diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-08-29 11:29:44 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-08-29 12:28:38 +1000 |
commit | 395b8e4d58e2815d9848f8a6390f23d8c7d10a91 (patch) | |
tree | 89ab021b953ab1d7687dcaf0954bab528a4de466 /lib/ldb/common/ldb_ldif.c | |
parent | 17337cfec071f7f82fa4c50ace751d51277a4b20 (diff) | |
download | samba-395b8e4d58e2815d9848f8a6390f23d8c7d10a91.tar.gz samba-395b8e4d58e2815d9848f8a6390f23d8c7d10a91.tar.bz2 samba-395b8e4d58e2815d9848f8a6390f23d8c7d10a91.zip |
lib/ldb: Avoid printing secret attributes in ldb trace logs
These are printed when Samba has debug level 10, which is often used for debugging.
Instead, print a note to say that this attribute has been skipped.
Andrew Bartlett
Diffstat (limited to 'lib/ldb/common/ldb_ldif.c')
-rw-r--r-- | lib/ldb/common/ldb_ldif.c | 47 |
1 files changed, 41 insertions, 6 deletions
diff --git a/lib/ldb/common/ldb_ldif.c b/lib/ldb/common/ldb_ldif.c index c083401c6e..419906ba82 100644 --- a/lib/ldb/common/ldb_ldif.c +++ b/lib/ldb/common/ldb_ldif.c @@ -270,18 +270,20 @@ static const struct { #define CHECK_RET do { if (ret < 0) { talloc_free(mem_ctx); return ret; } total += ret; } while (0) /* - write to ldif, using a caller supplied write method + write to ldif, using a caller supplied write method, and only printing secrets if we are not in a trace */ -int ldb_ldif_write(struct ldb_context *ldb, - int (*fprintf_fn)(void *, const char *, ...), - void *private_data, - const struct ldb_ldif *ldif) +static int ldb_ldif_write_trace(struct ldb_context *ldb, + int (*fprintf_fn)(void *, const char *, ...), + void *private_data, + const struct ldb_ldif *ldif, + bool in_trace) { TALLOC_CTX *mem_ctx; unsigned int i, j; int total=0, ret; char *p; const struct ldb_message *msg; + const char * const * secret_attributes = ldb_get_opaque(ldb, LDB_SECRET_ATTRIBUTE_LIST_OPAQUE); mem_ctx = talloc_named_const(NULL, 0, "ldb_ldif_write"); @@ -328,6 +330,14 @@ int ldb_ldif_write(struct ldb_context *ldb, break; } } + + if (in_trace && secret_attributes && ldb_attr_in_list(secret_attributes, msg->elements[i].name)) { + /* Deliberatly skip printing this password */ + ret = fprintf_fn(private_data, "# %s::: REDACTED SECRET ATTRIBUTE", + msg->elements[i].name); + CHECK_RET; + continue; + } for (j=0;j<msg->elements[i].num_values;j++) { struct ldb_val v; @@ -383,6 +393,18 @@ int ldb_ldif_write(struct ldb_context *ldb, /* + write to ldif, using a caller supplied write method +*/ +int ldb_ldif_write(struct ldb_context *ldb, + int (*fprintf_fn)(void *, const char *, ...), + void *private_data, + const struct ldb_ldif *ldif) +{ + return ldb_ldif_write_trace(ldb, fprintf_fn, private_data, ldif, false); +} + + +/* pull a ldif chunk, which is defined as a piece of data ending in \n\n or EOF this routine removes any RFC2849 continuations and comments @@ -727,7 +749,6 @@ struct ldb_ldif *ldb_ldif_read(struct ldb_context *ldb, char *chunk=NULL, *s; struct ldb_val value; unsigned flags = 0; - value.data = NULL; ldif = talloc(ldb, struct ldb_ldif); @@ -1002,6 +1023,20 @@ static int ldif_printf_string(void *private_data, const char *fmt, ...) return talloc_get_size(state->string) - oldlen; } +char *ldb_ldif_write_redacted_trace_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, + const struct ldb_ldif *ldif) +{ + struct ldif_write_string_state state; + state.string = talloc_strdup(mem_ctx, ""); + if (!state.string) { + return NULL; + } + if (ldb_ldif_write_trace(ldb, ldif_printf_string, &state, ldif, true) == -1) { + return NULL; + } + return state.string; +} + char *ldb_ldif_write_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_ldif *ldif) { |