auth.idl: mark confidential attributes as [noprint]
mat at matws.net
Fri Jun 15 10:36:39 MDT 2012
On 06/15/2012 02:41 AM, Stefan (metze) Metzmacher wrote:
>>> via 8cca7b0 s3:smb2_server: remember the request_time on an incoming request
>>> via d8b3687 s3:smbd: remember the request_time on an incoming request
>>> via 59733d9 heimdal:lib/hdb:<config.h> needs to be the first header
>>> via 8d3a291 auth.idl: mark confidential attributes as [noprint]
>>> from b27f888 s3:vfs: change files_struct.fnum from int to uint64_t
>>> commit 8d3a2914d8dfae4b9e4e9537aea87748d5456bb4
>>> Author: Stefan Metzmacher<metze at samba.org>
>>> Date: Thu Jun 14 17:52:23 2012 +0200
>>> auth.idl: mark confidential attributes as [noprint]
>>> We should allow NDR_PRINT_DEBUG() to log them.
>>> TODO: we could add some more magic which logs it at level 100.
>> We need to do a similar thing in LDB, so that attributes hidden over
>> ldap (the passwords essentially) are not included in the logs. Too
>> often I've been sent someone's krbtgt keys in a log I've asked for.
> maybe also things from netlogon.idl, samr.idl, lsa.idl and drsuapi.idl
Well it's two sides sword because level 10 in netlogon turns to be very
useful for some stuff.
More information about the samba-technical