From 6bce748cc1d86df064d7a7677d9985c50bf2921b Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Fri, 15 Jun 2012 11:52:22 +0200 Subject: [PATCH] Admin-Passwort in Closure speichern, um versehentliche Ausgabe beim Dumpen zu vermeiden --- SL/Auth.pm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SL/Auth.pm b/SL/Auth.pm index 9ed86d665..7df576b1f 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -102,6 +102,10 @@ sub _read_auth_config { my $self = shift; map { $self->{$_} = $::lx_office_conf{authentication}->{$_} } keys %{ $::lx_office_conf{authentication} }; + + # Prevent password leakage to log files when dumping Auth instances. + $self->{admin_password} = sub { $::lx_office_conf{authentication}->{admin_password} }; + $self->{DB_config} = $::lx_office_conf{'authentication/database'}; $self->{LDAP_config} = $::lx_office_conf{'authentication/ldap'}; @@ -143,7 +147,7 @@ sub authenticate_root { my ($self, $password) = @_; $password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $password); - my $admin_password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password}); + my $admin_password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password}->()); $main::lxdebug->leave_sub(); -- 2.20.1