diff options
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/client/client.c | 18 | ||||
| -rw-r--r-- | source4/include/popt_common.h | 5 | ||||
| -rw-r--r-- | source4/lib/cmdline/popt_common.c | 94 |
3 files changed, 90 insertions, 27 deletions
diff --git a/source4/client/client.c b/source4/client/client.c index 928a331b0c..9f54f08ce5 100644 --- a/source4/client/client.c +++ b/source4/client/client.c @@ -34,6 +34,7 @@ static pstring cd_path = ""; static pstring service; static pstring desthost; static pstring username; +static pstring domain; static pstring password; static BOOL use_kerberos; static BOOL got_pass; @@ -2260,7 +2261,7 @@ static BOOL browse_host(const char *query_host) status = dcerpc_pipe_connect(&p, binding, DCERPC_SRVSVC_UUID, DCERPC_SRVSVC_VERSION, - lp_workgroup(), + domain, username, password); if (!NT_STATUS_IS_OK(status)) { d_printf("Failed to connect to %s - %s\n", @@ -2803,7 +2804,7 @@ static struct smbcli_state *do_connect(const char *server, const char *share) } } - status = smbcli_session_setup(c, username, password, lp_workgroup()); + status = smbcli_session_setup(c, username, password, domain); if (NT_STATUS_IS_ERR(status)) { d_printf("authenticated session setup failed: %s\n", nt_errstr(status)); /* if a password was not supplied then try again with a null username */ @@ -2962,13 +2963,11 @@ static void remember_query_host(const char *arg, struct poptOption long_options[] = { POPT_AUTOHELP - { "name-resolve", 'R', POPT_ARG_STRING, NULL, 'R', "Use these name resolution services only", "NAME-RESOLVE-ORDER" }, { "message", 'M', POPT_ARG_STRING, NULL, 'M', "Send message", "HOST" }, { "ip-address", 'I', POPT_ARG_STRING, NULL, 'I', "Use this IP to connect to", "IP" }, { "stderr", 'E', POPT_ARG_NONE, NULL, 'E', "Write messages to stderr instead of stdout" }, { "list", 'L', POPT_ARG_STRING, NULL, 'L', "Get a list of shares available on a host", "HOST" }, { "terminal", 't', POPT_ARG_STRING, NULL, 't', "Terminal I/O code {sjis|euc|jis7|jis8|junet|hex}", "CODE" }, - { "max-protocol", 'm', POPT_ARG_STRING, NULL, 'm', "Set the max protocol level", "LEVEL" }, { "tar", 'T', POPT_ARG_STRING, NULL, 'T', "Command line tar", "<c|x>IXFqgbNan" }, { "directory", 'D', POPT_ARG_STRING, NULL, 'D', "Start from directory", "DIR" }, { "command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated commands" }, @@ -3032,12 +3031,6 @@ static void remember_query_host(const char *arg, case 't': pstrcpy(term_code, poptGetOptArg(pc)); break; - case 'm': - lp_set_cmdline("max protocol", poptGetOptArg(pc)); - break; - case 'R': - lp_set_cmdline("name resolve order", poptGetOptArg(pc)); - break; case 'T': if (!tar_parseargs(argc, argv, poptGetOptArg(pc), optind)) { poptPrintUsage(pc, stderr, 0); @@ -3082,6 +3075,11 @@ static void remember_query_host(const char *arg, poptFreeContext(pc); pstrcpy(username, cmdline_auth_info.username); + if (cmdline_auth_info.domain[0]) { + pstrcpy(domain, cmdline_auth_info.domain); + } else { + pstrcpy(domain, lp_workgroup()); + } pstrcpy(password, cmdline_auth_info.password); use_kerberos = cmdline_auth_info.use_kerberos; got_pass = cmdline_auth_info.got_pass; diff --git a/source4/include/popt_common.h b/source4/include/popt_common.h index 201245cc3a..e41b1a2cf4 100644 --- a/source4/include/popt_common.h +++ b/source4/include/popt_common.h @@ -38,13 +38,14 @@ extern struct poptOption popt_common_credentials[]; #define POPT_COMMON_VERSION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version, 0, "Common samba options:", NULL }, #define POPT_COMMON_CREDENTIALS { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_credentials, 0, "Authentication options:", NULL }, -struct user_auth_info { +struct cmdline_auth_info { pstring username; pstring password; + pstring domain; BOOL got_pass; BOOL use_kerberos; }; -extern struct user_auth_info cmdline_auth_info; +extern struct cmdline_auth_info cmdline_auth_info; #endif /* _POPT_COMMON_H */ diff --git a/source4/lib/cmdline/popt_common.c b/source4/lib/cmdline/popt_common.c index f659468561..ef75d7be1f 100644 --- a/source4/lib/cmdline/popt_common.c +++ b/source4/lib/cmdline/popt_common.c @@ -33,10 +33,7 @@ * -i,--scope */ -extern pstring user_socket_options; -extern BOOL AllowDebugChange; - -struct user_auth_info cmdline_auth_info; +struct cmdline_auth_info cmdline_auth_info; static void popt_common_callback(poptContext con, enum poptCallbackReason reason, @@ -70,6 +67,12 @@ static void popt_common_callback(poptContext con, exit(0); break; + case 'O': + if (arg) { + lp_set_cmdline("socket options", arg); + } + break; + case 's': if (arg) { pstrcpy(dyn_CONFIGFILE, arg); @@ -98,13 +101,17 @@ static void popt_common_callback(poptContext con, case 'm': lp_set_cmdline("max protocol", arg); break; + + case 'R': + lp_set_cmdline("name resolve order", arg); + break; } } struct poptOption popt_common_connection[] = { { NULL, 0, POPT_ARG_CALLBACK, popt_common_callback }, - { "socket-options", 'O', POPT_ARG_STRING, NULL, 'O', "socket options to use", - "SOCKETOPTIONS" }, + { "name-resolve", 'R', POPT_ARG_STRING, NULL, 'R', "Use these name resolution services only", "NAME-RESOLVE-ORDER" }, + { "socket-options", 'O', POPT_ARG_STRING, NULL, 'O', "socket options to use", "SOCKETOPTIONS" }, { "netbiosname", 'n', POPT_ARG_STRING, NULL, 'n', "Primary netbios name", "NETBIOSNAME" }, { "workgroup", 'W', POPT_ARG_STRING, NULL, 'W', "Set the workgroup name", "WORKGROUP" }, { "scope", 'i', POPT_ARG_STRING, NULL, 'i', "Use this Netbios scope", "SCOPE" }, @@ -117,7 +124,6 @@ struct poptOption popt_common_samba[] = { { "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" }, { "configfile", 's', POPT_ARG_STRING, NULL, 's', "Use alternative configuration file", "CONFIGFILE" }, { "log-basename", 'l', POPT_ARG_STRING, NULL, 'l', "Basename for log/debug files", "LOGFILEBASE" }, - { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" }, POPT_TABLEEND }; @@ -133,7 +139,7 @@ struct poptOption popt_common_version[] = { * get a password from a a file or file descriptor * exit on failure * ****************************************************************************/ -static void get_password_file(struct user_auth_info *a) +static void get_password_file(struct cmdline_auth_info *a) { int fd = -1; char *p; @@ -187,7 +193,7 @@ static void get_password_file(struct user_auth_info *a) close(fd); } -static void get_credentials_file(const char *file, struct user_auth_info *info) +static void get_credentials_file(const char *file, struct cmdline_auth_info *info) { XFILE *auth; fstring buf; @@ -236,10 +242,8 @@ static void get_credentials_file(const char *file, struct user_auth_info *info) } else if (strwicmp("username", param) == 0) pstrcpy(info->username, val); -#if 0 else if (strwicmp("domain", param) == 0) - set_global_myworkgroup(val); -#endif + pstrcpy(info->domain,val); memset(buf, 0, sizeof(buf)); } x_fclose(auth); @@ -250,13 +254,15 @@ static void get_credentials_file(const char *file, struct user_auth_info *info) * -A,--authentication-file * -k,--use-kerberos * -N,--no-pass + * -S,--signing + * -P --machine-pass */ static void popt_common_credentials_callback(poptContext con, - enum poptCallbackReason reason, - const struct poptOption *opt, - const char *arg, const void *data) + enum poptCallbackReason reason, + const struct poptOption *opt, + const char *arg, const void *data) { char *p; @@ -268,8 +274,17 @@ static void popt_common_credentials_callback(poptContext con, if (getenv("LOGNAME"))pstrcpy(cmdline_auth_info.username,getenv("LOGNAME")); if (getenv("USER")) { + pstring tmp; + pstrcpy(cmdline_auth_info.username,getenv("USER")); + pstrcpy(tmp,cmdline_auth_info.username); + if ((p = strchr_m(tmp,'\\'))) { + *p = 0; + pstrcpy(cmdline_auth_info.domain,tmp); + pstrcpy(cmdline_auth_info.username,p+1); + } + if ((p = strchr_m(cmdline_auth_info.username,'%'))) { *p = 0; pstrcpy(cmdline_auth_info.password,p+1); @@ -278,6 +293,10 @@ static void popt_common_credentials_callback(poptContext con, } } + if (getenv("DOMAIN")) { + pstrcpy(cmdline_auth_info.domain,getenv("DOMAIN")); + } + if (getenv("PASSWD")) { pstrcpy(cmdline_auth_info.password,getenv("PASSWD")); cmdline_auth_info.got_pass = True; @@ -295,8 +314,17 @@ static void popt_common_credentials_callback(poptContext con, case 'U': { char *lp; + pstring tmp; pstrcpy(cmdline_auth_info.username,arg); + + pstrcpy(tmp,cmdline_auth_info.username); + if ((p = strchr_m(tmp,'\\'))) { + *p = 0; + pstrcpy(cmdline_auth_info.domain,tmp); + pstrcpy(cmdline_auth_info.username,p+1); + } + if ((lp=strchr_m(cmdline_auth_info.username,'%'))) { *lp = 0; pstrcpy(cmdline_auth_info.password,lp+1); @@ -319,6 +347,40 @@ static void popt_common_credentials_callback(poptContext con, cmdline_auth_info.got_pass = True; #endif break; + + case 'S': + lp_set_cmdline("client signing", arg); + break; + + case 'P': + { + char *opt_password = NULL; + /* it is very useful to be able to make ads queries as the + machine account for testing purposes and for domain leave */ + + if (!secrets_init()) { + d_printf("ERROR: Unable to open secrets database\n"); + exit(1); + } + + opt_password = secrets_fetch_machine_password(lp_workgroup()); + + if (!opt_password) { + d_printf("ERROR: Unable to fetch machine password\n"); + exit(1); + } + pstr_sprintf(cmdline_auth_info.username, "%s$", + lp_netbios_name()); + pstrcpy(cmdline_auth_info.password,opt_password); + SAFE_FREE(opt_password); + + pstrcpy(cmdline_auth_info.password, lp_workgroup()); + + /* machine accounts only work with kerberos */ + cmdline_auth_info.use_kerberos = True; + cmdline_auth_info.got_pass = True; + } + break; } } @@ -330,5 +392,7 @@ struct poptOption popt_common_credentials[] = { { "no-pass", 'N', POPT_ARG_NONE, &cmdline_auth_info.got_pass, True, "Don't ask for a password" }, { "kerberos", 'k', POPT_ARG_NONE, &cmdline_auth_info.use_kerberos, True, "Use kerberos (active directory) authentication" }, { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" }, + { "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" }, + { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" }, POPT_TABLEEND }; |