[PATCH][WIP] Do not expose secret values at level 5 / ldb 1.2.2 for 4.7?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[PATCH][WIP] Do not expose secret values at level 5 / ldb 1.2.2 for 4.7?

Samba - samba-technical mailing list
This patch series is a few small changes to LDB I would really like to
see in 4.7, including future DB support, but most importantly includes
changes to avoid putting secret values into a level 5 debug.

Level 4: DN only
Level 5: redacted LDIF on failure
Level 8: redacted LDIF
Level 9: NDR dump with encrypted secrets

I also add a new debug class for replication (drs_repl) and use
rpc_parse in the PIDL printer.

I'll do some manual testing of them tomorrow.

Please review so I can push after some extra tests.

I would like some comment so I can try and get the redaction patches
(at least) in for 4.7.

Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT  
https://catalyst.net.nz/services/samba




repl-safe-debug.patch.txt (103K) Download Attachment