sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
0a2fae2d47
samba-mirror/source3/lib/popt_common_cmdline.c
Ralph Boehme 9471508391 s3: remove now unneeded call to cmdline_messaging_context() 
This was only needed as dbwrap_open() had a bug where it asked for the ctdb
connection before initializing messaging. The previous commit fixed that so we
can now safely remove the calls to cmdline_messaging_context() from all tools
that don't use messaging.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13925

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 24 09:33:47 UTC 2019 on sn-devel-184
2019-10-24 09:33:47 +00:00

293 lines
6.9 KiB
C
Raw Blame History

/*
Unix SMB/CIFS implementation.
Common popt routines only used by cmdline utils
Copyright (C) Tim Potter 2001,2002
Copyright (C) Jelmer Vernooij 2002,2003
Copyright (C) James Peach 2006
Copyright (C) Christof Schmitt 2018
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/* Handle command line options:
* -U,--user
* -A,--authentication-file
* -k,--use-kerberos
* -N,--no-pass
* -S,--signing
* -P --machine-pass
* -e --encrypt
* -C --use-ccache
*/
#include "popt_common_cmdline.h"
#include "includes.h"
#include "auth_info.h"
#include "cmdline_contexts.h"
static struct user_auth_info *cmdline_auth_info;
struct user_auth_info *popt_get_cmdline_auth_info(void)
{
return cmdline_auth_info;
}
void popt_free_cmdline_auth_info(void)
{
TALLOC_FREE(cmdline_auth_info);
}
static bool popt_common_credentials_ignore_missing_conf;
static bool popt_common_credentials_delay_post;
void popt_common_credentials_set_ignore_missing_conf(void)
{
popt_common_credentials_ignore_missing_conf = true;
}
void popt_common_credentials_set_delay_post(void)
{
popt_common_credentials_delay_post = true;
}
void popt_common_credentials_post(void)
{
if (get_cmdline_auth_info_use_machine_account(cmdline_auth_info) &&
!set_cmdline_auth_info_machine_account_creds(cmdline_auth_info))
{
fprintf(stderr,
"Failed to use machine account credentials\n");
exit(1);
}
set_cmdline_auth_info_getpass(cmdline_auth_info);
/*
* When we set the username during the handling of the options passed to
* the binary we haven't loaded the config yet. This means that we
* didn't take the 'winbind separator' into account.
*
* The username might contain the domain name and thus it hasn't been
* correctly parsed yet. If we have a username we need to set it again
* to run the string parser for the username correctly.
*/
reset_cmdline_auth_info_username(cmdline_auth_info);
}
static void popt_common_credentials_callback(poptContext con,
enum poptCallbackReason reason,
const struct poptOption *opt,
const char *arg, const void *data)
{
if (reason == POPT_CALLBACK_REASON_PRE) {
struct user_auth_info *auth_info =
user_auth_info_init(NULL);
if (auth_info == NULL) {
fprintf(stderr, "user_auth_info_init() failed\n");
exit(1);
}
cmdline_auth_info = auth_info;
return;
}
if (reason == POPT_CALLBACK_REASON_POST) {
bool ok;
ok = lp_load_client(get_dyn_CONFIGFILE());
if (!ok) {
const char *pname = poptGetInvocationName(con);
fprintf(stderr, "%s: Can't load %s - run testparm to debug it\n",
pname, get_dyn_CONFIGFILE());
if (!popt_common_credentials_ignore_missing_conf) {
exit(1);
}
}
load_interfaces();
set_cmdline_auth_info_guess(cmdline_auth_info);
if (popt_common_credentials_delay_post) {
return;
}
popt_common_credentials_post();
return;
}
switch(opt->val) {
case 'U':
set_cmdline_auth_info_username(cmdline_auth_info, arg);
break;
case 'A':
set_cmdline_auth_info_from_file(cmdline_auth_info, arg);
break;
case 'k':
#ifndef HAVE_KRB5
d_printf("No kerberos support compiled in\n");
exit(1);
#else
set_cmdline_auth_info_use_krb5_ticket(cmdline_auth_info);
#endif
break;
case 'S':
if (!set_cmdline_auth_info_signing_state(cmdline_auth_info,
arg)) {
fprintf(stderr, "Unknown signing option %s\n", arg );
exit(1);
}
break;
case 'P':
set_cmdline_auth_info_use_machine_account(cmdline_auth_info);
break;
case 'N':
set_cmdline_auth_info_password(cmdline_auth_info, "");
break;
case 'e':
set_cmdline_auth_info_smb_encrypt(cmdline_auth_info);
break;
case 'C':
set_cmdline_auth_info_use_ccache(cmdline_auth_info, true);
break;
case 'H':
set_cmdline_auth_info_use_pw_nt_hash(cmdline_auth_info, true);
break;
}
}
/**
* @brief Burn the commandline password.
*
* This function removes the password from the command line so we
* don't leak the password e.g. in 'ps aux'.
*
* It should be called after processing the options and you should pass down
* argv from main().
*
* @param[in] argc The number of arguments.
*
* @param[in] argv[] The argument array we will find the array.
*/
void popt_burn_cmdline_password(int argc, char *argv[])
{
bool found = false;
char *p = NULL;
int i, ulen = 0;
for (i = 0; i < argc; i++) {
p = argv[i];
if (p == NULL) {
return;
}
if (strncmp(p, "-U", 2) == 0) {
ulen = 2;
found = true;
} else if (strncmp(p, "--user", 6) == 0) {
ulen = 6;
found = true;
}
if (found) {
if (strlen(p) == ulen) {
continue;
}
p = strchr_m(p, '%');
if (p != NULL) {
memset_s(p, strlen(p), '\0', strlen(p));
}
found = false;
}
}
}
struct poptOption popt_common_credentials[] = {
{
.argInfo = POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST,
.arg = (void *)popt_common_credentials_callback,
},
{
.longName = "user",
.shortName = 'U',
.argInfo = POPT_ARG_STRING,
.val = 'U',
.descrip = "Set the network username",
.argDescrip = "USERNAME",
},
{
.longName = "no-pass",
.shortName = 'N',
.argInfo = POPT_ARG_NONE,
.val = 'N',
.descrip = "Don't ask for a password",
},
{
.longName = "kerberos",
.shortName = 'k',
.argInfo = POPT_ARG_NONE,
.val = 'k',
.descrip = "Use kerberos (active directory) authentication",
},
{
.longName = "authentication-file",
.shortName = 'A',
.argInfo = POPT_ARG_STRING,
.val = 'A',
.descrip = "Get the credentials from a file",
.argDescrip = "FILE",
},
{
.longName = "signing",
.shortName = 'S',
.argInfo = POPT_ARG_STRING,
.val = 'S',
.descrip = "Set the client signing state",
.argDescrip = "on|off|required",
},
{
.longName = "machine-pass",
.shortName = 'P',
.argInfo = POPT_ARG_NONE,
.val = 'P',
.descrip = "Use stored machine account password",
},
{
.longName = "encrypt",
.shortName = 'e',
.argInfo = POPT_ARG_NONE,
.val = 'e',
.descrip = "Encrypt SMB transport",
},
{
.longName = "use-ccache",
.shortName = 'C',
.argInfo = POPT_ARG_NONE,
.val = 'C',
.descrip = "Use the winbind ccache for authentication",
},
{
.longName = "pw-nt-hash",
.shortName = '\0',
.argInfo = POPT_ARG_NONE,
.val = 'H',
.descrip = "The supplied password is the NT hash",
},
POPT_TABLEEND
};
View Git Blame Copy Permalink