[SCM] Samba Shared Repository - branch v4-20-test updated
Jule Anger
janger at samba.org
Tue Jul 23 08:57:02 UTC 2024
The branch, v4-20-test has been updated
via 4cf9af9186d s3:printing: Allow to run samba-bgqd as a standalone systemd service
via d6f010090ce cmdline:burn: list commands to always burn; warn on unknown
via 93d345467e7 cmdline: samba-tool test for bad option warning
via 957654ebe9d cmdline:burn: add a note about short option combinations
via 8560c854d4c cmdline:burn: explicitly burn --username
via 481eb6ab31e cmdline:burn: use allowlist to ensure more passwords burn
via 6bcdbdab57c cmdline: test_cmdline tests more burning
via 0d89d09674a cmdline:burn: do not burn options starting --user-*, --password-*
via 66da23459f5 cmdline:burn: localise some variables
via 1315b61e1fb cmdline:burn: always return true if burnt
via 916d5bde84a cmdline:burn: handle arguments separated from their --options
via 25329b38634 cmdline:burn: do not retain false memories
via f900e532c3d cmdline:tests: extend cmdline_burn tests
via 9cbb5bdd333 selftest: run the cmdline tests that we already have
via 5d99875ba0f cmdline:burn: '-U' does not imply secrets without '%'
via 73207ff834f docs-xml:manpages: allow for longer version strings
from f5920ceea32 .gitlab-ci-main.yml: Add safe.directory '*'
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -----------------------------------------------------------------
commit 4cf9af9186d7829f11bd07c7d6e526a51dcf0d61
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 12 14:18:26 2024 +0200
s3:printing: Allow to run samba-bgqd as a standalone systemd service
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15683
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 0a532378322661b23b3393eb2ebde29402a16e62)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Tue Jul 23 08:56:24 UTC 2024 on atb-devel-224
commit d6f010090ce0abe4276a78f585208e9d02650568
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jul 5 14:31:58 2024 +1200
cmdline:burn: list commands to always burn; warn on unknown
We burn arguments to all unknown options containing "pass" (e.g.
"--passionate=false") in case they are a password option, but is bad
in the case where the unknown option takes no argument but the next
option *is* a password (like "--overpass --password2 barney". In that
case "--password2" would be burnt and not "barney".
The burning behaviour doesn't change with this commit, but users will now
see an error message explaining that the option was unknown. This is not
so much aimed at end users -- for who an invalid option will hopefully
lead to --help like output -- but to developers who add a new "pass"
option.
This also slightly speeds up the processing of known password options,
which is a little bit important because we are in a race to replace the
command line in /proc before an attacker sees it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224
(cherry picked from commit 86843685419921e28c37f3c1b33011f14940e02f)
commit 93d345467e7276b9a234aeaf71f496ef6fdd7d22
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jul 5 16:13:04 2024 +1200
cmdline: samba-tool test for bad option warning
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
(cherry picked from commit d2b119e34b4e523a3bc6699e4d8a370bf8403d0b)
commit 957654ebe9d2811d169f299bd60a646474dbd909
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jul 3 11:50:43 2024 +1200
cmdline:burn: add a note about short option combinations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 97be45f9ea3410392cd37eab5cfafd3ad00cfe57)
commit 8560c854d4c0dc4c0a4fccccdc072a7e358162e7
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jul 3 11:23:36 2024 +1200
cmdline:burn: explicitly burn --username
This is the long form of -U in samba-tool.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
(cherry picked from commit 63a83fb7bb312731047f361f89766e0be492f83e)
commit 481eb6ab31edf537292d3867ee3263e54b1fca80
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Jun 29 13:44:46 2024 +1200
cmdline:burn: use allowlist to ensure more passwords burn
We treat any option containing 'pass' with suspicion, unless we know it
is OK.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f1fbba6dc609590854c0d7c5e72b58fabc356695)
commit 6bcdbdab57c625c2c279bcd3253e1eecb2b00389
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Jun 29 13:43:03 2024 +1200
cmdline: test_cmdline tests more burning
We have more secret arguments, like --client-password, --adminpass,
so we are going to use an allowlist for options containing 'pass', but
we don't want to burn the likes of --group=passionfruit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit c4df89e9640c1306aa390cdacaa974c870c3f5bb)
commit 0d89d09674a7033062d0b4697d208e3e471c0dc1
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Jun 29 11:30:19 2024 +1200
cmdline:burn: do not burn options starting --user-*, --password-*
We have options that start with --user or --password that we don't
want to burn. Some grepping says:
2 --user1
1 --user2
10 --user-allowed-to-authenticate-from
6 --user-allowed-to-authenticate-to
2 --user-allow-ntlm-auth
25 --user-authentication-policy
1 --user-config
4 --user-domgroups
5 --user-ext-name
2 --user-groups
6 --user-info
27 --username
1 --username2
2 --userou
1 --users
2 --user-sidinfo
6 --user-sids
14 --user-tgt-lifetime-mins
2 --password2
118 --password-file
2 --password-from-stdin
# from here, grepping for strings around POPT_ constants
5 "user"
2 "user1"
2 "user2"
1 "userd"
1 "user-domgroups"
1 "user-groups"
1 "user-info"
2 "username"
1 "user-sidinfo"
1 "user-sids"
1 passwordd
4 "password"
Not all of these use lib/cmdline, but I think most do, via Python
which defers to cmdline_burn().
Note that there are options we should burn that aren't on this list,
like --adminpass. That's another matter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 6effed31899a1be8194a851e5a4023276b8a5f38)
commit 66da23459f561d56a7a7cdc470c6a8b932faa5d6
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 16:33:16 2024 +1200
cmdline:burn: localise some variables
As this function increases in complexity, it helps to keep things close.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f5233ddf974f9649d8a12b151b6843412eab489c)
commit 1315b61e1fb99d3ec8ee50718ef656b02ac4cb43
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 16:03:30 2024 +1200
cmdline:burn: always return true if burnt
Before we have been trying to cram three cases into a boolean return
value:
* cmdline had secrets, we burnt them -> true
* cmdline had no secrets, all good -> false
* cmdline has NULL string, WTF! emergency! -> false
This return value is only used by Python which wants to know whether to
go to the trouble of replacing the command line. If samba_cmdline_burn()
returns false, no action is taken.
If samba_cmdline_burn() burns a password and then hits a NULL, it would
be better not to do nothing. It would be better to crash. And that is
what Python will end up doing, by some talloc returning NULL triggering
a MemoryError.
What about the case like {"--foo", NULL, "-Ua%b"} where the secret comes
after the NULL? That will still be ignored by Python, as it is by all C
tools, but we are hoping that can't happen anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit d3d8dffc0212662456a6251baee5afd432160fa2)
commit 916d5bde84a35a98c0c0fd2de8de17fbd34dcf34
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 15:40:16 2024 +1200
cmdline:burn: handle arguments separated from their --options
We weren't treating "--password secret" the same as "--password=secret",
which sometimes led to secrets not being redacted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 53a1184525279741e116350a9b53da15cb2f41d0)
commit 25329b3863476106341ae043c3c7a946167e3fb0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 15:20:27 2024 +1200
cmdline:burn: do not retain false memories
If argv contains a secret option without an '=' (or in the case of
"-U", the username is separated by space), we will get to the
`if (strlen(p) == ulen) { continue; }` without resetting the found
and is_user variables. This *sometimes* has the right effect, because
the next string in argv ought to contain the secret.
But in a case like {"--password", "1234567890"}, where the secret
string is the same length as the option, we *again* take that branch
and the password is not redacted, though the argument after it will be
unless it is also of the same length.
If we always set the flags at the start we avoid this. This makes
things worse in the short term for secrets that are not the same
length as their options, but we'll get to that in another commit soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 2f6020cf3dadf484251701040e09a10fba2f644e)
commit f900e532c3d33d6abbaa54dfe46c3006b3732c93
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 15:05:03 2024 +1200
cmdline:tests: extend cmdline_burn tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 05128a1f5f17c55a8d8da42c6c52c4235adf36d4)
commit 9cbb5bdd333cdb9747681426acf9c99bb376c247
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 27 17:04:47 2024 +1200
selftest: run the cmdline tests that we already have
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f17a2b1b25f2ffa5e3caeb8f81101e66b843cc29)
commit 5d99875ba0fb14ff1e1fa64c904c94751b4db103
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jun 21 09:21:43 2024 +1200
cmdline:burn: '-U' does not imply secrets without '%'
We return true from this function when a secret has been erased,
and were accidentally treating as if it had secrets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15671
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f3b240da5c209a51fa43de23e8ecfea2f32bbfd5)
commit 73207ff834ffcb9250a88772e2da599415633f2a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jun 21 11:29:36 2024 +1200
docs-xml:manpages: allow for longer version strings
The default value (30) truncates "Samba 4.21.0pre1-DEVELOPERBUILD" to
"Samba 4.21.0pre1-DEVELOPE" in the bottom left corner of the man page.
("Samba 4.21.0pre1-DEVELOPE" is only 25 bytes long, not 30, but let's
not worry about that).
On narrow terminals (< ~75 columns) this makes it more likely that
the version string will run into the date string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15672
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 7fb38aee129789cce28ddf54bd7234f8c5f57d97)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/xslt/man.xsl | 3 +
lib/cmdline/cmdline.c | 217 ++++++++++++++++++++++++++++++----
lib/cmdline/tests/test_cmdline.c | 54 +++++++--
python/samba/tests/samba_tool/help.py | 9 ++
selftest/tests.py | 2 +
source3/printing/samba-bgqd.c | 8 +-
6 files changed, 260 insertions(+), 33 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/xslt/man.xsl b/docs-xml/xslt/man.xsl
index e252b56d5e5..a1870079ba6 100644
--- a/docs-xml/xslt/man.xsl
+++ b/docs-xml/xslt/man.xsl
@@ -11,6 +11,9 @@
<xsl:param name="use.id.as.filename" select="1"/>
<xsl:param name="man.endnotes.are.numbered" select="0"/>
+<!-- make room for long version numbers -->
+<xsl:param name="man.th.extra2.max.length">40</xsl:param>
+
<!--
Our ulink stylesheet omits @url part if content was specified
-->
diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index db962146bd2..e3e068a11b6 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -135,63 +135,230 @@ void samba_cmdline_set_machine_account_fn(
cli_credentials_set_machine_account_fn = fn;
}
+/*
+ * Are the strings p and option equal from the point of view of option
+ * parsing, meaning is the next character '\0' or '='.
+ */
+static bool strneq_cmdline_exact(const char *p, const char *option, size_t len)
+{
+ if (strncmp(p, option, len) == 0) {
+ if (p[len] == 0 || p[len] == '=') {
+ return true;
+ }
+ }
+ return false;
+}
+
+/*
+ * Return true if the argument to the option should be redacted.
+ *
+ * The option name is presumed to contain the substring "pass". It is checked
+ * against a list of options that specify secrets. If it is there, the value
+ * should be redacted and we return early.
+ *
+ * Otherwise, it is checked against a list of known safe options. If it is
+ * there, we return false.
+ *
+ * If the option is not in either list, we assume it might be secret and
+ * redact the argument, but warn loadly about it. The hope is that developers
+ * will see what they're doing and add the option to the appropriate list.
+ *
+ * If true is returned, *ulen will be set to the apparent length of the
+ * option. It is set to zero if false is returned (we don't need it in that
+ * case).
+ */
+static bool is_password_option(const char *p, size_t *ulen)
+{
+ size_t i, len;
+ static const char *must_burn[] = {
+ "--password",
+ "--newpassword",
+ "--password2",
+ "--adminpass",
+ "--dnspass",
+ "--machinepass",
+ "--krbtgtpass",
+ "--fixed-password",
+ };
+ static const char *allowed[] = {
+ "--bad-password-count-reset",
+ "--badpassword-frequency",
+ "--change-user-password",
+ "--force-initialized-passwords",
+ "--machine-pass", /* distinct from --machinepass */
+ "--managed-password-interval",
+ "--no-pass",
+ "--no-pass2",
+ "--no-passthrough",
+ "--no-password",
+ "--passcmd",
+ "--passwd",
+ "--passwd_path",
+ "--password-file",
+ "--password-from-stdin",
+ "--random-password",
+ "--smbpasswd-style",
+ "--strip-passed-output",
+ "--with-smbpasswd-file",
+ };
+
+ char *equals = NULL;
+ *ulen = 0;
+
+ for (i = 0; i < ARRAY_SIZE(must_burn); i++) {
+ bool secret;
+ len = strlen(must_burn[i]);
+ secret = strneq_cmdline_exact(p, must_burn[i], len);
+ if (secret) {
+ *ulen = len;
+ return true;
+ }
+ }
+
+ for (i = 0; i < ARRAY_SIZE(allowed); i++) {
+ bool safe;
+ len = strlen(allowed[i]);
+ safe = strneq_cmdline_exact(p, allowed[i], len);
+ if (safe) {
+ return false;
+ }
+ }
+ /*
+ * We have found a suspicious option, and we need to work out where to
+ * burn it from. It could be
+ *
+ * --secret-password=cow -> password after '='
+ * --secret-password -> password is in next argument.
+ *
+ * but we also have the possibility of
+ *
+ * --cow=secret-password
+ *
+ * that is, the 'pass' in this option string is not in the option but
+ * the argument to it, which should not be burnt.
+ */
+ equals = strchr(p, '=');
+ if (equals == NULL) {
+ *ulen = strlen(p);
+ } else {
+ char *pass = (strstr(p, "pass"));
+ if (pass > equals) {
+ /* this is --foo=pass, not --pass=foo */
+ return false;
+ }
+ *ulen = equals - p;
+ }
+ /*
+ * This message will be seen with Python tools when an option
+ * is misspelt, but not with C tools, because in C burning
+ * happens after the command line is parsed, while in Python
+ * it happens before (on a copy of argv).
+ *
+ * In either case it will appear for a newly added option, and
+ * we hope developers will notice it before pushing.
+ */
+ DBG_ERR("\nNote for developers: if '%*s' is not misspelt, it should be "
+ "added to the appropriate list in is_password_option().\n\n",
+ (int)(*ulen), p);
+ return true;
+}
+
bool samba_cmdline_burn(int argc, char *argv[])
{
bool burnt = false;
- bool found = false;
- bool is_user = false;
- char *p = NULL;
int i;
- size_t ulen = 0;
for (i = 0; i < argc; i++) {
+ bool found = false;
+ bool is_user = false;
+ size_t ulen = 0;
+ char *p = NULL;
+
p = argv[i];
if (p == NULL) {
- return false;
+ return burnt;
}
- /*
- * Take care that this list must be in longest-match
- * first order
- */
if (strncmp(p, "-U", 2) == 0) {
+ /*
+ * Note: this won't catch combinations of
+ * short options like
+ * `samba-tool -NUAdministrator%...`, which is
+ * not possible in general outside of the
+ * actual parser (consider for example
+ * `-NHUroot%password`, which parses as
+ * `-N -H 'Uroot%password'`). We don't know
+ * here which short options might take
+ * arguments.
+ *
+ * This is an argument for embedding redaction
+ * inside the parser (e.g. by adding a flag to
+ * the option definitions), but we decided not
+ * to do that in order to share cmdline_burn().
+ */
ulen = 2;
found = true;
is_user = true;
- } else if (strncmp(p, "--user", 6) == 0) {
+ } else if (strneq_cmdline_exact(p, "--user", 6)) {
ulen = 6;
found = true;
is_user = true;
- } else if (strncmp(p, "--password2", 11) == 0) {
- ulen = 11;
- found = true;
- } else if (strncmp(p, "--password", 10) == 0) {
+ } else if (strneq_cmdline_exact(p, "--username", 10)) {
ulen = 10;
found = true;
- } else if (strncmp(p, "--newpassword", 13) == 0) {
- ulen = 13;
- found = true;
+ is_user = true;
+ } else if (strncmp(p, "--", 2) == 0 && strstr(p, "pass")) {
+ /*
+ * We have many secret options like --password,
+ * --adminpass, --newpassword, and we could easily
+ * add more, so we will use an allowlist to let the
+ * safe ones through (of which there are also many).
+ */
+ found = is_password_option(p, &ulen);
}
if (found) {
- char *q = NULL;
-
if (strlen(p) == ulen) {
- continue;
+ /*
+ * The option string has no '=', so
+ * its argument will come in the NEXT
+ * argv member. If there is one, we
+ * can just step forward and take it,
+ * setting ulen to 0.
+ *
+ * {"--password=secret"} --> {"--password"}
+ * {"--password", "secret"} --> {"--password", ""}
+ * {"-Uadmin%secret"} --> {"-Uadmin"}
+ * {"-U", "admin%secret"} --> {"-U", "admin"}
+ */
+ i++;
+ if (i == argc) {
+ /*
+ * this looks like an invalid
+ * command line, but that's
+ * for the caller to decide.
+ */
+ return burnt;
+ }
+ p = argv[i];
+ if (p == NULL) {
+ return burnt;
+ }
+ ulen = 0;
}
if (is_user) {
- q = strchr_m(p, '%');
- if (q != NULL) {
- p = q;
+ char *q = strchr_m(p, '%');
+ if (q == NULL) {
+ /* -U without '%' has no secret */
+ continue;
}
+ p = q;
} else {
p += ulen;
}
memset_s(p, strlen(p), '\0', strlen(p));
- found = false;
- is_user = false;
burnt = true;
}
}
diff --git a/lib/cmdline/tests/test_cmdline.c b/lib/cmdline/tests/test_cmdline.c
index 16dd09c63fa..f9733546288 100644
--- a/lib/cmdline/tests/test_cmdline.c
+++ b/lib/cmdline/tests/test_cmdline.c
@@ -24,6 +24,7 @@
#include <cmocka.h>
#include <time.h>
#include <sys/time.h>
+#include "replace.h"
#include "lib/cmdline/cmdline.h"
@@ -61,20 +62,59 @@ static void torture_cmdline_sanity_check_bad(void **state)
static void torture_cmdline_burn(void **state)
{
+ /* arg1 would require -U' Administrator%secret' */
char arg1[] = "-U Administrator%secret";
- char arg2[] = "--user=Administrator%secret";
- char arg3[] = "--user=Administrator%super%secret";
- char arg4[] = "--password=super%secret";
+ char arg2[] = "--no-no-no-not-secret=not%secret";
+ char arg3[] = "--user=Administrator%secret";
+ char arg4[] = "--user=Administrator%super%secret";
+ char arg5[] = "--password=super%secret";
+ char arg6[] = "--no-no-no-not-secret=not%secret";
+ char arg7[] = "-U";
+ char arg8[] = "fish%chips";
+ char arg9[] = "--password";
+ char arg10[] = "fish%chips";
+ char arg11[] = "--password2";
+ char arg12[] = "fish%chips";
+ char arg13[] = "--username=Admonisher % secretest";
+ /*
+ * The next two are not used in samba (--client-password
+ * appears in a Heimdal script that won't use lib/cmdline even
+ * if built) and are burnt by virtue of not being in the allow
+ * list.
+ */
+ char arg14[] = "--client-password=bean stew";
+ char arg15[] = "--enpassant="; /* like --enpassant='', no effect on affect next arg */
+ char arg16[] = "bean";
+ char arg17[] = "--bean=password";
+ char arg18[] = "--name";
+ char arg19[] = "Compass Alompass";
- char *argv[] = { arg1, arg2, arg3, arg4, NULL };
- int argc = 4;
+ char *argv[] = { arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8,
+ arg9, arg10, arg11, arg12, arg13, arg14, arg15, arg16, arg17,
+ arg18, arg19, NULL };
+ int argc = ARRAY_SIZE(argv) - 1;
samba_cmdline_burn(argc, argv);
assert_string_equal(arg1, "-U Administrator");
- assert_string_equal(arg2, "--user=Administrator");
+ assert_string_equal(arg2, "--no-no-no-not-secret=not%secret");
assert_string_equal(arg3, "--user=Administrator");
- assert_string_equal(arg4, "--password");
+ assert_string_equal(arg4, "--user=Administrator");
+ assert_string_equal(arg5, "--password");
+ assert_string_equal(arg6, "--no-no-no-not-secret=not%secret");
+ assert_string_equal(arg7, "-U");
+ assert_string_equal(arg8, "fish");
+ assert_string_equal(arg9, "--password");
+ assert_string_equal(arg10, "");
+ assert_string_equal(arg11, "--password2");
+ assert_string_equal(arg12, "");
+ assert_string_equal(arg13, "--username=Admonisher ");
+ assert_string_equal(arg14, "--client-password");
+ assert_string_equal(arg15, "--enpassant");
+ assert_string_equal(arg16, "bean");
+ assert_string_equal(arg17, "--bean=password");
+ assert_string_equal(arg18, "--name");
+ assert_string_equal(arg19, "Compass Alompass");
}
int main(int argc, char *argv[])
diff --git a/python/samba/tests/samba_tool/help.py b/python/samba/tests/samba_tool/help.py
index fa7836d8432..16eb6b74c5d 100644
--- a/python/samba/tests/samba_tool/help.py
+++ b/python/samba/tests/samba_tool/help.py
@@ -79,3 +79,12 @@ class HelpTestCase(SambaToolCmdTest):
known_commands = new_commands
self.assertEqual(failed_commands, [])
+
+ def test_bad_password_option(self):
+ """Do we get a warning with an invalid --pass option?"""
+ (result, out, err) = self.run_command(["samba-tool",
+ "processes",
+ "--pass-the-salt-please",
+ "pleeease"])
+ self.assertIn("if '--pass-the-salt-please' is not misspelt", err)
+ self.assertIn("the appropriate list in is_password_option", err)
diff --git a/selftest/tests.py b/selftest/tests.py
index 0d5db685015..ad14bbdfc61 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -503,3 +503,5 @@ plantestsuite("samba.unittests.run_conditional_ace", "none",
[os.path.join(bindir(), "test_run_conditional_ace")])
plantestsuite("samba.unittests.claim_conversion", "none",
[os.path.join(bindir(), "test_claim_conversion")])
+plantestsuite("samba.unittests.cmdline", "none",
+ [os.path.join(bindir(), "test_cmdline")])
diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c
index 59ed0cc40db..9560fcf9e35 100644
--- a/source3/printing/samba-bgqd.c
+++ b/source3/printing/samba-bgqd.c
@@ -253,7 +253,9 @@ int main(int argc, const char *argv[])
log_stdout = (debug_get_log_type() == DEBUG_STDOUT);
/* main process will notify systemd */
- daemon_sd_notifications(false);
+ if (ready_signal_fd != -1 || watch_fd != -1) {
+ daemon_sd_notifications(false);
+ }
if (!cmdline_daemon_cfg->fork) {
daemon_status(progname, "Starting process ... ");
@@ -325,6 +327,10 @@ int main(int argc, const char *argv[])
goto done;
}
+ if (!cmdline_daemon_cfg->fork) {
+ daemon_ready(progname);
+ }
+
if (ready_signal_fd != -1) {
pid_t pid = getpid();
ssize_t written;
--
Samba Shared Repository
More information about the samba-cvs
mailing list