dovecot-2.2: auth_debug_passwords: Add a warning to AUTH/CONT li...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Feb 22 16:42:34 EET 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/0ceb0029a781
changeset: 15896:0ceb0029a781
user: Timo Sirainen <tss at iki.fi>
date: Fri Feb 22 16:42:23 2013 +0200
description:
auth_debug_passwords: Add a warning to AUTH/CONT lines about them having sensitive data.
diffstat:
src/auth/auth-client-connection.c | 21 +++++++++++++++------
1 files changed, 15 insertions(+), 6 deletions(-)
diffs (67 lines):
diff -r dcbebe49922a -r 0ceb0029a781 src/auth/auth-client-connection.c
--- a/src/auth/auth-client-connection.c Fri Feb 22 16:21:20 2013 +0200
+++ b/src/auth/auth-client-connection.c Fri Feb 22 16:42:23 2013 +0200
@@ -24,6 +24,9 @@
#define OUTBUF_THROTTLE_SIZE (1024*50)
+#define AUTH_DEBUG_SENSITIVE_SUFFIX \
+ " (previous base64 data may contain sensitive data)"
+
static void auth_client_disconnected(struct auth_client_connection **_conn);
static void auth_client_connection_unref(struct auth_client_connection **_conn);
static void auth_client_input(struct auth_client_connection *conn);
@@ -150,7 +153,8 @@
return 1;
}
-static const char *auth_line_hide_pass(const char *line)
+static const char *
+auth_line_hide_pass(struct auth_client_connection *conn, const char *line)
{
const char *p, *p2;
@@ -159,15 +163,22 @@
return line;
p += 6;
+ if (conn->auth->set->debug_passwords)
+ return t_strconcat(line, AUTH_DEBUG_SENSITIVE_SUFFIX, NULL);
+
p2 = strchr(p, '\t');
return t_strconcat(t_strdup_until(line, p), PASSWORD_HIDDEN_STR,
p2, NULL);
}
-static const char *cont_line_hide_pass(const char *line)
+static const char *
+cont_line_hide_pass(struct auth_client_connection *conn, const char *line)
{
const char *p;
+ if (conn->auth->set->debug_passwords)
+ return t_strconcat(line, AUTH_DEBUG_SENSITIVE_SUFFIX, NULL);
+
p = strchr(line, '\t');
if (p == NULL)
return line;
@@ -195,8 +206,7 @@
if (strncmp(line, "AUTH\t", 5) == 0) {
if (conn->auth->set->debug) {
i_debug("client in: %s",
- conn->auth->set->debug_passwords ? line :
- auth_line_hide_pass(line));
+ auth_line_hide_pass(conn, line));
}
return auth_request_handler_auth_begin(conn->request_handler,
line + 5);
@@ -204,8 +214,7 @@
if (strncmp(line, "CONT\t", 5) == 0) {
if (conn->auth->set->debug) {
i_debug("client in: %s",
- conn->auth->set->debug_passwords ? line :
- cont_line_hide_pass(line));
+ cont_line_hide_pass(conn, line));
}
return auth_request_handler_auth_continue(conn->request_handler,
line + 5);
More information about the dovecot-cvs
mailing list