URL:
https://github.com/SSSD/sssd/pull/585
Author: fidencio
Title: #585: tcurl: do not log the payload
Action: opened
PR body:
"""
We should never ever log the payload. In order to avoid doing this,
let's parse the data and replace the payload content for "...".
One example of the log before the patch is:
(Wed May 30 21:43:49 2018) [sssd[kcm]] [tcurl_write_data] (0x2000): ---> begin libcurl
data
(Wed May 30 21:43:49 2018) [sssd[kcm]] [tcurl_write_data] (0x2000): {
"version": 1,
"kdc_offset": 0,
"principal": {
"type": 0,
"realm": "DOMAIN.TEST",
"components": [
"admin"
]
},
"creds": [
"uuid": "f87d2975-fc14-4cb8-8275-f0e474f82403",
"payload":
"AAAAAAAAAAEAAAAPS05PV05IT1NUUy5URVNUAAAABWFkbWluAAAAAAAAAAMAAAAMWC1DQUNIRUNPTkY6AAAAFWtyYjVfY2NhY2hlX2NvbmZfZGF0YQAAAApmYXN0X2F2YWlsAAAAJmtyYnRndC9LTk9XTkhPU1RTLlRFU1RAS05PV05IT1NUUy5URVNUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADeWVzAAAAAA=="
}
]
}
(Wed May 30 21:43:49 2018) [sssd[kcm]] [tcurl_write_data] (0x2000): <--- end libcurl
data
And after the patch:
(Wed May 30 21:45:19 2018) [sssd[kcm]] [tcurl_print_sanitized_data] (0x2000): --->
begin libcurl data
(Wed May 30 21:45:19 2018) [sssd[kcm]] [tcurl_print_sanitized_data] (0x2000): {
"version": 1,
"kdc_offset": 0,
"principal": {
"type": 0,
"realm": "DOMAIN.TEST",
"components": [
"admin"
]
},
"creds": [
{
"uuid": "727b7a15-eba7-4d44-aebe-dc6d1ecaf5f4",
"payload": "..."
}
]
}
(Wed May 30 21:45:19 2018) [sssd[kcm]] [tcurl_print_sanitized_data] (0x2000): <--- end
libcurl data
Resolves:
https://pagure.io/SSSD/sssd/issue/3674
Signed-off-by: Fabiano Fidêncio <fidencio(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghsssd
https://github.com/SSSD/sssd
git fetch ghsssd pull/585/head:pr585
git checkout pr585