From b366eabcb30410c5f6ffad4a586ac99b7d04dbe0 Mon Sep 17 00:00:00 2001 From: Wenchao Hao Date: Tue, 25 Jan 2022 20:10:34 +0800 Subject: [PATCH] Remove password printing in session info display Signed-off-by: Wenchao Hao --- 0013-Remove-session-info-password-print.patch | 56 +++++++++++++++++++ open-iscsi.spec | 6 +- 2 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 0013-Remove-session-info-password-print.patch diff --git a/0013-Remove-session-info-password-print.patch b/0013-Remove-session-info-password-print.patch new file mode 100644 index 0000000..d4784f2 --- /dev/null +++ b/0013-Remove-session-info-password-print.patch @@ -0,0 +1,56 @@ +From fe6458547a2e6dd6c7dd8246738e0c8a73478171 Mon Sep 17 00:00:00 2001 +From: Wenchao Hao +Date: Tue, 25 Jan 2022 19:36:35 +0800 +Subject: [PATCH] Remove session info password print + +In consideration of security, password should not be printed +in log, so this patch remove password printing in code. + +Signed-off-by: Wenchao Hao +--- + usr/session_info.c | 16 +++------------- + 1 file changed, 3 insertions(+), 13 deletions(-) + +diff --git a/usr/session_info.c b/usr/session_info.c +index 0dae82f..b9c406f 100644 +--- a/usr/session_info.c ++++ b/usr/session_info.c +@@ -268,7 +268,6 @@ void session_info_print_tree(struct iscsi_session **ses, uint32_t se_count, + int32_t tgt_reset_tmo = -1; + int32_t lu_reset_tmo = -1; + int32_t abort_tmo = -1; +- const char *pass = NULL; + + for (i = 0; i < se_count; ++i) { + curr = ses[i]; +@@ -403,24 +402,15 @@ void session_info_print_tree(struct iscsi_session **ses, uint32_t se_count, + if (!do_show) + printf("%s\t\tpassword: %s\n", prefix, + "********"); +- else { +- pass = iscsi_session_password_get(curr); ++ else + printf("%s\t\tpassword: %s\n", prefix, +- strlen(pass) ? pass : UNKNOWN_VALUE); +- } ++ "********"); + + printf("%s\t\tusername_in: %s\n", prefix, + strlen(iscsi_session_username_in_get(curr)) ? + iscsi_session_username_in_get(curr) : + UNKNOWN_VALUE); +- if (!do_show) +- printf("%s\t\tpassword_in: %s\n", prefix, +- "********"); +- else { +- pass = iscsi_session_password_in_get(curr); +- printf("%s\t\tpassword: %s\n", prefix, +- strlen(pass) ? pass : UNKNOWN_VALUE); +- } ++ printf("%s\t\tpassword_in: %s\n", prefix,"********"); + } + + if (flags & SESSION_INFO_ISCSI_PARAMS) +-- +1.8.3.1 + diff --git a/open-iscsi.spec b/open-iscsi.spec index 8776b0c..a23d932 100644 --- a/open-iscsi.spec +++ b/open-iscsi.spec @@ -4,7 +4,7 @@ Name: open-iscsi Version: 2.1.5 -Release: 2 +Release: 3 Summary: ISCSI software initiator daemon and utility programs License: GPLv2+ and BSD URL: http://www.open-iscsi.com @@ -21,6 +21,7 @@ patch9: 0009-not-send-stop-message-if-iscsid-absent.patch patch10: 0010-fix-iscsiadm-op-new-report-to-cannot-rename-error.patch patch11: 0011-Fix-compiler-error-introduced-with-recent-IPv6-commi.patch patch12: 0012-Remove-iscsid.service-s-dependence-of-iscsi-init.ser.patch +patch13: 0013-Remove-session-info-password-print.patch BuildRequires: flex bison doxygen kmod-devel systemd-units gcc git isns-utils-devel systemd-devel BuildRequires: autoconf automake libtool libmount-devel openssl-devel pkg-config @@ -155,6 +156,9 @@ fi %{_mandir}/man8/* %changelog +* Tue Jan 25 2022 haowenchao - 2.1.5-3 +- Remove password print in session info display + * Mon Dec 6 2021 haowenchao - 2.1.5-2 - Remove iscsid's dependence of iscsid-init.service