From c17f7ac307384a2c0c2e0e21deb80b7f5b231fba Mon Sep 17 00:00:00 2001
From: Javi Fontan <jfontan@opennebula.org>
Date: Mon, 17 Sep 2012 12:04:01 +0200
Subject: [PATCH] bug #1385: ldap password is not shown on error log

---
 src/authm_mad/one_auth_mad.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/authm_mad/one_auth_mad.rb b/src/authm_mad/one_auth_mad.rb
index 13bcc8f9fc..b440c0791d 100755
--- a/src/authm_mad/one_auth_mad.rb
+++ b/src/authm_mad/one_auth_mad.rb
@@ -85,6 +85,16 @@ class AuthDriver < OpenNebulaDriver
         end
     end
 
+
+    # Works the same as log_method but changes the password by '****'.
+    # The last word is the password for authentication.
+    def log_method_no_password(num, secret)
+        lambda {|message|
+            m=message.gsub(/ #{Regexp.escape(secret)}$/, ' ****')
+            log(num, m)
+        }
+    end
+
     # Authenticate a user based in a string of the form user:secret when using the 
     # driver secret is protocol:token
     # @param [String] the id for this request, used by OpenNebula core
@@ -115,7 +125,8 @@ class AuthDriver < OpenNebulaDriver
             Shellwords.escape(p)
         end.join(' '))
 
-        rc = LocalCommand.run(command, log_method(request_id))
+        rc = LocalCommand.run(command,
+            log_method_no_password(request_id, secret))
 
         result , info = get_info_from_execution(rc)