Don't pass the password in the command line when doing listShares

2026-06-03 17:24:07 +02:00 · 2013-05-01 17:37:07 +02:00 · 2013-05-01 17:37:07 +02:00 · f57f29d277
commit f57f29d277
parent 59bc57cc06
3 changed files with 33 additions and 15 deletions
--- a/src/errors.php
+++ b/src/errors.php
@ -28,3 +28,20 @@ class InvalidHostException extends \Exception {

 class AccessDeniedException extends \Exception {
 }
+
+class ErrorCodes {
+	/**
+	 * connection errors
+	 */
+	const LogonFailure = 'NT_STATUS_LOGON_FAILURE';
+	const BadHostName = 'NT_STATUS_BAD_NETWORK_NAME';
+	const Unsuccessful = 'NT_STATUS_UNSUCCESSFUL';
+	const ConnectionRefused = 'NT_STATUS_CONNECTION_REFUSED';
+
+	const PathNotFound = 'NT_STATUS_OBJECT_PATH_NOT_FOUND';
+	const NoSuchFile = 'NT_STATUS_NO_SUCH_FILE';
+	const ObjectNotFound = 'NT_STATUS_OBJECT_NAME_NOT_FOUND';
+	const NameCollision = 'NT_STATUS_OBJECT_NAME_COLLISION';
+	const AccessDenied = 'NT_STATUS_ACCESS_DENIED';
+	const DirectoryNotEmpty = 'NT_STATUS_DIRECTORY_NOT_EMPTY';
+}
--- a/src/server.php
+++ b/src/server.php
@ -78,26 +78,27 @@ class Server {

 	/**
 	 * @return Share[]
-	 * @throws AuthenticationException
-	 * @throws InvalidHostException
 	 */
 	public function listShares() {
-		$auth = escapeshellarg($this->getAuthString()); //TODO: don't pass password as shell argument
-		$command = self::CLIENT . ' -N -U ' . $auth . ' ' . '-gL ' . escapeshellarg($this->getHost()); // . ' 2> /dev/null';
-		exec($command, $output);
+		$user = escapeshellarg($this->getUser());
+		$command = self::CLIENT . ' -U ' . $user . ' ' . '-gL ' . escapeshellarg($this->getHost());
+		$connection = new RawConnection($command);
+		$connection->write($this->getPassword() . PHP_EOL);
+		$output = $connection->readAll();

 		$line = $output[0];
+
 		$line = rtrim($line, ')');
-		if (substr($line, -23) === 'NT_STATUS_LOGON_FAILURE') {
+		if (substr($line, -23) === ErrorCodes::LogonFailure) {
 			throw new AuthenticationException();
 		}
-		if (substr($line, -26) === 'NT_STATUS_BAD_NETWORK_NAME') {
+		if (substr($line, -26) === ErrorCodes::BadHostName) {
 			throw new InvalidHostException();
 		}
-		if (substr($line, -22) === 'NT_STATUS_UNSUCCESSFUL') {
+		if (substr($line, -22) === ErrorCodes::Unsuccessful) {
 			throw new InvalidHostException();
 		}
-		if (substr($line, -28) === 'NT_STATUS_CONNECTION_REFUSED') {
+		if (substr($line, -28) === ErrorCodes::ConnectionRefused) {
 			throw new InvalidHostException();
 		}

--- a/src/share.php
+++ b/src/share.php
@ -200,15 +200,15 @@ class Share {
 			}
 			list($error,) = explode(' ', $lines[0]);
 			switch ($error) {
-				case 'NT_STATUS_OBJECT_PATH_NOT_FOUND':
-				case 'NT_STATUS_OBJECT_NAME_NOT_FOUND':
-				case 'NT_STATUS_NO_SUCH_FILE':
+				case ErrorCodes::PathNotFound:
+				case ErrorCodes::ObjectNotFound:
+				case ErrorCodes::NoSuchFile:
 					throw new NotFoundException();
-				case 'NT_STATUS_OBJECT_NAME_COLLISION':
+				case ErrorCodes::NameCollision:
 					throw new AlreadyExistsException();
-				case 'NT_STATUS_ACCESS_DENIED':
+				case ErrorCodes::AccessDenied:
 					throw new AccessDeniedException();
-				case 'NT_STATUS_DIRECTORY_NOT_EMPTY':
+				case ErrorCodes::DirectoryNotEmpty:
 					throw new NotEmptyException();
 				default:
 					throw new \Exception();