Don't log the actual password when command-logging

"passwd xxxx".

2 files changed, 25 insertions, 3 deletions

diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index 73cb31ca6c7..0e6f7bde0ad 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: command.c,v 1.7 1997/12/17 21:17:44 brian Exp $
+ * $Id: command.c,v 1.8 1997/12/18 00:28:48 brian Exp $
  *
  */
 #include <sys/param.h>
@@ -742,10 +742,17 @@ static int
 arghidden(int argc, char const *const *argv, int n)
 {
   /* Is arg n of the given command to be hidden from the log ? */
+
+  /* set authkey xxxxx */
+  /* set key xxxxx */
   if (n == 2 && !strncasecmp(argv[0], "se", 2) &&
       (!strncasecmp(argv[1], "authk", 5) || !strncasecmp(argv[1], "ke", 2)))
     return 1;
 
+  /* passwd xxxxx */
+  if (n == 1 && !strncasecmp(argv[0], "p", 1))
+    return 1;
+
   return 0;
 }
 
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index a38076cd2f9..43ae48481e7 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.6 1997/12/17 21:17:46 brian Exp $
+.\" $Id: ppp.8,v 1.7 1997/12/18 00:28:49 brian Exp $
 .Dd 20 September 1995
 .Os OpenBSD
 .Dt PPP 8
@@ -1985,7 +1985,22 @@ label is assumed.
 .It passwd pass
 Specify the password required for access to the full
 .Nm
-command set.
+command set.  This password is required when connecting to the diagnostic
+port (see the
+.Dq set server
+command).
+.Ar Pass
+may be specified either on the
+.Dq set server
+command line or by putting an entry in
+.Pa /var/log/ppp.secret
+for the local host.  The value of
+.Ar pass
+is not logged when
+.Ar command
+logging is active, instead, the literal string
+.Dq ********
+is logged.
 
 .It quit|bye [all]
 Exit