diff options
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/net.c | 45 | ||||
| -rw-r--r-- | source3/utils/net.h | 9 | ||||
| -rw-r--r-- | source3/utils/net_ads.c | 93 | ||||
| -rw-r--r-- | source3/utils/net_cache.c | 27 | ||||
| -rw-r--r-- | source3/utils/net_dom.c | 8 | ||||
| -rw-r--r-- | source3/utils/net_help.c | 1 | ||||
| -rw-r--r-- | source3/utils/net_proto.h | 3 | ||||
| -rw-r--r-- | source3/utils/net_rpc.c | 74 | ||||
| -rw-r--r-- | source3/utils/net_rpc_join.c | 3 | ||||
| -rw-r--r-- | source3/utils/net_rpc_samsync.c | 15 | ||||
| -rw-r--r-- | source3/utils/net_rpc_shell.c | 9 | ||||
| -rw-r--r-- | source3/utils/net_sam.c | 8 | ||||
| -rw-r--r-- | source3/utils/net_usershare.c | 33 | ||||
| -rw-r--r-- | source3/utils/net_util.c | 109 | ||||
| -rw-r--r-- | source3/utils/pdbedit.c | 2 |
15 files changed, 256 insertions, 183 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c index 0e3946f5a5..f8bfab3e99 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -625,6 +625,7 @@ static struct functable net_func[] = { int main(int argc, const char **argv) { int opt,i; + char *p; int rc = 0; int argc_new = 0; const char ** argv_new; @@ -635,10 +636,12 @@ static struct functable net_func[] = { struct poptOption long_options[] = { {"help", 'h', POPT_ARG_NONE, 0, 'h'}, {"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup}, + {"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'}, {"ipaddress", 'I', POPT_ARG_STRING, 0,'I'}, {"port", 'p', POPT_ARG_INT, &c->opt_port}, {"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name}, {"server", 'S', POPT_ARG_STRING, &c->opt_host}, + {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" }, {"container", 'c', POPT_ARG_STRING, &c->opt_container}, {"comment", 'C', POPT_ARG_STRING, &c->opt_comment}, {"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers}, @@ -649,13 +652,15 @@ static struct functable net_func[] = { {"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin}, {"timeout", 't', POPT_ARG_INT, &c->opt_timeout}, {"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout}, + {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass}, + {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos}, {"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup}, {"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose}, {"test", 'T', POPT_ARG_NONE, &c->opt_testmode}, /* Options for 'net groupmap set' */ {"local", 'L', POPT_ARG_NONE, &c->opt_localgroup}, {"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup}, - {"ntname", 0, POPT_ARG_STRING, &c->opt_newntname}, + {"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname}, {"rid", 'R', POPT_ARG_INT, &c->opt_rid}, /* Options for 'net rpc share migrate' */ {"acls", 0, POPT_ARG_NONE, &c->opt_acls}, @@ -670,7 +675,6 @@ static struct functable net_func[] = { {"clean-old-entries", 0, POPT_ARG_NONE, &c->opt_clean_old_entries}, POPT_COMMON_SAMBA - POPT_COMMON_CREDENTIALS { 0, 0, 0, 0} }; @@ -684,13 +688,6 @@ static struct functable net_func[] = { dbf = x_stderr; c->private_data = net_func; - c->auth_info = user_auth_info_init(frame); - if (c->auth_info == NULL) { - d_fprintf(stderr, "\nOut of memory!\n"); - exit(1); - } - popt_common_set_auth_info(c->auth_info); - pc = poptGetContext(NULL, argc, (const char **) argv, long_options, POPT_CONTEXT_KEEP_FIRST); @@ -698,7 +695,9 @@ static struct functable net_func[] = { switch (opt) { case 'h': c->display_usage = true; - set_cmdline_auth_info_password(c->auth_info, ""); + break; + case 'e': + c->smb_encrypt = true; break; case 'I': if (!interpret_string_addr(&c->opt_dest_ip, @@ -708,6 +707,15 @@ static struct functable net_func[] = { c->opt_have_ip = true; } break; + case 'U': + c->opt_user_specified = true; + c->opt_user_name = SMB_STRDUP(c->opt_user_name); + p = strchr(c->opt_user_name,'%'); + if (p) { + *p = 0; + c->opt_password = p+1; + } + break; default: d_fprintf(stderr, "\nInvalid option %s: %s\n", poptBadOption(pc, 0), poptStrerror(opt)); @@ -741,6 +749,10 @@ static struct functable net_func[] = { set_global_myname(c->opt_requester_name); } + if (!c->opt_user_name && getenv("LOGNAME")) { + c->opt_user_name = getenv("LOGNAME"); + } + if (!c->opt_workgroup) { c->opt_workgroup = smb_xstrdup(lp_workgroup()); } @@ -758,10 +770,23 @@ static struct functable net_func[] = { that it won't assert becouse we are not root */ sec_init(); + if (c->opt_machine_pass) { + /* it is very useful to be able to make ads queries as the + machine account for testing purposes and for domain leave */ + + net_use_krb_machine_account(c); + } + + if (!c->opt_password) { + c->opt_password = getenv("PASSWD"); + } + rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func); DEBUG(2,("return code = %d\n", rc)); + gencache_stabilize(); + libnetapi_free(c->netapi_ctx); poptFreeContext(pc); diff --git a/source3/utils/net.h b/source3/utils/net.h index f604d96361..d88f962d41 100644 --- a/source3/utils/net.h +++ b/source3/utils/net.h @@ -28,8 +28,11 @@ struct net_context { const char *opt_requester_name; const char *opt_host; - int opt_long_list_entries; + const char *opt_password; + const char *opt_user_name; + bool opt_user_specified; const char *opt_workgroup; + int opt_long_list_entries; int opt_reboot; int opt_force; int opt_stdin; @@ -42,6 +45,7 @@ struct net_context { int opt_timeout; int opt_request_timeout; const char *opt_target_workgroup; + int opt_machine_pass; int opt_localgroup; int opt_domaingroup; int do_talloc_report; @@ -53,14 +57,15 @@ struct net_context { const char *opt_exclude; const char *opt_destination; int opt_testmode; + bool opt_kerberos; int opt_force_full_repl; int opt_single_obj_repl; int opt_clean_old_entries; int opt_have_ip; struct sockaddr_storage opt_dest_ip; + bool smb_encrypt; struct libnetapi_ctx *netapi_ctx; - struct user_auth_info *auth_info; bool display_usage; void *private_data; diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index d82715eb45..8f76c0eb09 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -231,23 +231,32 @@ retry_connect: ads = ads_init(realm, c->opt_target_workgroup, c->opt_host); + if (!c->opt_user_name) { + c->opt_user_name = "administrator"; + } + + if (c->opt_user_specified) { + need_password = true; + } + retry: - if (need_password) { - set_cmdline_auth_info_getpass(c->auth_info); + if (!c->opt_password && need_password && !c->opt_machine_pass) { + c->opt_password = net_prompt_pass(c, c->opt_user_name); + if (!c->opt_password) { + ads_destroy(&ads); + return ADS_ERROR(LDAP_NO_MEMORY); + } } - if (get_cmdline_auth_info_got_pass(c->auth_info) || - !get_cmdline_auth_info_use_kerberos(c->auth_info)) { + if (c->opt_password) { use_in_memory_ccache(); SAFE_FREE(ads->auth.password); - ads->auth.password = smb_xstrdup( - get_cmdline_auth_info_password(c->auth_info)); + ads->auth.password = smb_xstrdup(c->opt_password); } ads->auth.flags |= auth_flags; SAFE_FREE(ads->auth.user_name); - ads->auth.user_name = smb_xstrdup( - get_cmdline_auth_info_username(c->auth_info)); + ads->auth.user_name = smb_xstrdup(c->opt_user_name); /* * If the username is of the form "name@realm", @@ -521,7 +530,7 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv) return net_ads_user_usage(c, argc, argv); } - escaped_user = escape_ldap_string_alloc(argv[0]); + escaped_user = escape_ldap_string(talloc_tos(), argv[0]); if (!escaped_user) { d_fprintf(stderr, "ads_user_info: failed to escape user %s\n", argv[0]); @@ -529,12 +538,12 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv) } if (!ADS_ERR_OK(ads_startup(c, false, &ads))) { - SAFE_FREE(escaped_user); + TALLOC_FREE(escaped_user); return -1; } if (asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user) == -1) { - SAFE_FREE(escaped_user); + TALLOC_FREE(escaped_user); return -1; } rc = ads_search(ads, &res, searchstring, attrs); @@ -543,7 +552,7 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv) if (!ADS_ERR_OK(rc)) { d_fprintf(stderr, "ads_search: %s\n", ads_errstr(rc)); ads_destroy(&ads); - SAFE_FREE(escaped_user); + TALLOC_FREE(escaped_user); return -1; } @@ -563,7 +572,7 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv) ads_msgfree(ads, res); ads_destroy(&ads); - SAFE_FREE(escaped_user); + TALLOC_FREE(escaped_user); return 0; } @@ -866,7 +875,6 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) TALLOC_CTX *ctx; struct libnet_UnjoinCtx *r = NULL; WERROR werr; - struct user_auth_info *ai = c->auth_info; if (c->display_usage) { d_printf("Usage:\n" @@ -885,7 +893,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) return -1; } - if (!get_cmdline_auth_info_use_kerberos(ai)) { + if (!c->opt_kerberos) { use_in_memory_ccache(); } @@ -895,14 +903,12 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) return -1; } - set_cmdline_auth_info_getpass(ai); - r->in.debug = true; - r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai); + r->in.use_kerberos = c->opt_kerberos; r->in.dc_name = c->opt_host; r->in.domain_name = lp_realm(); - r->in.admin_account = get_cmdline_auth_info_username(ai); - r->in.admin_password = get_cmdline_auth_info_password(ai); + r->in.admin_account = c->opt_user_name; + r->in.admin_password = net_prompt_pass(c, c->opt_user_name); r->in.modify_config = lp_config_backend_is_registry(); /* Try to delete it, but if that fails, disable it. The @@ -960,8 +966,7 @@ static NTSTATUS net_ads_join_ok(struct net_context *c) return NT_STATUS_ACCESS_DENIED; } - set_cmdline_auth_info_use_machine_account(c->auth_info); - set_cmdline_auth_info_machine_account_creds(c->auth_info); + net_use_krb_machine_account(c); status = ads_startup(c, true, &ads); if (!ADS_ERR_OK(status)) { @@ -1192,7 +1197,6 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) const char *os_name = NULL; const char *os_version = NULL; bool modify_config = lp_config_backend_is_registry(); - struct user_auth_info *ai = c->auth_info;; if (c->display_usage) return net_ads_join_usage(c, argc, argv); @@ -1212,7 +1216,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) goto fail; } - if (!get_cmdline_auth_info_use_kerberos(ai)) { + if (!c->opt_kerberos) { use_in_memory_ccache(); } @@ -1262,8 +1266,6 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) /* Do the domain join here */ - set_cmdline_auth_info_getpass(ai); - r->in.domain_name = domain; r->in.create_upn = createupn; r->in.upn = machineupn; @@ -1271,10 +1273,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) r->in.os_name = os_name; r->in.os_version = os_version; r->in.dc_name = c->opt_host; - r->in.admin_account = get_cmdline_auth_info_username(ai); - r->in.admin_password = get_cmdline_auth_info_password(ai); + r->in.admin_account = c->opt_user_name; + r->in.admin_password = net_prompt_pass(c, c->opt_user_name); r->in.debug = true; - r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai); + r->in.use_kerberos = c->opt_kerberos; r->in.modify_config = modify_config; r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | @@ -1585,7 +1587,6 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * char *prt_dn, *srv_dn, **srv_cn; char *srv_cn_escaped = NULL, *printername_escaped = NULL; LDAPMessage *res = NULL; - struct user_auth_info *ai = c->auth_info; if (argc < 1 || c->display_usage) { d_printf("Usage:\n" @@ -1617,9 +1618,8 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * nt_status = cli_full_connection(&cli, global_myname(), servername, &server_ss, 0, "IPC$", "IPC", - get_cmdline_auth_info_username(ai), - c->opt_workgroup, - get_cmdline_auth_info_password(ai), + c->opt_user_name, c->opt_workgroup, + c->opt_password ? c->opt_password : "", CLI_FULL_CONNECTION_USE_KERBEROS, Undefined, NULL); @@ -1807,8 +1807,8 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv) static int net_ads_password(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; - const char *auth_principal; - const char *auth_password; + const char *auth_principal = c->opt_user_name; + const char *auth_password = c->opt_password; char *realm = NULL; char *new_password = NULL; char *chr, *prompt; @@ -1823,9 +1823,10 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv) return 0; } - auth_principal = get_cmdline_auth_info_username(c->auth_info); - set_cmdline_auth_info_getpass(c->auth_info); - auth_password = get_cmdline_auth_info_password(c->auth_info); + if (c->opt_user_name == NULL || c->opt_password == NULL) { + d_fprintf(stderr, "You must supply an administrator username/password\n"); + return -1; + } if (argc < 1) { d_fprintf(stderr, "ERROR: You must say which username to change password for\n"); @@ -1907,7 +1908,7 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv) return -1; } - set_cmdline_auth_info_use_machine_account(c->auth_info); + net_use_krb_machine_account(c); use_in_memory_ccache(); @@ -2289,7 +2290,6 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar TALLOC_CTX *mem_ctx = NULL; NTSTATUS status; int ret = -1; - struct user_auth_info *ai = c->auth_info; if (c->display_usage) { d_printf("Usage:\n" @@ -2303,11 +2303,11 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar goto out; } - set_cmdline_auth_info_getpass(ai); + c->opt_password = net_prompt_pass(c, c->opt_user_name); status = kerberos_return_pac(mem_ctx, - get_cmdline_auth_info_username(ai), - get_cmdline_auth_info_password(ai), + c->opt_user_name, + c->opt_password, 0, NULL, NULL, @@ -2340,7 +2340,6 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** TALLOC_CTX *mem_ctx = NULL; int ret = -1; NTSTATUS status; - struct user_auth_info *ai = c->auth_info; if (c->display_usage) { d_printf("Usage:\n" @@ -2354,10 +2353,10 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** goto out; } - set_cmdline_auth_info_getpass(ai); + c->opt_password = net_prompt_pass(c, c->opt_user_name); - ret = kerberos_kinit_password_ext(get_cmdline_auth_info_username(ai), - get_cmdline_auth_info_password(ai), + ret = kerberos_kinit_password_ext(c->opt_user_name, + c->opt_password, 0, NULL, NULL, diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c index 5e7db38515..36cd12fb82 100644 --- a/source3/utils/net_cache.c +++ b/source3/utils/net_cache.c @@ -171,12 +171,10 @@ static int net_cache_add(struct net_context *c, int argc, const char **argv) if (gencache_set(keystr, datastr, timeout)) { d_printf("New cache entry stored successfully.\n"); - gencache_shutdown(); return 0; } d_fprintf(stderr, "Entry couldn't be added. Perhaps there's already such a key.\n"); - gencache_shutdown(); return -1; } @@ -275,7 +273,6 @@ static int net_cache_list(struct net_context *c, int argc, const char **argv) return 0; } gencache_iterate(print_cache_entry, NULL, pattern); - gencache_shutdown(); return 0; } @@ -297,10 +294,24 @@ static int net_cache_flush(struct net_context *c, int argc, const char **argv) return 0; } gencache_iterate(delete_cache_entry, NULL, pattern); - gencache_shutdown(); return 0; } +static int net_cache_stabilize(struct net_context *c, int argc, + const char **argv) +{ + if (c->display_usage) { + d_printf("Usage:\n" + "net cache flush\n" + " Delete all cache entries.\n"); + return 0; + } + + if (!gencache_stabilize()) { + return -1; + } + return 0; +} /** * Entry point to 'net cache' subfunctionality * @@ -366,6 +377,14 @@ int net_cache(struct net_context *c, int argc, const char **argv) "net cache flush\n" " Delete all cache entries" }, + { + "stabilize", + net_cache_stabilize, + NET_TRANSPORT_LOCAL, + "Move transient cache content to stable storage", + "net cache stabilize\n" + " Move transient cache content to stable storage" + }, {NULL, NULL, 0, NULL, NULL} }; diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c index a13f52c519..401079777f 100644 --- a/source3/utils/net_dom.c +++ b/source3/utils/net_dom.c @@ -368,11 +368,9 @@ int net_dom(struct net_context *c, int argc, const char **argv) return -1; } - libnetapi_set_username(c->netapi_ctx, - get_cmdline_auth_info_username(c->auth_info)); - libnetapi_set_password(c->netapi_ctx, - get_cmdline_auth_info_password(c->auth_info)); - if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { + libnetapi_set_username(c->netapi_ctx, c->opt_user_name); + libnetapi_set_password(c->netapi_ctx, c->opt_password); + if (c->opt_kerberos) { libnetapi_set_use_kerberos(c->netapi_ctx); } diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c index 5a170790c5..0502373aa2 100644 --- a/source3/utils/net_help.c +++ b/source3/utils/net_help.c @@ -65,6 +65,5 @@ int net_help(struct net_context *c, int argc, const char **argv) } c->display_usage = true; - set_cmdline_auth_info_password(c->auth_info, ""); return net_run_function(c, argc, argv, "net help", func); } diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 8a09147aad..75ac032db9 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -459,6 +459,8 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, struct rpc_pipe_client **pp_pipe_hnd, const struct ndr_syntax_id *interface); +int net_use_krb_machine_account(struct net_context *c); +int net_use_machine_account(struct net_context *c); bool net_find_server(struct net_context *c, const char *domain, unsigned flags, @@ -473,6 +475,7 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain, const char *server, struct sockaddr_storage *pss, unsigned flags, struct cli_state **pcli); +const char *net_prompt_pass(struct net_context *c, const char *user); int net_run_function(struct net_context *c, int argc, const char **argv, const char *whoami, struct functable *table); void net_display_usage_from_functable(struct functable *table); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 0118b4818a..f6f90030fe 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -25,8 +25,7 @@ #include "../libcli/auth/libcli_auth.h" static int net_mode_share; -static bool sync_files(struct copy_clistate *cp_clistate, const char *mask, - const struct user_auth_info *auth_info); +static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); /** * @file net_rpc.c @@ -123,7 +122,6 @@ int run_rpc_command(struct net_context *c, DOM_SID *domain_sid; const char *domain_name; int ret = -1; - struct user_auth_info *ai = c->auth_info; /* make use of cli_state handed over as an argument, if possible */ if (!cli_arg) { @@ -173,10 +171,8 @@ int run_rpc_command(struct net_context *c, nt_status = cli_rpc_pipe_open_ntlmssp( cli, interface, PIPE_AUTH_LEVEL_PRIVACY, - lp_workgroup(), - get_cmdline_auth_info_username(ai), - get_cmdline_auth_info_password(ai), - &pipe_hnd); + lp_workgroup(), c->opt_user_name, + c->opt_password, &pipe_hnd); } else { nt_status = cli_rpc_pipe_open_noauth( cli, interface, @@ -944,12 +940,9 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - set_cmdline_auth_info_getpass(c->auth_info); - libnetapi_set_username(c->netapi_ctx, - get_cmdline_auth_info_username(c->auth_info)); - libnetapi_set_password(c->netapi_ctx, - get_cmdline_auth_info_password(c->auth_info)); - if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { + libnetapi_set_username(c->netapi_ctx, c->opt_user_name); + libnetapi_set_password(c->netapi_ctx, c->opt_password); + if (c->opt_kerberos) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -2763,12 +2756,9 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - set_cmdline_auth_info_getpass(c->auth_info); - libnetapi_set_username(c->netapi_ctx, - get_cmdline_auth_info_username(c->auth_info)); - libnetapi_set_password(c->netapi_ctx, - get_cmdline_auth_info_password(c->auth_info)); - if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { + libnetapi_set_username(c->netapi_ctx, c->opt_user_name); + libnetapi_set_password(c->netapi_ctx, c->opt_password); + if (c->opt_kerberos) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -3255,7 +3245,7 @@ static void copy_fn(const char *mnt, file_info *f, old_dir = local_state->cwd; local_state->cwd = dir; - if (!sync_files(local_state, new_mask, c->auth_info)) + if (!sync_files(local_state, new_mask)) printf("could not handle files\n"); local_state->cwd = old_dir; @@ -3302,18 +3292,15 @@ static void copy_fn(const char *mnt, file_info *f, * * @return Boolean result **/ -static bool sync_files(struct copy_clistate *cp_clistate, const char *mask, - const struct user_auth_info *auth_info) +static bool sync_files(struct copy_clistate *cp_clistate, const char *mask) { struct cli_state *targetcli; char *targetpath = NULL; DEBUG(3,("calling cli_list with mask: %s\n", mask)); - - if ( !cli_resolve_path(talloc_tos(), "", auth_info, - cp_clistate->cli_share_src, mask, &targetcli, - &targetpath ) ) { + if ( !cli_resolve_path(talloc_tos(), "", NULL, cp_clistate->cli_share_src, + mask, &targetcli, &targetpath ) ) { d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n", mask, cli_errstr(cp_clistate->cli_share_src)); return false; @@ -3476,7 +3463,7 @@ static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c, goto done; } - if (!sync_files(&cp_clistate, mask, c->auth_info)) { + if (!sync_files(&cp_clistate, mask)) { d_fprintf(stderr, "could not handle files for share: %s\n", info502.name); nt_status = NT_STATUS_UNSUCCESSFUL; goto done; @@ -4577,12 +4564,9 @@ int net_rpc_share(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - set_cmdline_auth_info_getpass(c->auth_info); - libnetapi_set_username(c->netapi_ctx, - get_cmdline_auth_info_username(c->auth_info)); - libnetapi_set_password(c->netapi_ctx, - get_cmdline_auth_info_password(c->auth_info)); - if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { + libnetapi_set_username(c->netapi_ctx, c->opt_user_name); + libnetapi_set_password(c->netapi_ctx, c->opt_password); + if (c->opt_kerberos) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -4855,12 +4839,9 @@ int net_rpc_file(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - set_cmdline_auth_info_getpass(c->auth_info); - libnetapi_set_username(c->netapi_ctx, - get_cmdline_auth_info_username(c->auth_info)); - libnetapi_set_password(c->netapi_ctx, - get_cmdline_auth_info_password(c->auth_info)); - if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { + libnetapi_set_username(c->netapi_ctx, c->opt_user_name); + libnetapi_set_password(c->netapi_ctx, c->opt_password); + if (c->opt_kerberos) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -5550,7 +5531,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, c->opt_workgroup = smb_xstrdup(domain_name); }; - set_cmdline_auth_info_username(c->auth_info, acct_name); + c->opt_user_name = acct_name; /* find the domain controller */ if (!net_find_pdc(&server_ss, pdc_name, domain_name)) { @@ -5647,9 +5628,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, * Store the password in secrets db */ - if (!pdb_set_trusteddom_pw(domain_name, - get_cmdline_auth_info_password(c->auth_info), - domain_sid)) { + if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) { DEBUG(0, ("Storing password for trusted domain failed.\n")); cli_shutdown(cli); talloc_destroy(mem_ctx); @@ -7211,12 +7190,9 @@ int net_rpc(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - set_cmdline_auth_info_getpass(c->auth_info); - libnetapi_set_username(c->netapi_ctx, - get_cmdline_auth_info_username(c->auth_info)); - libnetapi_set_password(c->netapi_ctx, - get_cmdline_auth_info_password(c->auth_info)); - if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { + libnetapi_set_username(c->netapi_ctx, c->opt_user_name); + libnetapi_set_password(c->netapi_ctx, c->opt_password); + if (c->opt_kerberos) { libnetapi_set_use_kerberos(c->netapi_ctx); } diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index cae2491aed..ed0311317d 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -58,8 +58,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, if (sec == SEC_ADS) { /* Connect to IPC$ using machine account's credentials. We don't use anonymous connection here, as it may be denied by server's local policy. */ - set_cmdline_auth_info_use_machine_account(c->auth_info); - set_cmdline_auth_info_machine_account_creds(c->auth_info); + net_use_machine_account(c); } else { /* some servers (e.g. WinNT) don't accept machine-authenticated diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index bd5047c1ff..309be171cc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -379,8 +379,8 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, ctx->cli = pipe_hnd; ctx->ops = &libnet_samsync_keytab_ops; ctx->domain_name = domain_name; - ctx->username = get_cmdline_auth_info_username(c->auth_info); - ctx->password = get_cmdline_auth_info_password(c->auth_info); + ctx->username = c->opt_user_name; + ctx->password = c->opt_password; ctx->force_full_replication = c->opt_force_full_repl ? true : false; ctx->clean_old_entries = c->opt_clean_old_entries ? true : false; @@ -493,17 +493,20 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) if (!dc_info.is_ad) { printf("DC is not running Active Directory\n"); - return -1; - } - - if (dc_info.is_mixed_mode) { ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id, 0, rpc_vampire_keytab_internals, argc, argv); + return -1; } else { ret = run_rpc_command(c, cli, &ndr_table_drsuapi.syntax_id, NET_FLAGS_SEAL, rpc_vampire_keytab_ds_internals, argc, argv); + if (ret != 0 && dc_info.is_mixed_mode) { + printf("Fallback to NT4 vampire on Mixed-Mode AD Domain\n"); + ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id, + 0, + rpc_vampire_keytab_internals, argc, argv); + } } return ret; diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c index dc13e91423..3aaed1ed18 100644 --- a/source3/utils/net_rpc_shell.c +++ b/source3/utils/net_rpc_shell.c @@ -220,12 +220,9 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv) if (libnetapi_init(&c->netapi_ctx) != 0) { return -1; } - set_cmdline_auth_info_getpass(c->auth_info); - libnetapi_set_username(c->netapi_ctx, - get_cmdline_auth_info_username(c->auth_info)); - libnetapi_set_password(c->netapi_ctx, - get_cmdline_auth_info_password(c->auth_info)); - if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { + libnetapi_set_username(c->netapi_ctx, c->opt_user_name); + libnetapi_set_password(c->netapi_ctx, c->opt_password); + if (c->opt_kerberos) { libnetapi_set_use_kerberos(c->netapi_ctx); } diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 62abef000d..41daa4180d 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -452,7 +452,7 @@ static int net_sam_policy_set(struct net_context *c, int argc, const char **argv const char *account_policy = NULL; uint32 value = 0; uint32 old_value = 0; - int field; + enum pdb_policy_type field; char *endptr; if (argc != 2 || c->display_usage) { @@ -462,7 +462,7 @@ static int net_sam_policy_set(struct net_context *c, int argc, const char **argv } account_policy = argv[0]; - field = account_policy_name_to_fieldnum(account_policy); + field = account_policy_name_to_typenum(account_policy); if (strequal(argv[1], "forever") || strequal(argv[1], "never") || strequal(argv[1], "off")) { @@ -519,7 +519,7 @@ static int net_sam_policy_show(struct net_context *c, int argc, const char **arg { const char *account_policy = NULL; uint32 old_value; - int field; + enum pdb_policy_type field; if (argc != 1 || c->display_usage) { d_fprintf(stderr, "usage: net sam policy show" @@ -528,7 +528,7 @@ static int net_sam_policy_show(struct net_context *c, int argc, const char **arg } account_policy = argv[0]; - field = account_policy_name_to_fieldnum(account_policy); + field = account_policy_name_to_typenum(account_policy); if (field == 0) { const char **names; diff --git a/source3/utils/net_usershare.c b/source3/utils/net_usershare.c index 992a03d813..6eacb1386c 100644 --- a/source3/utils/net_usershare.c +++ b/source3/utils/net_usershare.c @@ -163,7 +163,7 @@ static int net_usershare_delete(struct net_context *c, int argc, const char **ar d_fprintf(stderr, "net usershare delete: share name %s contains " "invalid characters (any of %s)\n", sharename, INVALID_SHARENAME_CHARS); - SAFE_FREE(sharename); + TALLOC_FREE(sharename); return -1; } @@ -172,7 +172,7 @@ static int net_usershare_delete(struct net_context *c, int argc, const char **ar lp_usershare_path(), sharename); if (!us_path) { - SAFE_FREE(sharename); + TALLOC_FREE(sharename); return -1; } @@ -180,10 +180,10 @@ static int net_usershare_delete(struct net_context *c, int argc, const char **ar d_fprintf(stderr, "net usershare delete: unable to remove usershare %s. " "Error was %s\n", us_path, strerror(errno)); - SAFE_FREE(sharename); + TALLOC_FREE(sharename); return -1; } - SAFE_FREE(sharename); + TALLOC_FREE(sharename); return 0; } @@ -672,7 +672,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "net usershare add: maximum number of allowed usershares (%d) reached\n", lp_usershare_max_shares() ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -681,7 +680,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) "invalid characters (any of %s)\n", sharename, INVALID_SHARENAME_CHARS); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -690,7 +688,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "net usershare add: share name %s is already a valid system user name\n", sharename ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -698,7 +695,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) full_path = get_basepath(ctx); if (!full_path) { TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } full_path_tmp = talloc_asprintf(ctx, @@ -706,7 +702,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) full_path); if (!full_path_tmp) { TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -715,7 +710,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) sharename); if (!full_path) { TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -724,7 +718,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr,"net usershare add: path %s is not an absolute path.\n", us_path); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -734,7 +727,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) "this is a directory. Error was %s\n", us_path, strerror(errno) ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -742,7 +734,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "net usershare add: path %s is not a directory.\n", us_path ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -756,7 +747,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) "\tto the [global] section of the smb.conf to allow this.\n", us_path ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -786,7 +776,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "net usershare add: malformed acl %s (missing ':').\n", pacl ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -802,7 +791,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) "(access control must be 'r', 'f', or 'd')\n", pacl ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -810,7 +798,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "net usershare add: malformed terminating character for acl %s\n", pacl ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -818,7 +805,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) if ((name = talloc_strndup(ctx, pacl, pcolon - pacl)) == NULL) { d_fprintf(stderr, "talloc_strndup failed\n"); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } if (!string_to_sid(&sid, name)) { @@ -833,7 +819,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "\n"); } TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } } @@ -854,7 +839,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) "but the \"usershare allow guests\" parameter is not enabled " "by this server.\n"); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -865,7 +849,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "net usershare add: cannot create tmp file %s\n", full_path_tmp ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -874,7 +857,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "net usershare add: cannot lstat tmp file %s\n", full_path_tmp ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -883,7 +865,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "net usershare add: cannot fstat tmp file %s\n", full_path_tmp ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -891,7 +872,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "net usershare add: tmp file %s is not a regular file ?\n", full_path_tmp ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -899,7 +879,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, "net usershare add: failed to fchmod tmp file %s to 0644n", full_path_tmp ); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -915,7 +894,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) (unsigned int)to_write, full_path_tmp, strerror(errno)); unlink(full_path_tmp); TALLOC_FREE(ctx); - SAFE_FREE(sharename); return -1; } @@ -926,7 +904,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) sharename, strerror(errno)); TALLOC_FREE(ctx); close(tmpfd); - SAFE_FREE(sharename); return -1; } @@ -939,7 +916,6 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) net_usershare_info(c, 1, my_argv); } - SAFE_FREE(sharename); TALLOC_FREE(ctx); return 0; } @@ -998,6 +974,7 @@ static int net_usershare_list(struct net_context *c, int argc, pi.ctx = ctx; pi.op = US_LIST_OP; + pi.c = c; ret = process_share_list(info_fn, &pi); talloc_destroy(ctx); diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 50f3c1db01..8bf9aac6f2 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -96,22 +96,22 @@ NTSTATUS connect_to_service(struct net_context *c, { NTSTATUS nt_status; int flags = 0; - struct user_auth_info *ai = c->auth_info; - set_cmdline_auth_info_getpass(ai); + c->opt_password = net_prompt_pass(c, c->opt_user_name); - if (get_cmdline_auth_info_use_kerberos(ai)) { - flags |= CLI_FULL_CONNECTION_USE_KERBEROS | - CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; + if (c->opt_kerberos) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS; + } + + if (c->opt_kerberos && c->opt_password) { + flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } nt_status = cli_full_connection(cli_ctx, NULL, server_name, server_ss, c->opt_port, service_name, service_type, - get_cmdline_auth_info_username(ai), - c->opt_workgroup, - get_cmdline_auth_info_password(ai), - flags, Undefined, NULL); + c->opt_user_name, c->opt_workgroup, + c->opt_password, flags, Undefined, NULL); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Could not connect to server %s\n", server_name); @@ -131,10 +131,10 @@ NTSTATUS connect_to_service(struct net_context *c, return nt_status; } - if (get_cmdline_auth_info_smb_encrypt(ai)) { + if (c->smb_encrypt) { nt_status = cli_force_encryption(*cli_ctx, - get_cmdline_auth_info_username(ai), - get_cmdline_auth_info_password(ai), + c->opt_user_name, + c->opt_password, c->opt_workgroup); if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) { @@ -234,12 +234,14 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, { NTSTATUS nt_status; char *user_and_realm = NULL; - struct user_auth_info *ai = c->auth_info; /* FIXME: Should get existing kerberos ticket if possible. */ - set_cmdline_auth_info_getpass(ai); + c->opt_password = net_prompt_pass(c, c->opt_user_name); + if (!c->opt_password) { + return NT_STATUS_NO_MEMORY; + } - user_and_realm = get_user_and_realm(get_cmdline_auth_info_username(ai)); + user_and_realm = get_user_and_realm(c->opt_user_name); if (!user_and_realm) { return NT_STATUS_NO_MEMORY; } @@ -248,7 +250,7 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, server_ss, c->opt_port, "IPC$", "IPC", user_and_realm, c->opt_workgroup, - get_cmdline_auth_info_password(ai), + c->opt_password, CLI_FULL_CONNECTION_USE_KERBEROS, Undefined, NULL); @@ -259,10 +261,10 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, return nt_status; } - if (get_cmdline_auth_info_smb_encrypt(ai)) { + if (c->smb_encrypt) { nt_status = cli_cm_force_encryption(*cli_ctx, user_and_realm, - get_cmdline_auth_info_password(ai), + c->opt_password, c->opt_workgroup, "IPC$"); if (!NT_STATUS_IS_OK(nt_status)) { @@ -326,6 +328,50 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, return nt_status; } +/**************************************************************************** + Use the local machine account (krb) and password for this session. +****************************************************************************/ + +int net_use_krb_machine_account(struct net_context *c) +{ + char *user_name = NULL; + + if (!secrets_init()) { + d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); + exit(1); + } + + c->opt_password = secrets_fetch_machine_password( + c->opt_target_workgroup, NULL, NULL); + if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) { + return -1; + } + c->opt_user_name = user_name; + return 0; +} + +/**************************************************************************** + Use the machine account name and password for this session. +****************************************************************************/ + +int net_use_machine_account(struct net_context *c) +{ + char *user_name = NULL; + + if (!secrets_init()) { + d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); + exit(1); + } + + c->opt_password = secrets_fetch_machine_password( + c->opt_target_workgroup, NULL, NULL); + if (asprintf(&user_name, "%s$", global_myname()) == -1) { + return -1; + } + c->opt_user_name = user_name; + return 0; +} + bool net_find_server(struct net_context *c, const char *domain, unsigned flags, @@ -489,6 +535,33 @@ done: /**************************************************************************** ****************************************************************************/ +const char *net_prompt_pass(struct net_context *c, const char *user) +{ + char *prompt = NULL; + const char *pass = NULL; + + if (c->opt_password) { + return c->opt_password; + } + + if (c->opt_machine_pass) { + return NULL; + } + + if (c->opt_kerberos && !c->opt_user_specified) { + return NULL; + } + + if (asprintf(&prompt, "Enter %s's password:", user) == -1) { + return NULL; + } + + pass = getpass(prompt); + SAFE_FREE(prompt); + + return pass; +} + int net_run_function(struct net_context *c, int argc, const char **argv, const char *whoami, struct functable *table) { diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index a464299438..dce2f05a83 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -1109,7 +1109,7 @@ int main (int argc, char **argv) /* account policy operations */ if ((checkparms & BIT_ACCPOLICY) && !(checkparms & ~(BIT_ACCPOLICY + BIT_ACCPOLVAL))) { uint32 value; - int field = account_policy_name_to_fieldnum(account_policy); + enum pdb_policy_type field = account_policy_name_to_typenum(account_policy); if (field == 0) { const char **names; int count; |