From 5d96498680ec4209142ea7dc460a3fd921413a5e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 29 Aug 2012 11:32:26 +1000 Subject: s4-dsdb: Avoid printing secret attributes in ldb trace logs These are printed when Samba has debug level 10, which is often used for debugging. To indicate that these attributes are secret, we set an opaque. Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104 --- lib/ldb-samba/ldif_handlers.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib/ldb-samba/ldif_handlers.c') diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c index 1cf7df76ff..c7385f654a 100644 --- a/lib/ldb-samba/ldif_handlers.c +++ b/lib/ldb-samba/ldif_handlers.c @@ -27,6 +27,7 @@ #include #include "ldb_handlers.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/util.h" #include "librpc/gen_ndr/ndr_security.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_drsblobs.h" @@ -1534,6 +1535,8 @@ const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_c return s; } +static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, NULL}; + /* register the samba ldif handlers */ @@ -1546,6 +1549,11 @@ int ldb_register_samba_handlers(struct ldb_context *ldb) return LDB_SUCCESS; } + ret = ldb_set_opaque(ldb, LDB_SECRET_ATTRIBUTE_LIST_OPAQUE, discard_const_p(char *, secret_attributes)); + if (ret != LDB_SUCCESS) { + return ret; + } + for (i=0; i < ARRAY_SIZE(samba_attributes); i++) { const struct ldb_schema_syntax *s = NULL; -- cgit