changeset 7277:e0debdcd2e10 HEAD

auth_debug: Hide passwords from "cache hit" log lines if auth_debug_passwords=no
author Timo Sirainen <tss@iki.fi>
date Thu, 21 Feb 2008 15:40:13 +0200
parents e8b5e5da1c09
children 27b7b6c34961
files src/auth/passdb-cache.c
diffstat 1 files changed, 16 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/passdb-cache.c	Thu Feb 21 15:36:08 2008 +0200
+++ b/src/auth/passdb-cache.c	Thu Feb 21 15:40:13 2008 +0200
@@ -9,6 +9,20 @@
 
 struct auth_cache *passdb_cache = NULL;
 
+static void
+passdb_cache_log_hit(struct auth_request *request, const char *value)
+{
+	const char *p;
+
+	if (!request->auth->verbose_debug_passwords &&
+	    *value != '\0' && *value != '\t') {
+		/* hide the password */
+		p = strchr(value, '\t');
+		value = t_strconcat("<hidden>", p, NULL);
+	}
+	auth_request_log_debug(request, "cache", "hit: %s", value);
+}
+
 bool passdb_cache_verify_plain(struct auth_request *request, const char *key,
 			       const char *password,
 			       enum passdb_result *result_r, int use_expired)
@@ -28,7 +42,7 @@
 				       value == NULL ? "miss" : "expired");
 		return FALSE;
 	}
-	auth_request_log_debug(request, "cache", "hit: %s", value);
+	passdb_cache_log_hit(request, value);
 
 	if (*value == '\0') {
 		/* negative cache entry */
@@ -88,7 +102,7 @@
 				       value == NULL ? "miss" : "expired");
 		return FALSE;
 	}
-	auth_request_log_debug(request, "cache", "hit: %s", value);
+	passdb_cache_log_hit(request, value);
 
 	if (*value == '\0') {
 		/* negative cache entry */