From 0973548ef45ccc4c51bf1d091b725647c916f358 Mon Sep 17 00:00:00 2001 From: Jukka Rissanen Date: Wed, 13 Feb 2013 17:28:59 +0200 Subject: [PATCH] vpn-provider: Avoid printing password to log files Add a variant to vpn_provider_set_string() that does not print sensitive data like password in clear text to log files. --- vpn/plugins/l2tp.c | 3 ++- vpn/plugins/pptp.c | 3 ++- vpn/vpn-provider.c | 19 ++++++++++++++++--- vpn/vpn-provider.h | 2 ++ 4 files changed, 22 insertions(+), 5 deletions(-) diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c index 0a7ebf1..2a16ca6 100644 --- a/vpn/plugins/l2tp.c +++ b/vpn/plugins/l2tp.c @@ -643,7 +643,8 @@ static int run_connect(struct vpn_provider *provider, } vpn_provider_set_string(provider, "L2TP.User", username); - vpn_provider_set_string(provider, "L2TP.Password", password); + vpn_provider_set_string_hide_value(provider, "L2TP.Password", + password); DBG("username %s password %p", username, password); diff --git a/vpn/plugins/pptp.c b/vpn/plugins/pptp.c index 0e6b07a..c0d7c00 100644 --- a/vpn/plugins/pptp.c +++ b/vpn/plugins/pptp.c @@ -442,7 +442,8 @@ static int run_connect(struct vpn_provider *provider, } vpn_provider_set_string(provider, "PPTP.User", username); - vpn_provider_set_string(provider, "PPTP.Password", password); + vpn_provider_set_string_hide_value(provider, "PPTP.Password", + password); DBG("username %s password %p", username, password); diff --git a/vpn/vpn-provider.c b/vpn/vpn-provider.c index 36db938..8b68dba 100644 --- a/vpn/vpn-provider.c +++ b/vpn/vpn-provider.c @@ -2007,10 +2007,11 @@ const char * __vpn_provider_get_ident(struct vpn_provider *provider) return provider->identifier; } -int vpn_provider_set_string(struct vpn_provider *provider, - const char *key, const char *value) +static int set_string(struct vpn_provider *provider, + const char *key, const char *value, gboolean hide_value) { - DBG("provider %p key %s value %s", provider, key, value); + DBG("provider %p key %s value %s", provider, key, + hide_value ? "" : value); if (g_str_equal(key, "Type") == TRUE) { g_free(provider->type); @@ -2030,6 +2031,18 @@ int vpn_provider_set_string(struct vpn_provider *provider, return 0; } +int vpn_provider_set_string(struct vpn_provider *provider, + const char *key, const char *value) +{ + return set_string(provider, key, value, FALSE); +} + +int vpn_provider_set_string_hide_value(struct vpn_provider *provider, + const char *key, const char *value) +{ + return set_string(provider, key, value, TRUE); +} + const char *vpn_provider_get_string(struct vpn_provider *provider, const char *key) { diff --git a/vpn/vpn-provider.h b/vpn/vpn-provider.h index 2889428..5626645 100644 --- a/vpn/vpn-provider.h +++ b/vpn/vpn-provider.h @@ -73,6 +73,8 @@ void vpn_provider_unref_debug(struct vpn_provider *provider, int vpn_provider_set_string(struct vpn_provider *provider, const char *key, const char *value); +int vpn_provider_set_string_hide_value(struct vpn_provider *provider, + const char *key, const char *value); const char *vpn_provider_get_string(struct vpn_provider *provider, const char *key); -- 2.7.4