Mercurial > dovecot > core-2.2
changeset 13407:7b115033405d
auth: If auth_debug_passwords=no, hide values of userdb keys containing "pass" string.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Tue, 06 Sep 2011 17:01:29 +0300 |
| parents | 991ce1aed5f7 |
| children | 1180505cdcdb |
| files | src/auth/auth-master-connection.c |
| diffstat | 1 files changed, 32 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-master-connection.c Tue Sep 06 16:42:19 2011 +0300 +++ b/src/auth/auth-master-connection.c Tue Sep 06 17:01:29 2011 +0300 @@ -44,6 +44,30 @@ ARRAY_TYPE(auth_master_connections) auth_master_connections; +static const char * +auth_master_reply_hide_passwords(struct auth_master_connection *conn, + const char *str) +{ + char **args, *p, *p2; + unsigned int i; + + if (conn->auth->set->debug_passwords) + return str; + + /* hide all parameters that have "pass" in their key */ + args = p_strsplit(pool_datastack_create(), str, "\t"); + for (i = 0; args[i] != NULL; i++) { + p = strstr(args[i], "pass"); + p2 = strchr(args[i], '='); + if (p != NULL && p < p2) { + *p2 = '\0'; + args[i] = p_strconcat(pool_datastack_create(), + args[i], "=<hidden>", NULL); + } + } + return t_strarray_join((void *)args, "\t"); +} + void auth_master_request_callback(struct auth_stream_reply *reply, void *context) { @@ -53,8 +77,10 @@ reply_str = auth_stream_reply_export(reply); - if (conn->auth->set->debug) - i_debug("master out: %s", reply_str); + if (conn->auth->set->debug) { + i_debug("master out: %s", + auth_master_reply_hide_passwords(conn, reply_str)); + } iov[0].iov_base = reply_str; iov[0].iov_len = strlen(reply_str); @@ -228,8 +254,10 @@ break; } - if (conn->auth->set->debug) - i_debug("master out: %s", str_c(str)); + if (conn->auth->set->debug) { + i_debug("master out: %s", + auth_master_reply_hide_passwords(conn, str_c(str))); + } str_append_c(str, '\n'); (void)o_stream_send(conn->output, str_data(str), str_len(str));