Fix client authentication with -P switch in client tools (Bug 5435).

Guenther
(This used to be commit d077ef64cd1d9bbaeb936566c2c70da508de829f)

2 files changed, 49 insertions, 30 deletions

diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index 8f0f7c62bb..25e41ab5f3 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -514,35 +514,7 @@ static void popt_common_credentials_callback(poptContext con,
 		}
 		break;
 	case 'P':
-	        {
-			char *opt_password = NULL;
-			char *pwd = NULL;
-
-			/* it is very useful to be able to make ads queries as the
-			   machine account for testing purposes and for domain leave */
-
-			if (!secrets_init()) {
-				d_printf("ERROR: Unable to open secrets database\n");
-				exit(1);
-			}
-
-			opt_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
-
-			if (!opt_password) {
-				d_printf("ERROR: Unable to fetch machine password\n");
-				exit(1);
-			}
-			if (asprintf(&pwd, "%s$", global_myname()) < 0) {
-				exit(ENOMEM);
-			}
-			set_cmdline_auth_info_username(pwd);
-			set_cmdline_auth_info_password(opt_password);
-			SAFE_FREE(pwd);
-			SAFE_FREE(opt_password);
-
-			/* machine accounts only work with kerberos */
-			set_cmdline_auth_info_use_krb5_ticket();
-		}
+		set_cmdline_auth_info_use_machine_account();
 		break;
 	case 'N':
 		set_cmdline_auth_info_password("");
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 953981e82a..5f95bcc558 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -291,7 +291,8 @@ static struct user_auth_info cmdline_auth_info = {
 	false,	/* got_pass */
 	false,	/* use_kerberos */
 	Undefined, /* signing state */
-	false	/* smb_encrypt */
+	false,	/* smb_encrypt */
+	false   /* use machine account */
 };
 
 const char *get_cmdline_auth_info_username(void)
@@ -370,6 +371,11 @@ void set_cmdline_auth_info_smb_encrypt(void)
 	cmdline_auth_info.smb_encrypt = true;
 }
 
+void set_cmdline_auth_info_use_machine_account(void)
+{
+	cmdline_auth_info.use_machine_account = true;
+}
+
 bool get_cmdline_auth_info_got_pass(void)
 {
 	return cmdline_auth_info.got_pass;
@@ -380,6 +386,11 @@ bool get_cmdline_auth_info_smb_encrypt(void)
 	return cmdline_auth_info.smb_encrypt;
 }
 
+bool get_cmdline_auth_info_use_machine_account(void)
+{
+	return cmdline_auth_info.use_machine_account;
+}
+
 bool get_cmdline_auth_info_copy(struct user_auth_info *info)
 {
 	*info = cmdline_auth_info;
@@ -392,6 +403,42 @@ bool get_cmdline_auth_info_copy(struct user_auth_info *info)
 	return true;
 }
 
+bool set_cmdline_auth_info_machine_account_creds(void)
+{
+	char *pass = NULL;
+	char *account = NULL;
+
+	if (!get_cmdline_auth_info_use_machine_account()) {
+		return false;
+	}
+
+	if (!secrets_init()) {
+		d_printf("ERROR: Unable to open secrets database\n");
+		return false;
+	}
+
+	if (asprintf(&account, "%s$@%s", global_myname(), lp_realm()) < 0) {
+		return false;
+	}
+
+	pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
+	if (!pass) {
+		d_printf("ERROR: Unable to fetch machine password for "
+			"%s in domain %s\n",
+			account, lp_workgroup());
+		SAFE_FREE(account);
+		return false;
+	}
+
+	set_cmdline_auth_info_username(account);
+	set_cmdline_auth_info_password(pass);
+
+	SAFE_FREE(account);
+	SAFE_FREE(pass);
+
+	return true;
+}
+
 /**************************************************************************n
  Find a suitable temporary directory. The result should be copied immediately
  as it may be overwritten by a subsequent call.