Hi,

thank you for the patch. Have you considered to change the type of the option from DP_OPT_STRING to DP_OPT_BLOB to avoid logging the value as we already do e.g. for ldap_default_authtok?

bye,
Sumit

Have you considered to change the type of the option from DP_OPT_STRING to DP_OPT_BLOB to avoid logging the value as we already do e.g. for ldap_default_authtok?

I did.
But IIUC this would allow to configure non-ascii characters in the value and wasn't sure if 'oidc_child' would need additional filtering then.

Have you considered to change the type of the option from DP_OPT_STRING to DP_OPT_BLOB to avoid logging the value as we already do e.g. for ldap_default_authtok?

I did. But IIUC this would allow to configure non-ascii characters in the value and wasn't sure if 'oidc_child' would need additional filtering then.

I thought it is only about \0 in the value, DP_OPT_STRING would allow non-ascii like UTF-8 as well?

While talking about oidc_child, can you fix the logging in read_client_secret_from_stdin() as well?

Thanks.

bye,
Sumit

Have you considered to change the type of the option from DP_OPT_STRING to DP_OPT_BLOB to avoid logging the value as we already do e.g. for ldap_default_authtok?

I did. But IIUC this would allow to configure non-ascii characters in the value and wasn't sure if 'oidc_child' would need additional filtering then.

I thought it is only about \0 in the value, DP_OPT_STRING would allow non-ascii like UTF-8 as well?

The questions is: what should be the type of this option from idp-provider/oidc_child point of view?
I thought it was 'string', not 'blob'.
If that's the case I still think that dp_get_options() needs to be fixed, not type of the option changed just because this would change logging behavior of some utility function (this is fragile - nothing will prevent changing this utility function to log blob values as well later).

A better solution would be introduction of a new 'DP_OPT_SENSITIVE_STRING' that would have proper d-tor and serve as a reminder "do not log me", but this would be much more invasive.

As to ldap_default_authtok, I thought it has BLOB type because it can have type 'obfuscated_password' and this is really a set of random bytes, no? I might be wrong here.

While talking about oidc_child, can you fix the logging in read_client_secret_from_stdin() as well?

Done.

Coverity is green.

/gemini review

The pull request was accepted by @sumit-bose with the following PR CI status:

🟢 CodeFactor (success)
🟢 CodeQL (success)
NEUTRAL osh-diff-scan:fedora-rawhide-x86_64:upstream (neutral)
🟢 rpm-build:centos-stream-10-x86_64:upstream (success)
🟢 rpm-build:fedora-42-x86_64:upstream (success)
🟢 rpm-build:fedora-43-x86_64:upstream (success)
🟢 rpm-build:fedora-rawhide-x86_64:upstream (success)
🟢 Analyze (target) / cppcheck (success)
🟢 Build / freebsd (success)
🟢 Build / make-distcheck (success)
🟢 ci / intgcheck (centos-10) (success)
🟢 ci / intgcheck (fedora-42) (success)
🟢 ci / intgcheck (fedora-43) (success)
🟢 ci / intgcheck (fedora-44) (success)
🟢 ci / prepare (success)
🟢 ci / system (centos-10) (success)
🟢 ci / system (fedora-42) (success)
🟢 ci / system (fedora-43) (success)
🔴 ci / system (fedora-44) (failure)
➖ Coverity scan / coverity (skipped)
🟢 Static code analysis / codeql (success)
🟢 Static code analysis / pre-commit (success)
🟢 Static code analysis / python-system-tests (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.