summaryrefslogtreecommitdiff
path: root/source3/utils/net_util.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/utils/net_util.c')
-rw-r--r--source3/utils/net_util.c109
1 files changed, 91 insertions, 18 deletions
diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c
index 50f3c1db01..8bf9aac6f2 100644
--- a/source3/utils/net_util.c
+++ b/source3/utils/net_util.c
@@ -96,22 +96,22 @@ NTSTATUS connect_to_service(struct net_context *c,
{
NTSTATUS nt_status;
int flags = 0;
- struct user_auth_info *ai = c->auth_info;
- set_cmdline_auth_info_getpass(ai);
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
- if (get_cmdline_auth_info_use_kerberos(ai)) {
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
- CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+ if (c->opt_kerberos) {
+ flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+ }
+
+ if (c->opt_kerberos && c->opt_password) {
+ flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
nt_status = cli_full_connection(cli_ctx, NULL, server_name,
server_ss, c->opt_port,
service_name, service_type,
- get_cmdline_auth_info_username(ai),
- c->opt_workgroup,
- get_cmdline_auth_info_password(ai),
- flags, Undefined, NULL);
+ c->opt_user_name, c->opt_workgroup,
+ c->opt_password, flags, Undefined, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
d_fprintf(stderr, "Could not connect to server %s\n", server_name);
@@ -131,10 +131,10 @@ NTSTATUS connect_to_service(struct net_context *c,
return nt_status;
}
- if (get_cmdline_auth_info_smb_encrypt(ai)) {
+ if (c->smb_encrypt) {
nt_status = cli_force_encryption(*cli_ctx,
- get_cmdline_auth_info_username(ai),
- get_cmdline_auth_info_password(ai),
+ c->opt_user_name,
+ c->opt_password,
c->opt_workgroup);
if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) {
@@ -234,12 +234,14 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
{
NTSTATUS nt_status;
char *user_and_realm = NULL;
- struct user_auth_info *ai = c->auth_info;
/* FIXME: Should get existing kerberos ticket if possible. */
- set_cmdline_auth_info_getpass(ai);
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
+ if (!c->opt_password) {
+ return NT_STATUS_NO_MEMORY;
+ }
- user_and_realm = get_user_and_realm(get_cmdline_auth_info_username(ai));
+ user_and_realm = get_user_and_realm(c->opt_user_name);
if (!user_and_realm) {
return NT_STATUS_NO_MEMORY;
}
@@ -248,7 +250,7 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
server_ss, c->opt_port,
"IPC$", "IPC",
user_and_realm, c->opt_workgroup,
- get_cmdline_auth_info_password(ai),
+ c->opt_password,
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
@@ -259,10 +261,10 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
return nt_status;
}
- if (get_cmdline_auth_info_smb_encrypt(ai)) {
+ if (c->smb_encrypt) {
nt_status = cli_cm_force_encryption(*cli_ctx,
user_and_realm,
- get_cmdline_auth_info_password(ai),
+ c->opt_password,
c->opt_workgroup,
"IPC$");
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -326,6 +328,50 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
return nt_status;
}
+/****************************************************************************
+ Use the local machine account (krb) and password for this session.
+****************************************************************************/
+
+int net_use_krb_machine_account(struct net_context *c)
+{
+ char *user_name = NULL;
+
+ if (!secrets_init()) {
+ d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
+ exit(1);
+ }
+
+ c->opt_password = secrets_fetch_machine_password(
+ c->opt_target_workgroup, NULL, NULL);
+ if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
+ return -1;
+ }
+ c->opt_user_name = user_name;
+ return 0;
+}
+
+/****************************************************************************
+ Use the machine account name and password for this session.
+****************************************************************************/
+
+int net_use_machine_account(struct net_context *c)
+{
+ char *user_name = NULL;
+
+ if (!secrets_init()) {
+ d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
+ exit(1);
+ }
+
+ c->opt_password = secrets_fetch_machine_password(
+ c->opt_target_workgroup, NULL, NULL);
+ if (asprintf(&user_name, "%s$", global_myname()) == -1) {
+ return -1;
+ }
+ c->opt_user_name = user_name;
+ return 0;
+}
+
bool net_find_server(struct net_context *c,
const char *domain,
unsigned flags,
@@ -489,6 +535,33 @@ done:
/****************************************************************************
****************************************************************************/
+const char *net_prompt_pass(struct net_context *c, const char *user)
+{
+ char *prompt = NULL;
+ const char *pass = NULL;
+
+ if (c->opt_password) {
+ return c->opt_password;
+ }
+
+ if (c->opt_machine_pass) {
+ return NULL;
+ }
+
+ if (c->opt_kerberos && !c->opt_user_specified) {
+ return NULL;
+ }
+
+ if (asprintf(&prompt, "Enter %s's password:", user) == -1) {
+ return NULL;
+ }
+
+ pass = getpass(prompt);
+ SAFE_FREE(prompt);
+
+ return pass;
+}
+
int net_run_function(struct net_context *c, int argc, const char **argv,
const char *whoami, struct functable *table)
{