summaryrefslogtreecommitdiff
path: root/source4/lib
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-01-28 12:15:24 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:51:33 -0500
commit44e601b5ad635ba29088fd4c747627dee8d62112 (patch)
treedb7939e1e24dfd0b4e2fdc3a9bb5a447e4922e81 /source4/lib
parent210d3c1dc760af8e21fbfd5b23e87a1c937051d4 (diff)
downloadsamba-44e601b5ad635ba29088fd4c747627dee8d62112.tar.gz
samba-44e601b5ad635ba29088fd4c747627dee8d62112.tar.bz2
samba-44e601b5ad635ba29088fd4c747627dee8d62112.zip
r13206: This patch finally re-adds a -k option that works reasonably.
From here we can add tests to Samba for kerberos, forcing it on and off. In the process, I also remove the dependency of credentials on GENSEC. This also picks up on the idea of bringing 'set_boolean' into general code from jpeach's cifsdd patch. Andrew Bartlett (This used to be commit 1ac7976ea6e3ad6184c911de5df624c44e7c5228)
Diffstat (limited to 'source4/lib')
-rw-r--r--source4/lib/cmdline/popt_credentials.c42
-rw-r--r--source4/lib/util_str.c25
2 files changed, 64 insertions, 3 deletions
diff --git a/source4/lib/cmdline/popt_credentials.c b/source4/lib/cmdline/popt_credentials.c
index 49916d0ff3..d037cfd7c4 100644
--- a/source4/lib/cmdline/popt_credentials.c
+++ b/source4/lib/cmdline/popt_credentials.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "lib/cmdline/popt_common.h"
+#include "auth/gensec/gensec.h"
/* Handle command line options:
* -U,--user
@@ -28,13 +29,16 @@
* -k,--use-kerberos
* -N,--no-pass
* -S,--signing
- * -P --machine-pass
+ * -P --machine-pass
+ * --simple-bind-dn
+ * --password
+ * --use-security-mechanisms
*/
static BOOL dont_ask;
-enum opt { OPT_SIMPLE_BIND_DN };
+enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS, OPT_GENSEC_MECHS };
/*
disable asking for a password
@@ -73,11 +77,18 @@ static void popt_common_credentials_callback(poptContext con,
if ((lp=strchr_m(arg,'%'))) {
lp[0]='\0';
lp++;
+ /* Try to prevent this showing up in ps */
memset(lp,0,strlen(lp));
}
}
break;
+ case OPT_PASSWORD:
+ cli_credentials_set_password(cmdline_credentials, arg, CRED_SPECIFIED);
+ /* Try to prevent this showing up in ps */
+ memset(arg,0,strlen(arg));
+ break;
+
case 'A':
cli_credentials_parse_file(cmdline_credentials, arg, CRED_SPECIFIED);
break;
@@ -89,9 +100,31 @@ static void popt_common_credentials_callback(poptContext con,
case 'P':
/* Later, after this is all over, get the machine account details from the secrets.ldb */
cli_credentials_set_machine_account_pending(cmdline_credentials);
+ break;
+
+ case OPT_KERBEROS:
+ {
+ BOOL use_kerberos = True;
+ /* Force us to only use kerberos */
+ if (arg) {
+ if (!set_boolean(arg, &use_kerberos)) {
+ fprintf(stderr, "Error parsing -k %s\n", arg);
+ exit(1);
+ break;
+ }
+ }
- /* machine accounts only work with kerberos (fall though)*/
+ cli_credentials_set_kerberos_state(cmdline_credentials,
+ use_kerberos
+ ? CRED_MUST_USE_KERBEROS
+ : CRED_DONT_USE_KERBEROS);
break;
+ }
+ case OPT_GENSEC_MECHS:
+ /* Convert a list of strings into a list of available authentication standards */
+
+ break;
+
case OPT_SIMPLE_BIND_DN:
cli_credentials_set_bind_dn(cmdline_credentials, arg);
break;
@@ -104,9 +137,12 @@ struct poptOption popt_common_credentials[] = {
{ NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, popt_common_credentials_callback },
{ "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "[DOMAIN\\]USERNAME[%PASSWORD]" },
{ "no-pass", 'N', POPT_ARG_NONE, &dont_ask, True, "Don't ask for a password" },
+ { "password", 0, POPT_ARG_STRING, NULL, OPT_PASSWORD, "Password" },
{ "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
{ "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" },
{ "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password (implies -k)" },
{ "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN to use for a simple bind" },
+ { "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos" },
+ { "use-security-mechanisms", 0, POPT_ARG_STRING, NULL, OPT_GENSEC_MECHS, "Restricted list of authentication mechanisms available for use with this authentication"},
POPT_TABLEEND
};
diff --git a/source4/lib/util_str.c b/source4/lib/util_str.c
index eebddf65a5..311f81eaf3 100644
--- a/source4/lib/util_str.c
+++ b/source4/lib/util_str.c
@@ -1111,3 +1111,28 @@ char *attrib_string(TALLOC_CTX *mem_ctx, uint32_t attrib)
return ret;
}
+
+/***************************************************************************
+ Set a boolean variable from the text value stored in the passed string.
+ Returns True in success, False if the passed string does not correctly
+ represent a boolean.
+***************************************************************************/
+
+BOOL set_boolean(const char *boolean_string, BOOL *boolean)
+{
+ if (strwicmp(boolean_string, "yes") == 0 ||
+ strwicmp(boolean_string, "true") == 0 ||
+ strwicmp(boolean_string, "on") == 0 ||
+ strwicmp(boolean_string, "1") == 0) {
+ *boolean = True;
+ return True;
+ } else if (strwicmp(boolean_string, "no") == 0 ||
+ strwicmp(boolean_string, "false") == 0 ||
+ strwicmp(boolean_string, "off") == 0 ||
+ strwicmp(boolean_string, "0") == 0) {
+ *boolean = False;
+ return True;
+ }
+ return False;
+}
+