2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2001,2002
6 Copyright (C) Jelmer Vernooij 2002,2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "system/passwd.h"
25 #include "lib/cmdline/popt_common.h"
27 /* Handle command line options:
39 enum {OPT_OPTION=1,OPT_LEAK_REPORT,OPT_LEAK_REPORT_FULL};
41 static struct cmdline_auth_info cmdline_auth_info;
43 static void popt_common_callback(poptContext con,
44 enum poptCallbackReason reason,
45 const struct poptOption *opt,
46 const char *arg, const void *data)
50 /* Find out basename of current program */
51 pname = strrchr_m(poptGetInvocationName(con),'/');
54 pname = poptGetInvocationName(con);
58 if (reason == POPT_CALLBACK_REASON_PRE) {
59 char *logfile = talloc_asprintf(NULL, "%s/log.%s", dyn_LOGFILEBASE, pname);
60 lp_set_cmdline("log file", logfile);
67 lp_set_cmdline("log level", arg);
71 printf( "Version %s\n", SAMBA_VERSION_STRING );
77 lp_set_cmdline("socket options", arg);
83 pstrcpy(dyn_CONFIGFILE, arg);
89 char *logfile = talloc_asprintf(NULL, "%s/log.%s", arg, pname);
90 lp_set_cmdline("log file", logfile);
96 lp_set_cmdline("workgroup", arg);
100 lp_set_cmdline("netbios name", arg);
104 lp_set_cmdline("netbios scope", arg);
108 lp_set_cmdline("max protocol", arg);
112 lp_set_cmdline("name resolve order", arg);
116 if (!lp_set_option(arg)) {
117 fprintf(stderr, "Error setting option '%s'\n", arg);
122 case OPT_LEAK_REPORT:
123 talloc_enable_leak_report();
126 case OPT_LEAK_REPORT_FULL:
127 talloc_enable_leak_report_full();
132 struct poptOption popt_common_connection[] = {
133 { NULL, 0, POPT_ARG_CALLBACK, popt_common_callback },
134 { "name-resolve", 'R', POPT_ARG_STRING, NULL, 'R', "Use these name resolution services only", "NAME-RESOLVE-ORDER" },
135 { "socket-options", 'O', POPT_ARG_STRING, NULL, 'O', "socket options to use", "SOCKETOPTIONS" },
136 { "netbiosname", 'n', POPT_ARG_STRING, NULL, 'n', "Primary netbios name", "NETBIOSNAME" },
137 { "workgroup", 'W', POPT_ARG_STRING, NULL, 'W', "Set the workgroup name", "WORKGROUP" },
138 { "scope", 'i', POPT_ARG_STRING, NULL, 'i', "Use this Netbios scope", "SCOPE" },
139 { "maxprotocol", 'm', POPT_ARG_STRING, NULL, 'm', "Set max protocol level", "MAXPROTOCOL" },
143 struct poptOption popt_common_samba[] = {
144 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, popt_common_callback },
145 { "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" },
146 { "configfile", 's', POPT_ARG_STRING, NULL, 's', "Use alternative configuration file", "CONFIGFILE" },
147 { "option", 0, POPT_ARG_STRING, NULL, OPT_OPTION, "Set smb.conf option from command line", "name=value" },
148 { "log-basename", 'l', POPT_ARG_STRING, NULL, 'l', "Basename for log/debug files", "LOGFILEBASE" },
149 { "leak-report", 0, POPT_ARG_NONE, NULL, OPT_LEAK_REPORT, "enable talloc leak reporting on exit", NULL },
150 { "leak-report-full",0, POPT_ARG_NONE, NULL, OPT_LEAK_REPORT_FULL, "enable full talloc leak reporting on exit", NULL },
154 struct poptOption popt_common_version[] = {
155 { NULL, 0, POPT_ARG_CALLBACK, popt_common_callback },
156 { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
162 /****************************************************************************
163 * get a password from a a file or file descriptor
165 * ****************************************************************************/
166 static void get_password_file(struct cmdline_auth_info *a)
170 BOOL close_it = False;
174 if ((p = getenv("PASSWD_FD")) != NULL) {
175 pstrcpy(spec, "descriptor ");
177 sscanf(p, "%d", &fd);
179 } else if ((p = getenv("PASSWD_FILE")) != NULL) {
180 fd = open(p, O_RDONLY, 0);
183 fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n",
184 spec, strerror(errno));
190 for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */
191 p && p - pass < sizeof(pass);) {
192 switch (read(fd, p, 1)) {
194 if (*p != '\n' && *p != '\0') {
195 *++p = '\0'; /* advance p, and null-terminate pass */
200 *p = '\0'; /* null-terminate it, just in case... */
201 p = NULL; /* then force the loop condition to become false */
204 fprintf(stderr, "Error reading password from file %s: %s\n",
205 spec, "empty password\n");
210 fprintf(stderr, "Error reading password from file %s: %s\n",
211 spec, strerror(errno));
215 pstrcpy(a->password, pass);
220 static void get_credentials_file(const char *file, struct cmdline_auth_info *info)
225 char *ptr, *val, *param;
227 if ((auth=x_fopen(file, O_RDONLY, 0)) == NULL)
229 /* fail if we can't open the credentials file */
230 d_printf("ERROR: Unable to open credentials file!\n");
234 while (!x_feof(auth))
236 /* get a line from the file */
237 if (!x_fgets(buf, sizeof(buf), auth))
241 if ((len) && (buf[len-1]=='\n'))
249 /* break up the line into parameter & value.
250 * will need to eat a little whitespace possibly */
252 if (!(ptr = strchr_m (buf, '=')))
258 /* eat leading white space */
259 while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
262 if (strwicmp("password", param) == 0) {
263 pstrcpy(info->password, val);
264 info->got_pass = True;
265 } else if (strwicmp("username", param) == 0) {
266 pstrcpy(info->username, val);
267 } else if (strwicmp("domain", param) == 0) {
268 pstrcpy(info->domain,val);
269 info->got_domain = True;
271 memset(buf, 0, sizeof(buf));
276 /* Handle command line options:
278 * -A,--authentication-file
286 static void popt_common_credentials_callback(poptContext con,
287 enum poptCallbackReason reason,
288 const struct poptOption *opt,
289 const char *arg, const void *data)
293 if (reason == POPT_CALLBACK_REASON_PRE) {
294 cmdline_auth_info.use_kerberos = False;
295 cmdline_auth_info.got_pass = False;
296 pstrcpy(cmdline_auth_info.username, "GUEST");
298 if (getenv("LOGNAME"))pstrcpy(cmdline_auth_info.username,getenv("LOGNAME"));
300 if (getenv("USER")) {
303 pstrcpy(cmdline_auth_info.username,getenv("USER"));
305 pstrcpy(tmp,cmdline_auth_info.username);
306 if ((p = strchr_m(tmp,'\\'))) {
308 pstrcpy(cmdline_auth_info.domain,tmp);
309 cmdline_auth_info.got_domain = True;
310 pstrcpy(cmdline_auth_info.username,p+1);
313 if ((p = strchr_m(cmdline_auth_info.username,'%'))) {
315 pstrcpy(cmdline_auth_info.password,p+1);
316 cmdline_auth_info.got_pass = True;
317 memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(cmdline_auth_info.password));
321 if (getenv("DOMAIN")) {
322 pstrcpy(cmdline_auth_info.domain,getenv("DOMAIN"));
323 cmdline_auth_info.got_domain = True;
326 if (getenv("PASSWD")) {
327 pstrcpy(cmdline_auth_info.password,getenv("PASSWD"));
328 cmdline_auth_info.got_pass = True;
331 if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
332 get_password_file(&cmdline_auth_info);
333 cmdline_auth_info.got_pass = True;
345 pstrcpy(cmdline_auth_info.username,arg);
347 pstrcpy(tmp,cmdline_auth_info.username);
348 if ((p = strchr_m(tmp,'\\'))) {
350 pstrcpy(cmdline_auth_info.domain,tmp);
351 cmdline_auth_info.got_domain = True;
352 pstrcpy(cmdline_auth_info.username,p+1);
355 if ((lp=strchr_m(cmdline_auth_info.username,'%'))) {
357 pstrcpy(cmdline_auth_info.password,lp+1);
358 cmdline_auth_info.got_pass = True;
359 memset(strchr_m(arg,'%')+1,'X',strlen(cmdline_auth_info.password));
365 get_credentials_file(arg, &cmdline_auth_info);
370 d_printf("No kerberos support compiled in\n");
373 cmdline_auth_info.use_kerberos = True;
374 cmdline_auth_info.got_pass = True;
379 lp_set_cmdline("client signing", arg);
384 char *opt_password = NULL;
385 /* it is very useful to be able to make ads queries as the
386 machine account for testing purposes and for domain leave */
388 if (!secrets_init()) {
389 d_printf("ERROR: Unable to open secrets database\n");
393 opt_password = secrets_fetch_machine_password(lp_workgroup());
396 d_printf("ERROR: Unable to fetch machine password\n");
399 snprintf(cmdline_auth_info.username, sizeof(cmdline_auth_info.username),
400 "%s$", lp_netbios_name());
401 pstrcpy(cmdline_auth_info.password,opt_password);
402 SAFE_FREE(opt_password);
403 cmdline_auth_info.got_pass = True;
405 pstrcpy(cmdline_auth_info.domain, lp_workgroup());
406 cmdline_auth_info.got_domain = True;
408 /* machine accounts only work with kerberos */
409 cmdline_auth_info.use_kerberos = True;
417 struct poptOption popt_common_credentials[] = {
418 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, popt_common_credentials_callback },
419 { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "USERNAME" },
420 { "no-pass", 'N', POPT_ARG_NONE, &cmdline_auth_info.got_pass, 0, "Don't ask for a password" },
421 { "kerberos", 'k', POPT_ARG_NONE, &cmdline_auth_info.use_kerberos, 'k', "Use kerberos (active directory) authentication" },
422 { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
423 { "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" },
424 { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" },
428 void cmdline_set_username(const char *name)
430 pstrcpy(cmdline_auth_info.username, name);
433 const char *cmdline_get_username(void)
435 return cmdline_auth_info.username;
438 void cmdline_set_userdomain(const char *domain)
440 cmdline_auth_info.got_domain = True;
441 pstrcpy(cmdline_auth_info.domain, domain);
444 const char *cmdline_get_userdomain(void)
446 if (cmdline_auth_info.got_domain) {
447 return cmdline_auth_info.domain;
450 /* I think this should be lp_netbios_name()
451 * instead of lp_workgroup(), because if you're logged in
452 * as domain user the getenv("USER") contains the domain
453 * and this code path isn't used
456 return lp_netbios_name();
459 const char *cmdline_get_userpassword(void)
464 if (cmdline_auth_info.got_pass) {
465 return cmdline_auth_info.password;
468 prompt = talloc_asprintf(NULL, "Password for [%s\\%s]:",
469 cmdline_get_userdomain(),
470 cmdline_get_username());
472 ret = getpass(prompt);
478 void cmdline_set_userpassword(const char *pass)
480 cmdline_auth_info.got_pass = True;
481 pstrcpy(cmdline_auth_info.password, pass);
484 void cmdline_set_use_kerberos(BOOL use_kerberos)
486 cmdline_auth_info.use_kerberos = use_kerberos;
489 BOOL cmdline_get_use_kerberos(void)
491 return cmdline_auth_info.use_kerberos;