From 774deaded1bc782b6a2670720e0fde3c7df7cde4 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 03 Feb 2014 09:34:55 -0500
Subject: [PATCH] Don't EVER log passwords
---
program/lib/Roundcube/rcube_smtp.php | 11 +++++++++++
program/lib/Roundcube/rcube_ldap_generic.php | 4 ++--
program/lib/Roundcube/rcube_imap_generic.php | 34 ++++++++++++++++++++++++----------
plugins/password/drivers/ldap_simple.php | 4 ++--
4 files changed, 39 insertions(+), 14 deletions(-)
diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php
index 47e3b07..3e167ea 100644
--- a/plugins/password/drivers/ldap_simple.php
+++ b/plugins/password/drivers/ldap_simple.php
@@ -113,7 +113,7 @@
return PASSWORD_CRYPT_ERROR;
}
- $this->_debug("C: Bind $binddn [pass: $bindpw]");
+ $this->_debug("C: Bind $binddn, pass: **** [" . strlen($bindpw) . "]");
// Bind
if (!ldap_bind($ds, $binddn, $bindpw)) {
@@ -175,7 +175,7 @@
return null;
}
- $this->_debug("C: Bind $search_user [pass: $search_pass]");
+ $this->_debug("C: Bind $search_user, pass: **** [" . strlen($search_pass) . "]");
// Bind
if (!ldap_bind($ds, $search_user, $search_pass)) {
diff --git a/program/lib/Roundcube/rcube_imap_generic.php b/program/lib/Roundcube/rcube_imap_generic.php
index f9a62f0..9035840 100644
--- a/program/lib/Roundcube/rcube_imap_generic.php
+++ b/program/lib/Roundcube/rcube_imap_generic.php
@@ -73,6 +73,7 @@
const COMMAND_NORESPONSE = 1;
const COMMAND_CAPABILITY = 2;
const COMMAND_LASTLINE = 4;
+ const COMMAND_ANONYMIZED = 8;
const DEBUG_LINE_LENGTH = 4098; // 4KB + 2B for \r\n
@@ -88,16 +89,28 @@
*
* @param string $string Command string
* @param bool $endln True if CRLF need to be added at the end of command
+ * @param bool $anonymized Don't write the given data to log but a placeholder
*
* @param int Number of bytes sent, False on error
*/
- function putLine($string, $endln=true)
+ function putLine($string, $endln=true, $anonymized=false)
{
if (!$this->fp)
return false;
if ($this->_debug) {
- $this->debug('C: '. rtrim($string));
+ // anonymize the sent command for logging
+ $cut = $endln ? 2 : 0;
+ if ($anonymized && preg_match('/^(A\d+ (?:[A-Z]+ )+)(.+)/', $string, $m)) {
+ $log = $m[1] . sprintf('****** [%d]', strlen($m[2]) - $cut);
+ }
+ else if ($anonymized) {
+ $log = sprintf('****** [%d]', strlen($string) - $cut);
+ }
+ else {
+ $log = rtrim($string);
+ }
+ $this->debug('C: ' . $log);
}
$res = fwrite($this->fp, $string . ($endln ? "\r\n" : ''));
@@ -116,10 +129,11 @@
*
* @param string $string Command string
* @param bool $endln True if CRLF need to be added at the end of command
+ * @param bool $anonymized Don't write the given data to log but a placeholder
*
* @return int|bool Number of bytes sent, False on error
*/
- function putLineC($string, $endln=true)
+ function putLineC($string, $endln=true, $anonymized=false)
{
if (!$this->fp) {
return false;
@@ -138,7 +152,7 @@
$parts[$i+1] = sprintf("{%d+}\r\n", $matches[1]);
}
- $bytes = $this->putLine($parts[$i].$parts[$i+1], false);
+ $bytes = $this->putLine($parts[$i].$parts[$i+1], false, $anonymized);
if ($bytes === false)
return false;
$res += $bytes;
@@ -153,7 +167,7 @@
$i++;
}
else {
- $bytes = $this->putLine($parts[$i], false);
+ $bytes = $this->putLine($parts[$i], false, $anonymized);
if ($bytes === false)
return false;
$res += $bytes;
@@ -519,7 +533,7 @@
$reply = base64_encode($user . ' ' . $hash);
// send result
- $this->putLine($reply);
+ $this->putLine($reply, true, true);
}
else {
// RFC2831: DIGEST-MD5
@@ -537,7 +551,7 @@
base64_decode($challenge), $this->host, 'imap', $user));
// send result
- $this->putLine($reply);
+ $this->putLine($reply, true, true);
$line = trim($this->readReply());
if ($line[0] == '+') {
@@ -577,7 +591,7 @@
// RFC 4959 (SASL-IR): save one round trip
if ($this->getCapability('SASL-IR')) {
list($result, $line) = $this->execute("AUTHENTICATE PLAIN", array($reply),
- self::COMMAND_LASTLINE | self::COMMAND_CAPABILITY);
+ self::COMMAND_LASTLINE | self::COMMAND_CAPABILITY | self::COMMAND_ANONYMIZED);
}
else {
$this->putLine($this->nextTag() . " AUTHENTICATE PLAIN");
@@ -588,7 +602,7 @@
}
// send result, get reply and process it
- $this->putLine($reply);
+ $this->putLine($reply, true, true);
$line = $this->readReply();
$result = $this->parseResult($line);
}
@@ -3419,7 +3433,7 @@
}
// Send command
- if (!$this->putLineC($query)) {
+ if (!$this->putLineC($query, true, ($options & self::COMMAND_ANONYMIZED))) {
$this->setError(self::ERROR_COMMAND, "Unable to send command: $query");
return $noresp ? self::ERROR_COMMAND : array(self::ERROR_COMMAND, '');
}
diff --git a/program/lib/Roundcube/rcube_ldap_generic.php b/program/lib/Roundcube/rcube_ldap_generic.php
index 923a12a..b85afe4 100644
--- a/program/lib/Roundcube/rcube_ldap_generic.php
+++ b/program/lib/Roundcube/rcube_ldap_generic.php
@@ -240,7 +240,7 @@
$method = 'DIGEST-MD5';
}
- $this->_debug("C: SASL Bind [mech: $method, authc: $authc, authz: $authz, pass: $pass]");
+ $this->_debug("C: SASL Bind [mech: $method, authc: $authc, authz: $authz, pass: **** [" . strlen($pass) . "]");
if (ldap_sasl_bind($this->conn, NULL, $pass, $method, NULL, $authc, $authz)) {
$this->_debug("S: OK");
@@ -271,7 +271,7 @@
return false;
}
- $this->_debug("C: Bind $dn [pass: $pass]");
+ $this->_debug("C: Bind $dn, pass: **** [" . strlen($pass) . "]");
if (@ldap_bind($this->conn, $dn, $pass)) {
$this->_debug("S: OK");
diff --git a/program/lib/Roundcube/rcube_smtp.php b/program/lib/Roundcube/rcube_smtp.php
index 5f1200b..70f15dc 100644
--- a/program/lib/Roundcube/rcube_smtp.php
+++ b/program/lib/Roundcube/rcube_smtp.php
@@ -29,6 +29,7 @@
private $conn = null;
private $response;
private $error;
+ private $anonymize_log = 0;
// define headers delimiter
const SMTP_MIME_CRLF = "\r\n";
@@ -111,6 +112,7 @@
if ($rcube->config->get('smtp_debug')) {
$this->conn->setDebug(true, array($this, 'debug_handler'));
+ $this->anonymize_log = 0;
}
// register authentication methods
@@ -330,6 +332,15 @@
*/
public function debug_handler(&$smtp, $message)
{
+ // catch AUTH commands and set anonymization flag for subsequent sends
+ if (preg_match('/^Send: AUTH ([A-Z]+)/', $message, $m)) {
+ $this->anonymize_log = $m[1] == 'LOGIN' ? 2 : 1;
+ }
+ // anonymize this log entry
+ else if ($this->anonymize_log > 0 && strpos($message, 'Send:') === 0 && --$this->anonymize_log == 0) {
+ $message = sprintf('Send: ****** [%d]', strlen($message) - 8);
+ }
+
if (($len = strlen($message)) > self::DEBUG_LINE_LENGTH) {
$diff = $len - self::DEBUG_LINE_LENGTH;
$message = substr($message, 0, self::DEBUG_LINE_LENGTH)
--
Gitblit v1.9.1