search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
backupkey: Handle more clearly the case where we find the secret, but it has no value
[Samba.git] / source3 / lib / popt_common.c
blob6f27bacc886e1048c15fbc4f5cdcd8cee73e77c0
1 /*
2 Unix SMB/CIFS implementation.
3 Common popt routines
4
5 Copyright (C) Tim Potter 2001,2002
6 Copyright (C) Jelmer Vernooij 2002,2003
7 Copyright (C) James Peach 2006
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "system/filesys.h"
25 #include "popt_common.h"
26 #include "lib/param/param.h"
27
28 /* Handle command line options:
29 * -d,--debuglevel
30 * -s,--configfile
31 * -O,--socket-options
32 * -V,--version
33 * -l,--log-base
34 * -n,--netbios-name
35 * -W,--workgroup
36 * -i,--scope
37 */
38
39 enum {OPT_OPTION=1};
40
41 extern bool override_logfile;
42
43 static void set_logfile(poptContext con, const char * arg)
44 {
45
46 char *lfile = NULL;
47 const char *pname;
48
49 /* Find out basename of current program */
50 pname = strrchr_m(poptGetInvocationName(con),'/');
51
52 if (!pname)
53 pname = poptGetInvocationName(con);
54 else
55 pname++;
56
57 if (asprintf(&lfile, "%s/log.%s", arg, pname) < 0) {
58 return;
59 }
60 lp_set_logfile(lfile);
61 SAFE_FREE(lfile);
62 }
63
64 static bool PrintSambaVersionString;
65
66 static void popt_s3_talloc_log_fn(const char *message)
67 {
68 DEBUG(0,("%s", message));
69 }
70
71 static void popt_common_callback(poptContext con,
72 enum poptCallbackReason reason,
73 const struct poptOption *opt,
74 const char *arg, const void *data)
75 {
76
77 if (reason == POPT_CALLBACK_REASON_PRE) {
78 set_logfile(con, get_dyn_LOGFILEBASE());
79 talloc_set_log_fn(popt_s3_talloc_log_fn);
80 talloc_set_abort_fn(smb_panic);
81 return;
82 }
83
84 if (reason == POPT_CALLBACK_REASON_POST) {
85
86 if (PrintSambaVersionString) {
87 printf( "Version %s\n", samba_version_string());
88 exit(0);
89 }
90
91 if (is_default_dyn_CONFIGFILE()) {
92 if(getenv("SMB_CONF_PATH")) {
93 set_dyn_CONFIGFILE(getenv("SMB_CONF_PATH"));
94 }
95 }
96
97 /* Further 'every Samba program must do this' hooks here. */
98 return;
99 }
100
101 switch(opt->val) {
102 case OPT_OPTION:
103 {
104 struct loadparm_context *lp_ctx;
105
106 lp_ctx = loadparm_init_s3(talloc_tos(), loadparm_s3_helpers());
107 if (lp_ctx == NULL) {
108 fprintf(stderr, "loadparm_init_s3() failed!\n");
109 exit(1);
110 }
111
112 if (!lpcfg_set_option(lp_ctx, arg)) {
113 fprintf(stderr, "Error setting option '%s'\n", arg);
114 exit(1);
115 }
116 TALLOC_FREE(lp_ctx);
117 break;
118 }
119 case 'd':
120 if (arg) {
121 lp_set_cmdline("log level", arg);
122 }
123 break;
124
125 case 'V':
126 PrintSambaVersionString = True;
127 break;
128
129 case 'O':
130 if (arg) {
131 lp_set_cmdline("socket options", arg);
132 }
133 break;
134
135 case 's':
136 if (arg) {
137 set_dyn_CONFIGFILE(arg);
138 }
139 break;
140
141 case 'n':
142 if (arg) {
143 lp_set_cmdline("netbios name", arg);
144 }
145 break;
146
147 case 'l':
148 if (arg) {
149 set_logfile(con, arg);
150 override_logfile = True;
151 set_dyn_LOGFILEBASE(arg);
152 }
153 break;
154
155 case 'i':
156 if (arg) {
157 lp_set_cmdline("netbios scope", arg);
158 }
159 break;
160
161 case 'W':
162 if (arg) {
163 lp_set_cmdline("workgroup", arg);
164 }
165 break;
166 }
167 }
168
169 struct poptOption popt_common_connection[] = {
170 { NULL, 0, POPT_ARG_CALLBACK, (void *)popt_common_callback },
171 { "socket-options", 'O', POPT_ARG_STRING, NULL, 'O', "socket options to use",
172 "SOCKETOPTIONS" },
173 { "netbiosname", 'n', POPT_ARG_STRING, NULL, 'n', "Primary netbios name", "NETBIOSNAME" },
174 { "workgroup", 'W', POPT_ARG_STRING, NULL, 'W', "Set the workgroup name", "WORKGROUP" },
175 { "scope", 'i', POPT_ARG_STRING, NULL, 'i', "Use this Netbios scope", "SCOPE" },
176
177 POPT_TABLEEND
178 };
179
180 struct poptOption popt_common_samba[] = {
181 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_callback },
182 { "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" },
183 { "configfile", 's', POPT_ARG_STRING, NULL, 's', "Use alternate configuration file", "CONFIGFILE" },
184 { "log-basename", 'l', POPT_ARG_STRING, NULL, 'l', "Base name for log files", "LOGFILEBASE" },
185 { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
186 { "option", 0, POPT_ARG_STRING, NULL, OPT_OPTION, "Set smb.conf option from command line", "name=value" },
187 POPT_TABLEEND
188 };
189
190 struct poptOption popt_common_configfile[] = {
191 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_callback },
192 { "configfile", 0, POPT_ARG_STRING, NULL, 's', "Use alternate configuration file", "CONFIGFILE" },
193 POPT_TABLEEND
194 };
195
196 struct poptOption popt_common_version[] = {
197 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_POST, (void *)popt_common_callback },
198 { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
199 POPT_TABLEEND
200 };
201
202 struct poptOption popt_common_debuglevel[] = {
203 { NULL, 0, POPT_ARG_CALLBACK, (void *)popt_common_callback },
204 { "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" },
205 POPT_TABLEEND
206 };
207
208 struct poptOption popt_common_option[] = {
209 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_POST, (void *)popt_common_callback },
210 { "option", 0, POPT_ARG_STRING, NULL, OPT_OPTION, "Set smb.conf option from command line", "name=value" },
211 POPT_TABLEEND
212 };
213
214 /****************************************************************************
215 * get a password from a a file or file descriptor
216 * exit on failure
217 * ****************************************************************************/
218
219 static void get_password_file(struct user_auth_info *auth_info)
220 {
221 int fd = -1;
222 char *p;
223 bool close_it = False;
224 char *spec = NULL;
225 char pass[128];
226
227 if ((p = getenv("PASSWD_FD")) != NULL) {
228 if (asprintf(&spec, "descriptor %s", p) < 0) {
229 return;
230 }
231 sscanf(p, "%d", &fd);
232 close_it = false;
233 } else if ((p = getenv("PASSWD_FILE")) != NULL) {
234 fd = open(p, O_RDONLY, 0);
235 spec = SMB_STRDUP(p);
236 if (fd < 0) {
237 fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n",
238 spec, strerror(errno));
239 exit(1);
240 }
241 close_it = True;
242 }
243
244 if (fd < 0) {
245 fprintf(stderr, "fd = %d, < 0\n", fd);
246 exit(1);
247 }
248
249 for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */
250 p && p - pass < sizeof(pass);) {
251 switch (read(fd, p, 1)) {
252 case 1:
253 if (*p != '\n' && *p != '\0') {
254 *++p = '\0'; /* advance p, and null-terminate pass */
255 break;
256 }
257 case 0:
258 if (p - pass) {
259 *p = '\0'; /* null-terminate it, just in case... */
260 p = NULL; /* then force the loop condition to become false */
261 break;
262 } else {
263 fprintf(stderr, "Error reading password from file %s: %s\n",
264 spec, "empty password\n");
265 SAFE_FREE(spec);
266 exit(1);
267 }
268
269 default:
270 fprintf(stderr, "Error reading password from file %s: %s\n",
271 spec, strerror(errno));
272 SAFE_FREE(spec);
273 exit(1);
274 }
275 }
276 SAFE_FREE(spec);
277
278 set_cmdline_auth_info_password(auth_info, pass);
279 if (close_it) {
280 close(fd);
281 }
282 }
283
284 static void get_credentials_file(struct user_auth_info *auth_info,
285 const char *file)
286 {
287 XFILE *auth;
288 fstring buf;
289 uint16 len = 0;
290 char *ptr, *val, *param;
291
292 if ((auth=x_fopen(file, O_RDONLY, 0)) == NULL)
293 {
294 /* fail if we can't open the credentials file */
295 d_printf("ERROR: Unable to open credentials file!\n");
296 exit(-1);
297 }
298
299 while (!x_feof(auth))
300 {
301 /* get a line from the file */
302 if (!x_fgets(buf, sizeof(buf), auth))
303 continue;
304 len = strlen(buf);
305
306 if ((len) && (buf[len-1]=='\n'))
307 {
308 buf[len-1] = '\0';
309 len--;
310 }
311 if (len == 0)
312 continue;
313
314 /* break up the line into parameter & value.
315 * will need to eat a little whitespace possibly */
316 param = buf;
317 if (!(ptr = strchr_m (buf, '=')))
318 continue;
319
320 val = ptr+1;
321 *ptr = '\0';
322
323 /* eat leading white space */
324 while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
325 val++;
326
327 if (strwicmp("password", param) == 0) {
328 set_cmdline_auth_info_password(auth_info, val);
329 } else if (strwicmp("username", param) == 0) {
330 set_cmdline_auth_info_username(auth_info, val);
331 } else if (strwicmp("domain", param) == 0) {
332 set_cmdline_auth_info_domain(auth_info, val);
333 }
334 memset(buf, 0, sizeof(buf));
335 }
336 x_fclose(auth);
337 }
338
339 /* Handle command line options:
340 * -U,--user
341 * -A,--authentication-file
342 * -k,--use-kerberos
343 * -N,--no-pass
344 * -S,--signing
345 * -P --machine-pass
346 * -e --encrypt
347 * -C --use-ccache
348 */
349
350
351 static void popt_common_credentials_callback(poptContext con,
352 enum poptCallbackReason reason,
353 const struct poptOption *opt,
354 const char *arg, const void *data)
355 {
356 const void **pp = discard_const(data);
357 void *p = discard_const(*pp);
358 struct user_auth_info *auth_info =
359 talloc_get_type_abort(p,
360 struct user_auth_info);
361
362 if (reason == POPT_CALLBACK_REASON_PRE) {
363 set_cmdline_auth_info_username(auth_info, "GUEST");
364
365 if (getenv("LOGNAME")) {
366 set_cmdline_auth_info_username(auth_info,
367 getenv("LOGNAME"));
368 }
369
370 if (getenv("USER")) {
371 char *puser = SMB_STRDUP(getenv("USER"));
372 if (!puser) {
373 exit(ENOMEM);
374 }
375 set_cmdline_auth_info_username(auth_info, puser);
376 }
377
378 if (getenv("PASSWD")) {
379 set_cmdline_auth_info_password(auth_info,
380 getenv("PASSWD"));
381 }
382
383 if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
384 get_password_file(auth_info);
385 }
386
387 return;
388 }
389
390 switch(opt->val) {
391 case 'U':
392 {
393 char *lp;
394 char *puser = SMB_STRDUP(arg);
395
396 if ((lp=strchr_m(puser,'%'))) {
397 size_t len;
398 *lp = '\0';
399 set_cmdline_auth_info_username(auth_info,
400 puser);
401 set_cmdline_auth_info_password(auth_info,
402 lp+1);
403 len = strlen(lp+1);
404 memset(lp + 1, '\0', len);
405 } else {
406 set_cmdline_auth_info_username(auth_info,
407 puser);
408 }
409 SAFE_FREE(puser);
410 }
411 break;
412
413 case 'A':
414 get_credentials_file(auth_info, arg);
415 break;
416
417 case 'k':
418 #ifndef HAVE_KRB5
419 d_printf("No kerberos support compiled in\n");
420 exit(1);
421 #else
422 set_cmdline_auth_info_use_krb5_ticket(auth_info);
423 #endif
424 break;
425
426 case 'S':
427 if (!set_cmdline_auth_info_signing_state(auth_info, arg)) {
428 fprintf(stderr, "Unknown signing option %s\n", arg );
429 exit(1);
430 }
431 break;
432 case 'P':
433 set_cmdline_auth_info_use_machine_account(auth_info);
434 break;
435 case 'N':
436 set_cmdline_auth_info_password(auth_info, "");
437 break;
438 case 'e':
439 set_cmdline_auth_info_smb_encrypt(auth_info);
440 break;
441 case 'C':
442 set_cmdline_auth_info_use_ccache(auth_info, true);
443 break;
444 case 'H':
445 set_cmdline_auth_info_use_pw_nt_hash(auth_info, true);
446 break;
447 }
448 }
449
450 static struct user_auth_info *global_auth_info;
451
452 void popt_common_set_auth_info(struct user_auth_info *auth_info)
453 {
454 global_auth_info = auth_info;
455 }
456
457 /**
458 * @brief Burn the commandline password.
459 *
460 * This function removes the password from the command line so we
461 * don't leak the password e.g. in 'ps aux'.
462 *
463 * It should be called after processing the options and you should pass down
464 * argv from main().
465 *
466 * @param[in] argc The number of arguments.
467 *
468 * @param[in] argv[] The argument array we will find the array.
469 */
470 void popt_burn_cmdline_password(int argc, char *argv[])
471 {
472 bool found = false;
473 char *p = NULL;
474 int i, ulen = 0;
475
476 for (i = 0; i < argc; i++) {
477 p = argv[i];
478 if (strncmp(p, "-U", 2) == 0) {
479 ulen = 2;
480 found = true;
481 } else if (strncmp(p, "--user", 6) == 0) {
482 ulen = 6;
483 found = true;
484 }
485
486 if (found) {
487 if (p == NULL) {
488 return;
489 }
490
491 if (strlen(p) == ulen) {
492 continue;
493 }
494
495 p = strchr_m(p, '%');
496 if (p != NULL) {
497 memset(p, '\0', strlen(p));
498 }
499 found = false;
500 }
501 }
502 }
503
504 struct poptOption popt_common_credentials[] = {
505 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE,
506 (void *)popt_common_credentials_callback, 0,
507 (const void *)&global_auth_info },
508 { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "USERNAME" },
509 { "no-pass", 'N', POPT_ARG_NONE, NULL, 'N', "Don't ask for a password" },
510 { "kerberos", 'k', POPT_ARG_NONE, NULL, 'k', "Use kerberos (active directory) authentication" },
511 { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
512 { "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" },
513 {"machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" },
514 {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
515 {"use-ccache", 'C', POPT_ARG_NONE, NULL, 'C',
516 "Use the winbind ccache for authentication" },
517 {"pw-nt-hash", '\0', POPT_ARG_NONE, NULL, 'H',
518 "The supplied password is the NT hash" },
519 POPT_TABLEEND
520 };
Samba GIT mirror