source: trunk/server/source4/lib/cmdline/popt_credentials.c

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago

Samba Server: updated trunk to 3.6.0
File size: 4.9 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 Credentials popt routines
4
5 Copyright (C) Jelmer Vernooij 2002,2003,2005
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19*/
20
21#include "includes.h"
22#include "lib/cmdline/popt_common.h"
23#include "lib/cmdline/credentials.h"
24#include "auth/credentials/credentials.h"
25#include "auth/gensec/gensec.h"
26#include "param/param.h"
27
28/* Handle command line options:
29 * -U,--user
30 * -A,--authentication-file
31 * -k,--use-kerberos
32 * -N,--no-pass
33 * -S,--signing
34 * -P,--machine-pass
35 * --simple-bind-dn
36 * --password
37 */
38
39static bool dont_ask;
40static bool machine_account_pending;
41
42enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS, OPT_SIGN, OPT_ENCRYPT };
43
44/*
45 disable asking for a password
46*/
47void popt_common_dont_ask(void)
48{
49 dont_ask = true;
50}
51
52static void popt_common_credentials_callback(poptContext con,
53 enum poptCallbackReason reason,
54 const struct poptOption *opt,
55 const char *arg, const void *data)
56{
57 if (reason == POPT_CALLBACK_REASON_PRE) {
58 cmdline_credentials = cli_credentials_init(talloc_autofree_context());
59 return;
60 }
61
62 if (reason == POPT_CALLBACK_REASON_POST) {
63 cli_credentials_guess(cmdline_credentials, cmdline_lp_ctx);
64
65 if (!dont_ask) {
66 cli_credentials_set_cmdline_callbacks(cmdline_credentials);
67 }
68
69 if (machine_account_pending) {
70 cli_credentials_set_machine_account(cmdline_credentials, cmdline_lp_ctx);
71 }
72
73 return;
74
75 }
76
77 switch(opt->val) {
78 case 'U':
79 {
80 char *lp;
81
82 cli_credentials_parse_string(cmdline_credentials, arg, CRED_SPECIFIED);
83 /* This breaks the abstraction, including the const above */
84 if ((lp=strchr_m(arg,'%'))) {
85 lp[0]='\0';
86 lp++;
87 /* Try to prevent this showing up in ps */
88 memset(lp,0,strlen(lp));
89 }
90 }
91 break;
92
93 case OPT_PASSWORD:
94 cli_credentials_set_password(cmdline_credentials, arg, CRED_SPECIFIED);
95 /* Try to prevent this showing up in ps */
96 memset(discard_const(arg),0,strlen(arg));
97 break;
98
99 case 'A':
100 cli_credentials_parse_file(cmdline_credentials, arg, CRED_SPECIFIED);
101 break;
102
103 case 'P':
104 /* Later, after this is all over, get the machine account details from the secrets.ldb */
105 machine_account_pending = true;
106 break;
107
108 case OPT_KERBEROS:
109 {
110 bool use_kerberos = true;
111 /* Force us to only use kerberos */
112 if (arg) {
113 if (!set_boolean(arg, &use_kerberos)) {
114 fprintf(stderr, "Error parsing -k %s. Should be "
115 "-k [yes|no]\n", arg);
116 exit(1);
117 break;
118 }
119 }
120
121 cli_credentials_set_kerberos_state(cmdline_credentials,
122 use_kerberos
123 ? CRED_MUST_USE_KERBEROS
124 : CRED_DONT_USE_KERBEROS);
125 break;
126 }
127
128 case OPT_SIMPLE_BIND_DN:
129 {
130 cli_credentials_set_bind_dn(cmdline_credentials, arg);
131 break;
132 }
133 case OPT_SIGN:
134 {
135 uint32_t gensec_features;
136
137 gensec_features = cli_credentials_get_gensec_features(cmdline_credentials);
138
139 gensec_features |= GENSEC_FEATURE_SIGN;
140 cli_credentials_set_gensec_features(cmdline_credentials,
141 gensec_features);
142 break;
143 }
144 case OPT_ENCRYPT:
145 {
146 uint32_t gensec_features;
147
148 gensec_features = cli_credentials_get_gensec_features(cmdline_credentials);
149
150 gensec_features |= GENSEC_FEATURE_SEAL;
151 cli_credentials_set_gensec_features(cmdline_credentials,
152 gensec_features);
153 break;
154 }
155 }
156}
157
158
159
160struct poptOption popt_common_credentials[] = {
161 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_credentials_callback },
162 { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "[DOMAIN/]USERNAME[%PASSWORD]" },
163 { "no-pass", 'N', POPT_ARG_NONE, &dont_ask, 'N', "Don't ask for a password" },
164 { "password", 0, POPT_ARG_STRING, NULL, OPT_PASSWORD, "Password" },
165 { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
166 { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password (implies -k)" },
167 { "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN to use for a simple bind" },
168 { "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos, -k [yes|no]" },
169 { "sign", 'S', POPT_ARG_NONE, NULL, OPT_SIGN, "Sign connection to prevent modification in transit" },
170 { "encrypt", 'e', POPT_ARG_NONE, NULL, OPT_ENCRYPT, "Encrypt connection for privacy" },
171 { NULL }
172};
Note: See TracBrowser for help on using the repository browser.