diff options
author | Tim Potter <tpot@samba.org> | 2001-12-11 05:18:36 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2001-12-11 05:18:36 +0000 |
commit | f4dfa9b6b26020c32c6e8452ea6b5bfb8e631981 (patch) | |
tree | de8a6d790a88dc90bf7e557d3bf3857d4363bb1d | |
parent | 5ffe722a5585314cb1ba4533c0867c777e6b369b (diff) | |
download | samba-f4dfa9b6b26020c32c6e8452ea6b5bfb8e631981.tar.gz samba-f4dfa9b6b26020c32c6e8452ea6b5bfb8e631981.tar.bz2 samba-f4dfa9b6b26020c32c6e8452ea6b5bfb8e631981.zip |
Converted wbinfo to use popt instead of getopt - popt is very nice!
Added a --set-auth-user function to set a username and password that can be
used by winbindd when making connections to domain controllers. This is
necessary when restrictions have been placed on anonymous connections
either through the RestrictAnonymous registry setting, or the win2k Local
Security Policy -> Security Settings -> Local Policies -> Security Options
-> Additional restrictions for anonymous connections. (phew)
Two new keys are set in secrets.tdb: SECRETS/AUTH_USER and
SECRETS/AUTH_PASSWORD which hold the username and plaintext password of the
user to connect as.
To reset these values, run wbinfo --set-auth-user ""
(This used to be commit 507003522b70443f79b8b69a836dcd38d309cfca)
-rw-r--r-- | source3/nsswitch/wbinfo.c | 128 |
1 files changed, 100 insertions, 28 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 4684af02e9..9e85ce3041 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -420,6 +420,33 @@ static BOOL print_domain_groups(void) return True; } +/* Set the authorised user for winbindd access in secrets.tdb */ + +static BOOL wbinfo_set_auth_user(char *username) +{ + char *password; + + /* Separate into user and password */ + + password = strchr(username, '%'); + + if (password) { + *password = 0; + password++; + } else + password = ""; + + /* Store in secrets.tdb */ + + if (!secrets_store(SECRETS_AUTH_USER, username, strlen(username) + 1) || + !secrets_store(SECRETS_AUTH_PASSWORD, password, strlen(password) + 1)) { + fprintf(stderr, "error storing authenticated user info\n"); + return False; + } + + return True; +} + /* Print program usage */ static void usage(void) @@ -442,11 +469,39 @@ static void usage(void) /* Main program */ +enum { + OPT_SET_AUTH_USER = 1000 +}; + int main(int argc, char **argv) { extern pstring global_myname; int opt; + poptContext pc; + char *string_arg; + int int_arg; + BOOL got_command = False; + + struct poptOption long_options[] = { + + /* longName, shortName, argInfo, argPtr, value, descrip, argDesc */ + + { "domain-users", 'u', POPT_ARG_NONE, 0, 'u' }, + { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g' }, + { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n' }, + { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's' }, + { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U' }, + { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G' }, + { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S' }, + { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y' }, + { "check-secret", 't', POPT_ARG_NONE, 0, 't' }, + { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm' }, + { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' }, + { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER }, + { 0, 0, 0, 0 } + }; + /* Samba client initialisation */ if (!*global_myname) { @@ -474,7 +529,23 @@ int main(int argc, char **argv) return 1; } - while ((opt = getopt(argc, argv, "ugs:n:U:G:S:Y:tmr:a:")) != EOF) { + /* Parse options */ + + pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0); + + while((opt = poptGetNextOpt(pc)) != -1) { + if (got_command) { + fprintf(stderr, "No more than one command may be specified " + "at once.\n"); + exit(1); + } + got_command = True; + } + + pc = poptGetContext(NULL, argc, (const char **)argv, long_options, + POPT_CONTEXT_KEEP_FIRST); + + while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { case 'u': if (!print_domain_users()) { @@ -489,42 +560,41 @@ int main(int argc, char **argv) } break; case 's': - if (!wbinfo_lookupsid(optarg)) { - printf("Could not lookup sid %s\n", optarg); + if (!wbinfo_lookupsid(string_arg)) { + printf("Could not lookup sid %s\n", string_arg); return 1; } break; case 'n': - if (!wbinfo_lookupname(optarg)) { - printf("Could not lookup name %s\n", optarg); + if (!wbinfo_lookupname(string_arg)) { + printf("Could not lookup name %s\n", string_arg); return 1; } break; case 'U': - if (!wbinfo_uid_to_sid(atoi(optarg))) { - printf("Could not convert uid %s to sid\n", - optarg); + if (!wbinfo_uid_to_sid(int_arg)) { + printf("Could not convert uid %d to sid\n", int_arg); return 1; } break; case 'G': - if (!wbinfo_gid_to_sid(atoi(optarg))) { - printf("Could not convert gid %s to sid\n", - optarg); + if (!wbinfo_gid_to_sid(int_arg)) { + printf("Could not convert gid %d to sid\n", + int_arg); return 1; } break; case 'S': - if (!wbinfo_sid_to_uid(optarg)) { + if (!wbinfo_sid_to_uid(string_arg)) { printf("Could not convert sid %s to uid\n", - optarg); + string_arg); return 1; } break; case 'Y': - if (!wbinfo_sid_to_gid(optarg)) { + if (!wbinfo_sid_to_gid(string_arg)) { printf("Could not convert sid %s to gid\n", - optarg); + string_arg); return 1; } break; @@ -541,40 +611,42 @@ int main(int argc, char **argv) } break; case 'r': - if (!wbinfo_get_usergroups(optarg)) { + if (!wbinfo_get_usergroups(string_arg)) { printf("Could not get groups for user %s\n", - optarg); + string_arg); return 1; } break; case 'a': { BOOL got_error = False; - if (!wbinfo_auth(optarg)) { + if (!wbinfo_auth(string_arg)) { printf("Could not authenticate user %s with " - "plaintext password\n", optarg); + "plaintext password\n", string_arg); got_error = True; } - if (!wbinfo_auth_crap(optarg)) { + if (!wbinfo_auth_crap(string_arg)) { printf("Could not authenticate user %s with " - "challenge/response\n", optarg); + "challenge/response\n", string_arg); got_error = True; } - + if (got_error) return 1; break; - - } - /* Invalid option */ - + } + case OPT_SET_AUTH_USER: + if (!(wbinfo_set_auth_user(string_arg))) { + return 1; + } + break; default: - usage(); + fprintf(stderr, "Invalid option\n"); return 1; } } - + /* Clean exit */ return 0; |