auth.idl: mark confidential attributes as [noprint]
Stefan (metze) Metzmacher
metze at samba.org
Fri Jun 15 10:40:42 MDT 2012
Am 15.06.2012 18:36, schrieb Matthieu Patou:
> On 06/15/2012 02:41 AM, Stefan (metze) Metzmacher wrote:
>> Hi,
>>
>>>> via 8cca7b0 s3:smb2_server: remember the request_time on an
>>>> incoming request
>>>> via d8b3687 s3:smbd: remember the request_time on an
>>>> incoming request
>>>> via 59733d9 heimdal:lib/hdb:<config.h> needs to be the
>>>> first header
>>>> via 8d3a291 auth.idl: mark confidential attributes as
>>>> [noprint]
>>>> from b27f888 s3:vfs: change files_struct.fnum from int to
>>>> uint64_t
>>>>
>>>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>>>>
>>>> commit 8d3a2914d8dfae4b9e4e9537aea87748d5456bb4
>>>> Author: Stefan Metzmacher<metze at samba.org>
>>>> Date: Thu Jun 14 17:52:23 2012 +0200
>>>>
>>>> auth.idl: mark confidential attributes as [noprint]
>>>>
>>>> We should allow NDR_PRINT_DEBUG() to log them.
>>>>
>>>> TODO: we could add some more magic which logs it at level 100.
>>>>
>>>> metze
>>> We need to do a similar thing in LDB, so that attributes hidden over
>>> ldap (the passwords essentially) are not included in the logs. Too
>>> often I've been sent someone's krbtgt keys in a log I've asked for.
>> maybe also things from netlogon.idl, samr.idl, lsa.idl and drsuapi.idl
> Well it's two sides sword because level 10 in netlogon turns to be very
> useful for some stuff.
typically log level 11 (I thought it was 100...) together with
DEBUG_PASSWORD is designed for that,
see dump_data_pw().
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120615/ed5bb1dd/attachment.pgp>
More information about the samba-technical
mailing list