diff options
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/popt_common.c | 30 | ||||
-rw-r--r-- | source3/lib/util.c | 49 |
2 files changed, 49 insertions, 30 deletions
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c index 8f0f7c62bb..25e41ab5f3 100644 --- a/source3/lib/popt_common.c +++ b/source3/lib/popt_common.c @@ -514,35 +514,7 @@ static void popt_common_credentials_callback(poptContext con, } break; case 'P': - { - char *opt_password = NULL; - char *pwd = NULL; - - /* it is very useful to be able to make ads queries as the - machine account for testing purposes and for domain leave */ - - if (!secrets_init()) { - d_printf("ERROR: Unable to open secrets database\n"); - exit(1); - } - - opt_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); - - if (!opt_password) { - d_printf("ERROR: Unable to fetch machine password\n"); - exit(1); - } - if (asprintf(&pwd, "%s$", global_myname()) < 0) { - exit(ENOMEM); - } - set_cmdline_auth_info_username(pwd); - set_cmdline_auth_info_password(opt_password); - SAFE_FREE(pwd); - SAFE_FREE(opt_password); - - /* machine accounts only work with kerberos */ - set_cmdline_auth_info_use_krb5_ticket(); - } + set_cmdline_auth_info_use_machine_account(); break; case 'N': set_cmdline_auth_info_password(""); diff --git a/source3/lib/util.c b/source3/lib/util.c index 953981e82a..5f95bcc558 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -291,7 +291,8 @@ static struct user_auth_info cmdline_auth_info = { false, /* got_pass */ false, /* use_kerberos */ Undefined, /* signing state */ - false /* smb_encrypt */ + false, /* smb_encrypt */ + false /* use machine account */ }; const char *get_cmdline_auth_info_username(void) @@ -370,6 +371,11 @@ void set_cmdline_auth_info_smb_encrypt(void) cmdline_auth_info.smb_encrypt = true; } +void set_cmdline_auth_info_use_machine_account(void) +{ + cmdline_auth_info.use_machine_account = true; +} + bool get_cmdline_auth_info_got_pass(void) { return cmdline_auth_info.got_pass; @@ -380,6 +386,11 @@ bool get_cmdline_auth_info_smb_encrypt(void) return cmdline_auth_info.smb_encrypt; } +bool get_cmdline_auth_info_use_machine_account(void) +{ + return cmdline_auth_info.use_machine_account; +} + bool get_cmdline_auth_info_copy(struct user_auth_info *info) { *info = cmdline_auth_info; @@ -392,6 +403,42 @@ bool get_cmdline_auth_info_copy(struct user_auth_info *info) return true; } +bool set_cmdline_auth_info_machine_account_creds(void) +{ + char *pass = NULL; + char *account = NULL; + + if (!get_cmdline_auth_info_use_machine_account()) { + return false; + } + + if (!secrets_init()) { + d_printf("ERROR: Unable to open secrets database\n"); + return false; + } + + if (asprintf(&account, "%s$@%s", global_myname(), lp_realm()) < 0) { + return false; + } + + pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); + if (!pass) { + d_printf("ERROR: Unable to fetch machine password for " + "%s in domain %s\n", + account, lp_workgroup()); + SAFE_FREE(account); + return false; + } + + set_cmdline_auth_info_username(account); + set_cmdline_auth_info_password(pass); + + SAFE_FREE(account); + SAFE_FREE(pass); + + return true; +} + /**************************************************************************n Find a suitable temporary directory. The result should be copied immediately as it may be overwritten by a subsequent call. |