++- cinder/volume/drivers/dothill/dothill_client.py | 6 ++++-- cinder/volume/drivers/huawei/huawei_driver.py | 3 ++- .../drivers/ibm/storwize_svc/storwize_svc_common.py | 9 ++++++--- .../drivers/ibm/storwize_svc/storwize_svc_iscsi.py | 10 +++++++--- cinder/volume/drivers/zadara.py | 3 ++- cinder/volume/drivers/zfssa/restclient.py | 4 +++- 7 files changed, 26 insertions(+), 12 deletions(-) diff --git a/cinder/volume/drivers/dell_emc/xtremio.py b/cinder/volume/drivers/dell_emc/xtremio.py index bac055a0a1d..1cc562e0fdd 100644 --- a/cinder/volume/drivers/dell_emc/xtremio.py +++ b/cinder/volume/drivers/dell_emc/xtremio.py @@ -134,7 +134,8 @@ class XtremIOClient(object): self.update_url(params, self.cluster_id) if method != 'GET': self.update_data(data, self.cluster_id) - LOG.debug('data: %s', data) + # data may include chap password + LOG.debug('data: %s', strutils.mask_password(data)) LOG.debug('%(type)s %(url)s', {'type': method, 'url': url}) try: response = requests.request( diff --git a/cinder/volume/drivers/dothill/dothill_client.py b/cinder/volume/drivers/dothill/dothill_client.py index a494ad4666a..234981c3634 100644 --- a/cinder/volume/drivers/dothill/dothill_client.py +++ b/cinder/volume/drivers/dothill/dothill_client.py @@ -21,6 +21,7 @@ import time from lxml import etree from oslo_log import log as logging +from oslo_utils import strutils from oslo_utils import units import requests import six @@ -206,8 +207,9 @@ class DotHillClient(object): If the status is OK, returns the XML data for further processing. """ url = self._build_request_url(path, *args, **kargs) - LOG.debug("Array Request URL: %s (session %s)", - url, self._session_key) + # Don't log the created URL since it may contain chap secret + LOG.debug("Array Request path: %s, args: %s, kargs: %s (session %s)", + path, args, strutils.mask_password(kargs), self._session_key) headers = {'dataType': 'api', 'sessionKey': self._session_key} try: xml = requests.get(url, headers=headers, diff --git a/cinder/volume/drivers/huawei/huawei_driver.py b/cinder/volume/drivers/huawei/huawei_driver.py index fc45bc9b7b2..4543bbb8c3c 100644 --- a/cinder/volume/drivers/huawei/huawei_driver.py +++ b/cinder/volume/drivers/huawei/huawei_driver.py @@ -23,6 +23,7 @@ import uuid from oslo_config import cfg from oslo_log import log as logging from oslo_utils import excutils +from oslo_utils import strutils from oslo_utils import units from cinder import context @@ -1981,7 +1982,7 @@ class HuaweiISCSIDriver(HuaweiBaseDriver, driver.ISCSIDriver): properties['auth_password'] = chap_password LOG.info("initialize_connection success. Return data: %s.", - properties) + strutils.mask_password(properties)) return {'driver_volume_type': 'iscsi', 'data': properties} @coordination.synchronized('huawei-mapping-{connector[host]}') diff --git a/cinder/volume/drivers/ibm/storwize_svc/storwize_svc_common.py b/cinder/volume/drivers/ibm/storwize_svc/storwize_svc_common.py index ab871904162..b06ad4d1301 100644 --- a/cinder/volume/drivers/ibm/storwize_svc/storwize_svc_common.py +++ b/cinder/volume/drivers/ibm/storwize_svc/storwize_svc_common.py @@ -163,12 +163,14 @@ class StorwizeSSH(object): return CLIResponse(raw, ssh_cmd=ssh_cmd, delim=delim, with_header=with_header) - def run_ssh_assert_no_output(self, ssh_cmd): + def run_ssh_assert_no_output(self, ssh_cmd, log_cmd=None): """Run an SSH command and assert no output returned.""" out, err = self._run_ssh(ssh_cmd) if len(out.strip()) != 0: + if not log_cmd: + log_cmd = ' '.join(ssh_cmd) msg = (_('Expected no output from CLI command %(cmd)s, ' - 'got %(out)s.') % {'cmd': ' '.join(ssh_cmd), 'out': out}) + 'got %(out)s.') % {'cmd': log_cmd, 'out': out}) LOG.error(msg) raise exception.VolumeBackendAPIException(data=msg) @@ -256,7 +258,8 @@ class StorwizeSSH(object): def add_chap_secret(self, secret, host): ssh_cmd = ['svctask', 'chhost', '-chapsecret', secret, '"%s"' % host] - self.run_ssh_assert_no_output(ssh_cmd) + log_cmd = 'svctask chhost -chapsecret *** %s' % host + self.run_ssh_assert_no_output(ssh_cmd, log_cmd) def lsiscsiauth(self): ssh_cmd = ['svcinfo', 'lsiscsiauth', '-delim', '!'] diff --git a/cinder/volume/drivers/ibm/storwize_svc/storwize_svc_iscsi.py b/cinder/volume/drivers/ibm/storwize_svc/storwize_svc_iscsi.py index 627fb15dd61..0bd9f772217 100644 --- a/cinder/volume/drivers/ibm/storwize_svc/storwize_svc_iscsi.py +++ b/cinder/volume/drivers/ibm/storwize_svc/storwize_svc_iscsi.py @@ -38,6 +38,7 @@ import collections from oslo_config import cfg from oslo_log import log as logging from oslo_utils import excutils +from oslo_utils import strutils from cinder import exception from cinder.i18n import _ @@ -200,10 +201,11 @@ class StorwizeSVCISCSIDriver(storwize_common.StorwizeSVCCommonDriver): '%(conn)s.\n', {'vol': volume, 'conn': connector}) + # properties may contain chap secret so must be masked LOG.debug('leave: initialize_connection:\n volume: %(vol)s\n ' 'connector: %(conn)s\n properties: %(prop)s', {'vol': volume.id, 'conn': connector, - 'prop': properties}) + 'prop': strutils.mask_password(properties)}) return {'driver_volume_type': 'iscsi', 'data': properties, } @@ -285,11 +287,12 @@ class StorwizeSVCISCSIDriver(storwize_common.StorwizeSVCCommonDriver): discovery_auth_method='CHAP', discovery_auth_username=connector['initiator'], discovery_auth_password=chap_secret) + # properties may contain chap secret so must be masked LOG.debug('leave: _get_single_iscsi_data:\n volume: %(vol)s\n ' 'connector: %(conn)s\n lun_id: %(lun_id)s\n ' 'properties: %(prop)s', {'vol': volume.id, 'conn': connector, 'lun_id': lun_id, - 'prop': properties}) + 'prop': strutils.mask_password(properties)}) return properties def _get_multi_iscsi_data(self, volume, connector, lun_id, properties, @@ -335,11 +338,12 @@ class StorwizeSVCISCSIDriver(storwize_common.StorwizeSVCCommonDriver): LOG.error(msg) raise exception.VolumeBackendAPIException(data=msg) + # properties may contain chap secret so must be masked LOG.debug('leave: _get_multi_iscsi_data:\n volume: %(vol)s\n ' 'connector: %(conn)s\n lun_id: %(lun_id)s\n ' 'properties: %(prop)s', {'vol': volume.id, 'conn': connector, 'lun_id': lun_id, - 'prop': properties}) + 'prop': strutils.mask_password(properties)}) return properties diff --git a/cinder/volume/drivers/zadara.py b/cinder/volume/drivers/zadara.py index 3b021ac2ea4..f1f3348c2f1 100644 --- a/cinder/volume/drivers/zadara.py +++ b/cinder/volume/drivers/zadara.py @@ -21,6 +21,7 @@ This driver requires VPSA with API version 15.07 or higher. from lxml import etree from oslo_config import cfg from oslo_log import log as logging +from oslo_utils import strutils import requests import six @@ -645,7 +646,7 @@ class ZadaraVPSAISCSIDriver(driver.ISCSIDriver): properties['auth_password'] = ctrl['chap_passwd'] LOG.debug('Attach properties: %(properties)s', - {'properties': properties}) + {'properties': strutils.mask_password(properties)}) return {'driver_volume_type': ('iser' if (self.configuration.safe_get('zadara_use_iser')) else 'iscsi'), 'data': properties} diff --git a/cinder/volume/drivers/zfssa/restclient.py b/cinder/volume/drivers/zfssa/restclient.py index d55e02acf49..eb988d41bcc 100644 --- a/cinder/volume/drivers/zfssa/restclient.py +++ b/cinder/volume/drivers/zfssa/restclient.py @@ -20,6 +20,7 @@ import ssl import time from oslo_log import log +from oslo_utils import strutils import six from six.moves import http_client from six.moves import urllib @@ -272,7 +273,8 @@ class RestClientURL(object): {'request': request, 'url': zfssaurl}) LOG.debug('Out headers: %s', out_hdrs) if body and body != '': - LOG.debug('Body: %s', body) + # body may contain chap secret so must be masked + LOG.debug('Body: %s', strutils.mask_password(body)) context = None if hasattr(ssl, '_create_unverified_context'):