summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net.c45
-rw-r--r--source3/utils/net.h9
-rw-r--r--source3/utils/net_ads.c93
-rw-r--r--source3/utils/net_cache.c27
-rw-r--r--source3/utils/net_dom.c8
-rw-r--r--source3/utils/net_help.c1
-rw-r--r--source3/utils/net_proto.h3
-rw-r--r--source3/utils/net_rpc.c74
-rw-r--r--source3/utils/net_rpc_join.c3
-rw-r--r--source3/utils/net_rpc_samsync.c15
-rw-r--r--source3/utils/net_rpc_shell.c9
-rw-r--r--source3/utils/net_sam.c8
-rw-r--r--source3/utils/net_usershare.c33
-rw-r--r--source3/utils/net_util.c109
-rw-r--r--source3/utils/pdbedit.c2
15 files changed, 256 insertions, 183 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c
index 0e3946f5a5..f8bfab3e99 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -625,6 +625,7 @@ static struct functable net_func[] = {
int main(int argc, const char **argv)
{
int opt,i;
+ char *p;
int rc = 0;
int argc_new = 0;
const char ** argv_new;
@@ -635,10 +636,12 @@ static struct functable net_func[] = {
struct poptOption long_options[] = {
{"help", 'h', POPT_ARG_NONE, 0, 'h'},
{"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup},
+ {"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'},
{"ipaddress", 'I', POPT_ARG_STRING, 0,'I'},
{"port", 'p', POPT_ARG_INT, &c->opt_port},
{"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name},
{"server", 'S', POPT_ARG_STRING, &c->opt_host},
+ {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
{"container", 'c', POPT_ARG_STRING, &c->opt_container},
{"comment", 'C', POPT_ARG_STRING, &c->opt_comment},
{"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers},
@@ -649,13 +652,15 @@ static struct functable net_func[] = {
{"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin},
{"timeout", 't', POPT_ARG_INT, &c->opt_timeout},
{"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout},
+ {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass},
+ {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos},
{"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup},
{"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose},
{"test", 'T', POPT_ARG_NONE, &c->opt_testmode},
/* Options for 'net groupmap set' */
{"local", 'L', POPT_ARG_NONE, &c->opt_localgroup},
{"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup},
- {"ntname", 0, POPT_ARG_STRING, &c->opt_newntname},
+ {"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname},
{"rid", 'R', POPT_ARG_INT, &c->opt_rid},
/* Options for 'net rpc share migrate' */
{"acls", 0, POPT_ARG_NONE, &c->opt_acls},
@@ -670,7 +675,6 @@ static struct functable net_func[] = {
{"clean-old-entries", 0, POPT_ARG_NONE, &c->opt_clean_old_entries},
POPT_COMMON_SAMBA
- POPT_COMMON_CREDENTIALS
{ 0, 0, 0, 0}
};
@@ -684,13 +688,6 @@ static struct functable net_func[] = {
dbf = x_stderr;
c->private_data = net_func;
- c->auth_info = user_auth_info_init(frame);
- if (c->auth_info == NULL) {
- d_fprintf(stderr, "\nOut of memory!\n");
- exit(1);
- }
- popt_common_set_auth_info(c->auth_info);
-
pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
@@ -698,7 +695,9 @@ static struct functable net_func[] = {
switch (opt) {
case 'h':
c->display_usage = true;
- set_cmdline_auth_info_password(c->auth_info, "");
+ break;
+ case 'e':
+ c->smb_encrypt = true;
break;
case 'I':
if (!interpret_string_addr(&c->opt_dest_ip,
@@ -708,6 +707,15 @@ static struct functable net_func[] = {
c->opt_have_ip = true;
}
break;
+ case 'U':
+ c->opt_user_specified = true;
+ c->opt_user_name = SMB_STRDUP(c->opt_user_name);
+ p = strchr(c->opt_user_name,'%');
+ if (p) {
+ *p = 0;
+ c->opt_password = p+1;
+ }
+ break;
default:
d_fprintf(stderr, "\nInvalid option %s: %s\n",
poptBadOption(pc, 0), poptStrerror(opt));
@@ -741,6 +749,10 @@ static struct functable net_func[] = {
set_global_myname(c->opt_requester_name);
}
+ if (!c->opt_user_name && getenv("LOGNAME")) {
+ c->opt_user_name = getenv("LOGNAME");
+ }
+
if (!c->opt_workgroup) {
c->opt_workgroup = smb_xstrdup(lp_workgroup());
}
@@ -758,10 +770,23 @@ static struct functable net_func[] = {
that it won't assert becouse we are not root */
sec_init();
+ if (c->opt_machine_pass) {
+ /* it is very useful to be able to make ads queries as the
+ machine account for testing purposes and for domain leave */
+
+ net_use_krb_machine_account(c);
+ }
+
+ if (!c->opt_password) {
+ c->opt_password = getenv("PASSWD");
+ }
+
rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
DEBUG(2,("return code = %d\n", rc));
+ gencache_stabilize();
+
libnetapi_free(c->netapi_ctx);
poptFreeContext(pc);
diff --git a/source3/utils/net.h b/source3/utils/net.h
index f604d96361..d88f962d41 100644
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -28,8 +28,11 @@
struct net_context {
const char *opt_requester_name;
const char *opt_host;
- int opt_long_list_entries;
+ const char *opt_password;
+ const char *opt_user_name;
+ bool opt_user_specified;
const char *opt_workgroup;
+ int opt_long_list_entries;
int opt_reboot;
int opt_force;
int opt_stdin;
@@ -42,6 +45,7 @@ struct net_context {
int opt_timeout;
int opt_request_timeout;
const char *opt_target_workgroup;
+ int opt_machine_pass;
int opt_localgroup;
int opt_domaingroup;
int do_talloc_report;
@@ -53,14 +57,15 @@ struct net_context {
const char *opt_exclude;
const char *opt_destination;
int opt_testmode;
+ bool opt_kerberos;
int opt_force_full_repl;
int opt_single_obj_repl;
int opt_clean_old_entries;
int opt_have_ip;
struct sockaddr_storage opt_dest_ip;
+ bool smb_encrypt;
struct libnetapi_ctx *netapi_ctx;
- struct user_auth_info *auth_info;
bool display_usage;
void *private_data;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index d82715eb45..8f76c0eb09 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -231,23 +231,32 @@ retry_connect:
ads = ads_init(realm, c->opt_target_workgroup, c->opt_host);
+ if (!c->opt_user_name) {
+ c->opt_user_name = "administrator";
+ }
+
+ if (c->opt_user_specified) {
+ need_password = true;
+ }
+
retry:
- if (need_password) {
- set_cmdline_auth_info_getpass(c->auth_info);
+ if (!c->opt_password && need_password && !c->opt_machine_pass) {
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
+ if (!c->opt_password) {
+ ads_destroy(&ads);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
}
- if (get_cmdline_auth_info_got_pass(c->auth_info) ||
- !get_cmdline_auth_info_use_kerberos(c->auth_info)) {
+ if (c->opt_password) {
use_in_memory_ccache();
SAFE_FREE(ads->auth.password);
- ads->auth.password = smb_xstrdup(
- get_cmdline_auth_info_password(c->auth_info));
+ ads->auth.password = smb_xstrdup(c->opt_password);
}
ads->auth.flags |= auth_flags;
SAFE_FREE(ads->auth.user_name);
- ads->auth.user_name = smb_xstrdup(
- get_cmdline_auth_info_username(c->auth_info));
+ ads->auth.user_name = smb_xstrdup(c->opt_user_name);
/*
* If the username is of the form "name@realm",
@@ -521,7 +530,7 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv)
return net_ads_user_usage(c, argc, argv);
}
- escaped_user = escape_ldap_string_alloc(argv[0]);
+ escaped_user = escape_ldap_string(talloc_tos(), argv[0]);
if (!escaped_user) {
d_fprintf(stderr, "ads_user_info: failed to escape user %s\n", argv[0]);
@@ -529,12 +538,12 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv)
}
if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
- SAFE_FREE(escaped_user);
+ TALLOC_FREE(escaped_user);
return -1;
}
if (asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user) == -1) {
- SAFE_FREE(escaped_user);
+ TALLOC_FREE(escaped_user);
return -1;
}
rc = ads_search(ads, &res, searchstring, attrs);
@@ -543,7 +552,7 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv)
if (!ADS_ERR_OK(rc)) {
d_fprintf(stderr, "ads_search: %s\n", ads_errstr(rc));
ads_destroy(&ads);
- SAFE_FREE(escaped_user);
+ TALLOC_FREE(escaped_user);
return -1;
}
@@ -563,7 +572,7 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv)
ads_msgfree(ads, res);
ads_destroy(&ads);
- SAFE_FREE(escaped_user);
+ TALLOC_FREE(escaped_user);
return 0;
}
@@ -866,7 +875,6 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
TALLOC_CTX *ctx;
struct libnet_UnjoinCtx *r = NULL;
WERROR werr;
- struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -885,7 +893,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
return -1;
}
- if (!get_cmdline_auth_info_use_kerberos(ai)) {
+ if (!c->opt_kerberos) {
use_in_memory_ccache();
}
@@ -895,14 +903,12 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
return -1;
}
- set_cmdline_auth_info_getpass(ai);
-
r->in.debug = true;
- r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai);
+ r->in.use_kerberos = c->opt_kerberos;
r->in.dc_name = c->opt_host;
r->in.domain_name = lp_realm();
- r->in.admin_account = get_cmdline_auth_info_username(ai);
- r->in.admin_password = get_cmdline_auth_info_password(ai);
+ r->in.admin_account = c->opt_user_name;
+ r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
r->in.modify_config = lp_config_backend_is_registry();
/* Try to delete it, but if that fails, disable it. The
@@ -960,8 +966,7 @@ static NTSTATUS net_ads_join_ok(struct net_context *c)
return NT_STATUS_ACCESS_DENIED;
}
- set_cmdline_auth_info_use_machine_account(c->auth_info);
- set_cmdline_auth_info_machine_account_creds(c->auth_info);
+ net_use_krb_machine_account(c);
status = ads_startup(c, true, &ads);
if (!ADS_ERR_OK(status)) {
@@ -1192,7 +1197,6 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
const char *os_name = NULL;
const char *os_version = NULL;
bool modify_config = lp_config_backend_is_registry();
- struct user_auth_info *ai = c->auth_info;;
if (c->display_usage)
return net_ads_join_usage(c, argc, argv);
@@ -1212,7 +1216,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
goto fail;
}
- if (!get_cmdline_auth_info_use_kerberos(ai)) {
+ if (!c->opt_kerberos) {
use_in_memory_ccache();
}
@@ -1262,8 +1266,6 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
/* Do the domain join here */
- set_cmdline_auth_info_getpass(ai);
-
r->in.domain_name = domain;
r->in.create_upn = createupn;
r->in.upn = machineupn;
@@ -1271,10 +1273,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
r->in.os_name = os_name;
r->in.os_version = os_version;
r->in.dc_name = c->opt_host;
- r->in.admin_account = get_cmdline_auth_info_username(ai);
- r->in.admin_password = get_cmdline_auth_info_password(ai);
+ r->in.admin_account = c->opt_user_name;
+ r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
r->in.debug = true;
- r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai);
+ r->in.use_kerberos = c->opt_kerberos;
r->in.modify_config = modify_config;
r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
@@ -1585,7 +1587,6 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
char *prt_dn, *srv_dn, **srv_cn;
char *srv_cn_escaped = NULL, *printername_escaped = NULL;
LDAPMessage *res = NULL;
- struct user_auth_info *ai = c->auth_info;
if (argc < 1 || c->display_usage) {
d_printf("Usage:\n"
@@ -1617,9 +1618,8 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
nt_status = cli_full_connection(&cli, global_myname(), servername,
&server_ss, 0,
"IPC$", "IPC",
- get_cmdline_auth_info_username(ai),
- c->opt_workgroup,
- get_cmdline_auth_info_password(ai),
+ c->opt_user_name, c->opt_workgroup,
+ c->opt_password ? c->opt_password : "",
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
@@ -1807,8 +1807,8 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv)
static int net_ads_password(struct net_context *c, int argc, const char **argv)
{
ADS_STRUCT *ads;
- const char *auth_principal;
- const char *auth_password;
+ const char *auth_principal = c->opt_user_name;
+ const char *auth_password = c->opt_password;
char *realm = NULL;
char *new_password = NULL;
char *chr, *prompt;
@@ -1823,9 +1823,10 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv)
return 0;
}
- auth_principal = get_cmdline_auth_info_username(c->auth_info);
- set_cmdline_auth_info_getpass(c->auth_info);
- auth_password = get_cmdline_auth_info_password(c->auth_info);
+ if (c->opt_user_name == NULL || c->opt_password == NULL) {
+ d_fprintf(stderr, "You must supply an administrator username/password\n");
+ return -1;
+ }
if (argc < 1) {
d_fprintf(stderr, "ERROR: You must say which username to change password for\n");
@@ -1907,7 +1908,7 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
return -1;
}
- set_cmdline_auth_info_use_machine_account(c->auth_info);
+ net_use_krb_machine_account(c);
use_in_memory_ccache();
@@ -2289,7 +2290,6 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
TALLOC_CTX *mem_ctx = NULL;
NTSTATUS status;
int ret = -1;
- struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -2303,11 +2303,11 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
goto out;
}
- set_cmdline_auth_info_getpass(ai);
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
status = kerberos_return_pac(mem_ctx,
- get_cmdline_auth_info_username(ai),
- get_cmdline_auth_info_password(ai),
+ c->opt_user_name,
+ c->opt_password,
0,
NULL,
NULL,
@@ -2340,7 +2340,6 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **
TALLOC_CTX *mem_ctx = NULL;
int ret = -1;
NTSTATUS status;
- struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -2354,10 +2353,10 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **
goto out;
}
- set_cmdline_auth_info_getpass(ai);
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
- ret = kerberos_kinit_password_ext(get_cmdline_auth_info_username(ai),
- get_cmdline_auth_info_password(ai),
+ ret = kerberos_kinit_password_ext(c->opt_user_name,
+ c->opt_password,
0,
NULL,
NULL,
diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c
index 5e7db38515..36cd12fb82 100644
--- a/source3/utils/net_cache.c
+++ b/source3/utils/net_cache.c
@@ -171,12 +171,10 @@ static int net_cache_add(struct net_context *c, int argc, const char **argv)
if (gencache_set(keystr, datastr, timeout)) {
d_printf("New cache entry stored successfully.\n");
- gencache_shutdown();
return 0;
}
d_fprintf(stderr, "Entry couldn't be added. Perhaps there's already such a key.\n");
- gencache_shutdown();
return -1;
}
@@ -275,7 +273,6 @@ static int net_cache_list(struct net_context *c, int argc, const char **argv)
return 0;
}
gencache_iterate(print_cache_entry, NULL, pattern);
- gencache_shutdown();
return 0;
}
@@ -297,10 +294,24 @@ static int net_cache_flush(struct net_context *c, int argc, const char **argv)
return 0;
}
gencache_iterate(delete_cache_entry, NULL, pattern);
- gencache_shutdown();
return 0;
}
+static int net_cache_stabilize(struct net_context *c, int argc,
+ const char **argv)
+{
+ if (c->display_usage) {
+ d_printf("Usage:\n"
+ "net cache flush\n"
+ " Delete all cache entries.\n");
+ return 0;
+ }
+
+ if (!gencache_stabilize()) {
+ return -1;
+ }
+ return 0;
+}
/**
* Entry point to 'net cache' subfunctionality
*
@@ -366,6 +377,14 @@ int net_cache(struct net_context *c, int argc, const char **argv)
"net cache flush\n"
" Delete all cache entries"
},
+ {
+ "stabilize",
+ net_cache_stabilize,
+ NET_TRANSPORT_LOCAL,
+ "Move transient cache content to stable storage",
+ "net cache stabilize\n"
+ " Move transient cache content to stable storage"
+ },
{NULL, NULL, 0, NULL, NULL}
};
diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c
index a13f52c519..401079777f 100644
--- a/source3/utils/net_dom.c
+++ b/source3/utils/net_dom.c
@@ -368,11 +368,9 @@ int net_dom(struct net_context *c, int argc, const char **argv)
return -1;
}
- libnetapi_set_username(c->netapi_ctx,
- get_cmdline_auth_info_username(c->auth_info));
- libnetapi_set_password(c->netapi_ctx,
- get_cmdline_auth_info_password(c->auth_info));
- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
+ libnetapi_set_password(c->netapi_ctx, c->opt_password);
+ if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c
index 5a170790c5..0502373aa2 100644
--- a/source3/utils/net_help.c
+++ b/source3/utils/net_help.c
@@ -65,6 +65,5 @@ int net_help(struct net_context *c, int argc, const char **argv)
}
c->display_usage = true;
- set_cmdline_auth_info_password(c->auth_info, "");
return net_run_function(c, argc, argv, "net help", func);
}
diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
index 8a09147aad..75ac032db9 100644
--- a/source3/utils/net_proto.h
+++ b/source3/utils/net_proto.h
@@ -459,6 +459,8 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
struct rpc_pipe_client **pp_pipe_hnd,
const struct ndr_syntax_id *interface);
+int net_use_krb_machine_account(struct net_context *c);
+int net_use_machine_account(struct net_context *c);
bool net_find_server(struct net_context *c,
const char *domain,
unsigned flags,
@@ -473,6 +475,7 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
const char *server,
struct sockaddr_storage *pss,
unsigned flags, struct cli_state **pcli);
+const char *net_prompt_pass(struct net_context *c, const char *user);
int net_run_function(struct net_context *c, int argc, const char **argv,
const char *whoami, struct functable *table);
void net_display_usage_from_functable(struct functable *table);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 0118b4818a..f6f90030fe 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -25,8 +25,7 @@
#include "../libcli/auth/libcli_auth.h"
static int net_mode_share;
-static bool sync_files(struct copy_clistate *cp_clistate, const char *mask,
- const struct user_auth_info *auth_info);
+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
/**
* @file net_rpc.c
@@ -123,7 +122,6 @@ int run_rpc_command(struct net_context *c,
DOM_SID *domain_sid;
const char *domain_name;
int ret = -1;
- struct user_auth_info *ai = c->auth_info;
/* make use of cli_state handed over as an argument, if possible */
if (!cli_arg) {
@@ -173,10 +171,8 @@ int run_rpc_command(struct net_context *c,
nt_status = cli_rpc_pipe_open_ntlmssp(
cli, interface,
PIPE_AUTH_LEVEL_PRIVACY,
- lp_workgroup(),
- get_cmdline_auth_info_username(ai),
- get_cmdline_auth_info_password(ai),
- &pipe_hnd);
+ lp_workgroup(), c->opt_user_name,
+ c->opt_password, &pipe_hnd);
} else {
nt_status = cli_rpc_pipe_open_noauth(
cli, interface,
@@ -944,12 +940,9 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- set_cmdline_auth_info_getpass(c->auth_info);
- libnetapi_set_username(c->netapi_ctx,
- get_cmdline_auth_info_username(c->auth_info));
- libnetapi_set_password(c->netapi_ctx,
- get_cmdline_auth_info_password(c->auth_info));
- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
+ libnetapi_set_password(c->netapi_ctx, c->opt_password);
+ if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@@ -2763,12 +2756,9 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- set_cmdline_auth_info_getpass(c->auth_info);
- libnetapi_set_username(c->netapi_ctx,
- get_cmdline_auth_info_username(c->auth_info));
- libnetapi_set_password(c->netapi_ctx,
- get_cmdline_auth_info_password(c->auth_info));
- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
+ libnetapi_set_password(c->netapi_ctx, c->opt_password);
+ if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@@ -3255,7 +3245,7 @@ static void copy_fn(const char *mnt, file_info *f,
old_dir = local_state->cwd;
local_state->cwd = dir;
- if (!sync_files(local_state, new_mask, c->auth_info))
+ if (!sync_files(local_state, new_mask))
printf("could not handle files\n");
local_state->cwd = old_dir;
@@ -3302,18 +3292,15 @@ static void copy_fn(const char *mnt, file_info *f,
*
* @return Boolean result
**/
-static bool sync_files(struct copy_clistate *cp_clistate, const char *mask,
- const struct user_auth_info *auth_info)
+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask)
{
struct cli_state *targetcli;
char *targetpath = NULL;
DEBUG(3,("calling cli_list with mask: %s\n", mask));
-
- if ( !cli_resolve_path(talloc_tos(), "", auth_info,
- cp_clistate->cli_share_src, mask, &targetcli,
- &targetpath ) ) {
+ if ( !cli_resolve_path(talloc_tos(), "", NULL, cp_clistate->cli_share_src,
+ mask, &targetcli, &targetpath ) ) {
d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n",
mask, cli_errstr(cp_clistate->cli_share_src));
return false;
@@ -3476,7 +3463,7 @@ static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c,
goto done;
}
- if (!sync_files(&cp_clistate, mask, c->auth_info)) {
+ if (!sync_files(&cp_clistate, mask)) {
d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
nt_status = NT_STATUS_UNSUCCESSFUL;
goto done;
@@ -4577,12 +4564,9 @@ int net_rpc_share(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- set_cmdline_auth_info_getpass(c->auth_info);
- libnetapi_set_username(c->netapi_ctx,
- get_cmdline_auth_info_username(c->auth_info));
- libnetapi_set_password(c->netapi_ctx,
- get_cmdline_auth_info_password(c->auth_info));
- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
+ libnetapi_set_password(c->netapi_ctx, c->opt_password);
+ if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@@ -4855,12 +4839,9 @@ int net_rpc_file(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- set_cmdline_auth_info_getpass(c->auth_info);
- libnetapi_set_username(c->netapi_ctx,
- get_cmdline_auth_info_username(c->auth_info));
- libnetapi_set_password(c->netapi_ctx,
- get_cmdline_auth_info_password(c->auth_info));
- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
+ libnetapi_set_password(c->netapi_ctx, c->opt_password);
+ if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@@ -5550,7 +5531,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
c->opt_workgroup = smb_xstrdup(domain_name);
};
- set_cmdline_auth_info_username(c->auth_info, acct_name);
+ c->opt_user_name = acct_name;
/* find the domain controller */
if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
@@ -5647,9 +5628,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
* Store the password in secrets db
*/
- if (!pdb_set_trusteddom_pw(domain_name,
- get_cmdline_auth_info_password(c->auth_info),
- domain_sid)) {
+ if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) {
DEBUG(0, ("Storing password for trusted domain failed.\n"));
cli_shutdown(cli);
talloc_destroy(mem_ctx);
@@ -7211,12 +7190,9 @@ int net_rpc(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- set_cmdline_auth_info_getpass(c->auth_info);
- libnetapi_set_username(c->netapi_ctx,
- get_cmdline_auth_info_username(c->auth_info));
- libnetapi_set_password(c->netapi_ctx,
- get_cmdline_auth_info_password(c->auth_info));
- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
+ libnetapi_set_password(c->netapi_ctx, c->opt_password);
+ if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index cae2491aed..ed0311317d 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -58,8 +58,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain,
if (sec == SEC_ADS) {
/* Connect to IPC$ using machine account's credentials. We don't use anonymous
connection here, as it may be denied by server's local policy. */
- set_cmdline_auth_info_use_machine_account(c->auth_info);
- set_cmdline_auth_info_machine_account_creds(c->auth_info);
+ net_use_machine_account(c);
} else {
/* some servers (e.g. WinNT) don't accept machine-authenticated
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index bd5047c1ff..309be171cc 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -379,8 +379,8 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c,
ctx->cli = pipe_hnd;
ctx->ops = &libnet_samsync_keytab_ops;
ctx->domain_name = domain_name;
- ctx->username = get_cmdline_auth_info_username(c->auth_info);
- ctx->password = get_cmdline_auth_info_password(c->auth_info);
+ ctx->username = c->opt_user_name;
+ ctx->password = c->opt_password;
ctx->force_full_replication = c->opt_force_full_repl ? true : false;
ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
@@ -493,17 +493,20 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv)
if (!dc_info.is_ad) {
printf("DC is not running Active Directory\n");
- return -1;
- }
-
- if (dc_info.is_mixed_mode) {
ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id,
0,
rpc_vampire_keytab_internals, argc, argv);
+ return -1;
} else {
ret = run_rpc_command(c, cli, &ndr_table_drsuapi.syntax_id,
NET_FLAGS_SEAL,
rpc_vampire_keytab_ds_internals, argc, argv);
+ if (ret != 0 && dc_info.is_mixed_mode) {
+ printf("Fallback to NT4 vampire on Mixed-Mode AD Domain\n");
+ ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id,
+ 0,
+ rpc_vampire_keytab_internals, argc, argv);
+ }
}
return ret;
diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c
index dc13e91423..3aaed1ed18 100644
--- a/source3/utils/net_rpc_shell.c
+++ b/source3/utils/net_rpc_shell.c
@@ -220,12 +220,9 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv)
if (libnetapi_init(&c->netapi_ctx) != 0) {
return -1;
}
- set_cmdline_auth_info_getpass(c->auth_info);
- libnetapi_set_username(c->netapi_ctx,
- get_cmdline_auth_info_username(c->auth_info));
- libnetapi_set_password(c->netapi_ctx,
- get_cmdline_auth_info_password(c->auth_info));
- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
+ libnetapi_set_password(c->netapi_ctx, c->opt_password);
+ if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 62abef000d..41daa4180d 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -452,7 +452,7 @@ static int net_sam_policy_set(struct net_context *c, int argc, const char **argv
const char *account_policy = NULL;
uint32 value = 0;
uint32 old_value = 0;
- int field;
+ enum pdb_policy_type field;
char *endptr;
if (argc != 2 || c->display_usage) {
@@ -462,7 +462,7 @@ static int net_sam_policy_set(struct net_context *c, int argc, const char **argv
}
account_policy = argv[0];
- field = account_policy_name_to_fieldnum(account_policy);
+ field = account_policy_name_to_typenum(account_policy);
if (strequal(argv[1], "forever") || strequal(argv[1], "never")
|| strequal(argv[1], "off")) {
@@ -519,7 +519,7 @@ static int net_sam_policy_show(struct net_context *c, int argc, const char **arg
{
const char *account_policy = NULL;
uint32 old_value;
- int field;
+ enum pdb_policy_type field;
if (argc != 1 || c->display_usage) {
d_fprintf(stderr, "usage: net sam policy show"
@@ -528,7 +528,7 @@ static int net_sam_policy_show(struct net_context *c, int argc, const char **arg
}
account_policy = argv[0];
- field = account_policy_name_to_fieldnum(account_policy);
+ field = account_policy_name_to_typenum(account_policy);
if (field == 0) {
const char **names;
diff --git a/source3/utils/net_usershare.c b/source3/utils/net_usershare.c
index 992a03d813..6eacb1386c 100644
--- a/source3/utils/net_usershare.c
+++ b/source3/utils/net_usershare.c
@@ -163,7 +163,7 @@ static int net_usershare_delete(struct net_context *c, int argc, const char **ar
d_fprintf(stderr, "net usershare delete: share name %s contains "
"invalid characters (any of %s)\n",
sharename, INVALID_SHARENAME_CHARS);
- SAFE_FREE(sharename);
+ TALLOC_FREE(sharename);
return -1;
}
@@ -172,7 +172,7 @@ static int net_usershare_delete(struct net_context *c, int argc, const char **ar
lp_usershare_path(),
sharename);
if (!us_path) {
- SAFE_FREE(sharename);
+ TALLOC_FREE(sharename);
return -1;
}
@@ -180,10 +180,10 @@ static int net_usershare_delete(struct net_context *c, int argc, const char **ar
d_fprintf(stderr, "net usershare delete: unable to remove usershare %s. "
"Error was %s\n",
us_path, strerror(errno));
- SAFE_FREE(sharename);
+ TALLOC_FREE(sharename);
return -1;
}
- SAFE_FREE(sharename);
+ TALLOC_FREE(sharename);
return 0;
}
@@ -672,7 +672,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "net usershare add: maximum number of allowed usershares (%d) reached\n",
lp_usershare_max_shares() );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -681,7 +680,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
"invalid characters (any of %s)\n",
sharename, INVALID_SHARENAME_CHARS);
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -690,7 +688,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "net usershare add: share name %s is already a valid system user name\n",
sharename );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -698,7 +695,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
full_path = get_basepath(ctx);
if (!full_path) {
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
full_path_tmp = talloc_asprintf(ctx,
@@ -706,7 +702,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
full_path);
if (!full_path_tmp) {
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -715,7 +710,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
sharename);
if (!full_path) {
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -724,7 +718,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr,"net usershare add: path %s is not an absolute path.\n",
us_path);
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -734,7 +727,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
"this is a directory. Error was %s\n",
us_path, strerror(errno) );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -742,7 +734,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "net usershare add: path %s is not a directory.\n",
us_path );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -756,7 +747,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
"\tto the [global] section of the smb.conf to allow this.\n",
us_path );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -786,7 +776,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "net usershare add: malformed acl %s (missing ':').\n",
pacl );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -802,7 +791,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
"(access control must be 'r', 'f', or 'd')\n",
pacl );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -810,7 +798,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "net usershare add: malformed terminating character for acl %s\n",
pacl );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -818,7 +805,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
if ((name = talloc_strndup(ctx, pacl, pcolon - pacl)) == NULL) {
d_fprintf(stderr, "talloc_strndup failed\n");
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
if (!string_to_sid(&sid, name)) {
@@ -833,7 +819,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "\n");
}
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
}
@@ -854,7 +839,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
"but the \"usershare allow guests\" parameter is not enabled "
"by this server.\n");
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -865,7 +849,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "net usershare add: cannot create tmp file %s\n",
full_path_tmp );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -874,7 +857,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "net usershare add: cannot lstat tmp file %s\n",
full_path_tmp );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -883,7 +865,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "net usershare add: cannot fstat tmp file %s\n",
full_path_tmp );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -891,7 +872,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "net usershare add: tmp file %s is not a regular file ?\n",
full_path_tmp );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -899,7 +879,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr, "net usershare add: failed to fchmod tmp file %s to 0644n",
full_path_tmp );
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -915,7 +894,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
(unsigned int)to_write, full_path_tmp, strerror(errno));
unlink(full_path_tmp);
TALLOC_FREE(ctx);
- SAFE_FREE(sharename);
return -1;
}
@@ -926,7 +904,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
sharename, strerror(errno));
TALLOC_FREE(ctx);
close(tmpfd);
- SAFE_FREE(sharename);
return -1;
}
@@ -939,7 +916,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
net_usershare_info(c, 1, my_argv);
}
- SAFE_FREE(sharename);
TALLOC_FREE(ctx);
return 0;
}
@@ -998,6 +974,7 @@ static int net_usershare_list(struct net_context *c, int argc,
pi.ctx = ctx;
pi.op = US_LIST_OP;
+ pi.c = c;
ret = process_share_list(info_fn, &pi);
talloc_destroy(ctx);
diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c
index 50f3c1db01..8bf9aac6f2 100644
--- a/source3/utils/net_util.c
+++ b/source3/utils/net_util.c
@@ -96,22 +96,22 @@ NTSTATUS connect_to_service(struct net_context *c,
{
NTSTATUS nt_status;
int flags = 0;
- struct user_auth_info *ai = c->auth_info;
- set_cmdline_auth_info_getpass(ai);
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
- if (get_cmdline_auth_info_use_kerberos(ai)) {
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
- CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+ if (c->opt_kerberos) {
+ flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+ }
+
+ if (c->opt_kerberos && c->opt_password) {
+ flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
nt_status = cli_full_connection(cli_ctx, NULL, server_name,
server_ss, c->opt_port,
service_name, service_type,
- get_cmdline_auth_info_username(ai),
- c->opt_workgroup,
- get_cmdline_auth_info_password(ai),
- flags, Undefined, NULL);
+ c->opt_user_name, c->opt_workgroup,
+ c->opt_password, flags, Undefined, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
d_fprintf(stderr, "Could not connect to server %s\n", server_name);
@@ -131,10 +131,10 @@ NTSTATUS connect_to_service(struct net_context *c,
return nt_status;
}
- if (get_cmdline_auth_info_smb_encrypt(ai)) {
+ if (c->smb_encrypt) {
nt_status = cli_force_encryption(*cli_ctx,
- get_cmdline_auth_info_username(ai),
- get_cmdline_auth_info_password(ai),
+ c->opt_user_name,
+ c->opt_password,
c->opt_workgroup);
if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) {
@@ -234,12 +234,14 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
{
NTSTATUS nt_status;
char *user_and_realm = NULL;
- struct user_auth_info *ai = c->auth_info;
/* FIXME: Should get existing kerberos ticket if possible. */
- set_cmdline_auth_info_getpass(ai);
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
+ if (!c->opt_password) {
+ return NT_STATUS_NO_MEMORY;
+ }
- user_and_realm = get_user_and_realm(get_cmdline_auth_info_username(ai));
+ user_and_realm = get_user_and_realm(c->opt_user_name);
if (!user_and_realm) {
return NT_STATUS_NO_MEMORY;
}
@@ -248,7 +250,7 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
server_ss, c->opt_port,
"IPC$", "IPC",
user_and_realm, c->opt_workgroup,
- get_cmdline_auth_info_password(ai),
+ c->opt_password,
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
@@ -259,10 +261,10 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
return nt_status;
}
- if (get_cmdline_auth_info_smb_encrypt(ai)) {
+ if (c->smb_encrypt) {
nt_status = cli_cm_force_encryption(*cli_ctx,
user_and_realm,
- get_cmdline_auth_info_password(ai),
+ c->opt_password,
c->opt_workgroup,
"IPC$");
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -326,6 +328,50 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
return nt_status;
}
+/****************************************************************************
+ Use the local machine account (krb) and password for this session.
+****************************************************************************/
+
+int net_use_krb_machine_account(struct net_context *c)
+{
+ char *user_name = NULL;
+
+ if (!secrets_init()) {
+ d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
+ exit(1);
+ }
+
+ c->opt_password = secrets_fetch_machine_password(
+ c->opt_target_workgroup, NULL, NULL);
+ if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
+ return -1;
+ }
+ c->opt_user_name = user_name;
+ return 0;
+}
+
+/****************************************************************************
+ Use the machine account name and password for this session.
+****************************************************************************/
+
+int net_use_machine_account(struct net_context *c)
+{
+ char *user_name = NULL;
+
+ if (!secrets_init()) {
+ d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
+ exit(1);
+ }
+
+ c->opt_password = secrets_fetch_machine_password(
+ c->opt_target_workgroup, NULL, NULL);
+ if (asprintf(&user_name, "%s$", global_myname()) == -1) {
+ return -1;
+ }
+ c->opt_user_name = user_name;
+ return 0;
+}
+
bool net_find_server(struct net_context *c,
const char *domain,
unsigned flags,
@@ -489,6 +535,33 @@ done:
/****************************************************************************
****************************************************************************/
+const char *net_prompt_pass(struct net_context *c, const char *user)
+{
+ char *prompt = NULL;
+ const char *pass = NULL;
+
+ if (c->opt_password) {
+ return c->opt_password;
+ }
+
+ if (c->opt_machine_pass) {
+ return NULL;
+ }
+
+ if (c->opt_kerberos && !c->opt_user_specified) {
+ return NULL;
+ }
+
+ if (asprintf(&prompt, "Enter %s's password:", user) == -1) {
+ return NULL;
+ }
+
+ pass = getpass(prompt);
+ SAFE_FREE(prompt);
+
+ return pass;
+}
+
int net_run_function(struct net_context *c, int argc, const char **argv,
const char *whoami, struct functable *table)
{
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index a464299438..dce2f05a83 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -1109,7 +1109,7 @@ int main (int argc, char **argv)
/* account policy operations */
if ((checkparms & BIT_ACCPOLICY) && !(checkparms & ~(BIT_ACCPOLICY + BIT_ACCPOLVAL))) {
uint32 value;
- int field = account_policy_name_to_fieldnum(account_policy);
+ enum pdb_policy_type field = account_policy_name_to_typenum(account_policy);
if (field == 0) {
const char **names;
int count;