samba.git/lib/cmdline, branch master Unnamed repository; edit this file 'description' to name the repository. lib:cmdline: Check if we have a valid default ccache 2025-08-05T10:49:34+00:00 Andreas Schneider asn@samba.org 2025-04-25T15:32:16+00:00 b5fe30ef6d128863417cb799a0fa336dde9f5ba4 If you don't specify anything, and we have a valid ccache then try to use it! > smbclient -L //samba1.earth.milkyway.site Anonymous login successful Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers IPC$ IPC IPC Service (Samba 4.22.1) SMB1 disabled -- no workgroup available In case the user specifies a principal, it will ask for a password: > bin/smbclient -L //samba1.earth.milkyway.site -Ualice1@EARTH.MILKYWAY.SITE Password for [alice1@EARTH.MILKYWAY.SITE]: Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> 
If you don't specify anything, and we have a valid ccache then try to
use it!

> smbclient -L //samba1.earth.milkyway.site
Anonymous login successful

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer Drivers
        IPC$            IPC       IPC Service (Samba 4.22.1)
SMB1 disabled -- no workgroup available

In case the user specifies a principal, it will ask for a password:

> bin/smbclient -L //samba1.earth.milkyway.site -Ualice1@EARTH.MILKYWAY.SITE
Password for [alice1@EARTH.MILKYWAY.SITE]:

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
 lib:cmdline: POPT_CALLBACK_REASON_POST should handle if we skip the password callback 2025-04-15T12:54:57+00:00 Andreas Schneider asn@samba.org 2025-04-11T08:56:43+00:00 9dc165e80fb90774b6999b90483e5fcfb5c2798e It is already checking if there is a valid ccache and disabling the callback. In case of IAKerb we specify a ccache but might to fill one with a krbtgt. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Apr 15 12:54:57 UTC 2025 on atb-devel-224 
It is already checking if there is a valid ccache and disabling the callback.
In case of IAKerb we specify a ccache but might to fill one with a krbtgt.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 15 12:54:57 UTC 2025 on atb-devel-224
lib:cmdline: Make sure --use-krb5-ccache sets the ccache 2025-04-15T11:54:57+00:00 Andreas Schneider asn@samba.org 2025-04-04T08:27:50+00:00 dd4f403792528d13955228c780fe4891a56e3e60 Pair-Programmed-With: Alexander Bokovoy <ab@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Pair-Programmed-With: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 replace direct calls to memset_s() with commonly used macros 2025-01-02T17:01:30+00:00 Michael Tokarev mjt@tls.msk.ru 2024-11-18T11:19:54+00:00 712117155e0efae593d2867037c92741f2151252 samba provides macros for zeroing various structures in memory, and all code uses them instead of relying on memset_s(). However, a few places use memset_s() directly. Replace these usages with macros for consistency and to be able to replace memset_s() easier. A few notes. Commit 03a50d8f7d872b6ef701d12 "lib:util: Check memset_s() error code in talloc_keep_secret_destructor()" (Aug-2022) added a check for error return from memset_s(). This is the only place in whole codebase which bothers about doing this. But I've difficult time figuring out the intention. Was there a real case when this code path is actually executed? Commit 7658c9bf0a9c99e3f200571 "lib:crypto: Remove redundant array zeroing" (Nov-2023) removed the OTHER line from the two lines used to zero memory in here. Initially the code used both memset_s() *and* ZERO_ARRAY_LEN(), the former has been removed. This change removes the other - memset_s(), reintroducing ZERO_ARRAY_LEN(). Here however, it's probably better to use BURN_PTR instead of ZERO_ARRAY - in this place and a few lines above. Commit 8dddea2ceda40f2365bd6b1 "lib:talloc: Use memset_s() to avoid the call gets optimized out" (Feb-2024) is a recent commit which introduces memset_s(). However, it does not seem like it makes any difference whatsoever for a testsuite, or that it actually needs to clean up the memory to begin with. We've quite an assortment of all this memory zeroing stuff. Also it is repeated in replace.h and memory.h (two sets in these files are different but has big intersection). I'd say, to fix this mess, things from replace.h should be removed in favour of memory.h, and necessary includes added, but this is for the next time. We also have lots of direct usages of memset_s() in heimdal code. Cc: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 
samba provides macros for zeroing various structures in memory,
and all code uses them instead of relying on memset_s().
However, a few places use memset_s() directly.  Replace these
usages with macros for consistency and to be able to replace
memset_s() easier.

A few notes.

Commit 03a50d8f7d872b6ef701d12 "lib:util: Check memset_s() error
code in talloc_keep_secret_destructor()" (Aug-2022) added a check
for error return from memset_s().  This is the only place in whole
codebase which bothers about doing this.  But I've difficult time
figuring out the intention.  Was there a real case when this code
path is actually executed?

Commit 7658c9bf0a9c99e3f200571 "lib:crypto: Remove redundant array
zeroing" (Nov-2023) removed the OTHER line from the two lines used
to zero memory in here.  Initially the code used both memset_s()
*and* ZERO_ARRAY_LEN(), the former has been removed.  This change
removes the other - memset_s(), reintroducing ZERO_ARRAY_LEN().
Here however, it's probably better to use BURN_PTR instead of
ZERO_ARRAY - in this place and a few lines above.

Commit 8dddea2ceda40f2365bd6b1 "lib:talloc: Use memset_s() to avoid
the call gets optimized out" (Feb-2024) is a recent commit which
introduces memset_s().  However, it does not seem like it makes
any difference whatsoever for a testsuite, or that it actually
needs to clean up the memory to begin with.

We've quite an assortment of all this memory zeroing stuff.  Also
it is repeated in replace.h and memory.h (two sets in these files
are different but has big intersection).  I'd say, to fix this mess,
things from replace.h should be removed in favour of memory.h, and
necessary includes added, but this is for the next time.  We also
have lots of direct usages of memset_s() in heimdal code.

Cc: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 lib:cmdline: Load network interfaces in _samba_cmdline_load_config_s4() 2024-08-04T00:32:39+00:00 Jo Sutton josutton@catalyst.net.nz 2024-07-30T04:55:17+00:00 bf8a22b2e459b990403e5593db404ed36deba78f This makes the samba.tests.domain_backup tests start working again when they are run standalone. Without the load_interfaces() call, smb_sysvol_conn() fails to make a connection to the sysvol share. Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
This makes the samba.tests.domain_backup tests start working again when
they are run standalone. Without the load_interfaces() call,
smb_sysvol_conn() fails to make a connection to the sysvol share.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
lib:cmdline: Fix code spelling 2024-08-04T00:32:39+00:00 Jo Sutton josutton@catalyst.net.nz 2024-07-16T23:28:02+00:00 9130ca413af16ec01d9dd0d1f5a58f54915f8059 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
cmdline:burn: list commands to always burn; warn on unknown 2024-07-10T06:28:08+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2024-07-05T02:31:58+00:00 86843685419921e28c37f3c1b33011f14940e02f We burn arguments to all unknown options containing "pass" (e.g. "--passionate=false") in case they are a password option, but is bad in the case where the unknown option takes no argument but the next option *is* a password (like "--overpass --password2 barney". In that case "--password2" would be burnt and not "barney". The burning behaviour doesn't change with this commit, but users will now see an error message explaining that the option was unknown. This is not so much aimed at end users -- for who an invalid option will hopefully lead to --help like output -- but to developers who add a new "pass" option. This also slightly speeds up the processing of known password options, which is a little bit important because we are in a race to replace the command line in /proc before an attacker sees it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224 
We burn arguments to all unknown options containing "pass" (e.g.
"--passionate=false") in case they are a password option, but is bad
in the case where the unknown option takes no argument but the next
option *is* a password (like "--overpass --password2 barney". In that
case "--password2" would be burnt and not "barney".

The burning behaviour doesn't change with this commit, but users will now
see an error message explaining that the option was unknown. This is not
so much aimed at end users -- for who an invalid option will hopefully
lead to --help like output -- but to developers who add a new "pass"
option.

This also slightly speeds up the processing of known password options,
which is a little bit important because we are in a race to replace the
command line in /proc before an attacker sees it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224
cmdline:burn: add a note about short option combinations 2024-07-03T01:35:31+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2024-07-02T23:50:43+00:00 97be45f9ea3410392cd37eab5cfafd3ad00cfe57 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
cmdline:burn: explicitly burn --username 2024-07-03T01:35:31+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2024-07-02T23:23:36+00:00 63a83fb7bb312731047f361f89766e0be492f83e This is the long form of -U in samba-tool. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> 
This is the long form of -U in samba-tool.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
cmdline:burn: use allowlist to ensure more passwords burn 2024-07-03T01:35:31+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2024-06-29T01:44:46+00:00 f1fbba6dc609590854c0d7c5e72b58fabc356695 We treat any option containing 'pass' with suspicion, unless we know it is OK. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> 
We treat any option containing 'pass' with suspicion, unless we know it
is OK.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>