Remove password printing in session info display

Signed-off-by: Wenchao Hao <haowenchao@huawei.com>

0013-Remove-session-info-password-print.patch

@@ -0,0 +1,56 @@
+From fe6458547a2e6dd6c7dd8246738e0c8a73478171 Mon Sep 17 00:00:00 2001
+From: Wenchao Hao <haowenchao@huawei.com>
+Date: Tue, 25 Jan 2022 19:36:35 +0800
+Subject: [PATCH] Remove session info password print
+
+In consideration of security, password should not be printed
+in log, so this patch remove password printing in code.
+
+Signed-off-by: Wenchao Hao <haowenchao@huawei.com>
+---
+ usr/session_info.c | 16 +++-------------
+ 1 file changed, 3 insertions(+), 13 deletions(-)
+
+diff --git a/usr/session_info.c b/usr/session_info.c
+index 0dae82f..b9c406f 100644
+--- a/usr/session_info.c
++++ b/usr/session_info.c
+@@ -268,7 +268,6 @@ void session_info_print_tree(struct iscsi_session **ses, uint32_t se_count,
+ 	int32_t tgt_reset_tmo = -1;
+ 	int32_t lu_reset_tmo = -1;
+ 	int32_t abort_tmo = -1;
+-	const char *pass = NULL;
+ 
+ 	for (i = 0; i < se_count; ++i) {
+ 		curr = ses[i];
+@@ -403,24 +402,15 @@ void session_info_print_tree(struct iscsi_session **ses, uint32_t se_count,
+ 			if (!do_show)
+ 				printf("%s\t\tpassword: %s\n", prefix,
+ 					"********");
+-			else {
+-				pass = iscsi_session_password_get(curr);
++			else
+ 				printf("%s\t\tpassword: %s\n", prefix,
+-				       strlen(pass) ?  pass : UNKNOWN_VALUE);
+-			}
++					"********");
+ 
+ 			printf("%s\t\tusername_in: %s\n", prefix,
+ 			       strlen(iscsi_session_username_in_get(curr)) ?
+ 			       iscsi_session_username_in_get(curr) :
+ 			       UNKNOWN_VALUE);
+-			if (!do_show)
+-				printf("%s\t\tpassword_in: %s\n", prefix,
+-					"********");
+-			else {
+-				pass = iscsi_session_password_in_get(curr);
+-				printf("%s\t\tpassword: %s\n", prefix,
+-				       strlen(pass) ?  pass : UNKNOWN_VALUE);
+-			}
++			printf("%s\t\tpassword_in: %s\n", prefix,"********");
+ 		}
+ 
+ 		if (flags & SESSION_INFO_ISCSI_PARAMS)
+-- 
+1.8.3.1
+

open-iscsi.spec

@@ -4,7 +4,7 @@
 
 Name:    open-iscsi
 Version: 2.1.5
-Release: 2
+Release: 3
 Summary: ISCSI software initiator daemon and utility programs
 License: GPLv2+ and BSD
 URL:     http://www.open-iscsi.com
@@ -21,6 +21,7 @@ patch9: 0009-not-send-stop-message-if-iscsid-absent.patch
 patch10: 0010-fix-iscsiadm-op-new-report-to-cannot-rename-error.patch
 patch11: 0011-Fix-compiler-error-introduced-with-recent-IPv6-commi.patch
 patch12: 0012-Remove-iscsid.service-s-dependence-of-iscsi-init.ser.patch
+patch13: 0013-Remove-session-info-password-print.patch
 
 BuildRequires: flex bison doxygen kmod-devel systemd-units gcc git isns-utils-devel systemd-devel
 BuildRequires: autoconf automake libtool libmount-devel openssl-devel pkg-config
@@ -155,6 +156,9 @@ fi
 %{_mandir}/man8/*
 
 %changelog
+* Tue Jan 25 2022 haowenchao <haowenchao@huawei.com> - 2.1.5-3
+- Remove password print in session info display
+
 * Mon Dec 6 2021 haowenchao <haowenchao@huawei.com> - 2.1.5-2
 - Remove iscsid's dependence of iscsid-init.service