From 0d9ccfd8f76170adfeaa104668fce0e0b4f66a33 Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Mon, 3 Feb 2014 15:34:55 +0100 Subject: Don't EVER log passwords --- plugins/password/drivers/ldap_simple.php | 4 ++-- program/lib/Roundcube/rcube_imap_generic.php | 34 ++++++++++++++++++++-------- program/lib/Roundcube/rcube_ldap_generic.php | 4 ++-- program/lib/Roundcube/rcube_smtp.php | 11 +++++++++ 4 files changed, 39 insertions(+), 14 deletions(-) diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php index 47e3b07de..3e167ea5b 100644 --- a/plugins/password/drivers/ldap_simple.php +++ b/plugins/password/drivers/ldap_simple.php @@ -113,7 +113,7 @@ class rcube_ldap_simple_password return PASSWORD_CRYPT_ERROR; } - $this->_debug("C: Bind $binddn [pass: $bindpw]"); + $this->_debug("C: Bind $binddn, pass: **** [" . strlen($bindpw) . "]"); // Bind if (!ldap_bind($ds, $binddn, $bindpw)) { @@ -175,7 +175,7 @@ class rcube_ldap_simple_password return null; } - $this->_debug("C: Bind $search_user [pass: $search_pass]"); + $this->_debug("C: Bind $search_user, pass: **** [" . strlen($search_pass) . "]"); // Bind if (!ldap_bind($ds, $search_user, $search_pass)) { diff --git a/program/lib/Roundcube/rcube_imap_generic.php b/program/lib/Roundcube/rcube_imap_generic.php index f9a62f010..9035840a8 100644 --- a/program/lib/Roundcube/rcube_imap_generic.php +++ b/program/lib/Roundcube/rcube_imap_generic.php @@ -73,6 +73,7 @@ class rcube_imap_generic const COMMAND_NORESPONSE = 1; const COMMAND_CAPABILITY = 2; const COMMAND_LASTLINE = 4; + const COMMAND_ANONYMIZED = 8; const DEBUG_LINE_LENGTH = 4098; // 4KB + 2B for \r\n @@ -88,16 +89,28 @@ class rcube_imap_generic * * @param string $string Command string * @param bool $endln True if CRLF need to be added at the end of command + * @param bool $anonymized Don't write the given data to log but a placeholder * * @param int Number of bytes sent, False on error */ - function putLine($string, $endln=true) + function putLine($string, $endln=true, $anonymized=false) { if (!$this->fp) return false; if ($this->_debug) { - $this->debug('C: '. rtrim($string)); + // anonymize the sent command for logging + $cut = $endln ? 2 : 0; + if ($anonymized && preg_match('/^(A\d+ (?:[A-Z]+ )+)(.+)/', $string, $m)) { + $log = $m[1] . sprintf('****** [%d]', strlen($m[2]) - $cut); + } + else if ($anonymized) { + $log = sprintf('****** [%d]', strlen($string) - $cut); + } + else { + $log = rtrim($string); + } + $this->debug('C: ' . $log); } $res = fwrite($this->fp, $string . ($endln ? "\r\n" : '')); @@ -116,10 +129,11 @@ class rcube_imap_generic * * @param string $string Command string * @param bool $endln True if CRLF need to be added at the end of command + * @param bool $anonymized Don't write the given data to log but a placeholder * * @return int|bool Number of bytes sent, False on error */ - function putLineC($string, $endln=true) + function putLineC($string, $endln=true, $anonymized=false) { if (!$this->fp) { return false; @@ -138,7 +152,7 @@ class rcube_imap_generic $parts[$i+1] = sprintf("{%d+}\r\n", $matches[1]); } - $bytes = $this->putLine($parts[$i].$parts[$i+1], false); + $bytes = $this->putLine($parts[$i].$parts[$i+1], false, $anonymized); if ($bytes === false) return false; $res += $bytes; @@ -153,7 +167,7 @@ class rcube_imap_generic $i++; } else { - $bytes = $this->putLine($parts[$i], false); + $bytes = $this->putLine($parts[$i], false, $anonymized); if ($bytes === false) return false; $res += $bytes; @@ -519,7 +533,7 @@ class rcube_imap_generic $reply = base64_encode($user . ' ' . $hash); // send result - $this->putLine($reply); + $this->putLine($reply, true, true); } else { // RFC2831: DIGEST-MD5 @@ -537,7 +551,7 @@ class rcube_imap_generic base64_decode($challenge), $this->host, 'imap', $user)); // send result - $this->putLine($reply); + $this->putLine($reply, true, true); $line = trim($this->readReply()); if ($line[0] == '+') { @@ -577,7 +591,7 @@ class rcube_imap_generic // RFC 4959 (SASL-IR): save one round trip if ($this->getCapability('SASL-IR')) { list($result, $line) = $this->execute("AUTHENTICATE PLAIN", array($reply), - self::COMMAND_LASTLINE | self::COMMAND_CAPABILITY); + self::COMMAND_LASTLINE | self::COMMAND_CAPABILITY | self::COMMAND_ANONYMIZED); } else { $this->putLine($this->nextTag() . " AUTHENTICATE PLAIN"); @@ -588,7 +602,7 @@ class rcube_imap_generic } // send result, get reply and process it - $this->putLine($reply); + $this->putLine($reply, true, true); $line = $this->readReply(); $result = $this->parseResult($line); } @@ -3419,7 +3433,7 @@ class rcube_imap_generic } // Send command - if (!$this->putLineC($query)) { + if (!$this->putLineC($query, true, ($options & self::COMMAND_ANONYMIZED))) { $this->setError(self::ERROR_COMMAND, "Unable to send command: $query"); return $noresp ? self::ERROR_COMMAND : array(self::ERROR_COMMAND, ''); } diff --git a/program/lib/Roundcube/rcube_ldap_generic.php b/program/lib/Roundcube/rcube_ldap_generic.php index 923a12a41..b85afe4ce 100644 --- a/program/lib/Roundcube/rcube_ldap_generic.php +++ b/program/lib/Roundcube/rcube_ldap_generic.php @@ -240,7 +240,7 @@ class rcube_ldap_generic $method = 'DIGEST-MD5'; } - $this->_debug("C: SASL Bind [mech: $method, authc: $authc, authz: $authz, pass: $pass]"); + $this->_debug("C: SASL Bind [mech: $method, authc: $authc, authz: $authz, pass: **** [" . strlen($pass) . "]"); if (ldap_sasl_bind($this->conn, NULL, $pass, $method, NULL, $authc, $authz)) { $this->_debug("S: OK"); @@ -271,7 +271,7 @@ class rcube_ldap_generic return false; } - $this->_debug("C: Bind $dn [pass: $pass]"); + $this->_debug("C: Bind $dn, pass: **** [" . strlen($pass) . "]"); if (@ldap_bind($this->conn, $dn, $pass)) { $this->_debug("S: OK"); diff --git a/program/lib/Roundcube/rcube_smtp.php b/program/lib/Roundcube/rcube_smtp.php index 5f1200b38..70f15dc7b 100644 --- a/program/lib/Roundcube/rcube_smtp.php +++ b/program/lib/Roundcube/rcube_smtp.php @@ -29,6 +29,7 @@ class rcube_smtp private $conn = null; private $response; private $error; + private $anonymize_log = 0; // define headers delimiter const SMTP_MIME_CRLF = "\r\n"; @@ -111,6 +112,7 @@ class rcube_smtp if ($rcube->config->get('smtp_debug')) { $this->conn->setDebug(true, array($this, 'debug_handler')); + $this->anonymize_log = 0; } // register authentication methods @@ -330,6 +332,15 @@ class rcube_smtp */ public function debug_handler(&$smtp, $message) { + // catch AUTH commands and set anonymization flag for subsequent sends + if (preg_match('/^Send: AUTH ([A-Z]+)/', $message, $m)) { + $this->anonymize_log = $m[1] == 'LOGIN' ? 2 : 1; + } + // anonymize this log entry + else if ($this->anonymize_log > 0 && strpos($message, 'Send:') === 0 && --$this->anonymize_log == 0) { + $message = sprintf('Send: ****** [%d]', strlen($message) - 8); + } + if (($len = strlen($message)) > self::DEBUG_LINE_LENGTH) { $diff = $len - self::DEBUG_LINE_LENGTH; $message = substr($message, 0, self::DEBUG_LINE_LENGTH) -- cgit v1.2.3