summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-08-29 11:32:26 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-08-29 06:04:33 +0200
commit5d96498680ec4209142ea7dc460a3fd921413a5e (patch)
tree262f2cd06944104bcaff0c048e7b8276afd72683
parent395b8e4d58e2815d9848f8a6390f23d8c7d10a91 (diff)
downloadsamba-5d96498680ec4209142ea7dc460a3fd921413a5e.tar.gz
samba-5d96498680ec4209142ea7dc460a3fd921413a5e.tar.bz2
samba-5d96498680ec4209142ea7dc460a3fd921413a5e.zip
s4-dsdb: Avoid printing secret attributes in ldb trace logs
These are printed when Samba has debug level 10, which is often used for debugging. To indicate that these attributes are secret, we set an opaque. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104
-rw-r--r--lib/ldb-samba/ldif_handlers.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index 1cf7df76ff..c7385f654a 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -27,6 +27,7 @@
#include <ldb_module.h>
#include "ldb_handlers.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
@@ -1534,6 +1535,8 @@ const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_c
return s;
}
+static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, NULL};
+
/*
register the samba ldif handlers
*/
@@ -1546,6 +1549,11 @@ int ldb_register_samba_handlers(struct ldb_context *ldb)
return LDB_SUCCESS;
}
+ ret = ldb_set_opaque(ldb, LDB_SECRET_ATTRIBUTE_LIST_OPAQUE, discard_const_p(char *, secret_attributes));
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
for (i=0; i < ARRAY_SIZE(samba_attributes); i++) {
const struct ldb_schema_syntax *s = NULL;