From: Andreas Schneider <asn@samba.org>
Date: Wed, 19 Aug 2020 07:07:47 +0000 (+0200)
Subject: lib:cmdline: Add samba_cmdline_burn()
X-Git-Tag: tevent-0.11.0~972
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d945ed03c91a11509356964ced8a2c76fdaa547c;p=thirdparty%2Fsamba.git

lib:cmdline: Add samba_cmdline_burn()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 090207488cd..bddb27642e5 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -112,6 +112,55 @@ struct cli_credentials *samba_cmdline_get_creds(void)
 	return cmdline_creds;
 }
 
+void samba_cmdline_burn(int argc, char *argv[])
+{
+	bool found = false;
+	bool is_user = false;
+	char *p = NULL;
+	int i, ulen = 0;
+
+	for (i = 0; i < argc; i++) {
+		p = argv[i];
+		if (p == NULL) {
+			return;
+		}
+
+		if (strncmp(p, "-U", 2) == 0) {
+			ulen = 2;
+			found = true;
+			is_user = true;
+		} else if (strncmp(p, "--user", 6) == 0) {
+			ulen = 6;
+			found = true;
+			is_user = true;
+		} else if (strncmp(p, "--password", 10) == 0) {
+			ulen = 10;
+			found = true;
+		}
+
+		if (found) {
+			char *q = NULL;
+
+			if (strlen(p) == ulen) {
+				continue;
+			}
+
+			if (is_user) {
+				q = strchr_m(p, '%');
+				if (q != NULL) {
+					p = q;
+				}
+			} else {
+				p += ulen;
+			}
+
+			memset_s(p, strlen(p), '\0', strlen(p));
+			found = false;
+			is_user = false;
+		}
+	}
+}
+
 /**********************************************************
  * COMMON SAMBA POPT
  **********************************************************/
diff --git a/lib/cmdline/cmdline.h b/lib/cmdline/cmdline.h
index c3667a5884c..25055a532ee 100644
--- a/lib/cmdline/cmdline.h
+++ b/lib/cmdline/cmdline.h
@@ -91,6 +91,21 @@ struct cli_credentials *samba_cmdline_get_creds(void);
  */
 struct poptOption *samba_cmdline_get_popt(enum smb_cmdline_popt_options opt);
 
+/**
+ * @brief Burn secrets on the command line.
+ *
+ * This function removes secrets from the command line so we don't leak e.g.
+ * passwords on 'ps aux' output.
+ *
+ * It should be called after processing the options and you should pass down
+ * argv from main().
+ *
+ * @param[in]  argc     The number of arguments.
+ *
+ * @param[in]  argv[]   The argument array we will find the array.
+ */
+void samba_cmdline_burn(int argc, char *argv[]);
+
 /**
  * @brief A popt structure for common samba options.
  */
diff --git a/lib/cmdline/tests/test_cmdline.c b/lib/cmdline/tests/test_cmdline.c
new file mode 100644
index 00000000000..0326c2857be
--- /dev/null
+++ b/lib/cmdline/tests/test_cmdline.c
@@ -0,0 +1,61 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2018-2019 Andreas Schneider <asn@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "lib/cmdline/cmdline.h"
+
+static void torture_cmdline_burn(void **state)
+{
+	char arg1[] = "-U Administrator%secret";
+	char arg2[] = "--user=Administrator%secret";
+	char arg3[] = "--user=Administrator%super%secret";
+	char arg4[] = "--password=super%secret";
+
+	char *argv[] = { arg1, arg2, arg3, arg4, NULL };
+	int argc = 4;
+
+	samba_cmdline_burn(argc, argv);
+
+	assert_string_equal(arg1, "-U Administrator");
+	assert_string_equal(arg2, "--user=Administrator");
+	assert_string_equal(arg3, "--user=Administrator");
+	assert_string_equal(arg4, "--password");
+}
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(torture_cmdline_burn),
+	};
+
+	if (argc == 2) {
+		cmocka_set_test_filter(argv[1]);
+	}
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+	rc = cmocka_run_group_tests(tests, NULL, NULL);
+
+	return rc;
+}
diff --git a/lib/cmdline/wscript b/lib/cmdline/wscript
index 26967514a60..9c50b47a41c 100644
--- a/lib/cmdline/wscript
+++ b/lib/cmdline/wscript
@@ -24,3 +24,9 @@ def build(bld):
     bld.SAMBA_SUBSYSTEM('CMDLINE_S4',
                         source='cmdline_s4.c',
                         deps='cmdline')
+
+    bld.SAMBA_BINARY('test_cmdline',
+                     source='tests/test_cmdline.c',
+                     deps='cmocka CMDLINE_S3 LOADPARM_CTX',
+                     local_include=False,
+                     for_selftest=True)