rgw: sanitize customer encryption keys from log output in v4 auth

author Casey Bodley <cbodley@redhat.com>

Mon, 10 Dec 2018 17:38:01 +0000 (12:38 -0500)

committer Abhishek Lekshmanan <abhishek@suse.com>

Thu, 10 Jan 2019 18:21:59 +0000 (19:21 +0100)
author Casey Bodley <cbodley@redhat.com>
Mon, 10 Dec 2018 17:38:01 +0000 (12:38 -0500)
committer Abhishek Lekshmanan <abhishek@suse.com>
Thu, 10 Jan 2019 18:21:59 +0000 (19:21 +0100)
diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc

index 0904e825520e8ed49372d78fa513c1985eb2585d..e685705eec0f2edb3dc4f2059e10807dea59d969 100644 (file)
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@@ -659,7 +659,8 @@ get_v4_canon_req_hash(CephContext* cct,
  
    const auto canonical_req_hash = calc_hash_sha256(canonical_req);
  
-  ldout(cct, 10) << "canonical request = " << canonical_req << dendl;
+  using sanitize = rgw::crypt_sanitize::log_content;
+  ldout(cct, 10) << "canonical request = " << sanitize{canonical_req} << dendl;
    ldout(cct, 10) << "canonical request hash = "
                   << buf_to_hex(canonical_req_hash).data() << dendl;
  
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc

index 3b07327f38d7ce2c6a76b4157a098b6f2ea8270c..6534e254ec2360802055200eaf8535ddbf2b9ecc 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3751,8 +3751,9 @@ AWSGeneralAbstractor::get_auth_data_v4(const req_state* const s,
    boost::optional<std::string> canonical_headers = \
      get_v4_canonical_headers(s->info, signed_hdrs, using_qs);
    if (canonical_headers) {
-    ldout(s->cct, 10) << "canonical headers format = " << *canonical_headers
-                      << dendl;
+    using sanitize = rgw::crypt_sanitize::log_content;
+    ldout(s->cct, 10) << "canonical headers format = "
+                      << sanitize{*canonical_headers} << dendl;
    } else {
      throw -EPERM;
    }
author	Casey Bodley <cbodley@redhat.com>
	Mon, 10 Dec 2018 17:38:01 +0000 (12:38 -0500)
committer	Abhishek Lekshmanan <abhishek@suse.com>
	Thu, 10 Jan 2019 18:21:59 +0000 (19:21 +0100)
src/rgw/rgw_auth_s3.cc		patch \| blob \| history
src/rgw/rgw_rest_s3.cc		patch \| blob \| history