2007-11-21 13:07:16 +01:00
# Samba-specific bits for optparse
# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
2009-12-28 16:05:04 +01:00
#
2007-11-21 13:07:16 +01:00
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
2009-12-28 16:05:04 +01:00
#
2007-11-21 13:07:16 +01:00
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
2009-12-28 16:05:04 +01:00
#
2007-11-21 13:07:16 +01:00
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
2008-05-22 18:47:32 +02:00
""" Support for parsing Samba-related command-line options. """
2010-11-28 13:37:31 +01:00
__docformat__ = " restructuredText "
2011-09-13 01:27:50 +02:00
import optparse
2019-06-21 13:05:23 +12:00
from copy import copy
2011-09-13 01:27:50 +02:00
import os
2010-11-28 13:37:31 +01:00
from samba . credentials import (
Credentials ,
2011-10-11 23:56:15 +02:00
AUTO_USE_KERBEROS ,
2010-11-28 13:37:31 +01:00
DONT_USE_KERBEROS ,
MUST_USE_KERBEROS ,
2018-07-30 18:14:37 +12:00
)
2010-11-28 13:37:31 +01:00
import sys
2007-11-21 13:07:16 +01:00
2008-05-22 18:47:32 +02:00
2007-11-21 13:07:16 +01:00
class SambaOptions ( optparse . OptionGroup ) :
2008-05-22 18:47:32 +02:00
""" General Samba-related command line options. """
2010-11-28 13:37:31 +01:00
2007-11-21 13:07:16 +01:00
def __init__ ( self , parser ) :
2018-05-25 07:52:40 +02:00
from samba import fault_setup
fault_setup ( )
2010-11-28 13:37:31 +01:00
from samba . param import LoadParm
2007-11-21 13:07:16 +01:00
optparse . OptionGroup . __init__ ( self , parser , " Samba Common Options " )
2008-01-23 23:33:36 +01:00
self . add_option ( " -s " , " --configfile " , action = " callback " ,
2009-12-28 16:05:04 +01:00
type = str , metavar = " FILE " , help = " Configuration file " ,
2008-01-23 23:33:36 +01:00
callback = self . _load_configfile )
2010-04-02 18:31:30 +11:00
self . add_option ( " -d " , " --debuglevel " , action = " callback " ,
2017-09-07 11:26:04 +12:00
type = str , metavar = " DEBUGLEVEL " , help = " debug level " ,
2010-04-02 18:31:30 +11:00
callback = self . _set_debuglevel )
2010-04-21 11:33:43 +10:00
self . add_option ( " --option " , action = " callback " ,
2011-09-13 01:27:50 +02:00
type = str , metavar = " OPTION " ,
help = " set smb.conf option from command line " ,
2010-04-21 11:33:43 +10:00
callback = self . _set_option )
2010-04-21 12:01:47 +10:00
self . add_option ( " --realm " , action = " callback " ,
type = str , metavar = " REALM " , help = " set the realm name " ,
callback = self . _set_realm )
2008-01-23 23:33:36 +01:00
self . _configfile = None
2010-11-28 13:37:31 +01:00
self . _lp = LoadParm ( )
2011-09-13 21:02:43 +10:00
self . realm = None
2007-11-21 13:07:16 +01:00
2008-01-23 23:33:36 +01:00
def get_loadparm_path ( self ) :
2011-09-13 01:27:50 +02:00
""" Return path to the smb.conf file specified on the command line. """
2008-01-23 23:33:36 +01:00
return self . _configfile
def _load_configfile ( self , option , opt_str , arg , parser ) :
self . _configfile = arg
2010-04-02 18:31:30 +11:00
def _set_debuglevel ( self , option , opt_str , arg , parser ) :
2017-09-07 11:26:04 +12:00
self . _lp . set ( ' debug level ' , arg )
parser . values . debuglevel = arg
2010-04-21 11:33:43 +10:00
2010-04-21 12:01:47 +10:00
def _set_realm ( self , option , opt_str , arg , parser ) :
self . _lp . set ( ' realm ' , arg )
2011-09-13 21:02:43 +10:00
self . realm = arg
2010-04-21 12:01:47 +10:00
2010-04-21 11:33:43 +10:00
def _set_option ( self , option , opt_str , arg , parser ) :
if arg . find ( ' = ' ) == - 1 :
2011-10-19 01:30:40 +02:00
raise optparse . OptionValueError (
" --option option takes a ' a=b ' argument " )
2010-04-21 11:33:43 +10:00
a = arg . split ( ' = ' )
2011-10-17 15:31:30 -04:00
try :
self . _lp . set ( a [ 0 ] , a [ 1 ] )
2017-01-17 11:03:17 +01:00
except Exception as e :
2011-10-19 01:30:40 +02:00
raise optparse . OptionValueError (
" invalid --option option value %r : %s " % ( arg , e ) )
2010-04-02 18:31:30 +11:00
2008-01-23 23:33:36 +01:00
def get_loadparm ( self ) :
2011-09-13 01:27:50 +02:00
""" Return loadparm object with data specified on the command line. """
2008-04-14 19:01:32 +02:00
if self . _configfile is not None :
2010-04-21 11:33:43 +10:00
self . _lp . load ( self . _configfile )
2008-04-14 19:01:32 +02:00
elif os . getenv ( " SMB_CONF_PATH " ) is not None :
2010-04-21 11:33:43 +10:00
self . _lp . load ( os . getenv ( " SMB_CONF_PATH " ) )
2008-04-14 19:01:32 +02:00
else :
2010-04-21 11:33:43 +10:00
self . _lp . load_default ( )
return self . _lp
2007-11-21 13:07:16 +01:00
2008-05-22 18:47:32 +02:00
2007-11-21 13:07:16 +01:00
class VersionOptions ( optparse . OptionGroup ) :
2008-05-22 18:47:32 +02:00
""" Command line option for printing Samba version. """
2007-11-21 13:07:16 +01:00
def __init__ ( self , parser ) :
optparse . OptionGroup . __init__ ( self , parser , " Version Options " )
2012-10-08 12:50:52 +02:00
self . add_option ( " -V " , " --version " , action = " callback " ,
2018-07-30 18:16:12 +12:00
callback = self . _display_version ,
help = " Display version number " )
2010-04-09 02:30:48 +02:00
def _display_version ( self , option , opt_str , arg , parser ) :
2010-11-28 13:37:31 +01:00
import samba
2017-01-17 11:03:17 +01:00
print ( samba . version )
2010-04-09 02:30:48 +02:00
sys . exit ( 0 )
2007-11-21 13:07:16 +01:00
2021-04-07 14:16:52 +02:00
def parse_kerberos_arg_legacy ( arg , opt_str ) :
2011-10-12 23:45:52 +02:00
if arg . lower ( ) in [ " yes " , ' true ' , ' 1 ' ] :
return MUST_USE_KERBEROS
elif arg . lower ( ) in [ " no " , ' false ' , ' 0 ' ] :
return DONT_USE_KERBEROS
elif arg . lower ( ) in [ " auto " ] :
return AUTO_USE_KERBEROS
else :
2011-10-17 15:34:47 -04:00
raise optparse . OptionValueError ( " invalid %s option value: %s " %
( opt_str , arg ) )
2011-10-12 23:45:52 +02:00
2021-04-07 14:16:52 +02:00
def parse_kerberos_arg ( arg , opt_str ) :
if arg . lower ( ) == ' required ' :
return MUST_USE_KERBEROS
elif arg . lower ( ) == ' desired ' :
return AUTO_USE_KERBEROS
elif arg . lower ( ) == ' off ' :
return DONT_USE_KERBEROS
else :
raise optparse . OptionValueError ( " invalid %s option value: %s " %
( opt_str , arg ) )
2007-11-21 13:07:16 +01:00
class CredentialsOptions ( optparse . OptionGroup ) :
2008-05-22 18:47:32 +02:00
""" Command line options for specifying credentials. """
2011-10-12 23:45:52 +02:00
2015-01-27 21:45:47 +00:00
def __init__ ( self , parser , special_name = None ) :
self . special_name = special_name
if special_name is not None :
self . section = " Credentials Options ( %s ) " % special_name
else :
self . section = " Credentials Options "
2015-02-26 12:23:55 +13:00
self . ask_for_password = True
2010-09-23 19:51:36 -07:00
self . ipaddress = None
2015-02-26 12:23:55 +13:00
self . machine_pass = False
2015-01-27 21:45:47 +00:00
optparse . OptionGroup . __init__ ( self , parser , self . section )
self . _add_option ( " --simple-bind-dn " , metavar = " DN " , action = " callback " ,
2018-07-30 18:16:12 +12:00
callback = self . _set_simple_bind_dn , type = str ,
help = " DN to use for a simple bind " )
2015-01-27 21:45:47 +00:00
self . _add_option ( " --password " , metavar = " PASSWORD " , action = " callback " ,
2018-07-30 18:16:12 +12:00
help = " Password " , type = str , callback = self . _set_password )
2015-01-27 21:45:47 +00:00
self . _add_option ( " -U " , " --username " , metavar = " USERNAME " ,
2018-07-30 18:16:12 +12:00
action = " callback " , type = str ,
help = " Username " , callback = self . _parse_username )
2015-01-27 21:45:47 +00:00
self . _add_option ( " -W " , " --workgroup " , metavar = " WORKGROUP " ,
2018-07-30 18:16:12 +12:00
action = " callback " , type = str ,
help = " Workgroup " , callback = self . _parse_workgroup )
2015-01-27 21:45:47 +00:00
self . _add_option ( " -N " , " --no-pass " , action = " callback " ,
2018-07-30 18:16:12 +12:00
help = " Don ' t ask for a password " ,
callback = self . _set_no_password )
2015-01-27 21:45:47 +00:00
self . _add_option ( " " , " --ipaddress " , metavar = " IPADDRESS " ,
2018-07-30 18:16:12 +12:00
action = " callback " , type = str ,
help = " IP address of server " ,
callback = self . _set_ipaddress )
2015-01-27 21:45:47 +00:00
self . _add_option ( " -P " , " --machine-pass " ,
2018-07-30 18:16:12 +12:00
action = " callback " ,
help = " Use stored machine account password " ,
callback = self . _set_machine_pass )
2021-04-07 14:16:52 +02:00
self . _add_option ( " --use-kerberos " , metavar = " desired|required|off " ,
action = " callback " , type = str ,
help = " Use Kerberos authentication " , callback = self . _set_kerberos )
self . _add_option ( " --use-krb5-ccache " , metavar = " KRB5CCNAME " ,
2017-07-06 14:52:39 +12:00
action = " callback " , type = str ,
help = " Kerberos Credentials cache " ,
callback = self . _set_krb5_ccache )
2021-04-07 14:16:52 +02:00
# LEGACY
self . _add_option ( " -k " , " --kerberos " , metavar = " KERBEROS " ,
action = " callback " , type = str ,
help = " DEPRECATED: Migrate to --use-kerberos " , callback = self . _set_kerberos_legacy )
2007-12-27 23:31:42 -06:00
self . creds = Credentials ( )
2019-09-03 14:30:18 +02:00
def _ensure_secure_proctitle ( self , opt_str , secret_data , data_type = " password " ) :
""" Make sure no sensitive data (e.g. password) resides in proctitle. """
import re
try :
import setproctitle
except ModuleNotFoundError :
msg = ( " WARNING: Using %s on command line is insecure. "
" Please install the setproctitle python module. \n "
% data_type )
sys . stderr . write ( msg )
sys . stderr . flush ( )
return False
# Regex to search and replace secret data + option with.
# .*[ ]+ -> Before the option must be one or more spaces.
# [= ] -> The option and the secret data might be separated by space
# or equal sign.
# [ ]*.* -> After the secret data might be one, many or no space.
pass_opt_re_str = " (.*[ ]+)( %s [= ] %s )([ ]*.*) " % ( opt_str , secret_data )
pass_opt_re = re . compile ( pass_opt_re_str )
# Get current proctitle.
cur_proctitle = setproctitle . getproctitle ( )
# Make sure we build the correct regex.
if not pass_opt_re . match ( cur_proctitle ) :
msg = ( " Unable to hide %s in proctitle. This is most likely "
" a bug! \n " % data_type )
sys . stderr . write ( msg )
sys . stderr . flush ( )
return False
# String to replace secret data with.
secret_data_replacer = " xxx "
# Build string to replace secret data and option with. And as we dont
# want to change anything else than the secret data within the proctitle
# we have to check if the option was passed with space or equal sign as
# separator.
opt_pass_with_eq = " %s = %s " % ( opt_str , secret_data )
opt_pass_part = re . sub ( pass_opt_re_str , r ' \ 2 ' , cur_proctitle )
if opt_pass_part == opt_pass_with_eq :
replace_str = " %s = %s " % ( opt_str , secret_data_replacer )
else :
replace_str = " %s %s " % ( opt_str , secret_data_replacer )
# Build new proctitle:
new_proctitle = re . sub ( pass_opt_re_str ,
r ' \ 1 ' + replace_str + r ' \ 3 ' ,
cur_proctitle )
# Set new proctitle.
setproctitle . setproctitle ( new_proctitle )
2015-01-27 21:45:47 +00:00
def _add_option ( self , * args1 , * * kwargs ) :
if self . special_name is None :
return self . add_option ( * args1 , * * kwargs )
args2 = ( )
for a in args1 :
if not a . startswith ( " -- " ) :
continue
args2 + = ( a . replace ( " -- " , " -- %s - " % self . special_name ) , )
self . add_option ( * args2 , * * kwargs )
2007-12-29 18:14:18 -06:00
def _parse_username ( self , option , opt_str , arg , parser ) :
2007-12-27 23:31:42 -06:00
self . creds . parse_string ( arg )
2015-02-26 12:23:55 +13:00
self . machine_pass = False
2007-12-27 23:31:42 -06:00
2007-12-29 18:14:18 -06:00
def _parse_workgroup ( self , option , opt_str , arg , parser ) :
2007-12-28 15:36:55 -06:00
self . creds . set_domain ( arg )
2007-12-29 18:14:18 -06:00
def _set_password ( self , option , opt_str , arg , parser ) :
2019-09-03 14:30:18 +02:00
self . _ensure_secure_proctitle ( opt_str , arg , " password " )
2007-12-27 23:31:42 -06:00
self . creds . set_password ( arg )
2015-02-26 12:23:55 +13:00
self . ask_for_password = False
self . machine_pass = False
def _set_no_password ( self , option , opt_str , arg , parser ) :
self . ask_for_password = False
def _set_machine_pass ( self , option , opt_str , arg , parser ) :
self . machine_pass = True
2007-12-27 23:31:42 -06:00
2010-09-23 19:51:36 -07:00
def _set_ipaddress ( self , option , opt_str , arg , parser ) :
self . ipaddress = arg
2021-04-07 14:16:52 +02:00
def _set_kerberos_legacy ( self , option , opt_str , arg , parser ) :
print ( ' WARNING: The option -k|--kerberos is deprecated! ' )
self . creds . set_kerberos_state ( parse_kerberos_arg_legacy ( arg , opt_str ) )
2008-03-28 21:57:15 +11:00
def _set_kerberos ( self , option , opt_str , arg , parser ) :
2011-10-17 15:34:47 -04:00
self . creds . set_kerberos_state ( parse_kerberos_arg ( arg , opt_str ) )
2008-03-28 21:57:15 +11:00
2007-12-29 18:14:18 -06:00
def _set_simple_bind_dn ( self , option , opt_str , arg , parser ) :
2007-12-29 18:14:15 -06:00
self . creds . set_bind_dn ( arg )
2007-11-21 13:07:16 +01:00
2017-07-06 14:52:39 +12:00
def _set_krb5_ccache ( self , option , opt_str , arg , parser ) :
2021-04-07 14:16:52 +02:00
self . creds . set_kerberos_state ( MUST_USE_KERBEROS )
2017-07-06 14:52:39 +12:00
self . creds . set_named_ccache ( arg )
2010-12-08 08:20:54 +11:00
def get_credentials ( self , lp , fallback_machine = False ) :
2008-05-22 18:47:32 +02:00
""" Obtain the credentials set on the command-line.
: param lp : Loadparm object to use .
: return : Credentials object
"""
2008-03-28 21:57:15 +11:00
self . creds . guess ( lp )
2015-02-26 12:23:55 +13:00
if self . machine_pass :
self . creds . set_machine_account ( lp )
elif self . ask_for_password :
2008-01-24 01:05:57 +01:00
self . creds . set_cmdline_callbacks ( )
2010-12-08 08:20:54 +11:00
# possibly fallback to using the machine account, if we have
# access to the secrets db
if fallback_machine and not self . creds . authentication_requested ( ) :
try :
self . creds . set_machine_account ( lp )
except Exception :
pass
2007-12-27 23:31:42 -06:00
return self . creds
2010-01-13 10:41:56 +02:00
2011-09-13 01:27:50 +02:00
2010-01-13 10:41:56 +02:00
class CredentialsOptionsDouble ( CredentialsOptions ) :
""" Command line options for specifying credentials of two servers. """
2011-10-12 23:45:52 +02:00
2010-01-13 10:41:56 +02:00
def __init__ ( self , parser ) :
CredentialsOptions . __init__ ( self , parser )
2010-02-12 13:55:14 +01:00
self . no_pass2 = True
2010-01-13 10:41:56 +02:00
self . add_option ( " --simple-bind-dn2 " , metavar = " DN2 " , action = " callback " ,
callback = self . _set_simple_bind_dn2 , type = str ,
help = " DN to use for a simple bind " )
self . add_option ( " --password2 " , metavar = " PASSWORD2 " , action = " callback " ,
2011-09-13 01:27:50 +02:00
help = " Password " , type = str ,
callback = self . _set_password2 )
2010-01-13 10:41:56 +02:00
self . add_option ( " --username2 " , metavar = " USERNAME2 " ,
action = " callback " , type = str ,
2011-09-13 01:27:50 +02:00
help = " Username for second server " ,
callback = self . _parse_username2 )
2010-01-13 10:41:56 +02:00
self . add_option ( " --workgroup2 " , metavar = " WORKGROUP2 " ,
action = " callback " , type = str ,
2011-09-13 01:27:50 +02:00
help = " Workgroup for second server " ,
callback = self . _parse_workgroup2 )
2010-01-13 10:41:56 +02:00
self . add_option ( " --no-pass2 " , action = " store_true " ,
help = " Don ' t ask for a password for the second server " )
2021-04-07 14:16:52 +02:00
self . add_option ( " --use-kerberos2 " , metavar = " desired|required|off " ,
action = " callback " , type = str ,
help = " Use Kerberos authentication " , callback = self . _set_kerberos2 )
# LEGACY
2010-01-13 10:41:56 +02:00
self . add_option ( " --kerberos2 " , metavar = " KERBEROS2 " ,
action = " callback " , type = str ,
2021-04-07 14:16:52 +02:00
help = " Use Kerberos " , callback = self . _set_kerberos2_legacy )
2010-01-13 10:41:56 +02:00
self . creds2 = Credentials ( )
def _parse_username2 ( self , option , opt_str , arg , parser ) :
self . creds2 . parse_string ( arg )
def _parse_workgroup2 ( self , option , opt_str , arg , parser ) :
self . creds2 . set_domain ( arg )
def _set_password2 ( self , option , opt_str , arg , parser ) :
self . creds2 . set_password ( arg )
2010-02-12 13:55:14 +01:00
self . no_pass2 = False
2010-01-13 10:41:56 +02:00
2021-04-07 14:16:52 +02:00
def _set_kerberos2_legacy ( self , option , opt_str , arg , parser ) :
self . creds2 . set_kerberos_state ( parse_kerberos_arg ( arg , opt_str ) )
2010-01-13 10:41:56 +02:00
def _set_kerberos2 ( self , option , opt_str , arg , parser ) :
2011-10-17 15:34:47 -04:00
self . creds2 . set_kerberos_state ( parse_kerberos_arg ( arg , opt_str ) )
2010-01-13 10:41:56 +02:00
def _set_simple_bind_dn2 ( self , option , opt_str , arg , parser ) :
self . creds2 . set_bind_dn ( arg )
2010-10-01 03:29:33 +03:00
def get_credentials2 ( self , lp , guess = True ) :
2010-01-13 10:41:56 +02:00
""" Obtain the credentials set on the command-line.
: param lp : Loadparm object to use .
2010-10-01 03:29:33 +03:00
: param guess : Try guess Credentials from environment
2010-01-13 10:41:56 +02:00
: return : Credentials object
"""
2010-10-01 03:29:33 +03:00
if guess :
self . creds2 . guess ( lp )
elif not self . creds2 . get_username ( ) :
2011-10-12 23:45:52 +02:00
self . creds2 . set_anonymous ( )
2010-10-01 03:29:33 +03:00
2010-02-12 13:55:14 +01:00
if self . no_pass2 :
2010-01-13 10:41:56 +02:00
self . creds2 . set_cmdline_callbacks ( )
return self . creds2
2019-06-21 13:05:23 +12:00
# Custom option type to allow the input of sizes using byte, kb, mb ...
# units, e.g. 2Gb, 4KiB ...
# e.g. Option("--size", type="bytes", metavar="SIZE")
#
def check_bytes ( option , opt , value ) :
multipliers = {
" B " : 1 ,
" KB " : 1024 ,
" MB " : 1024 * 1024 ,
" GB " : 1024 * 1024 * 1024 }
# strip out any spaces
v = value . replace ( " " , " " )
# extract the numeric prefix
digits = " "
while v and v [ 0 : 1 ] . isdigit ( ) or v [ 0 : 1 ] == ' . ' :
digits + = v [ 0 ]
v = v [ 1 : ]
try :
m = float ( digits )
except ValueError :
msg = ( " {0} option requires a numeric value, "
" with an optional unit suffix " ) . format ( opt )
raise optparse . OptionValueError ( msg )
# strip out the 'i' and convert to upper case so
# kib Kib kb KB are all equivalent
suffix = v . upper ( ) . replace ( " I " , " " )
try :
return m * multipliers [ suffix ]
except KeyError as k :
msg = ( " {0} invalid suffix ' {1} ' , "
" should be B, Kb, Mb or Gb " ) . format ( opt , v )
raise optparse . OptionValueError ( msg )
class SambaOption ( optparse . Option ) :
TYPES = optparse . Option . TYPES + ( " bytes " , )
TYPE_CHECKER = copy ( optparse . Option . TYPE_CHECKER )
TYPE_CHECKER [ " bytes " ] = check_bytes