From a321ab25719582c699353b2ffeca8e04cada8fbc Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 21 Apr 2018 17:22:43 +0200
Subject: Make secret logging optional

---
 mod_auth_custom/mod_auth_custom.lua | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/mod_auth_custom/mod_auth_custom.lua b/mod_auth_custom/mod_auth_custom.lua
index 2ac5531..1e996cb 100644
--- a/mod_auth_custom/mod_auth_custom.lua
+++ b/mod_auth_custom/mod_auth_custom.lua
@@ -7,6 +7,7 @@ local group = module:get_option_string("custom_auth_group", "xmpp");
 local pam_module = module:get_option_string("custom_pam_module", "xmpp");
 local alias_file = module:get_option_string("custom_alias_file");
 local alias_secret_file = module:get_option_string("custom_alias_secret_file");
+local log_secrets = module:get_option_boolean("custom_log_secrets", false);
 
 function is_real_user(username)
         for i,v in ipairs(posix.getgrnam(group).gr_mem) do
@@ -35,7 +36,9 @@ function alias_pw(username)
         local secret = f:read("*all");
         f:close();
         local auth = sha2.sha512hex(username .. "@" .. module.host .. secret);
-        module:log("debug", "Expecting ‘%s’ as auth-secret for %s", auth, username .. "@" .. module.host);
+        if log_secrets then
+          module:log("debug", "Expecting ‘%s’ as auth-secret for %s", auth, username .. "@" .. module.host);
+        end
         return auth;
 end
   
-- 
cgit v1.2.3