2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2001,2002
6 Copyright (C) Jelmer Vernooij 2002,2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 /* Handle command line options:
36 extern pstring user_socket_options
;
37 extern BOOL AllowDebugChange
;
39 struct user_auth_info cmdline_auth_info
;
41 static void popt_common_callback(poptContext con
,
42 enum poptCallbackReason reason
,
43 const struct poptOption
*opt
,
44 const char *arg
, const void *data
)
49 /* Find out basename of current program */
50 pname
= strrchr_m(poptGetInvocationName(con
),'/');
53 pname
= poptGetInvocationName(con
);
57 if (reason
== POPT_CALLBACK_REASON_PRE
) {
58 pstr_sprintf(logfile
, "%s/log.%s", dyn_LOGFILEBASE
, pname
);
59 lp_set_logfile(logfile
);
66 debug_parse_levels(arg
);
67 AllowDebugChange
= False
;
72 printf( "Version %s\n", SAMBA_VERSION_STRING
);
78 pstrcpy(user_socket_options
,arg
);
84 pstrcpy(dyn_CONFIGFILE
, arg
);
90 set_global_myname(arg
);
96 pstr_sprintf(logfile
, "%s/log.%s", arg
, pname
);
97 lp_set_logfile(logfile
);
103 set_global_scope(arg
);
109 set_global_myworkgroup(arg
);
115 struct poptOption popt_common_connection
[] = {
116 { NULL
, 0, POPT_ARG_CALLBACK
, popt_common_callback
},
117 { "socket-options", 'O', POPT_ARG_STRING
, NULL
, 'O', "socket options to use",
119 { "netbiosname", 'n', POPT_ARG_STRING
, NULL
, 'n', "Primary netbios name", "NETBIOSNAME" },
120 { "workgroup", 'W', POPT_ARG_STRING
, NULL
, 'W', "Set the workgroup name", "WORKGROUP" },
121 { "scope", 'i', POPT_ARG_STRING
, NULL
, 'i', "Use this Netbios scope", "SCOPE" },
126 struct poptOption popt_common_samba
[] = {
127 { NULL
, 0, POPT_ARG_CALLBACK
|POPT_CBFLAG_PRE
, popt_common_callback
},
128 { "debuglevel", 'd', POPT_ARG_STRING
, NULL
, 'd', "Set debug level", "DEBUGLEVEL" },
129 { "configfile", 's', POPT_ARG_STRING
, NULL
, 's', "Use alternative configuration file", "CONFIGFILE" },
130 { "log-basename", 'l', POPT_ARG_STRING
, NULL
, 'l', "Basename for log/debug files", "LOGFILEBASE" },
131 { "version", 'V', POPT_ARG_NONE
, NULL
, 'V', "Print version" },
135 struct poptOption popt_common_version
[] = {
136 { NULL
, 0, POPT_ARG_CALLBACK
, popt_common_callback
},
137 { "version", 'V', POPT_ARG_NONE
, NULL
, 'V', "Print version" },
143 /****************************************************************************
144 * get a password from a a file or file descriptor
146 * ****************************************************************************/
147 static void get_password_file(struct user_auth_info
*a
)
151 BOOL close_it
= False
;
155 if ((p
= getenv("PASSWD_FD")) != NULL
) {
156 pstrcpy(spec
, "descriptor ");
158 sscanf(p
, "%d", &fd
);
160 } else if ((p
= getenv("PASSWD_FILE")) != NULL
) {
161 fd
= sys_open(p
, O_RDONLY
, 0);
164 fprintf(stderr
, "Error opening PASSWD_FILE %s: %s\n",
165 spec
, strerror(errno
));
171 for(p
= pass
, *p
= '\0'; /* ensure that pass is null-terminated */
172 p
&& p
- pass
< sizeof(pass
);) {
173 switch (read(fd
, p
, 1)) {
175 if (*p
!= '\n' && *p
!= '\0') {
176 *++p
= '\0'; /* advance p, and null-terminate pass */
181 *p
= '\0'; /* null-terminate it, just in case... */
182 p
= NULL
; /* then force the loop condition to become false */
185 fprintf(stderr
, "Error reading password from file %s: %s\n",
186 spec
, "empty password\n");
191 fprintf(stderr
, "Error reading password from file %s: %s\n",
192 spec
, strerror(errno
));
196 pstrcpy(a
->password
, pass
);
201 static void get_credentials_file(const char *file
, struct user_auth_info
*info
)
206 char *ptr
, *val
, *param
;
208 if ((auth
=x_fopen(file
, O_RDONLY
, 0)) == NULL
)
210 /* fail if we can't open the credentials file */
211 d_printf("ERROR: Unable to open credentials file!\n");
215 while (!x_feof(auth
))
217 /* get a line from the file */
218 if (!x_fgets(buf
, sizeof(buf
), auth
))
222 if ((len
) && (buf
[len
-1]=='\n'))
230 /* break up the line into parameter & value.
231 * will need to eat a little whitespace possibly */
233 if (!(ptr
= strchr_m (buf
, '=')))
239 /* eat leading white space */
240 while ((*val
!='\0') && ((*val
==' ') || (*val
=='\t')))
243 if (strwicmp("password", param
) == 0)
245 pstrcpy(info
->password
, val
);
246 info
->got_pass
= True
;
248 else if (strwicmp("username", param
) == 0)
249 pstrcpy(info
->username
, val
);
250 else if (strwicmp("domain", param
) == 0)
251 set_global_myworkgroup(val
);
252 memset(buf
, 0, sizeof(buf
));
257 /* Handle command line options:
259 * -A,--authentication-file
267 static void popt_common_credentials_callback(poptContext con
,
268 enum poptCallbackReason reason
,
269 const struct poptOption
*opt
,
270 const char *arg
, const void *data
)
274 if (reason
== POPT_CALLBACK_REASON_PRE
) {
275 cmdline_auth_info
.use_kerberos
= False
;
276 cmdline_auth_info
.got_pass
= False
;
277 cmdline_auth_info
.signing_state
= Undefined
;
278 pstrcpy(cmdline_auth_info
.username
, "GUEST");
280 if (getenv("LOGNAME"))pstrcpy(cmdline_auth_info
.username
,getenv("LOGNAME"));
282 if (getenv("USER")) {
283 pstrcpy(cmdline_auth_info
.username
,getenv("USER"));
285 if ((p
= strchr_m(cmdline_auth_info
.username
,'%'))) {
287 pstrcpy(cmdline_auth_info
.password
,p
+1);
288 cmdline_auth_info
.got_pass
= True
;
289 memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(cmdline_auth_info
.password
));
293 if (getenv("PASSWD")) {
294 pstrcpy(cmdline_auth_info
.password
,getenv("PASSWD"));
295 cmdline_auth_info
.got_pass
= True
;
298 if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
299 get_password_file(&cmdline_auth_info
);
300 cmdline_auth_info
.got_pass
= True
;
311 pstrcpy(cmdline_auth_info
.username
,arg
);
312 if ((lp
=strchr_m(cmdline_auth_info
.username
,'%'))) {
314 pstrcpy(cmdline_auth_info
.password
,lp
+1);
315 cmdline_auth_info
.got_pass
= True
;
316 memset(strchr_m(arg
,'%')+1,'X',strlen(cmdline_auth_info
.password
));
322 get_credentials_file(arg
, &cmdline_auth_info
);
327 d_printf("No kerberos support compiled in\n");
330 cmdline_auth_info
.use_kerberos
= True
;
331 cmdline_auth_info
.got_pass
= True
;
337 cmdline_auth_info
.signing_state
= -1;
338 if (strequal(arg
, "off") || strequal(arg
, "no") || strequal(arg
, "false"))
339 cmdline_auth_info
.signing_state
= False
;
340 else if (strequal(arg
, "on") || strequal(arg
, "yes") || strequal(arg
, "true") ||
341 strequal(arg
, "auto") )
342 cmdline_auth_info
.signing_state
= True
;
343 else if (strequal(arg
, "force") || strequal(arg
, "required") || strequal(arg
, "forced"))
344 cmdline_auth_info
.signing_state
= Required
;
346 fprintf(stderr
, "Unknown signing option %s\n", arg
);
353 char *opt_password
= NULL
;
354 /* it is very useful to be able to make ads queries as the
355 machine account for testing purposes and for domain leave */
357 if (!secrets_init()) {
358 d_printf("ERROR: Unable to open secrets database\n");
362 opt_password
= secrets_fetch_machine_password(lp_workgroup(), NULL
, NULL
);
365 d_printf("ERROR: Unable to fetch machine password\n");
368 pstr_sprintf(cmdline_auth_info
.username
, "%s$",
370 pstrcpy(cmdline_auth_info
.password
,opt_password
);
371 SAFE_FREE(opt_password
);
373 /* machine accounts only work with kerberos */
374 cmdline_auth_info
.use_kerberos
= True
;
375 cmdline_auth_info
.got_pass
= True
;
383 struct poptOption popt_common_credentials
[] = {
384 { NULL
, 0, POPT_ARG_CALLBACK
|POPT_CBFLAG_PRE
, popt_common_credentials_callback
},
385 { "user", 'U', POPT_ARG_STRING
, NULL
, 'U', "Set the network username", "USERNAME" },
386 { "no-pass", 'N', POPT_ARG_NONE
, &cmdline_auth_info
.got_pass
, 0, "Don't ask for a password" },
387 { "kerberos", 'k', POPT_ARG_NONE
, &cmdline_auth_info
.use_kerberos
, 'k', "Use kerberos (active directory) authentication" },
388 { "authentication-file", 'A', POPT_ARG_STRING
, NULL
, 'A', "Get the credentials from a file", "FILE" },
389 { "signing", 'S', POPT_ARG_STRING
, NULL
, 'S', "Set the client signing state", "on|off|required" },
390 {"machine-pass", 'P', POPT_ARG_NONE
, NULL
, 'P', "Use stored machine account password" },