diff options
-rw-r--r-- | source3/utils/net.c | 43 | ||||
-rw-r--r-- | source3/utils/net.h | 9 | ||||
-rw-r--r-- | source3/utils/net_ads.c | 81 | ||||
-rw-r--r-- | source3/utils/net_dom.c | 8 | ||||
-rw-r--r-- | source3/utils/net_help.c | 1 | ||||
-rw-r--r-- | source3/utils/net_proto.h | 3 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 74 | ||||
-rw-r--r-- | source3/utils/net_rpc_join.c | 3 | ||||
-rw-r--r-- | source3/utils/net_rpc_samsync.c | 4 | ||||
-rw-r--r-- | source3/utils/net_rpc_shell.c | 9 | ||||
-rw-r--r-- | source3/utils/net_util.c | 109 |
11 files changed, 135 insertions, 209 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c index 9cd41c5b37..0e3946f5a5 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -625,7 +625,6 @@ static struct functable net_func[] = { int main(int argc, const char **argv) { int opt,i; - char *p; int rc = 0; int argc_new = 0; const char ** argv_new; @@ -636,12 +635,10 @@ static struct functable net_func[] = { struct poptOption long_options[] = { {"help", 'h', POPT_ARG_NONE, 0, 'h'}, {"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup}, - {"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'}, {"ipaddress", 'I', POPT_ARG_STRING, 0,'I'}, {"port", 'p', POPT_ARG_INT, &c->opt_port}, {"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name}, {"server", 'S', POPT_ARG_STRING, &c->opt_host}, - {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" }, {"container", 'c', POPT_ARG_STRING, &c->opt_container}, {"comment", 'C', POPT_ARG_STRING, &c->opt_comment}, {"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers}, @@ -652,15 +649,13 @@ static struct functable net_func[] = { {"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin}, {"timeout", 't', POPT_ARG_INT, &c->opt_timeout}, {"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout}, - {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass}, - {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos}, {"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup}, {"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose}, {"test", 'T', POPT_ARG_NONE, &c->opt_testmode}, /* Options for 'net groupmap set' */ {"local", 'L', POPT_ARG_NONE, &c->opt_localgroup}, {"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup}, - {"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname}, + {"ntname", 0, POPT_ARG_STRING, &c->opt_newntname}, {"rid", 'R', POPT_ARG_INT, &c->opt_rid}, /* Options for 'net rpc share migrate' */ {"acls", 0, POPT_ARG_NONE, &c->opt_acls}, @@ -675,6 +670,7 @@ static struct functable net_func[] = { {"clean-old-entries", 0, POPT_ARG_NONE, &c->opt_clean_old_entries}, POPT_COMMON_SAMBA + POPT_COMMON_CREDENTIALS { 0, 0, 0, 0} }; @@ -688,6 +684,13 @@ static struct functable net_func[] = { dbf = x_stderr; c->private_data = net_func; + c->auth_info = user_auth_info_init(frame); + if (c->auth_info == NULL) { + d_fprintf(stderr, "\nOut of memory!\n"); + exit(1); + } + popt_common_set_auth_info(c->auth_info); + pc = poptGetContext(NULL, argc, (const char **) argv, long_options, POPT_CONTEXT_KEEP_FIRST); @@ -695,9 +698,7 @@ static struct functable net_func[] = { switch (opt) { case 'h': c->display_usage = true; - break; - case 'e': - c->smb_encrypt = true; + set_cmdline_auth_info_password(c->auth_info, ""); break; case 'I': if (!interpret_string_addr(&c->opt_dest_ip, @@ -707,15 +708,6 @@ static struct functable net_func[] = { c->opt_have_ip = true; } break; - case 'U': - c->opt_user_specified = true; - c->opt_user_name = SMB_STRDUP(c->opt_user_name); - p = strchr(c->opt_user_name,'%'); - if (p) { - *p = 0; - c->opt_password = p+1; - } - break; default: d_fprintf(stderr, "\nInvalid option %s: %s\n", poptBadOption(pc, 0), poptStrerror(opt)); @@ -749,10 +741,6 @@ static struct functable net_func[] = { set_global_myname(c->opt_requester_name); } - if (!c->opt_user_name && getenv("LOGNAME")) { - c->opt_user_name = getenv("LOGNAME"); - } - if (!c->opt_workgroup) { c->opt_workgroup = smb_xstrdup(lp_workgroup()); } @@ -770,17 +758,6 @@ static struct functable net_func[] = { that it won't assert becouse we are not root */ sec_init(); - if (c->opt_machine_pass) { - /* it is very useful to be able to make ads queries as the - machine account for testing purposes and for domain leave */ - - net_use_krb_machine_account(c); - } - - if (!c->opt_password) { - c->opt_password = getenv("PASSWD"); - } - rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func); DEBUG(2,("return code = %d\n", rc)); diff --git a/source3/utils/net.h b/source3/utils/net.h index d88f962d41..f604d96361 100644 --- a/source3/utils/net.h +++ b/source3/utils/net.h @@ -28,11 +28,8 @@ struct net_context { const char *opt_requester_name; const char *opt_host; - const char *opt_password; - const char *opt_user_name; - bool opt_user_specified; - const char *opt_workgroup; int opt_long_list_entries; + const char *opt_workgroup; int opt_reboot; int opt_force; int opt_stdin; @@ -45,7 +42,6 @@ struct net_context { int opt_timeout; int opt_request_timeout; const char *opt_target_workgroup; - int opt_machine_pass; int opt_localgroup; int opt_domaingroup; int do_talloc_report; @@ -57,15 +53,14 @@ struct net_context { const char *opt_exclude; const char *opt_destination; int opt_testmode; - bool opt_kerberos; int opt_force_full_repl; int opt_single_obj_repl; int opt_clean_old_entries; int opt_have_ip; struct sockaddr_storage opt_dest_ip; - bool smb_encrypt; struct libnetapi_ctx *netapi_ctx; + struct user_auth_info *auth_info; bool display_usage; void *private_data; diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8e927becbe..4503231566 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -231,32 +231,22 @@ retry_connect: ads = ads_init(realm, c->opt_target_workgroup, c->opt_host); - if (!c->opt_user_name) { - c->opt_user_name = "administrator"; - } - - if (c->opt_user_specified) { - need_password = true; - } - retry: - if (!c->opt_password && need_password && !c->opt_machine_pass) { - c->opt_password = net_prompt_pass(c, c->opt_user_name); - if (!c->opt_password) { - ads_destroy(&ads); - return ADS_ERROR(LDAP_NO_MEMORY); - } + if (need_password) { + set_cmdline_auth_info_getpass(c->auth_info); } - if (c->opt_password) { + if (get_cmdline_auth_info_got_pass(c->auth_info)) { use_in_memory_ccache(); SAFE_FREE(ads->auth.password); - ads->auth.password = smb_xstrdup(c->opt_password); + ads->auth.password = smb_xstrdup( + get_cmdline_auth_info_password(c->auth_info)); } ads->auth.flags |= auth_flags; SAFE_FREE(ads->auth.user_name); - ads->auth.user_name = smb_xstrdup(c->opt_user_name); + ads->auth.user_name = smb_xstrdup( + get_cmdline_auth_info_username(c->auth_info)); /* * If the username is of the form "name@realm", @@ -875,6 +865,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) TALLOC_CTX *ctx; struct libnet_UnjoinCtx *r = NULL; WERROR werr; + struct user_auth_info *ai = c->auth_info; if (c->display_usage) { d_printf("Usage:\n" @@ -893,7 +884,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) return -1; } - if (!c->opt_kerberos) { + if (!get_cmdline_auth_info_use_kerberos(ai)) { use_in_memory_ccache(); } @@ -903,12 +894,14 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) return -1; } + set_cmdline_auth_info_getpass(ai); + r->in.debug = true; - r->in.use_kerberos = c->opt_kerberos; + r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai); r->in.dc_name = c->opt_host; r->in.domain_name = lp_realm(); - r->in.admin_account = c->opt_user_name; - r->in.admin_password = net_prompt_pass(c, c->opt_user_name); + r->in.admin_account = get_cmdline_auth_info_username(ai); + r->in.admin_password = get_cmdline_auth_info_password(ai); r->in.modify_config = lp_config_backend_is_registry(); r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; @@ -959,7 +952,7 @@ static NTSTATUS net_ads_join_ok(struct net_context *c) return NT_STATUS_ACCESS_DENIED; } - net_use_krb_machine_account(c); + set_cmdline_auth_info_use_machine_account(c->auth_info); status = ads_startup(c, true, &ads); if (!ADS_ERR_OK(status)) { @@ -1190,6 +1183,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) const char *os_name = NULL; const char *os_version = NULL; bool modify_config = lp_config_backend_is_registry(); + struct user_auth_info *ai = c->auth_info;; if (c->display_usage) return net_ads_join_usage(c, argc, argv); @@ -1209,7 +1203,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) goto fail; } - if (!c->opt_kerberos) { + if (!get_cmdline_auth_info_use_kerberos(ai)) { use_in_memory_ccache(); } @@ -1259,6 +1253,8 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) /* Do the domain join here */ + set_cmdline_auth_info_getpass(ai); + r->in.domain_name = domain; r->in.create_upn = createupn; r->in.upn = machineupn; @@ -1266,10 +1262,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) r->in.os_name = os_name; r->in.os_version = os_version; r->in.dc_name = c->opt_host; - r->in.admin_account = c->opt_user_name; - r->in.admin_password = net_prompt_pass(c, c->opt_user_name); + r->in.admin_account = get_cmdline_auth_info_username(ai); + r->in.admin_password = get_cmdline_auth_info_password(ai); r->in.debug = true; - r->in.use_kerberos = c->opt_kerberos; + r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai); r->in.modify_config = modify_config; r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | @@ -1580,6 +1576,7 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * char *prt_dn, *srv_dn, **srv_cn; char *srv_cn_escaped = NULL, *printername_escaped = NULL; LDAPMessage *res = NULL; + struct user_auth_info *ai = c->auth_info; if (argc < 1 || c->display_usage) { d_printf("Usage:\n" @@ -1611,8 +1608,9 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * nt_status = cli_full_connection(&cli, global_myname(), servername, &server_ss, 0, "IPC$", "IPC", - c->opt_user_name, c->opt_workgroup, - c->opt_password ? c->opt_password : "", + get_cmdline_auth_info_username(ai), + c->opt_workgroup, + get_cmdline_auth_info_password(ai), CLI_FULL_CONNECTION_USE_KERBEROS, Undefined, NULL); @@ -1800,8 +1798,8 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv) static int net_ads_password(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; - const char *auth_principal = c->opt_user_name; - const char *auth_password = c->opt_password; + const char *auth_principal; + const char *auth_password; char *realm = NULL; char *new_password = NULL; char *chr, *prompt; @@ -1816,10 +1814,9 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv) return 0; } - if (c->opt_user_name == NULL || c->opt_password == NULL) { - d_fprintf(stderr, "You must supply an administrator username/password\n"); - return -1; - } + auth_principal = get_cmdline_auth_info_username(c->auth_info); + set_cmdline_auth_info_getpass(c->auth_info); + auth_password = get_cmdline_auth_info_password(c->auth_info); if (argc < 1) { d_fprintf(stderr, "ERROR: You must say which username to change password for\n"); @@ -1901,7 +1898,7 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv) return -1; } - net_use_krb_machine_account(c); + set_cmdline_auth_info_use_machine_account(c->auth_info); use_in_memory_ccache(); @@ -2283,6 +2280,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar TALLOC_CTX *mem_ctx = NULL; NTSTATUS status; int ret = -1; + struct user_auth_info *ai = c->auth_info; if (c->display_usage) { d_printf("Usage:\n" @@ -2296,11 +2294,11 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar goto out; } - c->opt_password = net_prompt_pass(c, c->opt_user_name); + set_cmdline_auth_info_getpass(ai); status = kerberos_return_pac(mem_ctx, - c->opt_user_name, - c->opt_password, + get_cmdline_auth_info_username(ai), + get_cmdline_auth_info_password(ai), 0, NULL, NULL, @@ -2333,6 +2331,7 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** TALLOC_CTX *mem_ctx = NULL; int ret = -1; NTSTATUS status; + struct user_auth_info *ai = c->auth_info; if (c->display_usage) { d_printf("Usage:\n" @@ -2346,10 +2345,10 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** goto out; } - c->opt_password = net_prompt_pass(c, c->opt_user_name); + set_cmdline_auth_info_getpass(ai); - ret = kerberos_kinit_password_ext(c->opt_user_name, - c->opt_password, + ret = kerberos_kinit_password_ext(get_cmdline_auth_info_username(ai), + get_cmdline_auth_info_password(ai), 0, NULL, NULL, diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c index 401079777f..a13f52c519 100644 --- a/source3/utils/net_dom.c +++ b/source3/utils/net_dom.c @@ -368,9 +368,11 @@ int net_dom(struct net_context *c, int argc, const char **argv) return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c index 0502373aa2..5a170790c5 100644 --- a/source3/utils/net_help.c +++ b/source3/utils/net_help.c @@ -65,5 +65,6 @@ int net_help(struct net_context *c, int argc, const char **argv) } c->display_usage = true; + set_cmdline_auth_info_password(c->auth_info, ""); return net_run_function(c, argc, argv, "net help", func); } diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 75ac032db9..8a09147aad 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -459,8 +459,6 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, struct rpc_pipe_client **pp_pipe_hnd, const struct ndr_syntax_id *interface); -int net_use_krb_machine_account(struct net_context *c); -int net_use_machine_account(struct net_context *c); bool net_find_server(struct net_context *c, const char *domain, unsigned flags, @@ -475,7 +473,6 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain, const char *server, struct sockaddr_storage *pss, unsigned flags, struct cli_state **pcli); -const char *net_prompt_pass(struct net_context *c, const char *user); int net_run_function(struct net_context *c, int argc, const char **argv, const char *whoami, struct functable *table); void net_display_usage_from_functable(struct functable *table); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index f6f90030fe..0118b4818a 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -25,7 +25,8 @@ #include "../libcli/auth/libcli_auth.h" static int net_mode_share; -static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); +static bool sync_files(struct copy_clistate *cp_clistate, const char *mask, + const struct user_auth_info *auth_info); /** * @file net_rpc.c @@ -122,6 +123,7 @@ int run_rpc_command(struct net_context *c, DOM_SID *domain_sid; const char *domain_name; int ret = -1; + struct user_auth_info *ai = c->auth_info; /* make use of cli_state handed over as an argument, if possible */ if (!cli_arg) { @@ -171,8 +173,10 @@ int run_rpc_command(struct net_context *c, nt_status = cli_rpc_pipe_open_ntlmssp( cli, interface, PIPE_AUTH_LEVEL_PRIVACY, - lp_workgroup(), c->opt_user_name, - c->opt_password, &pipe_hnd); + lp_workgroup(), + get_cmdline_auth_info_username(ai), + get_cmdline_auth_info_password(ai), + &pipe_hnd); } else { nt_status = cli_rpc_pipe_open_noauth( cli, interface, @@ -940,9 +944,12 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -2756,9 +2763,12 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -3245,7 +3255,7 @@ static void copy_fn(const char *mnt, file_info *f, old_dir = local_state->cwd; local_state->cwd = dir; - if (!sync_files(local_state, new_mask)) + if (!sync_files(local_state, new_mask, c->auth_info)) printf("could not handle files\n"); local_state->cwd = old_dir; @@ -3292,15 +3302,18 @@ static void copy_fn(const char *mnt, file_info *f, * * @return Boolean result **/ -static bool sync_files(struct copy_clistate *cp_clistate, const char *mask) +static bool sync_files(struct copy_clistate *cp_clistate, const char *mask, + const struct user_auth_info *auth_info) { struct cli_state *targetcli; char *targetpath = NULL; DEBUG(3,("calling cli_list with mask: %s\n", mask)); - if ( !cli_resolve_path(talloc_tos(), "", NULL, cp_clistate->cli_share_src, - mask, &targetcli, &targetpath ) ) { + + if ( !cli_resolve_path(talloc_tos(), "", auth_info, + cp_clistate->cli_share_src, mask, &targetcli, + &targetpath ) ) { d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n", mask, cli_errstr(cp_clistate->cli_share_src)); return false; @@ -3463,7 +3476,7 @@ static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c, goto done; } - if (!sync_files(&cp_clistate, mask)) { + if (!sync_files(&cp_clistate, mask, c->auth_info)) { d_fprintf(stderr, "could not handle files for share: %s\n", info502.name); nt_status = NT_STATUS_UNSUCCESSFUL; goto done; @@ -4564,9 +4577,12 @@ int net_rpc_share(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -4839,9 +4855,12 @@ int net_rpc_file(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -5531,7 +5550,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, c->opt_workgroup = smb_xstrdup(domain_name); }; - c->opt_user_name = acct_name; + set_cmdline_auth_info_username(c->auth_info, acct_name); /* find the domain controller */ if (!net_find_pdc(&server_ss, pdc_name, domain_name)) { @@ -5628,7 +5647,9 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, * Store the password in secrets db */ - if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) { + if (!pdb_set_trusteddom_pw(domain_name, + get_cmdline_auth_info_password(c->auth_info), + domain_sid)) { DEBUG(0, ("Storing password for trusted domain failed.\n")); cli_shutdown(cli); talloc_destroy(mem_ctx); @@ -7190,9 +7211,12 @@ int net_rpc(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index ed0311317d..cae2491aed 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -58,7 +58,8 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, if (sec == SEC_ADS) { /* Connect to IPC$ using machine account's credentials. We don't use anonymous connection here, as it may be denied by server's local policy. */ - net_use_machine_account(c); + set_cmdline_auth_info_use_machine_account(c->auth_info); + set_cmdline_auth_info_machine_account_creds(c->auth_info); } else { /* some servers (e.g. WinNT) don't accept machine-authenticated diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 6b23db74cb..bd5047c1ff 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -379,8 +379,8 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, ctx->cli = pipe_hnd; ctx->ops = &libnet_samsync_keytab_ops; ctx->domain_name = domain_name; - ctx->username = c->opt_user_name; - ctx->password = c->opt_password; + ctx->username = get_cmdline_auth_info_username(c->auth_info); + ctx->password = get_cmdline_auth_info_password(c->auth_info); ctx->force_full_replication = c->opt_force_full_repl ? true : false; ctx->clean_old_entries = c->opt_clean_old_entries ? true : false; diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c index 3aaed1ed18..dc13e91423 100644 --- a/source3/utils/net_rpc_shell.c +++ b/source3/utils/net_rpc_shell.c @@ -220,9 +220,12 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv) if (libnetapi_init(&c->netapi_ctx) != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 8bf9aac6f2..50f3c1db01 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -96,22 +96,22 @@ NTSTATUS connect_to_service(struct net_context *c, { NTSTATUS nt_status; int flags = 0; + struct user_auth_info *ai = c->auth_info; - c->opt_password = net_prompt_pass(c, c->opt_user_name); + set_cmdline_auth_info_getpass(ai); - if (c->opt_kerberos) { - flags |= CLI_FULL_CONNECTION_USE_KERBEROS; - } - - if (c->opt_kerberos && c->opt_password) { - flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; + if (get_cmdline_auth_info_use_kerberos(ai)) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS | + CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } nt_status = cli_full_connection(cli_ctx, NULL, server_name, server_ss, c->opt_port, service_name, service_type, - c->opt_user_name, c->opt_workgroup, - c->opt_password, flags, Undefined, NULL); + get_cmdline_auth_info_username(ai), + c->opt_workgroup, + get_cmdline_auth_info_password(ai), + flags, Undefined, NULL); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Could not connect to server %s\n", server_name); @@ -131,10 +131,10 @@ NTSTATUS connect_to_service(struct net_context *c, return nt_status; } - if (c->smb_encrypt) { + if (get_cmdline_auth_info_smb_encrypt(ai)) { nt_status = cli_force_encryption(*cli_ctx, - c->opt_user_name, - c->opt_password, + get_cmdline_auth_info_username(ai), + get_cmdline_auth_info_password(ai), c->opt_workgroup); if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) { @@ -234,14 +234,12 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, { NTSTATUS nt_status; char *user_and_realm = NULL; + struct user_auth_info *ai = c->auth_info; /* FIXME: Should get existing kerberos ticket if possible. */ - c->opt_password = net_prompt_pass(c, c->opt_user_name); - if (!c->opt_password) { - return NT_STATUS_NO_MEMORY; - } + set_cmdline_auth_info_getpass(ai); - user_and_realm = get_user_and_realm(c->opt_user_name); + user_and_realm = get_user_and_realm(get_cmdline_auth_info_username(ai)); if (!user_and_realm) { return NT_STATUS_NO_MEMORY; } @@ -250,7 +248,7 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, server_ss, c->opt_port, "IPC$", "IPC", user_and_realm, c->opt_workgroup, - c->opt_password, + get_cmdline_auth_info_password(ai), CLI_FULL_CONNECTION_USE_KERBEROS, Undefined, NULL); @@ -261,10 +259,10 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, return nt_status; } - if (c->smb_encrypt) { + if (get_cmdline_auth_info_smb_encrypt(ai)) { nt_status = cli_cm_force_encryption(*cli_ctx, user_and_realm, - c->opt_password, + get_cmdline_auth_info_password(ai), c->opt_workgroup, "IPC$"); if (!NT_STATUS_IS_OK(nt_status)) { @@ -328,50 +326,6 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, return nt_status; } -/**************************************************************************** - Use the local machine account (krb) and password for this session. -****************************************************************************/ - -int net_use_krb_machine_account(struct net_context *c) -{ - char *user_name = NULL; - - if (!secrets_init()) { - d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); - exit(1); - } - - c->opt_password = secrets_fetch_machine_password( - c->opt_target_workgroup, NULL, NULL); - if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) { - return -1; - } - c->opt_user_name = user_name; - return 0; -} - -/**************************************************************************** - Use the machine account name and password for this session. -****************************************************************************/ - -int net_use_machine_account(struct net_context *c) -{ - char *user_name = NULL; - - if (!secrets_init()) { - d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); - exit(1); - } - - c->opt_password = secrets_fetch_machine_password( - c->opt_target_workgroup, NULL, NULL); - if (asprintf(&user_name, "%s$", global_myname()) == -1) { - return -1; - } - c->opt_user_name = user_name; - return 0; -} - bool net_find_server(struct net_context *c, const char *domain, unsigned flags, @@ -535,33 +489,6 @@ done: /**************************************************************************** ****************************************************************************/ -const char *net_prompt_pass(struct net_context *c, const char *user) -{ - char *prompt = NULL; - const char *pass = NULL; - - if (c->opt_password) { - return c->opt_password; - } - - if (c->opt_machine_pass) { - return NULL; - } - - if (c->opt_kerberos && !c->opt_user_specified) { - return NULL; - } - - if (asprintf(&prompt, "Enter %s's password:", user) == -1) { - return NULL; - } - - pass = getpass(prompt); - SAFE_FREE(prompt); - - return pass; -} - int net_run_function(struct net_context *c, int argc, const char **argv, const char *whoami, struct functable *table) { |