ctdb-daemon: Do not allow database detach if AllowClientDBAttach=1
[Samba.git] / source3 / lib / popt_common.c
blob25558091c7d9cce0f56cc579fdfa224f40ebc745
1 /*
2 Unix SMB/CIFS implementation.
3 Common popt routines
5 Copyright (C) Tim Potter 2001,2002
6 Copyright (C) Jelmer Vernooij 2002,2003
7 Copyright (C) James Peach 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "includes.h"
24 #include "system/filesys.h"
25 #include "popt_common.h"
27 /* Handle command line options:
28 * -d,--debuglevel
29 * -s,--configfile
30 * -O,--socket-options
31 * -V,--version
32 * -l,--log-base
33 * -n,--netbios-name
34 * -W,--workgroup
35 * -i,--scope
38 enum {OPT_OPTION=1};
40 extern bool override_logfile;
42 static void set_logfile(poptContext con, const char * arg)
45 char *lfile = NULL;
46 const char *pname;
48 /* Find out basename of current program */
49 pname = strrchr_m(poptGetInvocationName(con),'/');
51 if (!pname)
52 pname = poptGetInvocationName(con);
53 else
54 pname++;
56 if (asprintf(&lfile, "%s/log.%s", arg, pname) < 0) {
57 return;
59 lp_set_logfile(lfile);
60 SAFE_FREE(lfile);
63 static bool PrintSambaVersionString;
65 static void popt_s3_talloc_log_fn(const char *message)
67 DEBUG(0,("%s", message));
70 static void popt_common_callback(poptContext con,
71 enum poptCallbackReason reason,
72 const struct poptOption *opt,
73 const char *arg, const void *data)
76 if (reason == POPT_CALLBACK_REASON_PRE) {
77 set_logfile(con, get_dyn_LOGFILEBASE());
78 talloc_set_log_fn(popt_s3_talloc_log_fn);
79 talloc_set_abort_fn(smb_panic);
80 return;
83 if (reason == POPT_CALLBACK_REASON_POST) {
85 if (PrintSambaVersionString) {
86 printf( "Version %s\n", samba_version_string());
87 exit(0);
90 if (is_default_dyn_CONFIGFILE()) {
91 if(getenv("SMB_CONF_PATH")) {
92 set_dyn_CONFIGFILE(getenv("SMB_CONF_PATH"));
96 /* Further 'every Samba program must do this' hooks here. */
97 return;
100 switch(opt->val) {
101 case OPT_OPTION:
102 if (!lp_set_option(arg)) {
103 fprintf(stderr, "Error setting option '%s'\n", arg);
104 exit(1);
106 break;
108 case 'd':
109 if (arg) {
110 lp_set_cmdline("log level", arg);
112 break;
114 case 'V':
115 PrintSambaVersionString = True;
116 break;
118 case 'O':
119 if (arg) {
120 lp_do_parameter(-1, "socket options", arg);
122 break;
124 case 's':
125 if (arg) {
126 set_dyn_CONFIGFILE(arg);
128 break;
130 case 'n':
131 if (arg) {
132 lp_set_cmdline("netbios name", arg);
134 break;
136 case 'l':
137 if (arg) {
138 set_logfile(con, arg);
139 override_logfile = True;
140 set_dyn_LOGFILEBASE(arg);
142 break;
144 case 'i':
145 if (arg) {
146 lp_set_cmdline("netbios scope", arg);
148 break;
150 case 'W':
151 if (arg) {
152 lp_set_cmdline("workgroup", arg);
154 break;
158 struct poptOption popt_common_connection[] = {
159 { NULL, 0, POPT_ARG_CALLBACK, (void *)popt_common_callback },
160 { "socket-options", 'O', POPT_ARG_STRING, NULL, 'O', "socket options to use",
161 "SOCKETOPTIONS" },
162 { "netbiosname", 'n', POPT_ARG_STRING, NULL, 'n', "Primary netbios name", "NETBIOSNAME" },
163 { "workgroup", 'W', POPT_ARG_STRING, NULL, 'W', "Set the workgroup name", "WORKGROUP" },
164 { "scope", 'i', POPT_ARG_STRING, NULL, 'i', "Use this Netbios scope", "SCOPE" },
166 POPT_TABLEEND
169 struct poptOption popt_common_samba[] = {
170 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_callback },
171 { "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" },
172 { "configfile", 's', POPT_ARG_STRING, NULL, 's', "Use alternate configuration file", "CONFIGFILE" },
173 { "log-basename", 'l', POPT_ARG_STRING, NULL, 'l', "Base name for log files", "LOGFILEBASE" },
174 { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
175 { "option", 0, POPT_ARG_STRING, NULL, OPT_OPTION, "Set smb.conf option from command line", "name=value" },
176 POPT_TABLEEND
179 struct poptOption popt_common_configfile[] = {
180 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_callback },
181 { "configfile", 0, POPT_ARG_STRING, NULL, 's', "Use alternate configuration file", "CONFIGFILE" },
182 POPT_TABLEEND
185 struct poptOption popt_common_version[] = {
186 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_POST, (void *)popt_common_callback },
187 { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" },
188 POPT_TABLEEND
191 struct poptOption popt_common_debuglevel[] = {
192 { NULL, 0, POPT_ARG_CALLBACK, (void *)popt_common_callback },
193 { "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", "DEBUGLEVEL" },
194 POPT_TABLEEND
197 struct poptOption popt_common_option[] = {
198 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_POST, (void *)popt_common_callback },
199 { "option", 0, POPT_ARG_STRING, NULL, OPT_OPTION, "Set smb.conf option from command line", "name=value" },
200 POPT_TABLEEND
203 /****************************************************************************
204 * get a password from a a file or file descriptor
205 * exit on failure
206 * ****************************************************************************/
208 static void get_password_file(struct user_auth_info *auth_info)
210 int fd = -1;
211 char *p;
212 bool close_it = False;
213 char *spec = NULL;
214 char pass[128];
216 if ((p = getenv("PASSWD_FD")) != NULL) {
217 if (asprintf(&spec, "descriptor %s", p) < 0) {
218 return;
220 sscanf(p, "%d", &fd);
221 close_it = false;
222 } else if ((p = getenv("PASSWD_FILE")) != NULL) {
223 fd = open(p, O_RDONLY, 0);
224 spec = SMB_STRDUP(p);
225 if (fd < 0) {
226 fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n",
227 spec, strerror(errno));
228 exit(1);
230 close_it = True;
233 if (fd < 0) {
234 fprintf(stderr, "fd = %d, < 0\n", fd);
235 exit(1);
238 for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */
239 p && p - pass < sizeof(pass);) {
240 switch (read(fd, p, 1)) {
241 case 1:
242 if (*p != '\n' && *p != '\0') {
243 *++p = '\0'; /* advance p, and null-terminate pass */
244 break;
246 case 0:
247 if (p - pass) {
248 *p = '\0'; /* null-terminate it, just in case... */
249 p = NULL; /* then force the loop condition to become false */
250 break;
251 } else {
252 fprintf(stderr, "Error reading password from file %s: %s\n",
253 spec, "empty password\n");
254 SAFE_FREE(spec);
255 exit(1);
258 default:
259 fprintf(stderr, "Error reading password from file %s: %s\n",
260 spec, strerror(errno));
261 SAFE_FREE(spec);
262 exit(1);
265 SAFE_FREE(spec);
267 set_cmdline_auth_info_password(auth_info, pass);
268 if (close_it) {
269 close(fd);
273 static void get_credentials_file(struct user_auth_info *auth_info,
274 const char *file)
276 XFILE *auth;
277 fstring buf;
278 uint16 len = 0;
279 char *ptr, *val, *param;
281 if ((auth=x_fopen(file, O_RDONLY, 0)) == NULL)
283 /* fail if we can't open the credentials file */
284 d_printf("ERROR: Unable to open credentials file!\n");
285 exit(-1);
288 while (!x_feof(auth))
290 /* get a line from the file */
291 if (!x_fgets(buf, sizeof(buf), auth))
292 continue;
293 len = strlen(buf);
295 if ((len) && (buf[len-1]=='\n'))
297 buf[len-1] = '\0';
298 len--;
300 if (len == 0)
301 continue;
303 /* break up the line into parameter & value.
304 * will need to eat a little whitespace possibly */
305 param = buf;
306 if (!(ptr = strchr_m (buf, '=')))
307 continue;
309 val = ptr+1;
310 *ptr = '\0';
312 /* eat leading white space */
313 while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
314 val++;
316 if (strwicmp("password", param) == 0) {
317 set_cmdline_auth_info_password(auth_info, val);
318 } else if (strwicmp("username", param) == 0) {
319 set_cmdline_auth_info_username(auth_info, val);
320 } else if (strwicmp("domain", param) == 0) {
321 set_cmdline_auth_info_domain(auth_info, val);
323 memset(buf, 0, sizeof(buf));
325 x_fclose(auth);
328 /* Handle command line options:
329 * -U,--user
330 * -A,--authentication-file
331 * -k,--use-kerberos
332 * -N,--no-pass
333 * -S,--signing
334 * -P --machine-pass
335 * -e --encrypt
336 * -C --use-ccache
340 static void popt_common_credentials_callback(poptContext con,
341 enum poptCallbackReason reason,
342 const struct poptOption *opt,
343 const char *arg, const void *data)
345 struct user_auth_info *auth_info = talloc_get_type_abort(
346 *((const char **)data), struct user_auth_info);
348 if (reason == POPT_CALLBACK_REASON_PRE) {
349 set_cmdline_auth_info_username(auth_info, "GUEST");
351 if (getenv("LOGNAME")) {
352 set_cmdline_auth_info_username(auth_info,
353 getenv("LOGNAME"));
356 if (getenv("USER")) {
357 char *puser = SMB_STRDUP(getenv("USER"));
358 if (!puser) {
359 exit(ENOMEM);
361 set_cmdline_auth_info_username(auth_info, puser);
364 if (getenv("PASSWD")) {
365 set_cmdline_auth_info_password(auth_info,
366 getenv("PASSWD"));
369 if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
370 get_password_file(auth_info);
373 return;
376 switch(opt->val) {
377 case 'U':
379 char *lp;
380 char *puser = SMB_STRDUP(arg);
382 if ((lp=strchr_m(puser,'%'))) {
383 size_t len;
384 *lp = '\0';
385 set_cmdline_auth_info_username(auth_info,
386 puser);
387 set_cmdline_auth_info_password(auth_info,
388 lp+1);
389 len = strlen(lp+1);
390 memset(lp + 1, '\0', len);
391 } else {
392 set_cmdline_auth_info_username(auth_info,
393 puser);
395 SAFE_FREE(puser);
397 break;
399 case 'A':
400 get_credentials_file(auth_info, arg);
401 break;
403 case 'k':
404 #ifndef HAVE_KRB5
405 d_printf("No kerberos support compiled in\n");
406 exit(1);
407 #else
408 set_cmdline_auth_info_use_krb5_ticket(auth_info);
409 #endif
410 break;
412 case 'S':
413 if (!set_cmdline_auth_info_signing_state(auth_info, arg)) {
414 fprintf(stderr, "Unknown signing option %s\n", arg );
415 exit(1);
417 break;
418 case 'P':
419 set_cmdline_auth_info_use_machine_account(auth_info);
420 break;
421 case 'N':
422 set_cmdline_auth_info_password(auth_info, "");
423 break;
424 case 'e':
425 set_cmdline_auth_info_smb_encrypt(auth_info);
426 break;
427 case 'C':
428 set_cmdline_auth_info_use_ccache(auth_info, true);
429 break;
430 case 'H':
431 set_cmdline_auth_info_use_pw_nt_hash(auth_info, true);
432 break;
436 static struct user_auth_info *global_auth_info;
438 void popt_common_set_auth_info(struct user_auth_info *auth_info)
440 global_auth_info = auth_info;
444 * @brief Burn the commandline password.
446 * This function removes the password from the command line so we
447 * don't leak the password e.g. in 'ps aux'.
449 * It should be called after processing the options and you should pass down
450 * argv from main().
452 * @param[in] argc The number of arguments.
454 * @param[in] argv[] The argument array we will find the array.
456 void popt_burn_cmdline_password(int argc, char *argv[])
458 bool found = false;
459 char *p = NULL;
460 int i, ulen = 0;
462 for (i = 0; i < argc; i++) {
463 p = argv[i];
464 if (strncmp(p, "-U", 2) == 0) {
465 ulen = 2;
466 found = true;
467 } else if (strncmp(p, "--user", 6) == 0) {
468 ulen = 6;
469 found = true;
472 if (found) {
473 if (p == NULL) {
474 return;
477 if (strlen(p) == ulen) {
478 continue;
481 p = strchr_m(p, '%');
482 if (p != NULL) {
483 memset(p, '\0', strlen(p));
485 found = false;
490 struct poptOption popt_common_credentials[] = {
491 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE,
492 (void *)popt_common_credentials_callback, 0,
493 (const char *)&global_auth_info },
494 { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "USERNAME" },
495 { "no-pass", 'N', POPT_ARG_NONE, NULL, 'N', "Don't ask for a password" },
496 { "kerberos", 'k', POPT_ARG_NONE, NULL, 'k', "Use kerberos (active directory) authentication" },
497 { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
498 { "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" },
499 {"machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" },
500 {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
501 {"use-ccache", 'C', POPT_ARG_NONE, NULL, 'C',
502 "Use the winbind ccache for authentication" },
503 {"pw-nt-hash", '\0', POPT_ARG_NONE, NULL, 'H',
504 "The supplied password is the NT hash" },
505 POPT_TABLEEND