diff options
Diffstat (limited to 'proto/server/func_handlerequest.go.sh')
-rwxr-xr-x | proto/server/func_handlerequest.go.sh | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/proto/server/func_handlerequest.go.sh b/proto/server/func_handlerequest.go.sh index d6160e9..cb2856a 100755 --- a/proto/server/func_handlerequest.go.sh +++ b/proto/server/func_handlerequest.go.sh @@ -32,6 +32,8 @@ import ( s "syscall" ) +var sensitive = p.String("<omitted-from-log>") + // Handle a request to nslcd func HandleRequest(backend Backend, in io.Reader, out io.Writer, cred s.Ucred) (err error) { err = nil @@ -67,13 +69,29 @@ while read -r request; do var req p.Request_${request} p.Read(in, &req) $( - if [[ $request == PAM_Authentication ]]; then - echo '_req := req' - echo '_req.Password = "<omitted-from-log>"' - echo 'fmt.Fprintf(os.Stderr, "Request: %#v\n", _req)' - else - echo 'fmt.Fprintf(os.Stderr, "Request: %#v\n", req)' - fi + case "$request" in + PAM_Authentication) + echo '_req := req' + echo '_req.Password = sensitive' + echo 'fmt.Fprintf(os.Stderr, "Request: %#v\n", _req)' + ;; + PAM_PwMod) + echo '_req := req' + echo 'if len(_req.OldPassword) > 0 {' + echo ' _req.OldPassword = sensitive' + echo '}' + echo '_req.NewPassword = sensitive' + echo 'fmt.Fprintf(os.Stderr, "Request: %#v\n", _req)' + ;; + PAM_UserMod) + echo '_req := req' + echo '_req.Password = sensitive' + echo 'fmt.Fprintf(os.Stderr, "Request: %#v\n", _req)' + ;; + *) + echo 'fmt.Fprintf(os.Stderr, "Request: %#v\n", req)' + ;; + esac ) _ch := backend.${request}(cred, req) go func() { |