dovecot: auth_debug: Hide passwords from "cache hit" log lines if

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot/rev/14335cfd2fd2
changeset: 7274:14335cfd2fd2
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Feb 21 15:40:10 2008 +0200
description:
auth_debug: Hide passwords from "cache hit" log lines if
auth_debug_passwords=no

diffstat:

1 file changed, 16 insertions(+), 2 deletions(-)
src/auth/passdb-cache.c |   18 ++++++++++++++++--

diffs (42 lines):

diff -r c5a666d16a81 -r 14335cfd2fd2 src/auth/passdb-cache.c
--- a/src/auth/passdb-cache.c	Thu Feb 21 15:36:05 2008 +0200
+++ b/src/auth/passdb-cache.c	Thu Feb 21 15:40:10 2008 +0200
@@ -8,6 +8,20 @@
 #include <stdlib.h>
 
 struct auth_cache *passdb_cache = NULL;
+
+static void
+passdb_cache_log_hit(struct auth_request *request, const char *value)
+{
+	const char *p;
+
+	if (!request->auth->verbose_debug_passwords &&
+	    *value != '\0' && *value != '\t') {
+		/* hide the password */
+		p = strchr(value, '\t');
+		value = t_strconcat("<hidden>", p, NULL);
+	}
+	auth_request_log_debug(request, "cache", "hit: %s", value);
+}
 
 bool passdb_cache_verify_plain(struct auth_request *request, const char *key,
 			       const char *password,
@@ -28,7 +42,7 @@ bool passdb_cache_verify_plain(struct au
 				       value == NULL ? "miss" : "expired");
 		return FALSE;
 	}
-	auth_request_log_debug(request, "cache", "hit: %s", value);
+	passdb_cache_log_hit(request, value);
 
 	if (*value == '\0') {
 		/* negative cache entry */
@@ -88,7 +102,7 @@ bool passdb_cache_lookup_credentials(str
 				       value == NULL ? "miss" : "expired");
 		return FALSE;
 	}
-	auth_request_log_debug(request, "cache", "hit: %s", value);
+	passdb_cache_log_hit(request, value);
 
 	if (*value == '\0') {
 		/* negative cache entry */