2 Unix SMB/CIFS implementation.
3 Common popt routines only used by cmdline utils
5 Copyright (C) Tim Potter 2001,2002
6 Copyright (C) Jelmer Vernooij 2002,2003
7 Copyright (C) James Peach 2006
8 Copyright (C) Christof Schmitt 2018
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 /* Handle command line options:
26 * -A,--authentication-file
35 #include "popt_common_cmdline.h"
37 #include "auth_info.h"
39 static struct user_auth_info *cmdline_auth_info;
41 struct user_auth_info *popt_get_cmdline_auth_info(void)
43 return cmdline_auth_info;
45 void popt_free_cmdline_auth_info(void)
47 TALLOC_FREE(cmdline_auth_info);
50 static bool popt_common_credentials_ignore_missing_conf;
51 static bool popt_common_credentials_delay_post;
53 void popt_common_credentials_set_ignore_missing_conf(void)
55 popt_common_credentials_delay_post = true;
58 void popt_common_credentials_set_delay_post(void)
60 popt_common_credentials_delay_post = true;
63 void popt_common_credentials_post(void)
65 if (get_cmdline_auth_info_use_machine_account(cmdline_auth_info) &&
66 !set_cmdline_auth_info_machine_account_creds(cmdline_auth_info))
69 "Failed to use machine account credentials\n");
73 set_cmdline_auth_info_getpass(cmdline_auth_info);
76 * When we set the username during the handling of the options passed to
77 * the binary we haven't loaded the config yet. This means that we
78 * didn't take the 'winbind separator' into account.
80 * The username might contain the domain name and thus it hasn't been
81 * correctly parsed yet. If we have a username we need to set it again
82 * to run the string parser for the username correctly.
84 reset_cmdline_auth_info_username(cmdline_auth_info);
87 static void popt_common_credentials_callback(poptContext con,
88 enum poptCallbackReason reason,
89 const struct poptOption *opt,
90 const char *arg, const void *data)
92 if (reason == POPT_CALLBACK_REASON_PRE) {
93 struct user_auth_info *auth_info =
94 user_auth_info_init(NULL);
95 if (auth_info == NULL) {
96 fprintf(stderr, "user_auth_info_init() failed\n");
99 cmdline_auth_info = auth_info;
103 if (reason == POPT_CALLBACK_REASON_POST) {
106 ok = lp_load_client(get_dyn_CONFIGFILE());
108 const char *pname = poptGetInvocationName(con);
110 fprintf(stderr, "%s: Can't load %s - run testparm to debug it\n",
111 pname, get_dyn_CONFIGFILE());
112 if (!popt_common_credentials_ignore_missing_conf) {
119 set_cmdline_auth_info_guess(cmdline_auth_info);
121 if (popt_common_credentials_delay_post) {
125 popt_common_credentials_post();
131 set_cmdline_auth_info_username(cmdline_auth_info, arg);
135 set_cmdline_auth_info_from_file(cmdline_auth_info, arg);
140 d_printf("No kerberos support compiled in\n");
143 set_cmdline_auth_info_use_krb5_ticket(cmdline_auth_info);
148 if (!set_cmdline_auth_info_signing_state(cmdline_auth_info,
150 fprintf(stderr, "Unknown signing option %s\n", arg );
155 set_cmdline_auth_info_use_machine_account(cmdline_auth_info);
158 set_cmdline_auth_info_password(cmdline_auth_info, "");
161 set_cmdline_auth_info_smb_encrypt(cmdline_auth_info);
164 set_cmdline_auth_info_use_ccache(cmdline_auth_info, true);
167 set_cmdline_auth_info_use_pw_nt_hash(cmdline_auth_info, true);
173 * @brief Burn the commandline password.
175 * This function removes the password from the command line so we
176 * don't leak the password e.g. in 'ps aux'.
178 * It should be called after processing the options and you should pass down
181 * @param[in] argc The number of arguments.
183 * @param[in] argv[] The argument array we will find the array.
185 void popt_burn_cmdline_password(int argc, char *argv[])
191 for (i = 0; i < argc; i++) {
193 if (strncmp(p, "-U", 2) == 0) {
196 } else if (strncmp(p, "--user", 6) == 0) {
206 if (strlen(p) == ulen) {
210 p = strchr_m(p, '%');
212 memset(p, '\0', strlen(p));
219 struct poptOption popt_common_credentials[] = {
220 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST,
221 (void *)popt_common_credentials_callback, 0, NULL },
222 { "user", 'U', POPT_ARG_STRING, NULL, 'U',
223 "Set the network username", "USERNAME" },
224 { "no-pass", 'N', POPT_ARG_NONE, NULL, 'N',
225 "Don't ask for a password" },
226 { "kerberos", 'k', POPT_ARG_NONE, NULL, 'k',
227 "Use kerberos (active directory) authentication" },
228 { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A',
229 "Get the credentials from a file", "FILE" },
230 { "signing", 'S', POPT_ARG_STRING, NULL, 'S',
231 "Set the client signing state", "on|off|required" },
232 {"machine-pass", 'P', POPT_ARG_NONE, NULL, 'P',
233 "Use stored machine account password" },
234 {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e',
235 "Encrypt SMB transport" },
236 {"use-ccache", 'C', POPT_ARG_NONE, NULL, 'C',
237 "Use the winbind ccache for authentication" },
238 {"pw-nt-hash", '\0', POPT_ARG_NONE, NULL, 'H',
239 "The supplied password is the NT hash" },