drs repl: Only print raw DRS replication traffic at level 9

This can be sensitive even with the passwords still encrypted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/python/samba/drs_utils.py b/python/samba/drs_utils.py
index bed88178b74a382243e5138d3bac6573a83ac6e8..ded072ca4f689b3402e2ea32cb697220c466cb20 100644 (file)
--- a/python/samba/drs_utils.py
+++ b/python/samba/drs_utils.py
@@ -48,7 +48,7 @@ def drsuapi_connect(server, lp, creds):
     """
 
     binding_options = "seal"
-    if lp.log_level() >= 5:
+    if lp.log_level() >= 9:
         binding_options += ",print"
     binding_string = "ncacn_ip_tcp:%s[%s]" % (server, binding_options)
     try:

diff --git a/python/samba/join.py b/python/samba/join.py
index fa87f0bb32f316d55f773f6e20faebe099fd683d..3aefb7baa9783e0301bc9ea6a8e24aa4efd32bd9 100644 (file)
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -437,7 +437,7 @@ class dc_join(object):
     def drsuapi_connect(ctx):
         '''make a DRSUAPI connection to the naming master'''
         binding_options = "seal"
-        if ctx.lp.log_level() >= 4:
+        if ctx.lp.log_level() >= 9:
             binding_options += ",print"
         binding_string = "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options)
         ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)
@@ -910,7 +910,7 @@ class dc_join(object):
                 repl_creds = ctx.creds
 
             binding_options = "seal"
-            if ctx.lp.log_level() >= 5:
+            if ctx.lp.log_level() >= 9:
                 binding_options += ",print"
             repl = drs_utils.drs_Replicate(
                 "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options),

diff --git a/python/samba/netcmd/rodc.py b/python/samba/netcmd/rodc.py
index e7fbcdc57b060e9b023f8b6b099d6df07f428b89..41a7a85b7125f07d42e2b4f1bcc14d763176cf2e 100644 (file)
--- a/python/samba/netcmd/rodc.py
+++ b/python/samba/netcmd/rodc.py
@@ -111,7 +111,11 @@ class cmd_rodc_preload(Command):
 
         destination_dsa_guid = misc.GUID(local_samdb.get_ntds_GUID())
 
-        repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp, creds,
+        binding_options = "seal"
+        if lp.log_level() >= 9:
+            binding_options += ",print"
+        repl = drs_Replicate("ncacn_ip_tcp:%s[%s]" % (server, binding_options),
+                             lp, creds,
                              local_samdb, destination_dsa_guid)
 
         errors = []