ldb: removing prior secret from logs

priorSecret, like secret, can contain a machine account password
(for secrets.ldb) and so should not be printed in a debug
trace.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13353

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index 591bd1ee217b9d3d0168327e239240f95b932384..ecc02e51c1dc04566ce9c8363040a68703d286ed 100644 (file)
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -1706,7 +1706,8 @@ const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_c
        return s;
 }
 
-static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, "secret", NULL};
+static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, "secret",
+                                          "priorSecret", NULL};
 
 /*
   register the samba ldif handlers