Skip to content

[hostcfgd/tacacs] Avoid printing credential into syslog#1444

Merged
lguohan merged 2 commits intosonic-net:masterfrom
taoyl-ms:taoyl/scrub
Mar 3, 2018
Merged

[hostcfgd/tacacs] Avoid printing credential into syslog#1444
lguohan merged 2 commits intosonic-net:masterfrom
taoyl-ms:taoyl/scrub

Conversation

@taoyl-ms
Copy link
Copy Markdown
Contributor

@taoyl-ms taoyl-ms commented Mar 2, 2018

- What I did
hostcfgd print debug information into syslog when any tacacs-related field changes, which might include confidential information (passkey). This change is to remove this logging to avoid credential leak.

@taoyl-ms taoyl-ms requested a review from lguohan March 2, 2018 02:12
@jleveque
Copy link
Copy Markdown
Contributor

jleveque commented Mar 2, 2018
edited
Loading

Are we sure we want to remove these log messages entirely, or should we instead check if key == "passkey" and if so, obfuscate the value by outputting something like ****?

@taoyl-ms
Copy link
Copy Markdown
Contributor Author

taoyl-ms commented Mar 2, 2018

It's actually not key == 'passkey' but value.has_key('passkey'). I can still do that obfuscation though. Question is, do we really need every value change in syslog?

@taoyl-ms taoyl-ms changed the title [tacacs] Avoid printing credential into syslog [hostcfgd/tacacs] Avoid printing credential into syslog Mar 3, 2018
@lguohan lguohan merged commit 09f2385 into sonic-net:master Mar 3, 2018
@taoyl-ms taoyl-ms mentioned this pull request Mar 27, 2018
Merged
abdosi added a commit to abdosi/sonic-buildimage that referenced this pull request Sep 29, 2020
@abdosi
[Submodule update] sonic swss
4156c1a 
be51ebc Add IPv6 key item support to request parser (sonic-net#1449)
76e2251 When teamd feature state is disabled the Netdevice created by teamd were (sonic-net#1450)
6aa97ce Use .clear() after std::move() (sonic-net#1444)
d5757db Add libzmq to README dependencies (sonic-net#1447)
c7b262e Add libzmq to Makefiles (sonic-net#1443)
0b2e59a [drop counters] Clarify log messages for initial counter setup (sonic-net#1445)
003cf24 [dvs] Refactor and add buffer pool wm test (sonic-net#1446)
2f5d2d9 [acl] Remove Ethertype from L3V6 qualifiers (sonic-net#1433)
f7b974f Fix issue: bufferorch only pass the first attribute to sai when setting attribute (sonic-net#1442)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
@abdosi abdosi mentioned this pull request Sep 29, 2020
Merged
3 tasks
lguohan pushed a commit that referenced this pull request Oct 2, 2020
@abdosi
[Submodule update] sonic swss (#5489)
dda9802 
be51ebc Add IPv6 key item support to request parser (#1449)
76e2251 When teamd feature state is disabled the Netdevice created by teamd were (#1450)
6aa97ce Use .clear() after std::move() (#1444)
d5757db Add libzmq to README dependencies (#1447)
c7b262e Add libzmq to Makefiles (#1443)
0b2e59a [drop counters] Clarify log messages for initial counter setup (#1445)
003cf24 [dvs] Refactor and add buffer pool wm test (#1446)
2f5d2d9 [acl] Remove Ethertype from L3V6 qualifiers (#1433)
f7b974f Fix issue: bufferorch only pass the first attribute to sai when setting attribute (#1442)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
@jleveque jleveque mentioned this pull request Feb 24, 2021
Closed
santhosh-kt pushed a commit to santhosh-kt/sonic-buildimage that referenced this pull request Feb 25, 2021
@abdosi @santhosh-kt
[Submodule update] sonic swss (sonic-net#5489)
35caaa5 
be51ebc Add IPv6 key item support to request parser (sonic-net#1449)
76e2251 When teamd feature state is disabled the Netdevice created by teamd were (sonic-net#1450)
6aa97ce Use .clear() after std::move() (sonic-net#1444)
d5757db Add libzmq to README dependencies (sonic-net#1447)
c7b262e Add libzmq to Makefiles (sonic-net#1443)
0b2e59a [drop counters] Clarify log messages for initial counter setup (sonic-net#1445)
003cf24 [dvs] Refactor and add buffer pool wm test (sonic-net#1446)
2f5d2d9 [acl] Remove Ethertype from L3V6 qualifiers (sonic-net#1433)
f7b974f Fix issue: bufferorch only pass the first attribute to sai when setting attribute (sonic-net#1442)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
stepanblyschak pushed a commit to stepanblyschak/sonic-buildimage that referenced this pull request May 10, 2021
@jleveque
[decode-syseeprom] Refactor use of swsscommon; Add unit tests (sonic-…
4e27ad7 
…net#1444)

- Refactor the way swsscommon is used in decode-syseeprom to align with more modern approach
- Add unit tests for DB-related functionality of decode-syseeprom utility
- Align whitespace in tests/mock_tables/state_db.json
theasianpianist pushed a commit to theasianpianist/sonic-buildimage that referenced this pull request Feb 5, 2022
@pavel-shirshov
Use .clear() after std::move() (sonic-net#1444)
6aa97ce 
1. Use .clear() after std::move from the vector to make sure that the
vector is in a correct state.
2. Remove the if condition which is not required here.
mssonicbld added a commit that referenced this pull request Oct 31, 2024
@mssonicbld
[submodule] Update submodule sonic-sairedis to the latest HEAD automa…
89c1d81 
…tically (#20540)

#### Why I did it
src/sonic-sairedis
```
* e394ced7 - (HEAD -> master, origin/master, origin/HEAD) Fix compilation on Buster (#1449) (11 hours ago) [Saikrishna Arcot]
* 4d504ff8 - Rename file name to fit case insensitive file system. (#1444) (2 days ago) [Liu Shilong]
* fe650bb7 - [syncd] Add workaround for port error status notification (#1430) (6 days ago) [Kamil Cudnik]
* cd2773a3 - [syncd] Fix inspect asic command (#1434) (7 days ago) [Kamil Cudnik]
* 2d873766 - [syncd] Make sure notification queue release memory when drained (#1427) (8 days ago) [Kamil Cudnik]
* b8a8856a - Fix adding flex counter to wrong context (#1421) (8 days ago) [byu343]
* 40979e0b - [fastboot] Notify SAI that fastboot is done (#1396) (8 days ago) [Junchao-Mellanox]
* 952ee406 - [codeql] Change pull_request_target to pull_request (#1442) (9 days ago) [Kamil Cudnik]
* 697d86b5 - [syncd] Create neighbor entries before next hop (#1432) (9 days ago) [Kamil Cudnik]
* fa76ca13 - [codeql] Remove git ancestry (#1441) (10 days ago) [Kamil Cudnik]
* 3838d7ee - [codeql] Show git ancestry graph (#1440) (10 days ago) [Kamil Cudnik]
* 2e7d946b - [codeql] Show gcc version before compile (#1438) (10 days ago) [Kamil Cudnik]
* a1e93f58 - [submodule] Update SAI to latest master (#1431) (2 weeks ago) [Kamil Cudnik]
```
#### How I did it
#### How to verify it
#### Description for the changelog
tshalvi pushed a commit to tshalvi/sonic-buildimage that referenced this pull request Aug 25, 2025
@mssonicbld
[submodule][202412] Update submodule sonic-utilities to the latest HE…
27b1acf 
…AD automatically (sonic-net#1444)

#### Why I did it
src/sonic-utilities
```
* 90896399 - (HEAD -> 202412, origin/202412) [db_migrator] Fix parse_xml fails when minigraph has SonicQosProfile (sonic-net#210) (17 hours ago) [mssonicbld]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lguohan lguohan lguohan approved these changes

+1 more reviewer

@jleveque jleveque jleveque approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@taoyl-ms @jleveque @lguohan