The Samba-Bugzilla – Attachment 4153 Details for
Bug 6357
net fails to understand samba-standard command line options
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch to use samba default command line arguments in net
0001-net-Use-samba-default-command-line-arguments.patch (text/plain), 29.35 KB, created by
Kai Blin
on 2009-05-14 04:50:58 UTC
(
hide
)
Description:
Proposed patch to use samba default command line arguments in net
Filename:
MIME Type:
Creator:
Kai Blin
Created:
2009-05-14 04:50:58 UTC
Size:
29.35 KB
patch
obsolete
>From c07d03e6a3b9c0ea4c5a2445edb050c8d5dd5eee Mon Sep 17 00:00:00 2001 >From: Kai Blin <kai@samba.org> >Date: Thu, 14 May 2009 11:39:01 +0200 >Subject: [PATCH] net: Use samba default command line arguments. > >Attention: > >The meaning of the -N flag changed. >To get the old meaning for net groupmap set, use the long option --ntname >The long option for using kerberos changed from --kerberos to --use-kerberos > >net rpc commands will now prompt for a password if none is given. > >As a benefit, net will now accept an authentication file like other samba >command line tools. So no need to specify the password on the command line in >scripts anymore. > >This should fix bug #6357 > >Signed-off-by: Kai Blin <kai@samba.org> >--- > source3/utils/net.c | 42 +++------------ > source3/utils/net.h | 9 +--- > source3/utils/net_ads.c | 81 ++++++++++++++--------------- > source3/utils/net_dom.c | 8 ++- > source3/utils/net_proto.h | 3 - > source3/utils/net_rpc.c | 74 +++++++++++++++++--------- > source3/utils/net_rpc_join.c | 3 +- > source3/utils/net_rpc_samsync.c | 4 +- > source3/utils/net_rpc_shell.c | 9 ++- > source3/utils/net_util.c | 109 ++++++-------------------------------- > 10 files changed, 133 insertions(+), 209 deletions(-) > >diff --git a/source3/utils/net.c b/source3/utils/net.c >index 9cd41c5..123ee44 100644 >--- a/source3/utils/net.c >+++ b/source3/utils/net.c >@@ -625,7 +625,6 @@ static struct functable net_func[] = { > int main(int argc, const char **argv) > { > int opt,i; >- char *p; > int rc = 0; > int argc_new = 0; > const char ** argv_new; >@@ -636,12 +635,10 @@ static struct functable net_func[] = { > struct poptOption long_options[] = { > {"help", 'h', POPT_ARG_NONE, 0, 'h'}, > {"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup}, >- {"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'}, > {"ipaddress", 'I', POPT_ARG_STRING, 0,'I'}, > {"port", 'p', POPT_ARG_INT, &c->opt_port}, > {"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name}, > {"server", 'S', POPT_ARG_STRING, &c->opt_host}, >- {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" }, > {"container", 'c', POPT_ARG_STRING, &c->opt_container}, > {"comment", 'C', POPT_ARG_STRING, &c->opt_comment}, > {"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers}, >@@ -652,15 +649,13 @@ static struct functable net_func[] = { > {"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin}, > {"timeout", 't', POPT_ARG_INT, &c->opt_timeout}, > {"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout}, >- {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass}, >- {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos}, > {"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup}, > {"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose}, > {"test", 'T', POPT_ARG_NONE, &c->opt_testmode}, > /* Options for 'net groupmap set' */ > {"local", 'L', POPT_ARG_NONE, &c->opt_localgroup}, > {"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup}, >- {"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname}, >+ {"ntname", 0, POPT_ARG_STRING, &c->opt_newntname}, > {"rid", 'R', POPT_ARG_INT, &c->opt_rid}, > /* Options for 'net rpc share migrate' */ > {"acls", 0, POPT_ARG_NONE, &c->opt_acls}, >@@ -675,6 +670,7 @@ static struct functable net_func[] = { > {"clean-old-entries", 0, POPT_ARG_NONE, &c->opt_clean_old_entries}, > > POPT_COMMON_SAMBA >+ POPT_COMMON_CREDENTIALS > { 0, 0, 0, 0} > }; > >@@ -688,6 +684,13 @@ static struct functable net_func[] = { > dbf = x_stderr; > c->private_data = net_func; > >+ c->auth_info = user_auth_info_init(frame); >+ if (c->auth_info == NULL) { >+ d_fprintf(stderr, "\nOut of memory!\n"); >+ exit(1); >+ } >+ popt_common_set_auth_info(c->auth_info); >+ > pc = poptGetContext(NULL, argc, (const char **) argv, long_options, > POPT_CONTEXT_KEEP_FIRST); > >@@ -696,9 +699,6 @@ static struct functable net_func[] = { > case 'h': > c->display_usage = true; > break; >- case 'e': >- c->smb_encrypt = true; >- break; > case 'I': > if (!interpret_string_addr(&c->opt_dest_ip, > poptGetOptArg(pc), 0)) { >@@ -707,15 +707,6 @@ static struct functable net_func[] = { > c->opt_have_ip = true; > } > break; >- case 'U': >- c->opt_user_specified = true; >- c->opt_user_name = SMB_STRDUP(c->opt_user_name); >- p = strchr(c->opt_user_name,'%'); >- if (p) { >- *p = 0; >- c->opt_password = p+1; >- } >- break; > default: > d_fprintf(stderr, "\nInvalid option %s: %s\n", > poptBadOption(pc, 0), poptStrerror(opt)); >@@ -749,10 +740,6 @@ static struct functable net_func[] = { > set_global_myname(c->opt_requester_name); > } > >- if (!c->opt_user_name && getenv("LOGNAME")) { >- c->opt_user_name = getenv("LOGNAME"); >- } >- > if (!c->opt_workgroup) { > c->opt_workgroup = smb_xstrdup(lp_workgroup()); > } >@@ -770,17 +757,6 @@ static struct functable net_func[] = { > that it won't assert becouse we are not root */ > sec_init(); > >- if (c->opt_machine_pass) { >- /* it is very useful to be able to make ads queries as the >- machine account for testing purposes and for domain leave */ >- >- net_use_krb_machine_account(c); >- } >- >- if (!c->opt_password) { >- c->opt_password = getenv("PASSWD"); >- } >- > rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func); > > DEBUG(2,("return code = %d\n", rc)); >diff --git a/source3/utils/net.h b/source3/utils/net.h >index d88f962..f604d96 100644 >--- a/source3/utils/net.h >+++ b/source3/utils/net.h >@@ -28,11 +28,8 @@ > struct net_context { > const char *opt_requester_name; > const char *opt_host; >- const char *opt_password; >- const char *opt_user_name; >- bool opt_user_specified; >- const char *opt_workgroup; > int opt_long_list_entries; >+ const char *opt_workgroup; > int opt_reboot; > int opt_force; > int opt_stdin; >@@ -45,7 +42,6 @@ struct net_context { > int opt_timeout; > int opt_request_timeout; > const char *opt_target_workgroup; >- int opt_machine_pass; > int opt_localgroup; > int opt_domaingroup; > int do_talloc_report; >@@ -57,15 +53,14 @@ struct net_context { > const char *opt_exclude; > const char *opt_destination; > int opt_testmode; >- bool opt_kerberos; > int opt_force_full_repl; > int opt_single_obj_repl; > int opt_clean_old_entries; > > int opt_have_ip; > struct sockaddr_storage opt_dest_ip; >- bool smb_encrypt; > struct libnetapi_ctx *netapi_ctx; >+ struct user_auth_info *auth_info; > > bool display_usage; > void *private_data; >diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c >index 8e927be..9089735 100644 >--- a/source3/utils/net_ads.c >+++ b/source3/utils/net_ads.c >@@ -231,32 +231,22 @@ retry_connect: > > ads = ads_init(realm, c->opt_target_workgroup, c->opt_host); > >- if (!c->opt_user_name) { >- c->opt_user_name = "administrator"; >- } >- >- if (c->opt_user_specified) { >- need_password = true; >- } >- > retry: >- if (!c->opt_password && need_password && !c->opt_machine_pass) { >- c->opt_password = net_prompt_pass(c, c->opt_user_name); >- if (!c->opt_password) { >- ads_destroy(&ads); >- return ADS_ERROR(LDAP_NO_MEMORY); >- } >+ if (need_password) { >+ set_cmdline_auth_info_getpass(c->auth_info); > } > >- if (c->opt_password) { >+ if (get_cmdline_auth_info_got_pass(c->auth_info)) { > use_in_memory_ccache(); > SAFE_FREE(ads->auth.password); >- ads->auth.password = smb_xstrdup(c->opt_password); >+ ads->auth.password = smb_xstrdup( >+ get_cmdline_auth_info_password(c->auth_info)); > } > > ads->auth.flags |= auth_flags; > SAFE_FREE(ads->auth.user_name); >- ads->auth.user_name = smb_xstrdup(c->opt_user_name); >+ ads->auth.user_name = smb_xstrdup( >+ get_cmdline_auth_info_username(c->auth_info)); > > /* > * If the username is of the form "name@realm", >@@ -875,6 +865,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) > TALLOC_CTX *ctx; > struct libnet_UnjoinCtx *r = NULL; > WERROR werr; >+ struct user_auth_info *ai = c->auth_info; > > if (c->display_usage) { > d_printf("Usage:\n" >@@ -893,7 +884,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) > return -1; > } > >- if (!c->opt_kerberos) { >+ if (!get_cmdline_auth_info_use_kerberos(ai)) { > use_in_memory_ccache(); > } > >@@ -903,12 +894,14 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) > return -1; > } > >+ set_cmdline_auth_info_getpass(ai); >+ > r->in.debug = true; >- r->in.use_kerberos = c->opt_kerberos; >+ r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai); > r->in.dc_name = c->opt_host; > r->in.domain_name = lp_realm(); >- r->in.admin_account = c->opt_user_name; >- r->in.admin_password = net_prompt_pass(c, c->opt_user_name); >+ r->in.admin_account = get_cmdline_auth_info_username(ai); >+ r->in.admin_password = get_cmdline_auth_info_password(ai); > r->in.modify_config = lp_config_backend_is_registry(); > r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | > WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; >@@ -959,7 +952,7 @@ static NTSTATUS net_ads_join_ok(struct net_context *c) > return NT_STATUS_ACCESS_DENIED; > } > >- net_use_krb_machine_account(c); >+ set_cmdline_auth_info_use_machine_account(c->auth_info); > > status = ads_startup(c, true, &ads); > if (!ADS_ERR_OK(status)) { >@@ -1190,6 +1183,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) > const char *os_name = NULL; > const char *os_version = NULL; > bool modify_config = lp_config_backend_is_registry(); >+ struct user_auth_info *ai = c->auth_info;; > > if (c->display_usage) > return net_ads_join_usage(c, argc, argv); >@@ -1209,7 +1203,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) > goto fail; > } > >- if (!c->opt_kerberos) { >+ if (!get_cmdline_auth_info_use_kerberos(ai)) { > use_in_memory_ccache(); > } > >@@ -1259,6 +1253,8 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) > > /* Do the domain join here */ > >+ set_cmdline_auth_info_getpass(ai); >+ > r->in.domain_name = domain; > r->in.create_upn = createupn; > r->in.upn = machineupn; >@@ -1266,10 +1262,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) > r->in.os_name = os_name; > r->in.os_version = os_version; > r->in.dc_name = c->opt_host; >- r->in.admin_account = c->opt_user_name; >- r->in.admin_password = net_prompt_pass(c, c->opt_user_name); >+ r->in.admin_account = get_cmdline_auth_info_username(ai); >+ r->in.admin_password = get_cmdline_auth_info_password(ai); > r->in.debug = true; >- r->in.use_kerberos = c->opt_kerberos; >+ r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai); > r->in.modify_config = modify_config; > r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | > WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | >@@ -1580,6 +1576,7 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * > char *prt_dn, *srv_dn, **srv_cn; > char *srv_cn_escaped = NULL, *printername_escaped = NULL; > LDAPMessage *res = NULL; >+ struct user_auth_info *ai = c->auth_info; > > if (argc < 1 || c->display_usage) { > d_printf("Usage:\n" >@@ -1611,8 +1608,9 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * > nt_status = cli_full_connection(&cli, global_myname(), servername, > &server_ss, 0, > "IPC$", "IPC", >- c->opt_user_name, c->opt_workgroup, >- c->opt_password ? c->opt_password : "", >+ get_cmdline_auth_info_username(ai), >+ c->opt_workgroup, >+ get_cmdline_auth_info_password(ai), > CLI_FULL_CONNECTION_USE_KERBEROS, > Undefined, NULL); > >@@ -1800,8 +1798,8 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv) > static int net_ads_password(struct net_context *c, int argc, const char **argv) > { > ADS_STRUCT *ads; >- const char *auth_principal = c->opt_user_name; >- const char *auth_password = c->opt_password; >+ const char *auth_principal; >+ const char *auth_password; > char *realm = NULL; > char *new_password = NULL; > char *chr, *prompt; >@@ -1816,10 +1814,9 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv) > return 0; > } > >- if (c->opt_user_name == NULL || c->opt_password == NULL) { >- d_fprintf(stderr, "You must supply an administrator username/password\n"); >- return -1; >- } >+ auth_principal = get_cmdline_auth_info_username(c->auth_info); >+ set_cmdline_auth_info_getpass(c->auth_info); >+ auth_password = get_cmdline_auth_info_password(c->auth_info); > > if (argc < 1) { > d_fprintf(stderr, "ERROR: You must say which username to change password for\n"); >@@ -1901,7 +1898,7 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv) > return -1; > } > >- net_use_krb_machine_account(c); >+ set_cmdline_auth_info_use_machine_account(c->auth_info); > > use_in_memory_ccache(); > >@@ -2283,6 +2280,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar > TALLOC_CTX *mem_ctx = NULL; > NTSTATUS status; > int ret = -1; >+ struct user_auth_info *ai = c->auth_info; > > if (c->display_usage) { > d_printf("Usage:\n" >@@ -2296,11 +2294,11 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar > goto out; > } > >- c->opt_password = net_prompt_pass(c, c->opt_user_name); >+ set_cmdline_auth_info_getpass(ai); > > status = kerberos_return_pac(mem_ctx, >- c->opt_user_name, >- c->opt_password, >+ get_cmdline_auth_info_username(ai), >+ get_cmdline_auth_info_password(ai), > 0, > NULL, > NULL, >@@ -2333,6 +2331,7 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** > TALLOC_CTX *mem_ctx = NULL; > int ret = -1; > NTSTATUS status; >+ struct user_auth_info *ai = c->auth_info; > > if (c->display_usage) { > d_printf("Usage:\n" >@@ -2346,10 +2345,10 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** > goto out; > } > >- c->opt_password = net_prompt_pass(c, c->opt_user_name); >+ set_cmdline_auth_info_getpass(ai); > >- ret = kerberos_kinit_password_ext(c->opt_user_name, >- c->opt_password, >+ ret = kerberos_kinit_password_ext(get_cmdline_auth_info_username(ai), >+ get_cmdline_auth_info_password(ai), > 0, > NULL, > NULL, >diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c >index 4010797..a13f52c 100644 >--- a/source3/utils/net_dom.c >+++ b/source3/utils/net_dom.c >@@ -368,9 +368,11 @@ int net_dom(struct net_context *c, int argc, const char **argv) > return -1; > } > >- libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >- libnetapi_set_password(c->netapi_ctx, c->opt_password); >- if (c->opt_kerberos) { >+ libnetapi_set_username(c->netapi_ctx, >+ get_cmdline_auth_info_username(c->auth_info)); >+ libnetapi_set_password(c->netapi_ctx, >+ get_cmdline_auth_info_password(c->auth_info)); >+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h >index 75ac032..8a09147 100644 >--- a/source3/utils/net_proto.h >+++ b/source3/utils/net_proto.h >@@ -459,8 +459,6 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, > NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, > struct rpc_pipe_client **pp_pipe_hnd, > const struct ndr_syntax_id *interface); >-int net_use_krb_machine_account(struct net_context *c); >-int net_use_machine_account(struct net_context *c); > bool net_find_server(struct net_context *c, > const char *domain, > unsigned flags, >@@ -475,7 +473,6 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain, > const char *server, > struct sockaddr_storage *pss, > unsigned flags, struct cli_state **pcli); >-const char *net_prompt_pass(struct net_context *c, const char *user); > int net_run_function(struct net_context *c, int argc, const char **argv, > const char *whoami, struct functable *table); > void net_display_usage_from_functable(struct functable *table); >diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c >index f6f9003..0118b48 100644 >--- a/source3/utils/net_rpc.c >+++ b/source3/utils/net_rpc.c >@@ -25,7 +25,8 @@ > #include "../libcli/auth/libcli_auth.h" > > static int net_mode_share; >-static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); >+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask, >+ const struct user_auth_info *auth_info); > > /** > * @file net_rpc.c >@@ -122,6 +123,7 @@ int run_rpc_command(struct net_context *c, > DOM_SID *domain_sid; > const char *domain_name; > int ret = -1; >+ struct user_auth_info *ai = c->auth_info; > > /* make use of cli_state handed over as an argument, if possible */ > if (!cli_arg) { >@@ -171,8 +173,10 @@ int run_rpc_command(struct net_context *c, > nt_status = cli_rpc_pipe_open_ntlmssp( > cli, interface, > PIPE_AUTH_LEVEL_PRIVACY, >- lp_workgroup(), c->opt_user_name, >- c->opt_password, &pipe_hnd); >+ lp_workgroup(), >+ get_cmdline_auth_info_username(ai), >+ get_cmdline_auth_info_password(ai), >+ &pipe_hnd); > } else { > nt_status = cli_rpc_pipe_open_noauth( > cli, interface, >@@ -940,9 +944,12 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv) > if (status != 0) { > return -1; > } >- libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >- libnetapi_set_password(c->netapi_ctx, c->opt_password); >- if (c->opt_kerberos) { >+ set_cmdline_auth_info_getpass(c->auth_info); >+ libnetapi_set_username(c->netapi_ctx, >+ get_cmdline_auth_info_username(c->auth_info)); >+ libnetapi_set_password(c->netapi_ctx, >+ get_cmdline_auth_info_password(c->auth_info)); >+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >@@ -2756,9 +2763,12 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv) > if (status != 0) { > return -1; > } >- libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >- libnetapi_set_password(c->netapi_ctx, c->opt_password); >- if (c->opt_kerberos) { >+ set_cmdline_auth_info_getpass(c->auth_info); >+ libnetapi_set_username(c->netapi_ctx, >+ get_cmdline_auth_info_username(c->auth_info)); >+ libnetapi_set_password(c->netapi_ctx, >+ get_cmdline_auth_info_password(c->auth_info)); >+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >@@ -3245,7 +3255,7 @@ static void copy_fn(const char *mnt, file_info *f, > > old_dir = local_state->cwd; > local_state->cwd = dir; >- if (!sync_files(local_state, new_mask)) >+ if (!sync_files(local_state, new_mask, c->auth_info)) > printf("could not handle files\n"); > local_state->cwd = old_dir; > >@@ -3292,15 +3302,18 @@ static void copy_fn(const char *mnt, file_info *f, > * > * @return Boolean result > **/ >-static bool sync_files(struct copy_clistate *cp_clistate, const char *mask) >+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask, >+ const struct user_auth_info *auth_info) > { > struct cli_state *targetcli; > char *targetpath = NULL; > > DEBUG(3,("calling cli_list with mask: %s\n", mask)); > >- if ( !cli_resolve_path(talloc_tos(), "", NULL, cp_clistate->cli_share_src, >- mask, &targetcli, &targetpath ) ) { >+ >+ if ( !cli_resolve_path(talloc_tos(), "", auth_info, >+ cp_clistate->cli_share_src, mask, &targetcli, >+ &targetpath ) ) { > d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n", > mask, cli_errstr(cp_clistate->cli_share_src)); > return false; >@@ -3463,7 +3476,7 @@ static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c, > goto done; > } > >- if (!sync_files(&cp_clistate, mask)) { >+ if (!sync_files(&cp_clistate, mask, c->auth_info)) { > d_fprintf(stderr, "could not handle files for share: %s\n", info502.name); > nt_status = NT_STATUS_UNSUCCESSFUL; > goto done; >@@ -4564,9 +4577,12 @@ int net_rpc_share(struct net_context *c, int argc, const char **argv) > if (status != 0) { > return -1; > } >- libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >- libnetapi_set_password(c->netapi_ctx, c->opt_password); >- if (c->opt_kerberos) { >+ set_cmdline_auth_info_getpass(c->auth_info); >+ libnetapi_set_username(c->netapi_ctx, >+ get_cmdline_auth_info_username(c->auth_info)); >+ libnetapi_set_password(c->netapi_ctx, >+ get_cmdline_auth_info_password(c->auth_info)); >+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >@@ -4839,9 +4855,12 @@ int net_rpc_file(struct net_context *c, int argc, const char **argv) > if (status != 0) { > return -1; > } >- libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >- libnetapi_set_password(c->netapi_ctx, c->opt_password); >- if (c->opt_kerberos) { >+ set_cmdline_auth_info_getpass(c->auth_info); >+ libnetapi_set_username(c->netapi_ctx, >+ get_cmdline_auth_info_username(c->auth_info)); >+ libnetapi_set_password(c->netapi_ctx, >+ get_cmdline_auth_info_password(c->auth_info)); >+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >@@ -5531,7 +5550,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, > c->opt_workgroup = smb_xstrdup(domain_name); > }; > >- c->opt_user_name = acct_name; >+ set_cmdline_auth_info_username(c->auth_info, acct_name); > > /* find the domain controller */ > if (!net_find_pdc(&server_ss, pdc_name, domain_name)) { >@@ -5628,7 +5647,9 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, > * Store the password in secrets db > */ > >- if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) { >+ if (!pdb_set_trusteddom_pw(domain_name, >+ get_cmdline_auth_info_password(c->auth_info), >+ domain_sid)) { > DEBUG(0, ("Storing password for trusted domain failed.\n")); > cli_shutdown(cli); > talloc_destroy(mem_ctx); >@@ -7190,9 +7211,12 @@ int net_rpc(struct net_context *c, int argc, const char **argv) > if (status != 0) { > return -1; > } >- libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >- libnetapi_set_password(c->netapi_ctx, c->opt_password); >- if (c->opt_kerberos) { >+ set_cmdline_auth_info_getpass(c->auth_info); >+ libnetapi_set_username(c->netapi_ctx, >+ get_cmdline_auth_info_username(c->auth_info)); >+ libnetapi_set_password(c->netapi_ctx, >+ get_cmdline_auth_info_password(c->auth_info)); >+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c >index ed03113..cae2491 100644 >--- a/source3/utils/net_rpc_join.c >+++ b/source3/utils/net_rpc_join.c >@@ -58,7 +58,8 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, > if (sec == SEC_ADS) { > /* Connect to IPC$ using machine account's credentials. We don't use anonymous > connection here, as it may be denied by server's local policy. */ >- net_use_machine_account(c); >+ set_cmdline_auth_info_use_machine_account(c->auth_info); >+ set_cmdline_auth_info_machine_account_creds(c->auth_info); > > } else { > /* some servers (e.g. WinNT) don't accept machine-authenticated >diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c >index 6b23db7..bd5047c 100644 >--- a/source3/utils/net_rpc_samsync.c >+++ b/source3/utils/net_rpc_samsync.c >@@ -379,8 +379,8 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, > ctx->cli = pipe_hnd; > ctx->ops = &libnet_samsync_keytab_ops; > ctx->domain_name = domain_name; >- ctx->username = c->opt_user_name; >- ctx->password = c->opt_password; >+ ctx->username = get_cmdline_auth_info_username(c->auth_info); >+ ctx->password = get_cmdline_auth_info_password(c->auth_info); > > ctx->force_full_replication = c->opt_force_full_repl ? true : false; > ctx->clean_old_entries = c->opt_clean_old_entries ? true : false; >diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c >index 3aaed1e..dc13e91 100644 >--- a/source3/utils/net_rpc_shell.c >+++ b/source3/utils/net_rpc_shell.c >@@ -220,9 +220,12 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv) > if (libnetapi_init(&c->netapi_ctx) != 0) { > return -1; > } >- libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >- libnetapi_set_password(c->netapi_ctx, c->opt_password); >- if (c->opt_kerberos) { >+ set_cmdline_auth_info_getpass(c->auth_info); >+ libnetapi_set_username(c->netapi_ctx, >+ get_cmdline_auth_info_username(c->auth_info)); >+ libnetapi_set_password(c->netapi_ctx, >+ get_cmdline_auth_info_password(c->auth_info)); >+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c >index 8bf9aac..50f3c1d 100644 >--- a/source3/utils/net_util.c >+++ b/source3/utils/net_util.c >@@ -96,22 +96,22 @@ NTSTATUS connect_to_service(struct net_context *c, > { > NTSTATUS nt_status; > int flags = 0; >+ struct user_auth_info *ai = c->auth_info; > >- c->opt_password = net_prompt_pass(c, c->opt_user_name); >+ set_cmdline_auth_info_getpass(ai); > >- if (c->opt_kerberos) { >- flags |= CLI_FULL_CONNECTION_USE_KERBEROS; >- } >- >- if (c->opt_kerberos && c->opt_password) { >- flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; >+ if (get_cmdline_auth_info_use_kerberos(ai)) { >+ flags |= CLI_FULL_CONNECTION_USE_KERBEROS | >+ CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; > } > > nt_status = cli_full_connection(cli_ctx, NULL, server_name, > server_ss, c->opt_port, > service_name, service_type, >- c->opt_user_name, c->opt_workgroup, >- c->opt_password, flags, Undefined, NULL); >+ get_cmdline_auth_info_username(ai), >+ c->opt_workgroup, >+ get_cmdline_auth_info_password(ai), >+ flags, Undefined, NULL); > if (!NT_STATUS_IS_OK(nt_status)) { > d_fprintf(stderr, "Could not connect to server %s\n", server_name); > >@@ -131,10 +131,10 @@ NTSTATUS connect_to_service(struct net_context *c, > return nt_status; > } > >- if (c->smb_encrypt) { >+ if (get_cmdline_auth_info_smb_encrypt(ai)) { > nt_status = cli_force_encryption(*cli_ctx, >- c->opt_user_name, >- c->opt_password, >+ get_cmdline_auth_info_username(ai), >+ get_cmdline_auth_info_password(ai), > c->opt_workgroup); > > if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) { >@@ -234,14 +234,12 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, > { > NTSTATUS nt_status; > char *user_and_realm = NULL; >+ struct user_auth_info *ai = c->auth_info; > > /* FIXME: Should get existing kerberos ticket if possible. */ >- c->opt_password = net_prompt_pass(c, c->opt_user_name); >- if (!c->opt_password) { >- return NT_STATUS_NO_MEMORY; >- } >+ set_cmdline_auth_info_getpass(ai); > >- user_and_realm = get_user_and_realm(c->opt_user_name); >+ user_and_realm = get_user_and_realm(get_cmdline_auth_info_username(ai)); > if (!user_and_realm) { > return NT_STATUS_NO_MEMORY; > } >@@ -250,7 +248,7 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, > server_ss, c->opt_port, > "IPC$", "IPC", > user_and_realm, c->opt_workgroup, >- c->opt_password, >+ get_cmdline_auth_info_password(ai), > CLI_FULL_CONNECTION_USE_KERBEROS, > Undefined, NULL); > >@@ -261,10 +259,10 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, > return nt_status; > } > >- if (c->smb_encrypt) { >+ if (get_cmdline_auth_info_smb_encrypt(ai)) { > nt_status = cli_cm_force_encryption(*cli_ctx, > user_and_realm, >- c->opt_password, >+ get_cmdline_auth_info_password(ai), > c->opt_workgroup, > "IPC$"); > if (!NT_STATUS_IS_OK(nt_status)) { >@@ -328,50 +326,6 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, > return nt_status; > } > >-/**************************************************************************** >- Use the local machine account (krb) and password for this session. >-****************************************************************************/ >- >-int net_use_krb_machine_account(struct net_context *c) >-{ >- char *user_name = NULL; >- >- if (!secrets_init()) { >- d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); >- exit(1); >- } >- >- c->opt_password = secrets_fetch_machine_password( >- c->opt_target_workgroup, NULL, NULL); >- if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) { >- return -1; >- } >- c->opt_user_name = user_name; >- return 0; >-} >- >-/**************************************************************************** >- Use the machine account name and password for this session. >-****************************************************************************/ >- >-int net_use_machine_account(struct net_context *c) >-{ >- char *user_name = NULL; >- >- if (!secrets_init()) { >- d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); >- exit(1); >- } >- >- c->opt_password = secrets_fetch_machine_password( >- c->opt_target_workgroup, NULL, NULL); >- if (asprintf(&user_name, "%s$", global_myname()) == -1) { >- return -1; >- } >- c->opt_user_name = user_name; >- return 0; >-} >- > bool net_find_server(struct net_context *c, > const char *domain, > unsigned flags, >@@ -535,33 +489,6 @@ done: > /**************************************************************************** > ****************************************************************************/ > >-const char *net_prompt_pass(struct net_context *c, const char *user) >-{ >- char *prompt = NULL; >- const char *pass = NULL; >- >- if (c->opt_password) { >- return c->opt_password; >- } >- >- if (c->opt_machine_pass) { >- return NULL; >- } >- >- if (c->opt_kerberos && !c->opt_user_specified) { >- return NULL; >- } >- >- if (asprintf(&prompt, "Enter %s's password:", user) == -1) { >- return NULL; >- } >- >- pass = getpass(prompt); >- SAFE_FREE(prompt); >- >- return pass; >-} >- > int net_run_function(struct net_context *c, int argc, const char **argv, > const char *whoami, struct functable *table) > { >-- >1.5.4.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 6357
: 4153