diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-01-28 12:15:24 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:33 -0500 |
| commit | 44e601b5ad635ba29088fd4c747627dee8d62112 (patch) | |
| tree | db7939e1e24dfd0b4e2fdc3a9bb5a447e4922e81 /source4/lib | |
| parent | 210d3c1dc760af8e21fbfd5b23e87a1c937051d4 (diff) | |
| download | samba-44e601b5ad635ba29088fd4c747627dee8d62112.tar.gz samba-44e601b5ad635ba29088fd4c747627dee8d62112.tar.bz2 samba-44e601b5ad635ba29088fd4c747627dee8d62112.zip | |
r13206: This patch finally re-adds a -k option that works reasonably.
From here we can add tests to Samba for kerberos, forcing it on and
off. In the process, I also remove the dependency of credentials on
GENSEC.
This also picks up on the idea of bringing 'set_boolean' into general
code from jpeach's cifsdd patch.
Andrew Bartlett
(This used to be commit 1ac7976ea6e3ad6184c911de5df624c44e7c5228)
Diffstat (limited to 'source4/lib')
| -rw-r--r-- | source4/lib/cmdline/popt_credentials.c | 42 | ||||
| -rw-r--r-- | source4/lib/util_str.c | 25 |
2 files changed, 64 insertions, 3 deletions
diff --git a/source4/lib/cmdline/popt_credentials.c b/source4/lib/cmdline/popt_credentials.c index 49916d0ff3..d037cfd7c4 100644 --- a/source4/lib/cmdline/popt_credentials.c +++ b/source4/lib/cmdline/popt_credentials.c @@ -21,6 +21,7 @@ #include "includes.h" #include "lib/cmdline/popt_common.h" +#include "auth/gensec/gensec.h" /* Handle command line options: * -U,--user @@ -28,13 +29,16 @@ * -k,--use-kerberos * -N,--no-pass * -S,--signing - * -P --machine-pass + * -P --machine-pass + * --simple-bind-dn + * --password + * --use-security-mechanisms */ static BOOL dont_ask; -enum opt { OPT_SIMPLE_BIND_DN }; +enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS, OPT_GENSEC_MECHS }; /* disable asking for a password @@ -73,11 +77,18 @@ static void popt_common_credentials_callback(poptContext con, if ((lp=strchr_m(arg,'%'))) { lp[0]='\0'; lp++; + /* Try to prevent this showing up in ps */ memset(lp,0,strlen(lp)); } } break; + case OPT_PASSWORD: + cli_credentials_set_password(cmdline_credentials, arg, CRED_SPECIFIED); + /* Try to prevent this showing up in ps */ + memset(arg,0,strlen(arg)); + break; + case 'A': cli_credentials_parse_file(cmdline_credentials, arg, CRED_SPECIFIED); break; @@ -89,9 +100,31 @@ static void popt_common_credentials_callback(poptContext con, case 'P': /* Later, after this is all over, get the machine account details from the secrets.ldb */ cli_credentials_set_machine_account_pending(cmdline_credentials); + break; + + case OPT_KERBEROS: + { + BOOL use_kerberos = True; + /* Force us to only use kerberos */ + if (arg) { + if (!set_boolean(arg, &use_kerberos)) { + fprintf(stderr, "Error parsing -k %s\n", arg); + exit(1); + break; + } + } - /* machine accounts only work with kerberos (fall though)*/ + cli_credentials_set_kerberos_state(cmdline_credentials, + use_kerberos + ? CRED_MUST_USE_KERBEROS + : CRED_DONT_USE_KERBEROS); break; + } + case OPT_GENSEC_MECHS: + /* Convert a list of strings into a list of available authentication standards */ + + break; + case OPT_SIMPLE_BIND_DN: cli_credentials_set_bind_dn(cmdline_credentials, arg); break; @@ -104,9 +137,12 @@ struct poptOption popt_common_credentials[] = { { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, popt_common_credentials_callback }, { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "[DOMAIN\\]USERNAME[%PASSWORD]" }, { "no-pass", 'N', POPT_ARG_NONE, &dont_ask, True, "Don't ask for a password" }, + { "password", 0, POPT_ARG_STRING, NULL, OPT_PASSWORD, "Password" }, { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" }, { "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" }, { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password (implies -k)" }, { "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN to use for a simple bind" }, + { "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos" }, + { "use-security-mechanisms", 0, POPT_ARG_STRING, NULL, OPT_GENSEC_MECHS, "Restricted list of authentication mechanisms available for use with this authentication"}, POPT_TABLEEND }; diff --git a/source4/lib/util_str.c b/source4/lib/util_str.c index eebddf65a5..311f81eaf3 100644 --- a/source4/lib/util_str.c +++ b/source4/lib/util_str.c @@ -1111,3 +1111,28 @@ char *attrib_string(TALLOC_CTX *mem_ctx, uint32_t attrib) return ret; } + +/*************************************************************************** + Set a boolean variable from the text value stored in the passed string. + Returns True in success, False if the passed string does not correctly + represent a boolean. +***************************************************************************/ + +BOOL set_boolean(const char *boolean_string, BOOL *boolean) +{ + if (strwicmp(boolean_string, "yes") == 0 || + strwicmp(boolean_string, "true") == 0 || + strwicmp(boolean_string, "on") == 0 || + strwicmp(boolean_string, "1") == 0) { + *boolean = True; + return True; + } else if (strwicmp(boolean_string, "no") == 0 || + strwicmp(boolean_string, "false") == 0 || + strwicmp(boolean_string, "off") == 0 || + strwicmp(boolean_string, "0") == 0) { + *boolean = False; + return True; + } + return False; +} + |