dovecot-2.2: auth_debug_passwords: Add a warning to AUTH/CONT li...

dovecot at dovecot.org dovecot at dovecot.org
Fri Feb 22 16:42:34 EET 2013 

details:   http://hg.dovecot.org/dovecot-2.2/rev/0ceb0029a781
changeset: 15896:0ceb0029a781
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Feb 22 16:42:23 2013 +0200
description:
auth_debug_passwords: Add a warning to AUTH/CONT lines about them having sensitive data.

diffstat:

 src/auth/auth-client-connection.c |  21 +++++++++++++++------
 1 files changed, 15 insertions(+), 6 deletions(-)

diffs (67 lines):

diff -r dcbebe49922a -r 0ceb0029a781 src/auth/auth-client-connection.c
--- a/src/auth/auth-client-connection.c	Fri Feb 22 16:21:20 2013 +0200
+++ b/src/auth/auth-client-connection.c	Fri Feb 22 16:42:23 2013 +0200
@@ -24,6 +24,9 @@
 
 #define OUTBUF_THROTTLE_SIZE (1024*50)
 
+#define AUTH_DEBUG_SENSITIVE_SUFFIX \
+	" (previous base64 data may contain sensitive data)"
+
 static void auth_client_disconnected(struct auth_client_connection **_conn);
 static void auth_client_connection_unref(struct auth_client_connection **_conn);
 static void auth_client_input(struct auth_client_connection *conn);
@@ -150,7 +153,8 @@
 	return 1;
 }
 
-static const char *auth_line_hide_pass(const char *line)
+static const char *
+auth_line_hide_pass(struct auth_client_connection *conn, const char *line)
 {
 	const char *p, *p2;
 
@@ -159,15 +163,22 @@
 		return line;
 	p += 6;
 
+	if (conn->auth->set->debug_passwords)
+		return t_strconcat(line, AUTH_DEBUG_SENSITIVE_SUFFIX, NULL);
+
 	p2 = strchr(p, '\t');
 	return t_strconcat(t_strdup_until(line, p), PASSWORD_HIDDEN_STR,
 			   p2, NULL);
 }
 
-static const char *cont_line_hide_pass(const char *line)
+static const char *
+cont_line_hide_pass(struct auth_client_connection *conn, const char *line)
 {
 	const char *p;
 
+	if (conn->auth->set->debug_passwords)
+		return t_strconcat(line, AUTH_DEBUG_SENSITIVE_SUFFIX, NULL);
+
 	p = strchr(line, '\t');
 	if (p == NULL)
 		return line;
@@ -195,8 +206,7 @@
 	if (strncmp(line, "AUTH\t", 5) == 0) {
 		if (conn->auth->set->debug) {
 			i_debug("client in: %s",
-				conn->auth->set->debug_passwords ? line :
-				auth_line_hide_pass(line));
+				auth_line_hide_pass(conn, line));
 		}
 		return auth_request_handler_auth_begin(conn->request_handler,
 						       line + 5);
@@ -204,8 +214,7 @@
 	if (strncmp(line, "CONT\t", 5) == 0) {
 		if (conn->auth->set->debug) {
 			i_debug("client in: %s",
-				conn->auth->set->debug_passwords ? line :
-				cont_line_hide_pass(line));
+				cont_line_hide_pass(conn, line));
 		}
 		return auth_request_handler_auth_continue(conn->request_handler,
 							  line + 5);

More information about the dovecot-cvs mailing list