New hide_sensitive_log_data option to hide client IP in log (#452 #471)

src/ejabberd_c2s.erl

@@ -639,7 +639,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
 			?INFO_MSG("(~w) Accepted legacy authentication for ~s by ~p from ~s",
 				  [StateData#state.socket,
 				   jlib:jid_to_string(JID), AuthModule,
-				   jlib:ip_to_list(StateData#state.ip)]),
+				   ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
 		        ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
 					   [true, U, StateData#state.server,
 					    StateData#state.ip]),
@@ -680,7 +680,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
                       ?INFO_MSG("(~w) Failed legacy authentication for ~s from ~s",
                                 [StateData#state.socket,
                                  jlib:jid_to_string(JID),
-                                 jlib:ip_to_list(StateData#state.ip)]),
+                                 ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
 		      ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
 					 [false, U, StateData#state.server,
 					  StateData#state.ip]),
@@ -701,7 +701,7 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
 				 "for ~s from ~s",
 				 [StateData#state.socket,
 				  jlib:jid_to_string(JID),
-				  jlib:ip_to_list(StateData#state.ip)]),
+				  ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
 		       ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
 					  [false, U, StateData#state.server,
 					   StateData#state.ip]),
@@ -756,7 +756,7 @@ wait_for_feature_request({xmlstreamelement, El},
 		?INFO_MSG("(~w) Accepted authentication for ~s "
 			  "by ~p from ~s",
 			  [StateData#state.socket, U, AuthModule,
-			   jlib:ip_to_list(StateData#state.ip)]),
+			   ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
 		ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
 				   [true, U, StateData#state.server,
 				    StateData#state.ip]),
@@ -783,7 +783,7 @@ wait_for_feature_request({xmlstreamelement, El},
                 ?INFO_MSG("(~w) Failed authentication for ~s@~s from ~s",
                           [StateData#state.socket,
                            Username, StateData#state.server,
-                           jlib:ip_to_list(StateData#state.ip)]),
+                           ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
 		ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
 				   [false, Username, StateData#state.server,
 				    StateData#state.ip]),
@@ -909,7 +909,7 @@ wait_for_sasl_response({xmlstreamelement, El},
 		?INFO_MSG("(~w) Accepted authentication for ~s "
 			  "by ~p from ~s",
 			  [StateData#state.socket, U, AuthModule,
-			   jlib:ip_to_list(StateData#state.ip)]),
+			   ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
 		ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
 				   [true, U, StateData#state.server,
 				    StateData#state.ip]),
@@ -932,7 +932,7 @@ wait_for_sasl_response({xmlstreamelement, El},
 		?INFO_MSG("(~w) Accepted authentication for ~s "
 			  "by ~p from ~s",
 			  [StateData#state.socket, U, AuthModule,
-			   jlib:ip_to_list(StateData#state.ip)]),
+			   ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
 		ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
 				   [true, U, StateData#state.server,
 				    StateData#state.ip]),
@@ -961,7 +961,7 @@ wait_for_sasl_response({xmlstreamelement, El},
 		?INFO_MSG("(~w) Failed authentication for ~s@~s from ~s",
                           [StateData#state.socket,
                            Username, StateData#state.server,
-                           jlib:ip_to_list(StateData#state.ip)]),
+                           ejabberd_config:may_hide_data(jlib:ip_to_list(StateData#state.ip))]),
 		ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
 				   [false, Username, StateData#state.server,
 				    StateData#state.ip]),

src/ejabberd_config.erl

@@ -36,7 +36,7 @@
          prepare_opt_val/4, convert_table_to_binary/5,
          transform_options/1, collect_options/1,
          convert_to_yaml/1, convert_to_yaml/2,
-         env_binary_to_list/2, opt_type/1]).
+         env_binary_to_list/2, opt_type/1, may_hide_data/1]).
 
 -include("ejabberd.hrl").
 -include("logger.hrl").
@@ -1154,3 +1154,18 @@ opt_type(language) ->
     fun iolist_to_binary/1;
 opt_type(_) ->
     [hosts, language].
+
+-spec may_hide_data(string()) -> string().
+
+may_hide_data(Data) ->
+    case ejabberd_config:get_option(
+	hide_sensitive_log_data,
+	    fun(false) -> false;
+	       (true) -> true
+	    end,
+        false) of
+	false ->
+	    Data;
+	true ->
+	    "hidden_by_ejabberd"
+    end.

src/ejabberd_listener.erl

@@ -297,7 +297,7 @@ accept(ListenSocket, Module, Opts) ->
 	    case {inet:sockname(Socket), inet:peername(Socket)} of
 		{{ok, {Addr, Port}}, {ok, {PAddr, PPort}}} ->
 		    ?INFO_MSG("(~w) Accepted connection ~s:~p -> ~s:~p",
-			      [Socket, inet_parse:ntoa(PAddr), PPort,
+			      [Socket, ejabberd_config:may_hide_data(inet_parse:ntoa(PAddr)), PPort,
 			       inet_parse:ntoa(Addr), Port]);
 		_ ->
 		    ok

src/ejabberd_web_admin.erl

@@ -203,7 +203,7 @@ process([<<"server">>, SHost | RPath] = Path,
 	    {unauthorized, Error} ->
 		{BadUser, _BadPass} = Auth,
 		{IPT, _Port} = Request#request.ip,
-		IPS = jlib:ip_to_list(IPT),
+		IPS = ejabberd_config:may_hide_data(jlib:ip_to_list(IPT)),
 		?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
 			     [BadUser, IPS, Error]),
 		{401,
@@ -235,7 +235,7 @@ process(RPath,
       {unauthorized, Error} ->
 	  {BadUser, _BadPass} = Auth,
 	  {IPT, _Port} = Request#request.ip,
-	  IPS = jlib:ip_to_list(IPT),
+	  IPS = ejabberd_config:may_hide_data(jlib:ip_to_list(IPT)),
 	  ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
 		       [BadUser, IPS, Error]),
 	  {401,