* -k,--use-kerberos
* -N,--no-pass
* -S,--signing
- * -P --machine-pass
- * --simple-bind-dn
- * --password
+ * -P,--machine-pass
+ * --simple-bind-dn
+ * --password
+ * --krb5-ccache
*/
-
static bool dont_ask;
+static bool machine_account_pending;
-enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS, OPT_SIGN, OPT_ENCRYPT };
-
-/*
- disable asking for a password
-*/
-void popt_common_dont_ask(void)
-{
- dont_ask = true;
-}
+enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS, OPT_SIGN, OPT_ENCRYPT, OPT_KRB5_CCACHE };
static void popt_common_credentials_callback(poptContext con,
enum poptCallbackReason reason,
const char *arg, const void *data)
{
if (reason == POPT_CALLBACK_REASON_PRE) {
- cmdline_credentials = cli_credentials_init(talloc_autofree_context());
+ popt_set_cmdline_credentials(
+ cli_credentials_init(talloc_autofree_context()));
return;
}
if (reason == POPT_CALLBACK_REASON_POST) {
- cli_credentials_guess(cmdline_credentials, cmdline_lp_ctx);
+ cli_credentials_guess(popt_get_cmdline_credentials(),
+ cmdline_lp_ctx);
if (!dont_ask) {
- cli_credentials_set_cmdline_callbacks(cmdline_credentials);
+ cli_credentials_set_cmdline_callbacks(
+ popt_get_cmdline_credentials());
+ }
+
+ if (machine_account_pending) {
+ cli_credentials_set_machine_account(
+ popt_get_cmdline_credentials(), cmdline_lp_ctx);
}
+
return;
}
{
char *lp;
- cli_credentials_parse_string(cmdline_credentials, arg, CRED_SPECIFIED);
+ cli_credentials_parse_string(
+ popt_get_cmdline_credentials(), arg, CRED_SPECIFIED);
/* This breaks the abstraction, including the const above */
if ((lp=strchr_m(arg,'%'))) {
lp[0]='\0';
break;
case OPT_PASSWORD:
- cli_credentials_set_password(cmdline_credentials, arg, CRED_SPECIFIED);
+ cli_credentials_set_password(popt_get_cmdline_credentials(),
+ arg, CRED_SPECIFIED);
/* Try to prevent this showing up in ps */
memset(discard_const(arg),0,strlen(arg));
break;
case 'A':
- cli_credentials_parse_file(cmdline_credentials, arg, CRED_SPECIFIED);
+ cli_credentials_parse_file(popt_get_cmdline_credentials(),
+ arg, CRED_SPECIFIED);
break;
case 'P':
/* Later, after this is all over, get the machine account details from the secrets.ldb */
- cli_credentials_set_machine_account_pending(cmdline_credentials, cmdline_lp_ctx);
+ machine_account_pending = true;
break;
case OPT_KERBEROS:
}
}
- cli_credentials_set_kerberos_state(cmdline_credentials,
+ cli_credentials_set_kerberos_state(
+ popt_get_cmdline_credentials(),
use_kerberos
? CRED_MUST_USE_KERBEROS
: CRED_DONT_USE_KERBEROS);
case OPT_SIMPLE_BIND_DN:
{
- cli_credentials_set_bind_dn(cmdline_credentials, arg);
+ cli_credentials_set_bind_dn(popt_get_cmdline_credentials(),
+ arg);
+ break;
+ }
+ case OPT_KRB5_CCACHE:
+ {
+ const char *error_string;
+ if (cli_credentials_set_ccache(
+ popt_get_cmdline_credentials(), cmdline_lp_ctx,
+ arg, CRED_SPECIFIED,
+ &error_string) != 0) {
+ fprintf(stderr, "Error reading krb5 credentials cache: '%s' %s", arg, error_string);
+ exit(1);
+ }
break;
}
case OPT_SIGN:
{
uint32_t gensec_features;
- gensec_features = cli_credentials_get_gensec_features(cmdline_credentials);
+ gensec_features = cli_credentials_get_gensec_features(
+ popt_get_cmdline_credentials());
gensec_features |= GENSEC_FEATURE_SIGN;
- cli_credentials_set_gensec_features(cmdline_credentials,
+ cli_credentials_set_gensec_features(
+ popt_get_cmdline_credentials(),
gensec_features);
break;
}
{
uint32_t gensec_features;
- gensec_features = cli_credentials_get_gensec_features(cmdline_credentials);
+ gensec_features = cli_credentials_get_gensec_features(
+ popt_get_cmdline_credentials());
gensec_features |= GENSEC_FEATURE_SEAL;
- cli_credentials_set_gensec_features(cmdline_credentials,
+ cli_credentials_set_gensec_features(
+ popt_get_cmdline_credentials(),
gensec_features);
break;
}
-struct poptOption popt_common_credentials[] = {
+struct poptOption popt_common_credentials4[] = {
{ NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_credentials_callback },
{ "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "[DOMAIN/]USERNAME[%PASSWORD]" },
{ "no-pass", 'N', POPT_ARG_NONE, &dont_ask, 'N', "Don't ask for a password" },
{ "password", 0, POPT_ARG_STRING, NULL, OPT_PASSWORD, "Password" },
{ "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
- { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password (implies -k)" },
+ { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" },
{ "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN to use for a simple bind" },
{ "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos, -k [yes|no]" },
+ { "krb5-ccache", 0, POPT_ARG_STRING, NULL, OPT_KRB5_CCACHE, "Credentials cache location for Kerberos" },
{ "sign", 'S', POPT_ARG_NONE, NULL, OPT_SIGN, "Sign connection to prevent modification in transit" },
{ "encrypt", 'e', POPT_ARG_NONE, NULL, OPT_ENCRYPT, "Encrypt connection for privacy" },
{ NULL }