From: Timo Sirainen Date: Tue, 8 Oct 2013 13:48:04 +0000 (+0300) Subject: auth: Added ability to truncate values logged by auth_verbose_passwords. X-Git-Tag: 2.2.7~91 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4addfd26372c6ae32ec93252696d86fd32081327;p=thirdparty%2Fdovecot%2Fcore.git auth: Added ability to truncate values logged by auth_verbose_passwords. --- diff --git a/doc/example-config/conf.d/10-logging.conf b/doc/example-config/conf.d/10-logging.conf index d0e7310a66..5f2c25c150 100644 --- a/doc/example-config/conf.d/10-logging.conf +++ b/doc/example-config/conf.d/10-logging.conf @@ -26,6 +26,7 @@ # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. +# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6). #auth_verbose_passwords = no # Even more verbose logging for debugging purposes. Shows for example SQL diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c index 2c6b1d68de..06b20b6a89 100644 --- a/src/auth/auth-request.c +++ b/src/auth/auth-request.c @@ -1785,18 +1785,27 @@ static void log_password_failure(struct auth_request *request, static void auth_request_append_password(struct auth_request *request, string_t *str) { - const char *log_type = request->set->verbose_passwords; + const char *p, *log_type = request->set->verbose_passwords; + unsigned int max_len = UINT_MAX; + + p = strchr(log_type, ':'); + if (p != NULL) { + if (str_to_uint(p+1, &max_len) < 0) + i_unreached(); + log_type = t_strdup_until(log_type, p); + } if (strcmp(log_type, "plain") == 0) { str_printfa(str, "(given password: %s)", - request->mech_password); + t_strndup(request->mech_password, max_len)); } else if (strcmp(log_type, "sha1") == 0) { unsigned char sha1[SHA1_RESULTLEN]; sha1_get_digest(request->mech_password, strlen(request->mech_password), sha1); str_printfa(str, "(SHA1 of given password: %s)", - binary_to_hex(sha1, sizeof(sha1))); + t_strndup(binary_to_hex(sha1, sizeof(sha1)), + max_len)); } else { i_unreached(); } diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c index a834c8adca..8b86e2fb64 100644 --- a/src/auth/auth-settings.c +++ b/src/auth/auth-settings.c @@ -214,7 +214,7 @@ static const struct setting_define auth_setting_defines[] = { DEF(SET_BOOL, verbose), DEF(SET_BOOL, debug), DEF(SET_BOOL, debug_passwords), - DEF(SET_ENUM, verbose_passwords), + DEF(SET_STR, verbose_passwords), DEF(SET_BOOL, ssl_require_client_cert), DEF(SET_BOOL, ssl_username_from_cert), DEF(SET_BOOL, use_winbind), @@ -253,7 +253,7 @@ static const struct auth_settings auth_default_settings = { .verbose = FALSE, .debug = FALSE, .debug_passwords = FALSE, - .verbose_passwords = "no:plain:sha1", + .verbose_passwords = "no", .ssl_require_client_cert = FALSE, .ssl_username_from_cert = FALSE, .use_winbind = FALSE, @@ -314,6 +314,32 @@ auth_settings_set_self_ips(struct auth_settings *set, pool_t pool, return TRUE; } +static bool +auth_verify_verbose_password(const struct auth_settings *set, + const char **error_r) +{ + const char *p, *value = set->verbose_passwords; + unsigned int num; + + p = strchr(value, ':'); + if (p != NULL) { + if (str_to_uint(p+1, &num) < 0 || num == 0) { + *error_r = t_strdup_printf("auth_verbose_passwords: " + "Invalid truncation number: '%s'", p+1); + return FALSE; + } + value = t_strdup_until(value, p); + } + if (strcmp(value, "no") == 0) + return TRUE; + else if (strcmp(value, "plain") == 0) + return TRUE; + else if (strcmp(value, "sha1") == 0) + return TRUE; + else + return FALSE; +} + static bool auth_settings_check(void *_set, pool_t pool, const char **error_r) { @@ -339,6 +365,9 @@ static bool auth_settings_check(void *_set, pool_t pool, return FALSE; } + if (!auth_verify_verbose_password(set, error_r)) + return FALSE; + if (*set->username_chars == '\0') { /* all chars are allowed */ memset(set->username_chars_map, 1,