diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-08-29 11:32:26 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-08-29 06:04:33 +0200 |
| commit | 5d96498680ec4209142ea7dc460a3fd921413a5e (patch) | |
| tree | 262f2cd06944104bcaff0c048e7b8276afd72683 | |
| parent | 395b8e4d58e2815d9848f8a6390f23d8c7d10a91 (diff) | |
| download | samba-5d96498680ec4209142ea7dc460a3fd921413a5e.tar.gz samba-5d96498680ec4209142ea7dc460a3fd921413a5e.tar.bz2 samba-5d96498680ec4209142ea7dc460a3fd921413a5e.zip | |
s4-dsdb: Avoid printing secret attributes in ldb trace logs
These are printed when Samba has debug level 10, which is often used for debugging.
To indicate that these attributes are secret, we set an opaque.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104
| -rw-r--r-- | lib/ldb-samba/ldif_handlers.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c index 1cf7df76ff..c7385f654a 100644 --- a/lib/ldb-samba/ldif_handlers.c +++ b/lib/ldb-samba/ldif_handlers.c @@ -27,6 +27,7 @@ #include <ldb_module.h> #include "ldb_handlers.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/util.h" #include "librpc/gen_ndr/ndr_security.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_drsblobs.h" @@ -1534,6 +1535,8 @@ const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_c return s; } +static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, NULL}; + /* register the samba ldif handlers */ @@ -1546,6 +1549,11 @@ int ldb_register_samba_handlers(struct ldb_context *ldb) return LDB_SUCCESS; } + ret = ldb_set_opaque(ldb, LDB_SECRET_ATTRIBUTE_LIST_OPAQUE, discard_const_p(char *, secret_attributes)); + if (ret != LDB_SUCCESS) { + return ret; + } + for (i=0; i < ARRAY_SIZE(samba_attributes); i++) { const struct ldb_schema_syntax *s = NULL; |