From 105e35a6e45188bd3a253c2df5cdd14ee9bfe53c Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Mon, 7 Jan 2002 02:57:06 +0000
Subject: Don't log the password in pam_sm_authenticate() unless DEBUG_PASSWORD
 is defined.  This is done with --enable-developer mode. (This used to be
 commit caff5dc1d66953cb52f94cd6407778b23e1810eb)

---
 source3/nsswitch/pam_winbind.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'source3/nsswitch')

diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index b3dea202c2..7cb2cd8bf1 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -256,10 +256,18 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	 return PAM_AUTHTOK_ERR;
      }
      
-     if (ctrl & PAM_DEBUG_ARG)
+     if (ctrl & PAM_DEBUG_ARG) {
+
+	     /* Let's not give too much away in the log file */
+
+#ifdef DEBUG_PASSWORD
 	 _pam_log(LOG_INFO, "Verify user `%s' with password `%s'",
 		  username, password);
-     
+#else
+	 _pam_log(LOG_INFO, "Verify user `%s'", username);
+#endif
+     }
+
      /* Now use the username to look up password */
      retval = user_lookup(username, password);
      switch (retval) {
-- 
cgit