mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
cmdline:burn: do not burn options starting --user-*, --password-*
We have options that start with --user or --password that we don't
want to burn. Some grepping says:
2 --user1
1 --user2
10 --user-allowed-to-authenticate-from
6 --user-allowed-to-authenticate-to
2 --user-allow-ntlm-auth
25 --user-authentication-policy
1 --user-config
4 --user-domgroups
5 --user-ext-name
2 --user-groups
6 --user-info
27 --username
1 --username2
2 --userou
1 --users
2 --user-sidinfo
6 --user-sids
14 --user-tgt-lifetime-mins
2 --password2
118 --password-file
2 --password-from-stdin
# from here, grepping for strings around POPT_ constants
5 "user"
2 "user1"
2 "user2"
1 "userd"
1 "user-domgroups"
1 "user-groups"
1 "user-info"
2 "username"
1 "user-sidinfo"
1 "user-sids"
1 passwordd
4 "password"
Not all of these use lib/cmdline, but I think most do, via Python
which defers to cmdline_burn().
Note that there are options we should burn that aren't on this list,
like --adminpass. That's another matter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
(cherry picked from commit 6effed3189
)
This commit is contained in:
parent
66da23459f
commit
0d89d09674
@ -135,6 +135,21 @@ void samba_cmdline_set_machine_account_fn(
|
||||
cli_credentials_set_machine_account_fn = fn;
|
||||
}
|
||||
|
||||
/*
|
||||
* Are the strings p and option equal from the point of view of option
|
||||
* parsing, meaning is the next character '\0' or '='.
|
||||
*/
|
||||
static bool strneq_cmdline_exact(const char *p, const char *option, size_t len)
|
||||
{
|
||||
if (strncmp(p, option, len) == 0) {
|
||||
if (p[len] == 0 || p[len] == '=') {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
bool samba_cmdline_burn(int argc, char *argv[])
|
||||
{
|
||||
bool burnt = false;
|
||||
@ -151,25 +166,21 @@ bool samba_cmdline_burn(int argc, char *argv[])
|
||||
return burnt;
|
||||
}
|
||||
|
||||
/*
|
||||
* Take care that this list must be in longest-match
|
||||
* first order (e.g. --password2 before --password).
|
||||
*/
|
||||
if (strncmp(p, "-U", 2) == 0) {
|
||||
ulen = 2;
|
||||
found = true;
|
||||
is_user = true;
|
||||
} else if (strncmp(p, "--user", 6) == 0) {
|
||||
} else if (strneq_cmdline_exact(p, "--user", 6)) {
|
||||
ulen = 6;
|
||||
found = true;
|
||||
is_user = true;
|
||||
} else if (strncmp(p, "--password2", 11) == 0) {
|
||||
} else if (strneq_cmdline_exact(p, "--password2", 11)) {
|
||||
ulen = 11;
|
||||
found = true;
|
||||
} else if (strncmp(p, "--password", 10) == 0) {
|
||||
} else if (strneq_cmdline_exact(p, "--password", 10)) {
|
||||
ulen = 10;
|
||||
found = true;
|
||||
} else if (strncmp(p, "--newpassword", 13) == 0) {
|
||||
} else if (strneq_cmdline_exact(p, "--newpassword", 13)) {
|
||||
ulen = 13;
|
||||
found = true;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user