From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Fri, 15 Jun 2012 09:52:22 +0000 (+0200)
Subject: Admin-Passwort in Closure speichern, um versehentliche Ausgabe beim Dumpen zu vermeiden
X-Git-Tag: release-3.0.0beta1~317^2~5^2
X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/kivitendo-erp.git/commitdiff_plain/6bce748cc1d86df064d7a7677d9985c50bf2921b

Admin-Passwort in Closure speichern, um versehentliche Ausgabe beim Dumpen zu vermeiden
---

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 9ed86d665..7df576b1f 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -102,6 +102,10 @@ sub _read_auth_config {
   my $self = shift;
 
   map { $self->{$_} = $::lx_office_conf{authentication}->{$_} } keys %{ $::lx_office_conf{authentication} };
+
+  # Prevent password leakage to log files when dumping Auth instances.
+  $self->{admin_password} = sub { $::lx_office_conf{authentication}->{admin_password} };
+
   $self->{DB_config}   = $::lx_office_conf{'authentication/database'};
   $self->{LDAP_config} = $::lx_office_conf{'authentication/ldap'};
 
@@ -143,7 +147,7 @@ sub authenticate_root {
   my ($self, $password) = @_;
 
   $password             = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $password);
-  my $admin_password    = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password});
+  my $admin_password    = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password}->());
 
   $main::lxdebug->leave_sub();