Scrub ldap_default_authtok password in sssd plugin

The file sssd.conf collected by the sssd plugin may contain an ldap password. Add a postproc() method to replace the string with blanks. Signed-off-by: Bryn M. Reeeves <bmr@redhat.com>
author: Bryn M. Reeves <bmr@redhat.com> 2014-02-14 20:12:14 +0000
committer: Bryn M. Reeves <bmr@redhat.com> 2014-02-14 20:12:14 +0000
commit: fec14d2d9e0114e959d9626ca1457cd578c1d029 (patch)
tree: 1b67cc2b4a80ad7478e36c7b06251d6dee7e9913
parent: 80e251f4c30d9f8263c472e07d18a4b0b21ebf4e (diff)
download: sos-fec14d2d9e0114e959d9626ca1457cd578c1d029.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/sos/plugins/sssd.py b/sos/plugins/sssd.py
index b28f4b44..0d201f4e 100644
--- a/sos/plugins/sssd.py
+++ b/sos/plugins/sssd.py
@@ -24,7 +24,15 @@ class Sssd(Plugin):
     packages = ('sssd',)
 
     def setup(self):
-        self.add_copy_specs(["/etc/sssd", "/var/log/sssd/*"])
+        self.add_copy_specs([
+            "/etc/sssd/sssd.conf",
+            "/var/log/sssd/*"
+        ])
+
+    def postproc(self):
+        self.do_file_sub("/etc/sssd/sssd.conf",
+                    r"(\s*ldap_default_authtok\s*=\s*)\S+",
+                    r"\1********")
 
 class RedHatSssd(Sssd, RedHatPlugin):
     """sssd-related Diagnostic Information on Red Hat based distributions
author	Bryn M. Reeves <bmr@redhat.com>	2014-02-14 20:12:14 +0000
committer	Bryn M. Reeves <bmr@redhat.com>	2014-02-14 20:12:14 +0000
commit	fec14d2d9e0114e959d9626ca1457cd578c1d029 (patch)
tree	1b67cc2b4a80ad7478e36c7b06251d6dee7e9913
parent	80e251f4c30d9f8263c472e07d18a4b0b21ebf4e (diff)
download	sos-fec14d2d9e0114e959d9626ca1457cd578c1d029.tar.gz