From fb262f79fab00374023e59476e8d05a1015a7041 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Thu, 14 May 2009 11:39:01 +0200 Subject: [PATCH] net: Use samba default command line arguments. Attention: The meaning of the -N flag changed. To get the old meaning for net groupmap set, use the long option --ntname The long option for using kerberos changed from --kerberos to --use-kerberos net rpc commands will now prompt for a password if none is given. As a benefit, net will now accept an authentication file like other samba command line tools. So no need to specify the password on the command line in scripts anymore. This should fix bug #6357 Signed-off-by: Kai Blin --- source3/utils/net.c | 43 +++---------- source3/utils/net.h | 9 +-- source3/utils/net_ads.c | 81 ++++++++++++------------ source3/utils/net_dom.c | 8 ++- source3/utils/net_help.c | 1 + source3/utils/net_proto.h | 3 - source3/utils/net_rpc.c | 74 ++++++++++++++-------- source3/utils/net_rpc_join.c | 3 +- source3/utils/net_rpc_samsync.c | 4 +- source3/utils/net_rpc_shell.c | 9 ++- source3/utils/net_util.c | 109 ++++++-------------------------- 11 files changed, 135 insertions(+), 209 deletions(-) diff --git a/source3/utils/net.c b/source3/utils/net.c index 9cd41c5b374..0e3946f5a51 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -625,7 +625,6 @@ static struct functable net_func[] = { int main(int argc, const char **argv) { int opt,i; - char *p; int rc = 0; int argc_new = 0; const char ** argv_new; @@ -636,12 +635,10 @@ static struct functable net_func[] = { struct poptOption long_options[] = { {"help", 'h', POPT_ARG_NONE, 0, 'h'}, {"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup}, - {"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'}, {"ipaddress", 'I', POPT_ARG_STRING, 0,'I'}, {"port", 'p', POPT_ARG_INT, &c->opt_port}, {"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name}, {"server", 'S', POPT_ARG_STRING, &c->opt_host}, - {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" }, {"container", 'c', POPT_ARG_STRING, &c->opt_container}, {"comment", 'C', POPT_ARG_STRING, &c->opt_comment}, {"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers}, @@ -652,15 +649,13 @@ static struct functable net_func[] = { {"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin}, {"timeout", 't', POPT_ARG_INT, &c->opt_timeout}, {"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout}, - {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass}, - {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos}, {"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup}, {"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose}, {"test", 'T', POPT_ARG_NONE, &c->opt_testmode}, /* Options for 'net groupmap set' */ {"local", 'L', POPT_ARG_NONE, &c->opt_localgroup}, {"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup}, - {"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname}, + {"ntname", 0, POPT_ARG_STRING, &c->opt_newntname}, {"rid", 'R', POPT_ARG_INT, &c->opt_rid}, /* Options for 'net rpc share migrate' */ {"acls", 0, POPT_ARG_NONE, &c->opt_acls}, @@ -675,6 +670,7 @@ static struct functable net_func[] = { {"clean-old-entries", 0, POPT_ARG_NONE, &c->opt_clean_old_entries}, POPT_COMMON_SAMBA + POPT_COMMON_CREDENTIALS { 0, 0, 0, 0} }; @@ -688,6 +684,13 @@ static struct functable net_func[] = { dbf = x_stderr; c->private_data = net_func; + c->auth_info = user_auth_info_init(frame); + if (c->auth_info == NULL) { + d_fprintf(stderr, "\nOut of memory!\n"); + exit(1); + } + popt_common_set_auth_info(c->auth_info); + pc = poptGetContext(NULL, argc, (const char **) argv, long_options, POPT_CONTEXT_KEEP_FIRST); @@ -695,9 +698,7 @@ static struct functable net_func[] = { switch (opt) { case 'h': c->display_usage = true; - break; - case 'e': - c->smb_encrypt = true; + set_cmdline_auth_info_password(c->auth_info, ""); break; case 'I': if (!interpret_string_addr(&c->opt_dest_ip, @@ -707,15 +708,6 @@ static struct functable net_func[] = { c->opt_have_ip = true; } break; - case 'U': - c->opt_user_specified = true; - c->opt_user_name = SMB_STRDUP(c->opt_user_name); - p = strchr(c->opt_user_name,'%'); - if (p) { - *p = 0; - c->opt_password = p+1; - } - break; default: d_fprintf(stderr, "\nInvalid option %s: %s\n", poptBadOption(pc, 0), poptStrerror(opt)); @@ -749,10 +741,6 @@ static struct functable net_func[] = { set_global_myname(c->opt_requester_name); } - if (!c->opt_user_name && getenv("LOGNAME")) { - c->opt_user_name = getenv("LOGNAME"); - } - if (!c->opt_workgroup) { c->opt_workgroup = smb_xstrdup(lp_workgroup()); } @@ -770,17 +758,6 @@ static struct functable net_func[] = { that it won't assert becouse we are not root */ sec_init(); - if (c->opt_machine_pass) { - /* it is very useful to be able to make ads queries as the - machine account for testing purposes and for domain leave */ - - net_use_krb_machine_account(c); - } - - if (!c->opt_password) { - c->opt_password = getenv("PASSWD"); - } - rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func); DEBUG(2,("return code = %d\n", rc)); diff --git a/source3/utils/net.h b/source3/utils/net.h index d88f962d41e..f604d96361a 100644 --- a/source3/utils/net.h +++ b/source3/utils/net.h @@ -28,11 +28,8 @@ struct net_context { const char *opt_requester_name; const char *opt_host; - const char *opt_password; - const char *opt_user_name; - bool opt_user_specified; - const char *opt_workgroup; int opt_long_list_entries; + const char *opt_workgroup; int opt_reboot; int opt_force; int opt_stdin; @@ -45,7 +42,6 @@ struct net_context { int opt_timeout; int opt_request_timeout; const char *opt_target_workgroup; - int opt_machine_pass; int opt_localgroup; int opt_domaingroup; int do_talloc_report; @@ -57,15 +53,14 @@ struct net_context { const char *opt_exclude; const char *opt_destination; int opt_testmode; - bool opt_kerberos; int opt_force_full_repl; int opt_single_obj_repl; int opt_clean_old_entries; int opt_have_ip; struct sockaddr_storage opt_dest_ip; - bool smb_encrypt; struct libnetapi_ctx *netapi_ctx; + struct user_auth_info *auth_info; bool display_usage; void *private_data; diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8e927becbe1..4503231566c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -231,32 +231,22 @@ retry_connect: ads = ads_init(realm, c->opt_target_workgroup, c->opt_host); - if (!c->opt_user_name) { - c->opt_user_name = "administrator"; - } - - if (c->opt_user_specified) { - need_password = true; - } - retry: - if (!c->opt_password && need_password && !c->opt_machine_pass) { - c->opt_password = net_prompt_pass(c, c->opt_user_name); - if (!c->opt_password) { - ads_destroy(&ads); - return ADS_ERROR(LDAP_NO_MEMORY); - } + if (need_password) { + set_cmdline_auth_info_getpass(c->auth_info); } - if (c->opt_password) { + if (get_cmdline_auth_info_got_pass(c->auth_info)) { use_in_memory_ccache(); SAFE_FREE(ads->auth.password); - ads->auth.password = smb_xstrdup(c->opt_password); + ads->auth.password = smb_xstrdup( + get_cmdline_auth_info_password(c->auth_info)); } ads->auth.flags |= auth_flags; SAFE_FREE(ads->auth.user_name); - ads->auth.user_name = smb_xstrdup(c->opt_user_name); + ads->auth.user_name = smb_xstrdup( + get_cmdline_auth_info_username(c->auth_info)); /* * If the username is of the form "name@realm", @@ -875,6 +865,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) TALLOC_CTX *ctx; struct libnet_UnjoinCtx *r = NULL; WERROR werr; + struct user_auth_info *ai = c->auth_info; if (c->display_usage) { d_printf("Usage:\n" @@ -893,7 +884,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) return -1; } - if (!c->opt_kerberos) { + if (!get_cmdline_auth_info_use_kerberos(ai)) { use_in_memory_ccache(); } @@ -903,12 +894,14 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) return -1; } + set_cmdline_auth_info_getpass(ai); + r->in.debug = true; - r->in.use_kerberos = c->opt_kerberos; + r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai); r->in.dc_name = c->opt_host; r->in.domain_name = lp_realm(); - r->in.admin_account = c->opt_user_name; - r->in.admin_password = net_prompt_pass(c, c->opt_user_name); + r->in.admin_account = get_cmdline_auth_info_username(ai); + r->in.admin_password = get_cmdline_auth_info_password(ai); r->in.modify_config = lp_config_backend_is_registry(); r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; @@ -959,7 +952,7 @@ static NTSTATUS net_ads_join_ok(struct net_context *c) return NT_STATUS_ACCESS_DENIED; } - net_use_krb_machine_account(c); + set_cmdline_auth_info_use_machine_account(c->auth_info); status = ads_startup(c, true, &ads); if (!ADS_ERR_OK(status)) { @@ -1190,6 +1183,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) const char *os_name = NULL; const char *os_version = NULL; bool modify_config = lp_config_backend_is_registry(); + struct user_auth_info *ai = c->auth_info;; if (c->display_usage) return net_ads_join_usage(c, argc, argv); @@ -1209,7 +1203,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) goto fail; } - if (!c->opt_kerberos) { + if (!get_cmdline_auth_info_use_kerberos(ai)) { use_in_memory_ccache(); } @@ -1259,6 +1253,8 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) /* Do the domain join here */ + set_cmdline_auth_info_getpass(ai); + r->in.domain_name = domain; r->in.create_upn = createupn; r->in.upn = machineupn; @@ -1266,10 +1262,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) r->in.os_name = os_name; r->in.os_version = os_version; r->in.dc_name = c->opt_host; - r->in.admin_account = c->opt_user_name; - r->in.admin_password = net_prompt_pass(c, c->opt_user_name); + r->in.admin_account = get_cmdline_auth_info_username(ai); + r->in.admin_password = get_cmdline_auth_info_password(ai); r->in.debug = true; - r->in.use_kerberos = c->opt_kerberos; + r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai); r->in.modify_config = modify_config; r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | @@ -1580,6 +1576,7 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * char *prt_dn, *srv_dn, **srv_cn; char *srv_cn_escaped = NULL, *printername_escaped = NULL; LDAPMessage *res = NULL; + struct user_auth_info *ai = c->auth_info; if (argc < 1 || c->display_usage) { d_printf("Usage:\n" @@ -1611,8 +1608,9 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * nt_status = cli_full_connection(&cli, global_myname(), servername, &server_ss, 0, "IPC$", "IPC", - c->opt_user_name, c->opt_workgroup, - c->opt_password ? c->opt_password : "", + get_cmdline_auth_info_username(ai), + c->opt_workgroup, + get_cmdline_auth_info_password(ai), CLI_FULL_CONNECTION_USE_KERBEROS, Undefined, NULL); @@ -1800,8 +1798,8 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv) static int net_ads_password(struct net_context *c, int argc, const char **argv) { ADS_STRUCT *ads; - const char *auth_principal = c->opt_user_name; - const char *auth_password = c->opt_password; + const char *auth_principal; + const char *auth_password; char *realm = NULL; char *new_password = NULL; char *chr, *prompt; @@ -1816,10 +1814,9 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv) return 0; } - if (c->opt_user_name == NULL || c->opt_password == NULL) { - d_fprintf(stderr, "You must supply an administrator username/password\n"); - return -1; - } + auth_principal = get_cmdline_auth_info_username(c->auth_info); + set_cmdline_auth_info_getpass(c->auth_info); + auth_password = get_cmdline_auth_info_password(c->auth_info); if (argc < 1) { d_fprintf(stderr, "ERROR: You must say which username to change password for\n"); @@ -1901,7 +1898,7 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv) return -1; } - net_use_krb_machine_account(c); + set_cmdline_auth_info_use_machine_account(c->auth_info); use_in_memory_ccache(); @@ -2283,6 +2280,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar TALLOC_CTX *mem_ctx = NULL; NTSTATUS status; int ret = -1; + struct user_auth_info *ai = c->auth_info; if (c->display_usage) { d_printf("Usage:\n" @@ -2296,11 +2294,11 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar goto out; } - c->opt_password = net_prompt_pass(c, c->opt_user_name); + set_cmdline_auth_info_getpass(ai); status = kerberos_return_pac(mem_ctx, - c->opt_user_name, - c->opt_password, + get_cmdline_auth_info_username(ai), + get_cmdline_auth_info_password(ai), 0, NULL, NULL, @@ -2333,6 +2331,7 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** TALLOC_CTX *mem_ctx = NULL; int ret = -1; NTSTATUS status; + struct user_auth_info *ai = c->auth_info; if (c->display_usage) { d_printf("Usage:\n" @@ -2346,10 +2345,10 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** goto out; } - c->opt_password = net_prompt_pass(c, c->opt_user_name); + set_cmdline_auth_info_getpass(ai); - ret = kerberos_kinit_password_ext(c->opt_user_name, - c->opt_password, + ret = kerberos_kinit_password_ext(get_cmdline_auth_info_username(ai), + get_cmdline_auth_info_password(ai), 0, NULL, NULL, diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c index 401079777f8..a13f52c5193 100644 --- a/source3/utils/net_dom.c +++ b/source3/utils/net_dom.c @@ -368,9 +368,11 @@ int net_dom(struct net_context *c, int argc, const char **argv) return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c index 0502373aa2f..5a170790c5b 100644 --- a/source3/utils/net_help.c +++ b/source3/utils/net_help.c @@ -65,5 +65,6 @@ int net_help(struct net_context *c, int argc, const char **argv) } c->display_usage = true; + set_cmdline_auth_info_password(c->auth_info, ""); return net_run_function(c, argc, argv, "net help", func); } diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 75ac032db92..8a09147aad9 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -459,8 +459,6 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, struct rpc_pipe_client **pp_pipe_hnd, const struct ndr_syntax_id *interface); -int net_use_krb_machine_account(struct net_context *c); -int net_use_machine_account(struct net_context *c); bool net_find_server(struct net_context *c, const char *domain, unsigned flags, @@ -475,7 +473,6 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain, const char *server, struct sockaddr_storage *pss, unsigned flags, struct cli_state **pcli); -const char *net_prompt_pass(struct net_context *c, const char *user); int net_run_function(struct net_context *c, int argc, const char **argv, const char *whoami, struct functable *table); void net_display_usage_from_functable(struct functable *table); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index f6f90030fe6..0118b4818a6 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -25,7 +25,8 @@ #include "../libcli/auth/libcli_auth.h" static int net_mode_share; -static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); +static bool sync_files(struct copy_clistate *cp_clistate, const char *mask, + const struct user_auth_info *auth_info); /** * @file net_rpc.c @@ -122,6 +123,7 @@ int run_rpc_command(struct net_context *c, DOM_SID *domain_sid; const char *domain_name; int ret = -1; + struct user_auth_info *ai = c->auth_info; /* make use of cli_state handed over as an argument, if possible */ if (!cli_arg) { @@ -171,8 +173,10 @@ int run_rpc_command(struct net_context *c, nt_status = cli_rpc_pipe_open_ntlmssp( cli, interface, PIPE_AUTH_LEVEL_PRIVACY, - lp_workgroup(), c->opt_user_name, - c->opt_password, &pipe_hnd); + lp_workgroup(), + get_cmdline_auth_info_username(ai), + get_cmdline_auth_info_password(ai), + &pipe_hnd); } else { nt_status = cli_rpc_pipe_open_noauth( cli, interface, @@ -940,9 +944,12 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -2756,9 +2763,12 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -3245,7 +3255,7 @@ static void copy_fn(const char *mnt, file_info *f, old_dir = local_state->cwd; local_state->cwd = dir; - if (!sync_files(local_state, new_mask)) + if (!sync_files(local_state, new_mask, c->auth_info)) printf("could not handle files\n"); local_state->cwd = old_dir; @@ -3292,15 +3302,18 @@ static void copy_fn(const char *mnt, file_info *f, * * @return Boolean result **/ -static bool sync_files(struct copy_clistate *cp_clistate, const char *mask) +static bool sync_files(struct copy_clistate *cp_clistate, const char *mask, + const struct user_auth_info *auth_info) { struct cli_state *targetcli; char *targetpath = NULL; DEBUG(3,("calling cli_list with mask: %s\n", mask)); - if ( !cli_resolve_path(talloc_tos(), "", NULL, cp_clistate->cli_share_src, - mask, &targetcli, &targetpath ) ) { + + if ( !cli_resolve_path(talloc_tos(), "", auth_info, + cp_clistate->cli_share_src, mask, &targetcli, + &targetpath ) ) { d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n", mask, cli_errstr(cp_clistate->cli_share_src)); return false; @@ -3463,7 +3476,7 @@ static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c, goto done; } - if (!sync_files(&cp_clistate, mask)) { + if (!sync_files(&cp_clistate, mask, c->auth_info)) { d_fprintf(stderr, "could not handle files for share: %s\n", info502.name); nt_status = NT_STATUS_UNSUCCESSFUL; goto done; @@ -4564,9 +4577,12 @@ int net_rpc_share(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -4839,9 +4855,12 @@ int net_rpc_file(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } @@ -5531,7 +5550,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, c->opt_workgroup = smb_xstrdup(domain_name); }; - c->opt_user_name = acct_name; + set_cmdline_auth_info_username(c->auth_info, acct_name); /* find the domain controller */ if (!net_find_pdc(&server_ss, pdc_name, domain_name)) { @@ -5628,7 +5647,9 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, * Store the password in secrets db */ - if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) { + if (!pdb_set_trusteddom_pw(domain_name, + get_cmdline_auth_info_password(c->auth_info), + domain_sid)) { DEBUG(0, ("Storing password for trusted domain failed.\n")); cli_shutdown(cli); talloc_destroy(mem_ctx); @@ -7190,9 +7211,12 @@ int net_rpc(struct net_context *c, int argc, const char **argv) if (status != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index ed0311317dc..cae2491aed4 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -58,7 +58,8 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, if (sec == SEC_ADS) { /* Connect to IPC$ using machine account's credentials. We don't use anonymous connection here, as it may be denied by server's local policy. */ - net_use_machine_account(c); + set_cmdline_auth_info_use_machine_account(c->auth_info); + set_cmdline_auth_info_machine_account_creds(c->auth_info); } else { /* some servers (e.g. WinNT) don't accept machine-authenticated diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 6b23db74cba..bd5047c1ff0 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -379,8 +379,8 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, ctx->cli = pipe_hnd; ctx->ops = &libnet_samsync_keytab_ops; ctx->domain_name = domain_name; - ctx->username = c->opt_user_name; - ctx->password = c->opt_password; + ctx->username = get_cmdline_auth_info_username(c->auth_info); + ctx->password = get_cmdline_auth_info_password(c->auth_info); ctx->force_full_replication = c->opt_force_full_repl ? true : false; ctx->clean_old_entries = c->opt_clean_old_entries ? true : false; diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c index 3aaed1ed181..dc13e914238 100644 --- a/source3/utils/net_rpc_shell.c +++ b/source3/utils/net_rpc_shell.c @@ -220,9 +220,12 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv) if (libnetapi_init(&c->netapi_ctx) != 0) { return -1; } - libnetapi_set_username(c->netapi_ctx, c->opt_user_name); - libnetapi_set_password(c->netapi_ctx, c->opt_password); - if (c->opt_kerberos) { + set_cmdline_auth_info_getpass(c->auth_info); + libnetapi_set_username(c->netapi_ctx, + get_cmdline_auth_info_username(c->auth_info)); + libnetapi_set_password(c->netapi_ctx, + get_cmdline_auth_info_password(c->auth_info)); + if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { libnetapi_set_use_kerberos(c->netapi_ctx); } diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 8bf9aac6f26..50f3c1db011 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -96,22 +96,22 @@ NTSTATUS connect_to_service(struct net_context *c, { NTSTATUS nt_status; int flags = 0; + struct user_auth_info *ai = c->auth_info; - c->opt_password = net_prompt_pass(c, c->opt_user_name); + set_cmdline_auth_info_getpass(ai); - if (c->opt_kerberos) { - flags |= CLI_FULL_CONNECTION_USE_KERBEROS; - } - - if (c->opt_kerberos && c->opt_password) { - flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; + if (get_cmdline_auth_info_use_kerberos(ai)) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS | + CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } nt_status = cli_full_connection(cli_ctx, NULL, server_name, server_ss, c->opt_port, service_name, service_type, - c->opt_user_name, c->opt_workgroup, - c->opt_password, flags, Undefined, NULL); + get_cmdline_auth_info_username(ai), + c->opt_workgroup, + get_cmdline_auth_info_password(ai), + flags, Undefined, NULL); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Could not connect to server %s\n", server_name); @@ -131,10 +131,10 @@ NTSTATUS connect_to_service(struct net_context *c, return nt_status; } - if (c->smb_encrypt) { + if (get_cmdline_auth_info_smb_encrypt(ai)) { nt_status = cli_force_encryption(*cli_ctx, - c->opt_user_name, - c->opt_password, + get_cmdline_auth_info_username(ai), + get_cmdline_auth_info_password(ai), c->opt_workgroup); if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) { @@ -234,14 +234,12 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, { NTSTATUS nt_status; char *user_and_realm = NULL; + struct user_auth_info *ai = c->auth_info; /* FIXME: Should get existing kerberos ticket if possible. */ - c->opt_password = net_prompt_pass(c, c->opt_user_name); - if (!c->opt_password) { - return NT_STATUS_NO_MEMORY; - } + set_cmdline_auth_info_getpass(ai); - user_and_realm = get_user_and_realm(c->opt_user_name); + user_and_realm = get_user_and_realm(get_cmdline_auth_info_username(ai)); if (!user_and_realm) { return NT_STATUS_NO_MEMORY; } @@ -250,7 +248,7 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, server_ss, c->opt_port, "IPC$", "IPC", user_and_realm, c->opt_workgroup, - c->opt_password, + get_cmdline_auth_info_password(ai), CLI_FULL_CONNECTION_USE_KERBEROS, Undefined, NULL); @@ -261,10 +259,10 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, return nt_status; } - if (c->smb_encrypt) { + if (get_cmdline_auth_info_smb_encrypt(ai)) { nt_status = cli_cm_force_encryption(*cli_ctx, user_and_realm, - c->opt_password, + get_cmdline_auth_info_password(ai), c->opt_workgroup, "IPC$"); if (!NT_STATUS_IS_OK(nt_status)) { @@ -328,50 +326,6 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, return nt_status; } -/**************************************************************************** - Use the local machine account (krb) and password for this session. -****************************************************************************/ - -int net_use_krb_machine_account(struct net_context *c) -{ - char *user_name = NULL; - - if (!secrets_init()) { - d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); - exit(1); - } - - c->opt_password = secrets_fetch_machine_password( - c->opt_target_workgroup, NULL, NULL); - if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) { - return -1; - } - c->opt_user_name = user_name; - return 0; -} - -/**************************************************************************** - Use the machine account name and password for this session. -****************************************************************************/ - -int net_use_machine_account(struct net_context *c) -{ - char *user_name = NULL; - - if (!secrets_init()) { - d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); - exit(1); - } - - c->opt_password = secrets_fetch_machine_password( - c->opt_target_workgroup, NULL, NULL); - if (asprintf(&user_name, "%s$", global_myname()) == -1) { - return -1; - } - c->opt_user_name = user_name; - return 0; -} - bool net_find_server(struct net_context *c, const char *domain, unsigned flags, @@ -535,33 +489,6 @@ done: /**************************************************************************** ****************************************************************************/ -const char *net_prompt_pass(struct net_context *c, const char *user) -{ - char *prompt = NULL; - const char *pass = NULL; - - if (c->opt_password) { - return c->opt_password; - } - - if (c->opt_machine_pass) { - return NULL; - } - - if (c->opt_kerberos && !c->opt_user_specified) { - return NULL; - } - - if (asprintf(&prompt, "Enter %s's password:", user) == -1) { - return NULL; - } - - pass = getpass(prompt); - SAFE_FREE(prompt); - - return pass; -} - int net_run_function(struct net_context *c, int argc, const char **argv, const char *whoami, struct functable *table) { -- 2.34.1