diff mbox

[04/11] Deprecate the FEDFS_NSDB_PASSWD environment variable

Message ID 20121019210810.53119.10389.stgit@seurat.1015granger.net
State Accepted
Headers show

Commit Message

Chuck Lever Oct. 19, 2012, 9:08 p.m. UTC 
Secure Coding Practice requires that clear-text passwords never be
stored in environment variables.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 doc/man/nfsref.8                           |    9 ---------
 doc/man/nsdb-annotate.8                    |    4 ----
 doc/man/nsdb-create-fsl.8                  |    4 ----
 doc/man/nsdb-create-fsn.8                  |    4 ----
 doc/man/nsdb-delete-fsl.8                  |    4 ----
 doc/man/nsdb-delete-fsn.8                  |    4 ----
 doc/man/nsdb-delete-nsdb.8                 |    4 ----
 doc/man/nsdb-describe.8                    |    4 ----
 doc/man/nsdb-remove-nci.8                  |    4 ----
 doc/man/nsdb-update-fsl.8                  |    4 ----
 doc/man/nsdb-update-nci.8                  |    4 ----
 src/fedfsc/fedfs-create-junction.c         |    2 +-
 src/fedfsc/fedfs-create-replication.c      |    2 +-
 src/fedfsc/fedfs-get-limited-nsdb-params.c |    2 +-
 src/fedfsc/fedfs-get-nsdb-params.c         |    2 +-
 src/fedfsc/fedfs-set-nsdb-params.c         |    2 +-
 src/include/nsdb.h                         |    2 +-
 src/libnsdb/nsdb.c                         |   11 +----------
 src/nfsref/add.c                           |    6 +++---
 src/nfsref/remove.c                        |    6 +++---
 src/nsdbc/nsdb-annotate.c                  |    3 ++-
 src/nsdbc/nsdb-create-fsl.c                |    3 ++-
 src/nsdbc/nsdb-create-fsn.c                |    3 ++-
 src/nsdbc/nsdb-delete-fsl.c                |    3 ++-
 src/nsdbc/nsdb-delete-fsn.c                |    3 ++-
 src/nsdbc/nsdb-delete-nsdb.c               |    3 ++-
 src/nsdbc/nsdb-describe.c                  |    3 ++-
 src/nsdbc/nsdb-list.c                      |    2 +-
 src/nsdbc/nsdb-nces.c                      |    2 +-
 src/nsdbc/nsdb-remove-nci.c                |    3 ++-
 src/nsdbc/nsdb-resolve-fsn.c               |    2 +-
 src/nsdbc/nsdb-update-fsl.c                |    3 ++-
 src/nsdbc/nsdb-update-nci.c                |    3 ++-
 33 files changed, 36 insertions(+), 84 deletions(-)
diff mbox

Patch

diff --git a/doc/man/nfsref.8 b/doc/man/nfsref.8
index 8abfc8c..3db0b79 100644
--- a/doc/man/nfsref.8
+++ b/doc/man/nfsref.8
@@ -204,15 +204,6 @@  If neither of these is specified, or if this entity does not have
 permission to modify the LDAP server's DIT, the
 .BR nfsref (8)
 command fails.
-.IP "\fBFEDFS_NSDB_PASSWD\fP"
-Specifies the password used for simple authentication
-to the LDAP server where new FedFS records should reside.
-If this variable is not set, the
-.BR nfsref (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used to obscure the
-password on the user's terminal.
 .SS Command line options
 .IP "\fB\-d, \-\-debug"
 Enables debugging messages during operation.
diff --git a/doc/man/nsdb-annotate.8 b/doc/man/nsdb-annotate.8
index 4285073..31ca9da 100644
--- a/doc/man/nsdb-annotate.8
+++ b/doc/man/nsdb-annotate.8
@@ -209,10 +209,6 @@  Specifies the password used for simple authentication to the LDAP server
 where the NSDB resides.
 If the
 .B \-\-bindpw
-option is not specified,
-the value of the FEDFS_NSDB_PASSWD environment variable is consulted.
-If the variable is not set and the
-.B \-\-bindpw
 option is not specified, the
 .BR nsdb-annotate (8)
 command asks for a password on
diff --git a/doc/man/nsdb-create-fsl.8 b/doc/man/nsdb-create-fsl.8
index 087149c..bab397e 100644
--- a/doc/man/nsdb-create-fsl.8
+++ b/doc/man/nsdb-create-fsl.8
@@ -173,10 +173,6 @@  Specifies the password used for simple authentication to the LDAP server
 where the NSDB resides.
 If the
 .B \-\-bindpw
-option is not specified,
-the value of the FEDFS_NSDB_PASSWD environment variable is consulted.
-If the variable is not set and the
-.B \-\-bindpw
 option is not specified, the
 .BR nsdb-create-fsl (8)
 command asks for a password on
diff --git a/doc/man/nsdb-create-fsn.8 b/doc/man/nsdb-create-fsn.8
index accf493..e4fb8d8 100644
--- a/doc/man/nsdb-create-fsn.8
+++ b/doc/man/nsdb-create-fsn.8
@@ -153,10 +153,6 @@  Specifies the password used for simple authentication to the LDAP server
 where the NSDB resides.
 If the
 .B \-\-bindpw
-option is not specified,
-the value of the FEDFS_NSDB_PASSWD environment variable is consulted.
-If the variable is not set and the
-.B \-\-bindpw
 option is not specified, the
 .BR nsdb-create-fsn (8)
 command asks for a password on
diff --git a/doc/man/nsdb-delete-fsl.8 b/doc/man/nsdb-delete-fsl.8
index 17c2dde..11a7921 100644
--- a/doc/man/nsdb-delete-fsl.8
+++ b/doc/man/nsdb-delete-fsl.8
@@ -157,10 +157,6 @@  Specifies the password used for simple authentication to the LDAP server
 where the NSDB resides.
 If the
 .B \-\-bindpw
-option is not specified,
-the value of the FEDFS_NSDB_PASSWD environment variable is consulted.
-If the variable is not set and the
-.B \-\-bindpw
 option is not specified, the
 .BR nsdb-delete-fsl (8)
 command asks for a password on
diff --git a/doc/man/nsdb-delete-fsn.8 b/doc/man/nsdb-delete-fsn.8
index 2462964..0526d43 100644
--- a/doc/man/nsdb-delete-fsn.8
+++ b/doc/man/nsdb-delete-fsn.8
@@ -159,10 +159,6 @@  Specifies the password used for simple authentication to th LDAP server
 where the NSDB resides.
 If the
 .B \-\-bindpw
-option is not specified,
-the value of the FEDFS_NSDB_PASSWD environment variable is consulted.
-If the variable is not set and the
-.B \-\-bindpw
 option is not specified, the
 .BR nsdb-delete-fsn (8)
 command asks for a password on
diff --git a/doc/man/nsdb-delete-nsdb.8 b/doc/man/nsdb-delete-nsdb.8
index 06a2538..f72760f 100644
--- a/doc/man/nsdb-delete-nsdb.8
+++ b/doc/man/nsdb-delete-nsdb.8
@@ -127,10 +127,6 @@  Specifies the password used for simple authentication to th LDAP server
 where the NSDB resides.
 If the
 .B \-\-bindpw
-option is not specified,
-the value of the FEDFS_NSDB_PASSWD environment variable is consulted.
-If the variable is not set and the
-.B \-\-bindpw
 option is not specified, the
 .BR nsdb-delete-nsdb (8)
 command asks for a password on
diff --git a/doc/man/nsdb-describe.8 b/doc/man/nsdb-describe.8
index 254d443..59ca626 100644
--- a/doc/man/nsdb-describe.8
+++ b/doc/man/nsdb-describe.8
@@ -154,10 +154,6 @@  Specifies the password used for simple authentication to the LDAP server
 where the NSDB resides.
 If the
 .B \-\-bindpw
-option is not specified,
-the value of the FEDFS_NSDB_PASSWD environment variable is consulted.
-If the variable is not set and the
-.B \-\-bindpw
 option is not specified, the
 .BR nsdb-describe (8)
 command asks for a password on
diff --git a/doc/man/nsdb-remove-nci.8 b/doc/man/nsdb-remove-nci.8
index 1d606e8..bebb027 100644
--- a/doc/man/nsdb-remove-nci.8
+++ b/doc/man/nsdb-remove-nci.8
@@ -150,10 +150,6 @@  Specifies the password used for simple authentication to the LDAP server
 where the NSDB resides
 If the
 .B \-\-bindpw
-option is not specified,
-the value of the FEDFS_NSDB_PASSWD environment variable is consulted.
-If the variable is not set and the
-.B \-\-bindpw
 option is not specified, the
 .BR nsdb-remove-nci (8)
 command asks for a password on
diff --git a/doc/man/nsdb-update-fsl.8 b/doc/man/nsdb-update-fsl.8
index d1357c7..0df2d8b 100644
--- a/doc/man/nsdb-update-fsl.8
+++ b/doc/man/nsdb-update-fsl.8
@@ -176,10 +176,6 @@  Specifies the password used for simple authentication to the LDAP server
 where the NSDB resides.
 If the
 .B \-\-bindpw
-option is not specified,
-the value of the FEDFS_NSDB_PASSWD environment variable is consulted.
-If the variable is not set and the
-.B \-\-bindpw
 option is not specified, the
 .BR nsdb-update-fsl (8)
 command asks for a password on
diff --git a/doc/man/nsdb-update-nci.8 b/doc/man/nsdb-update-nci.8
index 6c9b779..8149960 100644
--- a/doc/man/nsdb-update-nci.8
+++ b/doc/man/nsdb-update-nci.8
@@ -150,10 +150,6 @@  Specifies the password used for simple authentication to the LDAP server
 where the NSDB resides.
 If the
 .B \-\-bindpw
-option is not specified,
-the value of the FEDFS_NSDB_PASSWD environment variable is consulted.
-If the variable is not set and the
-.B \-\-bindpw
 option is not specified, the
 .BR nsdb-update-nci (8)
 command asks for a password on
diff --git a/src/fedfsc/fedfs-create-junction.c b/src/fedfsc/fedfs-create-junction.c
index 822f858..8eb4c15 100644
--- a/src/fedfsc/fedfs-create-junction.c
+++ b/src/fedfsc/fedfs-create-junction.c
@@ -205,7 +205,7 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, NULL, NULL, NULL);
+	nsdb_env(&nsdbname, &nsdbport, NULL, NULL);
 
 	hostname = "localhost";
 	nettype = "netpath";
diff --git a/src/fedfsc/fedfs-create-replication.c b/src/fedfsc/fedfs-create-replication.c
index f638ff1..6aef3ce 100644
--- a/src/fedfsc/fedfs-create-replication.c
+++ b/src/fedfsc/fedfs-create-replication.c
@@ -179,7 +179,7 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, NULL, NULL, NULL);
+	nsdb_env(&nsdbname, &nsdbport, NULL, NULL);
 
 	hostname = "localhost";
 	nettype = "netpath";
diff --git a/src/fedfsc/fedfs-get-limited-nsdb-params.c b/src/fedfsc/fedfs-get-limited-nsdb-params.c
index 5524635..7bda6eb 100644
--- a/src/fedfsc/fedfs-get-limited-nsdb-params.c
+++ b/src/fedfsc/fedfs-get-limited-nsdb-params.c
@@ -173,7 +173,7 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, NULL, NULL, NULL);
+	nsdb_env(&nsdbname, &nsdbport, NULL, NULL);
 
 	hostname = "localhost";
 	nettype = "netpath";
diff --git a/src/fedfsc/fedfs-get-nsdb-params.c b/src/fedfsc/fedfs-get-nsdb-params.c
index d2c58d3..786804d 100644
--- a/src/fedfsc/fedfs-get-nsdb-params.c
+++ b/src/fedfsc/fedfs-get-nsdb-params.c
@@ -175,7 +175,7 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, NULL, NULL, NULL);
+	nsdb_env(&nsdbname, &nsdbport, NULL, NULL);
 
 	hostname = "localhost";
 	nettype = "netpath";
diff --git a/src/fedfsc/fedfs-set-nsdb-params.c b/src/fedfsc/fedfs-set-nsdb-params.c
index 37e77d7..df53620 100644
--- a/src/fedfsc/fedfs-set-nsdb-params.c
+++ b/src/fedfsc/fedfs-set-nsdb-params.c
@@ -207,7 +207,7 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, NULL, NULL, NULL);
+	nsdb_env(&nsdbname, &nsdbport, NULL, NULL);
 
 	hostname = "localhost";
 	nettype = "netpath";
diff --git a/src/include/nsdb.h b/src/include/nsdb.h
index 10558c5..8afefaa 100644
--- a/src/include/nsdb.h
+++ b/src/include/nsdb.h
@@ -236,7 +236,7 @@  _Bool		 nsdb_is_hostname_utf8(const char *hostname);
  * Look for "default" values in environment variables
  */
 void		 nsdb_env(char **nsdbname, unsigned short *nsdbport,
-				char **binddn, char **nce, char **passwd);
+				char **binddn, char **nce);
 
 
 /**
diff --git a/src/libnsdb/nsdb.c b/src/libnsdb/nsdb.c
index b2325fb..4b35544 100644
--- a/src/libnsdb/nsdb.c
+++ b/src/libnsdb/nsdb.c
@@ -69,11 +69,6 @@ 
  */
 #define NSDB_NCE_ENV		"FEDFS_NSDB_NCE"
 
-/**
- * Environment variable containing default password for NSDB
- */
-#define NSDB_PASSWORD_ENV	"FEDFS_NSDB_PASSWD"
-
 
 /**
  * Stores pathname of directory containing FedFS persistent state
@@ -388,7 +383,6 @@  nsdb_follow_referrals(const nsdb_t host)
  * @param nsdbport OUT: pointer to unsigned short NSDB port number
  * @param binddn OUT: pointer to statically allocated NUL-terminated C string containing NSDB bind DN
  * @param nce OUT: pointer to statically allocated NUL-terminated C string containing NSDB container entry DN
- * @param passwd OUT: pointer to statically allocated NUL-terminated C string containing NSDB bind passwd
  *
  * Any of the returned strings can be NULL pointers, if those
  * variables do not appear in this process's environment.
@@ -396,8 +390,7 @@  nsdb_follow_referrals(const nsdb_t host)
  * variable specifies an NSDB port number.
  */
 void
-nsdb_env(char **nsdbname, unsigned short *nsdbport, char **binddn,
-		char **nce, char **passwd)
+nsdb_env(char **nsdbname, unsigned short *nsdbport, char **binddn, char **nce)
 {
 	if (nsdbname != NULL)
 		*nsdbname = getenv(NSDB_NAME_ENV);
@@ -410,8 +403,6 @@  nsdb_env(char **nsdbname, unsigned short *nsdbport, char **binddn,
 		*binddn = getenv(NSDB_BINDDN_ENV);
 	if (nce != NULL)
 		*nce = getenv(NSDB_NCE_ENV);
-	if (passwd != NULL)
-		*passwd = getenv(NSDB_PASSWORD_ENV);
 }
 
 /**
diff --git a/src/nfsref/add.c b/src/nfsref/add.c
index c5caa34..e437c8b 100644
--- a/src/nfsref/add.c
+++ b/src/nfsref/add.c
@@ -524,7 +524,7 @@  nfsref_add_nfs_fedfs_junction(const char *junct_path, char **argv, int optind,
 static int
 nfsref_add_nfs_fedfs(const char *junct_path, char **argv, int optind)
 {
-	char *binddn, *bindpw, *nsdbname, *nce;
+	char *binddn, *nsdbname, *nce;
 	unsigned short nsdbport;
 	unsigned int ldap_err;
 	FedFsStatus retval;
@@ -534,7 +534,7 @@  nfsref_add_nfs_fedfs(const char *junct_path, char **argv, int optind)
 	xlog(D_GENERAL, "%s: Adding FedFS junction to %s",
 		__func__, junct_path);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce, &bindpw);
+	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 	if (nsdbname == NULL) {
 		xlog(L_ERROR, "Cannot determine NSDB hostname");
 		return FEDFS_ERR_INVAL;
@@ -567,7 +567,7 @@  nfsref_add_nfs_fedfs(const char *junct_path, char **argv, int optind)
 		goto out_free;
 	}
 
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nfsref/remove.c b/src/nfsref/remove.c
index 8736097..7dd5997 100644
--- a/src/nfsref/remove.c
+++ b/src/nfsref/remove.c
@@ -116,9 +116,9 @@  nfsref_remove_nfs_basic(const char *junct_path)
 static FedFsStatus
 nfsref_remove_delete_fsn(const char *junct_path)
 {
-	char *binddn, *nce, *bindpw;
 	char *fsn_uuid = NULL;
 	unsigned int ldap_err;
+	char *binddn, *nce;
 	FedFsStatus retval;
 	nsdb_t host;
 
@@ -136,7 +136,7 @@  nfsref_remove_delete_fsn(const char *junct_path)
 		goto out;
 	}
 
-	nsdb_env(NULL, NULL, &binddn, &nce, &bindpw);
+	nsdb_env(NULL, NULL, &binddn, &nce);
 
 	retval = FEDFS_ERR_INVAL;
 	if (binddn == NULL)
@@ -152,7 +152,7 @@  nfsref_remove_delete_fsn(const char *junct_path)
 		goto out_free;
 	}
 
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nsdbc/nsdb-annotate.c b/src/nsdbc/nsdb-annotate.c
index f875721..234e99a 100644
--- a/src/nsdbc/nsdb-annotate.c
+++ b/src/nsdbc/nsdb-annotate.c
@@ -137,7 +137,8 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, NULL, &bindpw);
+	bindpw = NULL;
+	nsdb_env(&nsdbname, &nsdbport, &binddn, NULL);
 
 	delete = false;
 	keyword = value = entry = annotation = NULL;
diff --git a/src/nsdbc/nsdb-create-fsl.c b/src/nsdbc/nsdb-create-fsl.c
index 7f9ad1e..a76277c 100644
--- a/src/nsdbc/nsdb-create-fsl.c
+++ b/src/nsdbc/nsdb-create-fsl.c
@@ -135,7 +135,8 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce, &bindpw);
+	bindpw = NULL;
+	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 
 	serverport = 0;
 	while ((arg = getopt_long(argc, argv, nsdb_create_fsl_opts,
diff --git a/src/nsdbc/nsdb-create-fsn.c b/src/nsdbc/nsdb-create-fsn.c
index e46f0b5..402be08 100644
--- a/src/nsdbc/nsdb-create-fsn.c
+++ b/src/nsdbc/nsdb-create-fsn.c
@@ -131,7 +131,8 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce, &bindpw);
+	bindpw = NULL;
+	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 
 	while ((arg = getopt_long(argc, argv, nsdb_create_fsn_opts,
 			nsdb_create_fsn_longopts, NULL)) != -1) {
diff --git a/src/nsdbc/nsdb-delete-fsl.c b/src/nsdbc/nsdb-delete-fsl.c
index cd9e189..74f555a 100644
--- a/src/nsdbc/nsdb-delete-fsl.c
+++ b/src/nsdbc/nsdb-delete-fsl.c
@@ -135,7 +135,8 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce, &bindpw);
+	bindpw = NULL;
+	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 
 	while ((arg = getopt_long(argc, argv, nsdb_delete_fsl_opts,
 			nsdb_delete_fsl_longopts, NULL)) != -1) {
diff --git a/src/nsdbc/nsdb-delete-fsn.c b/src/nsdbc/nsdb-delete-fsn.c
index 8fc5c7d..15988d5 100644
--- a/src/nsdbc/nsdb-delete-fsn.c
+++ b/src/nsdbc/nsdb-delete-fsn.c
@@ -133,7 +133,8 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce, &bindpw);
+	bindpw = NULL;
+	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 
 	leave_fsn = false;
 	while ((arg = getopt_long(argc, argv, nsdb_delete_fsn_opts,
diff --git a/src/nsdbc/nsdb-delete-nsdb.c b/src/nsdbc/nsdb-delete-nsdb.c
index f86941b..691c4ee 100644
--- a/src/nsdbc/nsdb-delete-nsdb.c
+++ b/src/nsdbc/nsdb-delete-nsdb.c
@@ -124,7 +124,8 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, NULL, &bindpw);
+	bindpw = NULL;
+	nsdb_env(&nsdbname, &nsdbport, &binddn, NULL);
 
 	while ((arg = getopt_long(argc, argv, nsdb_delete_nsdb_opts,
 			nsdb_delete_nsdb_longopts, NULL)) != -1) {
diff --git a/src/nsdbc/nsdb-describe.c b/src/nsdbc/nsdb-describe.c
index a513e37..127ff45 100644
--- a/src/nsdbc/nsdb-describe.c
+++ b/src/nsdbc/nsdb-describe.c
@@ -132,7 +132,8 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, NULL, &bindpw);
+	bindpw = NULL;
+	nsdb_env(&nsdbname, &nsdbport, &binddn, NULL);
 
 	delete = false;
 	entry = description = NULL;
diff --git a/src/nsdbc/nsdb-list.c b/src/nsdbc/nsdb-list.c
index 16b79a5..5f058b3 100644
--- a/src/nsdbc/nsdb-list.c
+++ b/src/nsdbc/nsdb-list.c
@@ -173,7 +173,7 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, NULL, &nce, NULL);
+	nsdb_env(&nsdbname, &nsdbport, NULL, &nce);
 
 	while ((arg = getopt_long(argc, argv, nsdb_list_opts,
 			nsdb_list_longopts, NULL)) != -1) {
diff --git a/src/nsdbc/nsdb-nces.c b/src/nsdbc/nsdb-nces.c
index fcdfc8e..edfdf67 100644
--- a/src/nsdbc/nsdb-nces.c
+++ b/src/nsdbc/nsdb-nces.c
@@ -122,7 +122,7 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, NULL, NULL, NULL);
+	nsdb_env(&nsdbname, &nsdbport, NULL, NULL);
 
 	while ((arg = getopt_long(argc, argv, nsdb_nces_opts,
 			nsdb_nces_longopts, NULL)) != -1) {
diff --git a/src/nsdbc/nsdb-remove-nci.c b/src/nsdbc/nsdb-remove-nci.c
index ee80140..b6d22c1 100644
--- a/src/nsdbc/nsdb-remove-nci.c
+++ b/src/nsdbc/nsdb-remove-nci.c
@@ -126,7 +126,8 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce, &bindpw);
+	bindpw = NULL;
+	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 	if (nce == NULL)
 		nce = NSDB_DEFAULT_NCE;
 
diff --git a/src/nsdbc/nsdb-resolve-fsn.c b/src/nsdbc/nsdb-resolve-fsn.c
index 8a9d5f8..e2a29ac 100644
--- a/src/nsdbc/nsdb-resolve-fsn.c
+++ b/src/nsdbc/nsdb-resolve-fsn.c
@@ -230,7 +230,7 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, NULL, &nce, NULL);
+	nsdb_env(&nsdbname, &nsdbport, NULL, &nce);
 
 	fsn_uuid = NULL;
 	while ((arg = getopt_long(argc, argv, nsdb_resolve_fsn_opts,
diff --git a/src/nsdbc/nsdb-update-fsl.c b/src/nsdbc/nsdb-update-fsl.c
index 185435d..abef5df 100644
--- a/src/nsdbc/nsdb-update-fsl.c
+++ b/src/nsdbc/nsdb-update-fsl.c
@@ -137,7 +137,8 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce, &bindpw);
+	bindpw = NULL;
+	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 
 	value = NULL;
 	while ((arg = getopt_long(argc, argv, nsdb_update_fsl_opts,
diff --git a/src/nsdbc/nsdb-update-nci.c b/src/nsdbc/nsdb-update-nci.c
index 5759796..c490c76 100644
--- a/src/nsdbc/nsdb-update-nci.c
+++ b/src/nsdbc/nsdb-update-nci.c
@@ -130,7 +130,8 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce, &bindpw);
+	bindpw = NULL;
+	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 	if (nce == NULL)
 		nce = NSDB_DEFAULT_NCE;