s4-dsdb: Avoid printing secret attributes in ldb trace logs

These are printed when Samba has debug level 10, which is often used for debugging.

To indicate that these attributes are secret, we set an opaque.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104

diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index 1cf7df76ff6bfd5ce51e454cf8970c832fe62438..c7385f654a850e31fa9f5f9155e56e2ff63ff09d 100644 (file)
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -27,6 +27,7 @@
 #include <ldb_module.h>
 #include "ldb_handlers.h"
 #include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
 #include "librpc/gen_ndr/ndr_security.h"
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "librpc/gen_ndr/ndr_drsblobs.h"
@@ -1534,6 +1535,8 @@ const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_c
        return s;
 }
 
+static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, NULL};
+
 /*
   register the samba ldif handlers
 */
@@ -1546,6 +1549,11 @@ int ldb_register_samba_handlers(struct ldb_context *ldb)
                return LDB_SUCCESS;
        }
 
+       ret = ldb_set_opaque(ldb, LDB_SECRET_ATTRIBUTE_LIST_OPAQUE, discard_const_p(char *, secret_attributes));
+       if (ret != LDB_SUCCESS) {
+               return ret;
+       }
+
        for (i=0; i < ARRAY_SIZE(samba_attributes); i++) {
                const struct ldb_schema_syntax *s = NULL;