net_ads.c: Add ability to read machine password from stdin

Adds a way to read the machine password from stdin during net ads join. Sending
the password through a command line argument is a security issue since the
password is then visible in ps.

crbug.com/777979.


diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index c83aced..ea67432 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1352,6 +1352,7 @@ static int net_ads_join_usage(struct net_context *c, int argc, const char **argv
 		   "                             quadrupled. It is not used as a separator.\n"));
 	d_printf(_("   machinepass=PASS      Set the machine password to a specific value during\n"
 		   "                         the join. The default password is random.\n"));
+-	d_printf(_("   machinepassStdin      Reads the machine password from stdin.\n"));
 	d_printf(_("   osName=string         Set the operatingSystem attribute during the join.\n"));
 	d_printf(_("   osVer=string          Set the operatingSystemVersion attribute during join.\n"
 		   "                         NB: osName and osVer must be specified together for\n"
@@ -1533,7 +1534,43 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
 				goto fail;
 			}
 		}
+		else if ( !strcasecmp_m(argv[i], "machinepassStdin") ) {
+			/* Read from stdin. Must be before 'machinepass' case. */
+			if ( machine_password ) {
+				d_fprintf(stderr,
+					  _("Machine password already "
+					    "specified.\n"));
+				werr = WERR_INVALID_PARAMETER;
+				goto fail;
+			}
+			int ret = 0;
+			char *buf = talloc_zero_array(ctx, char, 1024);
+			if (buf == NULL) {
+				werr = WERR_NOT_ENOUGH_MEMORY;
+				goto fail;
+			}
+			ret = samba_getpass("Enter machine password:",
+				buf,
+				talloc_get_size(buf),
+				false,
+				false);
+			if (ret != 0) {
+				d_fprintf(stderr,
+					_("Failed to read "
+					"machine password.\n"));
+				werr = WERR_INVALID_PARAMETER;
+				goto fail;
+			}
+			machine_password = buf;
+		}		
 		else if ( !strncasecmp_m(argv[i], "machinepass", strlen("machinepass")) ) {
+			if ( machine_password ) {
+				d_fprintf(stderr,
+					  _("Machine password already "
+					    "specified.\n"));
+				werr = WERR_INVALID_PARAMETER;
+				goto fail;
+			}
 			if ( (machine_password = get_string_param(argv[i])) == NULL ) {
 				d_fprintf(stderr, _("Please supply a valid password to set as trust account password.\n"));
 				werr = WERR_INVALID_PARAMETER;