auth.idl: mark confidential attributes as [noprint]

Matthieu Patou mat at matws.net
Fri Jun 15 10:36:39 MDT 2012


On 06/15/2012 02:41 AM, Stefan (metze) Metzmacher wrote:
> Hi,
>
>>>         via  8cca7b0 s3:smb2_server: remember the request_time on an incoming request
>>>         via  d8b3687 s3:smbd: remember the request_time on an incoming request
>>>         via  59733d9 heimdal:lib/hdb:<config.h>  needs to be the first header
>>>         via  8d3a291 auth.idl: mark confidential attributes as [noprint]
>>>        from  b27f888 s3:vfs: change files_struct.fnum from int to uint64_t
>>>
>>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>>>
>>> commit 8d3a2914d8dfae4b9e4e9537aea87748d5456bb4
>>> Author: Stefan Metzmacher<metze at samba.org>
>>> Date:   Thu Jun 14 17:52:23 2012 +0200
>>>
>>>      auth.idl: mark confidential attributes as [noprint]
>>>
>>>      We should allow NDR_PRINT_DEBUG() to log them.
>>>
>>>      TODO: we could add some more magic which logs it at level 100.
>>>
>>>      metze
>> We need to do a similar thing in LDB, so that attributes hidden over
>> ldap (the passwords essentially) are not included in the logs.  Too
>> often I've been sent someone's krbtgt keys in a log I've asked for.
> maybe also things from netlogon.idl, samr.idl, lsa.idl and drsuapi.idl
Well it's two sides sword because level 10 in netlogon turns to be very 
useful for some stuff.

Matthieu.
> metze
>



More information about the samba-technical mailing list