Copyright (C) Jelmer Vernooij 2005
Copyright (C) Tim Potter 2001
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "includes.h"
#include "system/filesys.h"
+#include "lib/cmdline/popt_common.h"
+#include "include/secrets.h"
+#include "lib/ldb/include/ldb.h"
+
+/* Create a new credentials structure, on the specified TALLOC_CTX */
+struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
+{
+ struct cli_credentails *cred = talloc_zero(mem_ctx, struct cli_credentials);
+ if (!cred) {
+ return cred;
+ }
+
+ cli_credentials_set_domain(cred, lp_workgroup(), CRED_GUESSED);
+ cli_credentials_set_workstation(cred, lp_netbios_name(), CRED_GUESSED);
+ cli_credentials_set_realm(cred, lp_realm(), CRED_GUESSED);
+
+ return cred;
+}
const char *cli_credentials_get_username(struct cli_credentials *cred)
{
}
const char *cli_credentials_get_realm(struct cli_credentials *cred)
-{
+{
+ if (cred == NULL) {
+ return NULL;
+ }
+
if (cred->realm_obtained == CRED_CALLBACK) {
cred->realm = cred->realm_cb(cred);
cred->realm_obtained = CRED_SPECIFIED;
const char *cli_credentials_get_workstation(struct cli_credentials *cred)
{
+ if (cred == NULL) {
+ return NULL;
+ }
+
if (cred->workstation_obtained == CRED_CALLBACK) {
cred->workstation = cred->workstation_cb(cred);
cred->workstation_obtained = CRED_SPECIFIED;
char *uname, *p;
uname = talloc_strdup(credentials, data);
- cli_credentials_set_username(credentials, uname, obtained);
-
- if ((p = strchr_m(uname,'\\'))) {
+ if ((p = strchr_m(uname,'%'))) {
*p = 0;
- cli_credentials_set_domain(credentials, uname, obtained);
- credentials->username = uname = p+1;
+ cli_credentials_set_password(credentials, p+1, obtained);
}
if ((p = strchr_m(uname,'@'))) {
*p = 0;
cli_credentials_set_realm(credentials, p+1, obtained);
- }
-
- if ((p = strchr_m(uname,'%'))) {
+ } else if ((p = strchr_m(uname,'\\')) || (p = strchr_m(uname, '/'))) {
*p = 0;
- cli_credentials_set_password(credentials, p+1, obtained);
+ cli_credentials_set_domain(credentials, uname, obtained);
+ uname = p+1;
}
+ cli_credentials_set_username(credentials, uname, obtained);
}
void cli_credentials_guess(struct cli_credentials *cred)
{
char *p;
- cli_credentials_set_domain(cred, lp_workgroup(), CRED_GUESSED);
- cli_credentials_set_workstation(cred, lp_netbios_name(), CRED_GUESSED);
- cli_credentials_set_realm(cred, lp_realm(), CRED_GUESSED);
-
if (getenv("LOGNAME")) {
cli_credentials_set_username(cred, getenv("LOGNAME"), CRED_GUESSED);
}
if (getenv("USER")) {
cli_credentials_parse_string(cred, getenv("USER"), CRED_GUESSED);
if ((p = strchr_m(getenv("USER"),'%'))) {
- *p = 0;
- memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(cred->password));
+ memset(p,0,strlen(cred->password));
}
}
cli_credentials_parse_password_file(cred, getenv("PASSWD_FILE"), CRED_GUESSED);
}
}
+
+NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *creds)
+{
+ TALLOC_CTX *mem_ctx = talloc_named(creds, 0, "cli_credentials fetch machine password");
+
+ struct ldb_context *ldb;
+ int ldb_ret;
+ struct ldb_message **msgs;
+ const char *base_dn = SECRETS_PRIMARY_DOMAIN_DN;
+ const char *attrs[] = {
+ "secret",
+ "samAccountName",
+ NULL
+ };
+
+ const char *machine_account;
+ const char *password;
+
+ /* Local secrets are stored in secrets.ldb */
+ ldb = secrets_db_connect(mem_ctx);
+ if (!ldb) {
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ }
+
+ /* search for the secret record */
+ ldb_ret = gendb_search(ldb,
+ mem_ctx, base_dn, &msgs, attrs,
+ SECRETS_PRIMARY_DOMAIN_FILTER,
+ cli_credentials_get_domain(creds));
+ if (ldb_ret == 0) {
+ DEBUG(1, ("Could not find join record to domain: %s\n",
+ lp_workgroup()));
+ talloc_free(mem_ctx);
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ } else if (ldb_ret != 1) {
+ talloc_free(mem_ctx);
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ }
+
+ password = ldb_msg_find_string(msgs[0], "secret", NULL);
+ if (!password) {
+ DEBUG(1, ("Could not find 'secret' in join record to domain: %s\n",
+ cli_credentials_get_domain(creds)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ }
+
+ machine_account = ldb_msg_find_string(msgs[0], "samAccountName", NULL);
+ if (!machine_account) {
+ DEBUG(1, ("Could not find 'samAccountName' in join record to domain: %s\n",
+ cli_credentials_get_domain(creds)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ }
+
+ cli_credentials_set_username(creds, machine_account, CRED_SPECIFIED);
+ cli_credentials_set_password(creds, password, CRED_SPECIFIED);
+ talloc_free(mem_ctx);
+
+ return NT_STATUS_OK;
+}
+
+/* Fill in a credentails structure as anonymous */
+void cli_credentials_set_anonymous(struct cli_credentials *cred)
+{
+ cli_credentials_set_username(cred, "", CRED_SPECIFIED);
+ cli_credentials_set_domain(cred, "", CRED_SPECIFIED);
+ cli_credentials_set_password(cred, NULL, CRED_SPECIFIED);
+}
+
+BOOL cli_credentials_is_anonymous(struct cli_credentials *credentials)
+{
+ const char *username = cli_credentials_get_username(credentials);
+
+ if (!username || !username[0])
+ return True;
+
+ return False;
+}