From 240c391abdab2e5421d1d0ea4899606873c1f213 Mon Sep 17 00:00:00 2001
From: Peter Hormanns <peter.hormanns@jalin.de>
Date: Wed, 07 Mar 2018 15:10:47 +0100
Subject: [PATCH] hide passwords in logs

---
 hsarback/src/de/hsadmin/core/util/TextUtil.java      |    4 ++--
 hsarback/src/de/hsadmin/core/qserv/CommandShell.java |    7 ++++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/hsarback/src/de/hsadmin/core/qserv/CommandShell.java b/hsarback/src/de/hsadmin/core/qserv/CommandShell.java
index 862c0c0..79633e8 100644
--- a/hsarback/src/de/hsadmin/core/qserv/CommandShell.java
+++ b/hsarback/src/de/hsadmin/core/qserv/CommandShell.java
@@ -9,6 +9,8 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import de.hsadmin.core.util.TextUtil;
+
 public class CommandShell {
 	
 	private static final Logger logger = Logger.getLogger("de.hsadmin.core.qserv");
@@ -28,7 +30,10 @@
 				if (logCommand != null && (logCommand.startsWith("newusers") || logCommand.startsWith("chpasswd"))) {
 					// escape new password !
 					final String[] strings = stdInput.split("\\:", 3);
-					logCommand += "<<EOF\n" + strings[0] + ":***:";
+					logCommand += "<<EOF\n" + strings[0];
+					if (strings.length > 1) {
+						logCommand += ":" + TextUtil.hidePassword(strings[1]) + ":";
+					}
 					if (strings.length > 2) {
 						logCommand += strings[2] + "EOF";
 					}
diff --git a/hsarback/src/de/hsadmin/core/util/TextUtil.java b/hsarback/src/de/hsadmin/core/util/TextUtil.java
index 55b953f..1c80168 100644
--- a/hsarback/src/de/hsadmin/core/util/TextUtil.java
+++ b/hsarback/src/de/hsadmin/core/util/TextUtil.java
@@ -77,8 +77,8 @@
 	}
 	
 	public static synchronized String hidePassword(String passwd) {
-		StringBuffer val = new StringBuffer(passwd.substring(0, 2));
-		for (int i = 2; i < passwd.length(); i++) {
+		final StringBuffer val = new StringBuffer(passwd.substring(0, 2));
+		for (int i = 2; i < 6; i++) {
 			val.append('*');
 		}
 		return val.toString();

--
Gitblit v1.9.0-SNAPSHOT