logging: enable logging domain VPN_PLUGIN up to level <info>

The logging domain VPN_PLUGIN controlls logging of the VPN plugins. Especially at verbose levels <debug> and <trace>, the plugins might reveal sensitive information in the logging. Thus, this level should not be enabled by a $ nmcli logging general level DEBUG domains ALL It should only be enabled when requested explicitly. $ nmcli logging general level DEBUG domains ALL,VPN_PLUGIN:DEBUG Previously, the special level VPN_PLUGIN was entirely excluded from ALL and DEFAULT domains and it was entirely disabled by default. That is however to strict, as it completely silences the VPN plugins by defult. Now, enable them by default up to level INFO. VPN plugins should take care that they don't reveal sensitive information at levels <info> (LOG_NOTICE) and higher (less verbose). For more verbose levels they may print passwords, but that should still be avoided as far as possible.
author: Thomas Haller <thaller@redhat.com> 2016-06-16 22:30:41 +0200
committer: Thomas Haller <thaller@redhat.com> 2016-06-17 08:19:44 +0200
commit: 4143fbde177bfac29d28904a47102208dd34bec7 (patch)
tree: 1cb96eb6f86dfde4fe95b023763a8221ed11e707
parent: af507cd0893f8140a5c62a176ba70f12b642a0fa (diff)
download: NetworkManager-4143fbde177bfac29d28904a47102208dd34bec7.tar.gz
3 files changed, 25 insertions, 11 deletions
diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml
index a6614e3393..38d87fff87 100644
--- a/man/NetworkManager.conf.xml
+++ b/man/NetworkManager.conf.xml
@@ -527,9 +527,11 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth
           <para>
           In general, the logfile should not contain passwords or private data. However,
           you are always advised to check the file before posting it online or attaching
-          to a bug report. <literal>VPN_PLUGIN</literal> is special in that it might
-          reveal private information from the VPN plugins and thus this level is excluded
-          from <literal>ALL</literal></para>
+          to a bug report. <literal>VPN_PLUGIN</literal> is special as it might reveal
+          private information of the VPN plugins with verbose levels. Therefore this domain
+          will be excluded when setting <literal>ALL</literal> or <literal>DEFAULT</literal>
+          to more verbose levels then <literal>INFO</literal>.
+          </para>
         </varlistentry>
         <varlistentry>
           <term><varname>backend</varname></term>
diff --git a/src/nm-logging.c b/src/nm-logging.c
index e3eaf52b27..15e1492876 100644
--- a/src/nm-logging.c
+++ b/src/nm-logging.c
@@ -108,7 +108,10 @@ typedef struct {
 } LogLevelDesc;
 
 NMLogDomain _nm_logging_enabled_state[_LOGL_N_REAL] = {
-	/* nm_logging_setup ("INFO", LOGD_DEFAULT_STRING, NULL, NULL); */
+	/* nm_logging_setup ("INFO", LOGD_DEFAULT_STRING, NULL, NULL);
+	 *
+	 * Note: LOGD_VPN_PLUGIN is special and must be disabled for
+	 * DEBUG and TRACE levels. */
 	[LOGL_INFO] = LOGD_DEFAULT,
 	[LOGL_WARN] = LOGD_DEFAULT,
 	[LOGL_ERR]  = LOGD_DEFAULT,
@@ -263,6 +266,11 @@ nm_logging_setup (const char  *level,
 		NMLogDomain bits;
 		char *p;
 
+		/* LOGD_VPN_PLUGIN is protected, that is, when setting ALL or DEFAULT,
+		 * it does not enable the verbose levels DEBUG and TRACE, because that
+		 * may expose sensitive data. */
+		NMLogDomain protect = LOGD_NONE;
+
 		if (!strlen (*iter))
 			continue;
 
@@ -279,11 +287,13 @@ nm_logging_setup (const char  *level,
 		bits = 0;
 
 		/* Check for combined domains */
-		if (!g_ascii_strcasecmp (*iter, LOGD_ALL_STRING))
+		if (!g_ascii_strcasecmp (*iter, LOGD_ALL_STRING)) {
 			bits = LOGD_ALL;
-		else if (!g_ascii_strcasecmp (*iter, LOGD_DEFAULT_STRING))
+			protect = LOGD_VPN_PLUGIN;
+		} else if (!g_ascii_strcasecmp (*iter, LOGD_DEFAULT_STRING)) {
 			bits = LOGD_DEFAULT;
-		else if (!g_ascii_strcasecmp (*iter, LOGD_DHCP_STRING))
+			protect = LOGD_VPN_PLUGIN;
+		} else if (!g_ascii_strcasecmp (*iter, LOGD_DHCP_STRING))
 			bits = LOGD_DHCP;
 		else if (!g_ascii_strcasecmp (*iter, LOGD_IP_STRING))
 			bits = LOGD_IP;
@@ -325,8 +335,12 @@ nm_logging_setup (const char  *level,
 			for (i = 0; i < G_N_ELEMENTS (new_logging); i++) {
 				if (i < domain_log_level)
 					new_logging[i] &= ~bits;
-				else
+				else {
 					new_logging[i] |= bits;
+					if (   protect
+					    && i < LOGL_INFO)
+						new_logging[i] &= ~protect;
+				}
 			}
 		}
 	}
diff --git a/src/nm-logging.h b/src/nm-logging.h
index e3289b7039..655f675465 100644
--- a/src/nm-logging.h
+++ b/src/nm-logging.h
@@ -68,9 +68,7 @@ typedef enum  { /*< skip >*/
 	LOGD_VPN_PLUGIN = (1LL << 36),
 
 	__LOGD_MAX,
-	LOGD_ALL       = (((__LOGD_MAX - 1LL) << 1) - 1LL) & ~(
-	                                                       LOGD_VPN_PLUGIN | /*not even part of ALL, because it might expose sensitive information. */
-	                                                       0),
+	LOGD_ALL       = (((__LOGD_MAX - 1LL) << 1) - 1LL),
 	LOGD_DEFAULT   = LOGD_ALL & ~(
 	                              LOGD_DBUS_PROPS |
 	                              LOGD_WIFI_SCAN |
author	Thomas Haller <thaller@redhat.com>	2016-06-16 22:30:41 +0200
committer	Thomas Haller <thaller@redhat.com>	2016-06-17 08:19:44 +0200
commit	4143fbde177bfac29d28904a47102208dd34bec7 (patch)
tree	1cb96eb6f86dfde4fe95b023763a8221ed11e707
parent	af507cd0893f8140a5c62a176ba70f12b642a0fa (diff)
download	NetworkManager-4143fbde177bfac29d28904a47102208dd34bec7.tar.gz