[virt-tools-list] [PATCH virt-viewer v2] Do not print password in the debug log
Pavel Grunt
pgrunt at redhat.com
Thu Jan 5 15:01:18 UTC 2017
On Wed, 2017-01-04 at 11:23 +0100, Pavel Grunt wrote:
> Resolves: rhbz#1410030
> ---
> src/virt-viewer.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/src/virt-viewer.c b/src/virt-viewer.c
> index 1121146..05e6dbc 100644
> --- a/src/virt-viewer.c
> +++ b/src/virt-viewer.c
> @@ -928,6 +928,11 @@
> virt_viewer_auth_libvirt_credentials(virConnectCredentialPtr cred,
> }
>
> for (i = 0 ; i < ncred ; i++) {
> + const char *cred_type_to_str[] = {
> + [VIR_CRED_USERNAME] = "Identity to act as",
> + [VIR_CRED_AUTHNAME] = "Identify to authorize as",
> + [VIR_CRED_PASSPHRASE] = "Passphrase secret",
> + };
> switch (cred[i].type) {
> case VIR_CRED_AUTHNAME:
> case VIR_CRED_USERNAME:
> @@ -936,7 +941,11 @@
> virt_viewer_auth_libvirt_credentials(virConnectCredentialPtr cred,
> cred[i].resultlen = strlen(cred[i].result);
> else
> cred[i].resultlen = 0;
> - g_debug("Got '%s' %d %d", cred[i].result,
> cred[i].resultlen, cred[i].type);
> + g_debug("Got %s '%s' %d %d",
> + cred_type_to_str[cred[i].type],
> + /* hide password */
> + (cred[i].type == VIR_CRED_PASSPHRASE) ? "*****"
> : cred[i].result,
> + cred[i].resultlen, cred[i].type);
I would remove the resultlen, the length of a password is sensitive
information as well
Pavel
> break;
> }
> }
More information about the virt-tools-list
mailing list