From f449cd735087acae19eef091ae9498f438ff080e Mon Sep 17 00:00:00 2001 From: frank Date: Mon, 9 Jan 2012 14:41:46 -0800 Subject: [PATCH] Bug 12771 - management-server.log displays ipmi related credentials in plain text status 12771: resolved fixed --- .../cloud/baremetal/BareMetalDiscoverer.java | 10 ++-- .../baremetal/BareMetalResourceBase.java | 56 ++++++++++--------- .../com/cloud/baremetal/DhcpdResource.java | 4 +- .../baremetal/PingPxeServerResource.java | 4 +- utils/src/com/cloud/utils/script/Script2.java | 53 ++++++++++++++++++ 5 files changed, 92 insertions(+), 35 deletions(-) mode change 100644 => 100755 server/src/com/cloud/baremetal/DhcpdResource.java mode change 100644 => 100755 server/src/com/cloud/baremetal/PingPxeServerResource.java create mode 100755 utils/src/com/cloud/utils/script/Script2.java diff --git a/server/src/com/cloud/baremetal/BareMetalDiscoverer.java b/server/src/com/cloud/baremetal/BareMetalDiscoverer.java index a276750be80..44adb5a1599 100755 --- a/server/src/com/cloud/baremetal/BareMetalDiscoverer.java +++ b/server/src/com/cloud/baremetal/BareMetalDiscoverer.java @@ -54,6 +54,8 @@ import com.cloud.resource.UnableDeleteHostException; import com.cloud.utils.component.Inject; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.script.Script; +import com.cloud.utils.script.Script2; +import com.cloud.utils.script.Script2.ParamType; import com.cloud.vm.VMInstanceVO; import com.cloud.vm.VirtualMachine.State; import com.cloud.vm.dao.VMInstanceDao; @@ -127,14 +129,14 @@ public class BareMetalDiscoverer extends DiscovererBase implements Discoverer, R + injectScript); } - final Script command = new Script(scriptPath, s_logger); + final Script2 command = new Script2(scriptPath, s_logger); command.add("ping"); command.add("hostname="+ipmiIp); command.add("usrname="+username); - command.add("password="+password); + command.add("password="+password, ParamType.PASSWORD); final String result = command.execute(); if (result != null) { - s_logger.warn(String.format("Can not set up ipmi connection(ip=%1$s, username=%2$s, password=%3$s, args) because %4$s", ipmiIp, username, password, result)); + s_logger.warn(String.format("Can not set up ipmi connection(ip=%1$s, username=%2$s, password=%3$s, args) because %4$s", ipmiIp, username, "******", result)); return null; } @@ -180,7 +182,7 @@ public class BareMetalDiscoverer extends DiscovererBase implements Discoverer, R _dcDao.update(zone.getId(), zone); s_logger.debug(String.format("Discover Bare Metal host successfully(ip=%1$s, username=%2$s, password=%3%s," + - "cpuNum=%4$s, cpuCapacity-%5$s, memCapacity=%6$s)", ipmiIp, username, password, cpuNum, cpuCapacity, memCapacity)); + "cpuNum=%4$s, cpuCapacity-%5$s, memCapacity=%6$s)", ipmiIp, username, "******", cpuNum, cpuCapacity, memCapacity)); return resources; } catch (Exception e) { s_logger.warn("Can not set up bare metal agent", e); diff --git a/server/src/com/cloud/baremetal/BareMetalResourceBase.java b/server/src/com/cloud/baremetal/BareMetalResourceBase.java index 4565e6e49ab..13f52319e3f 100755 --- a/server/src/com/cloud/baremetal/BareMetalResourceBase.java +++ b/server/src/com/cloud/baremetal/BareMetalResourceBase.java @@ -63,6 +63,8 @@ import com.cloud.resource.ServerResource; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.script.OutputInterpreter; import com.cloud.utils.script.Script; +import com.cloud.utils.script.Script2; +import com.cloud.utils.script.Script2.ParamType; import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachine.State; @@ -83,15 +85,15 @@ public class BareMetalResourceBase implements ServerResource { protected String _password; protected String _ip; protected IAgentControl _agentControl; - protected Script _pingCommand; - protected Script _setPxeBootCommand; - protected Script _setDiskBootCommand; - protected Script _rebootCommand; - protected Script _getStatusCommand; - protected Script _powerOnCommand; - protected Script _powerOffCommand; - protected Script _forcePowerOffCommand; - protected Script _bootOrRebootCommand; + protected Script2 _pingCommand; + protected Script2 _setPxeBootCommand; + protected Script2 _setDiskBootCommand; + protected Script2 _rebootCommand; + protected Script2 _getStatusCommand; + protected Script2 _powerOnCommand; + protected Script2 _powerOffCommand; + protected Script2 _forcePowerOffCommand; + protected Script2 _bootOrRebootCommand; protected String _vmName; private void changeVmState(String vmName, VirtualMachine.State state) { @@ -158,64 +160,64 @@ public class BareMetalResourceBase implements ServerResource { if (scriptPath == null) { throw new ConfigurationException("Cannot find ping script " + scriptPath); } - _pingCommand = new Script(scriptPath, s_logger); + _pingCommand = new Script2(scriptPath, s_logger); _pingCommand.add("ping"); _pingCommand.add("hostname="+_ip); _pingCommand.add("usrname="+_username); - _pingCommand.add("password="+_password); + _pingCommand.add("password="+_password, ParamType.PASSWORD); - _setPxeBootCommand = new Script(scriptPath, s_logger); + _setPxeBootCommand = new Script2(scriptPath, s_logger); _setPxeBootCommand.add("boot_dev"); _setPxeBootCommand.add("hostname="+_ip); _setPxeBootCommand.add("usrname="+_username); - _setPxeBootCommand.add("password="+_password); + _setPxeBootCommand.add("password="+_password, ParamType.PASSWORD); _setPxeBootCommand.add("dev=pxe"); - _setDiskBootCommand = new Script(scriptPath, s_logger); + _setDiskBootCommand = new Script2(scriptPath, s_logger); _setDiskBootCommand.add("boot_dev"); _setDiskBootCommand.add("hostname="+_ip); _setDiskBootCommand.add("usrname="+_username); - _setDiskBootCommand.add("password="+_password); + _setDiskBootCommand.add("password="+_password, ParamType.PASSWORD); _setDiskBootCommand.add("dev=disk"); - _rebootCommand = new Script(scriptPath, s_logger); + _rebootCommand = new Script2(scriptPath, s_logger); _rebootCommand.add("reboot"); _rebootCommand.add("hostname="+_ip); _rebootCommand.add("usrname="+_username); - _rebootCommand.add("password="+_password); + _rebootCommand.add("password="+_password, ParamType.PASSWORD); - _getStatusCommand = new Script(scriptPath, s_logger); + _getStatusCommand = new Script2(scriptPath, s_logger); _getStatusCommand.add("ping"); _getStatusCommand.add("hostname="+_ip); _getStatusCommand.add("usrname="+_username); - _getStatusCommand.add("password="+_password); + _getStatusCommand.add("password="+_password, ParamType.PASSWORD); - _powerOnCommand = new Script(scriptPath, s_logger); + _powerOnCommand = new Script2(scriptPath, s_logger); _powerOnCommand.add("power"); _powerOnCommand.add("hostname="+_ip); _powerOnCommand.add("usrname="+_username); - _powerOnCommand.add("password="+_password); + _powerOnCommand.add("password="+_password, ParamType.PASSWORD); _powerOnCommand.add("action=on"); - _powerOffCommand = new Script(scriptPath, s_logger); + _powerOffCommand = new Script2(scriptPath, s_logger); _powerOffCommand.add("power"); _powerOffCommand.add("hostname="+_ip); _powerOffCommand.add("usrname="+_username); - _powerOffCommand.add("password="+_password); + _powerOffCommand.add("password="+_password, ParamType.PASSWORD); _powerOffCommand.add("action=soft"); - _forcePowerOffCommand = new Script(scriptPath, s_logger); + _forcePowerOffCommand = new Script2(scriptPath, s_logger); _forcePowerOffCommand.add("power"); _forcePowerOffCommand.add("hostname=" + _ip); _forcePowerOffCommand.add("usrname=" + _username); - _forcePowerOffCommand.add("password=" + _password); + _forcePowerOffCommand.add("password=" + _password, ParamType.PASSWORD); _forcePowerOffCommand.add("action=off"); - _bootOrRebootCommand = new Script(scriptPath, s_logger); + _bootOrRebootCommand = new Script2(scriptPath, s_logger); _bootOrRebootCommand.add("boot_or_reboot"); _bootOrRebootCommand.add("hostname="+_ip); _bootOrRebootCommand.add("usrname="+_username); - _bootOrRebootCommand.add("password="+_password); + _bootOrRebootCommand.add("password="+_password, ParamType.PASSWORD); return true; } diff --git a/server/src/com/cloud/baremetal/DhcpdResource.java b/server/src/com/cloud/baremetal/DhcpdResource.java old mode 100644 new mode 100755 index 9aef29433de..237016bd3d9 --- a/server/src/com/cloud/baremetal/DhcpdResource.java +++ b/server/src/com/cloud/baremetal/DhcpdResource.java @@ -40,11 +40,11 @@ public class DhcpdResource extends ExternalDhcpResourceBase { com.trilead.ssh2.Connection sshConnection = null; try { super.configure(name, params); - s_logger.debug(String.format("Trying to connect to DHCP server(IP=%1$s, username=%2$s, password=%3$s)", _ip, _username, _password)); + s_logger.debug(String.format("Trying to connect to DHCP server(IP=%1$s, username=%2$s, password=%3$s)", _ip, _username, "******")); sshConnection = SSHCmdHelper.acquireAuthorizedConnection(_ip, _username, _password); if (sshConnection == null) { throw new ConfigurationException( - String.format("Cannot connect to DHCP server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, _password)); + String.format("Cannot connect to DHCP server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, "******")); } if (!SSHCmdHelper.sshExecuteCmd(sshConnection, "[ -f '/usr/sbin/dhcpd' ]")) { diff --git a/server/src/com/cloud/baremetal/PingPxeServerResource.java b/server/src/com/cloud/baremetal/PingPxeServerResource.java old mode 100644 new mode 100755 index 406a4e222f5..df97692e4b1 --- a/server/src/com/cloud/baremetal/PingPxeServerResource.java +++ b/server/src/com/cloud/baremetal/PingPxeServerResource.java @@ -87,13 +87,13 @@ public class PingPxeServerResource extends PxeServerResourceBase { com.trilead.ssh2.Connection sshConnection = new com.trilead.ssh2.Connection(_ip, 22); - s_logger.debug(String.format("Trying to connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, _password)); + s_logger.debug(String.format("Trying to connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, "******")); try { sshConnection.connect(null, 60000, 60000); if (!sshConnection.authenticateWithPassword(_username, _password)) { s_logger.debug("SSH Failed to authenticate"); throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, - _password)); + "******")); } String cmd = String.format("[ -f /%1$s/pxelinux.0 ] && [ -f /%2$s/kernel ] && [ -f /%3$s/initrd.gz ] ", _tftpDir, _tftpDir, _tftpDir); diff --git a/utils/src/com/cloud/utils/script/Script2.java b/utils/src/com/cloud/utils/script/Script2.java new file mode 100755 index 00000000000..5c345d5ad33 --- /dev/null +++ b/utils/src/com/cloud/utils/script/Script2.java @@ -0,0 +1,53 @@ +package com.cloud.utils.script; + + +import java.util.HashMap; +import org.apache.log4j.Logger; + + +public class Script2 extends Script { + HashMap _params = new HashMap(); + + public static enum ParamType { + NORMAL, + PASSWORD, + } + + public Script2(String command, Logger logger) { + this(command, 0, logger); + } + + public Script2(String command, long timeout, Logger logger) { + super(command, timeout, logger); + } + + public void add(String param, ParamType type) { + _params.put(param, type); + super.add(param); + } + + @Override + public void add(String param) { + add(param, ParamType.NORMAL); + } + + private ParamType getType(String cmd) { + return _params.get(cmd); + } + + @Override + protected String buildCommandLine(String[] command) { + StringBuilder builder = new StringBuilder(); + for (int i = 0; i < command.length; i++) { + String cmd = command[i]; + ParamType type = getType(cmd); + if (type == ParamType.PASSWORD) { + builder.append("******").append(" "); + } else { + builder.append(command[i]).append(" "); + } + } + + return builder.toString(); + } +}