Univention Bugzilla – Bug 44314
import logs passwords
Last modified: 2018-09-11 11:34:16 CEST
[4.3] 826b69e37 Bug #44314: do not log passwords [4.3] b331befd4 Bug #44314: advisory ucs-school-lib (11.0.1-18)
Please don't use the actual length of the password. If the password is not logged the length shouldn't be neither.
I was thinking, that in the ucs-school-import the length of passwords is preconfigured - so it's already known. But there is no win to log it, and especially not in a lib. I have hard coded the length to the infamous "8" :) [4.3] d7e632ae2 Bug #44314: do not log password length [4.3] 4cc2cee54 Bug #44314: changelog [4.3] 85bfc8349 Bug #44314: advisory update ucs-school-lib (11.0.1-19)
OK What I tested: Imported students -> info and log file don't include passwords anymore -> OK -> new_user_passwords.csv still includes the passwords -> OK YAML -> OK
90_ucsschool.216_import-users_delete_variants fails on UCS@school 4.3 (2018-09-03 19:47:00.433383) univention.testing.utils.LDAPObjectValueMissing: DN: uid=wh4qxnxz5c,cn=schueler,cn=users,ou=z4ul,dc=autotest206,dc=local (2018-09-03 19:47:00.433406) sambaNTPassword: ['A41E19C4991D58F3B4FC5222BAEC18CB'], missing: 'C8BBD9FD170EDF045C1E3CA15018C276' (2018-09-03 19:47:00.433428) sambaNTPassword: ['A41E19C4991D58F3B4FC5222BAEC18CB'], unexpected: 'A41E19C4991D58F3B4FC5222BAEC18CB' The hash of the missing password always changes. But the unexpected hash A41E19C4991D58F3B4FC5222BAEC18CB is the same during each run. A41E19C4991D58F3B4FC5222BAEC18CB == nthash('********') it looks like the modification of this bug changes the input data and always sets '********' as password. → REOPEN
*** Bug 47737 has been marked as a duplicate of this bug. ***
*** Bug 47738 has been marked as a duplicate of this bug. ***
The log record contains the original logging calls arguments. When logging the original import input data, the password field was being modified. [4.3] 0a9ad2640 Bug #44314: don't modify object being logged [4.3] f4ad57d5d Bug #44314: add static type annotation [4.3] 31fff70e0 Bug #44314: advisory update ucs-school-lib (11.0.1-21)
OK What I tested: Imported students -> info and log file don't include passwords anymore -> OK -> new_user_passwords.csv still includes the passwords -> OK -> Login is possible with imported user -> OK :) YAML -> OK
UCS@school 4.3 v5 has been released. https://docs.software-univention.de/changelog-ucsschool-4.3v5-de.html If this error occurs again, please clone this bug.