The Samba-Bugzilla – Attachment 4268 Details for
Bug 6460
net asks for the password even if it should not.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Revert net command line changes, restoring 3.3 behaviour
0001-Revert-net-Use-samba-default-command-line-argument.patch (text/plain), 32.13 KB, created by
Kai Blin
on 2009-06-10 06:25:24 UTC
(
hide
)
Description:
Revert net command line changes, restoring 3.3 behaviour
Filename:
MIME Type:
Creator:
Kai Blin
Created:
2009-06-10 06:25:24 UTC
Size:
32.13 KB
patch
obsolete
>From 77b0358c663300035b4c034b6146aa6b185fc52f Mon Sep 17 00:00:00 2001 >From: Kai Blin <kai@samba.org> >Date: Wed, 10 Jun 2009 13:08:40 +0200 >Subject: [PATCH] Revert "net: Use samba default command line arguments." > >This reverts commit c039bc15ba597d955d0ccbf5642388b0a03ba40b and dependent >commits 33c6ba805756739b7b4395bedb66ae00797cbcb1 and > ce18ba7e24b5578672d2f2ffaab97ef708421067. > >While it certainly would be a nice to have feature, this has caused more >hassle than reasonable, e.g. in net commands that need to use the machine >account like net (ads|rpc) testjoin. > >This un-fixes bug #6305. >--- > WHATSNEW.txt | 39 -------------- > source3/utils/net.c | 43 ++++++++++++---- > source3/utils/net.h | 9 +++- > source3/utils/net_ads.c | 82 +++++++++++++++--------------- > source3/utils/net_dom.c | 8 +-- > source3/utils/net_help.c | 1 - > source3/utils/net_proto.h | 3 + > source3/utils/net_rpc.c | 74 +++++++++----------------- > source3/utils/net_rpc_join.c | 3 +- > source3/utils/net_rpc_samsync.c | 4 +- > source3/utils/net_rpc_shell.c | 9 +-- > source3/utils/net_util.c | 109 ++++++++++++++++++++++++++++++++------ > 12 files changed, 209 insertions(+), 175 deletions(-) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index 35e52c5..830d57c 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -35,9 +35,6 @@ o The code has been cleaned up and the major basic interfaces are shared with > Samba4 now. > o An asynchronous API has been added. > >-net Command Changes: >-o Parameter syntax made more consistent. >- > > Configuration changes > ===================== >@@ -120,38 +117,6 @@ these two versions. > An asynchronous API has been added. > > >-net Command Changes >-=================== >- >-The net command now accepts the common command line parameters most other Samba >-command line utilities use, with a couple of remaining differences: >- >--l still gives long output for net commands supporting the --long flag. This was >-more useful than the common --log-base parameter. >- >--i still tells net to read data from stdin (like --stdin) instead of toggling >-the common --scope flag. >- >--S still tells net the server to connect to (like --server) instead of >-negotiating the common --signing flag. As -S is probably used by most scripts >-doing net rpc commands, this would have been a high-impact change for little >-gain. >- >-This change was mainly done to unify the authentification options. Here, one >-flag changed it's meaning and one useful flag was added. >- >--N used to be the short version of --ntname. It now matches the Samba default of >---no-pass. Use this to stop net from prompting for a password if you want >-anonymous authentication. >- >--A --authentication-file now takes an authentication file with the username and >-password you want net to use, avoiding a password prompt as with plain -U user >-or having to give a password on the command line as in -U user%pass. >- >-Last but not least net now always falls back to your local unix username if no >--U is specified and a username is needed. net rpc commands will now prompt for a >-password unless one is specified using either -U user%pass or -A auth_file >- > ###################################################################### > Changes > ####### >@@ -272,10 +237,6 @@ o Michael Adam <obnox@samba.org> > * Fix linking with --disable-shared-libs. > > >-o Kai Blin <kai@samba.org> >- * BUG #6357: Use Samba default command line arguments in 'net'. >- >- > o Steven Danneman <steven.danneman@isilon.com> > * Fix issue with missing entries when enumerating directories. > * Map NULL domains to our global sam name. >diff --git a/source3/utils/net.c b/source3/utils/net.c >index 2033082..d58858c 100644 >--- a/source3/utils/net.c >+++ b/source3/utils/net.c >@@ -618,6 +618,7 @@ static struct functable net_func[] = { > int main(int argc, const char **argv) > { > int opt,i; >+ char *p; > int rc = 0; > int argc_new = 0; > const char ** argv_new; >@@ -628,10 +629,12 @@ static struct functable net_func[] = { > struct poptOption long_options[] = { > {"help", 'h', POPT_ARG_NONE, 0, 'h'}, > {"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup}, >+ {"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'}, > {"ipaddress", 'I', POPT_ARG_STRING, 0,'I'}, > {"port", 'p', POPT_ARG_INT, &c->opt_port}, > {"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name}, > {"server", 'S', POPT_ARG_STRING, &c->opt_host}, >+ {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" }, > {"container", 'c', POPT_ARG_STRING, &c->opt_container}, > {"comment", 'C', POPT_ARG_STRING, &c->opt_comment}, > {"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers}, >@@ -642,13 +645,15 @@ static struct functable net_func[] = { > {"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin}, > {"timeout", 't', POPT_ARG_INT, &c->opt_timeout}, > {"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout}, >+ {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass}, >+ {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos}, > {"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup}, > {"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose}, > {"test", 'T', POPT_ARG_NONE, &c->opt_testmode}, > /* Options for 'net groupmap set' */ > {"local", 'L', POPT_ARG_NONE, &c->opt_localgroup}, > {"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup}, >- {"ntname", 0, POPT_ARG_STRING, &c->opt_newntname}, >+ {"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname}, > {"rid", 'R', POPT_ARG_INT, &c->opt_rid}, > /* Options for 'net rpc share migrate' */ > {"acls", 0, POPT_ARG_NONE, &c->opt_acls}, >@@ -663,7 +668,6 @@ static struct functable net_func[] = { > {"clean-old-entries", 0, POPT_ARG_NONE, &c->opt_clean_old_entries}, > > POPT_COMMON_SAMBA >- POPT_COMMON_CREDENTIALS > { 0, 0, 0, 0} > }; > >@@ -677,13 +681,6 @@ static struct functable net_func[] = { > dbf = x_stderr; > c->private_data = net_func; > >- c->auth_info = user_auth_info_init(frame); >- if (c->auth_info == NULL) { >- d_fprintf(stderr, "\nOut of memory!\n"); >- exit(1); >- } >- popt_common_set_auth_info(c->auth_info); >- > pc = poptGetContext(NULL, argc, (const char **) argv, long_options, > POPT_CONTEXT_KEEP_FIRST); > >@@ -691,7 +688,9 @@ static struct functable net_func[] = { > switch (opt) { > case 'h': > c->display_usage = true; >- set_cmdline_auth_info_password(c->auth_info, ""); >+ break; >+ case 'e': >+ c->smb_encrypt = true; > break; > case 'I': > if (!interpret_string_addr(&c->opt_dest_ip, >@@ -701,6 +700,15 @@ static struct functable net_func[] = { > c->opt_have_ip = true; > } > break; >+ case 'U': >+ c->opt_user_specified = true; >+ c->opt_user_name = SMB_STRDUP(c->opt_user_name); >+ p = strchr(c->opt_user_name,'%'); >+ if (p) { >+ *p = 0; >+ c->opt_password = p+1; >+ } >+ break; > default: > d_fprintf(stderr, "\nInvalid option %s: %s\n", > poptBadOption(pc, 0), poptStrerror(opt)); >@@ -734,6 +742,10 @@ static struct functable net_func[] = { > set_global_myname(c->opt_requester_name); > } > >+ if (!c->opt_user_name && getenv("LOGNAME")) { >+ c->opt_user_name = getenv("LOGNAME"); >+ } >+ > if (!c->opt_workgroup) { > c->opt_workgroup = smb_xstrdup(lp_workgroup()); > } >@@ -751,6 +763,17 @@ static struct functable net_func[] = { > that it won't assert becouse we are not root */ > sec_init(); > >+ if (c->opt_machine_pass) { >+ /* it is very useful to be able to make ads queries as the >+ machine account for testing purposes and for domain leave */ >+ >+ net_use_krb_machine_account(c); >+ } >+ >+ if (!c->opt_password) { >+ c->opt_password = getenv("PASSWD"); >+ } >+ > rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func); > > DEBUG(2,("return code = %d\n", rc)); >diff --git a/source3/utils/net.h b/source3/utils/net.h >index f604d96..d88f962 100644 >--- a/source3/utils/net.h >+++ b/source3/utils/net.h >@@ -28,8 +28,11 @@ > struct net_context { > const char *opt_requester_name; > const char *opt_host; >- int opt_long_list_entries; >+ const char *opt_password; >+ const char *opt_user_name; >+ bool opt_user_specified; > const char *opt_workgroup; >+ int opt_long_list_entries; > int opt_reboot; > int opt_force; > int opt_stdin; >@@ -42,6 +45,7 @@ struct net_context { > int opt_timeout; > int opt_request_timeout; > const char *opt_target_workgroup; >+ int opt_machine_pass; > int opt_localgroup; > int opt_domaingroup; > int do_talloc_report; >@@ -53,14 +57,15 @@ struct net_context { > const char *opt_exclude; > const char *opt_destination; > int opt_testmode; >+ bool opt_kerberos; > int opt_force_full_repl; > int opt_single_obj_repl; > int opt_clean_old_entries; > > int opt_have_ip; > struct sockaddr_storage opt_dest_ip; >+ bool smb_encrypt; > struct libnetapi_ctx *netapi_ctx; >- struct user_auth_info *auth_info; > > bool display_usage; > void *private_data; >diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c >index 588f57f..8e927be 100644 >--- a/source3/utils/net_ads.c >+++ b/source3/utils/net_ads.c >@@ -231,22 +231,32 @@ retry_connect: > > ads = ads_init(realm, c->opt_target_workgroup, c->opt_host); > >+ if (!c->opt_user_name) { >+ c->opt_user_name = "administrator"; >+ } >+ >+ if (c->opt_user_specified) { >+ need_password = true; >+ } >+ > retry: >- if (need_password) { >- set_cmdline_auth_info_getpass(c->auth_info); >+ if (!c->opt_password && need_password && !c->opt_machine_pass) { >+ c->opt_password = net_prompt_pass(c, c->opt_user_name); >+ if (!c->opt_password) { >+ ads_destroy(&ads); >+ return ADS_ERROR(LDAP_NO_MEMORY); >+ } > } > >- if (get_cmdline_auth_info_got_pass(c->auth_info)) { >+ if (c->opt_password) { > use_in_memory_ccache(); > SAFE_FREE(ads->auth.password); >- ads->auth.password = smb_xstrdup( >- get_cmdline_auth_info_password(c->auth_info)); >+ ads->auth.password = smb_xstrdup(c->opt_password); > } > > ads->auth.flags |= auth_flags; > SAFE_FREE(ads->auth.user_name); >- ads->auth.user_name = smb_xstrdup( >- get_cmdline_auth_info_username(c->auth_info)); >+ ads->auth.user_name = smb_xstrdup(c->opt_user_name); > > /* > * If the username is of the form "name@realm", >@@ -865,7 +875,6 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) > TALLOC_CTX *ctx; > struct libnet_UnjoinCtx *r = NULL; > WERROR werr; >- struct user_auth_info *ai = c->auth_info; > > if (c->display_usage) { > d_printf("Usage:\n" >@@ -884,7 +893,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) > return -1; > } > >- if (!get_cmdline_auth_info_use_kerberos(ai)) { >+ if (!c->opt_kerberos) { > use_in_memory_ccache(); > } > >@@ -894,14 +903,12 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) > return -1; > } > >- set_cmdline_auth_info_getpass(ai); >- > r->in.debug = true; >- r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai); >+ r->in.use_kerberos = c->opt_kerberos; > r->in.dc_name = c->opt_host; > r->in.domain_name = lp_realm(); >- r->in.admin_account = get_cmdline_auth_info_username(ai); >- r->in.admin_password = get_cmdline_auth_info_password(ai); >+ r->in.admin_account = c->opt_user_name; >+ r->in.admin_password = net_prompt_pass(c, c->opt_user_name); > r->in.modify_config = lp_config_backend_is_registry(); > r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | > WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; >@@ -952,8 +959,7 @@ static NTSTATUS net_ads_join_ok(struct net_context *c) > return NT_STATUS_ACCESS_DENIED; > } > >- set_cmdline_auth_info_use_machine_account(c->auth_info); >- set_cmdline_auth_info_machine_account_creds(c->auth_info); >+ net_use_krb_machine_account(c); > > status = ads_startup(c, true, &ads); > if (!ADS_ERR_OK(status)) { >@@ -1184,7 +1190,6 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) > const char *os_name = NULL; > const char *os_version = NULL; > bool modify_config = lp_config_backend_is_registry(); >- struct user_auth_info *ai = c->auth_info;; > > if (c->display_usage) > return net_ads_join_usage(c, argc, argv); >@@ -1204,7 +1209,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) > goto fail; > } > >- if (!get_cmdline_auth_info_use_kerberos(ai)) { >+ if (!c->opt_kerberos) { > use_in_memory_ccache(); > } > >@@ -1254,8 +1259,6 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) > > /* Do the domain join here */ > >- set_cmdline_auth_info_getpass(ai); >- > r->in.domain_name = domain; > r->in.create_upn = createupn; > r->in.upn = machineupn; >@@ -1263,10 +1266,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) > r->in.os_name = os_name; > r->in.os_version = os_version; > r->in.dc_name = c->opt_host; >- r->in.admin_account = get_cmdline_auth_info_username(ai); >- r->in.admin_password = get_cmdline_auth_info_password(ai); >+ r->in.admin_account = c->opt_user_name; >+ r->in.admin_password = net_prompt_pass(c, c->opt_user_name); > r->in.debug = true; >- r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai); >+ r->in.use_kerberos = c->opt_kerberos; > r->in.modify_config = modify_config; > r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | > WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | >@@ -1577,7 +1580,6 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * > char *prt_dn, *srv_dn, **srv_cn; > char *srv_cn_escaped = NULL, *printername_escaped = NULL; > LDAPMessage *res = NULL; >- struct user_auth_info *ai = c->auth_info; > > if (argc < 1 || c->display_usage) { > d_printf("Usage:\n" >@@ -1609,9 +1611,8 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char * > nt_status = cli_full_connection(&cli, global_myname(), servername, > &server_ss, 0, > "IPC$", "IPC", >- get_cmdline_auth_info_username(ai), >- c->opt_workgroup, >- get_cmdline_auth_info_password(ai), >+ c->opt_user_name, c->opt_workgroup, >+ c->opt_password ? c->opt_password : "", > CLI_FULL_CONNECTION_USE_KERBEROS, > Undefined, NULL); > >@@ -1799,8 +1800,8 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv) > static int net_ads_password(struct net_context *c, int argc, const char **argv) > { > ADS_STRUCT *ads; >- const char *auth_principal; >- const char *auth_password; >+ const char *auth_principal = c->opt_user_name; >+ const char *auth_password = c->opt_password; > char *realm = NULL; > char *new_password = NULL; > char *chr, *prompt; >@@ -1815,9 +1816,10 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv) > return 0; > } > >- auth_principal = get_cmdline_auth_info_username(c->auth_info); >- set_cmdline_auth_info_getpass(c->auth_info); >- auth_password = get_cmdline_auth_info_password(c->auth_info); >+ if (c->opt_user_name == NULL || c->opt_password == NULL) { >+ d_fprintf(stderr, "You must supply an administrator username/password\n"); >+ return -1; >+ } > > if (argc < 1) { > d_fprintf(stderr, "ERROR: You must say which username to change password for\n"); >@@ -1899,7 +1901,7 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv) > return -1; > } > >- set_cmdline_auth_info_use_machine_account(c->auth_info); >+ net_use_krb_machine_account(c); > > use_in_memory_ccache(); > >@@ -2281,7 +2283,6 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar > TALLOC_CTX *mem_ctx = NULL; > NTSTATUS status; > int ret = -1; >- struct user_auth_info *ai = c->auth_info; > > if (c->display_usage) { > d_printf("Usage:\n" >@@ -2295,11 +2296,11 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar > goto out; > } > >- set_cmdline_auth_info_getpass(ai); >+ c->opt_password = net_prompt_pass(c, c->opt_user_name); > > status = kerberos_return_pac(mem_ctx, >- get_cmdline_auth_info_username(ai), >- get_cmdline_auth_info_password(ai), >+ c->opt_user_name, >+ c->opt_password, > 0, > NULL, > NULL, >@@ -2332,7 +2333,6 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** > TALLOC_CTX *mem_ctx = NULL; > int ret = -1; > NTSTATUS status; >- struct user_auth_info *ai = c->auth_info; > > if (c->display_usage) { > d_printf("Usage:\n" >@@ -2346,10 +2346,10 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char ** > goto out; > } > >- set_cmdline_auth_info_getpass(ai); >+ c->opt_password = net_prompt_pass(c, c->opt_user_name); > >- ret = kerberos_kinit_password_ext(get_cmdline_auth_info_username(ai), >- get_cmdline_auth_info_password(ai), >+ ret = kerberos_kinit_password_ext(c->opt_user_name, >+ c->opt_password, > 0, > NULL, > NULL, >diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c >index a13f52c..4010797 100644 >--- a/source3/utils/net_dom.c >+++ b/source3/utils/net_dom.c >@@ -368,11 +368,9 @@ int net_dom(struct net_context *c, int argc, const char **argv) > return -1; > } > >- libnetapi_set_username(c->netapi_ctx, >- get_cmdline_auth_info_username(c->auth_info)); >- libnetapi_set_password(c->netapi_ctx, >- get_cmdline_auth_info_password(c->auth_info)); >- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { >+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >+ libnetapi_set_password(c->netapi_ctx, c->opt_password); >+ if (c->opt_kerberos) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c >index 5a17079..0502373 100644 >--- a/source3/utils/net_help.c >+++ b/source3/utils/net_help.c >@@ -65,6 +65,5 @@ int net_help(struct net_context *c, int argc, const char **argv) > } > > c->display_usage = true; >- set_cmdline_auth_info_password(c->auth_info, ""); > return net_run_function(c, argc, argv, "net help", func); > } >diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h >index 8a09147..75ac032 100644 >--- a/source3/utils/net_proto.h >+++ b/source3/utils/net_proto.h >@@ -459,6 +459,8 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, > NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, > struct rpc_pipe_client **pp_pipe_hnd, > const struct ndr_syntax_id *interface); >+int net_use_krb_machine_account(struct net_context *c); >+int net_use_machine_account(struct net_context *c); > bool net_find_server(struct net_context *c, > const char *domain, > unsigned flags, >@@ -473,6 +475,7 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain, > const char *server, > struct sockaddr_storage *pss, > unsigned flags, struct cli_state **pcli); >+const char *net_prompt_pass(struct net_context *c, const char *user); > int net_run_function(struct net_context *c, int argc, const char **argv, > const char *whoami, struct functable *table); > void net_display_usage_from_functable(struct functable *table); >diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c >index fab83da..3a1aeb0 100644 >--- a/source3/utils/net_rpc.c >+++ b/source3/utils/net_rpc.c >@@ -24,8 +24,7 @@ > #include "utils/net.h" > > static int net_mode_share; >-static bool sync_files(struct copy_clistate *cp_clistate, const char *mask, >- const struct user_auth_info *auth_info); >+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); > > /** > * @file net_rpc.c >@@ -122,7 +121,6 @@ int run_rpc_command(struct net_context *c, > DOM_SID *domain_sid; > const char *domain_name; > int ret = -1; >- struct user_auth_info *ai = c->auth_info; > > /* make use of cli_state handed over as an argument, if possible */ > if (!cli_arg) { >@@ -172,10 +170,8 @@ int run_rpc_command(struct net_context *c, > nt_status = cli_rpc_pipe_open_ntlmssp( > cli, interface, > PIPE_AUTH_LEVEL_PRIVACY, >- lp_workgroup(), >- get_cmdline_auth_info_username(ai), >- get_cmdline_auth_info_password(ai), >- &pipe_hnd); >+ lp_workgroup(), c->opt_user_name, >+ c->opt_password, &pipe_hnd); > } else { > nt_status = cli_rpc_pipe_open_noauth( > cli, interface, >@@ -943,12 +939,9 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv) > if (status != 0) { > return -1; > } >- set_cmdline_auth_info_getpass(c->auth_info); >- libnetapi_set_username(c->netapi_ctx, >- get_cmdline_auth_info_username(c->auth_info)); >- libnetapi_set_password(c->netapi_ctx, >- get_cmdline_auth_info_password(c->auth_info)); >- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { >+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >+ libnetapi_set_password(c->netapi_ctx, c->opt_password); >+ if (c->opt_kerberos) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >@@ -2762,12 +2755,9 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv) > if (status != 0) { > return -1; > } >- set_cmdline_auth_info_getpass(c->auth_info); >- libnetapi_set_username(c->netapi_ctx, >- get_cmdline_auth_info_username(c->auth_info)); >- libnetapi_set_password(c->netapi_ctx, >- get_cmdline_auth_info_password(c->auth_info)); >- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { >+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >+ libnetapi_set_password(c->netapi_ctx, c->opt_password); >+ if (c->opt_kerberos) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >@@ -3254,7 +3244,7 @@ static void copy_fn(const char *mnt, file_info *f, > > old_dir = local_state->cwd; > local_state->cwd = dir; >- if (!sync_files(local_state, new_mask, c->auth_info)) >+ if (!sync_files(local_state, new_mask)) > printf("could not handle files\n"); > local_state->cwd = old_dir; > >@@ -3301,18 +3291,15 @@ static void copy_fn(const char *mnt, file_info *f, > * > * @return Boolean result > **/ >-static bool sync_files(struct copy_clistate *cp_clistate, const char *mask, >- const struct user_auth_info *auth_info) >+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask) > { > struct cli_state *targetcli; > char *targetpath = NULL; > > DEBUG(3,("calling cli_list with mask: %s\n", mask)); > >- >- if ( !cli_resolve_path(talloc_tos(), "", auth_info, >- cp_clistate->cli_share_src, mask, &targetcli, >- &targetpath ) ) { >+ if ( !cli_resolve_path(talloc_tos(), "", NULL, cp_clistate->cli_share_src, >+ mask, &targetcli, &targetpath ) ) { > d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n", > mask, cli_errstr(cp_clistate->cli_share_src)); > return false; >@@ -3475,7 +3462,7 @@ static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c, > goto done; > } > >- if (!sync_files(&cp_clistate, mask, c->auth_info)) { >+ if (!sync_files(&cp_clistate, mask)) { > d_fprintf(stderr, "could not handle files for share: %s\n", info502.name); > nt_status = NT_STATUS_UNSUCCESSFUL; > goto done; >@@ -4577,12 +4564,9 @@ int net_rpc_share(struct net_context *c, int argc, const char **argv) > if (status != 0) { > return -1; > } >- set_cmdline_auth_info_getpass(c->auth_info); >- libnetapi_set_username(c->netapi_ctx, >- get_cmdline_auth_info_username(c->auth_info)); >- libnetapi_set_password(c->netapi_ctx, >- get_cmdline_auth_info_password(c->auth_info)); >- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { >+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >+ libnetapi_set_password(c->netapi_ctx, c->opt_password); >+ if (c->opt_kerberos) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >@@ -4855,12 +4839,9 @@ int net_rpc_file(struct net_context *c, int argc, const char **argv) > if (status != 0) { > return -1; > } >- set_cmdline_auth_info_getpass(c->auth_info); >- libnetapi_set_username(c->netapi_ctx, >- get_cmdline_auth_info_username(c->auth_info)); >- libnetapi_set_password(c->netapi_ctx, >- get_cmdline_auth_info_password(c->auth_info)); >- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { >+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >+ libnetapi_set_password(c->netapi_ctx, c->opt_password); >+ if (c->opt_kerberos) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >@@ -5550,7 +5531,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, > c->opt_workgroup = smb_xstrdup(domain_name); > }; > >- set_cmdline_auth_info_username(c->auth_info, acct_name); >+ c->opt_user_name = acct_name; > > /* find the domain controller */ > if (!net_find_pdc(&server_ss, pdc_name, domain_name)) { >@@ -5647,9 +5628,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, > * Store the password in secrets db > */ > >- if (!pdb_set_trusteddom_pw(domain_name, >- get_cmdline_auth_info_password(c->auth_info), >- domain_sid)) { >+ if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) { > DEBUG(0, ("Storing password for trusted domain failed.\n")); > cli_shutdown(cli); > talloc_destroy(mem_ctx); >@@ -7209,12 +7188,9 @@ int net_rpc(struct net_context *c, int argc, const char **argv) > if (status != 0) { > return -1; > } >- set_cmdline_auth_info_getpass(c->auth_info); >- libnetapi_set_username(c->netapi_ctx, >- get_cmdline_auth_info_username(c->auth_info)); >- libnetapi_set_password(c->netapi_ctx, >- get_cmdline_auth_info_password(c->auth_info)); >- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { >+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >+ libnetapi_set_password(c->netapi_ctx, c->opt_password); >+ if (c->opt_kerberos) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c >index a11a7bb..f0e6fe7 100644 >--- a/source3/utils/net_rpc_join.c >+++ b/source3/utils/net_rpc_join.c >@@ -57,8 +57,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, > if (sec == SEC_ADS) { > /* Connect to IPC$ using machine account's credentials. We don't use anonymous > connection here, as it may be denied by server's local policy. */ >- set_cmdline_auth_info_use_machine_account(c->auth_info); >- set_cmdline_auth_info_machine_account_creds(c->auth_info); >+ net_use_machine_account(c); > > } else { > /* some servers (e.g. WinNT) don't accept machine-authenticated >diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c >index bd5047c..6b23db7 100644 >--- a/source3/utils/net_rpc_samsync.c >+++ b/source3/utils/net_rpc_samsync.c >@@ -379,8 +379,8 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, > ctx->cli = pipe_hnd; > ctx->ops = &libnet_samsync_keytab_ops; > ctx->domain_name = domain_name; >- ctx->username = get_cmdline_auth_info_username(c->auth_info); >- ctx->password = get_cmdline_auth_info_password(c->auth_info); >+ ctx->username = c->opt_user_name; >+ ctx->password = c->opt_password; > > ctx->force_full_replication = c->opt_force_full_repl ? true : false; > ctx->clean_old_entries = c->opt_clean_old_entries ? true : false; >diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c >index dc13e91..3aaed1e 100644 >--- a/source3/utils/net_rpc_shell.c >+++ b/source3/utils/net_rpc_shell.c >@@ -220,12 +220,9 @@ int net_rpc_shell(struct net_context *c, int argc, const char **argv) > if (libnetapi_init(&c->netapi_ctx) != 0) { > return -1; > } >- set_cmdline_auth_info_getpass(c->auth_info); >- libnetapi_set_username(c->netapi_ctx, >- get_cmdline_auth_info_username(c->auth_info)); >- libnetapi_set_password(c->netapi_ctx, >- get_cmdline_auth_info_password(c->auth_info)); >- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) { >+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name); >+ libnetapi_set_password(c->netapi_ctx, c->opt_password); >+ if (c->opt_kerberos) { > libnetapi_set_use_kerberos(c->netapi_ctx); > } > >diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c >index 50f3c1d..8bf9aac 100644 >--- a/source3/utils/net_util.c >+++ b/source3/utils/net_util.c >@@ -96,22 +96,22 @@ NTSTATUS connect_to_service(struct net_context *c, > { > NTSTATUS nt_status; > int flags = 0; >- struct user_auth_info *ai = c->auth_info; > >- set_cmdline_auth_info_getpass(ai); >+ c->opt_password = net_prompt_pass(c, c->opt_user_name); > >- if (get_cmdline_auth_info_use_kerberos(ai)) { >- flags |= CLI_FULL_CONNECTION_USE_KERBEROS | >- CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; >+ if (c->opt_kerberos) { >+ flags |= CLI_FULL_CONNECTION_USE_KERBEROS; >+ } >+ >+ if (c->opt_kerberos && c->opt_password) { >+ flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; > } > > nt_status = cli_full_connection(cli_ctx, NULL, server_name, > server_ss, c->opt_port, > service_name, service_type, >- get_cmdline_auth_info_username(ai), >- c->opt_workgroup, >- get_cmdline_auth_info_password(ai), >- flags, Undefined, NULL); >+ c->opt_user_name, c->opt_workgroup, >+ c->opt_password, flags, Undefined, NULL); > if (!NT_STATUS_IS_OK(nt_status)) { > d_fprintf(stderr, "Could not connect to server %s\n", server_name); > >@@ -131,10 +131,10 @@ NTSTATUS connect_to_service(struct net_context *c, > return nt_status; > } > >- if (get_cmdline_auth_info_smb_encrypt(ai)) { >+ if (c->smb_encrypt) { > nt_status = cli_force_encryption(*cli_ctx, >- get_cmdline_auth_info_username(ai), >- get_cmdline_auth_info_password(ai), >+ c->opt_user_name, >+ c->opt_password, > c->opt_workgroup); > > if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) { >@@ -234,12 +234,14 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, > { > NTSTATUS nt_status; > char *user_and_realm = NULL; >- struct user_auth_info *ai = c->auth_info; > > /* FIXME: Should get existing kerberos ticket if possible. */ >- set_cmdline_auth_info_getpass(ai); >+ c->opt_password = net_prompt_pass(c, c->opt_user_name); >+ if (!c->opt_password) { >+ return NT_STATUS_NO_MEMORY; >+ } > >- user_and_realm = get_user_and_realm(get_cmdline_auth_info_username(ai)); >+ user_and_realm = get_user_and_realm(c->opt_user_name); > if (!user_and_realm) { > return NT_STATUS_NO_MEMORY; > } >@@ -248,7 +250,7 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, > server_ss, c->opt_port, > "IPC$", "IPC", > user_and_realm, c->opt_workgroup, >- get_cmdline_auth_info_password(ai), >+ c->opt_password, > CLI_FULL_CONNECTION_USE_KERBEROS, > Undefined, NULL); > >@@ -259,10 +261,10 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c, > return nt_status; > } > >- if (get_cmdline_auth_info_smb_encrypt(ai)) { >+ if (c->smb_encrypt) { > nt_status = cli_cm_force_encryption(*cli_ctx, > user_and_realm, >- get_cmdline_auth_info_password(ai), >+ c->opt_password, > c->opt_workgroup, > "IPC$"); > if (!NT_STATUS_IS_OK(nt_status)) { >@@ -326,6 +328,50 @@ NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst, > return nt_status; > } > >+/**************************************************************************** >+ Use the local machine account (krb) and password for this session. >+****************************************************************************/ >+ >+int net_use_krb_machine_account(struct net_context *c) >+{ >+ char *user_name = NULL; >+ >+ if (!secrets_init()) { >+ d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); >+ exit(1); >+ } >+ >+ c->opt_password = secrets_fetch_machine_password( >+ c->opt_target_workgroup, NULL, NULL); >+ if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) { >+ return -1; >+ } >+ c->opt_user_name = user_name; >+ return 0; >+} >+ >+/**************************************************************************** >+ Use the machine account name and password for this session. >+****************************************************************************/ >+ >+int net_use_machine_account(struct net_context *c) >+{ >+ char *user_name = NULL; >+ >+ if (!secrets_init()) { >+ d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); >+ exit(1); >+ } >+ >+ c->opt_password = secrets_fetch_machine_password( >+ c->opt_target_workgroup, NULL, NULL); >+ if (asprintf(&user_name, "%s$", global_myname()) == -1) { >+ return -1; >+ } >+ c->opt_user_name = user_name; >+ return 0; >+} >+ > bool net_find_server(struct net_context *c, > const char *domain, > unsigned flags, >@@ -489,6 +535,33 @@ done: > /**************************************************************************** > ****************************************************************************/ > >+const char *net_prompt_pass(struct net_context *c, const char *user) >+{ >+ char *prompt = NULL; >+ const char *pass = NULL; >+ >+ if (c->opt_password) { >+ return c->opt_password; >+ } >+ >+ if (c->opt_machine_pass) { >+ return NULL; >+ } >+ >+ if (c->opt_kerberos && !c->opt_user_specified) { >+ return NULL; >+ } >+ >+ if (asprintf(&prompt, "Enter %s's password:", user) == -1) { >+ return NULL; >+ } >+ >+ pass = getpass(prompt); >+ SAFE_FREE(prompt); >+ >+ return pass; >+} >+ > int net_run_function(struct net_context *c, int argc, const char **argv, > const char *whoami, struct functable *table) > { >-- >1.5.4.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 6460
: 4268