vpn-provider: Avoid printing password to log files

Add a variant to vpn_provider_set_string() that does not print
sensitive data like password in clear text to log files.

diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c
index 0a7ebf1..2a16ca6 100644 (file)
--- a/vpn/plugins/l2tp.c
+++ b/vpn/plugins/l2tp.c
@@ -643,7 +643,8 @@ static int run_connect(struct vpn_provider *provider,
        }
 
        vpn_provider_set_string(provider, "L2TP.User", username);
-       vpn_provider_set_string(provider, "L2TP.Password", password);
+       vpn_provider_set_string_hide_value(provider, "L2TP.Password",
+                                                               password);
 
        DBG("username %s password %p", username, password);
 

diff --git a/vpn/plugins/pptp.c b/vpn/plugins/pptp.c
index 0e6b07a..c0d7c00 100644 (file)
--- a/vpn/plugins/pptp.c
+++ b/vpn/plugins/pptp.c
@@ -442,7 +442,8 @@ static int run_connect(struct vpn_provider *provider,
        }
 
        vpn_provider_set_string(provider, "PPTP.User", username);
-       vpn_provider_set_string(provider, "PPTP.Password", password);
+       vpn_provider_set_string_hide_value(provider, "PPTP.Password",
+                                                               password);
 
        DBG("username %s password %p", username, password);
 

diff --git a/vpn/vpn-provider.c b/vpn/vpn-provider.c
index 36db938..8b68dba 100644 (file)
--- a/vpn/vpn-provider.c
+++ b/vpn/vpn-provider.c
@@ -2007,10 +2007,11 @@ const char * __vpn_provider_get_ident(struct vpn_provider *provider)
        return provider->identifier;
 }
 
-int vpn_provider_set_string(struct vpn_provider *provider,
-                                       const char *key, const char *value)
+static int set_string(struct vpn_provider *provider,
+               const char *key, const char *value, gboolean hide_value)
 {
-       DBG("provider %p key %s value %s", provider, key, value);
+       DBG("provider %p key %s value %s", provider, key,
+               hide_value ? "<not printed>" : value);
 
        if (g_str_equal(key, "Type") == TRUE) {
                g_free(provider->type);
@@ -2030,6 +2031,18 @@ int vpn_provider_set_string(struct vpn_provider *provider,
        return 0;
 }
 
+int vpn_provider_set_string(struct vpn_provider *provider,
+                                       const char *key, const char *value)
+{
+       return set_string(provider, key, value, FALSE);
+}
+
+int vpn_provider_set_string_hide_value(struct vpn_provider *provider,
+                                       const char *key, const char *value)
+{
+       return set_string(provider, key, value, TRUE);
+}
+
 const char *vpn_provider_get_string(struct vpn_provider *provider,
                                                        const char *key)
 {

diff --git a/vpn/vpn-provider.h b/vpn/vpn-provider.h
index 2889428..5626645 100644 (file)
--- a/vpn/vpn-provider.h
+++ b/vpn/vpn-provider.h
@@ -73,6 +73,8 @@ void vpn_provider_unref_debug(struct vpn_provider *provider,
 
 int vpn_provider_set_string(struct vpn_provider *provider,
                                        const char *key, const char *value);
+int vpn_provider_set_string_hide_value(struct vpn_provider *provider,
+                                       const char *key, const char *value);
 const char *vpn_provider_get_string(struct vpn_provider *provider,
                                                        const char *key);