1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

Revert "net: Use samba default command line arguments."

This reverts commit fb262f79fa
and related commits c36031778e
72fd5fa6bb and
38cd0e086f

This change caused more trouble than it solved. We need to do this differently.
Reverting so we don't accidently release this.
This commit is contained in:
Kai Blin 2009-07-05 09:21:07 +02:00
parent 1887ad0a26
commit 8f5ef10633
12 changed files with 210 additions and 173 deletions

View File

@ -14,9 +14,6 @@ Authentication Changes:
o Changed the way smbd handles untrusted domain names given during user
authentication
net Command Changes:
o parameter syntax made more consistent
Authentication Changes
======================
@ -35,38 +32,6 @@ on smbd to always pass through bogus names to the DC for verification. A new
parameter "map untrusted to domain" can be enabled to revert to the legacy
behavior.
net Command Changes
===================
The net command now accepts the common command line parameters most other Samba
command line utilities use, with a couple of remaining differences:
-l still gives long output for net commands supporting the --long flag. This was
more useful than the common --log-base parameter.
-i still tells net to read data from stdin (like --stdin) instead of toggling
the common --scope flag.
-S still tells net the server to connect to (like --server) instead of
negotiating the common --signing flag. As -S is probably used by most scripts
doing net rpc commands, this would have been a high-impact change for little
gain.
This change was mainly done to unify the authentification options. Here, one
flag changed it's meaning and one useful flag was added.
-N used to be the short version of --ntname. It now matches the Samba default of
--no-pass. Use this to stop net from prompting for a password if you want
anonymous authentication.
-A --authentication-file now takes an authentication file with the username and
password you want net to use, avoiding a password prompt as with plain -U user
or having to give a password on the command line as in -U user%pass.
Last but not least net now always falls back to your local unix username if no
-U is specified and a username is needed. net rpc commands will now prompt for a
password unless one is specified using either -U user%pass or -A auth_file.
######################################################################
Reporting bugs & Development Discussion
#######################################

View File

@ -625,6 +625,7 @@ static struct functable net_func[] = {
int main(int argc, const char **argv)
{
int opt,i;
char *p;
int rc = 0;
int argc_new = 0;
const char ** argv_new;
@ -635,10 +636,12 @@ static struct functable net_func[] = {
struct poptOption long_options[] = {
{"help", 'h', POPT_ARG_NONE, 0, 'h'},
{"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup},
{"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'},
{"ipaddress", 'I', POPT_ARG_STRING, 0,'I'},
{"port", 'p', POPT_ARG_INT, &c->opt_port},
{"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name},
{"server", 'S', POPT_ARG_STRING, &c->opt_host},
{"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
{"container", 'c', POPT_ARG_STRING, &c->opt_container},
{"comment", 'C', POPT_ARG_STRING, &c->opt_comment},
{"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers},
@ -649,13 +652,15 @@ static struct functable net_func[] = {
{"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin},
{"timeout", 't', POPT_ARG_INT, &c->opt_timeout},
{"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout},
{"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass},
{"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos},
{"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup},
{"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose},
{"test", 'T', POPT_ARG_NONE, &c->opt_testmode},
/* Options for 'net groupmap set' */
{"local", 'L', POPT_ARG_NONE, &c->opt_localgroup},
{"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup},
{"ntname", 0, POPT_ARG_STRING, &c->opt_newntname},
{"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname},
{"rid", 'R', POPT_ARG_INT, &c->opt_rid},
/* Options for 'net rpc share migrate' */
{"acls", 0, POPT_ARG_NONE, &c->opt_acls},
@ -670,7 +675,6 @@ static struct functable net_func[] = {
{"clean-old-entries", 0, POPT_ARG_NONE, &c->opt_clean_old_entries},
POPT_COMMON_SAMBA
POPT_COMMON_CREDENTIALS
{ 0, 0, 0, 0}
};
@ -684,13 +688,6 @@ static struct functable net_func[] = {
dbf = x_stderr;
c->private_data = net_func;
c->auth_info = user_auth_info_init(frame);
if (c->auth_info == NULL) {
d_fprintf(stderr, "\nOut of memory!\n");
exit(1);
}
popt_common_set_auth_info(c->auth_info);
pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
@ -698,7 +695,9 @@ static struct functable net_func[] = {
switch (opt) {
case 'h':
c->display_usage = true;
set_cmdline_auth_info_password(c->auth_info, "");
break;
case 'e':
c->smb_encrypt = true;
break;
case 'I':
if (!interpret_string_addr(&c->opt_dest_ip,
@ -708,6 +707,15 @@ static struct functable net_func[] = {
c->opt_have_ip = true;
}
break;
case 'U':
c->opt_user_specified = true;
c->opt_user_name = SMB_STRDUP(c->opt_user_name);
p = strchr(c->opt_user_name,'%');
if (p) {
*p = 0;
c->opt_password = p+1;
}
break;
default:
d_fprintf(stderr, "\nInvalid option %s: %s\n",
poptBadOption(pc, 0), poptStrerror(opt));
@ -741,6 +749,10 @@ static struct functable net_func[] = {
set_global_myname(c->opt_requester_name);
}
if (!c->opt_user_name && getenv("LOGNAME")) {
c->opt_user_name = getenv("LOGNAME");
}
if (!c->opt_workgroup) {
c->opt_workgroup = smb_xstrdup(lp_workgroup());
}
@ -758,6 +770,17 @@ static struct functable net_func[] = {
that it won't assert becouse we are not root */
sec_init();
if (c->opt_machine_pass) {
/* it is very useful to be able to make ads queries as the
machine account for testing purposes and for domain leave */
net_use_krb_machine_account(c);
}
if (!c->opt_password) {
c->opt_password = getenv("PASSWD");
}
rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
DEBUG(2,("return code = %d\n", rc));

View File

@ -28,8 +28,11 @@
struct net_context {
const char *opt_requester_name;
const char *opt_host;
int opt_long_list_entries;
const char *opt_password;
const char *opt_user_name;
bool opt_user_specified;
const char *opt_workgroup;
int opt_long_list_entries;
int opt_reboot;
int opt_force;
int opt_stdin;
@ -42,6 +45,7 @@ struct net_context {
int opt_timeout;
int opt_request_timeout;
const char *opt_target_workgroup;
int opt_machine_pass;
int opt_localgroup;
int opt_domaingroup;
int do_talloc_report;
@ -53,14 +57,15 @@ struct net_context {
const char *opt_exclude;
const char *opt_destination;
int opt_testmode;
bool opt_kerberos;
int opt_force_full_repl;
int opt_single_obj_repl;
int opt_clean_old_entries;
int opt_have_ip;
struct sockaddr_storage opt_dest_ip;
bool smb_encrypt;
struct libnetapi_ctx *netapi_ctx;
struct user_auth_info *auth_info;
bool display_usage;
void *private_data;

View File

@ -231,23 +231,32 @@ retry_connect:
ads = ads_init(realm, c->opt_target_workgroup, c->opt_host);
retry:
if (need_password) {
set_cmdline_auth_info_getpass(c->auth_info);
if (!c->opt_user_name) {
c->opt_user_name = "administrator";
}
if (get_cmdline_auth_info_got_pass(c->auth_info) ||
!get_cmdline_auth_info_use_kerberos(c->auth_info)) {
if (c->opt_user_specified) {
need_password = true;
}
retry:
if (!c->opt_password && need_password && !c->opt_machine_pass) {
c->opt_password = net_prompt_pass(c, c->opt_user_name);
if (!c->opt_password) {
ads_destroy(&ads);
return ADS_ERROR(LDAP_NO_MEMORY);
}
}
if (c->opt_password) {
use_in_memory_ccache();
SAFE_FREE(ads->auth.password);
ads->auth.password = smb_xstrdup(
get_cmdline_auth_info_password(c->auth_info));
ads->auth.password = smb_xstrdup(c->opt_password);
}
ads->auth.flags |= auth_flags;
SAFE_FREE(ads->auth.user_name);
ads->auth.user_name = smb_xstrdup(
get_cmdline_auth_info_username(c->auth_info));
ads->auth.user_name = smb_xstrdup(c->opt_user_name);
/*
* If the username is of the form "name@realm",
@ -866,7 +875,6 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
TALLOC_CTX *ctx;
struct libnet_UnjoinCtx *r = NULL;
WERROR werr;
struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@ -885,7 +893,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
return -1;
}
if (!get_cmdline_auth_info_use_kerberos(ai)) {
if (!c->opt_kerberos) {
use_in_memory_ccache();
}
@ -895,14 +903,12 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
return -1;
}
set_cmdline_auth_info_getpass(ai);
r->in.debug = true;
r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai);
r->in.use_kerberos = c->opt_kerberos;
r->in.dc_name = c->opt_host;
r->in.domain_name = lp_realm();
r->in.admin_account = get_cmdline_auth_info_username(ai);
r->in.admin_password = get_cmdline_auth_info_password(ai);
r->in.admin_account = c->opt_user_name;
r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
r->in.modify_config = lp_config_backend_is_registry();
/* Try to delete it, but if that fails, disable it. The
@ -960,8 +966,7 @@ static NTSTATUS net_ads_join_ok(struct net_context *c)
return NT_STATUS_ACCESS_DENIED;
}
set_cmdline_auth_info_use_machine_account(c->auth_info);
set_cmdline_auth_info_machine_account_creds(c->auth_info);
net_use_krb_machine_account(c);
status = ads_startup(c, true, &ads);
if (!ADS_ERR_OK(status)) {
@ -1192,7 +1197,6 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
const char *os_name = NULL;
const char *os_version = NULL;
bool modify_config = lp_config_backend_is_registry();
struct user_auth_info *ai = c->auth_info;;
if (c->display_usage)
return net_ads_join_usage(c, argc, argv);
@ -1212,7 +1216,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
goto fail;
}
if (!get_cmdline_auth_info_use_kerberos(ai)) {
if (!c->opt_kerberos) {
use_in_memory_ccache();
}
@ -1262,8 +1266,6 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
/* Do the domain join here */
set_cmdline_auth_info_getpass(ai);
r->in.domain_name = domain;
r->in.create_upn = createupn;
r->in.upn = machineupn;
@ -1271,10 +1273,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
r->in.os_name = os_name;
r->in.os_version = os_version;
r->in.dc_name = c->opt_host;
r->in.admin_account = get_cmdline_auth_info_username(ai);
r->in.admin_password = get_cmdline_auth_info_password(ai);
r->in.admin_account = c->opt_user_name;
r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
r->in.debug = true;
r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai);
r->in.use_kerberos = c->opt_kerberos;
r->in.modify_config = modify_config;
r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
@ -1585,7 +1587,6 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
char *prt_dn, *srv_dn, **srv_cn;
char *srv_cn_escaped = NULL, *printername_escaped = NULL;
LDAPMessage *res = NULL;
struct user_auth_info *ai = c->auth_info;
if (argc < 1 || c->display_usage) {
d_printf("Usage:\n"
@ -1617,9 +1618,8 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
nt_status = cli_full_connection(&cli, global_myname(), servername,
&server_ss, 0,
"IPC$", "IPC",
get_cmdline_auth_info_username(ai),
c->opt_workgroup,
get_cmdline_auth_info_password(ai),
c->opt_user_name, c->opt_workgroup,
c->opt_password ? c->opt_password : "",
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
@ -1807,8 +1807,8 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv)
static int net_ads_password(struct net_context *c, int argc, const char **argv)
{
ADS_STRUCT *ads;
const char *auth_principal;
const char *auth_password;
const char *auth_principal = c->opt_user_name;
const char *auth_password = c->opt_password;
char *realm = NULL;
char *new_password = NULL;
char *chr, *prompt;
@ -1823,9 +1823,10 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv)
return 0;
}
auth_principal = get_cmdline_auth_info_username(c->auth_info);
set_cmdline_auth_info_getpass(c->auth_info);
auth_password = get_cmdline_auth_info_password(c->auth_info);
if (c->opt_user_name == NULL || c->opt_password == NULL) {
d_fprintf(stderr, "You must supply an administrator username/password\n");
return -1;
}
if (argc < 1) {
d_fprintf(stderr, "ERROR: You must say which username to change password for\n");
@ -1907,7 +1908,7 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
return -1;
}
set_cmdline_auth_info_use_machine_account(c->auth_info);
net_use_krb_machine_account(c);
use_in_memory_ccache();
@ -2289,7 +2290,6 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
TALLOC_CTX *mem_ctx = NULL;
NTSTATUS status;
int ret = -1;
struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@ -2303,11 +2303,11 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
goto out;
}
set_cmdline_auth_info_getpass(ai);
c->opt_password = net_prompt_pass(c, c->opt_user_name);
status = kerberos_return_pac(mem_ctx,
get_cmdline_auth_info_username(ai),
get_cmdline_auth_info_password(ai),
c->opt_user_name,
c->opt_password,
0,
NULL,
NULL,
@ -2340,7 +2340,6 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **
TALLOC_CTX *mem_ctx = NULL;
int ret = -1;
NTSTATUS status;
struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@ -2354,10 +2353,10 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **
goto out;
}
set_cmdline_auth_info_getpass(ai);
c->opt_password = net_prompt_pass(c, c->opt_user_name);
ret = kerberos_kinit_password_ext(get_cmdline_auth_info_username(ai),
get_cmdline_auth_info_password(ai),
ret = kerberos_kinit_password_ext(c->opt_user_name,
c->opt_password,
0,
NULL,
NULL,

View File

@ -368,11 +368,9 @@ int net_dom(struct net_context *c, int argc, const char **argv)
return -1;
}
libnetapi_set_username(c->netapi_ctx,
get_cmdline_auth_info_username(c->auth_info));
libnetapi_set_password(c->netapi_ctx,
get_cmdline_auth_info_password(c->auth_info));
if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
libnetapi_set_password(c->netapi_ctx, c->opt_password);
if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}

View File

@ -65,6 +65,5 @@ int net_help(struct net_context *c, int argc, const char **argv)
}
c->display_usage = true;
set_cmdline_auth_info_password(c->auth_info, "");
return net_run_function(c, argc, argv, "net help", func);
}

View File

@ -459,6 +459,8 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
struct rpc_pipe_client **pp_pipe_hnd,
const struct ndr_syntax_id *interface);
int net_use_krb_machine_account(struct net_context *c);
int net_use_machine_account(struct net_context *c);
bool net_find_server(struct net_context *c,
const char *domain,
unsigned flags,
@ -473,6 +475,7 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
const char *server,
struct sockaddr_storage *pss,
unsigned flags, struct cli_state **pcli);
const char *net_prompt_pass(struct net_context *c, const char *user);
int net_run_function(struct net_context *c, int argc, const char **argv,
const char *whoami, struct functable *table);
void net_display_usage_from_functable(struct functable *table);

View File

@ -25,8 +25,7 @@
#include "../libcli/auth/libcli_auth.h"
static int net_mode_share;
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask,
const struct user_auth_info *auth_info);
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
/**
* @file net_rpc.c
@ -123,7 +122,6 @@ int run_rpc_command(struct net_context *c,
DOM_SID *domain_sid;
const char *domain_name;
int ret = -1;
struct user_auth_info *ai = c->auth_info;
/* make use of cli_state handed over as an argument, if possible */
if (!cli_arg) {
@ -173,10 +171,8 @@ int run_rpc_command(struct net_context *c,
nt_status = cli_rpc_pipe_open_ntlmssp(
cli, interface,
PIPE_AUTH_LEVEL_PRIVACY,
lp_workgroup(),
get_cmdline_auth_info_username(ai),
get_cmdline_auth_info_password(ai),
&pipe_hnd);
lp_workgroup(), c->opt_user_name,
c->opt_password, &pipe_hnd);
} else {
nt_status = cli_rpc_pipe_open_noauth(
cli, interface,
@ -944,12 +940,9 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
set_cmdline_auth_info_getpass(c->auth_info);
libnetapi_set_username(c->netapi_ctx,
get_cmdline_auth_info_username(c->auth_info));
libnetapi_set_password(c->netapi_ctx,
get_cmdline_auth_info_password(c->auth_info));
if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
libnetapi_set_password(c->netapi_ctx, c->opt_password);
if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@ -2763,12 +2756,9 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
set_cmdline_auth_info_getpass(c->auth_info);
libnetapi_set_username(c->netapi_ctx,
get_cmdline_auth_info_username(c->auth_info));
libnetapi_set_password(c->netapi_ctx,
get_cmdline_auth_info_password(c->auth_info));
if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
libnetapi_set_password(c->netapi_ctx, c->opt_password);
if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@ -3255,7 +3245,7 @@ static void copy_fn(const char *mnt, file_info *f,
old_dir = local_state->cwd;
local_state->cwd = dir;
if (!sync_files(local_state, new_mask, c->auth_info))
if (!sync_files(local_state, new_mask))
printf("could not handle files\n");
local_state->cwd = old_dir;
@ -3302,18 +3292,15 @@ static void copy_fn(const char *mnt, file_info *f,
*
* @return Boolean result
**/
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask,
const struct user_auth_info *auth_info)
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask)
{
struct cli_state *targetcli;
char *targetpath = NULL;
DEBUG(3,("calling cli_list with mask: %s\n", mask));
if ( !cli_resolve_path(talloc_tos(), "", auth_info,
cp_clistate->cli_share_src, mask, &targetcli,
&targetpath ) ) {
if ( !cli_resolve_path(talloc_tos(), "", NULL, cp_clistate->cli_share_src,
mask, &targetcli, &targetpath ) ) {
d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n",
mask, cli_errstr(cp_clistate->cli_share_src));
return false;
@ -3476,7 +3463,7 @@ static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c,
goto done;
}
if (!sync_files(&cp_clistate, mask, c->auth_info)) {
if (!sync_files(&cp_clistate, mask)) {
d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
nt_status = NT_STATUS_UNSUCCESSFUL;
goto done;
@ -4577,12 +4564,9 @@ int net_rpc_share(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
set_cmdline_auth_info_getpass(c->auth_info);
libnetapi_set_username(c->netapi_ctx,
get_cmdline_auth_info_username(c->auth_info));
libnetapi_set_password(c->netapi_ctx,
get_cmdline_auth_info_password(c->auth_info));
if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
libnetapi_set_password(c->netapi_ctx, c->opt_password);
if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@ -4855,12 +4839,9 @@ int net_rpc_file(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
set_cmdline_auth_info_getpass(c->auth_info);
libnetapi_set_username(c->netapi_ctx,
get_cmdline_auth_info_username(c->auth_info));
libnetapi_set_password(c->netapi_ctx,
get_cmdline_auth_info_password(c->auth_info));
if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
libnetapi_set_password(c->netapi_ctx, c->opt_password);
if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@ -5550,7 +5531,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
c->opt_workgroup = smb_xstrdup(domain_name);
};
set_cmdline_auth_info_username(c->auth_info, acct_name);
c->opt_user_name = acct_name;
/* find the domain controller */
if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
@ -5647,9 +5628,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
* Store the password in secrets db
*/
if (!pdb_set_trusteddom_pw(domain_name,
get_cmdline_auth_info_password(c->auth_info),
domain_sid)) {
if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) {
DEBUG(0, ("Storing password for trusted domain failed.\n"));
cli_shutdown(cli);
talloc_destroy(mem_ctx);
@ -7211,12 +7190,9 @@ int net_rpc(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
set_cmdline_auth_info_getpass(c->auth_info);
libnetapi_set_username(c->netapi_ctx,
get_cmdline_auth_info_username(c->auth_info));
libnetapi_set_password(c->netapi_ctx,
get_cmdline_auth_info_password(c->auth_info));
if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
libnetapi_set_password(c->netapi_ctx, c->opt_password);
if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}

View File

@ -58,8 +58,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain,
if (sec == SEC_ADS) {
/* Connect to IPC$ using machine account's credentials. We don't use anonymous
connection here, as it may be denied by server's local policy. */
set_cmdline_auth_info_use_machine_account(c->auth_info);
set_cmdline_auth_info_machine_account_creds(c->auth_info);
net_use_machine_account(c);
} else {
/* some servers (e.g. WinNT) don't accept machine-authenticated

View File

@ -379,8 +379,8 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c,
ctx->cli = pipe_hnd;
ctx->ops = &libnet_samsync_keytab_ops;
ctx->domain_name = domain_name;
ctx->username = get_cmdline_auth_info_username(c->auth_info);
ctx->password = get_cmdline_auth_info_password(c->auth_info);
ctx->username = c->opt_user_name;
ctx->password = c->opt_password;
ctx->force_full_replication = c->opt_force_full_repl ? true : false;
ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;

View File

@ -220,12 +220,9 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv)
if (libnetapi_init(&c->netapi_ctx) != 0) {
return -1;
}
set_cmdline_auth_info_getpass(c->auth_info);
libnetapi_set_username(c->netapi_ctx,
get_cmdline_auth_info_username(c->auth_info));
libnetapi_set_password(c->netapi_ctx,
get_cmdline_auth_info_password(c->auth_info));
if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
libnetapi_set_password(c->netapi_ctx, c->opt_password);
if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}

View File

@ -96,22 +96,22 @@ NTSTATUS connect_to_service(struct net_context *c,
{
NTSTATUS nt_status;
int flags = 0;
struct user_auth_info *ai = c->auth_info;
set_cmdline_auth_info_getpass(ai);
c->opt_password = net_prompt_pass(c, c->opt_user_name);
if (get_cmdline_auth_info_use_kerberos(ai)) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
if (c->opt_kerberos) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
}
if (c->opt_kerberos && c->opt_password) {
flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
nt_status = cli_full_connection(cli_ctx, NULL, server_name,
server_ss, c->opt_port,
service_name, service_type,
get_cmdline_auth_info_username(ai),
c->opt_workgroup,
get_cmdline_auth_info_password(ai),
flags, Undefined, NULL);
c->opt_user_name, c->opt_workgroup,
c->opt_password, flags, Undefined, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
d_fprintf(stderr, "Could not connect to server %s\n", server_name);
@ -131,10 +131,10 @@ NTSTATUS connect_to_service(struct net_context *c,
return nt_status;
}
if (get_cmdline_auth_info_smb_encrypt(ai)) {
if (c->smb_encrypt) {
nt_status = cli_force_encryption(*cli_ctx,
get_cmdline_auth_info_username(ai),
get_cmdline_auth_info_password(ai),
c->opt_user_name,
c->opt_password,
c->opt_workgroup);
if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) {
@ -234,12 +234,14 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
{
NTSTATUS nt_status;
char *user_and_realm = NULL;
struct user_auth_info *ai = c->auth_info;
/* FIXME: Should get existing kerberos ticket if possible. */
set_cmdline_auth_info_getpass(ai);
c->opt_password = net_prompt_pass(c, c->opt_user_name);
if (!c->opt_password) {
return NT_STATUS_NO_MEMORY;
}
user_and_realm = get_user_and_realm(get_cmdline_auth_info_username(ai));
user_and_realm = get_user_and_realm(c->opt_user_name);
if (!user_and_realm) {
return NT_STATUS_NO_MEMORY;
}
@ -248,7 +250,7 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
server_ss, c->opt_port,
"IPC$", "IPC",
user_and_realm, c->opt_workgroup,
get_cmdline_auth_info_password(ai),
c->opt_password,
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
@ -259,10 +261,10 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
return nt_status;
}
if (get_cmdline_auth_info_smb_encrypt(ai)) {
if (c->smb_encrypt) {
nt_status = cli_cm_force_encryption(*cli_ctx,
user_and_realm,
get_cmdline_auth_info_password(ai),
c->opt_password,
c->opt_workgroup,
"IPC$");
if (!NT_STATUS_IS_OK(nt_status)) {
@ -326,6 +328,50 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
return nt_status;
}
/****************************************************************************
Use the local machine account (krb) and password for this session.
****************************************************************************/
int net_use_krb_machine_account(struct net_context *c)
{
char *user_name = NULL;
if (!secrets_init()) {
d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
exit(1);
}
c->opt_password = secrets_fetch_machine_password(
c->opt_target_workgroup, NULL, NULL);
if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
return -1;
}
c->opt_user_name = user_name;
return 0;
}
/****************************************************************************
Use the machine account name and password for this session.
****************************************************************************/
int net_use_machine_account(struct net_context *c)
{
char *user_name = NULL;
if (!secrets_init()) {
d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
exit(1);
}
c->opt_password = secrets_fetch_machine_password(
c->opt_target_workgroup, NULL, NULL);
if (asprintf(&user_name, "%s$", global_myname()) == -1) {
return -1;
}
c->opt_user_name = user_name;
return 0;
}
bool net_find_server(struct net_context *c,
const char *domain,
unsigned flags,
@ -489,6 +535,33 @@ done:
/****************************************************************************
****************************************************************************/
const char *net_prompt_pass(struct net_context *c, const char *user)
{
char *prompt = NULL;
const char *pass = NULL;
if (c->opt_password) {
return c->opt_password;
}
if (c->opt_machine_pass) {
return NULL;
}
if (c->opt_kerberos && !c->opt_user_specified) {
return NULL;
}
if (asprintf(&prompt, "Enter %s's password:", user) == -1) {
return NULL;
}
pass = getpass(prompt);
SAFE_FREE(prompt);
return pass;
}
int net_run_function(struct net_context *c, int argc, const char **argv,
const char *whoami, struct functable *table)
{