auth.idl: mark confidential attributes as [noprint]
Andrew Bartlett
abartlet at samba.org
Fri Jun 15 01:25:22 MDT 2012
On Fri, 2012-06-15 at 09:18 +0200, Stefan Metzmacher wrote:
> The branch, master has been updated
> via 8cca7b0 s3:smb2_server: remember the request_time on an incoming request
> via d8b3687 s3:smbd: remember the request_time on an incoming request
> via 59733d9 heimdal:lib/hdb: <config.h> needs to be the first header
> via 8d3a291 auth.idl: mark confidential attributes as [noprint]
> from b27f888 s3:vfs: change files_struct.fnum from int to uint64_t
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>
> commit 8d3a2914d8dfae4b9e4e9537aea87748d5456bb4
> Author: Stefan Metzmacher <metze at samba.org>
> Date: Thu Jun 14 17:52:23 2012 +0200
>
> auth.idl: mark confidential attributes as [noprint]
>
> We should allow NDR_PRINT_DEBUG() to log them.
>
> TODO: we could add some more magic which logs it at level 100.
>
> metze
We need to do a similar thing in LDB, so that attributes hidden over
ldap (the passwords essentially) are not included in the logs. Too
often I've been sent someone's krbtgt keys in a log I've asked for.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list