diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-08-29 11:29:44 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-08-29 12:28:38 +1000 |
| commit | 395b8e4d58e2815d9848f8a6390f23d8c7d10a91 (patch) | |
| tree | 89ab021b953ab1d7687dcaf0954bab528a4de466 /lib/ldb/common/ldb.c | |
| parent | 17337cfec071f7f82fa4c50ace751d51277a4b20 (diff) | |
| download | samba-395b8e4d58e2815d9848f8a6390f23d8c7d10a91.tar.gz samba-395b8e4d58e2815d9848f8a6390f23d8c7d10a91.tar.bz2 samba-395b8e4d58e2815d9848f8a6390f23d8c7d10a91.zip | |
lib/ldb: Avoid printing secret attributes in ldb trace logs
These are printed when Samba has debug level 10, which is often used for debugging.
Instead, print a note to say that this attribute has been skipped.
Andrew Bartlett
Diffstat (limited to 'lib/ldb/common/ldb.c')
| -rw-r--r-- | lib/ldb/common/ldb.c | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c index 887a8967b1..49eccb919d 100644 --- a/lib/ldb/common/ldb.c +++ b/lib/ldb/common/ldb.c @@ -726,6 +726,7 @@ static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req) { TALLOC_CTX *tmp_ctx = talloc_new(req); unsigned int i; + struct ldb_ldif ldif; switch (req->operation) { case LDB_SEARCH: @@ -765,18 +766,36 @@ static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req) ldb_debug_add(ldb, " data: %s\n", req->op.extended.data?"yes":"no"); break; case LDB_ADD: + ldif.changetype = LDB_CHANGETYPE_ADD; + ldif.msg = discard_const_p(struct ldb_message, req->op.add.message); + ldb_debug_add(ldb, "ldb_trace_request: ADD\n"); + + /* + * The choice to call + * ldb_ldif_write_redacted_trace_string() is CRITICAL + * for security. It ensures that we do not output + * passwords into debug logs + */ + ldb_debug_add(req->handle->ldb, "%s\n", - ldb_ldif_message_string(req->handle->ldb, tmp_ctx, - LDB_CHANGETYPE_ADD, - req->op.add.message)); + ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif)); break; case LDB_MODIFY: + ldif.changetype = LDB_CHANGETYPE_MODIFY; + ldif.msg = discard_const_p(struct ldb_message, req->op.mod.message); + ldb_debug_add(ldb, "ldb_trace_request: MODIFY\n"); + + /* + * The choice to call + * ldb_ldif_write_redacted_trace_string() is CRITICAL + * for security. It ensures that we do not output + * passwords into debug logs + */ + ldb_debug_add(req->handle->ldb, "%s\n", - ldb_ldif_message_string(req->handle->ldb, tmp_ctx, - LDB_CHANGETYPE_MODIFY, - req->op.mod.message)); + ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif)); break; case LDB_REQ_REGISTER_CONTROL: ldb_debug_add(ldb, "ldb_trace_request: REGISTER_CONTROL\n"); |