pam/gdm: Keep debugging all the events, sanitizing them if needed

pam/internal/adapter/gdmmodel.go

@@ -96,13 +96,9 @@ func (m *gdmModel) pollGdm() tea.Cmd {
 		})
 	}
 
-	for _, result := range gdmPollResults {
-		// Don't log EventData_IsAuthenticatedRequested because it contains
-		// the user password
-		if result.GetIsAuthenticatedRequested() != nil {
-			log.Debugf(context.TODO(), "GDM poll returned: IsAuthenticatedRequested")
-		} else {
-			log.Debugf(context.TODO(), "GDM poll returned: %s", result.Data)
+	if log.IsLevelEnabled(log.DebugLevel) {
+		for _, result := range gdmPollResults {
+			log.Debugf(context.TODO(), "GDM poll response: %v", result.SafeString())
 		}
 	}
 

pam/internal/gdm/conversation.go

@@ -6,13 +6,15 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"regexp"
 	"sync/atomic"
 
 	"github.com/msteinert/pam/v2"
 	"github.com/ubuntu/authd/internal/log"
 )
 
 var conversations atomic.Int32
+var challengeRegex = regexp.MustCompile(`"challenge"\s*:\s*"(?:[^"\\]|\\.)*"`)
 
 // ConversationInProgress checks if conversations are currently active.
 func ConversationInProgress() bool {
@@ -63,9 +65,16 @@ func SendData(pamMTx pam.ModuleTransaction, d *Data) (*Data, error) {
 	}
 
 	gdmData, err := NewDataFromJSON(jsonValue)
-	// Log unless it's a poll, which are so frequently that it would be
+	// Log unless it's an empty poll, which are so frequently that it would be
 	// too verbose to log them.
-	if d.Type != DataType_poll {
+	if gdmData.Type == DataType_pollResponse && len(gdmData.GetPollResponse()) == 0 {
+		jsonValue = nil
+	}
+	if log.IsLevelEnabled(log.DebugLevel) && jsonValue != nil &&
+		gdmData != nil && gdmData.Type == DataType_pollResponse {
+		jsonValue = challengeRegex.ReplaceAll(jsonValue, []byte(`"challenge":"**************"`))
+	}
+	if jsonValue != nil {
 		log.Debugf(context.TODO(), "Got from GDM: %s", jsonValue)
 	}
 	if err != nil {

pam/internal/gdm/debug.go

@@ -5,4 +5,5 @@ package gdm
 func init() {
 	checkMembersFunc = checkMembersDebug
 	validateJSONFunc = validateJSONDebug
+	stringifyEventDataFunc = stringifyEventDataDebug
 }

pam/internal/gdm/export_test.go

@@ -3,4 +3,5 @@ package gdm
 func init() {
 	checkMembersFunc = checkMembersDebug
 	validateJSONFunc = validateJSONDebug
+	stringifyEventDataFunc = stringifyEventDataDebug
 }

pam/internal/gdm/protocol.go

@@ -9,6 +9,7 @@ import (
 	"reflect"
 	"slices"
 
+	"github.com/ubuntu/authd"
 	"google.golang.org/protobuf/encoding/protojson"
 )
 
@@ -167,3 +168,39 @@ func (d *Data) JSON() ([]byte, error) {
 
 	return bytes, err
 }
+
+var stringifyEventDataFunc = stringifyEventDataFiltered
+
+func stringifyEventDataDebug(ed *EventData) string {
+	return ed.String()
+}
+
+func stringifyEventDataFiltered(ed *EventData) string {
+	authReq, ok := ed.GetData().(*EventData_IsAuthenticatedRequested)
+	if !ok {
+		return ed.String()
+	}
+
+	item := authReq.IsAuthenticatedRequested.GetAuthenticationData().Item
+	if _, ok = item.(*authd.IARequest_AuthenticationData_Challenge); !ok {
+		return ed.String()
+	}
+
+	return (&EventData{
+		Type: ed.Type,
+		Data: &EventData_IsAuthenticatedRequested{
+			IsAuthenticatedRequested: &Events_IsAuthenticatedRequested{
+				AuthenticationData: &authd.IARequest_AuthenticationData{
+					Item: &authd.IARequest_AuthenticationData_Challenge{
+						Challenge: "**************",
+					},
+				},
+			},
+		},
+	}).String()
+}
+
+// SafeString creates a string of EventData with confidential content removed.
+func (ed *EventData) SafeString() string {
+	return stringifyEventDataFunc(ed)
+}