[yast-commit] [ci_new_pac] JFYI yast2-iscsi-lio-server -> sle12

2 Sep 2014

Script 'mail_helper' called by ro
Hello packager,

This is just FYI.  Your package was checked in in distribution "sle12"
by autobuild-member: ro.

Here comes the log...

---------------------------%<------------------------------
Hi,

here is the log from ci_new_pac /mounts/work_src_done/SLE12/yast2-iscsi-lio-server -> sle12



## BNC# 893362 : "Yast iSCSI LIO Target: Security: user/password is in Yast log" (ASSIGNED/)

Changes:
--------

--- /work/SRC/SUSE:SLE-12:GA/yast2-iscsi-lio-server/yast2-iscsi-lio-server.changes	2014-07-28 16:44:23.000000000 +0200
+++ /mounts/work_src_done/SLE12/yast2-iscsi-lio-server/yast2-iscsi-lio-server.changes	2014-09-01 16:30:35.000000000 +0200
@@ -1,0 +2,6 @@
+Wed Aug 27 12:26:10 CEST 2014 - gs@suse.de
+
+- do not write user/password info to YaST log-file (bnc #893362)
+- 3.1.9
+
+-------------------------------------------------------------------

calling whatdependson for sle12-i586
Packages directly triggered for rebuild:
- yast2-iscsi-lio-server
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/SUSE:SLE-12:GA/yast2-iscsi-lio-server (Old)
 and      /mounts/work_src_done/SLE12/yast2-iscsi-lio-server (BS:build ID:43337 MAIL:yast-commit@opensuse.org) (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "yast2-iscsi-lio-server", Maintainer is "yast-commit@opensuse.org"


Old:
----
  yast2-iscsi-lio-server-3.1.8.tar.bz2

New:
----
  yast2-iscsi-lio-server-3.1.9.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-iscsi-lio-server.spec ++++++
--- /var/tmp/diff_new_pack.v1t6AV/_old	2014-09-02 15:56:17.000000000 +0200
+++ /var/tmp/diff_new_pack.v1t6AV/_new	2014-09-02 15:56:17.000000000 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-iscsi-lio-server
-Version:        3.1.8
+Version:        3.1.9
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

++++++ yast2-iscsi-lio-server-3.1.8.tar.bz2 -> yast2-iscsi-lio-server-3.1.9.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.changes new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.changes
--- old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.changes	2014-07-28 13:33:11.000000000 +0200
+++ new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.changes	2014-09-01 16:24:17.000000000 +0200
@@ -1,4 +1,10 @@
 -------------------------------------------------------------------
+Wed Aug 27 12:26:10 CEST 2014 - gs@suse.de
+
+- do not write user/password info to YaST log-file (bnc #893362)
+- 3.1.9
+
+-------------------------------------------------------------------
 Thu Jul 24 11:59:18 CEST 2014 - gs@suse.de
 
 - bind all IP addresses to a target if requested by user 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.spec new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.spec
--- old/yast2-iscsi-lio-server-3.1.8/package/yast2-iscsi-lio-server.spec	2014-07-28 13:33:11.000000000 +0200
+++ new/yast2-iscsi-lio-server-3.1.9/package/yast2-iscsi-lio-server.spec	2014-09-01 16:24:17.000000000 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-iscsi-lio-server
-Version:        3.1.8
+Version:        3.1.9
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/src/include/iscsi-lio-server/widgets.rb new/yast2-iscsi-lio-server-3.1.9/src/include/iscsi-lio-server/widgets.rb
--- old/yast2-iscsi-lio-server-3.1.8/src/include/iscsi-lio-server/widgets.rb	2014-07-28 13:33:11.000000000 +0200
+++ new/yast2-iscsi-lio-server-3.1.9/src/include/iscsi-lio-server/widgets.rb	2014-09-01 16:24:17.000000000 +0200
@@ -568,7 +568,7 @@
       else
         lmap = IscsiLioData.GetAuth(@curr_target, @curr_tpg, clnt)
       end
-      Builtins.y2milestone("ClntAuthDialog map:%1", lmap)
+      Builtins.y2milestone("ClntAuthDialog auth already set") if !lmap.empty?
       auth_dialog = VBox(
         MarginBox(6, 2, AuthTerm(false)),
         ButtonBox(
@@ -605,7 +605,6 @@
       end
       UI.CloseDialog
       Ops.set(@changed_auth, clnt, lmap) if lmap != nil
-      Builtins.y2milestone("ClntAuthDialog ret:%1", lmap)
       deep_copy(lmap)
     end
 
@@ -1349,8 +1348,8 @@
             s = Ops.get_string(it, 1, "")
             Builtins.y2milestone("handleClient pos:%1 clnt:%2", edit_pos, s)
             auth = ClntAuthDialog(s)
-            Builtins.y2milestone("handleClient auth:%1", auth)
             if auth != nil
+              Builtins.y2milestone("handleClient auth is set")
               Ops.set(it, 3, GetAuthString(auth))
               Ops.set(items, edit_pos, it)
               UI.ChangeWidget(:clnt_table, :Items, items)
@@ -1539,8 +1538,7 @@
                 Ops.get_string(ca, ["outgoing", 0], "") ||
               Ops.get_string(m, ["outgoing", 1], "") !=
                 Ops.get_string(ca, ["outgoing", 1], "")
-            Builtins.y2milestone("storeClient auth c:%1", c)
-            Builtins.y2milestone("storeClient cur:%1 new:%2", ca, m)
+            Builtins.y2milestone("storeClient set auth for client:%1", c)
             chg = true
             if !IscsiLioData.SetAuth(
                 @curr_target,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/src/modules/IscsiLioData.rb new/yast2-iscsi-lio-server-3.1.9/src/modules/IscsiLioData.rb
--- old/yast2-iscsi-lio-server-3.1.8/src/modules/IscsiLioData.rb	2014-07-28 13:33:11.000000000 +0200
+++ new/yast2-iscsi-lio-server-3.1.9/src/modules/IscsiLioData.rb	2014-09-01 16:24:17.000000000 +0200
@@ -261,8 +261,16 @@
       Ops.get_boolean(@data, ["tgt", tgt, tpg, "ep", "enabled"], false)
     end
 
-    def LogExecCmd(cmd)
-      Builtins.y2milestone("Executing cmd:%1", cmd)
+    # Execute given command (using SCR.Execute) and return result.
+    # Logs the command to YaST log-file if allowed.
+    #
+    # @param [String]  cmd     Command to be excuted (make sure to quote correctly,
+    #                          for example "ls 'filename with spaces'")
+    # @param [Boolean] do_log: logging to y2log allowed?
+    # @return [Hash]           hash containing keys "exit", "stdout", "stderr"
+    #
+    def LogExecCmd(cmd, do_log: true)
+      Builtins.y2milestone("Executing cmd:%1", cmd) if do_log
       ret = Convert.convert(
         SCR.Execute(path(".target.bash_output"), cmd),
         :from => "any",
@@ -314,8 +322,7 @@
       m = Ops.get_map(m, ["clnt", clnt], {}) if !Builtins.isempty(clnt)
       ret = !Builtins.isempty(Ops.get_list(m, "incoming", []))
       Builtins.y2milestone(
-        "HasIncomingAuth m:%1 ret:%2",
-        Ops.get_list(m, "incoming", []),
+        "HasIncomingAuth ret:%1",
         ret
       )
       ret
@@ -326,8 +333,7 @@
       m = Ops.get_map(m, ["clnt", clnt], {}) if !Builtins.isempty(clnt)
       ret = Ops.greater_than(Builtins.size(Ops.get_list(m, "outgoing", [])), 1)
       Builtins.y2milestone(
-        "HasOutgoingAuth m:%1 ret:%2",
-        Ops.get_list(m, "outgoing", []),
+        "HasOutgoingAuth ret:%1",
         ret
       )
       ret
@@ -377,7 +383,9 @@
     end
 
     def GetNetworkPortal(tgt, tpg)
-      Builtins.y2milestone("Data: %1, tgt: %2, tpg: %3", @data, tgt, tpg)
+      Builtins.y2milestone("target: %1, target portal group: %2", tgt, tpg)
+      # log complete data only for debugging purposes (contains password/user info)
+      Builtins.y2debug("Data: %1", @data)
       ret = Builtins.maplist(
         Ops.get_list(@data, ["tgt", tgt, tpg, "ep", "np"], [])
       ) do |n|
@@ -1248,68 +1256,59 @@
       ret
     end
 
-    def SetAuth(tgt, tpg, clnt, inc, out)
-      inc = deep_copy(inc)
-      out = deep_copy(out)
+    def SetAuth(tgt, tpg, clnt, incoming, outgoing)
+      incoming = deep_copy(incoming)
+      if incoming.empty?
+        log_incoming = []
+      else
+        log_incoming = ["*****", "*****"]
+      end
+      outgoing = deep_copy(outgoing)
+      if outgoing.empty?
+        log_outgoing = []
+      else
+        log_outgoing = ["*****", "*****"]
+      end
       Builtins.y2milestone(
         "SetAuth tgt:%1 tpg:%2 clnt:%3 in:%4 out:%5",
         tgt,
         tpg,
         clnt,
-        inc,
-        out
+        log_incoming,
+        log_outgoing
       )
       cmd = ""
       ret = true
       if Builtins.isempty(tgt)
-        cmd = "lio_node --setchapdiscauth "
-        if !Builtins.isempty(inc)
-          ret = LogExecCmd(
-            Ops.add(
-              Ops.add(Ops.add(cmd, Ops.get_string(inc, 0, "")), " "),
-              Ops.get_string(inc, 1, "")
-            )
-          ) && ret
+        cmd = "lio_node --setchapdiscauth"
+        if !Builtins.isempty(incoming)
+          ret = LogExecCmd("#{cmd} #{incoming[0]} #{incoming[1]}", do_log: false) && ret
+          Builtins.y2milestone("Executing cmd: #{cmd} ***** *****")
         elsif HasIncomingAuth("", 0, "")
-          ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret
+          ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret
         end
-        cmd = "lio_node --setchapdiscmutualauth "
-        if !Builtins.isempty(out)
-          ret = LogExecCmd(
-            Ops.add(
-              Ops.add(Ops.add(cmd, Ops.get_string(out, 0, "")), " "),
-              Ops.get_string(out, 1, "")
-            )
-          ) && ret
+        cmd = "lio_node --setchapdiscmutualauth"
+        if !Builtins.isempty(outgoing)
+          ret = LogExecCmd("#{cmd} #{outgoing[0]} #{outgoing[1]}", do_log: false) && ret
+          Builtins.y2milestone("Executing cmd: #{cmd} ***** *****")
         elsif HasOutgoingAuth("", 0, "")
-          ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret
+          ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret
         end
       else
-        param = Ops.add(
-          Ops.add(Ops.add(Ops.add(Ops.add(tgt, " "), tpg), " "), clnt),
-          " "
-        )
-        cmd = Ops.add("lio_node --setchapauth ", param)
-        if !Builtins.isempty(inc)
-          ret = LogExecCmd(
-            Ops.add(
-              Ops.add(Ops.add(cmd, Ops.get_string(inc, 0, "")), " "),
-              Ops.get_string(inc, 1, "")
-            )
-          ) && ret
+        param = "#{tgt} #{tpg} #{clnt}"
+        cmd = "lio_node --setchapauth #{param}"
+        if !Builtins.isempty(incoming)
+          ret = LogExecCmd("#{cmd} #{incoming[0]} #{incoming[1]}", do_log: false) && ret
+          Builtins.y2milestone("Executing cmd: #{cmd} ***** *****")
         elsif HasIncomingAuth(tgt, tpg, clnt)
-          ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret
+          ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret
         end
-        cmd = Ops.add("lio_node --setchapmutualauth ", param)
-        if !Builtins.isempty(out)
-          ret = LogExecCmd(
-            Ops.add(
-              Ops.add(Ops.add(cmd, Ops.get_string(out, 0, "")), " "),
-              Ops.get_string(out, 1, "")
-            )
-          ) && ret
+        cmd = "lio_node --setchapmutualauth #{param}"
+        if !Builtins.isempty(outgoing)
+          ret = LogExecCmd("#{cmd} #{outgoing[0]} #{outgoing[1]}", do_log: false) && ret
+          Builtins.y2milestone("Executing cmd: #{cmd} ***** *****")
         elsif HasOutgoingAuth(tgt, tpg, clnt)
-          ret = LogExecCmd(Ops.add(cmd, "\"\" \"\" ")) && ret
+          ret = LogExecCmd("#{cmd} \"\" \"\" ") && ret
         end
       end
       Builtins.y2milestone("SetAuth ret:%1", ret)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/test/LogExecCmd_spec.rb new/yast2-iscsi-lio-server-3.1.9/test/LogExecCmd_spec.rb
--- old/yast2-iscsi-lio-server-3.1.8/test/LogExecCmd_spec.rb	1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-iscsi-lio-server-3.1.9/test/LogExecCmd_spec.rb	2014-09-01 16:24:17.000000000 +0200
@@ -0,0 +1,37 @@
+#! /usr/bin/rspec
+require_relative '../src/modules/IscsiLioData'
+
+describe Yast::IscsiLioDataClass do
+
+  before :each do
+    @iscsilib = Yast::IscsiLioDataClass.new
+    @iscsilib.main()
+
+    @test_class = @iscsilib
+  end
+
+  describe "#LogExecCmd" do
+    context "when told not to write command to YaST log" do
+      it "executes command and doesn't write to y2log" do
+        cmd = "lio-node --setchap hugo 12345"
+
+        expect(Yast::Builtins).not_to receive(:y2milestone)
+        expect(Yast::SCR).to receive(:Execute).once
+        @iscsilib.LogExecCmd(cmd, do_log: false)
+      end
+    end
+  end
+  
+  describe "#LogExecCmd" do
+    context "when called with command not containing sensitive data" do
+      it "executes command and write command to y2log" do
+        cmd = "lio-node --list"
+
+        expect(Yast::Builtins).to receive(:y2milestone).once
+        expect(Yast::SCR).to receive(:Execute).once
+        @iscsilib.LogExecCmd(cmd)
+      end
+    end
+  end
+
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/test/Makefile.am new/yast2-iscsi-lio-server-3.1.9/test/Makefile.am
--- old/yast2-iscsi-lio-server-3.1.8/test/Makefile.am	2014-07-28 13:33:11.000000000 +0200
+++ new/yast2-iscsi-lio-server-3.1.9/test/Makefile.am	2014-09-01 16:24:17.000000000 +0200
@@ -1,5 +1,7 @@
 TESTS = \
-  GetIpAddr_spec.rb
+  GetIpAddr_spec.rb     \
+  SetAuth_spec.rb       \
+  LogExecCmd_spec.rb
 
 TEST_EXTENSIONS = .rb
 RB_LOG_COMPILER = rspec
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-iscsi-lio-server-3.1.8/test/SetAuth_spec.rb new/yast2-iscsi-lio-server-3.1.9/test/SetAuth_spec.rb
--- old/yast2-iscsi-lio-server-3.1.8/test/SetAuth_spec.rb	1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-iscsi-lio-server-3.1.9/test/SetAuth_spec.rb	2014-09-01 16:24:17.000000000 +0200
@@ -0,0 +1,54 @@
+#! /usr/bin/rspec
+require_relative '../src/modules/IscsiLioData'
+
+describe Yast::IscsiLioDataClass do
+
+  before :each do
+    @iscsilib = Yast::IscsiLioDataClass.new
+    @iscsilib.main()
+
+    @test_class = @iscsilib
+  end
+
+  describe "#SetAuth" do
+    context "when called with user and password info" do
+      it "filters out sensitive data" do
+        tgt = ""
+        tpg = -42
+        clnt = ""
+        inc = ["SECRET1"]
+        out = ["SECRET2"]
+        expect(Yast::Builtins).to receive(:y2milestone) do |*args|
+          expect(args.to_s).not_to match /SECRET/
+        end.at_least(2).times
+
+        expect(@iscsilib).
+          to receive(:LogExecCmd).
+          twice.
+          and_return true
+
+        expect(@iscsilib.SetAuth(tgt, tpg, clnt, inc, out)).to be true
+      end
+    end
+  end
+
+  describe "#SetAuth" do
+    context "when called with user and password info" do
+      it "calls LogExecCmd correctly" do
+        tgt = ""
+        tpg = -42
+        clnt = ""
+        inc = ["User", "Password"]
+        out = []
+
+        expect(@iscsilib).to receive(:LogExecCmd) do |*args|
+          expect(args).to eq ["lio_node --setchapdiscauth User Password", {:do_log=>false}]
+        end
+
+        @iscsilib.SetAuth(tgt, tpg, clnt, inc, out)
+      end
+    end
+  end
+
+
+end

continue with "q"...


Checked in at Tue Sep 2 15:56:32 CEST 2014 by ro

Remember to have fun...

-- 
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org

    