source4/lib/cmdline/popt_common.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Common popt routines
   4
   5    Copyright (C) Tim Potter 2001,2002
   6    Copyright (C) Jelmer Vernooij 2002,2003
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24 #include "lib/cmdline/popt_common.h"
  25
  26 /* Handle command line options:
  27  *              -d,--debuglevel
  28  *              -s,--configfile
  29  *              -O,--socket-options
  30  *              -V,--version
  31  *              -l,--log-base
  32  *              -n,--netbios-name
  33  *              -W,--workgroup
  34  *              -i,--scope
  35  */
  36
  37
  38 enum {OPT_OPTION=1,OPT_LEAK_REPORT,OPT_LEAK_REPORT_FULL};
  39
  40 static struct cmdline_auth_info cmdline_auth_info;
  41
  42 static void popt_common_callback(poptContext con,
  43                            enum poptCallbackReason reason,
  44                            const struct poptOption *opt,
  45                            const char *arg, const void *data)
  46 {
  47         const char *pname;
  48
  49         /* Find out basename of current program */
  50         pname = strrchr_m(poptGetInvocationName(con),'/');
  51
  52         if (!pname)
  53                 pname = poptGetInvocationName(con);
  54         else
  55                 pname++;
  56
  57         if (reason == POPT_CALLBACK_REASON_PRE) {
  58                 char *logfile = talloc_asprintf(NULL, "%s/log.%s", dyn_LOGFILEBASE, pname);
  59                 lp_set_cmdline("log file", logfile);
  60                 talloc_free(logfile);
  61                 return;
  62         }
  63
  64         switch(opt->val) {
  65         case 'd':
  66                 lp_set_cmdline("log level", arg);
  67                 break;
  68
  69         case 'V':
  70                 printf( "Version %s\n", SAMBA_VERSION_STRING );
  71                 exit(0);
  72                 break;
  73
  74         case 'O':
  75                 if (arg) {
  76                         lp_set_cmdline("socket options", arg);
  77                 }
  78                 break;
  79
  80         case 's':
  81                 if (arg) {
  82                         pstrcpy(dyn_CONFIGFILE, arg);
  83                 }
  84                 break;
  85
  86         case 'l':
  87                 if (arg) {
  88                         char *logfile = talloc_asprintf(NULL, "%s/log.%s", arg, pname);
  89                         lp_set_cmdline("log file", logfile);
  90                         talloc_free(logfile);
  91                 }
  92                 break;
  93
  94         case 'W':
  95                 lp_set_cmdline("workgroup", arg);
  96                 break;
  97
  98         case 'n':
  99                 lp_set_cmdline("netbios name", arg);
 100                 break;
 101
 102         case 'i':
 103                 lp_set_cmdline("netbios scope", arg);
 104                 break;
 105
 106         case 'm':
 107                 lp_set_cmdline("max protocol", arg);
 108                 break;
 109
 110         case 'R':
 111                 lp_set_cmdline("name resolve order", arg);
 112                 break;
 113
 114         case OPT_OPTION:
 115                 if (!lp_set_option(arg)) {
 116                         fprintf(stderr, "Error setting option '%s'\n", arg);
 117                         exit(1);
 118                 }
 119                 break;
 120
 121         case OPT_LEAK_REPORT:
 122                 talloc_enable_leak_report();
 123                 break;
 124
 125         case OPT_LEAK_REPORT_FULL:
 126                 talloc_enable_leak_report_full();
 127                 break;
 128         }
 129 }
 130
 131 struct poptOption popt_common_connection[] = {
 132         { NULL, 0, POPT_ARG_CALLBACK, popt_common_callback },
 133         { "name-resolve", 'R', POPT_ARG_STRING, NULL, 'R', "Use these name resolution services only", "NAME-RESOLVE-ORDER" },
 134         { "socket-options", 'O', POPT_ARG_STRING, NULL, 'O', "socket options to use", "SOCKETOPTIONS" },
 135         { "netbiosname", 'n', POPT_ARG_STRING, NULL, 'n', "Primary netbios name", "NETBIOSNAME" },
 136         { "workgroup", 'W', POPT_ARG_STRING, NULL, 'W', "Set the workgroup name", "WORKGROUP" },
 137         { "scope", 'i', POPT_ARG_STRING, NULL, 'i', "Use this Netbios scope", "SCOPE" },
 138         { "maxprotocol", 'm', POPT_ARG_STRING, NULL, 'm', "Set max protocol level", "MAXPROTOCOL" },
 139         POPT_TABLEEND
 140 };
 141
 142 struct poptOption popt_common_samba[] = {
 143         { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, popt_common_callback },
 144         { "debuglevel",   'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" },
 145         { "configfile",   's', POPT_ARG_STRING, NULL, 's', "Use alternative configuration file", "CONFIGFILE" },
 146         { "option",         0, POPT_ARG_STRING, NULL, OPT_OPTION, "Set smb.conf option from command line", "name=value" },
 147         { "log-basename", 'l', POPT_ARG_STRING, NULL, 'l', "Basename for log/debug files", "LOGFILEBASE" },
 148         { "leak-report",     0, POPT_ARG_NONE, NULL, OPT_LEAK_REPORT, "enable talloc leak reporting on exit", NULL },
 149         { "leak-report-full",0, POPT_ARG_NONE, NULL, OPT_LEAK_REPORT_FULL, "enable full talloc leak reporting on exit", NULL },
 150         POPT_TABLEEND
 151 };
 152
 153 struct poptOption popt_common_version[] = {
 154         { NULL, 0, POPT_ARG_CALLBACK, popt_common_callback },
 155         { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
 156         POPT_TABLEEND
 157 };
 158
 159
 160
 161 /****************************************************************************
 162  * get a password from a a file or file descriptor
 163  * exit on failure
 164  * ****************************************************************************/
 165 static void get_password_file(struct cmdline_auth_info *a)
 166 {
 167         int fd = -1;
 168         char *p;
 169         BOOL close_it = False;
 170         pstring spec;
 171         char pass[128];
 172
 173         if ((p = getenv("PASSWD_FD")) != NULL) {
 174                 pstrcpy(spec, "descriptor ");
 175                 pstrcat(spec, p);
 176                 sscanf(p, "%d", &fd);
 177                 close_it = False;
 178         } else if ((p = getenv("PASSWD_FILE")) != NULL) {
 179                 fd = open(p, O_RDONLY, 0);
 180                 pstrcpy(spec, p);
 181                 if (fd < 0) {
 182                         fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n",
 183                                         spec, strerror(errno));
 184                         exit(1);
 185                 }
 186                 close_it = True;
 187         }
 188
 189         for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */
 190                 p && p - pass < sizeof(pass);) {
 191                 switch (read(fd, p, 1)) {
 192                 case 1:
 193                         if (*p != '\n' && *p != '\0') {
 194                                 *++p = '\0'; /* advance p, and null-terminate pass */
 195                                 break;
 196                         }
 197                 case 0:
 198                         if (p - pass) {
 199                                 *p = '\0'; /* null-terminate it, just in case... */
 200                                 p = NULL; /* then force the loop condition to become false */
 201                                 break;
 202                         } else {
 203                                 fprintf(stderr, "Error reading password from file %s: %s\n",
 204                                                 spec, "empty password\n");
 205                                 exit(1);
 206                         }
 207
 208                 default:
 209                         fprintf(stderr, "Error reading password from file %s: %s\n",
 210                                         spec, strerror(errno));
 211                         exit(1);
 212                 }
 213         }
 214         pstrcpy(a->password, pass);
 215         if (close_it)
 216                 close(fd);
 217 }
 218
 219 static void get_credentials_file(const char *file, struct cmdline_auth_info *info)
 220 {
 221         XFILE *auth;
 222         fstring buf;
 223         uint16_t len = 0;
 224         char *ptr, *val, *param;
 225
 226         if ((auth=x_fopen(file, O_RDONLY, 0)) == NULL)
 227         {
 228                 /* fail if we can't open the credentials file */
 229                 d_printf("ERROR: Unable to open credentials file!\n");
 230                 exit(-1);
 231         }
 232
 233         while (!x_feof(auth))
 234         {
 235                 /* get a line from the file */
 236                 if (!x_fgets(buf, sizeof(buf), auth))
 237                         continue;
 238                 len = strlen(buf);
 239
 240                 if ((len) && (buf[len-1]=='\n'))
 241                 {
 242                         buf[len-1] = '\0';
 243                         len--;
 244                 }
 245                 if (len == 0)
 246                         continue;
 247
 248                 /* break up the line into parameter & value.
 249                  * will need to eat a little whitespace possibly */
 250                 param = buf;
 251                 if (!(ptr = strchr_m (buf, '=')))
 252                         continue;
 253
 254                 val = ptr+1;
 255                 *ptr = '\0';
 256
 257                 /* eat leading white space */
 258                 while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
 259                         val++;
 260
 261                 if (strwicmp("password", param) == 0) {
 262                         pstrcpy(info->password, val);
 263                         info->got_pass = True;
 264                 } else if (strwicmp("username", param) == 0) {
 265                         pstrcpy(info->username, val);
 266                 } else if (strwicmp("domain", param) == 0) {
 267                         pstrcpy(info->domain,val);
 268                         info->got_domain = True;
 269                 }
 270                 memset(buf, 0, sizeof(buf));
 271         }
 272         x_fclose(auth);
 273 }
 274
 275 /* Handle command line options:
 276  *              -U,--user
 277  *              -A,--authentication-file
 278  *              -k,--use-kerberos
 279  *              -N,--no-pass
 280  *              -S,--signing
 281  *              -P --machine-pass
 282  */
 283
 284
 285 static void popt_common_credentials_callback(poptContext con,
 286                                                 enum poptCallbackReason reason,
 287                                                 const struct poptOption *opt,
 288                                                 const char *arg, const void *data)
 289 {
 290         char *p;
 291
 292         if (reason == POPT_CALLBACK_REASON_PRE) {
 293                 cmdline_auth_info.use_kerberos = False;
 294                 cmdline_auth_info.got_pass = False;
 295                 pstrcpy(cmdline_auth_info.username, "GUEST");
 296
 297                 if (getenv("LOGNAME"))pstrcpy(cmdline_auth_info.username,getenv("LOGNAME"));
 298
 299                 if (getenv("USER")) {
 300                         pstring tmp;
 301
 302                         pstrcpy(cmdline_auth_info.username,getenv("USER"));
 303
 304                         pstrcpy(tmp,cmdline_auth_info.username);
 305                         if ((p = strchr_m(tmp,'\\'))) {
 306                                 *p = 0;
 307                                 pstrcpy(cmdline_auth_info.domain,tmp);
 308                                 cmdline_auth_info.got_domain = True;
 309                                 pstrcpy(cmdline_auth_info.username,p+1);
 310                         }
 311
 312                         if ((p = strchr_m(cmdline_auth_info.username,'%'))) {
 313                                 *p = 0;
 314                                 pstrcpy(cmdline_auth_info.password,p+1);
 315                                 cmdline_auth_info.got_pass = True;
 316                                 memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(cmdline_auth_info.password));
 317                         }
 318                 }
 319
 320                 if (getenv("DOMAIN")) {
 321                         pstrcpy(cmdline_auth_info.domain,getenv("DOMAIN"));
 322                         cmdline_auth_info.got_domain = True;
 323                 }
 324
 325                 if (getenv("PASSWD")) {
 326                         pstrcpy(cmdline_auth_info.password,getenv("PASSWD"));
 327                         cmdline_auth_info.got_pass = True;
 328                 }
 329
 330                 if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
 331                         get_password_file(&cmdline_auth_info);
 332                         cmdline_auth_info.got_pass = True;
 333                 }
 334
 335                 return;
 336         }
 337
 338         switch(opt->val) {
 339         case 'U':
 340                 {
 341                         char *lp;
 342                         pstring tmp;
 343
 344                         pstrcpy(cmdline_auth_info.username,arg);
 345
 346                         pstrcpy(tmp,cmdline_auth_info.username);
 347                         if ((p = strchr_m(tmp,'\\'))) {
 348                                 *p = 0;
 349                                 pstrcpy(cmdline_auth_info.domain,tmp);
 350                                 cmdline_auth_info.got_domain = True;
 351                                 pstrcpy(cmdline_auth_info.username,p+1);
 352                         }
 353
 354                         if ((lp=strchr_m(cmdline_auth_info.username,'%'))) {
 355                                 *lp = 0;
 356                                 pstrcpy(cmdline_auth_info.password,lp+1);
 357                                 cmdline_auth_info.got_pass = True;
 358                                 memset(strchr_m(arg,'%')+1,'X',strlen(cmdline_auth_info.password));
 359                         }
 360                 }
 361                 break;
 362
 363         case 'A':
 364                 get_credentials_file(arg, &cmdline_auth_info);
 365                 break;
 366
 367         case 'k':
 368 #ifndef HAVE_KRB5
 369                 d_printf("No kerberos support compiled in\n");
 370                 exit(1);
 371 #else
 372                 cmdline_auth_info.use_kerberos = True;
 373                 cmdline_auth_info.got_pass = True;
 374 #endif
 375                 break;
 376
 377         case 'S':
 378                 lp_set_cmdline("client signing", arg);
 379                 break;
 380
 381         case 'P':
 382                 {
 383                         char *opt_password = NULL;
 384                         /* it is very useful to be able to make ads queries as the
 385                            machine account for testing purposes and for domain leave */
 386
 387                         if (!secrets_init()) {
 388                                 d_printf("ERROR: Unable to open secrets database\n");
 389                                 exit(1);
 390                         }
 391
 392                         opt_password = secrets_fetch_machine_password(lp_workgroup());
 393
 394                         if (!opt_password) {
 395                                 d_printf("ERROR: Unable to fetch machine password\n");
 396                                 exit(1);
 397                         }
 398                         snprintf(cmdline_auth_info.username, sizeof(cmdline_auth_info.username),
 399                                  "%s$", lp_netbios_name());
 400                         pstrcpy(cmdline_auth_info.password,opt_password);
 401                         SAFE_FREE(opt_password);
 402                         cmdline_auth_info.got_pass = True;
 403
 404                         pstrcpy(cmdline_auth_info.domain, lp_workgroup());
 405                         cmdline_auth_info.got_domain = True;
 406
 407                         /* machine accounts only work with kerberos */
 408                         cmdline_auth_info.use_kerberos = True;
 409                 }
 410                 break;
 411         }
 412 }
 413
 414
 415
 416 struct poptOption popt_common_credentials[] = {
 417         { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, popt_common_credentials_callback },
 418         { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "USERNAME" },
 419         { "no-pass", 'N', POPT_ARG_NONE, &cmdline_auth_info.got_pass, 0, "Don't ask for a password" },
 420         { "kerberos", 'k', POPT_ARG_NONE, &cmdline_auth_info.use_kerberos, 'k', "Use kerberos (active directory) authentication" },
 421         { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
 422         { "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" },
 423         { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" },
 424         POPT_TABLEEND
 425 };
 426
 427 void cmdline_set_username(const char *name)
 428 {
 429         pstrcpy(cmdline_auth_info.username, name);
 430 }
 431
 432 const char *cmdline_get_username(void)
 433 {
 434         return cmdline_auth_info.username;
 435 }
 436
 437 void cmdline_set_userdomain(const char *domain)
 438 {
 439         cmdline_auth_info.got_domain = True;
 440         pstrcpy(cmdline_auth_info.domain, domain);
 441 }
 442
 443 const char *cmdline_get_userdomain(void)
 444 {
 445         if (cmdline_auth_info.got_domain) {
 446                 return cmdline_auth_info.domain;
 447         }
 448
 449         /* I think this should be lp_netbios_name()
 450          * instead of lp_workgroup(), because if you're logged in
 451          * as domain user the getenv("USER") contains the domain
 452          * and this code path isn't used
 453          * --metze
 454          */
 455         return lp_netbios_name();
 456 }
 457
 458 const char *cmdline_get_userpassword(void)
 459 {
 460         char *prompt;
 461         char *ret;
 462
 463         if (cmdline_auth_info.got_pass) {
 464                 return cmdline_auth_info.password;
 465         }
 466
 467         prompt = talloc_asprintf(NULL, "Password for [%s\\%s]:",
 468                                  cmdline_get_userdomain(),
 469                                  cmdline_get_username());
 470
 471         ret = getpass(prompt);
 472
 473         talloc_free(prompt);
 474         return ret;
 475 }
 476
 477 void cmdline_set_userpassword(const char *pass)
 478 {
 479         cmdline_auth_info.got_pass = True;
 480         pstrcpy(cmdline_auth_info.password, pass);
 481 }
 482
 483 void cmdline_set_use_kerberos(BOOL use_kerberos)
 484 {
 485         cmdline_auth_info.use_kerberos = use_kerberos;
 486 }
 487
 488 BOOL cmdline_get_use_kerberos(void)
 489 {
 490         return cmdline_auth_info.use_kerberos;
 491 }