source/lib/popt_common.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Common popt routines
   4
   5    Copyright (C) Tim Potter 2001,2002
   6    Copyright (C) Jelmer Vernooij 2002,2003
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24
  25 /* Handle command line options:
  26  *              -d,--debuglevel
  27  *              -s,--configfile
  28  *              -O,--socket-options
  29  *              -V,--version
  30  *              -l,--log-base
  31  *              -n,--netbios-name
  32  *              -W,--workgroup
  33  *              -i,--scope
  34  */
  35
  36 extern pstring user_socket_options;
  37 extern BOOL AllowDebugChange;
  38
  39 struct user_auth_info cmdline_auth_info;
  40
  41 static void popt_common_callback(poptContext con,
  42                            enum poptCallbackReason reason,
  43                            const struct poptOption *opt,
  44                            const char *arg, const void *data)
  45 {
  46         pstring logfile;
  47         const char *pname;
  48
  49         /* Find out basename of current program */
  50         pname = strrchr_m(poptGetInvocationName(con),'/');
  51
  52         if (!pname)
  53                 pname = poptGetInvocationName(con);
  54         else
  55                 pname++;
  56
  57         if (reason == POPT_CALLBACK_REASON_PRE) {
  58                 pstr_sprintf(logfile, "%s/log.%s", dyn_LOGFILEBASE, pname);
  59                 lp_set_logfile(logfile);
  60                 return;
  61         }
  62
  63         switch(opt->val) {
  64         case 'd':
  65                 if (arg) {
  66                         debug_parse_levels(arg);
  67                         AllowDebugChange = False;
  68                 }
  69                 break;
  70
  71         case 'V':
  72                 printf( "Version %s\n", SAMBA_VERSION_STRING);
  73                 exit(0);
  74                 break;
  75
  76         case 'O':
  77                 if (arg) {
  78                         pstrcpy(user_socket_options,arg);
  79                 }
  80                 break;
  81
  82         case 's':
  83                 if (arg) {
  84                         pstrcpy(dyn_CONFIGFILE, arg);
  85                 }
  86                 break;
  87
  88         case 'n':
  89                 if (arg) {
  90                         set_global_myname(arg);
  91                 }
  92                 break;
  93
  94         case 'l':
  95                 if (arg) {
  96                         pstr_sprintf(logfile, "%s/log.%s", arg, pname);
  97                         lp_set_logfile(logfile);
  98                 }
  99                 break;
 100
 101         case 'i':
 102                 if (arg) {
 103                           set_global_scope(arg);
 104                 }
 105                 break;
 106
 107         case 'W':
 108                 if (arg) {
 109                         set_global_myworkgroup(arg);
 110                 }
 111                 break;
 112         }
 113 }
 114
 115 struct poptOption popt_common_connection[] = {
 116         { NULL, 0, POPT_ARG_CALLBACK, popt_common_callback },
 117         { "socket-options", 'O', POPT_ARG_STRING, NULL, 'O', "socket options to use",
 118           "SOCKETOPTIONS" },
 119         { "netbiosname", 'n', POPT_ARG_STRING, NULL, 'n', "Primary netbios name", "NETBIOSNAME" },
 120         { "workgroup", 'W', POPT_ARG_STRING, NULL, 'W', "Set the workgroup name", "WORKGROUP" },
 121         { "scope", 'i', POPT_ARG_STRING, NULL, 'i', "Use this Netbios scope", "SCOPE" },
 122
 123         POPT_TABLEEND
 124 };
 125
 126 struct poptOption popt_common_samba[] = {
 127         { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, popt_common_callback },
 128         { "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" },
 129         { "configfile", 's', POPT_ARG_STRING, NULL, 's', "Use alternative configuration file", "CONFIGFILE" },
 130         { "log-basename", 'l', POPT_ARG_STRING, NULL, 'l', "Basename for log/debug files", "LOGFILEBASE" },
 131         { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
 132         POPT_TABLEEND
 133 };
 134
 135 struct poptOption popt_common_version[] = {
 136         { NULL, 0, POPT_ARG_CALLBACK, popt_common_callback },
 137         { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
 138         POPT_TABLEEND
 139 };
 140
 141
 142
 143 /****************************************************************************
 144  * get a password from a a file or file descriptor
 145  * exit on failure
 146  * ****************************************************************************/
 147 static void get_password_file(struct user_auth_info *a)
 148 {
 149         int fd = -1;
 150         char *p;
 151         BOOL close_it = False;
 152         pstring spec;
 153         char pass[128];
 154
 155         if ((p = getenv("PASSWD_FD")) != NULL) {
 156                 pstrcpy(spec, "descriptor ");
 157                 pstrcat(spec, p);
 158                 sscanf(p, "%d", &fd);
 159                 close_it = False;
 160         } else if ((p = getenv("PASSWD_FILE")) != NULL) {
 161                 fd = sys_open(p, O_RDONLY, 0);
 162                 pstrcpy(spec, p);
 163                 if (fd < 0) {
 164                         fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n",
 165                                         spec, strerror(errno));
 166                         exit(1);
 167                 }
 168                 close_it = True;
 169         }
 170
 171         for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */
 172                 p && p - pass < sizeof(pass);) {
 173                 switch (read(fd, p, 1)) {
 174                 case 1:
 175                         if (*p != '\n' && *p != '\0') {
 176                                 *++p = '\0'; /* advance p, and null-terminate pass */
 177                                 break;
 178                         }
 179                 case 0:
 180                         if (p - pass) {
 181                                 *p = '\0'; /* null-terminate it, just in case... */
 182                                 p = NULL; /* then force the loop condition to become false */
 183                                 break;
 184                         } else {
 185                                 fprintf(stderr, "Error reading password from file %s: %s\n",
 186                                                 spec, "empty password\n");
 187                                 exit(1);
 188                         }
 189
 190                 default:
 191                         fprintf(stderr, "Error reading password from file %s: %s\n",
 192                                         spec, strerror(errno));
 193                         exit(1);
 194                 }
 195         }
 196         pstrcpy(a->password, pass);
 197         if (close_it)
 198                 close(fd);
 199 }
 200
 201 static void get_credentials_file(const char *file, struct user_auth_info *info)
 202 {
 203         XFILE *auth;
 204         fstring buf;
 205         uint16 len = 0;
 206         char *ptr, *val, *param;
 207
 208         if ((auth=x_fopen(file, O_RDONLY, 0)) == NULL)
 209         {
 210                 /* fail if we can't open the credentials file */
 211                 d_printf("ERROR: Unable to open credentials file!\n");
 212                 exit(-1);
 213         }
 214
 215         while (!x_feof(auth))
 216         {
 217                 /* get a line from the file */
 218                 if (!x_fgets(buf, sizeof(buf), auth))
 219                         continue;
 220                 len = strlen(buf);
 221
 222                 if ((len) && (buf[len-1]=='\n'))
 223                 {
 224                         buf[len-1] = '\0';
 225                         len--;
 226                 }
 227                 if (len == 0)
 228                         continue;
 229
 230                 /* break up the line into parameter & value.
 231                  * will need to eat a little whitespace possibly */
 232                 param = buf;
 233                 if (!(ptr = strchr_m (buf, '=')))
 234                         continue;
 235
 236                 val = ptr+1;
 237                 *ptr = '\0';
 238
 239                 /* eat leading white space */
 240                 while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
 241                         val++;
 242
 243                 if (strwicmp("password", param) == 0)
 244                 {
 245                         pstrcpy(info->password, val);
 246                         info->got_pass = True;
 247                 }
 248                 else if (strwicmp("username", param) == 0)
 249                         pstrcpy(info->username, val);
 250                 else if (strwicmp("domain", param) == 0)
 251                         set_global_myworkgroup(val);
 252                 memset(buf, 0, sizeof(buf));
 253         }
 254         x_fclose(auth);
 255 }
 256
 257 /* Handle command line options:
 258  *              -U,--user
 259  *              -A,--authentication-file
 260  *              -k,--use-kerberos
 261  *              -N,--no-pass
 262  *              -S,--signing
 263  *              -P --machine-pass
 264  */
 265
 266
 267 static void popt_common_credentials_callback(poptContext con,
 268                                         enum poptCallbackReason reason,
 269                                         const struct poptOption *opt,
 270                                         const char *arg, const void *data)
 271 {
 272         char *p;
 273
 274         if (reason == POPT_CALLBACK_REASON_PRE) {
 275                 cmdline_auth_info.use_kerberos = False;
 276                 cmdline_auth_info.got_pass = False;
 277                 cmdline_auth_info.signing_state = Undefined;
 278                 pstrcpy(cmdline_auth_info.username, "GUEST");
 279
 280                 if (getenv("LOGNAME"))pstrcpy(cmdline_auth_info.username,getenv("LOGNAME"));
 281
 282                 if (getenv("USER")) {
 283                         pstrcpy(cmdline_auth_info.username,getenv("USER"));
 284
 285                         if ((p = strchr_m(cmdline_auth_info.username,'%'))) {
 286                                 *p = 0;
 287                                 pstrcpy(cmdline_auth_info.password,p+1);
 288                                 cmdline_auth_info.got_pass = True;
 289                                 memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(cmdline_auth_info.password));
 290                         }
 291                 }
 292
 293                 if (getenv("PASSWD")) {
 294                         pstrcpy(cmdline_auth_info.password,getenv("PASSWD"));
 295                         cmdline_auth_info.got_pass = True;
 296                 }
 297
 298                 if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
 299                         get_password_file(&cmdline_auth_info);
 300                         cmdline_auth_info.got_pass = True;
 301                 }
 302
 303                 return;
 304         }
 305
 306         switch(opt->val) {
 307         case 'U':
 308                 {
 309                         char *lp;
 310
 311                         pstrcpy(cmdline_auth_info.username,arg);
 312                         if ((lp=strchr_m(cmdline_auth_info.username,'%'))) {
 313                                 *lp = 0;
 314                                 pstrcpy(cmdline_auth_info.password,lp+1);
 315                                 cmdline_auth_info.got_pass = True;
 316                                 memset(strchr_m(arg,'%')+1,'X',strlen(cmdline_auth_info.password));
 317                         }
 318                 }
 319                 break;
 320
 321         case 'A':
 322                 get_credentials_file(arg, &cmdline_auth_info);
 323                 break;
 324
 325         case 'k':
 326 #ifndef HAVE_KRB5
 327                 d_printf("No kerberos support compiled in\n");
 328                 exit(1);
 329 #else
 330                 cmdline_auth_info.use_kerberos = True;
 331                 cmdline_auth_info.got_pass = True;
 332 #endif
 333                 break;
 334
 335         case 'S':
 336                 {
 337                         cmdline_auth_info.signing_state = -1;
 338                         if (strequal(arg, "off") || strequal(arg, "no") || strequal(arg, "false"))
 339                                 cmdline_auth_info.signing_state = False;
 340                         else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true") ||
 341                                         strequal(arg, "auto") )
 342                                 cmdline_auth_info.signing_state = True;
 343                         else if (strequal(arg, "force") || strequal(arg, "required") || strequal(arg, "forced"))
 344                                 cmdline_auth_info.signing_state = Required;
 345                         else {
 346                                 fprintf(stderr, "Unknown signing option %s\n", arg );
 347                                 exit(1);
 348                         }
 349                 }
 350                 break;
 351         case 'P':
 352                 {
 353                         char *opt_password = NULL;
 354                         /* it is very useful to be able to make ads queries as the
 355                            machine account for testing purposes and for domain leave */
 356
 357                         if (!secrets_init()) {
 358                                 d_printf("ERROR: Unable to open secrets database\n");
 359                                 exit(1);
 360                         }
 361
 362                         opt_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
 363
 364                         if (!opt_password) {
 365                                 d_printf("ERROR: Unable to fetch machine password\n");
 366                                 exit(1);
 367                         }
 368                         pstr_sprintf(cmdline_auth_info.username, "%s$",
 369                                      global_myname());
 370                         pstrcpy(cmdline_auth_info.password,opt_password);
 371                         SAFE_FREE(opt_password);
 372
 373                         /* machine accounts only work with kerberos */
 374                         cmdline_auth_info.use_kerberos = True;
 375                         cmdline_auth_info.got_pass = True;
 376                 }
 377                 break;
 378         }
 379 }
 380
 381
 382
 383 struct poptOption popt_common_credentials[] = {
 384         { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, popt_common_credentials_callback },
 385         { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "USERNAME" },
 386         { "no-pass", 'N', POPT_ARG_NONE, &cmdline_auth_info.got_pass, 0, "Don't ask for a password" },
 387         { "kerberos", 'k', POPT_ARG_NONE, &cmdline_auth_info.use_kerberos, 'k', "Use kerberos (active directory) authentication" },
 388         { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
 389         { "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" },
 390         {"machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" },
 391         POPT_TABLEEND
 392 };