net: add "-k" switch for kerberos authentication (in preparation for #5416).

Guenther
(This used to be commit 4cce94d464b16d29b638da3a581d98a237959b63)

diff --git a/source3/utils/net.c b/source3/utils/net.c
index d086f947f1bf20ceebcda68c0f80879f8a2f36d4..e90e8f0a0fa200989c4056a5397f4621af4692ff 100644 (file)
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -636,6 +636,7 @@ static struct functable net_func[] = {
                {"stdin",       'i', POPT_ARG_NONE,   &c->opt_stdin},
                {"timeout",     't', POPT_ARG_INT,    &c->opt_timeout},
                {"machine-pass",'P', POPT_ARG_NONE,   &c->opt_machine_pass},
+               {"kerberos",    'k', POPT_ARG_NONE,   &c->opt_kerberos},
                {"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup},
                {"verbose",     'v', POPT_ARG_NONE,   &c->opt_verbose},
                {"test",        'T', POPT_ARG_NONE,   &c->opt_testmode},

diff --git a/source3/utils/net.h b/source3/utils/net.h
index 01a76a0db1299c7547a85d202d12543686756333..4f59ff995ce052ff585bee6a1cb219612bdaa50c 100644 (file)
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -56,6 +56,7 @@ struct net_context {
        const char *opt_exclude;
        const char *opt_destination;
        int opt_testmode;
+       bool opt_kerberos;
 
        int opt_have_ip;
        struct sockaddr_storage opt_dest_ip;

diff --git a/source3/utils/net_help_common.c b/source3/utils/net_help_common.c
index be06caa37ea3321b830da8d278f0abd0136ff06c..edf083905ad686546c82d2fbe9b0c9e81afe8098 100644 (file)
--- a/source3/utils/net_help_common.c
+++ b/source3/utils/net_help_common.c
@@ -48,7 +48,8 @@ int net_common_flags_usage(struct net_context *c, int argc, const char **argv)
        d_printf("\t-l or --long\t\t\tDisplay full information\n");
        d_printf("\t-V or --version\t\t\tPrint samba version information\n");
        d_printf("\t-P or --machine-pass\t\tAuthenticate as machine account\n");
-       d_printf("\t-e or --encrypt\t\tEncrypt SMB transport (UNIX extended servers only)\n");
+       d_printf("\t-e or --encrypt\t\t\tEncrypt SMB transport (UNIX extended servers only)\n");
+       d_printf("\t-k or --kerberos\t\tUse kerberos (active directory) authentication\n");
        return -1;
 }
 

diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c
index be00dde16efb4e4769d806b663e607fb8f8f45aa..eb39c739e704a76d4a2df1a7c7af5ce244d885a4 100644 (file)
--- a/source3/utils/net_util.c
+++ b/source3/utils/net_util.c
@@ -94,17 +94,23 @@ NTSTATUS connect_to_service(struct net_context *c,
                                        const char *service_type)
 {
        NTSTATUS nt_status;
+       int flags = 0;
 
        c->opt_password = net_prompt_pass(c, c->opt_user_name);
-       if (!c->opt_password) {
-               return NT_STATUS_NO_MEMORY;
+
+       if (c->opt_kerberos) {
+               flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+       }
+
+       if (c->opt_kerberos && c->opt_password) {
+               flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
        }
 
        nt_status = cli_full_connection(cli_ctx, NULL, server_name,
                                        server_ss, c->opt_port,
                                        service_name, service_type,
                                        c->opt_user_name, c->opt_workgroup,
-                                       c->opt_password, 0, Undefined, NULL);
+                                       c->opt_password, flags, Undefined, NULL);
        if (!NT_STATUS_IS_OK(nt_status)) {
                d_fprintf(stderr, "Could not connect to server %s\n", server_name);
 
@@ -538,6 +544,10 @@ const char *net_prompt_pass(struct net_context *c, const char *user)
                return NULL;
        }
 
+       if (c->opt_kerberos && !c->opt_user_specified) {
+               return NULL;
+       }
+
        asprintf(&prompt, "Enter %s's password:", user);
        if (!prompt) {
                return NULL;