diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-06-12 17:58:20 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2017-06-27 16:57:43 +0200 |
| commit | 32aa3a199dfd61eb5982e158008964b4747599b8 (patch) | |
| tree | b2535fea506e28faedbac83ab67027821fd0ac49 /librpc | |
| parent | 91d8272e8604b5d87bcc0ce365b553bc760c8ed3 (diff) | |
| download | samba-32aa3a199dfd61eb5982e158008964b4747599b8.tar.gz | |
librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'librpc')
| -rw-r--r-- | librpc/ndr/libndr.h | 10 | ||||
| -rw-r--r-- | librpc/ndr/ndr.c | 23 | ||||
| -rw-r--r-- | librpc/ndr/ndr_basic.c | 44 |
3 files changed, 77 insertions, 0 deletions
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h index 049a35f392a..072fd662e64 100644 --- a/librpc/ndr/libndr.h +++ b/librpc/ndr/libndr.h @@ -109,6 +109,7 @@ struct ndr_print { void (*print)(struct ndr_print *, const char *, ...) PRINTF_ATTRIBUTE(2,3); void *private_data; bool no_newline; + bool print_secrets; }; #define LIBNDR_FLAG_BIGENDIAN (1<<0) @@ -139,6 +140,12 @@ struct ndr_print { LIBNDR_FLAG_STR_RAW8 | \ 0) +/* + * Mark an element as SECRET, it won't be printed by + * via ndr_print* unless NDR_PRINT_SECRETS is specified. + */ +#define LIBNDR_FLAG_IS_SECRET (1<<14) + /* Disable string token compression */ #define LIBNDR_FLAG_NO_COMPRESSION (1<<15) @@ -210,6 +217,9 @@ struct ndr_print { #define NDR_PRINT_OUT_STRING(ctx, type, p) NDR_PRINT_FUNCTION_STRING(ctx, type, NDR_OUT, p) #define NDR_PRINT_IN_STRING(ctx, type, p) NDR_PRINT_FUNCTION_STRING(ctx, type, NDR_IN | NDR_SET_VALUES, p) +#define NDR_HIDE_SECRET(ndr) \ + (unlikely(((ndr)->flags & LIBNDR_FLAG_IS_SECRET) && !(ndr)->print_secrets)) + #define NDR_BE(ndr) (unlikely(((ndr)->flags & (LIBNDR_FLAG_BIGENDIAN|LIBNDR_FLAG_LITTLE_ENDIAN)) == LIBNDR_FLAG_BIGENDIAN)) enum ndr_err_code { diff --git a/librpc/ndr/ndr.c b/librpc/ndr/ndr.c index 1c49c9a0ec4..0f55cf97887 100644 --- a/librpc/ndr/ndr.c +++ b/librpc/ndr/ndr.c @@ -399,6 +399,12 @@ _PUBLIC_ void ndr_print_debugc(int dbgc_class, ndr_print_fn_t fn, const char *na ndr->print = ndr_print_debugc_helper; ndr->depth = 1; ndr->flags = 0; +#ifdef DEBUG_PASSWORD + if (CHECK_DEBUGLVL(100)) { + ndr->print_secrets = true; + } +#endif + fn(ndr, name, ptr); talloc_free(ndr); } @@ -417,6 +423,12 @@ _PUBLIC_ void ndr_print_debug(ndr_print_fn_t fn, const char *name, void *ptr) ndr->print = ndr_print_debug_helper; ndr->depth = 1; ndr->flags = 0; +#ifdef DEBUG_PASSWORD + if (CHECK_DEBUGLVL(100)) { + ndr->print_secrets = true; + } +#endif + fn(ndr, name, ptr); talloc_free(ndr); } @@ -435,6 +447,12 @@ _PUBLIC_ void ndr_print_union_debug(ndr_print_fn_t fn, const char *name, uint32_ ndr->print = ndr_print_debug_helper; ndr->depth = 1; ndr->flags = 0; +#ifdef DEBUG_PASSWORD + if (CHECK_DEBUGLVL(100)) { + ndr->print_secrets = true; + } +#endif + ndr_print_set_switch_value(ndr, ptr, level); fn(ndr, name, ptr); talloc_free(ndr); @@ -454,6 +472,11 @@ _PUBLIC_ void ndr_print_function_debug(ndr_print_function_t fn, const char *name ndr->print = ndr_print_debug_helper; ndr->depth = 1; ndr->flags = 0; +#ifdef DEBUG_PASSWORD + if (CHECK_DEBUGLVL(100)) { + ndr->print_secrets = true; + } +#endif fn(ndr, name, flags, ptr); talloc_free(ndr); diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c index b532cc55b43..c874f340388 100644 --- a/librpc/ndr/ndr_basic.c +++ b/librpc/ndr/ndr_basic.c @@ -1064,41 +1064,73 @@ _PUBLIC_ void ndr_print_bitmap_flag(struct ndr_print *ndr, size_t size, const ch _PUBLIC_ void ndr_print_int8(struct ndr_print *ndr, const char *name, int8_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: <REDACTED SECRET VALUE>", name); + return; + } ndr->print(ndr, "%-25s: %d", name, v); } _PUBLIC_ void ndr_print_uint8(struct ndr_print *ndr, const char *name, uint8_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: <REDACTED SECRET VALUE>", name); + return; + } ndr->print(ndr, "%-25s: 0x%02x (%u)", name, v, v); } _PUBLIC_ void ndr_print_int16(struct ndr_print *ndr, const char *name, int16_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: <REDACTED SECRET VALUE>", name); + return; + } ndr->print(ndr, "%-25s: %d", name, v); } _PUBLIC_ void ndr_print_uint16(struct ndr_print *ndr, const char *name, uint16_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: <REDACTED SECRET VALUE>", name); + return; + } ndr->print(ndr, "%-25s: 0x%04x (%u)", name, v, v); } _PUBLIC_ void ndr_print_int32(struct ndr_print *ndr, const char *name, int32_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: <REDACTED SECRET VALUE>", name); + return; + } ndr->print(ndr, "%-25s: %d", name, v); } _PUBLIC_ void ndr_print_uint32(struct ndr_print *ndr, const char *name, uint32_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: <REDACTED SECRET VALUE>", name); + return; + } ndr->print(ndr, "%-25s: 0x%08x (%u)", name, v, v); } _PUBLIC_ void ndr_print_int3264(struct ndr_print *ndr, const char *name, int32_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: <REDACTED SECRET VALUE>", name); + return; + } ndr->print(ndr, "%-25s: %d", name, v); } _PUBLIC_ void ndr_print_uint3264(struct ndr_print *ndr, const char *name, uint32_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: <REDACTED SECRET VALUE>", name); + return; + } ndr->print(ndr, "%-25s: 0x%08x (%u)", name, v, v); } @@ -1114,6 +1146,10 @@ _PUBLIC_ void ndr_print_udlongr(struct ndr_print *ndr, const char *name, uint64_ _PUBLIC_ void ndr_print_dlong(struct ndr_print *ndr, const char *name, int64_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: <REDACTED SECRET VALUE>", name); + return; + } ndr->print(ndr, "%-25s: 0x%016llx (%lld)", name, (unsigned long long)v, (long long)v); } @@ -1203,6 +1239,11 @@ _PUBLIC_ void ndr_print_array_uint8(struct ndr_print *ndr, const char *name, return; } + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%s: ARRAY(%d): <REDACTED SECRET VALUES>", name, count); + return; + } + if (count <= _ONELINE_LIMIT && (ndr->flags & LIBNDR_PRINT_ARRAY_HEX)) { char s[(_ONELINE_LIMIT + 1) * 2]; for (i=0;i<count;i++) { @@ -1243,6 +1284,9 @@ static void ndr_print_dump_data_cb(const char *buf, void *private_data) */ static void ndr_dump_data(struct ndr_print *ndr, const uint8_t *buf, int len) { + if (NDR_HIDE_SECRET(ndr)) { + return; + } ndr->no_newline = true; dump_data_cb(buf, len, true, ndr_print_dump_data_cb, ndr); ndr->no_newline = false; |