1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

cmdline:burn: do not burn options starting --user-*, --password-*

We have options that start with --user or --password that we don't
want to burn. Some grepping says:

      2 --user1
      1 --user2
     10 --user-allowed-to-authenticate-from
      6 --user-allowed-to-authenticate-to
      2 --user-allow-ntlm-auth
     25 --user-authentication-policy
      1 --user-config
      4 --user-domgroups
      5 --user-ext-name
      2 --user-groups
      6 --user-info
     27 --username
      1 --username2
      2 --userou
      1 --users
      2 --user-sidinfo
      6 --user-sids
     14 --user-tgt-lifetime-mins
      2 --password2
    118 --password-file
      2 --password-from-stdin
      # from here, grepping for strings around POPT_ constants
      5 "user"
      2 "user1"
      2 "user2"
      1 "userd"
      1 "user-domgroups"
      1 "user-groups"
      1 "user-info"
      2 "username"
      1 "user-sidinfo"
      1 "user-sids"
      1 passwordd
      4 "password"

Not all of these use lib/cmdline, but I think most do, via Python
which defers to cmdline_burn().

Note that there are options we should burn that aren't on this list,
like --adminpass. That's another matter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
(cherry picked from commit 6effed3189)
This commit is contained in:
Douglas Bagnall 2024-06-29 11:30:19 +12:00 committed by Jule Anger
parent 66da23459f
commit 0d89d09674

View File

@ -135,6 +135,21 @@ void samba_cmdline_set_machine_account_fn(
cli_credentials_set_machine_account_fn = fn;
}
/*
* Are the strings p and option equal from the point of view of option
* parsing, meaning is the next character '\0' or '='.
*/
static bool strneq_cmdline_exact(const char *p, const char *option, size_t len)
{
if (strncmp(p, option, len) == 0) {
if (p[len] == 0 || p[len] == '=') {
return true;
}
}
return false;
}
bool samba_cmdline_burn(int argc, char *argv[])
{
bool burnt = false;
@ -151,25 +166,21 @@ bool samba_cmdline_burn(int argc, char *argv[])
return burnt;
}
/*
* Take care that this list must be in longest-match
* first order (e.g. --password2 before --password).
*/
if (strncmp(p, "-U", 2) == 0) {
ulen = 2;
found = true;
is_user = true;
} else if (strncmp(p, "--user", 6) == 0) {
} else if (strneq_cmdline_exact(p, "--user", 6)) {
ulen = 6;
found = true;
is_user = true;
} else if (strncmp(p, "--password2", 11) == 0) {
} else if (strneq_cmdline_exact(p, "--password2", 11)) {
ulen = 11;
found = true;
} else if (strncmp(p, "--password", 10) == 0) {
} else if (strneq_cmdline_exact(p, "--password", 10)) {
ulen = 10;
found = true;
} else if (strncmp(p, "--newpassword", 13) == 0) {
} else if (strneq_cmdline_exact(p, "--newpassword", 13)) {
ulen = 13;
found = true;
}