mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3:utils: Use connection and credentials parser in net util
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
91d20d1d11
commit
ea071d278a
@ -816,7 +816,7 @@ sub provision_ad_member
|
|||||||
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
|
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
|
||||||
$cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
|
$cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
|
||||||
$cmd .= "$net join $ret->{CONFIGURATION}";
|
$cmd .= "$net join $ret->{CONFIGURATION}";
|
||||||
$cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD} -k";
|
$cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD} --use-kerberos=required";
|
||||||
|
|
||||||
if (system($cmd) != 0) {
|
if (system($cmd) != 0) {
|
||||||
warn("Join failed\n$cmd");
|
warn("Join failed\n$cmd");
|
||||||
|
@ -52,6 +52,7 @@
|
|||||||
#include "lib/gencache.h"
|
#include "lib/gencache.h"
|
||||||
#include "auth/credentials/credentials.h"
|
#include "auth/credentials/credentials.h"
|
||||||
#include "source3/utils/passwd_proto.h"
|
#include "source3/utils/passwd_proto.h"
|
||||||
|
#include "auth/gensec/gensec.h"
|
||||||
|
|
||||||
#ifdef WITH_FAKE_KASERVER
|
#ifdef WITH_FAKE_KASERVER
|
||||||
#include "utils/net_afs.h"
|
#include "utils/net_afs.h"
|
||||||
@ -260,7 +261,6 @@ static int net_changesecretpw(struct net_context *c, int argc,
|
|||||||
static int net_setauthuser(struct net_context *c, int argc, const char **argv)
|
static int net_setauthuser(struct net_context *c, int argc, const char **argv)
|
||||||
{
|
{
|
||||||
const char *password = NULL;
|
const char *password = NULL;
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
bool ok;
|
bool ok;
|
||||||
|
|
||||||
if (!secrets_init()) {
|
if (!secrets_init()) {
|
||||||
@ -307,14 +307,7 @@ static int net_setauthuser(struct net_context *c, int argc, const char **argv)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
creds = net_context_creds(c, c);
|
ok = secrets_store_creds(c->creds);
|
||||||
if (creds == NULL) {
|
|
||||||
d_fprintf(stderr, _("Failed creating auth credentials\n"));
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
ok = secrets_store_creds(creds);
|
|
||||||
TALLOC_FREE(creds);
|
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
d_fprintf(stderr, _("Failed storing auth user credentials\n"));
|
d_fprintf(stderr, _("Failed storing auth user credentials\n"));
|
||||||
return 1;
|
return 1;
|
||||||
@ -919,33 +912,12 @@ static struct functable net_func[] = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
static void get_credentials_file(struct net_context *c,
|
|
||||||
const char *file)
|
|
||||||
{
|
|
||||||
struct cli_credentials *cred = cli_credentials_init(c);
|
|
||||||
|
|
||||||
if (cred == NULL) {
|
|
||||||
d_printf("ERROR: Unable to allocate memory!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!cli_credentials_parse_file(cred, file, CRED_GUESS_FILE)) {
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
c->opt_user_name = cli_credentials_get_username(cred);
|
|
||||||
c->opt_user_specified = (c->opt_user_name != NULL);
|
|
||||||
c->opt_password = cli_credentials_get_password(cred);
|
|
||||||
c->opt_target_workgroup = cli_credentials_get_domain(cred);
|
|
||||||
}
|
|
||||||
|
|
||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
main program
|
main program
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
int main(int argc, char **argv)
|
int main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
int opt,i;
|
int opt,i;
|
||||||
char *p;
|
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
int argc_new = 0;
|
int argc_new = 0;
|
||||||
const char ** argv_new;
|
const char ** argv_new;
|
||||||
@ -963,27 +935,11 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
.val = 'h',
|
.val = 'h',
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.longName = "workgroup",
|
.longName = "target-workgroup",
|
||||||
.shortName = 'w',
|
.shortName = 'w',
|
||||||
.argInfo = POPT_ARG_STRING,
|
.argInfo = POPT_ARG_STRING,
|
||||||
.arg = &c->opt_target_workgroup,
|
.arg = &c->opt_target_workgroup,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
.longName = "user",
|
|
||||||
.shortName = 'U',
|
|
||||||
.argInfo = POPT_ARG_STRING,
|
|
||||||
.arg = &c->opt_user_name,
|
|
||||||
.val = 'U',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
.longName = "authentication-file",
|
|
||||||
.shortName = 'A',
|
|
||||||
.argInfo = POPT_ARG_STRING,
|
|
||||||
.arg = &c->opt_user_name,
|
|
||||||
.val = 'A',
|
|
||||||
.descrip = "Get the credentials from a file",
|
|
||||||
.argDescrip = "FILE",
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
.longName = "ipaddress",
|
.longName = "ipaddress",
|
||||||
.shortName = 'I',
|
.shortName = 'I',
|
||||||
@ -999,7 +955,7 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
.longName = "myname",
|
.longName = "myname",
|
||||||
.shortName = 'n',
|
.shortName = 0,
|
||||||
.argInfo = POPT_ARG_STRING,
|
.argInfo = POPT_ARG_STRING,
|
||||||
.arg = &c->opt_requester_name,
|
.arg = &c->opt_requester_name,
|
||||||
},
|
},
|
||||||
@ -1009,14 +965,6 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
.argInfo = POPT_ARG_STRING,
|
.argInfo = POPT_ARG_STRING,
|
||||||
.arg = &c->opt_host,
|
.arg = &c->opt_host,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
.longName = "encrypt",
|
|
||||||
.shortName = 'e',
|
|
||||||
.argInfo = POPT_ARG_NONE,
|
|
||||||
.arg = NULL,
|
|
||||||
.val = 'e',
|
|
||||||
.descrip = N_("Encrypt SMB transport"),
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
.longName = "container",
|
.longName = "container",
|
||||||
.shortName = 'c',
|
.shortName = 'c',
|
||||||
@ -1076,24 +1024,6 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
.argInfo = POPT_ARG_INT,
|
.argInfo = POPT_ARG_INT,
|
||||||
.arg = &c->opt_request_timeout,
|
.arg = &c->opt_request_timeout,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
.longName = "machine-pass",
|
|
||||||
.shortName = 'P',
|
|
||||||
.argInfo = POPT_ARG_NONE,
|
|
||||||
.arg = &c->opt_machine_pass,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
.longName = "kerberos",
|
|
||||||
.shortName = 'k',
|
|
||||||
.argInfo = POPT_ARG_NONE,
|
|
||||||
.arg = &c->opt_kerberos,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
.longName = "myworkgroup",
|
|
||||||
.shortName = 'W',
|
|
||||||
.argInfo = POPT_ARG_STRING,
|
|
||||||
.arg = &c->opt_workgroup,
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
.longName = "use-ccache",
|
.longName = "use-ccache",
|
||||||
.shortName = 0,
|
.shortName = 0,
|
||||||
@ -1127,13 +1057,13 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
.longName = "ntname",
|
.longName = "ntname",
|
||||||
.shortName = 'N',
|
.shortName = 0,
|
||||||
.argInfo = POPT_ARG_STRING,
|
.argInfo = POPT_ARG_STRING,
|
||||||
.arg = &c->opt_newntname,
|
.arg = &c->opt_newntname,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.longName = "rid",
|
.longName = "rid",
|
||||||
.shortName = 'R',
|
.shortName = 0,
|
||||||
.argInfo = POPT_ARG_INT,
|
.argInfo = POPT_ARG_INT,
|
||||||
.arg = &c->opt_rid,
|
.arg = &c->opt_rid,
|
||||||
},
|
},
|
||||||
@ -1283,7 +1213,10 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
.descrip = "follow symlinks",
|
.descrip = "follow symlinks",
|
||||||
},
|
},
|
||||||
POPT_COMMON_SAMBA
|
POPT_COMMON_SAMBA
|
||||||
|
POPT_COMMON_CONNECTION
|
||||||
|
POPT_COMMON_CREDENTIALS
|
||||||
POPT_COMMON_VERSION
|
POPT_COMMON_VERSION
|
||||||
|
POPT_LEGACY_S3
|
||||||
POPT_TABLEEND
|
POPT_TABLEEND
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -1330,9 +1263,6 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
case 'h':
|
case 'h':
|
||||||
c->display_usage = true;
|
c->display_usage = true;
|
||||||
break;
|
break;
|
||||||
case 'e':
|
|
||||||
c->smb_encrypt = true;
|
|
||||||
break;
|
|
||||||
case 'I':
|
case 'I':
|
||||||
if (!interpret_string_addr(&c->opt_dest_ip,
|
if (!interpret_string_addr(&c->opt_dest_ip,
|
||||||
poptGetOptArg(pc), 0)) {
|
poptGetOptArg(pc), 0)) {
|
||||||
@ -1341,18 +1271,6 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
c->opt_have_ip = true;
|
c->opt_have_ip = true;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'U':
|
|
||||||
c->opt_user_specified = true;
|
|
||||||
c->opt_user_name = talloc_strdup(c, c->opt_user_name);
|
|
||||||
p = strchr(c->opt_user_name,'%');
|
|
||||||
if (p) {
|
|
||||||
*p = 0;
|
|
||||||
c->opt_password = p+1;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 'A':
|
|
||||||
get_credentials_file(c, c->opt_user_name);
|
|
||||||
break;
|
|
||||||
default:
|
default:
|
||||||
d_fprintf(stderr, _("\nInvalid option %s: %s\n"),
|
d_fprintf(stderr, _("\nInvalid option %s: %s\n"),
|
||||||
poptBadOption(pc, 0), poptStrerror(opt));
|
poptBadOption(pc, 0), poptStrerror(opt));
|
||||||
@ -1361,6 +1279,33 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
c->creds = samba_cmdline_get_creds();
|
||||||
|
c->lp_ctx = samba_cmdline_get_lp_ctx();
|
||||||
|
|
||||||
|
{
|
||||||
|
enum credentials_obtained username_obtained =
|
||||||
|
CRED_UNINITIALISED;
|
||||||
|
enum smb_encryption_setting encrypt_state =
|
||||||
|
cli_credentials_get_smb_encryption(c->creds);
|
||||||
|
enum credentials_use_kerberos krb5_state =
|
||||||
|
cli_credentials_get_kerberos_state(c->creds);
|
||||||
|
uint32_t gensec_features;
|
||||||
|
|
||||||
|
c->opt_user_name = cli_credentials_get_username_and_obtained(
|
||||||
|
c->creds,
|
||||||
|
&username_obtained);
|
||||||
|
c->opt_user_specified = (username_obtained == CRED_SPECIFIED);
|
||||||
|
|
||||||
|
c->opt_workgroup = cli_credentials_get_domain(c->creds);
|
||||||
|
|
||||||
|
c->smb_encrypt = (encrypt_state == SMB_ENCRYPTION_REQUIRED);
|
||||||
|
|
||||||
|
c->opt_kerberos = (krb5_state > CRED_USE_KERBEROS_DESIRED);
|
||||||
|
|
||||||
|
gensec_features = cli_credentials_get_gensec_features(c->creds);
|
||||||
|
c->opt_ccache = (gensec_features & GENSEC_FEATURE_NTLM_CCACHE);
|
||||||
|
}
|
||||||
|
|
||||||
c->msg_ctx = cmdline_messaging_context(get_dyn_CONFIGFILE());
|
c->msg_ctx = cmdline_messaging_context(get_dyn_CONFIGFILE());
|
||||||
|
|
||||||
#if defined(HAVE_BIND_TEXTDOMAIN_CODESET)
|
#if defined(HAVE_BIND_TEXTDOMAIN_CODESET)
|
||||||
@ -1391,14 +1336,6 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
lp_set_cmdline("netbios name", c->opt_requester_name);
|
lp_set_cmdline("netbios name", c->opt_requester_name);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!c->opt_user_name && getenv("LOGNAME")) {
|
|
||||||
c->opt_user_name = getenv("LOGNAME");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!c->opt_workgroup) {
|
|
||||||
c->opt_workgroup = talloc_strdup(c, lp_workgroup());
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!c->opt_target_workgroup) {
|
if (!c->opt_target_workgroup) {
|
||||||
c->opt_target_workgroup = talloc_strdup(c, lp_workgroup());
|
c->opt_target_workgroup = talloc_strdup(c, lp_workgroup());
|
||||||
}
|
}
|
||||||
@ -1409,17 +1346,6 @@ static void get_credentials_file(struct net_context *c,
|
|||||||
that it won't assert because we are not root */
|
that it won't assert because we are not root */
|
||||||
sec_init();
|
sec_init();
|
||||||
|
|
||||||
if (c->opt_machine_pass) {
|
|
||||||
/* it is very useful to be able to make ads queries as the
|
|
||||||
machine account for testing purposes and for domain leave */
|
|
||||||
|
|
||||||
net_use_krb_machine_account(c);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!c->opt_password) {
|
|
||||||
c->opt_password = getenv("PASSWD");
|
|
||||||
}
|
|
||||||
|
|
||||||
samba_cmdline_burn(argc, argv);
|
samba_cmdline_burn(argc, argv);
|
||||||
|
|
||||||
rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
|
rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
|
||||||
|
@ -2433,7 +2433,6 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
|
|||||||
char *prt_dn, *srv_dn, **srv_cn;
|
char *prt_dn, *srv_dn, **srv_cn;
|
||||||
char *srv_cn_escaped = NULL, *printername_escaped = NULL;
|
char *srv_cn_escaped = NULL, *printername_escaped = NULL;
|
||||||
LDAPMessage *res = NULL;
|
LDAPMessage *res = NULL;
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
bool ok;
|
bool ok;
|
||||||
|
|
||||||
if (argc < 1 || c->display_usage) {
|
if (argc < 1 || c->display_usage) {
|
||||||
@ -2471,21 +2470,14 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
creds = net_context_creds(c, mem_ctx);
|
cli_credentials_set_kerberos_state(c->creds,
|
||||||
if (creds == NULL) {
|
|
||||||
d_fprintf(stderr, "net_context_creds() failed\n");
|
|
||||||
ads_destroy(&ads);
|
|
||||||
talloc_destroy(mem_ctx);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
cli_credentials_set_kerberos_state(creds,
|
|
||||||
CRED_USE_KERBEROS_REQUIRED,
|
CRED_USE_KERBEROS_REQUIRED,
|
||||||
CRED_SPECIFIED);
|
CRED_SPECIFIED);
|
||||||
|
|
||||||
nt_status = cli_full_connection_creds(&cli, lp_netbios_name(), servername,
|
nt_status = cli_full_connection_creds(&cli, lp_netbios_name(), servername,
|
||||||
&server_ss, 0,
|
&server_ss, 0,
|
||||||
"IPC$", "IPC",
|
"IPC$", "IPC",
|
||||||
creds,
|
c->creds,
|
||||||
CLI_FULL_CONNECTION_IPC);
|
CLI_FULL_CONNECTION_IPC);
|
||||||
|
|
||||||
if (NT_STATUS_IS_ERR(nt_status)) {
|
if (NT_STATUS_IS_ERR(nt_status)) {
|
||||||
@ -2675,8 +2667,8 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv)
|
|||||||
static int net_ads_password(struct net_context *c, int argc, const char **argv)
|
static int net_ads_password(struct net_context *c, int argc, const char **argv)
|
||||||
{
|
{
|
||||||
ADS_STRUCT *ads;
|
ADS_STRUCT *ads;
|
||||||
const char *auth_principal = c->opt_user_name;
|
const char *auth_principal = cli_credentials_get_username(c->creds);
|
||||||
const char *auth_password = c->opt_password;
|
const char *auth_password = cli_credentials_get_password(c->creds);
|
||||||
const char *realm = NULL;
|
const char *realm = NULL;
|
||||||
const char *new_password = NULL;
|
const char *new_password = NULL;
|
||||||
char *chr, *prompt;
|
char *chr, *prompt;
|
||||||
@ -2693,7 +2685,7 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (c->opt_user_name == NULL || c->opt_password == NULL) {
|
if (auth_principal == NULL || auth_password == NULL) {
|
||||||
d_fprintf(stderr, _("You must supply an administrator "
|
d_fprintf(stderr, _("You must supply an administrator "
|
||||||
"username/password\n"));
|
"username/password\n"));
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -340,7 +340,6 @@ static int net_dom_renamecomputer(struct net_context *c, int argc, const char **
|
|||||||
int net_dom(struct net_context *c, int argc, const char **argv)
|
int net_dom(struct net_context *c, int argc, const char **argv)
|
||||||
{
|
{
|
||||||
NET_API_STATUS status;
|
NET_API_STATUS status;
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
|
|
||||||
struct functable func[] = {
|
struct functable func[] = {
|
||||||
{
|
{
|
||||||
@ -375,17 +374,12 @@ int net_dom(struct net_context *c, int argc, const char **argv)
|
|||||||
{NULL, NULL, 0, NULL, NULL}
|
{NULL, NULL, 0, NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
creds = net_context_creds(c, c);
|
|
||||||
if (creds == NULL) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
status = libnetapi_net_init(&c->netapi_ctx);
|
status = libnetapi_net_init(&c->netapi_ctx);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = libnetapi_set_creds(c->netapi_ctx, creds);
|
status = libnetapi_set_creds(c->netapi_ctx, c->creds);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -33,26 +33,63 @@ int net_common_methods_usage(struct net_context *c, int argc, const char**argv)
|
|||||||
int net_common_flags_usage(struct net_context *c, int argc, const char **argv)
|
int net_common_flags_usage(struct net_context *c, int argc, const char **argv)
|
||||||
{
|
{
|
||||||
d_printf(_("Valid targets: choose one (none defaults to localhost)\n"));
|
d_printf(_("Valid targets: choose one (none defaults to localhost)\n"));
|
||||||
d_printf(_("\t-S or --server=<server>\t\tserver name\n"));
|
d_printf(_("\t-S|--server=<server>\t\t\tserver name\n"));
|
||||||
d_printf(_("\t-I or --ipaddress=<ipaddr>\taddress of target server\n"));
|
d_printf(_("\t-I|--ipaddress=<ipaddr>\t\t\taddress of target server\n"));
|
||||||
d_printf(_("\t-w or --workgroup=<wg>\t\ttarget workgroup or domain\n"));
|
d_printf(_("\t-w|--target-workgroup=<wg>\t\ttarget workgroup or domain\n"));
|
||||||
|
|
||||||
d_printf("\n");
|
d_printf("\n");
|
||||||
d_printf(_("Valid miscellaneous options are:\n")); /* misc options */
|
d_printf(_("Valid misc options are:\n")); /* misc options */
|
||||||
d_printf(_("\t-p or --port=<port>\t\tconnection port on target\n"));
|
d_printf(_("\t-p|--port=<port>\t\t\tconnection port on target\n"));
|
||||||
d_printf(_("\t-W or --myworkgroup=<wg>\tclient workgroup\n"));
|
d_printf(_("\t--myname=<name>\t\t\t\tclient name\n"));
|
||||||
d_printf(_("\t-d or --debuglevel=<level>\tdebug level (0-10)\n"));
|
d_printf(_("\t--long\t\t\t\t\tDisplay full information\n"));
|
||||||
d_printf(_("\t-n or --myname=<name>\t\tclient name\n"));
|
|
||||||
d_printf(_("\t-U or --user=<name>\t\tuser name\n"));
|
d_printf("\n");
|
||||||
d_printf(_("\t-s or --configfile=<path>\tpathname of smb.conf file\n"));
|
d_printf(_("Valid common options are:\n")); /* misc options */
|
||||||
d_printf(_("\t-l or --long\t\t\tDisplay full information\n"));
|
d_printf(_("\t-d|--debuglevel=<level>\t\t\tdebug level (0-10)\n"));
|
||||||
d_printf(_("\t-V or --version\t\t\tPrint samba version information\n"));
|
d_printf(_("\t--debug-stdout\t\t\t\tSend debug output to standard "
|
||||||
d_printf(_("\t-P or --machine-pass\t\tAuthenticate as machine "
|
"output\n"));
|
||||||
"account\n"));
|
d_printf(_("\t--configfile=<path>\t\t\tpathname of smb.conf file\n"));
|
||||||
d_printf(_("\t-e or --encrypt\t\t\tEncrypt SMB transport "
|
d_printf(_("\t--option=name=value\t\t\tSet smb.conf option from "
|
||||||
"(UNIX extended servers only)\n"));
|
"command line\n"));
|
||||||
d_printf(_("\t-k or --kerberos\t\tUse kerberos (active directory) "
|
d_printf(_("\t-l|--log-basename=LOGFILEBASE\t\tBasename for "
|
||||||
|
"log/debug files\n"));
|
||||||
|
d_printf(_("\t--leak-report\t\t\t\tenable talloc leak reporting on "
|
||||||
|
"exit\n"));
|
||||||
|
d_printf(_("\t--leak-report-full\t\t\tenable full talloc leak "
|
||||||
|
"reporting on exit\n"));
|
||||||
|
d_printf(_("\t-V|--version\t\t\t\tPrint samba version information\n"));
|
||||||
|
|
||||||
|
d_printf("\n");
|
||||||
|
d_printf(_("Valid connection options are:\n")); /* misc options */
|
||||||
|
d_printf(_("\t-R|--name-resolve=NAME-RESOLVE-ORDER\tUse these name "
|
||||||
|
"resolution services only\n"));
|
||||||
|
d_printf(_("\t-O|--socket-options=SOCKETOPTIONS\tsocket options to use\n"));
|
||||||
|
d_printf(_("\t-m|--maxprotocol=MAXPROTOCOL\t\tSet max protocol level\n"));
|
||||||
|
d_printf(_("\t-n|--netbiosname=NETBIOSNAME\t\tPrimary netbios name\n"));
|
||||||
|
d_printf(_("\t--netbios-scope=SCOPE\t\t\tUse this Netbios scope\n"));
|
||||||
|
d_printf(_("\t-W|--workgroup=WORKGROUP\t\tSet the workgroup name\n"));
|
||||||
|
d_printf(_("\t--realm=REALM\t\t\t\tSet the realm name\n"));
|
||||||
|
|
||||||
|
d_printf("\n");
|
||||||
|
d_printf(_("Valid credential options are:\n")); /* misc options */
|
||||||
|
d_printf(_("\t-U|--user=[DOMAIN/]USERNAME[%%PASSWORD]\tSet the "
|
||||||
|
"network username\n"));
|
||||||
|
d_printf(_("\t-N|--no-pass\t\t\t\tDon't ask for a password\n"));
|
||||||
|
d_printf(_("\t--password=STRING\t\t\tSet a password\n"));
|
||||||
|
d_printf(_("\t--pw-nt-hash\t\t\t\tThe supplied password is the NT hash\n"));
|
||||||
|
d_printf(_("\t-A|--authentication-file=FILE\t\tGet the "
|
||||||
|
"credentials from a file\n"));
|
||||||
|
d_printf(_("\t-P|--machine-pass\t\t\tUse stored machine account password\n"));
|
||||||
|
d_printf(_("\t--simple-bind-dn=DN\t\t\tDN to use for a simple bind\n"));
|
||||||
|
d_printf(_("\t--use-kerberos=desired|required|off\tUse kerberos "
|
||||||
"authentication\n"));
|
"authentication\n"));
|
||||||
|
d_printf(_("\t--use-krb5-ccache=CCACHE\t\tCredentials cache location "
|
||||||
|
"for Kerberos\n"));
|
||||||
|
d_printf(_("\t--use-winbind-ccache\t\t\tUse the winbind ccache for "
|
||||||
|
"authentication\n"));
|
||||||
|
d_printf(_("\t--client-protection=sign|encrypt|off\tConfigure used "
|
||||||
|
"protection for client connections\n"));
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -418,9 +418,6 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
|
|||||||
const struct sockaddr_storage *pss,
|
const struct sockaddr_storage *pss,
|
||||||
unsigned flags, struct cli_state **pcli);
|
unsigned flags, struct cli_state **pcli);
|
||||||
const char *net_prompt_pass(struct net_context *c, const char *user);
|
const char *net_prompt_pass(struct net_context *c, const char *user);
|
||||||
struct cli_credentials;
|
|
||||||
struct cli_credentials *net_context_creds(struct net_context *c,
|
|
||||||
TALLOC_CTX *mem_ctx);
|
|
||||||
int net_run_function(struct net_context *c, int argc, const char **argv,
|
int net_run_function(struct net_context *c, int argc, const char **argv,
|
||||||
const char *whoami, struct functable *table);
|
const char *whoami, struct functable *table);
|
||||||
void net_display_usage_from_functable(struct functable *table);
|
void net_display_usage_from_functable(struct functable *table);
|
||||||
|
@ -207,15 +207,6 @@ int run_rpc_command(struct net_context *c,
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (conn_flags & NET_FLAGS_SEAL) {
|
if (conn_flags & NET_FLAGS_SEAL) {
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
|
|
||||||
creds = net_context_creds(c, mem_ctx);
|
|
||||||
if (creds == NULL) {
|
|
||||||
DBG_ERR("net_rpc_ntlm_creds() failed\n");
|
|
||||||
nt_status = NT_STATUS_INTERNAL_ERROR;
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
nt_status = cli_rpc_pipe_open_with_creds(
|
nt_status = cli_rpc_pipe_open_with_creds(
|
||||||
cli, table,
|
cli, table,
|
||||||
(conn_flags & NET_FLAGS_TCP) ?
|
(conn_flags & NET_FLAGS_TCP) ?
|
||||||
@ -223,7 +214,7 @@ int run_rpc_command(struct net_context *c,
|
|||||||
DCERPC_AUTH_TYPE_NTLMSSP,
|
DCERPC_AUTH_TYPE_NTLMSSP,
|
||||||
DCERPC_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
smbXcli_conn_remote_name(cli->conn),
|
smbXcli_conn_remote_name(cli->conn),
|
||||||
creds, &pipe_hnd);
|
c->creds, &pipe_hnd);
|
||||||
} else {
|
} else {
|
||||||
nt_status = cli_rpc_pipe_open_noauth(
|
nt_status = cli_rpc_pipe_open_noauth(
|
||||||
cli, table,
|
cli, table,
|
||||||
@ -1256,7 +1247,6 @@ static int rpc_user_list(struct net_context *c, int argc, const char **argv)
|
|||||||
int net_rpc_user(struct net_context *c, int argc, const char **argv)
|
int net_rpc_user(struct net_context *c, int argc, const char **argv)
|
||||||
{
|
{
|
||||||
NET_API_STATUS status;
|
NET_API_STATUS status;
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
|
|
||||||
struct functable func[] = {
|
struct functable func[] = {
|
||||||
{
|
{
|
||||||
@ -1310,17 +1300,12 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv)
|
|||||||
{NULL, NULL, 0, NULL, NULL}
|
{NULL, NULL, 0, NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
creds = net_context_creds(c, c);
|
|
||||||
if (creds == NULL) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
status = libnetapi_net_init(&c->netapi_ctx);
|
status = libnetapi_net_init(&c->netapi_ctx);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = libnetapi_set_creds(c->netapi_ctx, creds);
|
status = libnetapi_set_creds(c->netapi_ctx, c->creds);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -3447,7 +3432,6 @@ static int rpc_group_rename(struct net_context *c, int argc, const char **argv)
|
|||||||
int net_rpc_group(struct net_context *c, int argc, const char **argv)
|
int net_rpc_group(struct net_context *c, int argc, const char **argv)
|
||||||
{
|
{
|
||||||
NET_API_STATUS status;
|
NET_API_STATUS status;
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
|
|
||||||
struct functable func[] = {
|
struct functable func[] = {
|
||||||
{
|
{
|
||||||
@ -3509,17 +3493,12 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv)
|
|||||||
{NULL, NULL, 0, NULL, NULL}
|
{NULL, NULL, 0, NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
creds = net_context_creds(c, c);
|
|
||||||
if (creds == NULL) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
status = libnetapi_net_init(&c->netapi_ctx);
|
status = libnetapi_net_init(&c->netapi_ctx);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = libnetapi_set_creds(c->netapi_ctx, creds);
|
status = libnetapi_set_creds(c->netapi_ctx, c->creds);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -5440,7 +5419,6 @@ int net_usersidlist_usage(struct net_context *c, int argc, const char **argv)
|
|||||||
int net_rpc_share(struct net_context *c, int argc, const char **argv)
|
int net_rpc_share(struct net_context *c, int argc, const char **argv)
|
||||||
{
|
{
|
||||||
NET_API_STATUS status;
|
NET_API_STATUS status;
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
|
|
||||||
struct functable func[] = {
|
struct functable func[] = {
|
||||||
{
|
{
|
||||||
@ -5486,17 +5464,12 @@ int net_rpc_share(struct net_context *c, int argc, const char **argv)
|
|||||||
{NULL, NULL, 0, NULL, NULL}
|
{NULL, NULL, 0, NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
creds = net_context_creds(c, c);
|
|
||||||
if (creds == NULL) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
status = libnetapi_net_init(&c->netapi_ctx);
|
status = libnetapi_net_init(&c->netapi_ctx);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = libnetapi_set_creds(c->netapi_ctx, creds);
|
status = libnetapi_set_creds(c->netapi_ctx, c->creds);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -5743,7 +5716,6 @@ static int rpc_file_user(struct net_context *c, int argc, const char **argv)
|
|||||||
int net_rpc_file(struct net_context *c, int argc, const char **argv)
|
int net_rpc_file(struct net_context *c, int argc, const char **argv)
|
||||||
{
|
{
|
||||||
NET_API_STATUS status;
|
NET_API_STATUS status;
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
|
|
||||||
struct functable func[] = {
|
struct functable func[] = {
|
||||||
{
|
{
|
||||||
@ -5775,17 +5747,12 @@ int net_rpc_file(struct net_context *c, int argc, const char **argv)
|
|||||||
{NULL, NULL, 0, NULL, NULL}
|
{NULL, NULL, 0, NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
creds = net_context_creds(c, c);
|
|
||||||
if (creds == NULL) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
status = libnetapi_net_init(&c->netapi_ctx);
|
status = libnetapi_net_init(&c->netapi_ctx);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = libnetapi_set_creds(c->netapi_ctx, creds);
|
status = libnetapi_set_creds(c->netapi_ctx, c->creds);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -8201,7 +8168,6 @@ int net_rpc_printer(struct net_context *c, int argc, const char **argv)
|
|||||||
int net_rpc(struct net_context *c, int argc, const char **argv)
|
int net_rpc(struct net_context *c, int argc, const char **argv)
|
||||||
{
|
{
|
||||||
NET_API_STATUS status;
|
NET_API_STATUS status;
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
|
|
||||||
struct functable func[] = {
|
struct functable func[] = {
|
||||||
{
|
{
|
||||||
@ -8392,17 +8358,12 @@ int net_rpc(struct net_context *c, int argc, const char **argv)
|
|||||||
{NULL, NULL, 0, NULL, NULL}
|
{NULL, NULL, 0, NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
creds = net_context_creds(c, c);
|
|
||||||
if (creds == NULL) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
status = libnetapi_net_init(&c->netapi_ctx);
|
status = libnetapi_net_init(&c->netapi_ctx);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = libnetapi_set_creds(c->netapi_ctx, creds);
|
status = libnetapi_set_creds(c->netapi_ctx, c->creds);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -222,7 +222,6 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv)
|
|||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
struct rpc_sh_ctx *ctx;
|
struct rpc_sh_ctx *ctx;
|
||||||
struct dom_sid_buf buf;
|
struct dom_sid_buf buf;
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
NET_API_STATUS net_api_status;
|
NET_API_STATUS net_api_status;
|
||||||
|
|
||||||
if (argc != 0 || c->display_usage) {
|
if (argc != 0 || c->display_usage) {
|
||||||
@ -230,16 +229,11 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
creds = net_context_creds(c, c);
|
|
||||||
if (creds == NULL) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (libnetapi_net_init(&c->netapi_ctx) != 0) {
|
if (libnetapi_net_init(&c->netapi_ctx) != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
net_api_status = libnetapi_set_creds(c->netapi_ctx, creds);
|
net_api_status = libnetapi_set_creds(c->netapi_ctx, c->creds);
|
||||||
if (net_api_status != 0) {
|
if (net_api_status != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -31,6 +31,7 @@
|
|||||||
#include "libsmb/libsmb.h"
|
#include "libsmb/libsmb.h"
|
||||||
#include "lib/param/param.h"
|
#include "lib/param/param.h"
|
||||||
#include "auth/gensec/gensec.h"
|
#include "auth/gensec/gensec.h"
|
||||||
|
#include "lib/cmdline/cmdline.h"
|
||||||
|
|
||||||
NTSTATUS net_rpc_lookup_name(struct net_context *c,
|
NTSTATUS net_rpc_lookup_name(struct net_context *c,
|
||||||
TALLOC_CTX *mem_ctx, struct cli_state *cli,
|
TALLOC_CTX *mem_ctx, struct cli_state *cli,
|
||||||
@ -108,15 +109,8 @@ NTSTATUS connect_to_service(struct net_context *c,
|
|||||||
const char *service_type)
|
const char *service_type)
|
||||||
{
|
{
|
||||||
NTSTATUS nt_status;
|
NTSTATUS nt_status;
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
int flags = 0;
|
int flags = 0;
|
||||||
|
|
||||||
creds = net_context_creds(c, c);
|
|
||||||
if (creds == NULL) {
|
|
||||||
d_fprintf(stderr, "net_context_creds() failed.\n");
|
|
||||||
return NT_STATUS_INTERNAL_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (strequal(service_type, "IPC")) {
|
if (strequal(service_type, "IPC")) {
|
||||||
flags |= CLI_FULL_CONNECTION_IPC;
|
flags |= CLI_FULL_CONNECTION_IPC;
|
||||||
}
|
}
|
||||||
@ -124,7 +118,7 @@ NTSTATUS connect_to_service(struct net_context *c,
|
|||||||
nt_status = cli_full_connection_creds(cli_ctx, NULL, server_name,
|
nt_status = cli_full_connection_creds(cli_ctx, NULL, server_name,
|
||||||
server_ss, c->opt_port,
|
server_ss, c->opt_port,
|
||||||
service_name, service_type,
|
service_name, service_type,
|
||||||
creds,
|
c->creds,
|
||||||
flags);
|
flags);
|
||||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||||
d_fprintf(stderr, _("Could not connect to server %s\n"),
|
d_fprintf(stderr, _("Could not connect to server %s\n"),
|
||||||
@ -268,6 +262,8 @@ int net_use_krb_machine_account(struct net_context *c)
|
|||||||
}
|
}
|
||||||
c->opt_user_name = user_name;
|
c->opt_user_name = user_name;
|
||||||
c->opt_user_specified = true;
|
c->opt_user_specified = true;
|
||||||
|
|
||||||
|
cli_credentials_set_machine_account(c->creds, c->lp_ctx);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -434,157 +430,16 @@ done:
|
|||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
|
|
||||||
|
/* TODO FIXME: Pass cli_creds via net_context and get rid of this function. */
|
||||||
const char *net_prompt_pass(struct net_context *c, const char *user)
|
const char *net_prompt_pass(struct net_context *c, const char *user)
|
||||||
{
|
{
|
||||||
char *prompt = NULL;
|
struct cli_credentials *creds = samba_cmdline_get_creds();
|
||||||
char pwd[256] = {0};
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
if (c->opt_password) {
|
if (c->opt_password == NULL) {
|
||||||
return c->opt_password;
|
c->opt_password = cli_credentials_get_password(creds);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (c->opt_machine_pass) {
|
return c->opt_password;
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (c->opt_kerberos && !c->opt_user_specified) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (c->opt_ccache) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (asprintf(&prompt, _("Enter %s's password:"), user) == -1) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = samba_getpass(prompt, pwd, sizeof(pwd), false, false);
|
|
||||||
SAFE_FREE(prompt);
|
|
||||||
if (rc < 0) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return SMB_STRDUP(pwd);
|
|
||||||
}
|
|
||||||
|
|
||||||
struct cli_credentials *net_context_creds(struct net_context *c,
|
|
||||||
TALLOC_CTX *mem_ctx)
|
|
||||||
{
|
|
||||||
struct cli_credentials *creds = NULL;
|
|
||||||
struct loadparm_context *lp_ctx = NULL;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Do not query the password if we defined we want to use the
|
|
||||||
* machine account.
|
|
||||||
*/
|
|
||||||
if (c->opt_machine_pass) {
|
|
||||||
c->opt_password = net_prompt_pass(c, c->opt_user_name);
|
|
||||||
}
|
|
||||||
|
|
||||||
creds = cli_credentials_init(mem_ctx);
|
|
||||||
if (creds == NULL) {
|
|
||||||
d_printf("ERROR: Unable to allocate memory!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
lp_ctx = loadparm_init_s3(creds, loadparm_s3_helpers());
|
|
||||||
if (lp_ctx == NULL) {
|
|
||||||
d_printf("loadparm_init_s3 failed\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
cli_credentials_guess(creds, lp_ctx);
|
|
||||||
|
|
||||||
if (c->opt_kerberos && c->opt_user_specified) {
|
|
||||||
cli_credentials_set_kerberos_state(creds,
|
|
||||||
CRED_USE_KERBEROS_DESIRED,
|
|
||||||
CRED_SPECIFIED);
|
|
||||||
} else if (c->opt_kerberos) {
|
|
||||||
cli_credentials_set_kerberos_state(creds,
|
|
||||||
CRED_USE_KERBEROS_REQUIRED,
|
|
||||||
CRED_SPECIFIED);
|
|
||||||
} else {
|
|
||||||
cli_credentials_set_kerberos_state(creds,
|
|
||||||
CRED_USE_KERBEROS_DISABLED,
|
|
||||||
CRED_SPECIFIED);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (c->opt_ccache) {
|
|
||||||
uint32_t features;
|
|
||||||
|
|
||||||
features = cli_credentials_get_gensec_features(creds);
|
|
||||||
features |= GENSEC_FEATURE_NTLM_CCACHE;
|
|
||||||
cli_credentials_set_gensec_features(creds,
|
|
||||||
features,
|
|
||||||
CRED_SPECIFIED);
|
|
||||||
|
|
||||||
if (c->opt_password != NULL && strlen(c->opt_password) == 0) {
|
|
||||||
/*
|
|
||||||
* some callers pass "" as no password
|
|
||||||
*
|
|
||||||
* GENSEC_FEATURE_NTLM_CCACHE only handles
|
|
||||||
* NULL as no password.
|
|
||||||
*/
|
|
||||||
c->opt_password = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (c->opt_user_specified) {
|
|
||||||
const char *default_domain =
|
|
||||||
cli_credentials_get_domain(creds);
|
|
||||||
char *username = NULL;
|
|
||||||
const char *domain = NULL;
|
|
||||||
char *tmp = NULL;
|
|
||||||
char *p = NULL;
|
|
||||||
bool is_default;
|
|
||||||
|
|
||||||
tmp = talloc_strdup(creds, c->opt_user_name);
|
|
||||||
if (tmp == NULL) {
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
username = tmp;
|
|
||||||
|
|
||||||
/* allow for workgroups as part of the username */
|
|
||||||
if ((p = strchr_m(tmp, '\\')) ||
|
|
||||||
(p = strchr_m(tmp, '/')) ||
|
|
||||||
(p = strchr_m(tmp, *lp_winbind_separator()))) {
|
|
||||||
*p = 0;
|
|
||||||
username = p + 1;
|
|
||||||
domain = tmp;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (domain == NULL) {
|
|
||||||
domain = c->opt_workgroup;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Don't overwrite the value from cli_credentials_guess()
|
|
||||||
* with CRED_SPECIFIED, unless we have to.
|
|
||||||
*/
|
|
||||||
is_default = strequal_m(domain, default_domain);
|
|
||||||
if (!is_default) {
|
|
||||||
cli_credentials_set_domain(creds,
|
|
||||||
domain,
|
|
||||||
CRED_SPECIFIED);
|
|
||||||
}
|
|
||||||
|
|
||||||
cli_credentials_set_username(creds,
|
|
||||||
username,
|
|
||||||
CRED_SPECIFIED);
|
|
||||||
cli_credentials_set_password(creds,
|
|
||||||
c->opt_password,
|
|
||||||
CRED_SPECIFIED);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (c->smb_encrypt) {
|
|
||||||
cli_credentials_set_smb_encryption(creds,
|
|
||||||
SMB_ENCRYPTION_REQUIRED,
|
|
||||||
CRED_SPECIFIED);
|
|
||||||
}
|
|
||||||
|
|
||||||
return creds;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int net_run_function(struct net_context *c, int argc, const char **argv,
|
int net_run_function(struct net_context *c, int argc, const char **argv,
|
||||||
|
@ -48,9 +48,9 @@ net_tool="$BINDIR/net --configfile=$BASEDIR/$WORKDIR/client.conf --option=securi
|
|||||||
pcap_file=$BASEDIR/$WORKDIR/test.pcap
|
pcap_file=$BASEDIR/$WORKDIR/test.pcap
|
||||||
|
|
||||||
export SOCKET_WRAPPER_PCAP_FILE=$pcap_file
|
export SOCKET_WRAPPER_PCAP_FILE=$pcap_file
|
||||||
testit "join" $VALGRIND $net_tool ads join -kU$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
|
testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --use-kerberos=required || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
|
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
|
||||||
|
|
||||||
#The leave command does not use the locally-generated
|
#The leave command does not use the locally-generated
|
||||||
#krb5.conf
|
#krb5.conf
|
||||||
|
@ -51,7 +51,7 @@ fi
|
|||||||
|
|
||||||
testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
|
testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
|
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
|
||||||
|
|
||||||
netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
|
netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
|
||||||
|
|
||||||
@ -81,7 +81,7 @@ testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || fail
|
|||||||
dedicated_keytab_file="$PREFIX_ABS/test_net_ads_dedicated_krb5.keytab"
|
dedicated_keytab_file="$PREFIX_ABS/test_net_ads_dedicated_krb5.keytab"
|
||||||
testit "join (dedicated keytab)" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
|
testit "join (dedicated keytab)" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
|
testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
|
||||||
|
|
||||||
netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
|
netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
|
||||||
uc_netbios=$(echo $netbios | tr '[:lower:]' '[:upper:]')
|
uc_netbios=$(echo $netbios | tr '[:lower:]' '[:upper:]')
|
||||||
@ -179,15 +179,15 @@ fi
|
|||||||
|
|
||||||
rm -f $dedicated_keytab_file
|
rm -f $dedicated_keytab_file
|
||||||
|
|
||||||
testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
|
testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit "join+kerberos" $VALGRIND $net_tool ads join -kU$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
|
testit "join+kerberos" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --use-kerberos=required || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
|
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit "leave+kerberos" $VALGRIND $net_tool ads leave -kU$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
|
testit "leave+kerberos" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD --use-kerberos=required || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
|
testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit "join+server" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD -S$DC_SERVER || failed=`expr $failed + 1`
|
testit "join+server" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD -S$DC_SERVER || failed=`expr $failed + 1`
|
||||||
|
|
||||||
|
@ -30,13 +30,13 @@ net_tool="$BINDIR/net --configfile=$BASEDIR/$WORKDIR/client.conf --option=securi
|
|||||||
. `dirname $0`/subunit.sh
|
. `dirname $0`/subunit.sh
|
||||||
|
|
||||||
# This make sure we are able to join AD in FIPS mode with Kerberos (NTLM doesn't work in FIPS mode).
|
# This make sure we are able to join AD in FIPS mode with Kerberos (NTLM doesn't work in FIPS mode).
|
||||||
testit "join" $VALGRIND $net_tool ads join -k -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
|
testit "join" $VALGRIND $net_tool ads join --use-kerberos=required -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
|
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit "changetrustpw" $VALGRIND $net_tool ads changetrustpw || failed=`expr $failed + 1`
|
testit "changetrustpw" $VALGRIND $net_tool ads changetrustpw || failed=`expr $failed + 1`
|
||||||
|
|
||||||
testit "leave" $VALGRIND $net_tool ads leave -k -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
|
testit "leave" $VALGRIND $net_tool ads leave --use-kerberos=required -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
|
||||||
|
|
||||||
rm -rf $BASEDIR/$WORKDIR
|
rm -rf $BASEDIR/$WORKDIR
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user