Merge commit from fork

Fix Credentials leaking in the debug log - 0.8.x
himmelblau-idm · Jan 23, 2025 · a5e14f8 · a5e14f8
2 parents 553c632 + 0cf093a
commit a5e14f8
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 6 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -19,7 +19,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "0.8.2"
+version = "0.8.3"
 authors = [
     "David Mulder <[email protected]>"
 ]

diff --git a/src/common/src/unix_proto.rs b/src/common/src/unix_proto.rs
@@ -140,14 +140,26 @@ pub struct HomeDirectoryInfo {
     pub aliases: Vec<String>,
 }
 
-#[derive(Serialize, Deserialize, Debug, Clone)]
+#[derive(Serialize, Deserialize, Clone)]
 pub enum TaskRequest {
     HomeDirectory(HomeDirectoryInfo),
     LocalGroups(String),
     LogonScript(String, String),
     KerberosCCache(uid_t, Vec<u8>, Vec<u8>),
 }
 
+impl TaskRequest {
+    /// Get a safe display version of the request, without credentials.
+    pub fn as_safe_string(&self) -> String {
+        match self {
+            TaskRequest::HomeDirectory(info) => format!("HomeDirectory({:?})", info),
+            TaskRequest::LocalGroups(groups) => format!("LocalGroups({})", groups),
+            TaskRequest::LogonScript(account_id, _) => format!("LogonScript({}, ...)", account_id),
+            TaskRequest::KerberosCCache(uid, _, _) => format!("KerberosCCache({}, ...)", uid),
+        }
+    }
+}
+
 #[derive(Serialize, Deserialize, Debug)]
 pub enum TaskResponse {
     Success(i32),

diff --git a/src/daemon/src/daemon.rs b/src/daemon/src/daemon.rs
@@ -129,7 +129,10 @@ impl Encoder<TaskRequest> for TaskCodec {
     type Error = io::Error;
 
     fn encode(&mut self, msg: TaskRequest, dst: &mut BytesMut) -> Result<(), Self::Error> {
-        debug!("Attempting to send request -> {:?} ...", msg);
+        debug!(
+            "Attempting to send request -> {:?} ...",
+            msg.as_safe_string()
+        );
         let data = serde_json::to_vec(&msg).map_err(|e| {
             error!("socket encoding error -> {:?}", e);
             io::Error::new(io::ErrorKind::Other, "JSON encode error")
@@ -170,7 +173,7 @@ async fn handle_task_client(
             None => return Ok(()),
         };
 
-        debug!("Sending Task -> {:?}", v.0);
+        debug!("Sending Task -> {:?}", v.0.as_safe_string());
 
         // Write the req to the socket.
         if let Err(_e) = reqs.send(v.0.clone()).await {

diff --git a/src/daemon/src/tasks_daemon.rs b/src/daemon/src/tasks_daemon.rs
@@ -420,8 +420,12 @@ async fn handle_tasks(stream: UnixStream, cfg: &HimmelblauConfig) {
                     return;
                 }
             }
-            other => {
-                error!("Error -> {:?}", other);
+            Some(Err(e)) => {
+                error!("Error -> {:?}", e);
+                return;
+            }
+            _ => {
+                error!("Error -> Unexpected response");
                 return;
             }
         }