diff options
author | MadCamel <madcamel@gmail.com> | 2013-11-17 04:20:19 -0500 |
---|---|---|
committer | MadCamel <madcamel@gmail.com> | 2013-11-17 04:20:19 -0500 |
commit | 1e43bfe979ff9971778b8202c638dc580f45f572 (patch) | |
tree | 435cc9dda5a7a805b2513a9ed43e49c9d329c902 /src | |
parent | 131dbdbfd087c4144d02cd605318688ee850f027 (diff) | |
download | tmwa-1e43bfe979ff9971778b8202c638dc580f45f572.tar.gz tmwa-1e43bfe979ff9971778b8202c638dc580f45f572.tar.bz2 tmwa-1e43bfe979ff9971778b8202c638dc580f45f572.tar.xz tmwa-1e43bfe979ff9971778b8202c638dc580f45f572.zip |
tmwa-admin should no longer log passwords in cleartext
This is ugly. I'd rather X-out the password in the buffer while in the
addaccount function and THEN log the buffer afterwards, but I can't
figure out how to do that with all this weird string typing. I guess
it's a "good thing" I can't even figure out how to mash memory outside
of the local function?
Diffstat (limited to 'src')
-rw-r--r-- | src/admin/ladmin.cpp | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/src/admin/ladmin.cpp b/src/admin/ladmin.cpp index bdd6cf5..93002c6 100644 --- a/src/admin/ladmin.cpp +++ b/src/admin/ladmin.cpp @@ -1813,8 +1813,27 @@ void prompt(void) } else { - LADMIN_LOG("Command: '%s', parameters: '%s'\n", - command, parameters); + // We don't want passwords in the log - Camel + if (command == "create" || command == "add" || command == "password") { + FString name, email_, password; + VString<1> sex_; + + if (qsplit(parameters, &name, &sex_, &email_, &password)) + LADMIN_LOG("Command: '%s', parameters: '%s %s %s ***'\n", + command, name, sex_, email_); + else if (qsplit(parameters, &name, &sex_, &password)) + LADMIN_LOG("Command: '%s', parameters: '%s %s ***'\n", + command, name, sex_); + else if (qsplit(parameters, &name, &password)) + LADMIN_LOG("Command: '%s', parameters: '%s ***'\n", + command, name); + else + LADMIN_LOG("Command: '%s' (invalid parameters)\n", command); + } + else { + LADMIN_LOG("Command: '%s', parameters: '%s'\n", + command, parameters); + } } // Analyse of the command |