/* Handle command line options:
* --sbindir
* --bindir
- * --swatdir
* --lmhostsfile
* --libdir
* --modulesdir
enum dyn_item{
DYN_SBINDIR = 1,
DYN_BINDIR,
- DYN_SWATDIR,
DYN_LMHOSTSFILE,
DYN_LIBDIR,
DYN_MODULESDIR,
}
break;
- case DYN_SWATDIR:
- if (arg) {
- set_dyn_SWATDIR(arg);
- }
- break;
-
case DYN_LMHOSTSFILE:
if (arg) {
set_dyn_LMHOSTSFILE(arg);
"Path to sbin directory", "SBINDIR" },
{ "bindir", '\0' , POPT_ARG_STRING, NULL, DYN_BINDIR,
"Path to bin directory", "BINDIR" },
- { "swatdir", '\0' , POPT_ARG_STRING, NULL, DYN_SWATDIR,
- "Path to SWAT installation directory", "SWATDIR" },
{ "lmhostsfile", '\0' , POPT_ARG_STRING, NULL, DYN_LMHOSTSFILE,
"Path to lmhosts file", "LMHOSTSFILE" },
{ "libdir", '\0' , POPT_ARG_STRING, NULL, DYN_LIBDIR,
sscanf(p, "%d", &fd);
close_it = false;
} else if ((p = getenv("PASSWD_FILE")) != NULL) {
- fd = sys_open(p, O_RDONLY, 0);
+ fd = open(p, O_RDONLY, 0);
spec = SMB_STRDUP(p);
if (fd < 0) {
fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n",
exit(ENOMEM);
}
set_cmdline_auth_info_username(auth_info, puser);
-
- if ((p = strchr_m(puser,'%'))) {
- size_t len;
- *p = 0;
- len = strlen(p+1);
- set_cmdline_auth_info_password(auth_info, p+1);
- memset(strchr_m(getenv("USER"),'%')+1,'X',len);
- }
- SAFE_FREE(puser);
}
if (getenv("PASSWD")) {
if ((lp=strchr_m(puser,'%'))) {
size_t len;
- *lp = 0;
+ *lp = '\0';
set_cmdline_auth_info_username(auth_info,
puser);
set_cmdline_auth_info_password(auth_info,
lp+1);
len = strlen(lp+1);
- memset(strchr_m(arg,'%')+1,'X',len);
+ memset(lp + 1, '\0', len);
} else {
set_cmdline_auth_info_username(auth_info,
puser);
case 'C':
set_cmdline_auth_info_use_ccache(auth_info, true);
break;
+ case 'H':
+ set_cmdline_auth_info_use_pw_nt_hash(auth_info, true);
+ break;
}
}
global_auth_info = auth_info;
}
+/**
+ * @brief Burn the commandline password.
+ *
+ * This function removes the password from the command line so we
+ * don't leak the password e.g. in 'ps aux'.
+ *
+ * It should be called after processing the options and you should pass down
+ * argv from main().
+ *
+ * @param[in] argc The number of arguments.
+ *
+ * @param[in] argv[] The argument array we will find the array.
+ */
+void popt_burn_cmdline_password(int argc, char *argv[])
+{
+ bool found = false;
+ char *p = NULL;
+ int i, ulen = 0;
+
+ for (i = 0; i < argc; i++) {
+ p = argv[i];
+ if (strncmp(p, "-U", 2) == 0) {
+ ulen = 2;
+ found = true;
+ } else if (strncmp(p, "--user", 6) == 0) {
+ ulen = 6;
+ found = true;
+ }
+
+ if (found) {
+ if (p == NULL) {
+ return;
+ }
+
+ if (strlen(p) == ulen) {
+ continue;
+ }
+
+ p = strchr_m(p, '%');
+ if (p != NULL) {
+ memset(p, '\0', strlen(p));
+ }
+ found = false;
+ }
+ }
+}
+
struct poptOption popt_common_credentials[] = {
{ NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE,
(void *)popt_common_credentials_callback, 0,
{"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
{"use-ccache", 'C', POPT_ARG_NONE, NULL, 'C',
"Use the winbind ccache for authentication" },
+ {"pw-nt-hash", '\0', POPT_ARG_NONE, NULL, 'H',
+ "The supplied password is the NT hash" },
POPT_TABLEEND
};