cmdline:burn: do not burn options starting --user-*, --password-*

We have options that start with --user or --password that we don't
want to burn. Some grepping says:

      2 --user1
      1 --user2
     10 --user-allowed-to-authenticate-from
      6 --user-allowed-to-authenticate-to
      2 --user-allow-ntlm-auth
     25 --user-authentication-policy
      1 --user-config
      4 --user-domgroups
      5 --user-ext-name
      2 --user-groups
      6 --user-info
     27 --username
      1 --username2
      2 --userou
      1 --users
      2 --user-sidinfo
      6 --user-sids
     14 --user-tgt-lifetime-mins
      2 --password2
    118 --password-file
      2 --password-from-stdin
      # from here, grepping for strings around POPT_ constants
      5 "user"
      2 "user1"
      2 "user2"
      1 "userd"
      1 "user-domgroups"
      1 "user-groups"
      1 "user-info"
      2 "username"
      1 "user-sidinfo"
      1 "user-sids"
      1 passwordd
      4 "password"

Not all of these use lib/cmdline, but I think most do, via Python
which defers to cmdline_burn().

Note that there are options we should burn that aren't on this list,
like --adminpass. That's another matter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
(cherry picked from commit 6effed31899a1be8194a851e5a4023276b8a5f38)

diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index d20c606d5036477c66ed1f529b3d763be7f38ef9..993b5aefe9e74a48f8130a7c56a49907e78ee064 100644 (file)
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -135,6 +135,21 @@ void samba_cmdline_set_machine_account_fn(
        cli_credentials_set_machine_account_fn = fn;
 }
 
+/*
+ * Are the strings p and option equal from the point of view of option
+ * parsing, meaning is the next character '\0' or '='.
+ */
+static bool strneq_cmdline_exact(const char *p, const char *option, size_t len)
+{
+       if (strncmp(p, option, len) == 0) {
+               if (p[len] == 0 || p[len] == '=') {
+                       return true;
+               }
+       }
+       return false;
+}
+
+
 bool samba_cmdline_burn(int argc, char *argv[])
 {
        bool burnt = false;
@@ -151,25 +166,21 @@ bool samba_cmdline_burn(int argc, char *argv[])
                        return burnt;
                }
 
-               /*
-                * Take care that this list must be in longest-match
-                * first order (e.g. --password2 before --password).
-                */
                if (strncmp(p, "-U", 2) == 0) {
                        ulen = 2;
                        found = true;
                        is_user = true;
-               } else if (strncmp(p, "--user", 6) == 0) {
+               } else if (strneq_cmdline_exact(p, "--user", 6)) {
                        ulen = 6;
                        found = true;
                        is_user = true;
-               } else if (strncmp(p, "--password2", 11) == 0) {
+               } else if (strneq_cmdline_exact(p, "--password2", 11)) {
                        ulen = 11;
                        found = true;
-               } else if (strncmp(p, "--password", 10) == 0) {
+               } else if (strneq_cmdline_exact(p, "--password", 10)) {
                        ulen = 10;
                        found = true;
-               } else if (strncmp(p, "--newpassword", 13) == 0) {
+               } else if (strneq_cmdline_exact(p, "--newpassword", 13)) {
                        ulen = 13;
                        found = true;
                }