logging: enable logging domain VPN_PLUGIN up to level <info>

The logging domain VPN_PLUGIN controlls logging of the VPN plugins. Especially at verbose levels <debug> and <trace>, the plugins might reveal sensitive information in the logging. Thus, this level should not be enabled by a $ nmcli logging general level DEBUG domains ALL It should only be enabled when requested explicitly. $ nmcli logging general level DEBUG domains ALL,VPN_PLUGIN:DEBUG Previously, the special level VPN_PLUGIN was entirely excluded from ALL and DEFAULT domains and it was entirely disabled by default. That is however to strict, as it completely silences the VPN plugins by defult. Now, enable them by default up to level INFO. VPN plugins should take care that they don't reveal sensitive information at levels <info> (LOG_NOTICE) and higher (less verbose). For more verbose levels they may print passwords, but that should still be avoided as far as possible.
2026-02-04 10:40:58 +01:00 · 2016-06-16 22:30:41 +02:00 · 2016-06-16 22:30:41 +02:00 · 4143fbde17
commit 4143fbde17
parent af507cd089
3 changed files with 25 additions and 11 deletions
--- a/man/NetworkManager.conf.xml
+++ b/man/NetworkManager.conf.xml
@ -527,9 +527,11 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth
          <para>
          In general, the logfile should not contain passwords or private data. However,
          you are always advised to check the file before posting it online or attaching
-          to a bug report. <literal>VPN_PLUGIN</literal> is special in that it might
-          reveal private information from the VPN plugins and thus this level is excluded
-          from <literal>ALL</literal></para>
+          to a bug report. <literal>VPN_PLUGIN</literal> is special as it might reveal
+          private information of the VPN plugins with verbose levels. Therefore this domain
+          will be excluded when setting <literal>ALL</literal> or <literal>DEFAULT</literal>
+          to more verbose levels then <literal>INFO</literal>.
+          </para>
        </varlistentry>
        <varlistentry>
          <term><varname>backend</varname></term>
--- a/src/nm-logging.c
+++ b/src/nm-logging.c
@ -108,7 +108,10 @@ typedef struct {
 } LogLevelDesc;

 NMLogDomain _nm_logging_enabled_state[_LOGL_N_REAL] = {
-	/* nm_logging_setup ("INFO", LOGD_DEFAULT_STRING, NULL, NULL); */
+	/* nm_logging_setup ("INFO", LOGD_DEFAULT_STRING, NULL, NULL);
+	 *
+	 * Note: LOGD_VPN_PLUGIN is special and must be disabled for
+	 * DEBUG and TRACE levels. */
 	[LOGL_INFO] = LOGD_DEFAULT,
 	[LOGL_WARN] = LOGD_DEFAULT,
 	[LOGL_ERR]  = LOGD_DEFAULT,
@ -263,6 +266,11 @@ nm_logging_setup (const char  *level,
 		NMLogDomain bits;
 		char *p;

+		/* LOGD_VPN_PLUGIN is protected, that is, when setting ALL or DEFAULT,
+		 * it does not enable the verbose levels DEBUG and TRACE, because that
+		 * may expose sensitive data. */
+		NMLogDomain protect = LOGD_NONE;
+
 		if (!strlen (*iter))
 			continue;

@ -279,11 +287,13 @@ nm_logging_setup (const char  *level,
 		bits = 0;

 		/* Check for combined domains */
-		if (!g_ascii_strcasecmp (*iter, LOGD_ALL_STRING))
+		if (!g_ascii_strcasecmp (*iter, LOGD_ALL_STRING)) {
 			bits = LOGD_ALL;
-		else if (!g_ascii_strcasecmp (*iter, LOGD_DEFAULT_STRING))
+			protect = LOGD_VPN_PLUGIN;
+		} else if (!g_ascii_strcasecmp (*iter, LOGD_DEFAULT_STRING)) {
 			bits = LOGD_DEFAULT;
-		else if (!g_ascii_strcasecmp (*iter, LOGD_DHCP_STRING))
+			protect = LOGD_VPN_PLUGIN;
+		} else if (!g_ascii_strcasecmp (*iter, LOGD_DHCP_STRING))
 			bits = LOGD_DHCP;
 		else if (!g_ascii_strcasecmp (*iter, LOGD_IP_STRING))
 			bits = LOGD_IP;
@ -325,8 +335,12 @@ nm_logging_setup (const char  *level,
 			for (i = 0; i < G_N_ELEMENTS (new_logging); i++) {
 				if (i < domain_log_level)
 					new_logging[i] &= ~bits;
-				else
+				else {
 					new_logging[i] |= bits;
+					if (   protect
+					    && i < LOGL_INFO)
+						new_logging[i] &= ~protect;
+				}
 			}
 		}
 	}
--- a/src/nm-logging.h
+++ b/src/nm-logging.h
@ -68,9 +68,7 @@ typedef enum  { /*< skip >*/
 	LOGD_VPN_PLUGIN = (1LL << 36),

 	__LOGD_MAX,
-	LOGD_ALL       = (((__LOGD_MAX - 1LL) << 1) - 1LL) & ~(
-	                                                       LOGD_VPN_PLUGIN | /*not even part of ALL, because it might expose sensitive information. */
-	                                                       0),
+	LOGD_ALL       = (((__LOGD_MAX - 1LL) << 1) - 1LL),
 	LOGD_DEFAULT   = LOGD_ALL & ~(
 	                              LOGD_DBUS_PROPS |
 	                              LOGD_WIFI_SCAN |