From 32aa3a199dfd61eb5982e158008964b4747599b8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 12 Jun 2017 17:58:20 +0200 Subject: librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- librpc/ndr/libndr.h | 10 ++++++++++ librpc/ndr/ndr.c | 23 +++++++++++++++++++++++ librpc/ndr/ndr_basic.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+) (limited to 'librpc') diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h index 049a35f392a..072fd662e64 100644 --- a/librpc/ndr/libndr.h +++ b/librpc/ndr/libndr.h @@ -109,6 +109,7 @@ struct ndr_print { void (*print)(struct ndr_print *, const char *, ...) PRINTF_ATTRIBUTE(2,3); void *private_data; bool no_newline; + bool print_secrets; }; #define LIBNDR_FLAG_BIGENDIAN (1<<0) @@ -139,6 +140,12 @@ struct ndr_print { LIBNDR_FLAG_STR_RAW8 | \ 0) +/* + * Mark an element as SECRET, it won't be printed by + * via ndr_print* unless NDR_PRINT_SECRETS is specified. + */ +#define LIBNDR_FLAG_IS_SECRET (1<<14) + /* Disable string token compression */ #define LIBNDR_FLAG_NO_COMPRESSION (1<<15) @@ -210,6 +217,9 @@ struct ndr_print { #define NDR_PRINT_OUT_STRING(ctx, type, p) NDR_PRINT_FUNCTION_STRING(ctx, type, NDR_OUT, p) #define NDR_PRINT_IN_STRING(ctx, type, p) NDR_PRINT_FUNCTION_STRING(ctx, type, NDR_IN | NDR_SET_VALUES, p) +#define NDR_HIDE_SECRET(ndr) \ + (unlikely(((ndr)->flags & LIBNDR_FLAG_IS_SECRET) && !(ndr)->print_secrets)) + #define NDR_BE(ndr) (unlikely(((ndr)->flags & (LIBNDR_FLAG_BIGENDIAN|LIBNDR_FLAG_LITTLE_ENDIAN)) == LIBNDR_FLAG_BIGENDIAN)) enum ndr_err_code { diff --git a/librpc/ndr/ndr.c b/librpc/ndr/ndr.c index 1c49c9a0ec4..0f55cf97887 100644 --- a/librpc/ndr/ndr.c +++ b/librpc/ndr/ndr.c @@ -399,6 +399,12 @@ _PUBLIC_ void ndr_print_debugc(int dbgc_class, ndr_print_fn_t fn, const char *na ndr->print = ndr_print_debugc_helper; ndr->depth = 1; ndr->flags = 0; +#ifdef DEBUG_PASSWORD + if (CHECK_DEBUGLVL(100)) { + ndr->print_secrets = true; + } +#endif + fn(ndr, name, ptr); talloc_free(ndr); } @@ -417,6 +423,12 @@ _PUBLIC_ void ndr_print_debug(ndr_print_fn_t fn, const char *name, void *ptr) ndr->print = ndr_print_debug_helper; ndr->depth = 1; ndr->flags = 0; +#ifdef DEBUG_PASSWORD + if (CHECK_DEBUGLVL(100)) { + ndr->print_secrets = true; + } +#endif + fn(ndr, name, ptr); talloc_free(ndr); } @@ -435,6 +447,12 @@ _PUBLIC_ void ndr_print_union_debug(ndr_print_fn_t fn, const char *name, uint32_ ndr->print = ndr_print_debug_helper; ndr->depth = 1; ndr->flags = 0; +#ifdef DEBUG_PASSWORD + if (CHECK_DEBUGLVL(100)) { + ndr->print_secrets = true; + } +#endif + ndr_print_set_switch_value(ndr, ptr, level); fn(ndr, name, ptr); talloc_free(ndr); @@ -454,6 +472,11 @@ _PUBLIC_ void ndr_print_function_debug(ndr_print_function_t fn, const char *name ndr->print = ndr_print_debug_helper; ndr->depth = 1; ndr->flags = 0; +#ifdef DEBUG_PASSWORD + if (CHECK_DEBUGLVL(100)) { + ndr->print_secrets = true; + } +#endif fn(ndr, name, flags, ptr); talloc_free(ndr); diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c index b532cc55b43..c874f340388 100644 --- a/librpc/ndr/ndr_basic.c +++ b/librpc/ndr/ndr_basic.c @@ -1064,41 +1064,73 @@ _PUBLIC_ void ndr_print_bitmap_flag(struct ndr_print *ndr, size_t size, const ch _PUBLIC_ void ndr_print_int8(struct ndr_print *ndr, const char *name, int8_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: ", name); + return; + } ndr->print(ndr, "%-25s: %d", name, v); } _PUBLIC_ void ndr_print_uint8(struct ndr_print *ndr, const char *name, uint8_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: ", name); + return; + } ndr->print(ndr, "%-25s: 0x%02x (%u)", name, v, v); } _PUBLIC_ void ndr_print_int16(struct ndr_print *ndr, const char *name, int16_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: ", name); + return; + } ndr->print(ndr, "%-25s: %d", name, v); } _PUBLIC_ void ndr_print_uint16(struct ndr_print *ndr, const char *name, uint16_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: ", name); + return; + } ndr->print(ndr, "%-25s: 0x%04x (%u)", name, v, v); } _PUBLIC_ void ndr_print_int32(struct ndr_print *ndr, const char *name, int32_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: ", name); + return; + } ndr->print(ndr, "%-25s: %d", name, v); } _PUBLIC_ void ndr_print_uint32(struct ndr_print *ndr, const char *name, uint32_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: ", name); + return; + } ndr->print(ndr, "%-25s: 0x%08x (%u)", name, v, v); } _PUBLIC_ void ndr_print_int3264(struct ndr_print *ndr, const char *name, int32_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: ", name); + return; + } ndr->print(ndr, "%-25s: %d", name, v); } _PUBLIC_ void ndr_print_uint3264(struct ndr_print *ndr, const char *name, uint32_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: ", name); + return; + } ndr->print(ndr, "%-25s: 0x%08x (%u)", name, v, v); } @@ -1114,6 +1146,10 @@ _PUBLIC_ void ndr_print_udlongr(struct ndr_print *ndr, const char *name, uint64_ _PUBLIC_ void ndr_print_dlong(struct ndr_print *ndr, const char *name, int64_t v) { + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%-25s: ", name); + return; + } ndr->print(ndr, "%-25s: 0x%016llx (%lld)", name, (unsigned long long)v, (long long)v); } @@ -1203,6 +1239,11 @@ _PUBLIC_ void ndr_print_array_uint8(struct ndr_print *ndr, const char *name, return; } + if (NDR_HIDE_SECRET(ndr)) { + ndr->print(ndr, "%s: ARRAY(%d): ", name, count); + return; + } + if (count <= _ONELINE_LIMIT && (ndr->flags & LIBNDR_PRINT_ARRAY_HEX)) { char s[(_ONELINE_LIMIT + 1) * 2]; for (i=0;ino_newline = true; dump_data_cb(buf, len, true, ndr_print_dump_data_cb, ndr); ndr->no_newline = false; -- cgit v1.2.1