| net_ads.c: Add ability to read machine password from stdin |
| |
| Adds a way to read the machine password from stdin during net ads join. Sending |
| the password through a command line argument is a security issue since the |
| password is then visible in ps. |
| |
| crbug.com/777979. |
| |
| |
| |
| diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c |
| index c83aced..ea67432 100644 |
| --- a/source3/utils/net_ads.c |
| +++ b/source3/utils/net_ads.c |
| @@ -1352,6 +1352,7 @@ static int net_ads_join_usage(struct net_context *c, int argc, const char **argv |
| " quadrupled. It is not used as a separator.\n")); |
| d_printf(_(" machinepass=PASS Set the machine password to a specific value during\n" |
| " the join. The default password is random.\n")); |
| +- d_printf(_(" machinepassStdin Reads the machine password from stdin.\n")); |
| d_printf(_(" osName=string Set the operatingSystem attribute during the join.\n")); |
| d_printf(_(" osVer=string Set the operatingSystemVersion attribute during join.\n" |
| " NB: osName and osVer must be specified together for\n" |
| @@ -1533,7 +1534,43 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) |
| goto fail; |
| } |
| } |
| + else if ( !strcasecmp_m(argv[i], "machinepassStdin") ) { |
| + /* Read from stdin. Must be before 'machinepass' case. */ |
| + if ( machine_password ) { |
| + d_fprintf(stderr, |
| + _("Machine password already " |
| + "specified.\n")); |
| + werr = WERR_INVALID_PARAMETER; |
| + goto fail; |
| + } |
| + int ret = 0; |
| + char *buf = talloc_zero_array(ctx, char, 1024); |
| + if (buf == NULL) { |
| + werr = WERR_NOT_ENOUGH_MEMORY; |
| + goto fail; |
| + } |
| + ret = samba_getpass("Enter machine password:", |
| + buf, |
| + talloc_get_size(buf), |
| + false, |
| + false); |
| + if (ret != 0) { |
| + d_fprintf(stderr, |
| + _("Failed to read " |
| + "machine password.\n")); |
| + werr = WERR_INVALID_PARAMETER; |
| + goto fail; |
| + } |
| + machine_password = buf; |
| + } |
| else if ( !strncasecmp_m(argv[i], "machinepass", strlen("machinepass")) ) { |
| + if ( machine_password ) { |
| + d_fprintf(stderr, |
| + _("Machine password already " |
| + "specified.\n")); |
| + werr = WERR_INVALID_PARAMETER; |
| + goto fail; |
| + } |
| if ( (machine_password = get_string_param(argv[i])) == NULL ) { |
| d_fprintf(stderr, _("Please supply a valid password to set as trust account password.\n")); |
| werr = WERR_INVALID_PARAMETER; |