From d37462d79a4063ac06d2f5e6514b7c082cc26b21 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 2 Dec 2020 18:06:24 +0100
Subject: [PATCH] lib:ldb-samba: Migrate samba extensions to new cmdline option
 parser

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 16 01:25:28 UTC 2021 on sn-devel-184
---
 lib/ldb-samba/samba_extensions.c | 53 +++++++++++++++++++++++---------
 lib/ldb-samba/wscript_build      |  2 +-
 selftest/knownfail.d/usage       |  6 ----
 source4/selftest/tests.py        | 20 ++++++------
 4 files changed, 50 insertions(+), 31 deletions(-)

diff --git a/lib/ldb-samba/samba_extensions.c b/lib/ldb-samba/samba_extensions.c
index c113e8cbe2a..be92d982dde 100644
--- a/lib/ldb-samba/samba_extensions.c
+++ b/lib/ldb-samba/samba_extensions.c
@@ -24,7 +24,7 @@
 
 #include "includes.h"
 #include "ldb_module.h"
-#include "lib/cmdline/popt_common.h"
+#include "lib/cmdline/cmdline.h"
 #include "auth/gensec/gensec.h"
 #include "auth/auth.h"
 #include "param/param.h"
@@ -63,14 +63,6 @@ static size_t calculate_popt_array_length(struct poptOption *opts)
 	return i;
 }
 
-static struct poptOption cmdline_extensions[] = {
-	POPT_COMMON_SAMBA
-	POPT_COMMON_CREDENTIALS
-	POPT_COMMON_CONNECTION
-	POPT_COMMON_VERSION
-	{0}
-};
-
 /*
   called to register additional command line options
  */
@@ -80,7 +72,24 @@ static int extensions_hook(struct ldb_context *ldb, enum ldb_module_hook_type t)
 	case LDB_MODULE_HOOK_CMDLINE_OPTIONS: {
 		size_t len1, len2;
 		struct poptOption **popt_options = ldb_module_popt_options(ldb);
-		struct poptOption *new_array;
+		struct poptOption *new_array = NULL;
+		bool ok;
+
+		struct poptOption cmdline_extensions[] = {
+			POPT_COMMON_SAMBA_LDB
+			POPT_COMMON_CONNECTION
+			POPT_COMMON_CREDENTIALS
+			POPT_LEGACY_S4
+			POPT_COMMON_VERSION
+			POPT_TABLEEND
+		};
+
+		ok = samba_cmdline_init(ldb,
+					SAMBA_CMDLINE_CONFIG_CLIENT,
+					false /* require_smbconf */);
+		if (!ok) {
+			return ldb_oom(ldb);
+		}
 
 		len1 = calculate_popt_array_length(*popt_options);
 		len2 = calculate_popt_array_length(cmdline_extensions);
@@ -93,29 +102,45 @@ static int extensions_hook(struct ldb_context *ldb, enum ldb_module_hook_type t)
 
 		memcpy(new_array, *popt_options, len1*sizeof(struct poptOption));
 		memcpy(new_array+len1, cmdline_extensions, (1+len2)*sizeof(struct poptOption));
+
+#ifdef DEVELOPER
+		ok = samba_cmdline_sanity_check(new_array);
+		if (!ok) {
+			talloc_free(new_array);
+			return ldb_error(ldb,
+					 LDB_ERR_OPERATIONS_ERROR,
+					 "Duplicate cmdline options detected!");
+		}
+#endif
+
 		(*popt_options) = new_array;
 		return LDB_SUCCESS;
 	}
 
 	case LDB_MODULE_HOOK_CMDLINE_PRECONNECT: {
+		struct loadparm_context *lp_ctx = NULL;
+		struct cli_credentials *creds = NULL;
+
 		int r = ldb_register_samba_handlers(ldb);
 		if (r != LDB_SUCCESS) {
 			return ldb_operr(ldb);
 		}
 		gensec_init();
 
+		lp_ctx = samba_cmdline_get_lp_ctx();
+		creds = samba_cmdline_get_creds();
+
 		if (ldb_set_opaque(
 			ldb,
 			DSDB_SESSION_INFO,
-			system_session(cmdline_lp_ctx))) {
+			system_session(lp_ctx))) {
 
 			return ldb_operr(ldb);
 		}
-		if (ldb_set_opaque(ldb, "credentials",
-				popt_get_cmdline_credentials())) {
+		if (ldb_set_opaque(ldb, "credentials", creds)) {
 			return ldb_operr(ldb);
 		}
-		if (ldb_set_opaque(ldb, "loadparm", cmdline_lp_ctx)) {
+		if (ldb_set_opaque(ldb, "loadparm", lp_ctx)) {
 			return ldb_operr(ldb);
 		}
 
diff --git a/lib/ldb-samba/wscript_build b/lib/ldb-samba/wscript_build
index 3264757e8b7..d02bc9564de 100644
--- a/lib/ldb-samba/wscript_build
+++ b/lib/ldb-samba/wscript_build
@@ -30,7 +30,7 @@ bld.SAMBA_MODULE('ldbsamba_extensions',
                  init_function='ldb_samba_extensions_init',
                  module_init_name='ldb_init_module',
                  subsystem='ldb',
-                 deps='ldb ldbsamba POPT_SAMBA POPT_CREDENTIALS cmdline-credentials gensec',
+                 deps='ldb ldbsamba CMDLINE_S4 gensec',
                  internal_module=False)
 
 
diff --git a/selftest/knownfail.d/usage b/selftest/knownfail.d/usage
index 47a5783f6de..b8e0bbc356d 100644
--- a/selftest/knownfail.d/usage
+++ b/selftest/knownfail.d/usage
@@ -1,9 +1,3 @@
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbadd.none.
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbdel.none.
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbedit.none.
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbmodify.none.
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbrename.none.
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbsearch.none.
 samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_autobuild_py.none.
 samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_compare_cc_results_py.none.
 samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_config_base.none.
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 96ed2913ef7..ef095001cdb 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -62,7 +62,7 @@ all_fl_envs = ["fl2000dc", "fl2003dc", "fl2008dc", "fl2008r2dc"]
 
 # Simple tests for LDAP and CLDAP
 for auth_type in ['', '-k no', '-k yes']:
-    for auth_level in ['--option=clientldapsaslwrapping=plain', '--sign', '--encrypt']:
+    for auth_level in ['--option=clientldapsaslwrapping=plain', '--client-protection=sign', '--client-protection=encrypt']:
         creds = '-U"$USERNAME%$PASSWORD"'
         options = creds + ' ' + auth_type + ' ' + auth_level
         plantestsuite("samba4.ldb.ldap with options %r(ad_dc_default)" % options, "ad_dc_default", "%s/test_ldb.sh ldap $SERVER %s" % (bbdir, options))
@@ -129,15 +129,15 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
 
     auth_options = [
         '--option=clientldapsaslwrapping=plain',
-        '--sign',
-        '--encrypt',
-        '-k yes --option=clientldapsaslwrapping=plain',
-        '-k yes --sign',
-        '-k yes --encrypt',
-        '-k no --option=clientldapsaslwrapping=plain',
-        '-k no --sign --option=ntlmssp_client:ldap_style_send_seal=no',
-        '-k no --sign',
-        '-k no --encrypt',
+        '--client-protection=sign',
+        '--client-protection=encrypt',
+        '--use-kerberos=required --option=clientldapsaslwrapping=plain',
+        '--use-kerberos=required --client-protection=sign',
+        '--use-kerberos=required --client-protection=encrypt',
+        '--use-kerberos=disabled --option=clientldapsaslwrapping=plain',
+        '--use-kerberos=disabled --client-protection=sign --option=ntlmssp_client:ldap_style_send_seal=no',
+        '--use-kerberos=disabled --client-protection=sign',
+        '--use-kerberos=disabled --client-protection=encrypt',
     ]
 
     for auth_option in auth_options:
-- 
2.47.3