# HG changeset patch
# User Aki Tuomi <aki.tuomi@dovecot.fi>
# Date 1489577351 -7200
# Node ID 0347ed67254e7508ed1d801e1b33970b31dbdf70
# Parent  ad2aa897a8d709c3aed47e2a09e1c8c6181a06a0
auth: Properly hide all fields with passwords

client reply line wasn't hiding all items
which contain 'pass' substring. This was
inconsistent behaviour since elsewhere this was done.

diff -r ad2aa897a8d7 -r 0347ed67254e src/auth/auth-client-connection.c
--- a/src/auth/auth-client-connection.c	Wed Mar 15 18:20:31 2017 +0200
+++ b/src/auth/auth-client-connection.c	Wed Mar 15 13:29:11 2017 +0200
@@ -34,17 +34,31 @@
 
 static const char *reply_line_hide_pass(const char *line)
 {
+	string_t *newline;
 	const char *p, *p2;
 
-	/* hide proxy reply password */
-	p = strstr(line, "\tpass=");
-	if (p == NULL)
+	if (strstr(line, "pass") == NULL)
 		return line;
-	p += 6;
+
+	newline = t_str_new(strlen(line));
+
+	const char *const *fields = t_strsplit(line, "\t");
 
-	p2 = strchr(p, '\t');
-	return t_strconcat(t_strdup_until(line, p), PASSWORD_HIDDEN_STR,
-			   p2, NULL);
+	while(*fields != NULL) {
+		p = strstr(*fields, "pass");
+		p2 = strchr(*fields, '=');
+		if (p == NULL || p2 == NULL || p2 < p) {
+			str_append(newline, *fields);
+		} else {
+			/* include = */
+			str_append_data(newline, *fields, (p2 - *fields)+1);
+			str_append(newline, PASSWORD_HIDDEN_STR);
+		}
+		str_append_c(newline, '\t');
+		fields++;
+	}
+
+	return str_c(newline);
 }
 
 static void auth_client_send(struct auth_client_connection *conn,