From be49b8bed5fbd6cde63d8c5b6de432dc1f4b123d Mon Sep 17 00:00:00 2001
From: "Mark Palange (Mani)" <palange@lindenlab.com>
Date: Tue, 8 Dec 2009 16:57:45 -0800
Subject: [PATCH] EXT-3158 - Removing logging of users password hash from new
 login code. Reviewed by Brad

---
 indra/llcommon/lleventcoro.h              |  7 +++++--
 indra/viewer_components/login/lllogin.cpp | 20 ++++++++++++++++----
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/indra/llcommon/lleventcoro.h b/indra/llcommon/lleventcoro.h
index c6d9de171d2..1981ae7482b 100644
--- a/indra/llcommon/lleventcoro.h
+++ b/indra/llcommon/lleventcoro.h
@@ -203,9 +203,12 @@ LLSD postAndWait(SELF& self, const LLSD& event, const LLEventPumpOrPumpName& req
         // request event.
         LLSD modevent(event);
         LLEventDetail::storeToLLSDPath(modevent, replyPumpNamePath, replyPump.getPump().getName());
-        LL_DEBUGS("lleventcoro") << "postAndWait(): coroutine " << listenerName
+		LL_DEBUGS("lleventcoro") << "postAndWait(): coroutine " << listenerName
                                  << " posting to " << requestPump.getPump().getName()
-                                 << ": " << modevent << LL_ENDL;
+								 << LL_ENDL;
+
+		// *NOTE:Mani - Removed because modevent could contain user's hashed passwd.
+		//                         << ": " << modevent << LL_ENDL;
         requestPump.getPump().post(modevent);
     }
     LL_DEBUGS("lleventcoro") << "postAndWait(): coroutine " << listenerName
diff --git a/indra/viewer_components/login/lllogin.cpp b/indra/viewer_components/login/lllogin.cpp
index b14c59ab9ac..02c13716edd 100644
--- a/indra/viewer_components/login/lllogin.cpp
+++ b/indra/viewer_components/login/lllogin.cpp
@@ -133,9 +133,16 @@ void LLLogin::Impl::connect(const std::string& uri, const LLSD& credentials)
 
 void LLLogin::Impl::login_(LLCoros::self& self, std::string uri, LLSD credentials)
 {
-    LL_INFOS("LLLogin") << "Entering coroutine " << LLCoros::instance().getName(self)
-                        << " with uri '" << uri << "', credentials " << credentials << LL_ENDL;
-    // Arriving in SRVRequest state
+	LLSD printable_credentials = credentials;
+	if(printable_credentials.has("params") 
+		&& printable_credentials["params"].has("passwd")) 
+	{
+		printable_credentials["params"]["passwd"] = "*******";
+	}
+    LL_DEBUGS("LLLogin") << "Entering coroutine " << LLCoros::instance().getName(self)
+                        << " with uri '" << uri << "', credentials " << printable_credentials << LL_ENDL;
+
+	// Arriving in SRVRequest state
     LLEventStream replyPump("reply", true);
     // Should be an array of one or more uri strings.
     LLSD rewrittenURIs;
@@ -144,7 +151,7 @@ void LLLogin::Impl::login_(LLCoros::self& self, std::string uri, LLSD credential
         sendProgressEvent("offline", "srvrequest");
 
         // Request SRV record.
-        LL_INFOS("LLLogin") << "Requesting SRV record from " << uri << LL_ENDL;
+        LL_DEBUGS("LLLogin") << "Requesting SRV record from " << uri << LL_ENDL;
 
         // *NOTE:Mani - Completely arbitrary default timeout value for SRV request.
 		F32 seconds_to_timeout = 5.0f;
@@ -193,6 +200,11 @@ void LLLogin::Impl::login_(LLCoros::self& self, std::string uri, LLSD credential
             LLSD progress_data;
             progress_data["attempt"] = attempts;
             progress_data["request"] = request;
+			if(progress_data["request"].has("params")
+				&& progress_data["request"]["params"].has("passwd"))
+			{
+				progress_data["request"]["params"]["passwd"] = "*******";
+			}
             sendProgressEvent("offline", "authenticating", progress_data);
 
             // We expect zero or more "Downloading" status events, followed by
-- 
GitLab