drs repl: Only print raw DRS replication traffic at level 9

This can be sensitive even with the passwords still encrypted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python/samba/drs_utils.py

@@ -48,7 +48,7 @@ def drsuapi_connect(server, lp, creds):
     """
 
     binding_options = "seal"
-    if lp.log_level() >= 5:
+    if lp.log_level() >= 9:
         binding_options += ",print"
     binding_string = "ncacn_ip_tcp:%s[%s]" % (server, binding_options)
     try:

python/samba/join.py

@@ -437,7 +437,7 @@ class dc_join(object):
     def drsuapi_connect(ctx):
         '''make a DRSUAPI connection to the naming master'''
         binding_options = "seal"
-        if ctx.lp.log_level() >= 4:
+        if ctx.lp.log_level() >= 9:
             binding_options += ",print"
         binding_string = "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options)
         ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)
@@ -910,7 +910,7 @@ class dc_join(object):
                 repl_creds = ctx.creds
 
             binding_options = "seal"
-            if ctx.lp.log_level() >= 5:
+            if ctx.lp.log_level() >= 9:
                 binding_options += ",print"
             repl = drs_utils.drs_Replicate(
                 "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options),

python/samba/netcmd/rodc.py

@@ -111,7 +111,11 @@ class cmd_rodc_preload(Command):
 
         destination_dsa_guid = misc.GUID(local_samdb.get_ntds_GUID())
 
-        repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp, creds,
+        binding_options = "seal"
+        if lp.log_level() >= 9:
+            binding_options += ",print"
+        repl = drs_Replicate("ncacn_ip_tcp:%s[%s]" % (server, binding_options),
+                             lp, creds,
                              local_samdb, destination_dsa_guid)
 
         errors = []