2 Unix SMB/CIFS implementation.
3 Credentials popt routines
5 Copyright (C) Jelmer Vernooij 2002,2003,2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "lib/cmdline/popt_common.h"
23 #include "lib/cmdline/credentials.h"
24 #include "auth/credentials/credentials.h"
25 #include "auth/gensec/gensec.h"
26 #include "param/param.h"
28 /* Handle command line options:
30 * -A,--authentication-file
41 static bool machine_account_pending;
43 enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS, OPT_SIGN, OPT_ENCRYPT, OPT_KRB5_CCACHE };
45 static void popt_common_credentials_callback(poptContext con,
46 enum poptCallbackReason reason,
47 const struct poptOption *opt,
48 const char *arg, const void *data)
50 if (reason == POPT_CALLBACK_REASON_PRE) {
51 popt_set_cmdline_credentials(cli_credentials_init(NULL));
55 if (reason == POPT_CALLBACK_REASON_POST) {
56 cli_credentials_guess(popt_get_cmdline_credentials(),
60 s4_cli_credentials_set_cmdline_callbacks(
61 popt_get_cmdline_credentials());
64 if (machine_account_pending) {
65 cli_credentials_set_machine_account(
66 popt_get_cmdline_credentials(), cmdline_lp_ctx);
78 cli_credentials_parse_string(
79 popt_get_cmdline_credentials(), arg, CRED_SPECIFIED);
80 /* This breaks the abstraction, including the const above */
81 if ((lp=strchr_m(arg,'%'))) {
84 /* Try to prevent this showing up in ps */
85 memset(lp,0,strlen(lp));
91 cli_credentials_set_password(popt_get_cmdline_credentials(),
93 /* Try to prevent this showing up in ps */
94 memset(discard_const(arg),0,strlen(arg));
98 cli_credentials_parse_file(popt_get_cmdline_credentials(),
103 /* Later, after this is all over, get the machine account details from the secrets.ldb */
104 machine_account_pending = true;
109 bool use_kerberos = true;
110 /* Force us to only use kerberos */
112 if (!set_boolean(arg, &use_kerberos)) {
113 fprintf(stderr, "Error parsing -k %s. Should be "
114 "-k [yes|no]\n", arg);
120 cli_credentials_set_kerberos_state(
121 popt_get_cmdline_credentials(),
123 ? CRED_USE_KERBEROS_REQUIRED
124 : CRED_USE_KERBEROS_DISABLED,
129 case OPT_SIMPLE_BIND_DN:
131 cli_credentials_set_bind_dn(popt_get_cmdline_credentials(),
135 case OPT_KRB5_CCACHE:
137 const char *error_string;
138 if (cli_credentials_set_ccache(
139 popt_get_cmdline_credentials(), cmdline_lp_ctx,
141 &error_string) != 0) {
142 fprintf(stderr, "Error reading krb5 credentials cache: '%s' %s", arg, error_string);
149 uint32_t gensec_features;
151 gensec_features = cli_credentials_get_gensec_features(
152 popt_get_cmdline_credentials());
154 gensec_features |= GENSEC_FEATURE_SIGN;
155 cli_credentials_set_gensec_features(
156 popt_get_cmdline_credentials(),
163 uint32_t gensec_features;
165 gensec_features = cli_credentials_get_gensec_features(
166 popt_get_cmdline_credentials());
168 gensec_features |= GENSEC_FEATURE_SEAL;
169 cli_credentials_set_gensec_features(
170 popt_get_cmdline_credentials(),
180 struct poptOption popt_common_credentials4[] = {
182 .argInfo = POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST,
183 .arg = (void *)popt_common_credentials_callback,
188 .argInfo = POPT_ARG_STRING,
190 .descrip = "Set the network username",
191 .argDescrip = "[DOMAIN/]USERNAME[%PASSWORD]",
194 .longName = "no-pass",
196 .argInfo = POPT_ARG_NONE,
199 .descrip = "Don't ask for a password",
202 .longName = "password",
203 .argInfo = POPT_ARG_STRING,
205 .descrip = "Password",
208 .longName = "authentication-file",
210 .argInfo = POPT_ARG_STRING,
212 .descrip = "Get the credentials from a file",
213 .argDescrip = "FILE",
216 .longName = "machine-pass",
218 .argInfo = POPT_ARG_NONE,
220 .descrip = "Use stored machine account password",
223 .longName = "simple-bind-dn",
224 .argInfo = POPT_ARG_STRING,
225 .val = OPT_SIMPLE_BIND_DN,
226 .descrip = "DN to use for a simple bind",
229 .longName = "kerberos",
231 .argInfo = POPT_ARG_STRING,
233 .descrip = "Use Kerberos, -k [yes|no]",
236 .longName = "krb5-ccache",
237 .argInfo = POPT_ARG_STRING,
238 .val = OPT_KRB5_CCACHE,
239 .descrip = "Credentials cache location for Kerberos",
244 .argInfo = POPT_ARG_NONE,
246 .descrip = "Sign connection to prevent modification in transit",
249 .longName = "encrypt",
251 .argInfo = POPT_ARG_NONE,
253 .descrip = "Encrypt connection for privacy",