From 41d7edf4a445eac6469e2166df91abfc48caf79e Mon Sep 17 00:00:00 2001
From: Pasi Kallinen <paxed@alt.org>
Date: Sat, 17 Mar 2012 14:45:53 +0200
Subject: [PATCH] Merge commits from http://git.develz.org/?p=dgamelaunch.git

 - Allow DGLAUTH as additional variable to pass login data,
   prioritized ahead of USER and LOGNAME. (Marc H. Thoben)
 - Empty autologin variables before running any external
   software. (Edoardo Spadolini)
 - Remove -f parameter to prevent privilege escalation.
   (Edoardo Spadolini)

Update documentation to reflect the changes.
---
 README        |  6 +++---
 dgamelaunch.c | 22 +++++++++-------------
 2 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/README b/README
index dbb6dd8..2b261db 100644
--- a/README
+++ b/README
@@ -10,9 +10,9 @@ Crawl (http://crawl.develz.org).
 DGAMELAUNCH VERSIONS
 ====================
 
-Development version can be fetched from the source repository with subversion:
+Development version can be fetched from the source repository with git:
 
-  svn co svn://triplehelix.org/dgamelaunch/trunk
+  git clone git://github.com/paxed/dgamelaunch.git
 
 Releases are downloadable at http://alt.org/nethack/dgamelaunch/
 
@@ -153,7 +153,6 @@ COMMANDLINE PARAMETERS
 
  -a		Ignored.
  -e		Ignored.
- -f file	Read configuration from file.
  -h		Ignored.
  -i user	Autologin and run the register -command hook for "user"
     		(with password "user").
@@ -173,6 +172,7 @@ ENVIRONMENT VARIABLES
  while FreeBSD does not.  FreeBSD, on the other hand, does allow the LOGNAME
  environment variable.  Dgamelaunch will first check USER, then LOGNAME,
  for "username:password", and tries autologin if either exists.
+ Dgamelaunch-specific DGLAUTH is checked before either of those.
 
 
 ERROR CODES
diff --git a/dgamelaunch.c b/dgamelaunch.c
index 17b6c2d..5a385f7 100644
--- a/dgamelaunch.c
+++ b/dgamelaunch.c
@@ -2594,12 +2594,16 @@ main (int argc, char** argv)
   argv = saved_argv;
 #endif
 
-  p = getenv("USER");
+  p = getenv("DGLAUTH");
 
   /* Linux telnetd allows importing the USER envvar via telnet,
    * while FreeBSD does not.  FreeBSD, on the other hand, does allow
    * the LOGNAME envvar.  Check USER first, then LOGNAME.
    */
+  if (p == NULL) {
+      p = getenv("USER");
+  }
+
   if (p == NULL) {
       p = getenv("LOGNAME");
   }
@@ -2608,9 +2612,12 @@ main (int argc, char** argv)
     auth = strdup(p);
   /* else auth is still NULL */
 
+  /* just to be sure */
+  unsetenv("DGLAUTH"); unsetenv("USER"); unsetenv("LOGNAME");
+
   __progname = basename(strdup(argv[0]));
 
-  while ((c = getopt(argc, argv, "sqh:pf:i:aeW:SD")) != -1)
+  while ((c = getopt(argc, argv, "sqh:pi:aeW:SD")) != -1)
   {
     switch (c)
     {
@@ -2620,17 +2627,6 @@ main (int argc, char** argv)
       case 'q':
 	silent = 1; break;
 
-      case 'f':
-	if (config)
-	{
-	  if (!silent)
-	    fprintf(stderr, "warning: using %s\n", argv[optind]);
-	  free(config);
-	}
-
-	config = strdup(optarg);
-	break;
-
       case 'i':
 	if (optarg && *optarg != '\0') {
 		if (p && *p != '\0')