dovecot-2.1: auth: If auth_debug_passwords=no, hide values of us...

dovecot at dovecot.org dovecot at dovecot.org
Tue Sep 6 17:04:39 EEST 2011 

details:   http://hg.dovecot.org/dovecot-2.1/rev/7b115033405d
changeset: 13407:7b115033405d
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Sep 06 17:01:29 2011 +0300
description:
auth: If auth_debug_passwords=no, hide values of userdb keys containing "pass" string.

diffstat:

 src/auth/auth-master-connection.c |  36 ++++++++++++++++++++++++++++++++----
 1 files changed, 32 insertions(+), 4 deletions(-)

diffs (60 lines):

diff -r 991ce1aed5f7 -r 7b115033405d src/auth/auth-master-connection.c
--- a/src/auth/auth-master-connection.c	Tue Sep 06 16:42:19 2011 +0300
+++ b/src/auth/auth-master-connection.c	Tue Sep 06 17:01:29 2011 +0300
@@ -44,6 +44,30 @@
 
 ARRAY_TYPE(auth_master_connections) auth_master_connections;
 
+static const char *
+auth_master_reply_hide_passwords(struct auth_master_connection *conn,
+				 const char *str)
+{
+	char **args, *p, *p2;
+	unsigned int i;
+
+	if (conn->auth->set->debug_passwords)
+		return str;
+
+	/* hide all parameters that have "pass" in their key */
+	args = p_strsplit(pool_datastack_create(), str, "\t");
+	for (i = 0; args[i] != NULL; i++) {
+		p = strstr(args[i], "pass");
+		p2 = strchr(args[i], '=');
+		if (p != NULL && p < p2) {
+			*p2 = '\0';
+			args[i] = p_strconcat(pool_datastack_create(),
+					      args[i], "=<hidden>", NULL);
+		}
+	}
+	return t_strarray_join((void *)args, "\t");
+}
+
 void auth_master_request_callback(struct auth_stream_reply *reply,
 				  void *context)
 {
@@ -53,8 +77,10 @@
 
 	reply_str = auth_stream_reply_export(reply);
 
-	if (conn->auth->set->debug)
-		i_debug("master out: %s", reply_str);
+	if (conn->auth->set->debug) {
+		i_debug("master out: %s",
+			auth_master_reply_hide_passwords(conn, reply_str));
+	}
 
 	iov[0].iov_base = reply_str;
 	iov[0].iov_len = strlen(reply_str);
@@ -228,8 +254,10 @@
 		break;
 	}
 
-	if (conn->auth->set->debug)
-		i_debug("master out: %s", str_c(str));
+	if (conn->auth->set->debug) {
+		i_debug("master out: %s",
+			auth_master_reply_hide_passwords(conn, str_c(str)));
+	}
 
 	str_append_c(str, '\n');
 	(void)o_stream_send(conn->output, str_data(str), str_len(str));

More information about the dovecot-cvs mailing list