diff options
| author | Stepan Broz <sbroz@redhat.com> | 2022-11-16 10:01:29 +0100 |
|---|---|---|
| committer | Jake Hunsaker <jhunsake@redhat.com> | 2022-11-28 10:31:12 -0500 |
| commit | d499922dcc04288ea0a1d628ec1f27681e15d346 (patch) | |
| tree | ddb04268a4ce644222f7c26d1661a55a42aff7bf | |
| parent | 7f492694d3c97f45ee76d60fda47a3055939e725 (diff) | |
| download | sos-d499922dcc04288ea0a1d628ec1f27681e15d346.tar.gz | |
[autofs] Scrub autofs_ldap_auth secrets
The XML configuration file /etc/autofs_ldap_auth.conf may contain
an authentication secret in the <autofs_ldap_sasl_conf/> tag.
This patch makes sure the secret or encoded_secret gets scrubbed.
Example of scrubbing of the secret:
secret="abc"
or
encoded_secret = 'abc'
to:
secret="********"
or
encoded_secret = '********'
Resolves: #3068
Signed-off-by: Stepan Broz <sbroz@redhat.com>
| -rw-r--r-- | sos/report/plugins/autofs.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/sos/report/plugins/autofs.py b/sos/report/plugins/autofs.py index 57d7bcdb..d8ffda74 100644 --- a/sos/report/plugins/autofs.py +++ b/sos/report/plugins/autofs.py @@ -54,6 +54,25 @@ class Autofs(Plugin): r"(password=)[^,\s]*", r"\1********" ) + # Hide secrets in the LDAP authentication config + # + # Example of scrubbing of the secret: + # + # secret="abc" + # or + # encoded_secret = 'abc' + # + # to: + # + # secret="********" + # or + # encoded_secret = '********' + # + self.do_file_sub( + "/etc/autofs_ldap_auth.conf", + r"(secret[\s]*[=]+[\s]*)(\'|\").*(\'|\")", + r"\1\2********\3" + ) self.do_cmd_output_sub( "automount -m", r"(password=)[^,\s]*", |