From 3dfca72dba54434725b1a66512bf5eec78da0886 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 21 Feb 2014 15:24:24 +1300
Subject: [PATCH] dsdb: Also redact the clearTextPassword input-only attribute

We go to a great deal of effort to avoid administrators posting their
passwords in Samba logs, and one of the ways we do that is to remove
them from internal ldif dumps Samba produces while operating as an AD
DC.

clearTextPassword is not a real attribute, but it functions as one for
an input path.

Change-Id: Iaacf3354fc9bfff18d6774f49b17a9ba962347d5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Aug 16 01:05:07 CEST 2014 on sn-devel-104
---
 source4/dsdb/common/util.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h
index 0f9b442130d..dcf3fc44b13 100644
--- a/source4/dsdb/common/util.h
+++ b/source4/dsdb/common/util.h
@@ -58,7 +58,8 @@ bool is_attr_in_list(const char * const * attrs, const char *attr);
 	"supplementalCredentials" sep \
 	"trustAuthIncoming" sep \
 	"trustAuthOutgoing" sep \
-	"unicodePwd"
+	"unicodePwd" sep \
+	"clearTextPassword"
 
 #define DSDB_SECRET_ATTRIBUTES_COMMA ,
 #define DSDB_SECRET_ATTRIBUTES DSDB_SECRET_ATTRIBUTES_EX(DSDB_SECRET_ATTRIBUTES_COMMA)
-- 
2.34.1