summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/utils/net.c43
-rw-r--r--source3/utils/net.h9
-rw-r--r--source3/utils/net_ads.c81
-rw-r--r--source3/utils/net_dom.c8
-rw-r--r--source3/utils/net_help.c1
-rw-r--r--source3/utils/net_proto.h3
-rw-r--r--source3/utils/net_rpc.c74
-rw-r--r--source3/utils/net_rpc_join.c3
-rw-r--r--source3/utils/net_rpc_samsync.c4
-rw-r--r--source3/utils/net_rpc_shell.c9
-rw-r--r--source3/utils/net_util.c109
11 files changed, 135 insertions, 209 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c
index 9cd41c5b37..0e3946f5a5 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -625,7 +625,6 @@ static struct functable net_func[] = {
int main(int argc, const char **argv)
{
int opt,i;
- char *p;
int rc = 0;
int argc_new = 0;
const char ** argv_new;
@@ -636,12 +635,10 @@ static struct functable net_func[] = {
struct poptOption long_options[] = {
{"help", 'h', POPT_ARG_NONE, 0, 'h'},
{"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup},
- {"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'},
{"ipaddress", 'I', POPT_ARG_STRING, 0,'I'},
{"port", 'p', POPT_ARG_INT, &c->opt_port},
{"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name},
{"server", 'S', POPT_ARG_STRING, &c->opt_host},
- {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
{"container", 'c', POPT_ARG_STRING, &c->opt_container},
{"comment", 'C', POPT_ARG_STRING, &c->opt_comment},
{"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers},
@@ -652,15 +649,13 @@ static struct functable net_func[] = {
{"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin},
{"timeout", 't', POPT_ARG_INT, &c->opt_timeout},
{"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout},
- {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass},
- {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos},
{"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup},
{"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose},
{"test", 'T', POPT_ARG_NONE, &c->opt_testmode},
/* Options for 'net groupmap set' */
{"local", 'L', POPT_ARG_NONE, &c->opt_localgroup},
{"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup},
- {"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname},
+ {"ntname", 0, POPT_ARG_STRING, &c->opt_newntname},
{"rid", 'R', POPT_ARG_INT, &c->opt_rid},
/* Options for 'net rpc share migrate' */
{"acls", 0, POPT_ARG_NONE, &c->opt_acls},
@@ -675,6 +670,7 @@ static struct functable net_func[] = {
{"clean-old-entries", 0, POPT_ARG_NONE, &c->opt_clean_old_entries},
POPT_COMMON_SAMBA
+ POPT_COMMON_CREDENTIALS
{ 0, 0, 0, 0}
};
@@ -688,6 +684,13 @@ static struct functable net_func[] = {
dbf = x_stderr;
c->private_data = net_func;
+ c->auth_info = user_auth_info_init(frame);
+ if (c->auth_info == NULL) {
+ d_fprintf(stderr, "\nOut of memory!\n");
+ exit(1);
+ }
+ popt_common_set_auth_info(c->auth_info);
+
pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
@@ -695,9 +698,7 @@ static struct functable net_func[] = {
switch (opt) {
case 'h':
c->display_usage = true;
- break;
- case 'e':
- c->smb_encrypt = true;
+ set_cmdline_auth_info_password(c->auth_info, "");
break;
case 'I':
if (!interpret_string_addr(&c->opt_dest_ip,
@@ -707,15 +708,6 @@ static struct functable net_func[] = {
c->opt_have_ip = true;
}
break;
- case 'U':
- c->opt_user_specified = true;
- c->opt_user_name = SMB_STRDUP(c->opt_user_name);
- p = strchr(c->opt_user_name,'%');
- if (p) {
- *p = 0;
- c->opt_password = p+1;
- }
- break;
default:
d_fprintf(stderr, "\nInvalid option %s: %s\n",
poptBadOption(pc, 0), poptStrerror(opt));
@@ -749,10 +741,6 @@ static struct functable net_func[] = {
set_global_myname(c->opt_requester_name);
}
- if (!c->opt_user_name && getenv("LOGNAME")) {
- c->opt_user_name = getenv("LOGNAME");
- }
-
if (!c->opt_workgroup) {
c->opt_workgroup = smb_xstrdup(lp_workgroup());
}
@@ -770,17 +758,6 @@ static struct functable net_func[] = {
that it won't assert becouse we are not root */
sec_init();
- if (c->opt_machine_pass) {
- /* it is very useful to be able to make ads queries as the
- machine account for testing purposes and for domain leave */
-
- net_use_krb_machine_account(c);
- }
-
- if (!c->opt_password) {
- c->opt_password = getenv("PASSWD");
- }
-
rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
DEBUG(2,("return code = %d\n", rc));
diff --git a/source3/utils/net.h b/source3/utils/net.h
index d88f962d41..f604d96361 100644
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -28,11 +28,8 @@
struct net_context {
const char *opt_requester_name;
const char *opt_host;
- const char *opt_password;
- const char *opt_user_name;
- bool opt_user_specified;
- const char *opt_workgroup;
int opt_long_list_entries;
+ const char *opt_workgroup;
int opt_reboot;
int opt_force;
int opt_stdin;
@@ -45,7 +42,6 @@ struct net_context {
int opt_timeout;
int opt_request_timeout;
const char *opt_target_workgroup;
- int opt_machine_pass;
int opt_localgroup;
int opt_domaingroup;
int do_talloc_report;
@@ -57,15 +53,14 @@ struct net_context {
const char *opt_exclude;
const char *opt_destination;
int opt_testmode;
- bool opt_kerberos;
int opt_force_full_repl;
int opt_single_obj_repl;
int opt_clean_old_entries;
int opt_have_ip;
struct sockaddr_storage opt_dest_ip;
- bool smb_encrypt;
struct libnetapi_ctx *netapi_ctx;
+ struct user_auth_info *auth_info;
bool display_usage;
void *private_data;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 8e927becbe..4503231566 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -231,32 +231,22 @@ retry_connect:
ads = ads_init(realm, c->opt_target_workgroup, c->opt_host);
- if (!c->opt_user_name) {
- c->opt_user_name = "administrator";
- }
-
- if (c->opt_user_specified) {
- need_password = true;
- }
-
retry:
- if (!c->opt_password && need_password && !c->opt_machine_pass) {
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
- if (!c->opt_password) {
- ads_destroy(&ads);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
+ if (need_password) {
+ set_cmdline_auth_info_getpass(c->auth_info);
}
- if (c->opt_password) {
+ if (get_cmdline_auth_info_got_pass(c->auth_info)) {
use_in_memory_ccache();
SAFE_FREE(ads->auth.password);
- ads->auth.password = smb_xstrdup(c->opt_password);
+ ads->auth.password = smb_xstrdup(
+ get_cmdline_auth_info_password(c->auth_info));
}
ads->auth.flags |= auth_flags;
SAFE_FREE(ads->auth.user_name);
- ads->auth.user_name = smb_xstrdup(c->opt_user_name);
+ ads->auth.user_name = smb_xstrdup(
+ get_cmdline_auth_info_username(c->auth_info));
/*
* If the username is of the form "name@realm",
@@ -875,6 +865,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
TALLOC_CTX *ctx;
struct libnet_UnjoinCtx *r = NULL;
WERROR werr;
+ struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -893,7 +884,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
return -1;
}
- if (!c->opt_kerberos) {
+ if (!get_cmdline_auth_info_use_kerberos(ai)) {
use_in_memory_ccache();
}
@@ -903,12 +894,14 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
return -1;
}
+ set_cmdline_auth_info_getpass(ai);
+
r->in.debug = true;
- r->in.use_kerberos = c->opt_kerberos;
+ r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai);
r->in.dc_name = c->opt_host;
r->in.domain_name = lp_realm();
- r->in.admin_account = c->opt_user_name;
- r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
+ r->in.admin_account = get_cmdline_auth_info_username(ai);
+ r->in.admin_password = get_cmdline_auth_info_password(ai);
r->in.modify_config = lp_config_backend_is_registry();
r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
@@ -959,7 +952,7 @@ static NTSTATUS net_ads_join_ok(struct net_context *c)
return NT_STATUS_ACCESS_DENIED;
}
- net_use_krb_machine_account(c);
+ set_cmdline_auth_info_use_machine_account(c->auth_info);
status = ads_startup(c, true, &ads);
if (!ADS_ERR_OK(status)) {
@@ -1190,6 +1183,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
const char *os_name = NULL;
const char *os_version = NULL;
bool modify_config = lp_config_backend_is_registry();
+ struct user_auth_info *ai = c->auth_info;;
if (c->display_usage)
return net_ads_join_usage(c, argc, argv);
@@ -1209,7 +1203,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
goto fail;
}
- if (!c->opt_kerberos) {
+ if (!get_cmdline_auth_info_use_kerberos(ai)) {
use_in_memory_ccache();
}
@@ -1259,6 +1253,8 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
/* Do the domain join here */
+ set_cmdline_auth_info_getpass(ai);
+
r->in.domain_name = domain;
r->in.create_upn = createupn;
r->in.upn = machineupn;
@@ -1266,10 +1262,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
r->in.os_name = os_name;
r->in.os_version = os_version;
r->in.dc_name = c->opt_host;
- r->in.admin_account = c->opt_user_name;
- r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
+ r->in.admin_account = get_cmdline_auth_info_username(ai);
+ r->in.admin_password = get_cmdline_auth_info_password(ai);
r->in.debug = true;
- r->in.use_kerberos = c->opt_kerberos;
+ r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai);
r->in.modify_config = modify_config;
r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
@@ -1580,6 +1576,7 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
char *prt_dn, *srv_dn, **srv_cn;
char *srv_cn_escaped = NULL, *printername_escaped = NULL;
LDAPMessage *res = NULL;
+ struct user_auth_info *ai = c->auth_info;
if (argc < 1 || c->display_usage) {
d_printf("Usage:\n"
@@ -1611,8 +1608,9 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
nt_status = cli_full_connection(&cli, global_myname(), servername,
&server_ss, 0,
"IPC$", "IPC",
- c->opt_user_name, c->opt_workgroup,
- c->opt_password ? c->opt_password : "",
+ get_cmdline_auth_info_username(ai),
+ c->opt_workgroup,
+ get_cmdline_auth_info_password(ai),
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
@@ -1800,8 +1798,8 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv)
static int net_ads_password(struct net_context *c, int argc, const char **argv)
{
ADS_STRUCT *ads;
- const char *auth_principal = c->opt_user_name;
- const char *auth_password = c->opt_password;
+ const char *auth_principal;
+ const char *auth_password;
char *realm = NULL;
char *new_password = NULL;
char *chr, *prompt;
@@ -1816,10 +1814,9 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv)
return 0;
}
- if (c->opt_user_name == NULL || c->opt_password == NULL) {
- d_fprintf(stderr, "You must supply an administrator username/password\n");
- return -1;
- }
+ auth_principal = get_cmdline_auth_info_username(c->auth_info);
+ set_cmdline_auth_info_getpass(c->auth_info);
+ auth_password = get_cmdline_auth_info_password(c->auth_info);
if (argc < 1) {
d_fprintf(stderr, "ERROR: You must say which username to change password for\n");
@@ -1901,7 +1898,7 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
return -1;
}
- net_use_krb_machine_account(c);
+ set_cmdline_auth_info_use_machine_account(c->auth_info);
use_in_memory_ccache();
@@ -2283,6 +2280,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
TALLOC_CTX *mem_ctx = NULL;
NTSTATUS status;
int ret = -1;
+ struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -2296,11 +2294,11 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
goto out;
}
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
+ set_cmdline_auth_info_getpass(ai);
status = kerberos_return_pac(mem_ctx,
- c->opt_user_name,
- c->opt_password,
+ get_cmdline_auth_info_username(ai),
+ get_cmdline_auth_info_password(ai),
0,
NULL,
NULL,
@@ -2333,6 +2331,7 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **
TALLOC_CTX *mem_ctx = NULL;
int ret = -1;
NTSTATUS status;
+ struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -2346,10 +2345,10 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **
goto out;
}
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
+ set_cmdline_auth_info_getpass(ai);
- ret = kerberos_kinit_password_ext(c->opt_user_name,
- c->opt_password,
+ ret = kerberos_kinit_password_ext(get_cmdline_auth_info_username(ai),
+ get_cmdline_auth_info_password(ai),
0,
NULL,
NULL,
diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c
index 401079777f..a13f52c519 100644
--- a/source3/utils/net_dom.c
+++ b/source3/utils/net_dom.c
@@ -368,9 +368,11 @@ int net_dom(struct net_context *c, int argc, const char **argv)
return -1;
}
- libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
- libnetapi_set_password(c->netapi_ctx, c->opt_password);
- if (c->opt_kerberos) {
+ libnetapi_set_username(c->netapi_ctx,
+ get_cmdline_auth_info_username(c->auth_info));
+ libnetapi_set_password(c->netapi_ctx,
+ get_cmdline_auth_info_password(c->auth_info));
+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c
index 0502373aa2..5a170790c5 100644
--- a/source3/utils/net_help.c
+++ b/source3/utils/net_help.c
@@ -65,5 +65,6 @@ int net_help(struct net_context *c, int argc, const char **argv)
}
c->display_usage = true;
+ set_cmdline_auth_info_password(c->auth_info, "");
return net_run_function(c, argc, argv, "net help", func);
}
diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
index 75ac032db9..8a09147aad 100644
--- a/source3/utils/net_proto.h
+++ b/source3/utils/net_proto.h
@@ -459,8 +459,6 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
struct rpc_pipe_client **pp_pipe_hnd,
const struct ndr_syntax_id *interface);
-int net_use_krb_machine_account(struct net_context *c);
-int net_use_machine_account(struct net_context *c);
bool net_find_server(struct net_context *c,
const char *domain,
unsigned flags,
@@ -475,7 +473,6 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
const char *server,
struct sockaddr_storage *pss,
unsigned flags, struct cli_state **pcli);
-const char *net_prompt_pass(struct net_context *c, const char *user);
int net_run_function(struct net_context *c, int argc, const char **argv,
const char *whoami, struct functable *table);
void net_display_usage_from_functable(struct functable *table);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index f6f90030fe..0118b4818a 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -25,7 +25,8 @@
#include "../libcli/auth/libcli_auth.h"
static int net_mode_share;
-static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask,
+ const struct user_auth_info *auth_info);
/**
* @file net_rpc.c
@@ -122,6 +123,7 @@ int run_rpc_command(struct net_context *c,
DOM_SID *domain_sid;
const char *domain_name;
int ret = -1;
+ struct user_auth_info *ai = c->auth_info;
/* make use of cli_state handed over as an argument, if possible */
if (!cli_arg) {
@@ -171,8 +173,10 @@ int run_rpc_command(struct net_context *c,
nt_status = cli_rpc_pipe_open_ntlmssp(
cli, interface,
PIPE_AUTH_LEVEL_PRIVACY,
- lp_workgroup(), c->opt_user_name,
- c->opt_password, &pipe_hnd);
+ lp_workgroup(),
+ get_cmdline_auth_info_username(ai),
+ get_cmdline_auth_info_password(ai),
+ &pipe_hnd);
} else {
nt_status = cli_rpc_pipe_open_noauth(
cli, interface,
@@ -940,9 +944,12 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
- libnetapi_set_password(c->netapi_ctx, c->opt_password);
- if (c->opt_kerberos) {
+ set_cmdline_auth_info_getpass(c->auth_info);
+ libnetapi_set_username(c->netapi_ctx,
+ get_cmdline_auth_info_username(c->auth_info));
+ libnetapi_set_password(c->netapi_ctx,
+ get_cmdline_auth_info_password(c->auth_info));
+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@@ -2756,9 +2763,12 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
- libnetapi_set_password(c->netapi_ctx, c->opt_password);
- if (c->opt_kerberos) {
+ set_cmdline_auth_info_getpass(c->auth_info);
+ libnetapi_set_username(c->netapi_ctx,
+ get_cmdline_auth_info_username(c->auth_info));
+ libnetapi_set_password(c->netapi_ctx,
+ get_cmdline_auth_info_password(c->auth_info));
+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@@ -3245,7 +3255,7 @@ static void copy_fn(const char *mnt, file_info *f,
old_dir = local_state->cwd;
local_state->cwd = dir;
- if (!sync_files(local_state, new_mask))
+ if (!sync_files(local_state, new_mask, c->auth_info))
printf("could not handle files\n");
local_state->cwd = old_dir;
@@ -3292,15 +3302,18 @@ static void copy_fn(const char *mnt, file_info *f,
*
* @return Boolean result
**/
-static bool sync_files(struct copy_clistate *cp_clistate, const char *mask)
+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask,
+ const struct user_auth_info *auth_info)
{
struct cli_state *targetcli;
char *targetpath = NULL;
DEBUG(3,("calling cli_list with mask: %s\n", mask));
- if ( !cli_resolve_path(talloc_tos(), "", NULL, cp_clistate->cli_share_src,
- mask, &targetcli, &targetpath ) ) {
+
+ if ( !cli_resolve_path(talloc_tos(), "", auth_info,
+ cp_clistate->cli_share_src, mask, &targetcli,
+ &targetpath ) ) {
d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n",
mask, cli_errstr(cp_clistate->cli_share_src));
return false;
@@ -3463,7 +3476,7 @@ static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c,
goto done;
}
- if (!sync_files(&cp_clistate, mask)) {
+ if (!sync_files(&cp_clistate, mask, c->auth_info)) {
d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
nt_status = NT_STATUS_UNSUCCESSFUL;
goto done;
@@ -4564,9 +4577,12 @@ int net_rpc_share(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
- libnetapi_set_password(c->netapi_ctx, c->opt_password);
- if (c->opt_kerberos) {
+ set_cmdline_auth_info_getpass(c->auth_info);
+ libnetapi_set_username(c->netapi_ctx,
+ get_cmdline_auth_info_username(c->auth_info));
+ libnetapi_set_password(c->netapi_ctx,
+ get_cmdline_auth_info_password(c->auth_info));
+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@@ -4839,9 +4855,12 @@ int net_rpc_file(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
- libnetapi_set_password(c->netapi_ctx, c->opt_password);
- if (c->opt_kerberos) {
+ set_cmdline_auth_info_getpass(c->auth_info);
+ libnetapi_set_username(c->netapi_ctx,
+ get_cmdline_auth_info_username(c->auth_info));
+ libnetapi_set_password(c->netapi_ctx,
+ get_cmdline_auth_info_password(c->auth_info));
+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@@ -5531,7 +5550,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
c->opt_workgroup = smb_xstrdup(domain_name);
};
- c->opt_user_name = acct_name;
+ set_cmdline_auth_info_username(c->auth_info, acct_name);
/* find the domain controller */
if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
@@ -5628,7 +5647,9 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
* Store the password in secrets db
*/
- if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) {
+ if (!pdb_set_trusteddom_pw(domain_name,
+ get_cmdline_auth_info_password(c->auth_info),
+ domain_sid)) {
DEBUG(0, ("Storing password for trusted domain failed.\n"));
cli_shutdown(cli);
talloc_destroy(mem_ctx);
@@ -7190,9 +7211,12 @@ int net_rpc(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
- libnetapi_set_password(c->netapi_ctx, c->opt_password);
- if (c->opt_kerberos) {
+ set_cmdline_auth_info_getpass(c->auth_info);
+ libnetapi_set_username(c->netapi_ctx,
+ get_cmdline_auth_info_username(c->auth_info));
+ libnetapi_set_password(c->netapi_ctx,
+ get_cmdline_auth_info_password(c->auth_info));
+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index ed0311317d..cae2491aed 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -58,7 +58,8 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain,
if (sec == SEC_ADS) {
/* Connect to IPC$ using machine account's credentials. We don't use anonymous
connection here, as it may be denied by server's local policy. */
- net_use_machine_account(c);
+ set_cmdline_auth_info_use_machine_account(c->auth_info);
+ set_cmdline_auth_info_machine_account_creds(c->auth_info);
} else {
/* some servers (e.g. WinNT) don't accept machine-authenticated
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 6b23db74cb..bd5047c1ff 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -379,8 +379,8 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c,
ctx->cli = pipe_hnd;
ctx->ops = &libnet_samsync_keytab_ops;
ctx->domain_name = domain_name;
- ctx->username = c->opt_user_name;
- ctx->password = c->opt_password;
+ ctx->username = get_cmdline_auth_info_username(c->auth_info);
+ ctx->password = get_cmdline_auth_info_password(c->auth_info);
ctx->force_full_replication = c->opt_force_full_repl ? true : false;
ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c
index 3aaed1ed18..dc13e91423 100644
--- a/source3/utils/net_rpc_shell.c
+++ b/source3/utils/net_rpc_shell.c
@@ -220,9 +220,12 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv)
if (libnetapi_init(&c->netapi_ctx) != 0) {
return -1;
}
- libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
- libnetapi_set_password(c->netapi_ctx, c->opt_password);
- if (c->opt_kerberos) {
+ set_cmdline_auth_info_getpass(c->auth_info);
+ libnetapi_set_username(c->netapi_ctx,
+ get_cmdline_auth_info_username(c->auth_info));
+ libnetapi_set_password(c->netapi_ctx,
+ get_cmdline_auth_info_password(c->auth_info));
+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c
index 8bf9aac6f2..50f3c1db01 100644
--- a/source3/utils/net_util.c
+++ b/source3/utils/net_util.c
@@ -96,22 +96,22 @@ NTSTATUS connect_to_service(struct net_context *c,
{
NTSTATUS nt_status;
int flags = 0;
+ struct user_auth_info *ai = c->auth_info;
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
+ set_cmdline_auth_info_getpass(ai);
- if (c->opt_kerberos) {
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
- }
-
- if (c->opt_kerberos && c->opt_password) {
- flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+ if (get_cmdline_auth_info_use_kerberos(ai)) {
+ flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
+ CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
nt_status = cli_full_connection(cli_ctx, NULL, server_name,
server_ss, c->opt_port,
service_name, service_type,
- c->opt_user_name, c->opt_workgroup,
- c->opt_password, flags, Undefined, NULL);
+ get_cmdline_auth_info_username(ai),
+ c->opt_workgroup,
+ get_cmdline_auth_info_password(ai),
+ flags, Undefined, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
d_fprintf(stderr, "Could not connect to server %s\n", server_name);
@@ -131,10 +131,10 @@ NTSTATUS connect_to_service(struct net_context *c,
return nt_status;
}
- if (c->smb_encrypt) {
+ if (get_cmdline_auth_info_smb_encrypt(ai)) {
nt_status = cli_force_encryption(*cli_ctx,
- c->opt_user_name,
- c->opt_password,
+ get_cmdline_auth_info_username(ai),
+ get_cmdline_auth_info_password(ai),
c->opt_workgroup);
if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) {
@@ -234,14 +234,12 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
{
NTSTATUS nt_status;
char *user_and_realm = NULL;
+ struct user_auth_info *ai = c->auth_info;
/* FIXME: Should get existing kerberos ticket if possible. */
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
- if (!c->opt_password) {
- return NT_STATUS_NO_MEMORY;
- }
+ set_cmdline_auth_info_getpass(ai);
- user_and_realm = get_user_and_realm(c->opt_user_name);
+ user_and_realm = get_user_and_realm(get_cmdline_auth_info_username(ai));
if (!user_and_realm) {
return NT_STATUS_NO_MEMORY;
}
@@ -250,7 +248,7 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
server_ss, c->opt_port,
"IPC$", "IPC",
user_and_realm, c->opt_workgroup,
- c->opt_password,
+ get_cmdline_auth_info_password(ai),
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
@@ -261,10 +259,10 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
return nt_status;
}
- if (c->smb_encrypt) {
+ if (get_cmdline_auth_info_smb_encrypt(ai)) {
nt_status = cli_cm_force_encryption(*cli_ctx,
user_and_realm,
- c->opt_password,
+ get_cmdline_auth_info_password(ai),
c->opt_workgroup,
"IPC$");
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -328,50 +326,6 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
return nt_status;
}
-/****************************************************************************
- Use the local machine account (krb) and password for this session.
-****************************************************************************/
-
-int net_use_krb_machine_account(struct net_context *c)
-{
- char *user_name = NULL;
-
- if (!secrets_init()) {
- d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
- exit(1);
- }
-
- c->opt_password = secrets_fetch_machine_password(
- c->opt_target_workgroup, NULL, NULL);
- if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
- return -1;
- }
- c->opt_user_name = user_name;
- return 0;
-}
-
-/****************************************************************************
- Use the machine account name and password for this session.
-****************************************************************************/
-
-int net_use_machine_account(struct net_context *c)
-{
- char *user_name = NULL;
-
- if (!secrets_init()) {
- d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
- exit(1);
- }
-
- c->opt_password = secrets_fetch_machine_password(
- c->opt_target_workgroup, NULL, NULL);
- if (asprintf(&user_name, "%s$", global_myname()) == -1) {
- return -1;
- }
- c->opt_user_name = user_name;
- return 0;
-}
-
bool net_find_server(struct net_context *c,
const char *domain,
unsigned flags,
@@ -535,33 +489,6 @@ done:
/****************************************************************************
****************************************************************************/
-const char *net_prompt_pass(struct net_context *c, const char *user)
-{
- char *prompt = NULL;
- const char *pass = NULL;
-
- if (c->opt_password) {
- return c->opt_password;
- }
-
- if (c->opt_machine_pass) {
- return NULL;
- }
-
- if (c->opt_kerberos && !c->opt_user_specified) {
- return NULL;
- }
-
- if (asprintf(&prompt, "Enter %s's password:", user) == -1) {
- return NULL;
- }
-
- pass = getpass(prompt);
- SAFE_FREE(prompt);
-
- return pass;
-}
-
int net_run_function(struct net_context *c, int argc, const char **argv,
const char *whoami, struct functable *table)
{