Script 'mail_helper' called by ro Hello packager, This is just FYI. Your package was checked in in distribution "sle12" by autobuild-member: ro. Here comes the log... ---------------------------%<------------------------------ Hi, here is the log from ci_new_pac /mounts/work_src_done/SLE12/yast2-iscsi-lio-server -> sle12 ## BNC# 893362 : "Yast iSCSI LIO Target: Security: user/password is in Yast log" (ASSIGNED/) Changes: -------- --- /work/SRC/SUSE:SLE-12:GA/yast2-iscsi-lio-server/yast2-iscsi-lio-server.changes 2014-07-28 16:44:23.000000000 +0200 +++ /mounts/work_src_done/SLE12/yast2-iscsi-lio-server/yast2-iscsi-lio-server.changes 2014-09-01 16:30:35.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Aug 27 12:26:10 CEST 2014 - gs@suse.de + +- do not write user/password info to YaST log-file (bnc #893362) +- 3.1.9 + +------------------------------------------------------------------- calling whatdependson for sle12-i586 Packages directly triggered for rebuild: - yast2-iscsi-lio-server ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/SUSE:SLE-12:GA/yast2-iscsi-lio-server (Old) and /mounts/work_src_done/SLE12/yast2-iscsi-lio-server (BS:build ID:43337 MAIL:yast-commit@opensuse.org) (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-iscsi-lio-server", Maintainer is "yast-commit@opensuse.org" Old: ---- yast2-iscsi-lio-server-3.1.8.tar.bz2 New: ---- yast2-iscsi-lio-server-3.1.9.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-iscsi-lio-server.spec ++++++ --- /var/tmp/diff_new_pack.v1t6AV/_old 2014-09-02 15:56:17.000000000 +0200 +++ /var/tmp/diff_new_pack.v1t6AV/_new 2014-09-02 15:56:17.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-iscsi-lio-server -Version: 3.1.8 +Version: 3.1.9 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-iscsi-lio-server-3.1.8.tar.bz2 -> yast2-iscsi-lio-server-3.1.9.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.changes new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.changes --- old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.changes 2014-07-28 13:33:11.000000000 +0200 +++ new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.changes 2014-09-01 16:24:17.000000000 +0200 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Wed Aug 27 12:26:10 CEST 2014 - gs@suse.de + +- do not write user/password info to YaST log-file (bnc #893362) +- 3.1.9 + +------------------------------------------------------------------- Thu Jul 24 11:59:18 CEST 2014 - gs@suse.de - bind all IP addresses to a target if requested by user diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.spec new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.spec --- old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.spec 2014-07-28 13:33:11.000000000 +0200 +++ new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.spec 2014-09-01 16:24:17.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-iscsi-lio-server -Version: 3.1.8 +Version: 3.1.9 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/src/include/iscsi-lio-server/widgets.rb new/yast2-iscsi-lio-server-3.1.9/src/include/iscsi-lio-server/widgets.rb --- old/yast2-iscsi-lio-server-3.1.8/src/include/iscsi-lio-server/widgets.rb 2014-07-28 13:33:11.000000000 +0200 +++ new/yast2-iscsi-lio-server-3.1.9/src/include/iscsi-lio-server/widgets.rb 2014-09-01 16:24:17.000000000 +0200 @@ -568,7 +568,7 @@ else lmap = IscsiLioData.GetAuth(@curr_target, @curr_tpg, clnt) end - Builtins.y2milestone("ClntAuthDialog map:%1", lmap) + Builtins.y2milestone("ClntAuthDialog auth already set") if !lmap.empty? auth_dialog = VBox( MarginBox(6, 2, AuthTerm(false)), ButtonBox( @@ -605,7 +605,6 @@ end UI.CloseDialog Ops.set(@changed_auth, clnt, lmap) if lmap != nil - Builtins.y2milestone("ClntAuthDialog ret:%1", lmap) deep_copy(lmap) end @@ -1349,8 +1348,8 @@ s = Ops.get_string(it, 1, "") Builtins.y2milestone("handleClient pos:%1 clnt:%2", edit_pos, s) auth = ClntAuthDialog(s) - Builtins.y2milestone("handleClient auth:%1", auth) if auth != nil + Builtins.y2milestone("handleClient auth is set") Ops.set(it, 3, GetAuthString(auth)) Ops.set(items, edit_pos, it) UI.ChangeWidget(:clnt_table, :Items, items) @@ -1539,8 +1538,7 @@ Ops.get_string(ca, ["outgoing", 0], "") || Ops.get_string(m, ["outgoing", 1], "") != Ops.get_string(ca, ["outgoing", 1], "") - Builtins.y2milestone("storeClient auth c:%1", c) - Builtins.y2milestone("storeClient cur:%1 new:%2", ca, m) + Builtins.y2milestone("storeClient set auth for client:%1", c) chg = true if !IscsiLioData.SetAuth( @curr_target, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/src/modules/IscsiLioData.rb new/yast2-iscsi-lio-server-3.1.9/src/modules/IscsiLioData.rb --- old/yast2-iscsi-lio-server-3.1.8/src/modules/IscsiLioData.rb 2014-07-28 13:33:11.000000000 +0200 +++ new/yast2-iscsi-lio-server-3.1.9/src/modules/IscsiLioData.rb 2014-09-01 16:24:17.000000000 +0200 @@ -261,8 +261,16 @@ Ops.get_boolean(@data, ["tgt", tgt, tpg, "ep", "enabled"], false) end - def LogExecCmd(cmd) - Builtins.y2milestone("Executing cmd:%1", cmd) + # Execute given command (using SCR.Execute) and return result. + # Logs the command to YaST log-file if allowed. + # + # @param [String] cmd Command to be excuted (make sure to quote correctly, + # for example "ls 'filename with spaces'") + # @param [Boolean] do_log: logging to y2log allowed? + # @return [Hash] hash containing keys "exit", "stdout", "stderr" + # + def LogExecCmd(cmd, do_log: true) + Builtins.y2milestone("Executing cmd:%1", cmd) if do_log ret = Convert.convert( SCR.Execute(path(".target.bash_output"), cmd), :from => "any", @@ -314,8 +322,7 @@ m = Ops.get_map(m, ["clnt", clnt], {}) if !Builtins.isempty(clnt) ret = !Builtins.isempty(Ops.get_list(m, "incoming", [])) Builtins.y2milestone( - "HasIncomingAuth m:%1 ret:%2", - Ops.get_list(m, "incoming", []), + "HasIncomingAuth ret:%1", ret ) ret @@ -326,8 +333,7 @@ m = Ops.get_map(m, ["clnt", clnt], {}) if !Builtins.isempty(clnt) ret = Ops.greater_than(Builtins.size(Ops.get_list(m, "outgoing", [])), 1) Builtins.y2milestone( - "HasOutgoingAuth m:%1 ret:%2", - Ops.get_list(m, "outgoing", []), + "HasOutgoingAuth ret:%1", ret ) ret @@ -377,7 +383,9 @@ end def GetNetworkPortal(tgt, tpg) - Builtins.y2milestone("Data: %1, tgt: %2, tpg: %3", @data, tgt, tpg) + Builtins.y2milestone("target: %1, target portal group: %2", tgt, tpg) + # log complete data only for debugging purposes (contains password/user info) + Builtins.y2debug("Data: %1", @data) ret = Builtins.maplist( Ops.get_list(@data, ["tgt", tgt, tpg, "ep", "np"], []) ) do |n| @@ -1248,68 +1256,59 @@ ret end - def SetAuth(tgt, tpg, clnt, inc, out) - inc = deep_copy(inc) - out = deep_copy(out) + def SetAuth(tgt, tpg, clnt, incoming, outgoing) + incoming = deep_copy(incoming) + if incoming.empty? + log_incoming = [] + else + log_incoming = ["*****", "*****"] + end + outgoing = deep_copy(outgoing) + if outgoing.empty? + log_outgoing = [] + else + log_outgoing = ["*****", "*****"] + end Builtins.y2milestone( "SetAuth tgt:%1 tpg:%2 clnt:%3 in:%4 out:%5", tgt, tpg, clnt, - inc, - out + log_incoming, + log_outgoing ) cmd = "" ret = true if Builtins.isempty(tgt) - cmd = "lio_node --setchapdiscauth " - if !Builtins.isempty(inc) - ret = LogExecCmd( - Ops.add( - Ops.add(Ops.add(cmd, Ops.get_string(inc, 0, "")), " "), - Ops.get_string(inc, 1, "") - ) - ) && ret + cmd = "lio_node --setchapdiscauth" + if !Builtins.isempty(incoming) + ret = LogExecCmd("#{cmd} #{incoming[0]} #{incoming[1]}", do_log: false) && ret + Builtins.y2milestone("Executing cmd: #{cmd} ***** *****") elsif HasIncomingAuth("", 0, "") - ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret + ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret end - cmd = "lio_node --setchapdiscmutualauth " - if !Builtins.isempty(out) - ret = LogExecCmd( - Ops.add( - Ops.add(Ops.add(cmd, Ops.get_string(out, 0, "")), " "), - Ops.get_string(out, 1, "") - ) - ) && ret + cmd = "lio_node --setchapdiscmutualauth" + if !Builtins.isempty(outgoing) + ret = LogExecCmd("#{cmd} #{outgoing[0]} #{outgoing[1]}", do_log: false) && ret + Builtins.y2milestone("Executing cmd: #{cmd} ***** *****") elsif HasOutgoingAuth("", 0, "") - ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret + ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret end else - param = Ops.add( - Ops.add(Ops.add(Ops.add(Ops.add(tgt, " "), tpg), " "), clnt), - " " - ) - cmd = Ops.add("lio_node --setchapauth ", param) - if !Builtins.isempty(inc) - ret = LogExecCmd( - Ops.add( - Ops.add(Ops.add(cmd, Ops.get_string(inc, 0, "")), " "), - Ops.get_string(inc, 1, "") - ) - ) && ret + param = "#{tgt} #{tpg} #{clnt}" + cmd = "lio_node --setchapauth #{param}" + if !Builtins.isempty(incoming) + ret = LogExecCmd("#{cmd} #{incoming[0]} #{incoming[1]}", do_log: false) && ret + Builtins.y2milestone("Executing cmd: #{cmd} ***** *****") elsif HasIncomingAuth(tgt, tpg, clnt) - ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret + ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret end - cmd = Ops.add("lio_node --setchapmutualauth ", param) - if !Builtins.isempty(out) - ret = LogExecCmd( - Ops.add( - Ops.add(Ops.add(cmd, Ops.get_string(out, 0, "")), " "), - Ops.get_string(out, 1, "") - ) - ) && ret + cmd = "lio_node --setchapmutualauth #{param}" + if !Builtins.isempty(outgoing) + ret = LogExecCmd("#{cmd} #{outgoing[0]} #{outgoing[1]}", do_log: false) && ret + Builtins.y2milestone("Executing cmd: #{cmd} ***** *****") elsif HasOutgoingAuth(tgt, tpg, clnt) - ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret + ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret end end Builtins.y2milestone("SetAuth ret:%1", ret) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/test/LogExecCmd_spec.rb new/yast2-iscsi-lio-server-3.1.9/test/LogExecCmd_spec.rb --- old/yast2-iscsi-lio-server-3.1.8/test/LogExecCmd_spec.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-iscsi-lio-server-3.1.9/test/LogExecCmd_spec.rb 2014-09-01 16:24:17.000000000 +0200 @@ -0,0 +1,37 @@ +#! /usr/bin/rspec +require_relative '../src/modules/IscsiLioData' + +describe Yast::IscsiLioDataClass do + + before :each do + @iscsilib = Yast::IscsiLioDataClass.new + @iscsilib.main() + + @test_class = @iscsilib + end + + describe "#LogExecCmd" do + context "when told not to write command to YaST log" do + it "executes command and doesn't write to y2log" do + cmd = "lio-node --setchap hugo 12345" + + expect(Yast::Builtins).not_to receive(:y2milestone) + expect(Yast::SCR).to receive(:Execute).once + @iscsilib.LogExecCmd(cmd, do_log: false) + end + end + end + + describe "#LogExecCmd" do + context "when called with command not containing sensitive data" do + it "executes command and write command to y2log" do + cmd = "lio-node --list" + + expect(Yast::Builtins).to receive(:y2milestone).once + expect(Yast::SCR).to receive(:Execute).once + @iscsilib.LogExecCmd(cmd) + end + end + end + +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/test/Makefile.am new/yast2-iscsi-lio-server-3.1.9/test/Makefile.am --- old/yast2-iscsi-lio-server-3.1.8/test/Makefile.am 2014-07-28 13:33:11.000000000 +0200 +++ new/yast2-iscsi-lio-server-3.1.9/test/Makefile.am 2014-09-01 16:24:17.000000000 +0200 @@ -1,5 +1,7 @@ TESTS = \ - GetIpAddr_spec.rb + GetIpAddr_spec.rb \ + SetAuth_spec.rb \ + LogExecCmd_spec.rb TEST_EXTENSIONS = .rb RB_LOG_COMPILER = rspec diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/test/SetAuth_spec.rb new/yast2-iscsi-lio-server-3.1.9/test/SetAuth_spec.rb --- old/yast2-iscsi-lio-server-3.1.8/test/SetAuth_spec.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-iscsi-lio-server-3.1.9/test/SetAuth_spec.rb 2014-09-01 16:24:17.000000000 +0200 @@ -0,0 +1,54 @@ +#! /usr/bin/rspec +require_relative '../src/modules/IscsiLioData' + +describe Yast::IscsiLioDataClass do + + before :each do + @iscsilib = Yast::IscsiLioDataClass.new + @iscsilib.main() + + @test_class = @iscsilib + end + + describe "#SetAuth" do + context "when called with user and password info" do + it "filters out sensitive data" do + tgt = "" + tpg = -42 + clnt = "" + inc = ["SECRET1"] + out = ["SECRET2"] + expect(Yast::Builtins).to receive(:y2milestone) do |*args| + expect(args.to_s).not_to match /SECRET/ + end.at_least(2).times + + expect(@iscsilib). + to receive(:LogExecCmd). + twice. + and_return true + + expect(@iscsilib.SetAuth(tgt, tpg, clnt, inc, out)).to be true + end + end + end + + describe "#SetAuth" do + context "when called with user and password info" do + it "calls LogExecCmd correctly" do + tgt = "" + tpg = -42 + clnt = "" + inc = ["User", "Password"] + out = [] + + expect(@iscsilib).to receive(:LogExecCmd) do |*args| + expect(args).to eq ["lio_node --setchapdiscauth User Password", {:do_log=>false}] + end + + @iscsilib.SetAuth(tgt, tpg, clnt, inc, out) + end + end + end + + +end continue with "q"... Checked in at Tue Sep 2 15:56:32 CEST 2014 by ro Remember to have fun... -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org