auth/credentials: Do not print passwords in a talloc memory dump

The fact that a password was created here is enough information, so
overwrite with the function name and line.

Andrew Bartlett

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 05f0a624db380a5ee3dde58e399e2a32e96413e4..e6361239e9590125d2b188261e033b5e7191bc36 100644 (file)
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -371,6 +371,10 @@ _PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
 {
        if (obtained >= cred->password_obtained) {
                cred->password = talloc_strdup(cred, val);
+               if (cred->password) {
+                       /* Don't print the actual password in talloc memory dumps */
+                       talloc_set_name_const(cred->password, "password set via cli_credentials_set_password");
+               }
                cred->password_obtained = obtained;
                cli_credentials_invalidate_ccache(cred, cred->password_obtained);
 
@@ -416,6 +420,10 @@ _PUBLIC_ bool cli_credentials_set_old_password(struct cli_credentials *cred,
                                      enum credentials_obtained obtained)
 {
        cred->old_password = talloc_strdup(cred, val);
+       if (cred->old_password) {
+               /* Don't print the actual password in talloc memory dumps */
+               talloc_set_name_const(cred->old_password, "password set via cli_credentials_set_old_password");
+       }
        return true;
 }