[Pkg-mongodb-maintainers] [pkg-mongodb] 01/03: Redact key and nonce from auth attempt logs

Mon Jan 30 09:26:14 UTC 2017

This is an automated email from the git hooks/post-receive script.

apoikos pushed a commit to branch stable/jessie
in repository pkg-mongodb.

commit 0a20b755c1d30a592d65278885c3f6b567d95719
Author: Apollon Oikonomopoulos <apoikos at debian.org>
Date:   Tue Jan 10 17:45:51 2017 +0200

    Redact key and nonce from auth attempt logs
    
    Closes: #833087
---
 ...dact-key-and-nonce-from-auth-attempt-logs.patch | 41 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 42 insertions(+)

diff --git a/debian/patches/Redact-key-and-nonce-from-auth-attempt-logs.patch b/debian/patches/Redact-key-and-nonce-from-auth-attempt-logs.patch
new file mode 100644
index 0000000..32797b0
--- /dev/null
+++ b/debian/patches/Redact-key-and-nonce-from-auth-attempt-logs.patch
@@ -0,0 +1,41 @@
+From 1d44ca172befd6ad6d3a6cb410ddf7a0e31b6f81 Mon Sep 17 00:00:00 2001
+From: Apollon Oikonomopoulos <apoikos at debian.org>
+Date: Tue, 10 Jan 2017 17:39:57 +0200
+Bug-Debian: #833087
+Subject: [PATCH] Redact key and nonce from auth attempt logs
+---
+ src/mongo/db/commands/authentication_commands.cpp | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp
+index bcc5a2f..538e9a0 100644
+--- a/src/mongo/db/commands/authentication_commands.cpp
++++ b/src/mongo/db/commands/authentication_commands.cpp
+@@ -93,8 +93,23 @@ namespace mongo {
+     } cmdGetNonce;
+ 
+     bool CmdAuthenticate::run(const string& dbname , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
++        // Debian #833087: redact key and nonce from authentication attempts
++        BSONObjBuilder cmdToLog;
++        BSONObjIterator it = cmdObj.begin();
++        const StringData kKey = "key";
++        const StringData kNonce = "nonce";
++
++        while (it.more()) {
++            BSONElement e = it.next();
++            const char *fname = e.fieldName();
++            if (fname == kKey || fname == kNonce) {
++                cmdToLog.append(fname, "xxx");
++            } else {
++                cmdToLog.append(e);
++            }
++        }
+ 
+-        log() << " authenticate db: " << dbname << " " << cmdObj << endl;
++        log() << " authenticate db: " << dbname << " " << cmdToLog.obj() << endl;
+ 
+         string user = cmdObj.getStringField("user");
+ 
+-- 
+2.10.2
+
diff --git a/debian/patches/series b/debian/patches/series
index cf48e35..2affbd5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,3 +18,4 @@ cefb0ef38f050b73b2bf8211add55f3749753e0a.patch
 8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch
 656f78711632a5dc37221422c99e3c4619bcc58f.patch
 3a7e85ea1f672f702660e5472566234b1d19038e.patch
+Redact-key-and-nonce-from-auth-attempt-logs.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mongodb/pkg-mongodb.git

