From fec14d2d9e0114e959d9626ca1457cd578c1d029 Mon Sep 17 00:00:00 2001
From: "Bryn M. Reeves" <bmr@redhat.com>
Date: Fri, 14 Feb 2014 20:12:14 +0000
Subject: [PATCH 23/72] Scrub ldap_default_authtok password in sssd plugin

The file sssd.conf collected by the sssd plugin may contain an
ldap password. Add a postproc() method to replace the string with
blanks.

Signed-off-by: Bryn M. Reeeves <bmr@redhat.com>
---
 sos/plugins/sssd.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/sos/plugins/sssd.py b/sos/plugins/sssd.py
index b28f4b4..0d201f4 100644
--- a/sos/plugins/sssd.py
+++ b/sos/plugins/sssd.py
@@ -24,7 +24,15 @@ class Sssd(Plugin):
     packages = ('sssd',)
 
     def setup(self):
-        self.add_copy_specs(["/etc/sssd", "/var/log/sssd/*"])
+        self.add_copy_specs([
+            "/etc/sssd/sssd.conf",
+            "/var/log/sssd/*"
+        ])
+
+    def postproc(self):
+        self.do_file_sub("/etc/sssd/sssd.conf",
+                    r"(\s*ldap_default_authtok\s*=\s*)\S+",
+                    r"\1********")
 
 class RedHatSssd(Sssd, RedHatPlugin):
     """sssd-related Diagnostic Information on Red Hat based distributions
-- 
1.9.3