Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move output password removal after functional text matching #67754

Open
wants to merge 1 commit into
base: 3006.x
Choose a base branch
from
Open

Move output password removal after functional text matching #67754

wants to merge 1 commit into from

Conversation

m-czernek
Copy link
Contributor

@m-czernek m-czernek commented Feb 20, 2025
edited
Loading

What does this PR do?

When a user uses a common dictionary password, like password, Salt replaces the word from the command buffer. Currently, this causes salt-ssh to hang when the remote is asking for password, because the word password is replaced and the text matching fails to detect that the ssh session hangs waiting for password input.

In this PR, I:

  • Move the password removal step from text as the last thing we do before matching/processing the text.
  • Improve the replacement to match whole word, not part of the word. For example, if the password is Server, we don't want to replace something like -o ServerAliveInterval=60 to -o ******AliveInterval=60. This makes the password easy to guess from the logs.

This change fixes regression caused by #62641

Note: Tests already exist, and were added as part of #62641.

What issues does this PR fix or reference?

Fixes #65787 #65406

Previous Behavior

Salt-ssh would fail to establish connection when connecting to host that uses the word password as password.

New Behavior

Salt-ssh establishes connection to hosts even when those hosts use password as password.

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

Commits signed with GPG?

Yes

@m-czernek m-czernek requested a review from a team as a code owner February 20, 2025 10:42
@m-czernek m-czernek force-pushed the salt-ssh-passwd-replacement branch from 40ce6d4 to 061bef9 Compare February 20, 2025 10:44
@m-czernek m-czernek mentioned this pull request Feb 20, 2025
Open
3 tasks
@m-czernek m-czernek force-pushed the salt-ssh-passwd-replacement branch from 061bef9 to 1654762 Compare February 20, 2025 11:02
@m-czernek m-czernek mentioned this pull request Feb 20, 2025
Open
9 tasks
@dwoz dwoz added the test:full Run the full test suite label Feb 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
test:full Run the full test suite
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@m-czernek @dwoz