Debian 32bit, 3.4 pre1 debian5:/var/log/samba# /opt/samba/samba-3.4.0pre1/bin/net -Uroot -Sdebian5-34srv rpc user Anonymous login successful root david Notice i specified the -Uroot, net should ask me for the root password instead of attempting anonymous login. -Uroot%password works as expected.
I think this is the chunk of code exhibiting this behavior. And if that comment is anything to go by it'd by design. Dunno about you but i dont like having to supply passwords on the command line! "source3/libsmb/clidfs.c" line 218 /* If a password was not supplied then * try again with a null username. */ if (password[0] || !username[0] || get_cmdline_auth_info_use_kerberos(auth_info) || !NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0, lp_workgroup()))) { d_printf("session setup failed: %s\n", cli_errstr(c)); if (NT_STATUS_V(cli_nt_error(c)) == NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED)) d_printf("did you forget to run kinit?\n"); cli_shutdown(c); return NULL; } d_printf("Anonymous login successful\n");
Hm, one way of fixing this would be to prompt for a passord whenever "-U username" gets defined and no password is provided (like in -U username%password). diff --git a/source3/utils/net.c b/source3/utils/net.c index 9cd41c5..8144aa2 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -714,6 +714,9 @@ static struct functable net_func[] = { if (p) { *p = 0; c->opt_password = p+1; + } else { + c->opt_password = net_prompt_pass(c, + c->opt_user_name); } break; default: Kai, makes sense ?
I am afraid this is a 3.3 issue as well.
Looks reasonable, but I'm not sure if this is critical enough to push to 3.3 full ack for 3.4, though. Feel free to attach a real patch for 3.4 here and I'll sign off on it.
In my opinion it is critical enough for 3.3.5.
On poking this a bit more, it looks like the libsmb/clidfs.c code asks for a password if none is given in 3.3 (lines 204-214). On another note, we'd probably have to check for the -k flag as well for the 3.4 patch. Doesn't make much sense to ask for a password if we've got a kerberos ticket.
I think I have a fix for at least the portions that use libnetapi inside of net.
Created attachment 4149 [details] use a prompt as last resort We carefully need to verify at least all "net rpc" commands to verify if we are consistent again.
I don't like it. Talking to the command line from within a lib looks fishy. I think this should be fixed within net, like we discussed in IRC. I opened bug #6357 to track this.
Should be fixed in current master and v3-4-test git trees.
Turns out that the use of popt_common to handle the authentication-related command line options was causing more hassles than it solved. My patch for bug #6460 reverts this. I will prepare a patch to fix this particular issue shortly.
Created attachment 4269 [details] Prompt for password in net if -U is specified but no password is given Less intrusive fix for this bug. Günther, please check.
For the libnetapi standalone users (all the example code) we need to restore the prompt for passwords as well. This has been pushed to master as 33be1f56f778116a5657b257ffb0f1eb7196658a. Karolin please cherry-pick to 3.4.
Created attachment 4295 [details] patch for master and 3.4 This really needs to go into 3.4
Comment on attachment 4295 [details] patch for master and 3.4 Not pretty, but 3.3 behaviour. Should be pushed.
Pushed 33be1f56f to v3-4-test.
Kai, correct me if I'm wrong but as we decided that we revert the changes with https://bugzilla.samba.org/show_bug.cgi?id=6460 we can close this bug for now ?
Comment on attachment 4269 [details] Prompt for password in net if -U is specified but no password is given Günther's patch is sufficient, we don't need this one.
Marking bug as fixed.