cmdline:burn: handle arguments separated from their --options

We weren't treating "--password secret" the same as "--password=secret",
which sometimes led to secrets not being redacted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 627e3f719f21d5d895bfae43f849b2045ff478e8..331da7754552687a95337645faebb9c5e366dc3c 100644 (file)
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -180,7 +180,32 @@ bool samba_cmdline_burn(int argc, char *argv[])
                        char *q = NULL;
 
                        if (strlen(p) == ulen) {
-                               continue;
+                               /*
+                                * The option string has no '=', so
+                                * its argument will come in the NEXT
+                                * argv member. If there is one, we
+                                * can just step forward and take it,
+                                * setting ulen to 0.
+                                *
+                                * {"--password=secret"}    --> {"--password"}
+                                * {"--password", "secret"} --> {"--password", ""}
+                                * {"-Uadmin%secret"}       --> {"-Uadmin"}
+                                * {"-U", "admin%secret"}   --> {"-U", "admin"}
+                                */
+                               i++;
+                               if (i == argc) {
+                                       /*
+                                        * this looks like an invalid
+                                        * command line, but that's
+                                        * for the caller to decide.
+                                        */
+                                       return burnt;
+                               }
+                               p = argv[i];
+                               if (p == NULL) {
+                                       return false;
+                               }
+                               ulen = 0;
                        }
 
                        if (is_user) {

diff --git a/selftest/knownfail.d/cmdline b/selftest/knownfail.d/cmdline
deleted file mode 100644 (file)
index c9e4a86..0000000
--- a/selftest/knownfail.d/cmdline
+++ /dev/null
@@ -1 +0,0 @@
-^samba.unittests.cmdline.torture_cmdline_burn.none.$