mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
cmdline:burn: do not burn options starting --user-*, --password-*
We have options that start with --user or --password that we don't want to burn. Some grepping says: 2 --user1 1 --user2 10 --user-allowed-to-authenticate-from 6 --user-allowed-to-authenticate-to 2 --user-allow-ntlm-auth 25 --user-authentication-policy 1 --user-config 4 --user-domgroups 5 --user-ext-name 2 --user-groups 6 --user-info 27 --username 1 --username2 2 --userou 1 --users 2 --user-sidinfo 6 --user-sids 14 --user-tgt-lifetime-mins 2 --password2 118 --password-file 2 --password-from-stdin # from here, grepping for strings around POPT_ constants 5 "user" 2 "user1" 2 "user2" 1 "userd" 1 "user-domgroups" 1 "user-groups" 1 "user-info" 2 "username" 1 "user-sidinfo" 1 "user-sids" 1 passwordd 4 "password" Not all of these use lib/cmdline, but I think most do, via Python which defers to cmdline_burn(). Note that there are options we should burn that aren't on this list, like --adminpass. That's another matter. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This commit is contained in:
parent
f5233ddf97
commit
6effed3189
@ -135,6 +135,21 @@ void samba_cmdline_set_machine_account_fn(
|
||||
cli_credentials_set_machine_account_fn = fn;
|
||||
}
|
||||
|
||||
/*
|
||||
* Are the strings p and option equal from the point of view of option
|
||||
* parsing, meaning is the next character '\0' or '='.
|
||||
*/
|
||||
static bool strneq_cmdline_exact(const char *p, const char *option, size_t len)
|
||||
{
|
||||
if (strncmp(p, option, len) == 0) {
|
||||
if (p[len] == 0 || p[len] == '=') {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
bool samba_cmdline_burn(int argc, char *argv[])
|
||||
{
|
||||
bool burnt = false;
|
||||
@ -151,25 +166,21 @@ bool samba_cmdline_burn(int argc, char *argv[])
|
||||
return burnt;
|
||||
}
|
||||
|
||||
/*
|
||||
* Take care that this list must be in longest-match
|
||||
* first order (e.g. --password2 before --password).
|
||||
*/
|
||||
if (strncmp(p, "-U", 2) == 0) {
|
||||
ulen = 2;
|
||||
found = true;
|
||||
is_user = true;
|
||||
} else if (strncmp(p, "--user", 6) == 0) {
|
||||
} else if (strneq_cmdline_exact(p, "--user", 6)) {
|
||||
ulen = 6;
|
||||
found = true;
|
||||
is_user = true;
|
||||
} else if (strncmp(p, "--password2", 11) == 0) {
|
||||
} else if (strneq_cmdline_exact(p, "--password2", 11)) {
|
||||
ulen = 11;
|
||||
found = true;
|
||||
} else if (strncmp(p, "--password", 10) == 0) {
|
||||
} else if (strneq_cmdline_exact(p, "--password", 10)) {
|
||||
ulen = 10;
|
||||
found = true;
|
||||
} else if (strncmp(p, "--newpassword", 13) == 0) {
|
||||
} else if (strneq_cmdline_exact(p, "--newpassword", 13)) {
|
||||
ulen = 13;
|
||||
found = true;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user