From a09d09cbe75248e918edd50390d1a9b56682ee18 Mon Sep 17 00:00:00 2001 From: Brian Somers Date: Thu, 18 Dec 1997 00:28:36 +0000 Subject: [PATCH] Don't log the actual password when command-logging "passwd xxxx". --- usr.sbin/ppp/command.c | 9 ++++++++- usr.sbin/ppp/ppp.8 | 19 +++++++++++++++++-- usr.sbin/ppp/ppp.8.m4 | 19 +++++++++++++++++-- 3 files changed, 42 insertions(+), 5 deletions(-) diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c index 78441f817991..dc106816d165 100644 --- a/usr.sbin/ppp/command.c +++ b/usr.sbin/ppp/command.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: command.c,v 1.111 1997/12/17 00:19:22 brian Exp $ + * $Id: command.c,v 1.112 1997/12/17 21:21:38 brian Exp $ * */ #include @@ -742,10 +742,17 @@ static int arghidden(int argc, char const *const *argv, int n) { /* Is arg n of the given command to be hidden from the log ? */ + + /* set authkey xxxxx */ + /* set key xxxxx */ if (n == 2 && !strncasecmp(argv[0], "se", 2) && (!strncasecmp(argv[1], "authk", 5) || !strncasecmp(argv[1], "ke", 2))) return 1; + /* passwd xxxxx */ + if (n == 1 && !strncasecmp(argv[0], "p", 1)) + return 1; + return 0; } diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8 index ec72434cccfb..b4b95982e62f 100644 --- a/usr.sbin/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp.8 @@ -1,4 +1,4 @@ -.\" $Id: ppp.8,v 1.85 1997/12/16 00:32:35 brian Exp $ +.\" $Id: ppp.8,v 1.86 1997/12/17 21:21:40 brian Exp $ .Dd 20 September 1995 .Os FreeBSD .Dt PPP 8 @@ -1985,7 +1985,22 @@ label is assumed. .It passwd pass Specify the password required for access to the full .Nm -command set. +command set. This password is required when connecting to the diagnostic +port (see the +.Dq set server +command). +.Ar Pass +may be specified either on the +.Dq set server +command line or by putting an entry in +.Pa /var/log/ppp.secret +for the local host. The value of +.Ar pass +is not logged when +.Ar command +logging is active, instead, the literal string +.Dq ******** +is logged. .It quit|bye [all] Exit diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index ec72434cccfb..b4b95982e62f 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -1,4 +1,4 @@ -.\" $Id: ppp.8,v 1.85 1997/12/16 00:32:35 brian Exp $ +.\" $Id: ppp.8,v 1.86 1997/12/17 21:21:40 brian Exp $ .Dd 20 September 1995 .Os FreeBSD .Dt PPP 8 @@ -1985,7 +1985,22 @@ label is assumed. .It passwd pass Specify the password required for access to the full .Nm -command set. +command set. This password is required when connecting to the diagnostic +port (see the +.Dq set server +command). +.Ar Pass +may be specified either on the +.Dq set server +command line or by putting an entry in +.Pa /var/log/ppp.secret +for the local host. The value of +.Ar pass +is not logged when +.Ar command +logging is active, instead, the literal string +.Dq ******** +is logged. .It quit|bye [all] Exit