From 6913f986f4213e056f724ed3be3aee313c07d78c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jul 2008 21:37:09 +0200 Subject: net: add "-k" switch for kerberos authentication (in preparation for #5416). Guenther (This used to be commit 4cce94d464b16d29b638da3a581d98a237959b63) --- source3/utils/net.c | 1 + source3/utils/net.h | 1 + source3/utils/net_help_common.c | 3 ++- source3/utils/net_util.c | 16 +++++++++++++--- 4 files changed, 17 insertions(+), 4 deletions(-) (limited to 'source3/utils') diff --git a/source3/utils/net.c b/source3/utils/net.c index d086f947f1..e90e8f0a0f 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -636,6 +636,7 @@ static struct functable net_func[] = { {"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin}, {"timeout", 't', POPT_ARG_INT, &c->opt_timeout}, {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass}, + {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos}, {"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup}, {"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose}, {"test", 'T', POPT_ARG_NONE, &c->opt_testmode}, diff --git a/source3/utils/net.h b/source3/utils/net.h index 01a76a0db1..4f59ff995c 100644 --- a/source3/utils/net.h +++ b/source3/utils/net.h @@ -56,6 +56,7 @@ struct net_context { const char *opt_exclude; const char *opt_destination; int opt_testmode; + bool opt_kerberos; int opt_have_ip; struct sockaddr_storage opt_dest_ip; diff --git a/source3/utils/net_help_common.c b/source3/utils/net_help_common.c index be06caa37e..edf083905a 100644 --- a/source3/utils/net_help_common.c +++ b/source3/utils/net_help_common.c @@ -48,7 +48,8 @@ int net_common_flags_usage(struct net_context *c, int argc, const char **argv) d_printf("\t-l or --long\t\t\tDisplay full information\n"); d_printf("\t-V or --version\t\t\tPrint samba version information\n"); d_printf("\t-P or --machine-pass\t\tAuthenticate as machine account\n"); - d_printf("\t-e or --encrypt\t\tEncrypt SMB transport (UNIX extended servers only)\n"); + d_printf("\t-e or --encrypt\t\t\tEncrypt SMB transport (UNIX extended servers only)\n"); + d_printf("\t-k or --kerberos\t\tUse kerberos (active directory) authentication\n"); return -1; } diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index be00dde16e..eb39c739e7 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -94,17 +94,23 @@ NTSTATUS connect_to_service(struct net_context *c, const char *service_type) { NTSTATUS nt_status; + int flags = 0; c->opt_password = net_prompt_pass(c, c->opt_user_name); - if (!c->opt_password) { - return NT_STATUS_NO_MEMORY; + + if (c->opt_kerberos) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS; + } + + if (c->opt_kerberos && c->opt_password) { + flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } nt_status = cli_full_connection(cli_ctx, NULL, server_name, server_ss, c->opt_port, service_name, service_type, c->opt_user_name, c->opt_workgroup, - c->opt_password, 0, Undefined, NULL); + c->opt_password, flags, Undefined, NULL); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Could not connect to server %s\n", server_name); @@ -538,6 +544,10 @@ const char *net_prompt_pass(struct net_context *c, const char *user) return NULL; } + if (c->opt_kerberos && !c->opt_user_specified) { + return NULL; + } + asprintf(&prompt, "Enter %s's password:", user); if (!prompt) { return NULL; -- cgit