summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2002-11-02 01:51:53 +0000
committerTim Potter <tpot@samba.org>2002-11-02 01:51:53 +0000
commitaea57af3e38873e808afc3c742ba46527f686f6f (patch)
tree7b14027073a4d61201998f902a1d292e804ab96c /source3
parentd759a020941f323ea90e73dcbb83b6c64ecd614f (diff)
downloadsamba-aea57af3e38873e808afc3c742ba46527f686f6f.tar.gz
samba-aea57af3e38873e808afc3c742ba46527f686f6f.tar.bz2
samba-aea57af3e38873e808afc3c742ba46527f686f6f.zip
Fix --set-auth-user command to delete entries from the secrets file when an
empty username/password is passed on the command line. Previously we were leaving the domain name set and the password set to a NULL character. Added a --get-auth-user command to display the restrict anonymous username information. Can only be run successfully by root. (This used to be commit dcaf21efc5b48ddb0cbe70ce17e45c035ef525ad)
Diffstat (limited to 'source3')
-rw-r--r--source3/nsswitch/wbinfo.c80
1 files changed, 68 insertions, 12 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 2e8a618e93..ed51d852cd 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -588,21 +588,73 @@ static BOOL wbinfo_set_auth_user(char *username)
} else
password = "";
- /* Store in secrets.tdb */
-
- if (!secrets_store(SECRETS_AUTH_USER, user,
- strlen(user) + 1) ||
- !secrets_store(SECRETS_AUTH_DOMAIN, domain,
- strlen(domain) + 1) ||
- !secrets_store(SECRETS_AUTH_PASSWORD, password,
- strlen(password) + 1)) {
- d_fprintf(stderr, "error storing authenticated user info\n");
- return False;
+ /* Store or remove DOMAIN\username%password in secrets.tdb */
+
+ secrets_init();
+
+ if (user[0]) {
+
+ if (!secrets_store(SECRETS_AUTH_USER, user,
+ strlen(user) + 1)) {
+ d_fprintf(stderr, "error storing username\n");
+ return False;
+ }
+
+ /* We always have a domain name added by the
+ parse_wbinfo_domain_user() function. */
+
+ if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
+ strlen(domain) + 1)) {
+ d_fprintf(stderr, "error storing domain name\n");
+ return False;
+ }
+
+ } else {
+ secrets_delete(SECRETS_AUTH_USER);
+ secrets_delete(SECRETS_AUTH_DOMAIN);
}
+ if (password[0]) {
+
+ if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
+ strlen(password) + 1)) {
+ d_fprintf(stderr, "error storing password\n");
+ return False;
+ }
+
+ } else
+ secrets_delete(SECRETS_AUTH_PASSWORD);
+
return True;
}
+static void wbinfo_get_auth_user(void)
+{
+ char *user, *domain, *password;
+
+ /* Lift data from secrets file */
+
+ secrets_init();
+
+ user = secrets_fetch(SECRETS_AUTH_USER, NULL);
+ domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
+ password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
+
+ if (!user && !domain && !password) {
+ d_printf("No authorised user configured\n");
+ return;
+ }
+
+ /* Pretty print authorised user info */
+
+ d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? "\\" : "",
+ user, password ? "%" : "", password ? password : "");
+
+ SAFE_FREE(user);
+ SAFE_FREE(domain);
+ SAFE_FREE(password);
+}
+
static BOOL wbinfo_ping(void)
{
NSS_STATUS result;
@@ -621,6 +673,7 @@ static BOOL wbinfo_ping(void)
enum {
OPT_SET_AUTH_USER = 1000,
+ OPT_GET_AUTH_USER,
OPT_SEQUENCE
};
@@ -657,6 +710,7 @@ int main(int argc, char **argv)
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
{ "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
+ { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
{ "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" },
{ 0, 0, 0, 0 }
};
@@ -821,8 +875,10 @@ int main(int argc, char **argv)
break;
}
case OPT_SET_AUTH_USER:
- if (!(wbinfo_set_auth_user(string_arg)))
- goto done;
+ wbinfo_set_auth_user(string_arg);
+ break;
+ case OPT_GET_AUTH_USER:
+ wbinfo_get_auth_user();
break;
default:
d_fprintf(stderr, "Invalid option\n");