ソースを参照

Bug 2101: Site with a stored password protected by master password cannot be opened from command-line (2nd)

https://winscp.net/tracker/2101

Source commit: f12de366ab8015ccd862180b9ad59c51acf44134
Martin Prikryl 3 年 前
コミット
2268727e5e
2 ファイル変更17 行追加8 行削除
  1. 15 6
      source/core/SessionInfo.cpp
  2. 2 2
      source/core/SessionInfo.h

+ 15 - 6
source/core/SessionInfo.cpp

@@ -1104,11 +1104,11 @@ UnicodeString __fastcall TSessionLog::LogSensitive(const UnicodeString & Str)
   }
 }
 //---------------------------------------------------------------------------
-UnicodeString __fastcall TSessionLog::GetCmdLineLog()
+UnicodeString __fastcall TSessionLog::GetCmdLineLog(TConfiguration * AConfiguration)
 {
   UnicodeString Result = CmdLine;
 
-  if (!Configuration->LogSensitive)
+  if (!AConfiguration->LogSensitive)
   {
     TManagementScript Script(StoredSessions, false);
     Script.MaskPasswordInCommandLine(Result, true);
@@ -1138,7 +1138,7 @@ UnicodeString __fastcall EnumName(T Value, UnicodeString Names)
 #define ADSTR(S) AddLogEntry(S)
 #define ADF(S, F) ADSTR(FORMAT(S, F));
 //---------------------------------------------------------------------------
-void __fastcall TSessionLog::DoAddStartupInfo(TAddLogEntryEvent AddLogEntry, TConfiguration * AConfiguration)
+void __fastcall TSessionLog::DoAddStartupInfo(TAddLogEntryEvent AddLogEntry, TConfiguration * AConfiguration, bool DoNotMaskPaswords)
 {
   ADSTR(GetEnvironmentInfo());
   THierarchicalStorage * Storage = AConfiguration->CreateConfigStorage();
@@ -1193,7 +1193,16 @@ void __fastcall TSessionLog::DoAddStartupInfo(TAddLogEntryEvent AddLogEntry, TCo
   ADF(L"Ancestor processes: %s", (GetAncestorProcessNames()));
   // This logs even passwords, contrary to a session log.
   // GetCmdLineLog requires master password, but we do not know it yet atm.
-  ADF(L"Command-line: %s", (CmdLine));
+  UnicodeString ACmdLine;
+  if (DoNotMaskPaswords)
+  {
+    ACmdLine = CmdLine;
+  }
+  else
+  {
+    ACmdLine = GetCmdLineLog(AConfiguration);
+  }
+  ADF(L"Command-line: %s", (ACmdLine));
   if (AConfiguration->ActualLogProtocol >= 1)
   {
     GetGlobalOptions()->LogOptions(AddLogEntry);
@@ -1218,7 +1227,7 @@ void __fastcall TSessionLog::DoAddStartupInfo(TSessionData * Data)
   if (Data == NULL)
   {
     AddSeparator();
-    DoAddStartupInfo(DoAddStartupInfoEntry, FConfiguration);
+    DoAddStartupInfo(DoAddStartupInfoEntry, FConfiguration, false);
     ADF(L"Login time: %s", (FormatDateTime(L"dddddd tt", Now())));
     AddSeparator();
   }
@@ -1790,7 +1799,7 @@ void TApplicationLog::AddStartupInfo()
 {
   if (Logging)
   {
-    TSessionLog::DoAddStartupInfo(Log, Configuration);
+    TSessionLog::DoAddStartupInfo(Log, Configuration, true);
   }
 }
 //---------------------------------------------------------------------------

+ 2 - 2
source/core/SessionInfo.h

@@ -273,7 +273,7 @@ public:
 protected:
   void __fastcall CloseLogFile();
   bool __fastcall LogToFile();
-  static void __fastcall DoAddStartupInfo(TAddLogEntryEvent AddLogEntry, TConfiguration * AConfiguration);
+  static void __fastcall DoAddStartupInfo(TAddLogEntryEvent AddLogEntry, TConfiguration * AConfiguration, bool DoNotMaskPaswords);
 
 private:
   TConfiguration * FConfiguration;
@@ -300,7 +300,7 @@ private:
   void __fastcall DoAddStartupInfo(TSessionData * Data);
   UnicodeString __fastcall GetTlsVersionName(TTlsVersion TlsVersion);
   UnicodeString __fastcall LogSensitive(const UnicodeString & Str);
-  UnicodeString __fastcall GetCmdLineLog();
+  static UnicodeString __fastcall GetCmdLineLog(TConfiguration * AConfiguration);
   void __fastcall CheckSize(__int64 Addition);
   UnicodeString __fastcall LogPartFileName(const UnicodeString & BaseName, int Index);
   void __fastcall DoAddStartupInfoEntry(const UnicodeString & S);