From 1e43bfe979ff9971778b8202c638dc580f45f572 Mon Sep 17 00:00:00 2001 From: MadCamel Date: Sun, 17 Nov 2013 04:20:19 -0500 Subject: tmwa-admin should no longer log passwords in cleartext This is ugly. I'd rather X-out the password in the buffer while in the addaccount function and THEN log the buffer afterwards, but I can't figure out how to do that with all this weird string typing. I guess it's a "good thing" I can't even figure out how to mash memory outside of the local function? --- src/admin/ladmin.cpp | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'src/admin/ladmin.cpp') diff --git a/src/admin/ladmin.cpp b/src/admin/ladmin.cpp index bdd6cf5..93002c6 100644 --- a/src/admin/ladmin.cpp +++ b/src/admin/ladmin.cpp @@ -1813,8 +1813,27 @@ void prompt(void) } else { - LADMIN_LOG("Command: '%s', parameters: '%s'\n", - command, parameters); + // We don't want passwords in the log - Camel + if (command == "create" || command == "add" || command == "password") { + FString name, email_, password; + VString<1> sex_; + + if (qsplit(parameters, &name, &sex_, &email_, &password)) + LADMIN_LOG("Command: '%s', parameters: '%s %s %s ***'\n", + command, name, sex_, email_); + else if (qsplit(parameters, &name, &sex_, &password)) + LADMIN_LOG("Command: '%s', parameters: '%s %s ***'\n", + command, name, sex_); + else if (qsplit(parameters, &name, &password)) + LADMIN_LOG("Command: '%s', parameters: '%s ***'\n", + command, name); + else + LADMIN_LOG("Command: '%s' (invalid parameters)\n", command); + } + else { + LADMIN_LOG("Command: '%s', parameters: '%s'\n", + command, parameters); + } } // Analyse of the command -- cgit v1.2.3-60-g2f50