auth.idl: mark confidential attributes as [noprint]
Matthieu Patou
mat at matws.net
Fri Jun 15 10:36:39 MDT 2012
On 06/15/2012 02:41 AM, Stefan (metze) Metzmacher wrote:
> Hi,
>
>>> via 8cca7b0 s3:smb2_server: remember the request_time on an incoming request
>>> via d8b3687 s3:smbd: remember the request_time on an incoming request
>>> via 59733d9 heimdal:lib/hdb:<config.h> needs to be the first header
>>> via 8d3a291 auth.idl: mark confidential attributes as [noprint]
>>> from b27f888 s3:vfs: change files_struct.fnum from int to uint64_t
>>>
>>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>>>
>>> commit 8d3a2914d8dfae4b9e4e9537aea87748d5456bb4
>>> Author: Stefan Metzmacher<metze at samba.org>
>>> Date: Thu Jun 14 17:52:23 2012 +0200
>>>
>>> auth.idl: mark confidential attributes as [noprint]
>>>
>>> We should allow NDR_PRINT_DEBUG() to log them.
>>>
>>> TODO: we could add some more magic which logs it at level 100.
>>>
>>> metze
>> We need to do a similar thing in LDB, so that attributes hidden over
>> ldap (the passwords essentially) are not included in the logs. Too
>> often I've been sent someone's krbtgt keys in a log I've asked for.
> maybe also things from netlogon.idl, samr.idl, lsa.idl and drsuapi.idl
Well it's two sides sword because level 10 in netlogon turns to be very
useful for some stuff.
Matthieu.
> metze
>
More information about the samba-technical
mailing list