diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2014-02-21 15:24:24 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2014-08-16 01:05:07 +0200 |
| commit | 3dfca72dba54434725b1a66512bf5eec78da0886 (patch) | |
| tree | 1f14180b2b73584c48fb18749e7c80f560076a36 /source4/dsdb | |
| parent | 097c5b15e26faaee7e861fc6c5574708bdc92b9a (diff) | |
| download | samba-3dfca72dba54434725b1a66512bf5eec78da0886.tar.gz samba-3dfca72dba54434725b1a66512bf5eec78da0886.tar.xz samba-3dfca72dba54434725b1a66512bf5eec78da0886.zip | |
dsdb: Also redact the clearTextPassword input-only attribute
We go to a great deal of effort to avoid administrators posting their
passwords in Samba logs, and one of the ways we do that is to remove
them from internal ldif dumps Samba produces while operating as an AD
DC.
clearTextPassword is not a real attribute, but it functions as one for
an input path.
Change-Id: Iaacf3354fc9bfff18d6774f49b17a9ba962347d5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Aug 16 01:05:07 CEST 2014 on sn-devel-104
Diffstat (limited to 'source4/dsdb')
| -rw-r--r-- | source4/dsdb/common/util.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h index 0f9b442130..dcf3fc44b1 100644 --- a/source4/dsdb/common/util.h +++ b/source4/dsdb/common/util.h @@ -58,7 +58,8 @@ bool is_attr_in_list(const char * const * attrs, const char *attr); "supplementalCredentials" sep \ "trustAuthIncoming" sep \ "trustAuthOutgoing" sep \ - "unicodePwd" + "unicodePwd" sep \ + "clearTextPassword" #define DSDB_SECRET_ATTRIBUTES_COMMA , #define DSDB_SECRET_ATTRIBUTES DSDB_SECRET_ATTRIBUTES_EX(DSDB_SECRET_ATTRIBUTES_COMMA) |