2005-12-30 02:14:33 +03:00
/*
Unix SMB / CIFS implementation .
Credentials popt routines
Copyright ( C ) Jelmer Vernooij 2002 , 2003 , 2005
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2005-12-30 02:14:33 +03:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2005-12-30 02:14:33 +03:00
*/
# include "includes.h"
# include "lib/cmdline/popt_common.h"
2006-03-07 16:36:26 +03:00
# include "lib/cmdline/credentials.h"
2006-11-07 03:48:36 +03:00
# include "auth/credentials/credentials.h"
2006-01-28 15:15:24 +03:00
# include "auth/gensec/gensec.h"
2007-09-08 16:42:09 +04:00
# include "param/param.h"
2005-12-30 02:14:33 +03:00
/* Handle command line options:
* - U , - - user
* - A , - - authentication - file
* - k , - - use - kerberos
* - N , - - no - pass
* - S , - - signing
2010-10-10 21:17:40 +04:00
* - P , - - machine - pass
* - - simple - bind - dn
* - - password
2011-04-04 13:11:39 +04:00
* - - krb5 - ccache
2005-12-30 02:14:33 +03:00
*/
2007-10-01 22:52:55 +04:00
static bool dont_ask ;
2010-10-10 21:17:40 +04:00
static bool machine_account_pending ;
2005-12-30 02:14:33 +03:00
2011-04-04 13:11:39 +04:00
enum opt { OPT_SIMPLE_BIND_DN , OPT_PASSWORD , OPT_KERBEROS , OPT_SIGN , OPT_ENCRYPT , OPT_KRB5_CCACHE } ;
2005-12-30 02:14:33 +03:00
static void popt_common_credentials_callback ( poptContext con ,
enum poptCallbackReason reason ,
const struct poptOption * opt ,
const char * arg , const void * data )
{
if ( reason = = POPT_CALLBACK_REASON_PRE ) {
cmdline_credentials = cli_credentials_init ( talloc_autofree_context ( ) ) ;
return ;
}
if ( reason = = POPT_CALLBACK_REASON_POST ) {
2008-11-02 21:33:34 +03:00
cli_credentials_guess ( cmdline_credentials , cmdline_lp_ctx ) ;
2005-12-30 02:14:33 +03:00
if ( ! dont_ask ) {
cli_credentials_set_cmdline_callbacks ( cmdline_credentials ) ;
}
2010-10-10 21:17:40 +04:00
if ( machine_account_pending ) {
cli_credentials_set_machine_account ( cmdline_credentials , cmdline_lp_ctx ) ;
}
2005-12-30 02:14:33 +03:00
return ;
2010-03-24 11:26:02 +03:00
2005-12-30 02:14:33 +03:00
}
switch ( opt - > val ) {
case ' U ' :
2007-05-22 09:22:18 +04:00
{
char * lp ;
cli_credentials_parse_string ( cmdline_credentials , arg , CRED_SPECIFIED ) ;
/* This breaks the abstraction, including the const above */
if ( ( lp = strchr_m ( arg , ' % ' ) ) ) {
lp [ 0 ] = ' \0 ' ;
lp + + ;
/* Try to prevent this showing up in ps */
memset ( lp , 0 , strlen ( lp ) ) ;
2005-12-30 02:14:33 +03:00
}
2007-05-22 09:22:18 +04:00
}
break ;
2005-12-30 02:14:33 +03:00
2006-01-28 15:15:24 +03:00
case OPT_PASSWORD :
cli_credentials_set_password ( cmdline_credentials , arg , CRED_SPECIFIED ) ;
/* Try to prevent this showing up in ps */
2006-02-22 12:48:35 +03:00
memset ( discard_const ( arg ) , 0 , strlen ( arg ) ) ;
2006-01-28 15:15:24 +03:00
break ;
2005-12-30 02:14:33 +03:00
case ' A ' :
cli_credentials_parse_file ( cmdline_credentials , arg , CRED_SPECIFIED ) ;
break ;
case ' P ' :
/* Later, after this is all over, get the machine account details from the secrets.ldb */
2010-10-10 21:17:40 +04:00
machine_account_pending = true ;
2006-01-28 15:15:24 +03:00
break ;
case OPT_KERBEROS :
{
2007-10-05 22:03:01 +04:00
bool use_kerberos = true ;
2010-05-21 09:04:36 +04:00
/* Force us to only use kerberos */
if ( arg ) {
if ( ! set_boolean ( arg , & use_kerberos ) ) {
2010-05-21 21:35:22 +04:00
fprintf ( stderr , " Error parsing -k %s. Should be "
2010-05-21 22:40:54 +04:00
" -k [yes|no] \n " , arg ) ;
2010-05-21 09:04:36 +04:00
exit ( 1 ) ;
break ;
}
}
2006-01-28 15:15:24 +03:00
cli_credentials_set_kerberos_state ( cmdline_credentials ,
use_kerberos
? CRED_MUST_USE_KERBEROS
: CRED_DONT_USE_KERBEROS ) ;
2005-12-30 02:14:33 +03:00
break ;
2006-01-28 15:15:24 +03:00
}
2005-12-30 02:14:33 +03:00
case OPT_SIMPLE_BIND_DN :
2010-03-24 11:26:02 +03:00
{
2005-12-30 02:14:33 +03:00
cli_credentials_set_bind_dn ( cmdline_credentials , arg ) ;
break ;
}
2011-04-04 13:11:39 +04:00
case OPT_KRB5_CCACHE :
{
const char * error_string ;
if ( cli_credentials_set_ccache ( cmdline_credentials , cmdline_lp_ctx , arg , CRED_SPECIFIED ,
& error_string ) ! = 0 ) {
fprintf ( stderr , " Error reading krb5 credentials cache: '%s' %s " , arg , error_string ) ;
exit ( 1 ) ;
}
break ;
}
2010-03-24 11:26:02 +03:00
case OPT_SIGN :
{
uint32_t gensec_features ;
gensec_features = cli_credentials_get_gensec_features ( cmdline_credentials ) ;
gensec_features | = GENSEC_FEATURE_SIGN ;
cli_credentials_set_gensec_features ( cmdline_credentials ,
gensec_features ) ;
break ;
}
case OPT_ENCRYPT :
{
uint32_t gensec_features ;
gensec_features = cli_credentials_get_gensec_features ( cmdline_credentials ) ;
gensec_features | = GENSEC_FEATURE_SEAL ;
cli_credentials_set_gensec_features ( cmdline_credentials ,
gensec_features ) ;
break ;
}
}
2005-12-30 02:14:33 +03:00
}
2011-06-20 14:57:41 +04:00
struct poptOption popt_common_credentials4 [ ] = {
2007-04-17 17:14:33 +04:00
{ NULL , 0 , POPT_ARG_CALLBACK | POPT_CBFLAG_PRE | POPT_CBFLAG_POST , ( void * ) popt_common_credentials_callback } ,
2007-07-17 09:40:36 +04:00
{ " user " , ' U ' , POPT_ARG_STRING , NULL , ' U ' , " Set the network username " , " [DOMAIN/]USERNAME[%PASSWORD] " } ,
2007-08-11 22:31:27 +04:00
{ " no-pass " , ' N ' , POPT_ARG_NONE , & dont_ask , ' N ' , " Don't ask for a password " } ,
2006-01-28 15:15:24 +03:00
{ " password " , 0 , POPT_ARG_STRING , NULL , OPT_PASSWORD , " Password " } ,
2005-12-30 02:14:33 +03:00
{ " authentication-file " , ' A ' , POPT_ARG_STRING , NULL , ' A ' , " Get the credentials from a file " , " FILE " } ,
2015-02-26 02:24:21 +03:00
{ " machine-pass " , ' P ' , POPT_ARG_NONE , NULL , ' P ' , " Use stored machine account password " } ,
2005-12-30 02:14:33 +03:00
{ " simple-bind-dn " , 0 , POPT_ARG_STRING , NULL , OPT_SIMPLE_BIND_DN , " DN to use for a simple bind " } ,
2010-05-21 22:40:54 +04:00
{ " kerberos " , ' k ' , POPT_ARG_STRING , NULL , OPT_KERBEROS , " Use Kerberos, -k [yes|no] " } ,
2011-04-04 13:11:39 +04:00
{ " krb5-ccache " , 0 , POPT_ARG_STRING , NULL , OPT_KRB5_CCACHE , " Credentials cache location for Kerberos " } ,
2010-03-24 11:26:02 +03:00
{ " sign " , ' S ' , POPT_ARG_NONE , NULL , OPT_SIGN , " Sign connection to prevent modification in transit " } ,
{ " encrypt " , ' e ' , POPT_ARG_NONE , NULL , OPT_ENCRYPT , " Encrypt connection for privacy " } ,
2006-09-06 16:28:01 +04:00
{ NULL }
2005-12-30 02:14:33 +03:00
} ;