# HG changeset patch
# User Timo Sirainen <tss@iki.fi>
# Date 1203601213 -7200
# Node ID e0debdcd2e10cd788e324775d43ae5ab0f7878e7
# Parent  e8b5e5da1c09cacbd3dfccf2ed10ab88d5b5cd34
auth_debug: Hide passwords from "cache hit" log lines if
auth_debug_passwords=no

diff -r e8b5e5da1c09 -r e0debdcd2e10 src/auth/passdb-cache.c
--- a/src/auth/passdb-cache.c	Thu Feb 21 15:36:08 2008 +0200
+++ b/src/auth/passdb-cache.c	Thu Feb 21 15:40:13 2008 +0200
@@ -9,6 +9,20 @@
 
 struct auth_cache *passdb_cache = NULL;
 
+static void
+passdb_cache_log_hit(struct auth_request *request, const char *value)
+{
+	const char *p;
+
+	if (!request->auth->verbose_debug_passwords &&
+	    *value != '\0' && *value != '\t') {
+		/* hide the password */
+		p = strchr(value, '\t');
+		value = t_strconcat("<hidden>", p, NULL);
+	}
+	auth_request_log_debug(request, "cache", "hit: %s", value);
+}
+
 bool passdb_cache_verify_plain(struct auth_request *request, const char *key,
 			       const char *password,
 			       enum passdb_result *result_r, int use_expired)
@@ -28,7 +42,7 @@
 				       value == NULL ? "miss" : "expired");
 		return FALSE;
 	}
-	auth_request_log_debug(request, "cache", "hit: %s", value);
+	passdb_cache_log_hit(request, value);
 
 	if (*value == '\0') {
 		/* negative cache entry */
@@ -88,7 +102,7 @@
 				       value == NULL ? "miss" : "expired");
 		return FALSE;
 	}
-	auth_request_log_debug(request, "cache", "hit: %s", value);
+	passdb_cache_log_hit(request, value);
 
 	if (*value == '\0') {
 		/* negative cache entry */