You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by de...@apache.org on 2014/01/17 09:44:49 UTC
git commit: updated refs/heads/master to 06f8c1d
Updated Branches:
refs/heads/master c0f60651b -> 06f8c1de7
CLOUDSTACK-5692: obscure passwords when using cifs as storage
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/06f8c1de
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/06f8c1de
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/06f8c1de
Branch: refs/heads/master
Commit: 06f8c1de7559f8e1d22ffe1ded3a089dc109f784
Parents: c0f6065
Author: Saksham Srivastava <sa...@citrix.com>
Authored: Thu Jan 16 16:50:40 2014 +0530
Committer: Devdeep Singh <de...@gmail.com>
Committed: Fri Jan 17 14:00:24 2014 +0530
----------------------------------------------------------------------
core/src/com/cloud/agent/transport/Request.java | 28 ++++++++++++++-
.../resource/HypervDirectConnectResource.java | 36 +++++++++++++++++---
.../CloudStackImageStoreLifeCycleImpl.java | 30 ++++++++++++++--
.../api/query/dao/ImageStoreJoinDaoImpl.java | 11 ++++--
.../api/query/dao/StoragePoolJoinDaoImpl.java | 13 +++++--
ui/scripts/sharedFunctions.js | 4 ++-
6 files changed, 107 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/06f8c1de/core/src/com/cloud/agent/transport/Request.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/transport/Request.java b/core/src/com/cloud/agent/transport/Request.java
index f4ed5c4..b5890d9 100755
--- a/core/src/com/cloud/agent/transport/Request.java
+++ b/core/src/com/cloud/agent/transport/Request.java
@@ -23,6 +23,7 @@ import java.io.StringReader;
import java.lang.reflect.Type;
import java.nio.ByteBuffer;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.zip.GZIPInputStream;
@@ -49,6 +50,7 @@ import com.cloud.exception.UnsupportedVersionException;
import com.cloud.serializer.GsonHelper;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.Pair;
+import com.cloud.utils.StringUtils;
import com.cloud.utils.exception.CloudRuntimeException;
/**
@@ -436,11 +438,35 @@ public class Request {
}
buf.append(", Ver: ").append(_ver.toString());
buf.append(", Flags: ").append(Integer.toBinaryString(getFlags())).append(", ");
- buf.append(content);
+ String cleanContent = content.toString();
+ if(cleanContent.contains("password")) {
+ buf.append(cleanPassword(cleanContent));
+ } else {
+ buf.append(content);
+ }
buf.append(" }");
return buf.toString();
}
+ public static String cleanPassword(String logString) {
+ String cleanLogString = null;
+ if (logString != null) {
+ cleanLogString = logString;
+ String[] temp = logString.split(",");
+ int i = 0;
+ if (temp != null) {
+ while (i < temp.length) {
+ temp[i] = StringUtils.cleanString(temp[i]);
+ i++;
+ }
+ List<String> stringList = new ArrayList<String>();
+ Collections.addAll(stringList, temp);
+ cleanLogString = StringUtils.join(stringList, ",");
+ }
+ }
+ return cleanLogString;
+ }
+
/**
* Factory method for Request and Response. It expects the bytes to be
* correctly formed so it's possible that it throws underflow exceptions
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/06f8c1de/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java b/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
index 519f457..d6ffa1d 100644
--- a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
+++ b/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
@@ -31,6 +31,8 @@ import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -41,6 +43,7 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.client.ClientProtocolException;
@@ -130,7 +133,6 @@ import com.cloud.utils.net.NetUtils;
import com.cloud.utils.ssh.SshHelper;
import com.cloud.vm.VirtualMachine;
import com.cloud.vm.VirtualMachineName;
-
/**
* Implementation of dummy resource to be returned from discoverer.
**/
@@ -433,7 +435,8 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
// Only Answer instances are returned by remote agents.
// E.g. see Response.getAnswers()
Answer[] result = s_gson.fromJson(ansStr, Answer[].class);
- s_logger.debug("executeRequest received response " + s_gson.toJson(result));
+ String logResult = cleanPassword(StringEscapeUtils.unescapeJava(result.toString()));
+ s_logger.debug("executeRequest received response " + logResult);
if (result.length > 0) {
return result[0];
}
@@ -1679,7 +1682,10 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
// comment to use Apache HttpClient
// http://stackoverflow.com/a/2793153/939250, but final comment is to
// use Apache.
- s_logger.debug("POST request to" + agentUri.toString() + " with contents" + jsonCmd);
+ String logMessage = StringEscapeUtils.unescapeJava(jsonCmd);
+ logMessage = cleanPassword(logMessage);
+ s_logger.debug("POST request to " + agentUri.toString()
+ + " with contents " + logMessage);
// Create request
HttpClient httpClient = null;
@@ -1719,7 +1725,8 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
StringEntity cmdJson = new StringEntity(jsonCmd);
request.addHeader("content-type", "application/json");
request.setEntity(cmdJson);
- s_logger.debug("Sending cmd to " + agentUri.toString() + " cmd data:" + jsonCmd);
+ s_logger.debug("Sending cmd to " + agentUri.toString()
+ + " cmd data:" + logMessage);
HttpResponse response = httpClient.execute(request);
// Unsupported commands will not route.
@@ -1736,7 +1743,8 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
return null;
} else {
result = EntityUtils.toString(response.getEntity());
- s_logger.debug("POST response is" + result);
+ String logResult = cleanPassword(StringEscapeUtils.unescapeJava(result));
+ s_logger.debug("POST response is " + logResult);
}
} catch (ClientProtocolException protocolEx) {
// Problem with HTTP message exchange
@@ -1862,4 +1870,22 @@ public class HypervDirectConnectResource extends ServerResourceBase implements S
return "Unable to connect";
}
+ public static String cleanPassword(String logString) {
+ String cleanLogString = null;
+ if (logString != null) {
+ cleanLogString = logString;
+ String[] temp = logString.split(",");
+ int i = 0;
+ if (temp != null) {
+ while (i < temp.length) {
+ temp[i] = StringUtils.cleanString(temp[i]);
+ i++;
+ }
+ List<String> stringList = new ArrayList<String>();
+ Collections.addAll(stringList, temp);
+ cleanLogString = StringUtils.join(stringList, ",");
+ }
+ }
+ return cleanLogString;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/06f8c1de/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
----------------------------------------------------------------------
diff --git a/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java b/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
index 13bd5d8..7675e94 100644
--- a/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
+++ b/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
@@ -18,6 +18,8 @@ package org.apache.cloudstack.storage.datastore.lifecycle;
import java.net.URI;
import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -26,7 +28,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import com.ibm.wsdl.util.StringUtils;
+import com.cloud.utils.StringUtils;
import org.apache.cloudstack.engine.subsystem.api.storage.ClusterScope;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
@@ -86,7 +88,13 @@ public class CloudStackImageStoreLifeCycleImpl implements ImageStoreLifeCycle {
DataStoreRole role = (DataStoreRole)dsInfos.get("role");
Map<String, String> details = (Map<String, String>)dsInfos.get("details");
- s_logger.info("Trying to add a new data store at " + StringUtils.cleanString(url) + " to data center " + dcId);
+ String logString = "";
+ if(url.contains("cifs")) {
+ logString = cleanPassword(url);
+ } else {
+ logString = StringUtils.cleanString(url);
+ }
+ s_logger.info("Trying to add a new data store at " + logString + " to data center " + dcId);
URI uri = null;
try {
@@ -167,4 +175,22 @@ public class CloudStackImageStoreLifeCycleImpl implements ImageStoreLifeCycle {
return imageStoreHelper.convertToStagingStore(store);
}
+ public static String cleanPassword(String logString) {
+ String cleanLogString = null;
+ if (logString != null) {
+ cleanLogString = logString;
+ String[] temp = logString.split(",");
+ int i = 0;
+ if (temp != null) {
+ while (i < temp.length) {
+ temp[i] = StringUtils.cleanString(temp[i]);
+ i++;
+ }
+ List<String> stringList = new ArrayList<String>();
+ Collections.addAll(stringList, temp);
+ cleanLogString = StringUtils.join(stringList, ",");
+ }
+ }
+ return cleanLogString;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/06f8c1de/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
index 90c155f..55bc573 100644
--- a/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
@@ -23,17 +23,17 @@ import javax.ejb.Local;
import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
import org.apache.cloudstack.api.response.ImageStoreDetailResponse;
import org.apache.cloudstack.api.response.ImageStoreResponse;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.springframework.stereotype.Component;
import com.cloud.api.query.vo.ImageStoreJoinVO;
import com.cloud.storage.ImageStore;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.StringUtils;
@Component
@Local(value = {ImageStoreJoinDao.class})
@@ -67,7 +67,12 @@ public class ImageStoreJoinDaoImpl extends GenericDaoBase<ImageStoreJoinVO, Long
osResponse.setName(ids.getName());
osResponse.setProviderName(ids.getProviderName());
osResponse.setProtocol(ids.getProtocol());
- osResponse.setUrl(ids.getUrl());
+ String url = ids.getUrl();
+ //if store is type cifs, remove the password
+ if(ids.getProtocol().equals("cifs".toString())) {
+ url = StringUtils.cleanString(url);
+ }
+ osResponse.setUrl(url);
osResponse.setScope(ids.getScope());
osResponse.setZoneId(ids.getZoneUuid());
osResponse.setZoneName(ids.getZoneName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/06f8c1de/server/src/com/cloud/api/query/dao/StoragePoolJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/StoragePoolJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/StoragePoolJoinDaoImpl.java
index 0a5fb5e..274bf1c 100644
--- a/server/src/com/cloud/api/query/dao/StoragePoolJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/StoragePoolJoinDaoImpl.java
@@ -34,6 +34,7 @@ import com.cloud.capacity.Capacity;
import com.cloud.storage.ScopeType;
import com.cloud.storage.StoragePool;
import com.cloud.storage.StorageStats;
+import com.cloud.utils.StringUtils;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@@ -60,7 +61,7 @@ public class StoragePoolJoinDaoImpl extends GenericDaoBase<StoragePoolJoinVO, Lo
spIdSearch.and("id", spIdSearch.entity().getId(), SearchCriteria.Op.EQ);
spIdSearch.done();
- this._count = "select count(distinct id) from storage_pool_view WHERE ";
+ _count = "select count(distinct id) from storage_pool_view WHERE ";
}
@Override
@@ -69,7 +70,10 @@ public class StoragePoolJoinDaoImpl extends GenericDaoBase<StoragePoolJoinVO, Lo
poolResponse.setId(pool.getUuid());
poolResponse.setName(pool.getName());
poolResponse.setState(pool.getStatus());
- poolResponse.setPath(pool.getPath());
+ String path = pool.getPath();
+ //cifs store may contain password entry, remove the password
+ path = StringUtils.cleanString(path);
+ poolResponse.setPath(path);
poolResponse.setIpAddress(pool.getHostAddress());
poolResponse.setZoneId(pool.getZoneUuid());
poolResponse.setZoneName(pool.getZoneName());
@@ -129,7 +133,10 @@ public class StoragePoolJoinDaoImpl extends GenericDaoBase<StoragePoolJoinVO, Lo
poolResponse.setId(pool.getUuid());
poolResponse.setName(pool.getName());
poolResponse.setState(pool.getStatus());
- poolResponse.setPath(pool.getPath());
+ String path = pool.getPath();
+ //cifs store may contain password entry, remove the password
+ path = StringUtils.cleanString(path);
+ poolResponse.setPath(path);
poolResponse.setIpAddress(pool.getHostAddress());
poolResponse.setZoneId(pool.getZoneUuid());
poolResponse.setZoneName(pool.getZoneName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/06f8c1de/ui/scripts/sharedFunctions.js
----------------------------------------------------------------------
diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js
index a632850..b9dc2f3 100644
--- a/ui/scripts/sharedFunctions.js
+++ b/ui/scripts/sharedFunctions.js
@@ -1201,7 +1201,9 @@ var processPropertiesInImagestoreObject = function(jsonObj) {
var url = jsonObj.url; //e.g. 'cifs://10.1.1.1/aaa/aaa2/aaa3?user=bbb&password=ccc&domain=ddd'
var passwordIndex = url.indexOf('&password='); //38
var domainIndex = url.indexOf('&domain='); //51
- jsonObj.url = url.substring(0, passwordIndex) + url.substring(domainIndex); //remove '&password=ccc' from jsonObj.url
+ if (passwordIndex >= 0) {
+ jsonObj.url = url.substring(0, passwordIndex) + url.substring(domainIndex); //remove '&password=ccc' from jsonObj.url
+ }
}
}