| 1 | /*
|
|---|
| 2 | Unix SMB/CIFS implementation.
|
|---|
| 3 | Credentials popt routines
|
|---|
| 4 |
|
|---|
| 5 | Copyright (C) Jelmer Vernooij 2002,2003,2005
|
|---|
| 6 |
|
|---|
| 7 | This program is free software; you can redistribute it and/or modify
|
|---|
| 8 | it under the terms of the GNU General Public License as published by
|
|---|
| 9 | the Free Software Foundation; either version 3 of the License, or
|
|---|
| 10 | (at your option) any later version.
|
|---|
| 11 |
|
|---|
| 12 | This program is distributed in the hope that it will be useful,
|
|---|
| 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|---|
| 15 | GNU General Public License for more details.
|
|---|
| 16 |
|
|---|
| 17 | You should have received a copy of the GNU General Public License
|
|---|
| 18 | along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|---|
| 19 | */
|
|---|
| 20 |
|
|---|
| 21 | #include "includes.h"
|
|---|
| 22 | #include "lib/cmdline/popt_common.h"
|
|---|
| 23 | #include "lib/cmdline/credentials.h"
|
|---|
| 24 | #include "auth/credentials/credentials.h"
|
|---|
| 25 | #include "auth/gensec/gensec.h"
|
|---|
| 26 | #include "param/param.h"
|
|---|
| 27 |
|
|---|
| 28 | /* Handle command line options:
|
|---|
| 29 | * -U,--user
|
|---|
| 30 | * -A,--authentication-file
|
|---|
| 31 | * -k,--use-kerberos
|
|---|
| 32 | * -N,--no-pass
|
|---|
| 33 | * -S,--signing
|
|---|
| 34 | * -P --machine-pass
|
|---|
| 35 | * --simple-bind-dn
|
|---|
| 36 | * --password
|
|---|
| 37 | */
|
|---|
| 38 |
|
|---|
| 39 |
|
|---|
| 40 | static bool dont_ask;
|
|---|
| 41 |
|
|---|
| 42 | enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS };
|
|---|
| 43 |
|
|---|
| 44 | /*
|
|---|
| 45 | disable asking for a password
|
|---|
| 46 | */
|
|---|
| 47 | void popt_common_dont_ask(void)
|
|---|
| 48 | {
|
|---|
| 49 | dont_ask = true;
|
|---|
| 50 | }
|
|---|
| 51 |
|
|---|
| 52 | static void popt_common_credentials_callback(poptContext con,
|
|---|
| 53 | enum poptCallbackReason reason,
|
|---|
| 54 | const struct poptOption *opt,
|
|---|
| 55 | const char *arg, const void *data)
|
|---|
| 56 | {
|
|---|
| 57 | if (reason == POPT_CALLBACK_REASON_PRE) {
|
|---|
| 58 | cmdline_credentials = cli_credentials_init(talloc_autofree_context());
|
|---|
| 59 | return;
|
|---|
| 60 | }
|
|---|
| 61 |
|
|---|
| 62 | if (reason == POPT_CALLBACK_REASON_POST) {
|
|---|
| 63 | cli_credentials_guess(cmdline_credentials, cmdline_lp_ctx);
|
|---|
| 64 |
|
|---|
| 65 | if (!dont_ask) {
|
|---|
| 66 | cli_credentials_set_cmdline_callbacks(cmdline_credentials);
|
|---|
| 67 | }
|
|---|
| 68 | return;
|
|---|
| 69 | }
|
|---|
| 70 |
|
|---|
| 71 | switch(opt->val) {
|
|---|
| 72 | case 'U':
|
|---|
| 73 | {
|
|---|
| 74 | char *lp;
|
|---|
| 75 |
|
|---|
| 76 | cli_credentials_parse_string(cmdline_credentials, arg, CRED_SPECIFIED);
|
|---|
| 77 | /* This breaks the abstraction, including the const above */
|
|---|
| 78 | if ((lp=strchr_m(arg,'%'))) {
|
|---|
| 79 | lp[0]='\0';
|
|---|
| 80 | lp++;
|
|---|
| 81 | /* Try to prevent this showing up in ps */
|
|---|
| 82 | memset(lp,0,strlen(lp));
|
|---|
| 83 | }
|
|---|
| 84 | }
|
|---|
| 85 | break;
|
|---|
| 86 |
|
|---|
| 87 | case OPT_PASSWORD:
|
|---|
| 88 | cli_credentials_set_password(cmdline_credentials, arg, CRED_SPECIFIED);
|
|---|
| 89 | /* Try to prevent this showing up in ps */
|
|---|
| 90 | memset(discard_const(arg),0,strlen(arg));
|
|---|
| 91 | break;
|
|---|
| 92 |
|
|---|
| 93 | case 'A':
|
|---|
| 94 | cli_credentials_parse_file(cmdline_credentials, arg, CRED_SPECIFIED);
|
|---|
| 95 | break;
|
|---|
| 96 |
|
|---|
| 97 | case 'P':
|
|---|
| 98 | /* Later, after this is all over, get the machine account details from the secrets.ldb */
|
|---|
| 99 | cli_credentials_set_machine_account_pending(cmdline_credentials, cmdline_lp_ctx);
|
|---|
| 100 | break;
|
|---|
| 101 |
|
|---|
| 102 | case OPT_KERBEROS:
|
|---|
| 103 | {
|
|---|
| 104 | bool use_kerberos = true;
|
|---|
| 105 | /* Force us to only use kerberos */
|
|---|
| 106 | if (arg) {
|
|---|
| 107 | if (!set_boolean(arg, &use_kerberos)) {
|
|---|
| 108 | fprintf(stderr, "Error parsing -k %s\n", arg);
|
|---|
| 109 | exit(1);
|
|---|
| 110 | break;
|
|---|
| 111 | }
|
|---|
| 112 | }
|
|---|
| 113 |
|
|---|
| 114 | cli_credentials_set_kerberos_state(cmdline_credentials,
|
|---|
| 115 | use_kerberos
|
|---|
| 116 | ? CRED_MUST_USE_KERBEROS
|
|---|
| 117 | : CRED_DONT_USE_KERBEROS);
|
|---|
| 118 | break;
|
|---|
| 119 | }
|
|---|
| 120 |
|
|---|
| 121 | case OPT_SIMPLE_BIND_DN:
|
|---|
| 122 | cli_credentials_set_bind_dn(cmdline_credentials, arg);
|
|---|
| 123 | break;
|
|---|
| 124 | }
|
|---|
| 125 | }
|
|---|
| 126 |
|
|---|
| 127 |
|
|---|
| 128 |
|
|---|
| 129 | struct poptOption popt_common_credentials[] = {
|
|---|
| 130 | { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_credentials_callback },
|
|---|
| 131 | { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "[DOMAIN/]USERNAME[%PASSWORD]" },
|
|---|
| 132 | { "no-pass", 'N', POPT_ARG_NONE, &dont_ask, 'N', "Don't ask for a password" },
|
|---|
| 133 | { "password", 0, POPT_ARG_STRING, NULL, OPT_PASSWORD, "Password" },
|
|---|
| 134 | { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
|
|---|
| 135 | { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password (implies -k)" },
|
|---|
| 136 | { "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN to use for a simple bind" },
|
|---|
| 137 | { "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos" },
|
|---|
| 138 | { NULL }
|
|---|
| 139 | };
|
|---|
