Confidential mode for stdin in execProcess(), additional logging

plugins/functions/fmod_local_users.py

@@ -130,7 +130,7 @@ class LocalUser(service.FunctionObject) :
 	def setLock(self, lock_flag) :
 		(lock_arg, lock_str) = ( ("-L", "lock") if lock_flag else ("-U", "unlock") )
 
-		logger.verbose("{mod}: Request to %s local user \"%s\"" % (lock_str))
+		logger.verbose("{mod}: Request to %s local user \"%s\"" % (lock_str, self.__user_name))
 
 		proc_args_list = [config.value(SERVICE_NAME, "usermod_bin"), lock_arg, self.__user_name]
 		return tools.process.execProcess(proc_args_list, fatal_flag = False)[2]
@@ -147,8 +147,11 @@ class LocalUser(service.FunctionObject) :
 
 	@service.functionMethod(LOCAL_USER_METHODS_NAMESPACE, in_signature="s", out_signature="i")
 	def setPasswd(self, passwd) :
+		logger.verbose("{mod}: Request to change password for local user \"%s\"" % (self.__user_name))
+
 		return tools.process.execProcess(config.value(SERVICE_NAME, "chpasswd_bin"),
-			input = "%s:%s\n" % (self.__user_name, passwd), fatal_flag = False)[2]
+			proc_input = "%s:%s\n" % (self.__user_name, passwd),
+			fatal_flag = False, confidential_input_flag = True)[2]
 
 
 class LocalUsers(service.FunctionObject) :

settingsd/tools/process.py

@@ -2,6 +2,8 @@
 
 import subprocess
 
+from .. import const
+from .. import config
 from .. import logger
 
 
@@ -11,22 +13,26 @@ class SubprocessFailure(Exception) :
 
 
 ##### Public methods #####
-def execProcess(args_list, input = None, fatal_flag = True) :
-	logger.debug("{submod}: Executing child process \"%s\"" % (str(args_list)))
+def execProcess(proc_args_list, proc_input = None, fatal_flag = True, confidential_input_flag = False) :
+	logger.debug("{submod}: Executing child process \"%s\"" % (str(proc_args_list)))
 
-	proc = subprocess.Popen(args_list, shell=True, bufsize=1024, close_fds=True,
+	proc = subprocess.Popen(proc_args_list, shell=True, bufsize=1024, close_fds=True,
 		stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
 		env={ "LC_ALL" : "C" })
-	(proc_stdout, proc_stderr) = proc.communicate(input)
+	(proc_stdout, proc_stderr) = proc.communicate(proc_input)
 
 	if proc.returncode != 0 :
-		error_text = "Error while execute \"%s\"\nStdout: %s\nStderr: %s\nReturn code: %d" % (
-			str(args_list), proc_stdout.strip(), proc_stderr.strip(), proc.returncode )
+		if proc_input == None :
+			proc_input = ""
+		elif confidential_input_flag and config.value(config.APPLICATION_SECTION, "log_level") != const.LOG_LEVEL_DEBUG :
+			proc_input = "<CONFIDENTIAL>"
+		error_text = "Error while execute \"%s\"\nStdout: %s\nStderr: %s\nStdin: %s\nReturn code: %d" % (
+			str(proc_args_list), proc_stdout.strip(), proc_stderr.strip(), proc_input, proc.returncode )
 		if fatal_flag :
 			raise SubprocessFailure(error_text)
 		logger.error("{submod}: "+error_text)
 
-	logger.debug("{submod}: Child process \"%s\" finished, return_code=%d" % (str(args_list), proc.returncode))
+	logger.debug("{submod}: Child process \"%s\" finished, return_code=%d" % (str(proc_args_list), proc.returncode))
 
 	return (proc_stdout, proc_stderr, proc.returncode)