Mailinglist Archive: yast-commit (1271 mails)

< Previous Next >
[yast-commit] [ci_new_pac] JFYI yast2-iscsi-lio-server -> sle12
Script 'mail_helper' called by ro
Hello packager,

This is just FYI. Your package was checked in in distribution "sle12"
by autobuild-member: ro.

Here comes the log...

---------------------------%<------------------------------
Hi,

here is the log from ci_new_pac
/mounts/work_src_done/SLE12/yast2-iscsi-lio-server -> sle12



## BNC# 893362 : "Yast iSCSI LIO Target: Security: user/password is in Yast
log" (ASSIGNED/)

Changes:
--------
---
/work/SRC/SUSE:SLE-12:GA/yast2-iscsi-lio-server/yast2-iscsi-lio-server.changes
2014-07-28 16:44:23.000000000 +0200
+++
/mounts/work_src_done/SLE12/yast2-iscsi-lio-server/yast2-iscsi-lio-server.changes
2014-09-01 16:30:35.000000000 +0200
@@ -1,0 +2,6 @@
+Wed Aug 27 12:26:10 CEST 2014 - gs@xxxxxxx
+
+- do not write user/password info to YaST log-file (bnc #893362)
+- 3.1.9
+
+-------------------------------------------------------------------

calling whatdependson for sle12-i586
Packages directly triggered for rebuild:
- yast2-iscsi-lio-server
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/SUSE:SLE-12:GA/yast2-iscsi-lio-server (Old)
and /mounts/work_src_done/SLE12/yast2-iscsi-lio-server (BS:build ID:43337
MAIL:yast-commit@xxxxxxxxxxxx) (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "yast2-iscsi-lio-server", Maintainer is "yast-commit@xxxxxxxxxxxx"


Old:
----
yast2-iscsi-lio-server-3.1.8.tar.bz2

New:
----
yast2-iscsi-lio-server-3.1.9.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-iscsi-lio-server.spec ++++++
--- /var/tmp/diff_new_pack.v1t6AV/_old 2014-09-02 15:56:17.000000000 +0200
+++ /var/tmp/diff_new_pack.v1t6AV/_new 2014-09-02 15:56:17.000000000 +0200
@@ -17,7 +17,7 @@


Name: yast2-iscsi-lio-server
-Version: 3.1.8
+Version: 3.1.9
Release: 0

BuildRoot: %{_tmppath}/%{name}-%{version}-build

++++++ yast2-iscsi-lio-server-3.1.8.tar.bz2 ->
yast2-iscsi-lio-server-3.1.9.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.changes
new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.changes
--- old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.changes
2014-07-28 13:33:11.000000000 +0200
+++ new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.changes
2014-09-01 16:24:17.000000000 +0200
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Wed Aug 27 12:26:10 CEST 2014 - gs@xxxxxxx
+
+- do not write user/password info to YaST log-file (bnc #893362)
+- 3.1.9
+
+-------------------------------------------------------------------
Thu Jul 24 11:59:18 CEST 2014 - gs@xxxxxxx

- bind all IP addresses to a target if requested by user
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.spec
new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.spec
--- old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.spec
2014-07-28 13:33:11.000000000 +0200
+++ new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.spec
2014-09-01 16:24:17.000000000 +0200
@@ -17,7 +17,7 @@


Name: yast2-iscsi-lio-server
-Version: 3.1.8
+Version: 3.1.9
Release: 0

BuildRoot: %{_tmppath}/%{name}-%{version}-build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-iscsi-lio-server-3.1.8/src/include/iscsi-lio-server/widgets.rb
new/yast2-iscsi-lio-server-3.1.9/src/include/iscsi-lio-server/widgets.rb
--- old/yast2-iscsi-lio-server-3.1.8/src/include/iscsi-lio-server/widgets.rb
2014-07-28 13:33:11.000000000 +0200
+++ new/yast2-iscsi-lio-server-3.1.9/src/include/iscsi-lio-server/widgets.rb
2014-09-01 16:24:17.000000000 +0200
@@ -568,7 +568,7 @@
else
lmap = IscsiLioData.GetAuth(@curr_target, @curr_tpg, clnt)
end
- Builtins.y2milestone("ClntAuthDialog map:%1", lmap)
+ Builtins.y2milestone("ClntAuthDialog auth already set") if !lmap.empty?
auth_dialog = VBox(
MarginBox(6, 2, AuthTerm(false)),
ButtonBox(
@@ -605,7 +605,6 @@
end
UI.CloseDialog
Ops.set(@changed_auth, clnt, lmap) if lmap != nil
- Builtins.y2milestone("ClntAuthDialog ret:%1", lmap)
deep_copy(lmap)
end

@@ -1349,8 +1348,8 @@
s = Ops.get_string(it, 1, "")
Builtins.y2milestone("handleClient pos:%1 clnt:%2", edit_pos, s)
auth = ClntAuthDialog(s)
- Builtins.y2milestone("handleClient auth:%1", auth)
if auth != nil
+ Builtins.y2milestone("handleClient auth is set")
Ops.set(it, 3, GetAuthString(auth))
Ops.set(items, edit_pos, it)
UI.ChangeWidget(:clnt_table, :Items, items)
@@ -1539,8 +1538,7 @@
Ops.get_string(ca, ["outgoing", 0], "") ||
Ops.get_string(m, ["outgoing", 1], "") !=
Ops.get_string(ca, ["outgoing", 1], "")
- Builtins.y2milestone("storeClient auth c:%1", c)
- Builtins.y2milestone("storeClient cur:%1 new:%2", ca, m)
+ Builtins.y2milestone("storeClient set auth for client:%1", c)
chg = true
if !IscsiLioData.SetAuth(
@curr_target,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-iscsi-lio-server-3.1.8/src/modules/IscsiLioData.rb
new/yast2-iscsi-lio-server-3.1.9/src/modules/IscsiLioData.rb
--- old/yast2-iscsi-lio-server-3.1.8/src/modules/IscsiLioData.rb
2014-07-28 13:33:11.000000000 +0200
+++ new/yast2-iscsi-lio-server-3.1.9/src/modules/IscsiLioData.rb
2014-09-01 16:24:17.000000000 +0200
@@ -261,8 +261,16 @@
Ops.get_boolean(@data, ["tgt", tgt, tpg, "ep", "enabled"], false)
end

- def LogExecCmd(cmd)
- Builtins.y2milestone("Executing cmd:%1", cmd)
+ # Execute given command (using SCR.Execute) and return result.
+ # Logs the command to YaST log-file if allowed.
+ #
+ # @param [String] cmd Command to be excuted (make sure to quote
correctly,
+ # for example "ls 'filename with spaces'")
+ # @param [Boolean] do_log: logging to y2log allowed?
+ # @return [Hash] hash containing keys "exit", "stdout", "stderr"
+ #
+ def LogExecCmd(cmd, do_log: true)
+ Builtins.y2milestone("Executing cmd:%1", cmd) if do_log
ret = Convert.convert(
SCR.Execute(path(".target.bash_output"), cmd),
:from => "any",
@@ -314,8 +322,7 @@
m = Ops.get_map(m, ["clnt", clnt], {}) if !Builtins.isempty(clnt)
ret = !Builtins.isempty(Ops.get_list(m, "incoming", []))
Builtins.y2milestone(
- "HasIncomingAuth m:%1 ret:%2",
- Ops.get_list(m, "incoming", []),
+ "HasIncomingAuth ret:%1",
ret
)
ret
@@ -326,8 +333,7 @@
m = Ops.get_map(m, ["clnt", clnt], {}) if !Builtins.isempty(clnt)
ret = Ops.greater_than(Builtins.size(Ops.get_list(m, "outgoing", [])), 1)
Builtins.y2milestone(
- "HasOutgoingAuth m:%1 ret:%2",
- Ops.get_list(m, "outgoing", []),
+ "HasOutgoingAuth ret:%1",
ret
)
ret
@@ -377,7 +383,9 @@
end

def GetNetworkPortal(tgt, tpg)
- Builtins.y2milestone("Data: %1, tgt: %2, tpg: %3", @data, tgt, tpg)
+ Builtins.y2milestone("target: %1, target portal group: %2", tgt, tpg)
+ # log complete data only for debugging purposes (contains password/user
info)
+ Builtins.y2debug("Data: %1", @data)
ret = Builtins.maplist(
Ops.get_list(@data, ["tgt", tgt, tpg, "ep", "np"], [])
) do |n|
@@ -1248,68 +1256,59 @@
ret
end

- def SetAuth(tgt, tpg, clnt, inc, out)
- inc = deep_copy(inc)
- out = deep_copy(out)
+ def SetAuth(tgt, tpg, clnt, incoming, outgoing)
+ incoming = deep_copy(incoming)
+ if incoming.empty?
+ log_incoming = []
+ else
+ log_incoming = ["*****", "*****"]
+ end
+ outgoing = deep_copy(outgoing)
+ if outgoing.empty?
+ log_outgoing = []
+ else
+ log_outgoing = ["*****", "*****"]
+ end
Builtins.y2milestone(
"SetAuth tgt:%1 tpg:%2 clnt:%3 in:%4 out:%5",
tgt,
tpg,
clnt,
- inc,
- out
+ log_incoming,
+ log_outgoing
)
cmd = ""
ret = true
if Builtins.isempty(tgt)
- cmd = "lio_node --setchapdiscauth "
- if !Builtins.isempty(inc)
- ret = LogExecCmd(
- Ops.add(
- Ops.add(Ops.add(cmd, Ops.get_string(inc, 0, "")), " "),
- Ops.get_string(inc, 1, "")
- )
- ) && ret
+ cmd = "lio_node --setchapdiscauth"
+ if !Builtins.isempty(incoming)
+ ret = LogExecCmd("#{cmd} #{incoming[0]} #{incoming[1]}", do_log:
false) && ret
+ Builtins.y2milestone("Executing cmd: #{cmd} ***** *****")
elsif HasIncomingAuth("", 0, "")
- ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret
+ ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret
end
- cmd = "lio_node --setchapdiscmutualauth "
- if !Builtins.isempty(out)
- ret = LogExecCmd(
- Ops.add(
- Ops.add(Ops.add(cmd, Ops.get_string(out, 0, "")), " "),
- Ops.get_string(out, 1, "")
- )
- ) && ret
+ cmd = "lio_node --setchapdiscmutualauth"
+ if !Builtins.isempty(outgoing)
+ ret = LogExecCmd("#{cmd} #{outgoing[0]} #{outgoing[1]}", do_log:
false) && ret
+ Builtins.y2milestone("Executing cmd: #{cmd} ***** *****")
elsif HasOutgoingAuth("", 0, "")
- ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret
+ ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret
end
else
- param = Ops.add(
- Ops.add(Ops.add(Ops.add(Ops.add(tgt, " "), tpg), " "), clnt),
- " "
- )
- cmd = Ops.add("lio_node --setchapauth ", param)
- if !Builtins.isempty(inc)
- ret = LogExecCmd(
- Ops.add(
- Ops.add(Ops.add(cmd, Ops.get_string(inc, 0, "")), " "),
- Ops.get_string(inc, 1, "")
- )
- ) && ret
+ param = "#{tgt} #{tpg} #{clnt}"
+ cmd = "lio_node --setchapauth #{param}"
+ if !Builtins.isempty(incoming)
+ ret = LogExecCmd("#{cmd} #{incoming[0]} #{incoming[1]}", do_log:
false) && ret
+ Builtins.y2milestone("Executing cmd: #{cmd} ***** *****")
elsif HasIncomingAuth(tgt, tpg, clnt)
- ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret
+ ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret
end
- cmd = Ops.add("lio_node --setchapmutualauth ", param)
- if !Builtins.isempty(out)
- ret = LogExecCmd(
- Ops.add(
- Ops.add(Ops.add(cmd, Ops.get_string(out, 0, "")), " "),
- Ops.get_string(out, 1, "")
- )
- ) && ret
+ cmd = "lio_node --setchapmutualauth #{param}"
+ if !Builtins.isempty(outgoing)
+ ret = LogExecCmd("#{cmd} #{outgoing[0]} #{outgoing[1]}", do_log:
false) && ret
+ Builtins.y2milestone("Executing cmd: #{cmd} ***** *****")
elsif HasOutgoingAuth(tgt, tpg, clnt)
- ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret
+ ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret
end
end
Builtins.y2milestone("SetAuth ret:%1", ret)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/test/LogExecCmd_spec.rb
new/yast2-iscsi-lio-server-3.1.9/test/LogExecCmd_spec.rb
--- old/yast2-iscsi-lio-server-3.1.8/test/LogExecCmd_spec.rb 1970-01-01
01:00:00.000000000 +0100
+++ new/yast2-iscsi-lio-server-3.1.9/test/LogExecCmd_spec.rb 2014-09-01
16:24:17.000000000 +0200
@@ -0,0 +1,37 @@
+#! /usr/bin/rspec
+require_relative '../src/modules/IscsiLioData'
+
+describe Yast::IscsiLioDataClass do
+
+ before :each do
+ @iscsilib = Yast::IscsiLioDataClass.new
+ @iscsilib.main()
+
+ @test_class = @iscsilib
+ end
+
+ describe "#LogExecCmd" do
+ context "when told not to write command to YaST log" do
+ it "executes command and doesn't write to y2log" do
+ cmd = "lio-node --setchap hugo 12345"
+
+ expect(Yast::Builtins).not_to receive(:y2milestone)
+ expect(Yast::SCR).to receive(:Execute).once
+ @iscsilib.LogExecCmd(cmd, do_log: false)
+ end
+ end
+ end
+
+ describe "#LogExecCmd" do
+ context "when called with command not containing sensitive data" do
+ it "executes command and write command to y2log" do
+ cmd = "lio-node --list"
+
+ expect(Yast::Builtins).to receive(:y2milestone).once
+ expect(Yast::SCR).to receive(:Execute).once
+ @iscsilib.LogExecCmd(cmd)
+ end
+ end
+ end
+
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/test/Makefile.am
new/yast2-iscsi-lio-server-3.1.9/test/Makefile.am
--- old/yast2-iscsi-lio-server-3.1.8/test/Makefile.am 2014-07-28
13:33:11.000000000 +0200
+++ new/yast2-iscsi-lio-server-3.1.9/test/Makefile.am 2014-09-01
16:24:17.000000000 +0200
@@ -1,5 +1,7 @@
TESTS = \
- GetIpAddr_spec.rb
+ GetIpAddr_spec.rb \
+ SetAuth_spec.rb \
+ LogExecCmd_spec.rb

TEST_EXTENSIONS = .rb
RB_LOG_COMPILER = rspec
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/test/SetAuth_spec.rb
new/yast2-iscsi-lio-server-3.1.9/test/SetAuth_spec.rb
--- old/yast2-iscsi-lio-server-3.1.8/test/SetAuth_spec.rb 1970-01-01
01:00:00.000000000 +0100
+++ new/yast2-iscsi-lio-server-3.1.9/test/SetAuth_spec.rb 2014-09-01
16:24:17.000000000 +0200
@@ -0,0 +1,54 @@
+#! /usr/bin/rspec
+require_relative '../src/modules/IscsiLioData'
+
+describe Yast::IscsiLioDataClass do
+
+ before :each do
+ @iscsilib = Yast::IscsiLioDataClass.new
+ @iscsilib.main()
+
+ @test_class = @iscsilib
+ end
+
+ describe "#SetAuth" do
+ context "when called with user and password info" do
+ it "filters out sensitive data" do
+ tgt = ""
+ tpg = -42
+ clnt = ""
+ inc = ["SECRET1"]
+ out = ["SECRET2"]
+ expect(Yast::Builtins).to receive(:y2milestone) do |*args|
+ expect(args.to_s).not_to match /SECRET/
+ end.at_least(2).times
+
+ expect(@iscsilib).
+ to receive(:LogExecCmd).
+ twice.
+ and_return true
+
+ expect(@iscsilib.SetAuth(tgt, tpg, clnt, inc, out)).to be true
+ end
+ end
+ end
+
+ describe "#SetAuth" do
+ context "when called with user and password info" do
+ it "calls LogExecCmd correctly" do
+ tgt = ""
+ tpg = -42
+ clnt = ""
+ inc = ["User", "Password"]
+ out = []
+
+ expect(@iscsilib).to receive(:LogExecCmd) do |*args|
+ expect(args).to eq ["lio_node --setchapdiscauth User Password",
{:do_log=>false}]
+ end
+
+ @iscsilib.SetAuth(tgt, tpg, clnt, inc, out)
+ end
+ end
+ end
+
+
+end

continue with "q"...


Checked in at Tue Sep 2 15:56:32 CEST 2014 by ro

Remember to have fun...

--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread