[Pkg-mongodb-maintainers] [pkg-mongodb] 01/03: Redact key and nonce from auth attempt logs
Apollon Oikonomopoulos
apoikos at moszumanska.debian.org
Mon Jan 30 09:26:14 UTC 2017
This is an automated email from the git hooks/post-receive script.
apoikos pushed a commit to branch stable/jessie
in repository pkg-mongodb.
commit 0a20b755c1d30a592d65278885c3f6b567d95719
Author: Apollon Oikonomopoulos <apoikos at debian.org>
Date: Tue Jan 10 17:45:51 2017 +0200
Redact key and nonce from auth attempt logs
Closes: #833087
---
...dact-key-and-nonce-from-auth-attempt-logs.patch | 41 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 42 insertions(+)
diff --git a/debian/patches/Redact-key-and-nonce-from-auth-attempt-logs.patch b/debian/patches/Redact-key-and-nonce-from-auth-attempt-logs.patch
new file mode 100644
index 0000000..32797b0
--- /dev/null
+++ b/debian/patches/Redact-key-and-nonce-from-auth-attempt-logs.patch
@@ -0,0 +1,41 @@
+From 1d44ca172befd6ad6d3a6cb410ddf7a0e31b6f81 Mon Sep 17 00:00:00 2001
+From: Apollon Oikonomopoulos <apoikos at debian.org>
+Date: Tue, 10 Jan 2017 17:39:57 +0200
+Bug-Debian: #833087
+Subject: [PATCH] Redact key and nonce from auth attempt logs
+---
+ src/mongo/db/commands/authentication_commands.cpp | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp
+index bcc5a2f..538e9a0 100644
+--- a/src/mongo/db/commands/authentication_commands.cpp
++++ b/src/mongo/db/commands/authentication_commands.cpp
+@@ -93,8 +93,23 @@ namespace mongo {
+ } cmdGetNonce;
+
+ bool CmdAuthenticate::run(const string& dbname , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
++ // Debian #833087: redact key and nonce from authentication attempts
++ BSONObjBuilder cmdToLog;
++ BSONObjIterator it = cmdObj.begin();
++ const StringData kKey = "key";
++ const StringData kNonce = "nonce";
++
++ while (it.more()) {
++ BSONElement e = it.next();
++ const char *fname = e.fieldName();
++ if (fname == kKey || fname == kNonce) {
++ cmdToLog.append(fname, "xxx");
++ } else {
++ cmdToLog.append(e);
++ }
++ }
+
+- log() << " authenticate db: " << dbname << " " << cmdObj << endl;
++ log() << " authenticate db: " << dbname << " " << cmdToLog.obj() << endl;
+
+ string user = cmdObj.getStringField("user");
+
+--
+2.10.2
+
diff --git a/debian/patches/series b/debian/patches/series
index cf48e35..2affbd5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,3 +18,4 @@ cefb0ef38f050b73b2bf8211add55f3749753e0a.patch
8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch
656f78711632a5dc37221422c99e3c4619bcc58f.patch
3a7e85ea1f672f702660e5472566234b1d19038e.patch
+Redact-key-and-nonce-from-auth-attempt-logs.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mongodb/pkg-mongodb.git
More information about the Pkg-mongodb-maintainers
mailing list