From 0d89d09674a7033062d0b4697d208e3e471c0dc1 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Sat, 29 Jun 2024 11:30:19 +1200 Subject: [PATCH] cmdline:burn: do not burn options starting --user-*, --password-* We have options that start with --user or --password that we don't want to burn. Some grepping says: 2 --user1 1 --user2 10 --user-allowed-to-authenticate-from 6 --user-allowed-to-authenticate-to 2 --user-allow-ntlm-auth 25 --user-authentication-policy 1 --user-config 4 --user-domgroups 5 --user-ext-name 2 --user-groups 6 --user-info 27 --username 1 --username2 2 --userou 1 --users 2 --user-sidinfo 6 --user-sids 14 --user-tgt-lifetime-mins 2 --password2 118 --password-file 2 --password-from-stdin # from here, grepping for strings around POPT_ constants 5 "user" 2 "user1" 2 "user2" 1 "userd" 1 "user-domgroups" 1 "user-groups" 1 "user-info" 2 "username" 1 "user-sidinfo" 1 "user-sids" 1 passwordd 4 "password" Not all of these use lib/cmdline, but I think most do, via Python which defers to cmdline_burn(). Note that there are options we should burn that aren't on this list, like --adminpass. That's another matter. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton (cherry picked from commit 6effed31899a1be8194a851e5a4023276b8a5f38) --- lib/cmdline/cmdline.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index d20c606d503..993b5aefe9e 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -135,6 +135,21 @@ void samba_cmdline_set_machine_account_fn( cli_credentials_set_machine_account_fn = fn; } +/* + * Are the strings p and option equal from the point of view of option + * parsing, meaning is the next character '\0' or '='. + */ +static bool strneq_cmdline_exact(const char *p, const char *option, size_t len) +{ + if (strncmp(p, option, len) == 0) { + if (p[len] == 0 || p[len] == '=') { + return true; + } + } + return false; +} + + bool samba_cmdline_burn(int argc, char *argv[]) { bool burnt = false; @@ -151,25 +166,21 @@ bool samba_cmdline_burn(int argc, char *argv[]) return burnt; } - /* - * Take care that this list must be in longest-match - * first order (e.g. --password2 before --password). - */ if (strncmp(p, "-U", 2) == 0) { ulen = 2; found = true; is_user = true; - } else if (strncmp(p, "--user", 6) == 0) { + } else if (strneq_cmdline_exact(p, "--user", 6)) { ulen = 6; found = true; is_user = true; - } else if (strncmp(p, "--password2", 11) == 0) { + } else if (strneq_cmdline_exact(p, "--password2", 11)) { ulen = 11; found = true; - } else if (strncmp(p, "--password", 10) == 0) { + } else if (strneq_cmdline_exact(p, "--password", 10)) { ulen = 10; found = true; - } else if (strncmp(p, "--newpassword", 13) == 0) { + } else if (strneq_cmdline_exact(p, "--newpassword", 13)) { ulen = 13; found = true; }