1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

4321 Commits

Author SHA1 Message Date
Stefan Metzmacher
f9ee4db2ba s3:utils: use the correct secrets.tdb in net_use_krb_machine_account()
On a cluster we need to use the ctdb controlled database and not
a local secrets.tdb...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15714

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep 20 05:54:43 UTC 2024 on atb-devel-224
2024-09-20 05:54:43 +00:00
Stefan Metzmacher
ab3fc1595c s3:utils: let 'net ads testjoin' fail without valid machine credentials
This will allow doing tests and make sure using anonymous credentials
doesn't cause false positive results...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15714

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-09-20 04:41:37 +00:00
Ralph Boehme
2ff3b9bc0d smbd: remove just created sharemode entry in the error codepaths
Without this we leave stale sharemode entries around that can lead to all sorts
of havoc.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Sep 19 19:36:19 UTC 2024 on atb-devel-224
2024-09-19 19:36:19 +00:00
Stefan Metzmacher
14875448ca s3:tests: let test_durable_handle_reconnect.sh run smb2.durable-v2-regressions.durable_v2_reconnect_bug15624
This demonstrates the dead lock after a durable reconnect failed
because the stat info changed, the file can't be accessed anymore
as we leak the incomplete share mode entry in a still running
process.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2024-09-19 18:27:33 +00:00
Stefan Metzmacher
ef4ef04e7f s4:torture/smb2: add smb2.durable-v2-regressions.durable_v2_reconnect_bug15624
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2024-09-19 18:27:33 +00:00
Jeremy Allison
7da019d614 s4: torture: Add a new test lease_rename_with_overwrite.
Creates and opens two files with leases, then tries
rename-with-overwrite on file_src -> file_dst.

Ensures we get a lease break on file_dst before
getting the access denied response.

Passes against Windows, fails against Samba.

Add knownfail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 18 05:42:15 UTC 2024 on atb-devel-224
2024-09-18 05:42:15 +00:00
Ralph Boehme
ecb8a99a2c smbd: use metadata_fsp(fsp) in copy_access_posix_acl() for SMB_VFS_SYS_ACL_SET_FD
When inherting permissions on the created stream, we call into the VFS to fetch
the streams security descriptor via inherit_access_posix_acl() ->
copy_access_posix_acl() -> SMB_VFS_SYS_ACL_SET_FD() passing the stream fsp which
triggers the assert SMB_ASSERT(!fsp_is_alternate_stream(fsp)) in
vfswrap_sys_acl_set_fd() in vfs_default.

Just passing the base fsp to the VFS fixes this.

vfs_streams_depot which *does use* distinct backend filesystem files for the
streams, currently does not apply permissions to the stream files at all, so the
incomplete behaviour of vfs_streams_depot is not affected by this change.

If in the future someone want to fix this defficiency in vfs_streams_depot, the
module code can use fsp->stream_fsp to base decisions in VFS ops whether the
module should carry out some action.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15695

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep  2 08:55:28 UTC 2024 on atb-devel-224
2024-09-02 08:55:28 +00:00
Ralph Boehme
0983560830 smbtorture: test creating stream doesn't crash when using "inherit permissions = yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15695

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-09-02 07:19:38 +00:00
David Disseldorp
5e278a5264 smb2_ioctl: fix truncated FSCTL_QUERY_ALLOCATED_RANGES responses
As per MS-FSA 2.1.5.10.22 FSCTL_QUERY_ALLOCATED_RANGES, if response
range entries exceed in_max_output, then we should respond with
STATUS_BUFFER_OVERFLOW and a truncated output buffer.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15699

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Aug 28 08:54:11 UTC 2024 on atb-devel-224
2024-08-28 08:54:11 +00:00
David Disseldorp
5cf57f1f53 s4:torture/smb2: test FSCTL_QUERY_ALLOCATED_RANGES truncation
FSCTL_QUERY_ALLOCATED_RANGES responses with more than one range should
be truncated to account for a ioctl.smb2.in.max_output_response limit.
Add a test for this.

Flag the new test knownfail; fix in subsequent commit.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2024-08-28 07:37:41 +00:00
Douglas Bagnall
7dac035896 s4:drs:test:getncchanges skips some tests with reserved_usn = 0
These tests are not affected by the reserved_usn change, so there is
no need to run them twice.

The test_repl_get_tgt_multivalued_links fails with or without
reserved_usn set to zero, but it fails differently in either case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15701

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <josutton@catalyst.net.nz>
2024-08-28 04:24:39 +00:00
Douglas Bagnall
7a623d8d56 s4:drsuapi:getncchanges: allow 0 reserved_usn reply
Azure AD will set reserved_usn to zero when we expect it to be
the number we gave them.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15701

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <josutton@catalyst.net.nz>
2024-08-28 04:24:39 +00:00
Douglas Bagnall
67c7609ab7 s4:drs:tests: repeat getncchanges test with zero reserved_usn
This emulates the behaviour of Azure AD.

As this is quite slow we will later reduce the test load in this case,
but for now we want to run all the getncchanges tests this way.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15701

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <josutton@catalyst.net.nz>
2024-08-28 04:24:39 +00:00
Stefan Metzmacher
7baeeece2d s3:smbd: let mkdir_internal() work more atomically using a temporary name
Currently we do this in mkdir_internal():

mkdirat(client_name);
if (EEXIST) {
   return EEXIST;
}
prepare_acls(client_name);

Note 'prepare_acls()' is a placeholder for the complex steps
it is doing to prepare the directory. During these steps
we have the problem that other clients already see
the directory and are able to create files or subdirectories
in it and these may not inherit the correct acls as
the their parent directory is not created completely.

I think I found a good strategie even without relying on
renameat2(RENAME_NOREPLACE).

We would do this instead:

tmp_name = ".::TMPNAME:D:$PID:client_name"
mkdirat(tmp_name, mode=client_mode);
prepare_acls(tmp_name);
mkdirat(client_name, mode=0);
if (EEXIST) {
   unlinkat(tmp_name);
   return EEXIST;
}
renameat(tmp_name, client_name);

So instead of having a long windows during prepare_acls,
we just have a short window between mkdirat(client_name, mode=0)
and renameat(tmp_name, client_name);
And in that short window the directory with the client_name
has a mode of 0, so it's not possible for other clients
to create files or subdirs in it.

As the mkdirat(client_name, mode=0) still catches
EEXIST the race where two clients try to create
the same client_name is closed as before,
so we don't need any other protection.

Following patches will make use of renameat2(RENAME_NOREPLACE),
but this already a very good improvement.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
f9d7a930f0 s4:torture/smb2: add smb2.create.mkdir-visible
This reproduces a race where one client creates
a directory and other clients see it before
the directory is fully setup including the correct
permissions and similar things.

We have a DENY ACE for SEC_DIR_ADD_FILE, which means
that files can't be created. This is set on
a base directory 'mkdir_visible'.

Then we have a lot of async loops trying to create
a file called 'mkdir_visible\dir\file_NR'. These loop
as fast as possible expecting OBJECT_PATH_NOT_FOUND,
because 'mkdir_visible\dir' is not there.

Then we send a create for 'mkdir_visible\dir' and
expect that to work.

This should turn the 'mkdir_visible\dir\file_NR' loop
into getting ACCESS_DENIED, because the
DENY ACE for SEC_DIR_ADD_FILE should be inherited
before 'mkdir_visible\dir' is visible to other clients.

Because of the complex steps in mkdir_internal(),
smbd allows the creation 'mkdir_visible\dir\file_NR',
as 'mkdir_visible\dir' is already visible after the
mkdirat(), before the DENY ACE is inherited.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
4df1bfd070 s3:smb2_server: return NT_STATUS_NETWORK_SESSION_EXPIRED for compound requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 13 22:29:28 UTC 2024 on atb-devel-224
2024-08-13 22:29:28 +00:00
Stefan Metzmacher
f6009aa73b s4:torture/smb2: let smb2.session.expire2* also check compound requests
This shows that all compound related requests should get
NT_STATUS_NETWORK_SESSION_EXPIRED.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-08-13 21:13:33 +00:00
Volker Lendecke
b5a128685e tests: Test parametric per-user syntax for hide/veto files
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-31 08:39:29 +00:00
Pavel Filipenský
6a97f8e16d selftest: Add tests for keytab update in clustered samba
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
be29fe50ad selftest: setup clusteredmember with kerberos, change dependency to "ad_dc"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
c76727b3c7 selftest: Rename nt4_dc_vars -> dcvars in setup_clusteredmember
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
aff928268a selftest: Add "sync machine password to keytab" to env. ad_member_idmap_nss
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Ralph Boehme
89a26b50f4 CI: add a test for per-user (and per-group) veto files
Not adding a specific test for per-user hide files as that uses the exact same
mechanism as the per-user veto files.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 10:06:31 +00:00
Ralph Boehme
2f273a5085 selftest: add groups "group1" and "group2" to Samba3
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 10:06:30 +00:00
Ralph Boehme
a1c1057f62 selftest: remove net groupmap delete stuff
Likely not needed anymore since we now cleanup the fileserver env.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 10:06:30 +00:00
Ralph Boehme
5160da2997 selftest: ensure the "fileserver" test environment is removed before provisioning
This was likely taken by copy/paste from somewhere else where it might have made
sense.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 10:06:30 +00:00
Ralph Boehme
a1d5df4203 selftest: setup "fileserver" testenv specific directories after calling provision()
This ensures provision() can remove st/fileserver/* from previous runs.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 10:06:30 +00:00
Ralph Boehme
2cd9da518d selftest: setup "simpleserver" testenv specific directories after calling provision()
This ensures provision() can remove st/simpleserver/* from previous runs.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 10:06:30 +00:00
Ralph Boehme
25ff9e5963 selftest: remove check for $no_delete_prefix
provision_ctdb() was always called with $no_delete_prefix undefined
from  setup_ctdb(), so we can just remove the check.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 10:06:30 +00:00
Jo Sutton
97677b1588 selftest: Move MIT Kerberos knownfails to separate files in their own directory
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jo Sutton <jsutton@samba.org>
Autobuild-Date(master): Tue Jul 23 23:47:43 UTC 2024 on atb-devel-224
2024-07-23 23:47:43 +00:00
Jo Sutton
198b6e3fc5 selftest: Move Heimdal Kerberos knownfails to separate files in their own directory
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-07-23 22:42:39 +00:00
Jo Sutton
f7cb87cb55 selftest: Consolidate MIT Kerberos knownfails into a single file
There is no longer any meaningful distinction between the two files.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-07-23 22:42:39 +00:00
Stefan Metzmacher
6481fab912 selftest:Samba3: don't use PAM_WRAPPER_KEEP_DIR and PAM_WRAPPER_DEBUGLEVEL
They are both only for debugging problems.

In normal runs we don't need them and this avoids leaving to many
/tmp/pam.* directories arround.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-07-23 12:44:32 +00:00
Andreas Schneider
88f49f1861 selftest: Remove samba4.rpc.lsa.forest.trust from knownfail
The test needs --option="torture:Forest_Trust_Dom2_Binding=..." in order
to be useful, so the skip is correct, but the knownfail entry should
have been removed with e5163dfd57.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-18 11:27:38 +00:00
Stefan Metzmacher
687139144a s3:auth: allow real plaintext authentication
In standalone setups we use the PAM stack to verify
the plaintext authentication, so we need to pass it
down...

There are still production systems out there
(legacy audio/video recording systems...)
using this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 17 11:17:54 UTC 2024 on atb-devel-224
2024-07-17 11:17:54 +00:00
Stefan Metzmacher
66e9d3fe01 selftest: setup pam_matrix in the simpleserver env
This allows testing a plaintext password authentication
on a standalone server using the PAM stack to verify it.

There are still production systems out in the wild using this...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-07-17 10:12:36 +00:00
Stefan Metzmacher
9afe7b7a0f s3:passdb: don't clear the LM HASH without a password change
Updating things like the bad pwd count should not clear the
stored LM HASH with 'lanman auth = no'.

This allows testing with 'lanman auth = no' and 'lanman auth = yes'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-07-17 10:12:36 +00:00
Stefan Metzmacher
8e35933ceb s3:selftest: add samba3.blackbox.smb1_lanman_plaintext tests
This demonstrates that we currently have problems with
plaintext and lanman authentication. In both domain member
and standalone setups.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-07-17 10:12:36 +00:00
Stefan Metzmacher
f7574a5922 selftest:Samba3: allow lanman auth in setup_nt4_member
Note that the LM HASH is only generated for passwords
up to 14 characters...

We use extra_options_before_inject in order to
allow overriding any existing parameter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-07-17 10:12:36 +00:00
Stefan Metzmacher
1e21b99b64 selftest:Samba3: add simpleserver globals before include = global_inject.conf
This allows overriding any existing parameter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-07-17 10:12:36 +00:00
Volker Lendecke
cd7889deb8 smbd: Report sockets as NFS style reparse points
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-07-12 20:35:34 +00:00
Volker Lendecke
1b9f1690c4 tests: Sockets should be shown as NFS reparse points
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-07-12 20:35:34 +00:00
Volker Lendecke
57b6a8539f smbd: Report FIFOs as NFS style reparse points
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-07-12 20:35:34 +00:00
Volker Lendecke
597f785620 tests: FIFOs should be shown as NFS reparse points
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-07-12 20:35:34 +00:00
Douglas Bagnall
8684368541 cmdline:burn: list commands to always burn; warn on unknown
We burn arguments to all unknown options containing "pass" (e.g.
"--passionate=false") in case they are a password option, but is bad
in the case where the unknown option takes no argument but the next
option *is* a password (like "--overpass --password2 barney". In that
case "--password2" would be burnt and not "barney".

The burning behaviour doesn't change with this commit, but users will now
see an error message explaining that the option was unknown. This is not
so much aimed at end users -- for who an invalid option will hopefully
lead to --help like output -- but to developers who add a new "pass"
option.

This also slightly speeds up the processing of known password options,
which is a little bit important because we are in a race to replace the
command line in /proc before an attacker sees it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224
2024-07-10 06:28:08 +00:00
Douglas Bagnall
d2b119e34b cmdline: samba-tool test for bad option warning
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-07-10 05:22:40 +00:00
Douglas Bagnall
63a83fb7bb cmdline:burn: explicitly burn --username
This is the long form of -U in samba-tool.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-07-03 01:35:31 +00:00
Douglas Bagnall
c4df89e964 cmdline: test_cmdline tests more burning
We have more secret arguments, like --client-password, --adminpass,
so we are going to use an allowlist for options containing 'pass', but
we don't want to burn the likes of --group=passionfruit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-07-03 01:35:31 +00:00
Douglas Bagnall
53a1184525 cmdline:burn: handle arguments separated from their --options
We weren't treating "--password secret" the same as "--password=secret",
which sometimes led to secrets not being redacted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-07-03 01:35:31 +00:00
Douglas Bagnall
05128a1f5f cmdline:tests: extend cmdline_burn tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-07-03 01:35:31 +00:00