5 files changed, 469 insertions, 0 deletions
diff --git a/source4/lib/cmdline/config.mk b/source4/lib/cmdline/config.mk
new file mode 100644
index 0000000000..4434ff3701
--- /dev/null
+++ b/source4/lib/cmdline/config.mk
@@ -0,0 +1,21 @@
+[SUBSYSTEM::LIBCMDLINE_CREDENTIALS]
+PUBLIC_DEPENDENCIES = CREDENTIALS LIBPOPT
+
+LIBCMDLINE_CREDENTIALS_OBJ_FILES = $(libcmdlinesrcdir)/credentials.o
+
+$(eval $(call proto_header_template,$(libcmdlinesrcdir)/credentials.h,$(LIBCMDLINE_CREDENTIALS_OBJ_FILES:.o=.c)))
+
+[SUBSYSTEM::POPT_SAMBA]
+PUBLIC_DEPENDENCIES = LIBPOPT
+
+POPT_SAMBA_OBJ_FILES = $(libcmdlinesrcdir)/popt_common.o
+
+PUBLIC_HEADERS += $(libcmdlinesrcdir)/popt_common.h 
+
+[SUBSYSTEM::POPT_CREDENTIALS]
+PUBLIC_DEPENDENCIES = CREDENTIALS LIBCMDLINE_CREDENTIALS LIBPOPT
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL
+
+POPT_CREDENTIALS_OBJ_FILES = $(libcmdlinesrcdir)/popt_credentials.o
+
+$(eval $(call proto_header_template,$(libcmdlinesrcdir)/popt_credentials.h,$(POPT_CREDENTIALS_OBJ_FILES:.o=.c)))
diff --git a/source4/lib/cmdline/credentials.c b/source4/lib/cmdline/credentials.c
new file mode 100644
index 0000000000..2e5c6fd94a
--- /dev/null
+++ b/source4/lib/cmdline/credentials.c
@@ -0,0 +1,49 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Jelmer Vernooij 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "auth/credentials/credentials.h"
+
+static const char *cmdline_get_userpassword(struct cli_credentials *credentials)
+{
+	char *ret;
+	TALLOC_CTX *mem_ctx = talloc_new(NULL);
+
+	const char *prompt_name = cli_credentials_get_unparsed_name(credentials, mem_ctx);
+	const char *prompt;
+
+	prompt = talloc_asprintf(mem_ctx, "Password for [%s]:", 
+				 prompt_name);
+
+	ret = getpass(prompt);
+
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+bool cli_credentials_set_cmdline_callbacks(struct cli_credentials *cred)
+{
+	if (isatty(fileno(stdout))) {
+		cli_credentials_set_password_callback(cred, cmdline_get_userpassword);
+		return true;
+	}
+
+	return false;
+}
diff --git a/source4/lib/cmdline/popt_common.c b/source4/lib/cmdline/popt_common.c
new file mode 100644
index 0000000000..96d8b8b40a
--- /dev/null
+++ b/source4/lib/cmdline/popt_common.c
@@ -0,0 +1,221 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Common popt routines
+
+   Copyright (C) Tim Potter 2001,2002
+   Copyright (C) Jelmer Vernooij 2002,2003,2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "version.h"
+#include "lib/cmdline/popt_common.h"
+#include "param/param.h"
+#include "dynconfig/dynconfig.h"
+
+/* Handle command line options:
+ *		-d,--debuglevel 
+ *		-s,--configfile 
+ *		-O,--socket-options 
+ *		-V,--version
+ *		-l,--log-base
+ *		-n,--netbios-name
+ *		-W,--workgroup
+ *		--realm
+ *		-i,--scope
+ */
+
+enum {OPT_OPTION=1,OPT_LEAK_REPORT,OPT_LEAK_REPORT_FULL,OPT_DEBUG_STDERR};
+
+struct cli_credentials *cmdline_credentials = NULL;
+struct loadparm_context *cmdline_lp_ctx = NULL;
+
+static void popt_version_callback(poptContext con,
+			   enum poptCallbackReason reason,
+			   const struct poptOption *opt,
+			   const char *arg, const void *data)
+{
+	switch(opt->val) {
+	case 'V':
+		printf("Version %s\n", SAMBA_VERSION_STRING );
+		exit(0);
+	}
+}
+
+static void popt_samba_callback(poptContext con, 
+			   enum poptCallbackReason reason,
+			   const struct poptOption *opt,
+			   const char *arg, const void *data)
+{
+	const char *pname;
+
+	if (reason == POPT_CALLBACK_REASON_POST) {
+		if (lp_configfile(cmdline_lp_ctx) == NULL) {
+			if (getenv("SMB_CONF_PATH"))
+				lp_load(cmdline_lp_ctx, getenv("SMB_CONF_PATH"));
+			else
+				lp_load(cmdline_lp_ctx, dyn_CONFIGFILE);
+		}
+		/* Hook any 'every Samba program must do this, after
+		 * the smb.conf is setup' functions here */
+		return;
+	}
+
+	/* Find out basename of current program */
+	pname = strrchr_m(poptGetInvocationName(con),'/');
+
+	if (!pname)
+		pname = poptGetInvocationName(con);
+	else 
+		pname++;
+
+	if (reason == POPT_CALLBACK_REASON_PRE) {
+		if (global_loadparm != NULL) {
+			cmdline_lp_ctx = global_loadparm;
+		} else {
+			cmdline_lp_ctx = global_loadparm = loadparm_init(talloc_autofree_context());
+		}
+
+		/* Hook for 'almost the first thing to do in a samba program' here */
+		/* setup for panics */
+		fault_setup(poptGetInvocationName(con));
+
+		/* and logging */
+		setup_logging(pname, DEBUG_STDOUT);
+
+		return;
+	}
+
+	switch(opt->val) {
+
+	case OPT_LEAK_REPORT:
+		talloc_enable_leak_report();
+		break;
+
+	case OPT_LEAK_REPORT_FULL:
+		talloc_enable_leak_report_full();
+		break;
+
+	case OPT_OPTION:
+		if (!lp_set_option(cmdline_lp_ctx, arg)) {
+			fprintf(stderr, "Error setting option '%s'\n", arg);
+			exit(1);
+		}
+		break;
+
+	case 'd':
+		lp_set_cmdline(cmdline_lp_ctx, "log level", arg);
+		break;
+
+	case OPT_DEBUG_STDERR:
+		setup_logging(pname, DEBUG_STDERR);
+		break;
+
+	case 's':
+		if (arg) {
+			lp_load(cmdline_lp_ctx, arg);
+		}
+		break;
+
+	case 'l':
+		if (arg) {
+			char *new_logfile = talloc_asprintf(NULL, "%s/log.%s", arg, pname);
+			lp_set_cmdline(cmdline_lp_ctx, "log file", new_logfile);
+			talloc_free(new_logfile);
+		}
+		break;
+	
+
+	}
+
+}
+
+
+static void popt_common_callback(poptContext con, 
+			   enum poptCallbackReason reason,
+			   const struct poptOption *opt,
+			   const char *arg, const void *data)
+{
+	struct loadparm_context *lp_ctx = cmdline_lp_ctx;
+
+	switch(opt->val) {
+	case 'O':
+		if (arg) {
+			lp_set_cmdline(lp_ctx, "socket options", arg);
+		}
+		break;
+	
+	case 'W':
+		lp_set_cmdline(lp_ctx, "workgroup", arg);
+		break;
+
+	case 'r':
+		lp_set_cmdline(lp_ctx, "realm", arg);
+		break;
+		
+	case 'n':
+		lp_set_cmdline(lp_ctx, "netbios name", arg);
+		break;
+		
+	case 'i':
+		lp_set_cmdline(lp_ctx, "netbios scope", arg);
+		break;
+
+	case 'm':
+		lp_set_cmdline(lp_ctx, "client max protocol", arg);
+		break;
+
+	case 'R':
+		lp_set_cmdline(lp_ctx, "name resolve order", arg);
+		break;
+
+	case 'S':
+		lp_set_cmdline(lp_ctx, "client signing", arg);
+		break;
+
+	}
+}
+
+struct poptOption popt_common_connection[] = {
+	{ NULL, 0, POPT_ARG_CALLBACK, (void *)popt_common_callback },
+	{ "name-resolve", 'R', POPT_ARG_STRING, NULL, 'R', "Use these name resolution services only", "NAME-RESOLVE-ORDER" },
+	{ "socket-options", 'O', POPT_ARG_STRING, NULL, 'O', "socket options to use", "SOCKETOPTIONS" },
+	{ "netbiosname", 'n', POPT_ARG_STRING, NULL, 'n', "Primary netbios name", "NETBIOSNAME" },
+	{ "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" },
+	{ "workgroup", 'W', POPT_ARG_STRING, NULL, 'W', "Set the workgroup name", "WORKGROUP" },
+	{ "realm", 0, POPT_ARG_STRING, NULL, 'r', "Set the realm name", "REALM" },
+	{ "scope", 'i', POPT_ARG_STRING, NULL, 'i', "Use this Netbios scope", "SCOPE" },
+	{ "maxprotocol", 'm', POPT_ARG_STRING, NULL, 'm', "Set max protocol level", "MAXPROTOCOL" },
+	{ NULL }
+};
+
+struct poptOption popt_common_samba[] = {
+	{ NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_samba_callback },
+	{ "debuglevel",   'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" },
+	{ "debug-stderr", 0, POPT_ARG_NONE, NULL, OPT_DEBUG_STDERR, "Send debug output to STDERR", NULL },
+	{ "configfile",   's', POPT_ARG_STRING, NULL, 's', "Use alternative configuration file", "CONFIGFILE" },
+	{ "option",         0, POPT_ARG_STRING, NULL, OPT_OPTION, "Set smb.conf option from command line", "name=value" },
+	{ "log-basename", 'l', POPT_ARG_STRING, NULL, 'l', "Basename for log/debug files", "LOGFILEBASE" },
+	{ "leak-report",     0, POPT_ARG_NONE, NULL, OPT_LEAK_REPORT, "enable talloc leak reporting on exit", NULL },	
+	{ "leak-report-full",0, POPT_ARG_NONE, NULL, OPT_LEAK_REPORT_FULL, "enable full talloc leak reporting on exit", NULL },
+	{ NULL }
+};
+
+struct poptOption popt_common_version[] = {
+	{ NULL, 0, POPT_ARG_CALLBACK, (void *)popt_version_callback },
+	{ "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
+	{ NULL }
+};
+
diff --git a/source4/lib/cmdline/popt_common.h b/source4/lib/cmdline/popt_common.h
new file mode 100644
index 0000000000..df432bb475
--- /dev/null
+++ b/source4/lib/cmdline/popt_common.h
@@ -0,0 +1,39 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Common popt arguments
+   Copyright (C) Jelmer Vernooij	2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _POPT_COMMON_H
+#define _POPT_COMMON_H
+
+#include <popt.h>
+
+/* Common popt structures */
+extern struct poptOption popt_common_samba[];
+extern struct poptOption popt_common_connection[];
+extern struct poptOption popt_common_version[];
+extern struct poptOption popt_common_credentials[];
+
+#define POPT_COMMON_SAMBA { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_samba, 0, "Common samba options:", NULL },
+#define POPT_COMMON_CONNECTION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_connection, 0, "Connection options:", NULL },
+#define POPT_COMMON_VERSION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version, 0, "Common samba options:", NULL },
+#define POPT_COMMON_CREDENTIALS { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_credentials, 0, "Authentication options:", NULL },
+
+extern struct cli_credentials *cmdline_credentials;
+extern struct loadparm_context *cmdline_lp_ctx;
+
+#endif /* _POPT_COMMON_H */
diff --git a/source4/lib/cmdline/popt_credentials.c b/source4/lib/cmdline/popt_credentials.c
new file mode 100644
index 0000000000..de5ea7c1b6
--- /dev/null
+++ b/source4/lib/cmdline/popt_credentials.c
@@ -0,0 +1,139 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Credentials popt routines
+
+   Copyright (C) Jelmer Vernooij 2002,2003,2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/popt_common.h"
+#include "lib/cmdline/credentials.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+
+/* Handle command line options:
+ *		-U,--user
+ *		-A,--authentication-file
+ *		-k,--use-kerberos
+ *		-N,--no-pass
+ *		-S,--signing
+ *              -P --machine-pass
+ *                 --simple-bind-dn
+ *                 --password
+ */
+
+
+static bool dont_ask;
+
+enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS };
+
+/*
+  disable asking for a password
+*/
+void popt_common_dont_ask(void)
+{
+	dont_ask = true;
+}
+
+static void popt_common_credentials_callback(poptContext con, 
+						enum poptCallbackReason reason,
+						const struct poptOption *opt,
+						const char *arg, const void *data)
+{
+	if (reason == POPT_CALLBACK_REASON_PRE) {
+		cmdline_credentials = cli_credentials_init(talloc_autofree_context());
+		return;
+	}
+	
+	if (reason == POPT_CALLBACK_REASON_POST) {
+		cli_credentials_guess(cmdline_credentials, global_loadparm);
+
+		if (!dont_ask) {
+			cli_credentials_set_cmdline_callbacks(cmdline_credentials);
+		}
+		return;
+	}
+
+	switch(opt->val) {
+	case 'U':
+	{
+		char *lp;
+		
+		cli_credentials_parse_string(cmdline_credentials, arg, CRED_SPECIFIED);
+		/* This breaks the abstraction, including the const above */
+		if ((lp=strchr_m(arg,'%'))) {
+			lp[0]='\0';
+			lp++;
+			/* Try to prevent this showing up in ps */
+			memset(lp,0,strlen(lp));
+		}
+	}
+	break;
+
+	case OPT_PASSWORD:
+		cli_credentials_set_password(cmdline_credentials, arg, CRED_SPECIFIED);
+		/* Try to prevent this showing up in ps */
+		memset(discard_const(arg),0,strlen(arg));
+		break;
+
+	case 'A':
+		cli_credentials_parse_file(cmdline_credentials, arg, CRED_SPECIFIED);
+		break;
+
+	case 'P':
+		/* Later, after this is all over, get the machine account details from the secrets.ldb */
+		cli_credentials_set_machine_account_pending(cmdline_credentials, cmdline_lp_ctx);
+		break;
+
+	case OPT_KERBEROS:
+	{
+		bool use_kerberos = true;
+		/* Force us to only use kerberos */
+		if (arg) {
+			if (!set_boolean(arg, &use_kerberos)) {
+				fprintf(stderr, "Error parsing -k %s\n", arg);
+				exit(1);
+				break;
+			}
+		}
+		
+		cli_credentials_set_kerberos_state(cmdline_credentials, 
+						   use_kerberos 
+						   ? CRED_MUST_USE_KERBEROS
+						   : CRED_DONT_USE_KERBEROS);
+		break;
+	}
+		
+	case OPT_SIMPLE_BIND_DN:
+		cli_credentials_set_bind_dn(cmdline_credentials, arg);
+		break;
+	}
+}
+
+
+
+struct poptOption popt_common_credentials[] = {
+	{ NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_credentials_callback },
+	{ "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "[DOMAIN/]USERNAME[%PASSWORD]" },
+	{ "no-pass", 'N', POPT_ARG_NONE, &dont_ask, 'N', "Don't ask for a password" },
+	{ "password", 0, POPT_ARG_STRING, NULL, OPT_PASSWORD, "Password" },
+	{ "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
+	{ "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password (implies -k)" },
+	{ "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN to use for a simple bind" },
+	{ "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos" },
+	{ NULL }
+};