Property AUTH_SOURCE_PASSWORD is no longer visible in logs
Observations have been fixed
This commit is contained in:
Martin Laguna
@@ -63,6 +63,11 @@ class AuthenticationSource extends BaseAuthenticationSource {
|
||||
}
|
||||
}
|
||||
$aData['AUTH_SOURCE_DATA'] = (is_array($aData['AUTH_SOURCE_DATA']) ? serialize($aData['AUTH_SOURCE_DATA']) : $aData['AUTH_SOURCE_DATA']);
|
||||
|
||||
// Removing sensitive data
|
||||
$loggableData = $aData;
|
||||
unset($loggableData['AUTH_SOURCE_PASSWORD']);
|
||||
|
||||
$oConnection = Propel::getConnection(AuthenticationSourcePeer::DATABASE_NAME);
|
||||
try {
|
||||
$oAuthenticationSource = new AuthenticationSource();
|
||||
@@ -71,7 +76,7 @@ class AuthenticationSource extends BaseAuthenticationSource {
|
||||
$oConnection->begin();
|
||||
$iResult = $oAuthenticationSource->save();
|
||||
$oConnection->commit();
|
||||
Log::channel(':ldapAdvanced')->info("create", Bootstrap::context($aData));
|
||||
Log::channel(':ldapAdvanced')->info("create", Bootstrap::context($loggableData));
|
||||
|
||||
$authSourceServerName = isset($aData['AUTH_SOURCE_SERVER_NAME']) ? ' - Server Name: '.$aData['AUTH_SOURCE_SERVER_NAME'] : '';
|
||||
$authSourcePort = isset($aData['AUTH_SOURCE_PORT']) ? ' - Port: '.$aData['AUTH_SOURCE_PORT'] : '';
|
||||
@@ -116,6 +121,11 @@ class AuthenticationSource extends BaseAuthenticationSource {
|
||||
$authSourceFilter = isset($aData['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER']) ? ' - Aditional Filter: '.$aData['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER'] : '';
|
||||
|
||||
$aData['AUTH_SOURCE_DATA'] = (is_array($aData['AUTH_SOURCE_DATA']) ? serialize($aData['AUTH_SOURCE_DATA']) : $aData['AUTH_SOURCE_DATA']);
|
||||
|
||||
// Removing sensitive data
|
||||
$loggableData = $aData;
|
||||
unset($loggableData['AUTH_SOURCE_PASSWORD']);
|
||||
|
||||
$oConnection = Propel::getConnection(AuthenticationSourcePeer::DATABASE_NAME);
|
||||
try {
|
||||
$oAuthenticationSource = AuthenticationSourcePeer::retrieveByPK($aData['AUTH_SOURCE_UID']);
|
||||
@@ -125,7 +135,7 @@ class AuthenticationSource extends BaseAuthenticationSource {
|
||||
$oConnection->begin();
|
||||
$iResult = $oAuthenticationSource->save();
|
||||
$oConnection->commit();
|
||||
Log::channel(':ldapAdvanced')->info("update", Bootstrap::context($aData));
|
||||
Log::channel(':ldapAdvanced')->info("update", Bootstrap::context($loggableData));
|
||||
G::auditLog("UpdateAuthSource", "Authentication Source Name: ".$aData['AUTH_SOURCE_NAME']." - Authentication Source ID: (".$aData['AUTH_SOURCE_UID'].") ".$authSourceServerName.$authSourcePort.$authSourceEnabledTLS.$authSourceVersion.$authSourceBaseDn.$authAnonymous.$authSourceSearchUser.$authSourceLdapType.$authSourceIdentifier.$authSourceFilter);
|
||||
return $iResult;
|
||||
}
|
||||
@@ -135,7 +145,7 @@ class AuthenticationSource extends BaseAuthenticationSource {
|
||||
foreach($aValidationFailures as $oValidationFailure) {
|
||||
$sMessage .= $oValidationFailure->getMessage() . '<br />';
|
||||
}
|
||||
Log::channel(':ldapAdvanced')->error($sMessage, Bootstrap::context($aData));
|
||||
Log::channel(':ldapAdvanced')->error($sMessage, Bootstrap::context($loggableData));
|
||||
throw(new Exception('The registry cannot be updated!<br />'.$sMessage));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -511,6 +511,10 @@ class LdapAdvanced
|
||||
{
|
||||
$pass = explode("_", $aAuthSource["AUTH_SOURCE_PASSWORD"]);
|
||||
|
||||
// Removing sensitive data
|
||||
$loggableAuthSource = $aAuthSource;
|
||||
unset($loggableAuthSource["AUTH_SOURCE_PASSWORD"]);
|
||||
|
||||
foreach ($pass as $index => $value) {
|
||||
if ($value == "2NnV3ujj3w") {
|
||||
$aAuthSource["AUTH_SOURCE_PASSWORD"] = G::decrypt($pass[0], $aAuthSource["AUTH_SOURCE_SERVER_NAME"]);
|
||||
@@ -518,18 +522,18 @@ class LdapAdvanced
|
||||
}
|
||||
|
||||
$ldapcnn = ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'], $aAuthSource['AUTH_SOURCE_PORT']);
|
||||
$this->stdLog($ldapcnn, "ldap_connect", $aAuthSource);
|
||||
$this->stdLog($ldapcnn, "ldap_connect", $loggableAuthSource);
|
||||
|
||||
$ldapServer = $aAuthSource["AUTH_SOURCE_SERVER_NAME"] . ":" . $aAuthSource["AUTH_SOURCE_PORT"];
|
||||
|
||||
ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
$this->stdLog($ldapcnn, "ldap_set_option", $aAuthSource);
|
||||
$this->stdLog($ldapcnn, "ldap_set_option", $loggableAuthSource);
|
||||
ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);
|
||||
$this->stdLog($ldapcnn, "ldap_set_option", $aAuthSource);
|
||||
$this->stdLog($ldapcnn, "ldap_set_option", $loggableAuthSource);
|
||||
|
||||
if (isset($aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) && $aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) {
|
||||
$resultLDAPStartTLS = @ldap_start_tls($ldapcnn);
|
||||
$this->stdLog($ldapcnn, "ldap_start_tls", $aAuthSource);
|
||||
$this->stdLog($ldapcnn, "ldap_start_tls", $loggableAuthSource);
|
||||
$ldapServer = "TLS " . $ldapServer;
|
||||
}
|
||||
|
||||
@@ -538,9 +542,9 @@ class LdapAdvanced
|
||||
$this->log($ldapcnn, "bind $ldapServer like anonymous user");
|
||||
} else {
|
||||
$bBind = @ldap_bind($ldapcnn, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], $aAuthSource['AUTH_SOURCE_PASSWORD']);
|
||||
$this->log($ldapcnn, "bind $ldapServer with user " . $aAuthSource["AUTH_SOURCE_SEARCH_USER"]);
|
||||
$this->log($ldapcnn, "bind $ldapServer with user " . $loggableAuthSource["AUTH_SOURCE_SEARCH_USER"]);
|
||||
}
|
||||
$this->stdLog($ldapcnn, "ldap_bind", $aAuthSource);
|
||||
$this->stdLog($ldapcnn, "ldap_bind", $loggableAuthSource);
|
||||
$this->getDiagnosticMessage($ldapcnn);
|
||||
if (!$bBind) {
|
||||
throw new Exception("Unable to bind to server: $ldapServer . " . "LDAP-Errno: " . ldap_errno($ldapcnn) . " : " . ldap_error($ldapcnn) . " \n");
|
||||
|
||||
Reference in New Issue
Block a user