[SCM] Samba Shared Repository - branch v4-19-test updated
Jule Anger
janger at samba.org
Tue Jul 23 08:44:01 UTC 2024
The branch, v4-19-test has been updated
via 2b35eab717b cmdline:burn: list commands to always burn; warn on unknown
via 0c6749b1268 cmdline: samba-tool test for bad option warning
via e35d6aeb4eb cmdline:burn: add a note about short option combinations
via bfdd8d17d00 cmdline:burn: explicitly burn --username
via 0c7a0ff715d cmdline:burn: use allowlist to ensure more passwords burn
via ae462aa71af cmdline: test_cmdline tests more burning
via c01499cde1a cmdline:burn: do not burn options starting --user-*, --password-*
via 83de4276f06 cmdline:burn: localise some variables
via 0285ea8c1ea cmdline:burn: always return true if burnt
via d87b5a9723f cmdline:burn: handle arguments separated from their --options
via 22a6e45541c cmdline:burn: do not retain false memories
via 245fe4d5018 cmdline:tests: extend cmdline_burn tests
via 0b94b86f350 selftest: run the cmdline tests that we already have
via efd989ac3e0 cmdline:burn: '-U' does not imply secrets without '%'
via bd365f688db docs-xml:manpages: allow for longer version strings
from 63c8ed2a386 .gitlab-ci-main.yml: Add safe.directory '*'
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test
- Log -----------------------------------------------------------------
commit 2b35eab717b9d9f99c0697ad71dd9057d749d91f
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jul 5 14:31:58 2024 +1200
cmdline:burn: list commands to always burn; warn on unknown
We burn arguments to all unknown options containing "pass" (e.g.
"--passionate=false") in case they are a password option, but is bad
in the case where the unknown option takes no argument but the next
option *is* a password (like "--overpass --password2 barney". In that
case "--password2" would be burnt and not "barney".
The burning behaviour doesn't change with this commit, but users will now
see an error message explaining that the option was unknown. This is not
so much aimed at end users -- for who an invalid option will hopefully
lead to --help like output -- but to developers who add a new "pass"
option.
This also slightly speeds up the processing of known password options,
which is a little bit important because we are in a race to replace the
command line in /proc before an attacker sees it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224
(cherry picked from commit 86843685419921e28c37f3c1b33011f14940e02f)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Jul 23 08:43:59 UTC 2024 on atb-devel-224
commit 0c6749b12686d154a765055f08c6a66a971ced4e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jul 5 16:13:04 2024 +1200
cmdline: samba-tool test for bad option warning
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
(cherry picked from commit d2b119e34b4e523a3bc6699e4d8a370bf8403d0b)
commit e35d6aeb4eb2a926dea0cf3f7e210553469deeb3
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jul 3 11:50:43 2024 +1200
cmdline:burn: add a note about short option combinations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 97be45f9ea3410392cd37eab5cfafd3ad00cfe57)
commit bfdd8d17d00d3bde92a118eb7e3d7a77e1e03989
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jul 3 11:23:36 2024 +1200
cmdline:burn: explicitly burn --username
This is the long form of -U in samba-tool.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
(cherry picked from commit 63a83fb7bb312731047f361f89766e0be492f83e)
commit 0c7a0ff715d105f9746e7e92e5f00cac41a8f23e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Jun 29 13:44:46 2024 +1200
cmdline:burn: use allowlist to ensure more passwords burn
We treat any option containing 'pass' with suspicion, unless we know it
is OK.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f1fbba6dc609590854c0d7c5e72b58fabc356695)
commit ae462aa71afd5322e22c147a7d8a56a9ef48e286
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Jun 29 13:43:03 2024 +1200
cmdline: test_cmdline tests more burning
We have more secret arguments, like --client-password, --adminpass,
so we are going to use an allowlist for options containing 'pass', but
we don't want to burn the likes of --group=passionfruit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit c4df89e9640c1306aa390cdacaa974c870c3f5bb)
commit c01499cde1ae6589b94d02763911d730ad515b69
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Jun 29 11:30:19 2024 +1200
cmdline:burn: do not burn options starting --user-*, --password-*
We have options that start with --user or --password that we don't
want to burn. Some grepping says:
2 --user1
1 --user2
10 --user-allowed-to-authenticate-from
6 --user-allowed-to-authenticate-to
2 --user-allow-ntlm-auth
25 --user-authentication-policy
1 --user-config
4 --user-domgroups
5 --user-ext-name
2 --user-groups
6 --user-info
27 --username
1 --username2
2 --userou
1 --users
2 --user-sidinfo
6 --user-sids
14 --user-tgt-lifetime-mins
2 --password2
118 --password-file
2 --password-from-stdin
# from here, grepping for strings around POPT_ constants
5 "user"
2 "user1"
2 "user2"
1 "userd"
1 "user-domgroups"
1 "user-groups"
1 "user-info"
2 "username"
1 "user-sidinfo"
1 "user-sids"
1 passwordd
4 "password"
Not all of these use lib/cmdline, but I think most do, via Python
which defers to cmdline_burn().
Note that there are options we should burn that aren't on this list,
like --adminpass. That's another matter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 6effed31899a1be8194a851e5a4023276b8a5f38)
commit 83de4276f06618ea35dedd2ec6d108dced0bb310
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 16:33:16 2024 +1200
cmdline:burn: localise some variables
As this function increases in complexity, it helps to keep things close.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f5233ddf974f9649d8a12b151b6843412eab489c)
commit 0285ea8c1ea3b4f80aab78187a2437b7aed4903c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 16:03:30 2024 +1200
cmdline:burn: always return true if burnt
Before we have been trying to cram three cases into a boolean return
value:
* cmdline had secrets, we burnt them -> true
* cmdline had no secrets, all good -> false
* cmdline has NULL string, WTF! emergency! -> false
This return value is only used by Python which wants to know whether to
go to the trouble of replacing the command line. If samba_cmdline_burn()
returns false, no action is taken.
If samba_cmdline_burn() burns a password and then hits a NULL, it would
be better not to do nothing. It would be better to crash. And that is
what Python will end up doing, by some talloc returning NULL triggering
a MemoryError.
What about the case like {"--foo", NULL, "-Ua%b"} where the secret comes
after the NULL? That will still be ignored by Python, as it is by all C
tools, but we are hoping that can't happen anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit d3d8dffc0212662456a6251baee5afd432160fa2)
commit d87b5a9723f25daa98cba6277be57fa71456057e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 15:40:16 2024 +1200
cmdline:burn: handle arguments separated from their --options
We weren't treating "--password secret" the same as "--password=secret",
which sometimes led to secrets not being redacted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 53a1184525279741e116350a9b53da15cb2f41d0)
commit 22a6e45541cf489b07bb81560d3fb700bf68673a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 15:20:27 2024 +1200
cmdline:burn: do not retain false memories
If argv contains a secret option without an '=' (or in the case of
"-U", the username is separated by space), we will get to the
`if (strlen(p) == ulen) { continue; }` without resetting the found
and is_user variables. This *sometimes* has the right effect, because
the next string in argv ought to contain the secret.
But in a case like {"--password", "1234567890"}, where the secret
string is the same length as the option, we *again* take that branch
and the password is not redacted, though the argument after it will be
unless it is also of the same length.
If we always set the flags at the start we avoid this. This makes
things worse in the short term for secrets that are not the same
length as their options, but we'll get to that in another commit soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 2f6020cf3dadf484251701040e09a10fba2f644e)
commit 245fe4d50183671771986fd66ae7cc8b404720ed
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 15:05:03 2024 +1200
cmdline:tests: extend cmdline_burn tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 05128a1f5f17c55a8d8da42c6c52c4235adf36d4)
commit 0b94b86f3505c7e963d78f2987e10ce0ef3487a4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 17:04:47 2024 +1200
selftest: run the cmdline tests that we already have
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f17a2b1b25f2ffa5e3caeb8f81101e66b843cc29)
[jsutton at samba.org Fixed conflict in selftest/tests.py]
commit efd989ac3e0730b54a6812ee8426da7ea4cbc581
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jun 21 09:21:43 2024 +1200
cmdline:burn: '-U' does not imply secrets without '%'
We return true from this function when a secret has been erased,
and were accidentally treating as if it had secrets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15671
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f3b240da5c209a51fa43de23e8ecfea2f32bbfd5)
commit bd365f688dbef2f295f27c2cf78bb7050bff590c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jun 21 11:29:36 2024 +1200
docs-xml:manpages: allow for longer version strings
The default value (30) truncates "Samba 4.21.0pre1-DEVELOPERBUILD" to
"Samba 4.21.0pre1-DEVELOPE" in the bottom left corner of the man page.
("Samba 4.21.0pre1-DEVELOPE" is only 25 bytes long, not 30, but let's
not worry about that).
On narrow terminals (< ~75 columns) this makes it more likely that
the version string will run into the date string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15672
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 7fb38aee129789cce28ddf54bd7234f8c5f57d97)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/xslt/man.xsl | 3 +
lib/cmdline/cmdline.c | 217 ++++++++++++++++++++++++++++++----
lib/cmdline/tests/test_cmdline.c | 54 +++++++--
python/samba/tests/samba_tool/help.py | 9 ++
selftest/tests.py | 3 +
5 files changed, 254 insertions(+), 32 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/xslt/man.xsl b/docs-xml/xslt/man.xsl
index e252b56d5e5..a1870079ba6 100644
--- a/docs-xml/xslt/man.xsl
+++ b/docs-xml/xslt/man.xsl
@@ -11,6 +11,9 @@
<xsl:param name="use.id.as.filename" select="1"/>
<xsl:param name="man.endnotes.are.numbered" select="0"/>
+<!-- make room for long version numbers -->
+<xsl:param name="man.th.extra2.max.length">40</xsl:param>
+
<!--
Our ulink stylesheet omits @url part if content was specified
-->
diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index db962146bd2..e3e068a11b6 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -135,63 +135,230 @@ void samba_cmdline_set_machine_account_fn(
cli_credentials_set_machine_account_fn = fn;
}
+/*
+ * Are the strings p and option equal from the point of view of option
+ * parsing, meaning is the next character '\0' or '='.
+ */
+static bool strneq_cmdline_exact(const char *p, const char *option, size_t len)
+{
+ if (strncmp(p, option, len) == 0) {
+ if (p[len] == 0 || p[len] == '=') {
+ return true;
+ }
+ }
+ return false;
+}
+
+/*
+ * Return true if the argument to the option should be redacted.
+ *
+ * The option name is presumed to contain the substring "pass". It is checked
+ * against a list of options that specify secrets. If it is there, the value
+ * should be redacted and we return early.
+ *
+ * Otherwise, it is checked against a list of known safe options. If it is
+ * there, we return false.
+ *
+ * If the option is not in either list, we assume it might be secret and
+ * redact the argument, but warn loadly about it. The hope is that developers
+ * will see what they're doing and add the option to the appropriate list.
+ *
+ * If true is returned, *ulen will be set to the apparent length of the
+ * option. It is set to zero if false is returned (we don't need it in that
+ * case).
+ */
+static bool is_password_option(const char *p, size_t *ulen)
+{
+ size_t i, len;
+ static const char *must_burn[] = {
+ "--password",
+ "--newpassword",
+ "--password2",
+ "--adminpass",
+ "--dnspass",
+ "--machinepass",
+ "--krbtgtpass",
+ "--fixed-password",
+ };
+ static const char *allowed[] = {
+ "--bad-password-count-reset",
+ "--badpassword-frequency",
+ "--change-user-password",
+ "--force-initialized-passwords",
+ "--machine-pass", /* distinct from --machinepass */
+ "--managed-password-interval",
+ "--no-pass",
+ "--no-pass2",
+ "--no-passthrough",
+ "--no-password",
+ "--passcmd",
+ "--passwd",
+ "--passwd_path",
+ "--password-file",
+ "--password-from-stdin",
+ "--random-password",
+ "--smbpasswd-style",
+ "--strip-passed-output",
+ "--with-smbpasswd-file",
+ };
+
+ char *equals = NULL;
+ *ulen = 0;
+
+ for (i = 0; i < ARRAY_SIZE(must_burn); i++) {
+ bool secret;
+ len = strlen(must_burn[i]);
+ secret = strneq_cmdline_exact(p, must_burn[i], len);
+ if (secret) {
+ *ulen = len;
+ return true;
+ }
+ }
+
+ for (i = 0; i < ARRAY_SIZE(allowed); i++) {
+ bool safe;
+ len = strlen(allowed[i]);
+ safe = strneq_cmdline_exact(p, allowed[i], len);
+ if (safe) {
+ return false;
+ }
+ }
+ /*
+ * We have found a suspicious option, and we need to work out where to
+ * burn it from. It could be
+ *
+ * --secret-password=cow -> password after '='
+ * --secret-password -> password is in next argument.
+ *
+ * but we also have the possibility of
+ *
+ * --cow=secret-password
+ *
+ * that is, the 'pass' in this option string is not in the option but
+ * the argument to it, which should not be burnt.
+ */
+ equals = strchr(p, '=');
+ if (equals == NULL) {
+ *ulen = strlen(p);
+ } else {
+ char *pass = (strstr(p, "pass"));
+ if (pass > equals) {
+ /* this is --foo=pass, not --pass=foo */
+ return false;
+ }
+ *ulen = equals - p;
+ }
+ /*
+ * This message will be seen with Python tools when an option
+ * is misspelt, but not with C tools, because in C burning
+ * happens after the command line is parsed, while in Python
+ * it happens before (on a copy of argv).
+ *
+ * In either case it will appear for a newly added option, and
+ * we hope developers will notice it before pushing.
+ */
+ DBG_ERR("\nNote for developers: if '%*s' is not misspelt, it should be "
+ "added to the appropriate list in is_password_option().\n\n",
+ (int)(*ulen), p);
+ return true;
+}
+
bool samba_cmdline_burn(int argc, char *argv[])
{
bool burnt = false;
- bool found = false;
- bool is_user = false;
- char *p = NULL;
int i;
- size_t ulen = 0;
for (i = 0; i < argc; i++) {
+ bool found = false;
+ bool is_user = false;
+ size_t ulen = 0;
+ char *p = NULL;
+
p = argv[i];
if (p == NULL) {
- return false;
+ return burnt;
}
- /*
- * Take care that this list must be in longest-match
- * first order
- */
if (strncmp(p, "-U", 2) == 0) {
+ /*
+ * Note: this won't catch combinations of
+ * short options like
+ * `samba-tool -NUAdministrator%...`, which is
+ * not possible in general outside of the
+ * actual parser (consider for example
+ * `-NHUroot%password`, which parses as
+ * `-N -H 'Uroot%password'`). We don't know
+ * here which short options might take
+ * arguments.
+ *
+ * This is an argument for embedding redaction
+ * inside the parser (e.g. by adding a flag to
+ * the option definitions), but we decided not
+ * to do that in order to share cmdline_burn().
+ */
ulen = 2;
found = true;
is_user = true;
- } else if (strncmp(p, "--user", 6) == 0) {
+ } else if (strneq_cmdline_exact(p, "--user", 6)) {
ulen = 6;
found = true;
is_user = true;
- } else if (strncmp(p, "--password2", 11) == 0) {
- ulen = 11;
- found = true;
- } else if (strncmp(p, "--password", 10) == 0) {
+ } else if (strneq_cmdline_exact(p, "--username", 10)) {
ulen = 10;
found = true;
- } else if (strncmp(p, "--newpassword", 13) == 0) {
- ulen = 13;
- found = true;
+ is_user = true;
+ } else if (strncmp(p, "--", 2) == 0 && strstr(p, "pass")) {
+ /*
+ * We have many secret options like --password,
+ * --adminpass, --newpassword, and we could easily
+ * add more, so we will use an allowlist to let the
+ * safe ones through (of which there are also many).
+ */
+ found = is_password_option(p, &ulen);
}
if (found) {
- char *q = NULL;
-
if (strlen(p) == ulen) {
- continue;
+ /*
+ * The option string has no '=', so
+ * its argument will come in the NEXT
+ * argv member. If there is one, we
+ * can just step forward and take it,
+ * setting ulen to 0.
+ *
+ * {"--password=secret"} --> {"--password"}
+ * {"--password", "secret"} --> {"--password", ""}
+ * {"-Uadmin%secret"} --> {"-Uadmin"}
+ * {"-U", "admin%secret"} --> {"-U", "admin"}
+ */
+ i++;
+ if (i == argc) {
+ /*
+ * this looks like an invalid
+ * command line, but that's
+ * for the caller to decide.
+ */
+ return burnt;
+ }
+ p = argv[i];
+ if (p == NULL) {
+ return burnt;
+ }
+ ulen = 0;
}
if (is_user) {
- q = strchr_m(p, '%');
- if (q != NULL) {
- p = q;
+ char *q = strchr_m(p, '%');
+ if (q == NULL) {
+ /* -U without '%' has no secret */
+ continue;
}
+ p = q;
} else {
p += ulen;
}
memset_s(p, strlen(p), '\0', strlen(p));
- found = false;
- is_user = false;
burnt = true;
}
}
diff --git a/lib/cmdline/tests/test_cmdline.c b/lib/cmdline/tests/test_cmdline.c
index 16dd09c63fa..f9733546288 100644
--- a/lib/cmdline/tests/test_cmdline.c
+++ b/lib/cmdline/tests/test_cmdline.c
@@ -24,6 +24,7 @@
#include <cmocka.h>
#include <time.h>
#include <sys/time.h>
+#include "replace.h"
#include "lib/cmdline/cmdline.h"
@@ -61,20 +62,59 @@ static void torture_cmdline_sanity_check_bad(void **state)
static void torture_cmdline_burn(void **state)
{
+ /* arg1 would require -U' Administrator%secret' */
char arg1[] = "-U Administrator%secret";
- char arg2[] = "--user=Administrator%secret";
- char arg3[] = "--user=Administrator%super%secret";
- char arg4[] = "--password=super%secret";
+ char arg2[] = "--no-no-no-not-secret=not%secret";
+ char arg3[] = "--user=Administrator%secret";
+ char arg4[] = "--user=Administrator%super%secret";
+ char arg5[] = "--password=super%secret";
+ char arg6[] = "--no-no-no-not-secret=not%secret";
+ char arg7[] = "-U";
+ char arg8[] = "fish%chips";
+ char arg9[] = "--password";
+ char arg10[] = "fish%chips";
+ char arg11[] = "--password2";
+ char arg12[] = "fish%chips";
+ char arg13[] = "--username=Admonisher % secretest";
+ /*
+ * The next two are not used in samba (--client-password
+ * appears in a Heimdal script that won't use lib/cmdline even
+ * if built) and are burnt by virtue of not being in the allow
+ * list.
+ */
+ char arg14[] = "--client-password=bean stew";
+ char arg15[] = "--enpassant="; /* like --enpassant='', no effect on affect next arg */
+ char arg16[] = "bean";
+ char arg17[] = "--bean=password";
+ char arg18[] = "--name";
+ char arg19[] = "Compass Alompass";
- char *argv[] = { arg1, arg2, arg3, arg4, NULL };
- int argc = 4;
+ char *argv[] = { arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8,
+ arg9, arg10, arg11, arg12, arg13, arg14, arg15, arg16, arg17,
+ arg18, arg19, NULL };
+ int argc = ARRAY_SIZE(argv) - 1;
samba_cmdline_burn(argc, argv);
assert_string_equal(arg1, "-U Administrator");
- assert_string_equal(arg2, "--user=Administrator");
+ assert_string_equal(arg2, "--no-no-no-not-secret=not%secret");
assert_string_equal(arg3, "--user=Administrator");
- assert_string_equal(arg4, "--password");
+ assert_string_equal(arg4, "--user=Administrator");
+ assert_string_equal(arg5, "--password");
+ assert_string_equal(arg6, "--no-no-no-not-secret=not%secret");
+ assert_string_equal(arg7, "-U");
+ assert_string_equal(arg8, "fish");
+ assert_string_equal(arg9, "--password");
+ assert_string_equal(arg10, "");
+ assert_string_equal(arg11, "--password2");
+ assert_string_equal(arg12, "");
+ assert_string_equal(arg13, "--username=Admonisher ");
+ assert_string_equal(arg14, "--client-password");
+ assert_string_equal(arg15, "--enpassant");
+ assert_string_equal(arg16, "bean");
+ assert_string_equal(arg17, "--bean=password");
+ assert_string_equal(arg18, "--name");
+ assert_string_equal(arg19, "Compass Alompass");
}
int main(int argc, char *argv[])
diff --git a/python/samba/tests/samba_tool/help.py b/python/samba/tests/samba_tool/help.py
index fa7836d8432..16eb6b74c5d 100644
--- a/python/samba/tests/samba_tool/help.py
+++ b/python/samba/tests/samba_tool/help.py
@@ -79,3 +79,12 @@ class HelpTestCase(SambaToolCmdTest):
known_commands = new_commands
self.assertEqual(failed_commands, [])
+
+ def test_bad_password_option(self):
+ """Do we get a warning with an invalid --pass option?"""
+ (result, out, err) = self.run_command(["samba-tool",
+ "processes",
+ "--pass-the-salt-please",
+ "pleeease"])
+ self.assertIn("if '--pass-the-salt-please' is not misspelt", err)
+ self.assertIn("the appropriate list in is_password_option", err)
diff --git a/selftest/tests.py b/selftest/tests.py
index 76950f447eb..deb3c0be377 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -487,3 +487,6 @@ plantestsuite("samba.unittests.compression.lzxpress_huffman", "none",
plantestsuite("samba.unittests.compression.lzxpress_plain", "none",
[os.path.join(bindir(),
"default/lib/compression/test_lzxpress_plain")])
+
+plantestsuite("samba.unittests.cmdline", "none",
+ [os.path.join(bindir(), "test_cmdline")])
--
Samba Shared Repository
More information about the samba-cvs
mailing list