source3/lib/popt_common.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Common popt routines
   4
   5    Copyright (C) Tim Potter 2001,2002
   6    Copyright (C) Jelmer Vernooij 2002,2003
   7    Copyright (C) James Peach 2006
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23 #include "includes.h"
  24 #include "system/filesys.h"
  25 #include "popt_common.h"
  26 #include "lib/param/param.h"
  27
  28 /* Handle command line options:
  29  *              -d,--debuglevel
  30  *              -s,--configfile
  31  *              -O,--socket-options
  32  *              -V,--version
  33  *              -l,--log-base
  34  *              -n,--netbios-name
  35  *              -W,--workgroup
  36  *              -i,--scope
  37  */
  38
  39 enum {OPT_OPTION=1};
  40
  41 extern bool override_logfile;
  42
  43 static void set_logfile(poptContext con, const char * arg)
  44 {
  45
  46         char *lfile = NULL;
  47         const char *pname;
  48
  49         /* Find out basename of current program */
  50         pname = strrchr_m(poptGetInvocationName(con),'/');
  51
  52         if (!pname)
  53                 pname = poptGetInvocationName(con);
  54         else
  55                 pname++;
  56
  57         if (asprintf(&lfile, "%s/log.%s", arg, pname) < 0) {
  58                 return;
  59         }
  60         lp_set_logfile(lfile);
  61         SAFE_FREE(lfile);
  62 }
  63
  64 static bool PrintSambaVersionString;
  65
  66 static void popt_s3_talloc_log_fn(const char *message)
  67 {
  68         DEBUG(0,("%s", message));
  69 }
  70
  71 static void popt_common_callback(poptContext con,
  72                            enum poptCallbackReason reason,
  73                            const struct poptOption *opt,
  74                            const char *arg, const void *data)
  75 {
  76
  77         if (reason == POPT_CALLBACK_REASON_PRE) {
  78                 set_logfile(con, get_dyn_LOGFILEBASE());
  79                 talloc_set_log_fn(popt_s3_talloc_log_fn);
  80                 talloc_set_abort_fn(smb_panic);
  81                 return;
  82         }
  83
  84         if (reason == POPT_CALLBACK_REASON_POST) {
  85
  86                 if (PrintSambaVersionString) {
  87                         printf( "Version %s\n", samba_version_string());
  88                         exit(0);
  89                 }
  90
  91                 if (is_default_dyn_CONFIGFILE()) {
  92                         if(getenv("SMB_CONF_PATH")) {
  93                                 set_dyn_CONFIGFILE(getenv("SMB_CONF_PATH"));
  94                         }
  95                 }
  96
  97                 /* Further 'every Samba program must do this' hooks here. */
  98                 return;
  99         }
 100
 101         switch(opt->val) {
 102         case OPT_OPTION:
 103         {
 104                 struct loadparm_context *lp_ctx;
 105
 106                 lp_ctx = loadparm_init_s3(talloc_tos(), loadparm_s3_helpers());
 107                 if (lp_ctx == NULL) {
 108                         fprintf(stderr, "loadparm_init_s3() failed!\n");
 109                         exit(1);
 110                 }
 111
 112                 if (!lpcfg_set_option(lp_ctx, arg)) {
 113                         fprintf(stderr, "Error setting option '%s'\n", arg);
 114                         exit(1);
 115                 }
 116                 TALLOC_FREE(lp_ctx);
 117                 break;
 118         }
 119         case 'd':
 120                 if (arg) {
 121                         lp_set_cmdline("log level", arg);
 122                 }
 123                 break;
 124
 125         case 'V':
 126                 PrintSambaVersionString = True;
 127                 break;
 128
 129         case 'O':
 130                 if (arg) {
 131                         lp_set_cmdline("socket options", arg);
 132                 }
 133                 break;
 134
 135         case 's':
 136                 if (arg) {
 137                         set_dyn_CONFIGFILE(arg);
 138                 }
 139                 break;
 140
 141         case 'n':
 142                 if (arg) {
 143                         lp_set_cmdline("netbios name", arg);
 144                 }
 145                 break;
 146
 147         case 'l':
 148                 if (arg) {
 149                         set_logfile(con, arg);
 150                         override_logfile = True;
 151                         set_dyn_LOGFILEBASE(arg);
 152                 }
 153                 break;
 154
 155         case 'i':
 156                 if (arg) {
 157                         lp_set_cmdline("netbios scope", arg);
 158                 }
 159                 break;
 160
 161         case 'W':
 162                 if (arg) {
 163                         lp_set_cmdline("workgroup", arg);
 164                 }
 165                 break;
 166         }
 167 }
 168
 169 struct poptOption popt_common_connection[] = {
 170         { NULL, 0, POPT_ARG_CALLBACK, (void *)popt_common_callback },
 171         { "socket-options", 'O', POPT_ARG_STRING, NULL, 'O', "socket options to use",
 172           "SOCKETOPTIONS" },
 173         { "netbiosname", 'n', POPT_ARG_STRING, NULL, 'n', "Primary netbios name", "NETBIOSNAME" },
 174         { "workgroup", 'W', POPT_ARG_STRING, NULL, 'W', "Set the workgroup name", "WORKGROUP" },
 175         { "scope", 'i', POPT_ARG_STRING, NULL, 'i', "Use this Netbios scope", "SCOPE" },
 176
 177         POPT_TABLEEND
 178 };
 179
 180 struct poptOption popt_common_samba[] = {
 181         { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_callback },
 182         { "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" },
 183         { "configfile", 's', POPT_ARG_STRING, NULL, 's', "Use alternate configuration file", "CONFIGFILE" },
 184         { "log-basename", 'l', POPT_ARG_STRING, NULL, 'l', "Base name for log files", "LOGFILEBASE" },
 185         { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
 186         { "option",         0, POPT_ARG_STRING, NULL, OPT_OPTION, "Set smb.conf option from command line", "name=value" },
 187         POPT_TABLEEND
 188 };
 189
 190 struct poptOption popt_common_configfile[] = {
 191         { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_callback },
 192         { "configfile", 0, POPT_ARG_STRING, NULL, 's', "Use alternate configuration file", "CONFIGFILE" },
 193         POPT_TABLEEND
 194 };
 195
 196 struct poptOption popt_common_version[] = {
 197         { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_POST, (void *)popt_common_callback },
 198         { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
 199         POPT_TABLEEND
 200 };
 201
 202 struct poptOption popt_common_debuglevel[] = {
 203         { NULL, 0, POPT_ARG_CALLBACK, (void *)popt_common_callback },
 204         { "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" },
 205         POPT_TABLEEND
 206 };
 207
 208 struct poptOption popt_common_option[] = {
 209         { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_POST, (void *)popt_common_callback },
 210         { "option",         0, POPT_ARG_STRING, NULL, OPT_OPTION, "Set smb.conf option from command line", "name=value" },
 211         POPT_TABLEEND
 212 };
 213
 214 /****************************************************************************
 215  * get a password from a a file or file descriptor
 216  * exit on failure
 217  * ****************************************************************************/
 218
 219 static void get_password_file(struct user_auth_info *auth_info)
 220 {
 221         int fd = -1;
 222         char *p;
 223         bool close_it = False;
 224         char *spec = NULL;
 225         char pass[128];
 226
 227         if ((p = getenv("PASSWD_FD")) != NULL) {
 228                 if (asprintf(&spec, "descriptor %s", p) < 0) {
 229                         return;
 230                 }
 231                 sscanf(p, "%d", &fd);
 232                 close_it = false;
 233         } else if ((p = getenv("PASSWD_FILE")) != NULL) {
 234                 fd = open(p, O_RDONLY, 0);
 235                 spec = SMB_STRDUP(p);
 236                 if (fd < 0) {
 237                         fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n",
 238                                         spec, strerror(errno));
 239                         exit(1);
 240                 }
 241                 close_it = True;
 242         }
 243
 244         if (fd < 0) {
 245                 fprintf(stderr, "fd = %d, < 0\n", fd);
 246                 exit(1);
 247         }
 248
 249         for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */
 250                 p && p - pass < sizeof(pass);) {
 251                 switch (read(fd, p, 1)) {
 252                 case 1:
 253                         if (*p != '\n' && *p != '\0') {
 254                                 *++p = '\0'; /* advance p, and null-terminate pass */
 255                                 break;
 256                         }
 257                 case 0:
 258                         if (p - pass) {
 259                                 *p = '\0'; /* null-terminate it, just in case... */
 260                                 p = NULL; /* then force the loop condition to become false */
 261                                 break;
 262                         } else {
 263                                 fprintf(stderr, "Error reading password from file %s: %s\n",
 264                                                 spec, "empty password\n");
 265                                 SAFE_FREE(spec);
 266                                 exit(1);
 267                         }
 268
 269                 default:
 270                         fprintf(stderr, "Error reading password from file %s: %s\n",
 271                                         spec, strerror(errno));
 272                         SAFE_FREE(spec);
 273                         exit(1);
 274                 }
 275         }
 276         SAFE_FREE(spec);
 277
 278         set_cmdline_auth_info_password(auth_info, pass);
 279         if (close_it) {
 280                 close(fd);
 281         }
 282 }
 283
 284 static void get_credentials_file(struct user_auth_info *auth_info,
 285                                  const char *file)
 286 {
 287         XFILE *auth;
 288         fstring buf;
 289         uint16_t len = 0;
 290         char *ptr, *val, *param;
 291
 292         if ((auth=x_fopen(file, O_RDONLY, 0)) == NULL)
 293         {
 294                 /* fail if we can't open the credentials file */
 295                 d_printf("ERROR: Unable to open credentials file!\n");
 296                 exit(-1);
 297         }
 298
 299         while (!x_feof(auth))
 300         {
 301                 /* get a line from the file */
 302                 if (!x_fgets(buf, sizeof(buf), auth))
 303                         continue;
 304                 len = strlen(buf);
 305
 306                 if ((len) && (buf[len-1]=='\n'))
 307                 {
 308                         buf[len-1] = '\0';
 309                         len--;
 310                 }
 311                 if (len == 0)
 312                         continue;
 313
 314                 /* break up the line into parameter & value.
 315                  * will need to eat a little whitespace possibly */
 316                 param = buf;
 317                 if (!(ptr = strchr_m (buf, '=')))
 318                         continue;
 319
 320                 val = ptr+1;
 321                 *ptr = '\0';
 322
 323                 /* eat leading white space */
 324                 while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
 325                         val++;
 326
 327                 if (strwicmp("password", param) == 0) {
 328                         set_cmdline_auth_info_password(auth_info, val);
 329                 } else if (strwicmp("username", param) == 0) {
 330                         set_cmdline_auth_info_username(auth_info, val);
 331                 } else if (strwicmp("domain", param) == 0) {
 332                         set_cmdline_auth_info_domain(auth_info, val);
 333                 }
 334                 memset(buf, 0, sizeof(buf));
 335         }
 336         x_fclose(auth);
 337 }
 338
 339 /* Handle command line options:
 340  *              -U,--user
 341  *              -A,--authentication-file
 342  *              -k,--use-kerberos
 343  *              -N,--no-pass
 344  *              -S,--signing
 345  *              -P --machine-pass
 346  *              -e --encrypt
 347  *              -C --use-ccache
 348  */
 349
 350
 351 static void popt_common_credentials_callback(poptContext con,
 352                                         enum poptCallbackReason reason,
 353                                         const struct poptOption *opt,
 354                                         const char *arg, const void *data)
 355 {
 356         const void **pp = discard_const(data);
 357         void *p = discard_const(*pp);
 358         struct user_auth_info *auth_info =
 359                 talloc_get_type_abort(p,
 360                 struct user_auth_info);
 361
 362         if (reason == POPT_CALLBACK_REASON_PRE) {
 363                 set_cmdline_auth_info_username(auth_info, "GUEST");
 364
 365                 if (getenv("LOGNAME")) {
 366                         set_cmdline_auth_info_username(auth_info,
 367                                                        getenv("LOGNAME"));
 368                 }
 369
 370                 if (getenv("USER")) {
 371                         set_cmdline_auth_info_username(auth_info,
 372                                                        getenv("USER"));
 373                 }
 374
 375                 if (getenv("PASSWD")) {
 376                         set_cmdline_auth_info_password(auth_info,
 377                                                        getenv("PASSWD"));
 378                 }
 379
 380                 if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
 381                         get_password_file(auth_info);
 382                 }
 383
 384                 return;
 385         }
 386
 387         switch(opt->val) {
 388         case 'U':
 389                 {
 390                         char *lp;
 391                         char *puser = SMB_STRDUP(arg);
 392
 393                         if ((lp=strchr_m(puser,'%'))) {
 394                                 size_t len;
 395                                 *lp = '\0';
 396                                 set_cmdline_auth_info_username(auth_info,
 397                                                                puser);
 398                                 set_cmdline_auth_info_password(auth_info,
 399                                                                lp+1);
 400                                 len = strlen(lp+1);
 401                                 memset(lp + 1, '\0', len);
 402                         } else {
 403                                 set_cmdline_auth_info_username(auth_info,
 404                                                                puser);
 405                         }
 406                         SAFE_FREE(puser);
 407                 }
 408                 break;
 409
 410         case 'A':
 411                 get_credentials_file(auth_info, arg);
 412                 break;
 413
 414         case 'k':
 415 #ifndef HAVE_KRB5
 416                 d_printf("No kerberos support compiled in\n");
 417                 exit(1);
 418 #else
 419                 set_cmdline_auth_info_use_krb5_ticket(auth_info);
 420 #endif
 421                 break;
 422
 423         case 'S':
 424                 if (!set_cmdline_auth_info_signing_state(auth_info, arg)) {
 425                         fprintf(stderr, "Unknown signing option %s\n", arg );
 426                         exit(1);
 427                 }
 428                 break;
 429         case 'P':
 430                 set_cmdline_auth_info_use_machine_account(auth_info);
 431                 break;
 432         case 'N':
 433                 set_cmdline_auth_info_password(auth_info, "");
 434                 break;
 435         case 'e':
 436                 set_cmdline_auth_info_smb_encrypt(auth_info);
 437                 break;
 438         case 'C':
 439                 set_cmdline_auth_info_use_ccache(auth_info, true);
 440                 break;
 441         case 'H':
 442                 set_cmdline_auth_info_use_pw_nt_hash(auth_info, true);
 443                 break;
 444         }
 445 }
 446
 447 static struct user_auth_info *global_auth_info;
 448
 449 void popt_common_set_auth_info(struct user_auth_info *auth_info)
 450 {
 451         global_auth_info = auth_info;
 452 }
 453
 454 /**
 455  * @brief Burn the commandline password.
 456  *
 457  * This function removes the password from the command line so we
 458  * don't leak the password e.g. in 'ps aux'.
 459  *
 460  * It should be called after processing the options and you should pass down
 461  * argv from main().
 462  *
 463  * @param[in]  argc     The number of arguments.
 464  *
 465  * @param[in]  argv[]   The argument array we will find the array.
 466  */
 467 void popt_burn_cmdline_password(int argc, char *argv[])
 468 {
 469         bool found = false;
 470         char *p = NULL;
 471         int i, ulen = 0;
 472
 473         for (i = 0; i < argc; i++) {
 474                 p = argv[i];
 475                 if (strncmp(p, "-U", 2) == 0) {
 476                         ulen = 2;
 477                         found = true;
 478                 } else if (strncmp(p, "--user", 6) == 0) {
 479                         ulen = 6;
 480                         found = true;
 481                 }
 482
 483                 if (found) {
 484                         if (p == NULL) {
 485                                 return;
 486                         }
 487
 488                         if (strlen(p) == ulen) {
 489                                 continue;
 490                         }
 491
 492                         p = strchr_m(p, '%');
 493                         if (p != NULL) {
 494                                 memset(p, '\0', strlen(p));
 495                         }
 496                         found = false;
 497                 }
 498         }
 499 }
 500
 501 struct poptOption popt_common_credentials[] = {
 502         { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE,
 503           (void *)popt_common_credentials_callback, 0,
 504           (const void *)&global_auth_info },
 505         { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "USERNAME" },
 506         { "no-pass", 'N', POPT_ARG_NONE, NULL, 'N', "Don't ask for a password" },
 507         { "kerberos", 'k', POPT_ARG_NONE, NULL, 'k', "Use kerberos (active directory) authentication" },
 508         { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
 509         { "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" },
 510         {"machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" },
 511         {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport" },
 512         {"use-ccache", 'C', POPT_ARG_NONE, NULL, 'C',
 513          "Use the winbind ccache for authentication" },
 514         {"pw-nt-hash", '\0', POPT_ARG_NONE, NULL, 'H',
 515          "The supplied password is the NT hash" },
 516         POPT_TABLEEND
 517 };