summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/popt_common.c30
-rw-r--r--source3/lib/util.c49
2 files changed, 49 insertions, 30 deletions
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index 8f0f7c62bb..25e41ab5f3 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -514,35 +514,7 @@ static void popt_common_credentials_callback(poptContext con,
}
break;
case 'P':
- {
- char *opt_password = NULL;
- char *pwd = NULL;
-
- /* it is very useful to be able to make ads queries as the
- machine account for testing purposes and for domain leave */
-
- if (!secrets_init()) {
- d_printf("ERROR: Unable to open secrets database\n");
- exit(1);
- }
-
- opt_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
-
- if (!opt_password) {
- d_printf("ERROR: Unable to fetch machine password\n");
- exit(1);
- }
- if (asprintf(&pwd, "%s$", global_myname()) < 0) {
- exit(ENOMEM);
- }
- set_cmdline_auth_info_username(pwd);
- set_cmdline_auth_info_password(opt_password);
- SAFE_FREE(pwd);
- SAFE_FREE(opt_password);
-
- /* machine accounts only work with kerberos */
- set_cmdline_auth_info_use_krb5_ticket();
- }
+ set_cmdline_auth_info_use_machine_account();
break;
case 'N':
set_cmdline_auth_info_password("");
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 953981e82a..5f95bcc558 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -291,7 +291,8 @@ static struct user_auth_info cmdline_auth_info = {
false, /* got_pass */
false, /* use_kerberos */
Undefined, /* signing state */
- false /* smb_encrypt */
+ false, /* smb_encrypt */
+ false /* use machine account */
};
const char *get_cmdline_auth_info_username(void)
@@ -370,6 +371,11 @@ void set_cmdline_auth_info_smb_encrypt(void)
cmdline_auth_info.smb_encrypt = true;
}
+void set_cmdline_auth_info_use_machine_account(void)
+{
+ cmdline_auth_info.use_machine_account = true;
+}
+
bool get_cmdline_auth_info_got_pass(void)
{
return cmdline_auth_info.got_pass;
@@ -380,6 +386,11 @@ bool get_cmdline_auth_info_smb_encrypt(void)
return cmdline_auth_info.smb_encrypt;
}
+bool get_cmdline_auth_info_use_machine_account(void)
+{
+ return cmdline_auth_info.use_machine_account;
+}
+
bool get_cmdline_auth_info_copy(struct user_auth_info *info)
{
*info = cmdline_auth_info;
@@ -392,6 +403,42 @@ bool get_cmdline_auth_info_copy(struct user_auth_info *info)
return true;
}
+bool set_cmdline_auth_info_machine_account_creds(void)
+{
+ char *pass = NULL;
+ char *account = NULL;
+
+ if (!get_cmdline_auth_info_use_machine_account()) {
+ return false;
+ }
+
+ if (!secrets_init()) {
+ d_printf("ERROR: Unable to open secrets database\n");
+ return false;
+ }
+
+ if (asprintf(&account, "%s$@%s", global_myname(), lp_realm()) < 0) {
+ return false;
+ }
+
+ pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
+ if (!pass) {
+ d_printf("ERROR: Unable to fetch machine password for "
+ "%s in domain %s\n",
+ account, lp_workgroup());
+ SAFE_FREE(account);
+ return false;
+ }
+
+ set_cmdline_auth_info_username(account);
+ set_cmdline_auth_info_password(pass);
+
+ SAFE_FREE(account);
+ SAFE_FREE(pass);
+
+ return true;
+}
+
/**************************************************************************n
Find a suitable temporary directory. The result should be copied immediately
as it may be overwritten by a subsequent call.