From b8816382b8b1e3a77e26bcb3ba3890b369f8c165 Mon Sep 17 00:00:00 2001 From: Digimer Date: Sun, 8 Sep 2019 22:54:47 -0400 Subject: [PATCH] * Created Log->is_secure() to more cleanly handle conditional logging of strings with passwords or passwords directly. Updated log entries that could benefit from this method to use it. * Cleaned up the striker->add_sync_peer() function to more clearly differentiate the ssh port from the pgsql port. * Improved the HTML form to not have the browser treat host login fields as credentials to autofill or save. Signed-off-by: Digimer --- Anvil/Tools/Account.pm | 4 +- Anvil/Tools/DRBD.pm | 10 +-- Anvil/Tools/Database.pm | 22 +++--- Anvil/Tools/Get.pm | 25 ++----- Anvil/Tools/Log.pm | 27 +++++++ Anvil/Tools/Remote.pm | 6 +- Anvil/Tools/Server.pm | 4 +- Anvil/Tools/Storage.pm | 26 +++---- Anvil/Tools/System.pm | 6 +- cgi-bin/striker | 128 +++++++++++++++++++------------- html/skins/alteeve/config.html | 3 - html/skins/alteeve/striker.html | 12 ++- share/words.xml | 2 +- tools/anvil-change-password | 2 +- tools/anvil-configure-host | 2 +- tools/striker-manage-peers | 4 +- 16 files changed, 160 insertions(+), 123 deletions(-) diff --git a/Anvil/Tools/Account.pm b/Anvil/Tools/Account.pm index 41519144..b2039526 100644 --- a/Anvil/Tools/Account.pm +++ b/Anvil/Tools/Account.pm @@ -128,7 +128,7 @@ sub encrypt_password $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { algorithm => $algorithm, hash_count => $hash_count, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), salt => $salt, }}); @@ -760,7 +760,7 @@ sub validate_password my $valid = 0; my $hash = ""; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), user => $user, }}); diff --git a/Anvil/Tools/DRBD.pm b/Anvil/Tools/DRBD.pm index 0b30c99e..8ae4ed05 100755 --- a/Anvil/Tools/DRBD.pm +++ b/Anvil/Tools/DRBD.pm @@ -123,7 +123,7 @@ sub allow_two_primaries my $target_node_id = defined $parameter->{target_node_id} ? $parameter->{target_node_id} : ""; my $return_code = 255; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, remote_user => $remote_user, resource => $resource, @@ -263,7 +263,7 @@ sub get_devices my $remote_user = defined $parameter->{remote_user} ? $parameter->{remote_user} : "root"; my $target = defined $parameter->{target} ? $parameter->{target} : "local"; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, remote_user => $remote_user, target => $target, @@ -534,7 +534,7 @@ sub get_status my $remote_user = defined $parameter->{remote_user} ? $parameter->{remote_user} : "root"; my $target = defined $parameter->{target} ? $parameter->{target} : "local"; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, remote_user => $remote_user, target => $target, @@ -793,7 +793,7 @@ sub manage_resource my $task = defined $parameter->{task} ? $parameter->{task} : ""; my $target = defined $parameter->{target} ? $parameter->{target} : "local"; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, remote_user => $remote_user, resource => $resource, @@ -890,7 +890,7 @@ sub reload_defaults my $target = defined $parameter->{target} ? $parameter->{target} : "local"; my $return_code = 255; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, remote_user => $remote_user, resource => $resource, diff --git a/Anvil/Tools/Database.pm b/Anvil/Tools/Database.pm index a9115b40..9a860e6a 100644 --- a/Anvil/Tools/Database.pm +++ b/Anvil/Tools/Database.pm @@ -746,7 +746,7 @@ sub connect port => $port, name => $name, user => $user, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), }}); # Some places will want to pull up the database user, so in case it isn't set (which is @@ -790,7 +790,7 @@ sub connect port => $port, name => $name, user => $user, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), }}); ### TODO: Can we do a telnet port ping with a short timeout instead of a shell ping call? @@ -1076,7 +1076,7 @@ sub connect "database::${uuid}::port" => $anvil->data->{database}{$uuid}{port}, "database::${uuid}::name" => $database_name, "database::${uuid}::user" => $database_user, - "database::${uuid}::password" => $anvil->Log->secure ? $anvil->data->{database}{$uuid}{password} : $anvil->Words->string({key => "log_0186"}), + "database::${uuid}::password" => $anvil->Log->is_secure($anvil->data->{database}{$uuid}{password}), }}); # Copy my alert hash before I delete the uuid. @@ -1137,7 +1137,7 @@ sub connect "database::${uuid}::port" => $anvil->data->{database}{$uuid}{port}, "database::${uuid}::name" => $database_name, "database::${uuid}::user" => $database_user, - "database::${uuid}::password" => $anvil->Log->secure ? $anvil->data->{database}{$uuid}{password} : $anvil->Words->string({key => "log_0186"}), + "database::${uuid}::password" => $anvil->Log->is_secure($anvil->data->{database}{$uuid}{password}), }}); ### TODO: Is this still an issue? If so, then we either need to require that the DB host @@ -4621,7 +4621,7 @@ sub insert_or_update_users line => $line, user_uuid => $user_uuid, user_name => $user_name, - user_password_hash => (($anvil->Log->secure) or ($user_salt)) ? $user_password_hash : $anvil->Words->string({key => "log_0186"}) , + user_password_hash => $user_salt ? $user_password_hash : $anvil->Log->is_secure($user_password_hash), user_salt => $user_salt, user_algorithm => $user_algorithm, user_hash_count => $user_hash_count, @@ -4671,7 +4671,7 @@ sub insert_or_update_users $user_algorithm = $answer->{user_algorithm}; $user_hash_count = $answer->{user_hash_count}; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - user_password_hash => (($anvil->Log->secure) or ($user_salt)) ? $user_password_hash : $anvil->Words->string({key => "log_0186"}) , + user_password_hash => $user_salt ? $user_password_hash : $anvil->Log->is_secure($user_password_hash) , user_salt => $user_salt, user_algorithm => $user_algorithm, user_hash_count => $user_hash_count, @@ -5619,7 +5619,7 @@ sub query uuid => $uuid, "cache::database_handle::${uuid}" => $anvil->data->{cache}{database_handle}{$uuid}, line => $line, - query => ((not $secure) or (($secure) && (not $anvil->Log->secure))) ? $query : $anvil->Words->string({key => "log_0186"}), + query => (not $secure) ? $query : $anvil->Log->is_secure($query), secure => $secure, source => $source, }}); @@ -5669,7 +5669,7 @@ sub query # Do the query. my $DBreq = $anvil->data->{cache}{database_handle}{$uuid}->prepare($query) or $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0075", variables => { - query => ((not $secure) or (($secure) && (not $anvil->Log->secure))) ? $query : $anvil->Words->string({key => "log_0186"}), + query => (not $secure) ? $query : $anvil->Log->is_secure($query), server => $say_server, db_error => $DBI::errstr, }}); @@ -5677,7 +5677,7 @@ sub query # Execute on the query $DBreq->execute() or $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0076", variables => { - query => ((not $secure) or (($secure) && (not $anvil->Log->secure))) ? $query : $anvil->Words->string({key => "log_0186"}), + query => (not $secure) ? $query : $anvil->Log->is_secure($query), server => $say_server, db_error => $DBI::errstr, }}); @@ -6316,7 +6316,7 @@ sub write $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { uuid => $uuid, line => $line, - query => ((not $secure) or (($secure) && (not $anvil->Log->secure))) ? $query : $anvil->Words->string({key => "log_0186"}), + query => (not $secure) ? $query : $anvil->Log->is_secure($query), secure => $secure, source => $source, reenter => $reenter, @@ -6487,7 +6487,7 @@ sub write # Do the do. $anvil->data->{cache}{database_handle}{$uuid}->do($query) or $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0090", variables => { - query => ((not $secure) or (($secure) && (not $anvil->Log->secure))) ? $query : $anvil->Words->string({key => "log_0186"}), + query => (not $secure) ? $query : $anvil->Log->is_secure($query), server => $say_server, db_error => $DBI::errstr, }}); diff --git a/Anvil/Tools/Get.pm b/Anvil/Tools/Get.pm index 3645a170..9d10b8f6 100644 --- a/Anvil/Tools/Get.pm +++ b/Anvil/Tools/Get.pm @@ -129,7 +129,7 @@ sub anvil_version my $target = defined $parameter->{target} ? $parameter->{target} : "local"; my $version = 0; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, remote_user => $remote_user, target => $target, @@ -188,9 +188,7 @@ fi; This reads in the CGI variables passed in by a form or URL. -This will read the 'cgi_list' CGI variable for a comma-separated list of CGI variables to read in. So your form must set this in order for this method to work. - -If the variable 'file' is passed, it will be treated as a binary stream containing an uploaded file. +This method takes no parameters. =cut sub cgi @@ -218,19 +216,6 @@ sub cgi push @{$cgis}, $variable; } } - elsif (defined $cgi->param("cgi_list")) - { - ### TODO: Get rid of this - # This is a fall-back list we really shouldn't need. - my $cgi_list = $cgi->param("cgi_list"); - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { cgi_list => $cgi_list }}); - - foreach my $variable (split/,/, $cgi_list) - { - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { variable => $variable }}); - push @{$cgis}, $variable; - } - } $cgi_count = @{$cgis}; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { cgi_count => $cgi_count }}); @@ -245,7 +230,7 @@ sub cgi # Now read in the variables. foreach my $variable (sort {$a cmp $b} @{$cgis}) { - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { variable => $variable }}); + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { variable => $variable }}); $anvil->data->{cgi}{$variable}{value} = ""; $anvil->data->{cgi}{$variable}{mime_type} = "string"; @@ -316,7 +301,7 @@ sub cgi } } - # Now loop again in the order that the variables were passed is 'cgi_list'. + # Now loop again. foreach my $variable (@{$cgis}) { next if $anvil->data->{cgi}{$variable} eq ""; @@ -351,7 +336,7 @@ sub cgi # This is a password and we're not logging sensitive data, obfuscate it. $censored_value = $anvil->Words->string({key => "log_0186"}); } - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 1, list => { "cgi::${variable}::$say_value" => $censored_value, }}); } diff --git a/Anvil/Tools/Log.pm b/Anvil/Tools/Log.pm index 39d67fd8..1d04d23e 100644 --- a/Anvil/Tools/Log.pm +++ b/Anvil/Tools/Log.pm @@ -442,6 +442,33 @@ sub entry return(0); } +=head2 is_secure + +This method takes a password string. If C<< Log->secure >> is C<< 1 >>, the same string is returned. If not, C<< #!string!log_0186!# >> is returned. + + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { + user => $user, + host => $host, + password => $anvil->Log->is_secure($password), + }}); + +B<< NOTE >>: Unlike most methods, this one does not take a hash reference for the parameters. It takes the string directly. + +=cut +sub is_secure +{ + my $self = shift; + my $password = shift; + my $anvil = $self->parent; + + if (not $anvil->Log->secure) + { + $password = "#!string!log_0186!#"; + } + + return($password); +} + =head2 language This sets or returns the log language ISO code. diff --git a/Anvil/Tools/Remote.pm b/Anvil/Tools/Remote.pm index d2516365..3e3bdd6e 100644 --- a/Anvil/Tools/Remote.pm +++ b/Anvil/Tools/Remote.pm @@ -300,9 +300,9 @@ sub call # NOTE: The shell call might contain sensitive data, so we show '--' if 'secure' is set and $anvil->Log->secure is not. $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { 'close' => $close, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), secure => $secure, - shell_call => ((not $anvil->Log->secure) && ($secure)) ? $anvil->Words->string({key => "log_0186"}) : $shell_call, + shell_call => (not $secure) ? $shell_call : $anvil->Log->is_secure($shell_call), ssh_fh => $ssh_fh, start_time => $start_time, port => $port, @@ -676,7 +676,7 @@ sub test_access my $user = defined $parameter->{user} ? $parameter->{user} : getpwuid($<); my $access = 0; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, target => $target, user => $user, diff --git a/Anvil/Tools/Server.pm b/Anvil/Tools/Server.pm index f015051c..6890a807 100755 --- a/Anvil/Tools/Server.pm +++ b/Anvil/Tools/Server.pm @@ -212,7 +212,7 @@ sub find my $remote_user = defined $parameter->{remote_user} ? $parameter->{remote_user} : "root"; my $target = defined $parameter->{target} ? $parameter->{target} : "local"; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, refresh => $refresh, remote_user => $remote_user, @@ -328,7 +328,7 @@ sub get_status my $server = defined $parameter->{server} ? $parameter->{server} : ""; my $target = defined $parameter->{target} ? $parameter->{target} : "local"; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, remote_user => $remote_user, target => $target, diff --git a/Anvil/Tools/Storage.pm b/Anvil/Tools/Storage.pm index 72b40a68..582cacde 100644 --- a/Anvil/Tools/Storage.pm +++ b/Anvil/Tools/Storage.pm @@ -150,7 +150,7 @@ sub backup $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { fatal => $fatal, port => $port, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), target => $target, remote_user => $remote_user, source_file => $source_file, @@ -642,7 +642,7 @@ sub copy_file my $target = defined $parameter->{target} ? $parameter->{target} : ""; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { overwrite => $overwrite, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), remote_user => $remote_user, source_file => $source_file, target_file => $target_file, @@ -958,7 +958,7 @@ sub make_directory group => $group, mode => $mode, port => $port, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), remote_user => $remote_user, target => $target, user => $user, @@ -1157,7 +1157,7 @@ sub move_file my $target = defined $parameter->{target} ? $parameter->{target} : ""; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { overwrite => $overwrite, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), remote_user => $remote_user, source_file => $source_file, target_file => $target_file, @@ -1548,7 +1548,7 @@ sub read_file file => $file, force_read => $force_read, port => $port, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), remote_user => $remote_user, secure => $secure, target => $target, @@ -1861,7 +1861,7 @@ sub rsync my $failed = 0; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { destination => $destination, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, source => $source, switches => $switches, @@ -2319,11 +2319,11 @@ sub update_config my $update = 0; my $new_file = ""; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, secure => $secure, target => $target, - value => ((not $secure) or ($anvil->Log->secure)) ? $value : $anvil->Words->string({key => "log_0186"}), + value => (not $secure) ? $value : $anvil->Log->is_secure($value), variable => $variable, remote_user => $remote_user, }}); @@ -2360,7 +2360,7 @@ sub update_config my $is_secure = $this_variable =~ /passw/i ? 1 : 0; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { this_variable => $this_variable, - this_value => ((not $is_secure) or ($anvil->Log->secure)) ? $this_value : $anvil->Words->string({key => "log_0186"}), + this_value => not $is_secure ? $this_value : $anvil->Log->is_secure($this_value), }}); if ($this_variable eq $variable) { @@ -2481,9 +2481,9 @@ sub update_file my $remote_user = defined $parameter->{remote_user} ? $parameter->{remote_user} : "root"; my $update = 0; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => { - body => ((not $body) or ($anvil->Log->secure)) ? $body : $anvil->Words->string({key => "log_0186"}), + body => (not $body) ? $body : $anvil->Log->is_secure($body), file => $file, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), port => $port, secure => $secure, target => $target, @@ -2676,7 +2676,7 @@ sub write_file mode => $mode, overwrite => $overwrite, port => $port, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), secure => $secure, target => $target, user => $user, @@ -2948,7 +2948,7 @@ sub _create_rsync_wrapper my $target = defined $parameter->{target} ? $parameter->{target} : ""; my $password = defined $parameter->{password} ? $parameter->{password} : ""; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), target => $target, }}); diff --git a/Anvil/Tools/System.pm b/Anvil/Tools/System.pm index 312841e0..7ca221e1 100644 --- a/Anvil/Tools/System.pm +++ b/Anvil/Tools/System.pm @@ -410,8 +410,8 @@ sub change_shell_user_password target => $target, port => $port, remote_user => $remote_user, - new_password => $anvil->Log->secure ? $new_password : $anvil->Words->string({key => "log_0186"}), - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + new_password => $anvil->Log->is_secure($new_password), + password => $anvil->Log->is_secure($password), }}); # Do I have a user? @@ -2319,7 +2319,7 @@ sub ping count => $count, fragment => $fragment, payload => $payload, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), ping => $ping, port => $port, remote_user => $remote_user, diff --git a/cgi-bin/striker b/cgi-bin/striker index 5386c4a6..e8c87269 100755 --- a/cgi-bin/striker +++ b/cgi-bin/striker @@ -38,7 +38,7 @@ $anvil->data->{form}{back_link} = ""; $anvil->data->{form}{refresh_link} = ""; # Read in any CGI variables, if needed. -$anvil->Get->cgi({debug => 2}); +$anvil->Get->cgi(); # If we're being asked to get a file, do so now. if ($anvil->data->{cgi}{upload_file}{file_handle}) @@ -850,7 +850,7 @@ sub process_sync_page name => $name, user => $user, ping => $ping, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), }}); # Store it by name. @@ -865,7 +865,7 @@ sub process_sync_page "peers::${host}::name" => $anvil->data->{peers}{$host}{name}, "peers::${host}::ping" => $anvil->data->{peers}{$host}{ping}, "peers::${host}::uuid" => $anvil->data->{peers}{$host}{uuid}, - "peers::${host}::password" => $anvil->Log->secure ? $anvil->data->{peers}{$host}{password} : $anvil->Words->string({key => "log_0186"}), + "peers::${host}::password" => $anvil->Log->is_secure($anvil->data->{peers}{$host}{password}), }}); } @@ -885,7 +885,7 @@ sub process_sync_page user => $user, ping => $ping, uuid => $uuid, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), }}); $anvil->data->{cgi}{new_peer_password}{value} = "" if not defined $anvil->data->{cgi}{new_peer_password}{value}; @@ -974,34 +974,42 @@ sub add_sync_peer my ($anvil) = @_; # Break up the user, host and port. If anything goes wrong, we'll set an error and send it back. - my $user = $anvil->data->{sys}{database}{user}; - my $host = $anvil->data->{cgi}{new_peer_access}{value}; - my $password = $anvil->data->{cgi}{new_peer_password}{value}; - my $name = $anvil->data->{sys}{database}{name}; - my $ping = $anvil->data->{cgi}{new_peer_ping}{value} eq "on" ? 1 : 0; - my $port = 5432; - my $ssh_tcp = 22; - my $peer_uuid = ""; - my $peer_host = ""; - my $use_ip = ""; # This will contain the local IP to use for the peer to setup comms with us + my $user = $anvil->data->{sys}{database}{user}; + my $host = $anvil->data->{cgi}{new_peer_access}{value}; + my $password = $anvil->data->{cgi}{new_peer_password}{value}; + my $name = $anvil->data->{sys}{database}{name}; + my $ping = $anvil->data->{cgi}{new_peer_ping}{value} eq "on" ? 1 : 0; + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { + user => $user, + host => $host, + password => $anvil->Log->is_secure($password), + name => $name, + ping => $ping, + }}); + + my $pgsql_port = 5432; + my $ssh_port = 22; + my $peer_uuid = ""; + my $peer_host = ""; + my $use_ip = ""; # This will contain the local IP to use for the peer to setup comms with us if ($host =~ /,ssh=(\d+)$/) { - $ssh_tcp = $1; - $host =~ s/,ssh=\d+$//; + $ssh_port = $1; + $host =~ s/,ssh=\d+$//; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - ssh_tcp => $ssh_tcp, - host => $host, + ssh_port => $ssh_port, + host => $host, }}); } if ($host =~ /^(.*?)\@(.*?):(\d+)$/) { $user = $1; $host = $2; - $port = $3; + $pgsql_port = $3; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - host => $host, - port => $port, - user => $user, + host => $host, + pgsql_port => $pgsql_port, + user => $user, }}); } elsif ($host =~ /^(.*?)\@(.*?)$/) @@ -1016,41 +1024,49 @@ sub add_sync_peer elsif ($host =~ /^(.*?):(\d+)$/) { $host = $1; - $port = $2; + $pgsql_port = $2; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - host => $host, - port => $port, + host => $host, + pgsql_port => $pgsql_port, }}); } + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { + ssh_port => $ssh_port, + host => $host, + pgsql_port => $pgsql_port, + user => $user, + }}); # Is the host a domain or IP? # If so, and 'bi-directional' is set, verify we can ssh into the peer. my $is_domain = $anvil->Validate->is_domain_name({name => $host}); my $is_ipv4 = $anvil->Validate->is_ipv4({ip => $host}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - is_domain => $is_domain, - is_ipv4 => $is_ipv4, - port => $port, + is_domain => $is_domain, + is_ipv4 => $is_ipv4, + pgsql_port => $pgsql_port, }}); - if (((not $is_domain) && (not $is_ipv4)) or ($port < 1) or ($port > 65536)) + if (((not $is_domain) && (not $is_ipv4)) or ($pgsql_port < 1) or ($pgsql_port > 65536)) { # Bad host. $anvil->data->{form}{error_massage} = $anvil->Template->get({file => "main.html", name => "error_message", variables => { error_message => $anvil->Words->string({key => "striker_warning_0002"}) }}); + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { + "form::error_massage" => $anvil->data->{form}{error_massage}, + }}); } else { # Can we connect to the peer? - my $shell_call = $anvil->data->{path}{exe}{dmidecode}." --string system-uuid"; - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); - my ($output, $error, $return_code) = $anvil->Remote->call({ - password => $password, - target => $ssh_tcp != 22 ? $host.":".$ssh_tcp : $host, - shell_call => $shell_call, + debug => 2, + shell_call => $anvil->data->{path}{exe}{dmidecode}." --string system-uuid", + password => $password, + target => $host, + port => $ssh_port, }); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - output => $output, - error => $error, + output => $output, + error => $error, return_code => $return_code, }}); if ($error) @@ -1071,8 +1087,10 @@ sub add_sync_peer else { my ($error, $output, $return_code) = $anvil->Remote->call({ + debug => 2, password => $password, - target => $ssh_tcp != 22 ? $host.":".$ssh_tcp : $host, + target => $host, + port => $ssh_port, shell_call => $anvil->data->{path}{exe}{hostnamectl}." --static", return_code => $return_code, }); @@ -1096,6 +1114,9 @@ sub add_sync_peer { # Can't do bi-directional $anvil->data->{form}{error_massage} = $anvil->Template->get({file => "main.html", name => "error_message", variables => { error_message => $anvil->Words->string({key => "striker_warning_0008", variables => { host => $host }}) }}); + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { + "form::error_massage" => $anvil->data->{form}{error_massage}, + }}); } } } @@ -1108,7 +1129,10 @@ sub add_sync_peer { my $pgpass_file = "/tmp/.pgpass"; $password =~ s/:/\:/g; - my $body = $host.":".$port.":".$name.":".$user.":".$password; + my $body = $host.":".$pgsql_port.":".$name.":".$user.":".$password; + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { + body => $body, + }}); $anvil->Storage->write_file({ file => $pgpass_file, body => $body, @@ -1118,7 +1142,7 @@ sub add_sync_peer }); # This will return '1' only, if it works. - my ($db_access, $return_code) = $anvil->System->call({shell_call => "PGPASSFILE=\"".$pgpass_file."\" ".$anvil->data->{path}{exe}{psql}." --host ".$host." --port ".$port." --dbname ".$name." --username ".$user." --no-password --tuples-only --no-align --command \"SELECT 1\""}); + my ($db_access, $return_code) = $anvil->System->call({shell_call => "PGPASSFILE=\"".$pgpass_file."\" ".$anvil->data->{path}{exe}{psql}." --host ".$host." --port ".$pgsql_port." --dbname ".$name." --username ".$user." --no-password --tuples-only --no-align --command \"SELECT 1\""}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { db_access => $db_access, return_code => $return_code }}); if ($db_access ne "1") { @@ -1147,10 +1171,10 @@ sub add_sync_peer if ($anvil->data->{cgi}{confirm}{value}) { # OK, save the job! - my $job_command = $anvil->data->{path}{exe}{'striker-manage-peers'}." --add --host-uuid ".$peer_uuid." --host ".$host." --port ".$port." --ping ".$ping; + my $job_command = $anvil->data->{path}{exe}{'striker-manage-peers'}." --add --host-uuid ".$peer_uuid." --host ".$host." --port ".$pgsql_port." --ping ".$ping; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { job_command => $job_command, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), }}); # The job data will always contain the password for the peer, but also contain the @@ -1165,12 +1189,14 @@ sub add_sync_peer if ($use_ip) { # See which of our IPs match theirs. If the peer is a hostname, first - my $host_uuid = $anvil->Get->host_uuid; - my $sql_port = $anvil->data->{database}{$host_uuid}{port}; - my $job_command = $anvil->data->{path}{exe}{'striker-manage-peers'}." --add --host-uuid ".$host_uuid." --host ".$use_ip." --port ".$sql_port." --ping ".$ping; - $job_data .= "\npeer_job_command=".$job_command; - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, list => { job_command => $job_command }}); - $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { job_data => $job_data }}); + my $host_uuid = $anvil->Get->host_uuid; + my $sql_port = $anvil->data->{database}{$host_uuid}{port}; + my $job_command = $anvil->data->{path}{exe}{'striker-manage-peers'}." --add --host-uuid ".$host_uuid." --host ".$use_ip." --port ".$sql_port." --ping ".$ping; + $job_data .= "\npeer_job_command=".$job_command; + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { + job_command => $job_command, + job_data => $anvil->Log->is_secure($job_data), + }}); } # Store the job @@ -1202,10 +1228,11 @@ sub add_sync_peer { # Show the screen the confirm the addition. $anvil->data->{form}{body} = $anvil->Template->get({file => "striker.html", name => "confirm-new-peer", variables => { - access => $user."@".$host.":".$port, + access => $user."@".$host.":".$pgsql_port, ping => $anvil->data->{cgi}{new_peer_ping}{value} ? "#!string!unit_0001!#" : "#!string!unit_0002!#", bidirectional => $anvil->data->{cgi}{new_peer_bidirection}{value} ? "#!string!unit_0001!#" : "#!string!unit_0002!#", }}); + $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { "form::body" => $anvil->data->{form}{body} }}); } } @@ -1516,7 +1543,6 @@ ORDER BY striker_user => $anvil->data->{cgi}{striker_user}{value}, striker_password => $anvil->data->{cgi}{striker_password}{value}, networks => $networks, - cgi_list => $cgi."step", show_name => 1, }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { step3_body => $step3_body }}); @@ -1893,7 +1919,6 @@ ORDER BY gateway_form => $say_gateway, dns_form => $say_dns, hostname_form => $say_hostname, - cgi_list => $cgi."organization,prefix,domain,sequence,bcn_count,ifn_count,gateway,hostname,dns,striker_user,striker_password", }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { step2_body => $step2_body }}); @@ -2620,7 +2645,6 @@ sub config_step1 domain_form => $say_domain, sequence_form => $say_sequence, ifn_count_form => $say_ifn_count, - cgi_list => "organization,prefix,domain,sequence,ifn_count", }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { step1_body => $step1_body }}); diff --git a/html/skins/alteeve/config.html b/html/skins/alteeve/config.html index 765e61e2..cb37f2f5 100644 --- a/html/skins/alteeve/config.html +++ b/html/skins/alteeve/config.html @@ -100,7 +100,6 @@ - @@ -233,7 +232,6 @@ - @@ -324,7 +322,6 @@ - diff --git a/html/skins/alteeve/striker.html b/html/skins/alteeve/striker.html index da7a16fd..f0ae9ffd 100644 --- a/html/skins/alteeve/striker.html +++ b/html/skins/alteeve/striker.html @@ -198,7 +198,10 @@   - + +   @@ -213,7 +216,6 @@ - @@ -456,8 +458,10 @@ - - + + #!string!striker_0071!#: diff --git a/share/words.xml b/share/words.xml index 546fc538..84929810 100644 --- a/share/words.xml +++ b/share/words.xml @@ -864,7 +864,7 @@ Here we will inject 't_0006', which injects 't_0001' which has a variable: [#!st Access to this machine via: [#!variable!network!#]. Save Delete - [db_user@]hostname_or_ip[:tcp_port] + [db_user@]hostname_or_ip[:pgsql_port][,ssh=ssh_port] Add Ping Bi-directional diff --git a/tools/anvil-change-password b/tools/anvil-change-password index b9e51813..83b0967b 100755 --- a/tools/anvil-change-password +++ b/tools/anvil-change-password @@ -215,7 +215,7 @@ sub update_local_passwords print $anvil->Words->string({key => "message_0026", variables => { user => $user }}); my $query = "ALTER ROLE ".$user." WITH PASSWORD ".$dbh->quote($anvil->data->{switches}{'new-password'}); $dbh->do($query) or $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0090", variables => { - query => $anvil->Log->secure ? $query : $anvil->Words->string({key => "log_0186"}), + query => $anvil->Log->is_secure($query), server => "localhost", db_error => $DBI::errstr, }}); diff --git a/tools/anvil-configure-host b/tools/anvil-configure-host index 990f13b8..7ff8419d 100755 --- a/tools/anvil-configure-host +++ b/tools/anvil-configure-host @@ -831,7 +831,7 @@ AND my $secure = $this_variable =~ /passw/ ? 1 : 0; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { this_variable => $this_variable, - this_value => (($anvil->Log->secure) or (not $secure)) ? $this_value : $anvil->Words->string({key => "log_0186"}), + this_value => not $secure ? $this_value : $anvil->Log->is_secure($this_value), }}); $anvil->_make_hash_reference($anvil->data->{variables}, $this_variable, $this_value); diff --git a/tools/striker-manage-peers b/tools/striker-manage-peers index 3cc5407f..17e6fc6a 100755 --- a/tools/striker-manage-peers +++ b/tools/striker-manage-peers @@ -100,7 +100,7 @@ foreach my $host (sort {$a cmp $b} keys %{$anvil->data->{sorted}{db}}) $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, secure => 0, key => "log_0190", variables => { peer => $user."\@".$host.":".$port, name => $name, - password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}), + password => $anvil->Log->is_secure($password), uuid => $uuid, }}); } @@ -453,7 +453,7 @@ sub process_entry $line = $variable.$left_space."=".$right_space.$password; $anvil->data->{config}{rewrite} = 1; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - line => $anvil->Log->secure ? $line : $anvil->Words->string({key => "log_0186"}), + line => $anvil->Log->is_secure($line), "config::rewrite" => $anvil->data->{config}{rewrite}, }}); update_progress($anvil, 50, "message_0071") if not $update_reported;