2 Unix SMB/CIFS implementation.
3 Common popt routines only used by cmdline utils
5 Copyright (C) Tim Potter 2001,2002
6 Copyright (C) Jelmer Vernooij 2002,2003
7 Copyright (C) James Peach 2006
8 Copyright (C) Christof Schmitt 2018
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 /* Handle command line options:
26 * -A,--authentication-file
35 #include "popt_common_cmdline.h"
37 #include "auth_info.h"
38 #include "cmdline_contexts.h"
40 static struct user_auth_info
*cmdline_auth_info
;
42 struct user_auth_info
*popt_get_cmdline_auth_info(void)
44 return cmdline_auth_info
;
46 void popt_free_cmdline_auth_info(void)
48 TALLOC_FREE(cmdline_auth_info
);
51 static bool popt_common_credentials_ignore_missing_conf
;
52 static bool popt_common_credentials_delay_post
;
54 void popt_common_credentials_set_ignore_missing_conf(void)
56 popt_common_credentials_ignore_missing_conf
= true;
59 void popt_common_credentials_set_delay_post(void)
61 popt_common_credentials_delay_post
= true;
64 void popt_common_credentials_post(void)
66 if (get_cmdline_auth_info_use_machine_account(cmdline_auth_info
) &&
67 !set_cmdline_auth_info_machine_account_creds(cmdline_auth_info
))
70 "Failed to use machine account credentials\n");
74 set_cmdline_auth_info_getpass(cmdline_auth_info
);
77 * When we set the username during the handling of the options passed to
78 * the binary we haven't loaded the config yet. This means that we
79 * didn't take the 'winbind separator' into account.
81 * The username might contain the domain name and thus it hasn't been
82 * correctly parsed yet. If we have a username we need to set it again
83 * to run the string parser for the username correctly.
85 reset_cmdline_auth_info_username(cmdline_auth_info
);
88 static void popt_common_credentials_callback(poptContext con
,
89 enum poptCallbackReason reason
,
90 const struct poptOption
*opt
,
91 const char *arg
, const void *data
)
93 if (reason
== POPT_CALLBACK_REASON_PRE
) {
94 struct user_auth_info
*auth_info
=
95 user_auth_info_init(NULL
);
96 if (auth_info
== NULL
) {
97 fprintf(stderr
, "user_auth_info_init() failed\n");
100 cmdline_auth_info
= auth_info
;
104 if (reason
== POPT_CALLBACK_REASON_POST
) {
107 ok
= lp_load_client(get_dyn_CONFIGFILE());
109 const char *pname
= poptGetInvocationName(con
);
111 fprintf(stderr
, "%s: Can't load %s - run testparm to debug it\n",
112 pname
, get_dyn_CONFIGFILE());
113 if (!popt_common_credentials_ignore_missing_conf
) {
120 set_cmdline_auth_info_guess(cmdline_auth_info
);
122 if (popt_common_credentials_delay_post
) {
126 popt_common_credentials_post();
132 set_cmdline_auth_info_username(cmdline_auth_info
, arg
);
136 set_cmdline_auth_info_from_file(cmdline_auth_info
, arg
);
141 d_printf("No kerberos support compiled in\n");
144 set_cmdline_auth_info_use_krb5_ticket(cmdline_auth_info
);
149 if (!set_cmdline_auth_info_signing_state(cmdline_auth_info
,
151 fprintf(stderr
, "Unknown signing option %s\n", arg
);
156 set_cmdline_auth_info_use_machine_account(cmdline_auth_info
);
159 set_cmdline_auth_info_password(cmdline_auth_info
, "");
162 set_cmdline_auth_info_smb_encrypt(cmdline_auth_info
);
165 set_cmdline_auth_info_use_ccache(cmdline_auth_info
, true);
168 set_cmdline_auth_info_use_pw_nt_hash(cmdline_auth_info
, true);
174 * @brief Burn the commandline password.
176 * This function removes the password from the command line so we
177 * don't leak the password e.g. in 'ps aux'.
179 * It should be called after processing the options and you should pass down
182 * @param[in] argc The number of arguments.
184 * @param[in] argv[] The argument array we will find the array.
186 void popt_burn_cmdline_password(int argc
, char *argv
[])
192 for (i
= 0; i
< argc
; i
++) {
198 if (strncmp(p
, "-U", 2) == 0) {
201 } else if (strncmp(p
, "--user", 6) == 0) {
207 if (strlen(p
) == ulen
) {
211 p
= strchr_m(p
, '%');
213 memset_s(p
, strlen(p
), '\0', strlen(p
));
220 struct poptOption popt_common_credentials
[] = {
222 .argInfo
= POPT_ARG_CALLBACK
|POPT_CBFLAG_PRE
|POPT_CBFLAG_POST
,
223 .arg
= (void *)popt_common_credentials_callback
,
228 .argInfo
= POPT_ARG_STRING
,
230 .descrip
= "Set the network username",
231 .argDescrip
= "USERNAME",
234 .longName
= "no-pass",
236 .argInfo
= POPT_ARG_NONE
,
238 .descrip
= "Don't ask for a password",
241 .longName
= "kerberos",
243 .argInfo
= POPT_ARG_NONE
,
245 .descrip
= "Use kerberos (active directory) authentication",
248 .longName
= "authentication-file",
250 .argInfo
= POPT_ARG_STRING
,
252 .descrip
= "Get the credentials from a file",
253 .argDescrip
= "FILE",
256 .longName
= "signing",
258 .argInfo
= POPT_ARG_STRING
,
260 .descrip
= "Set the client signing state",
261 .argDescrip
= "on|off|required",
264 .longName
= "machine-pass",
266 .argInfo
= POPT_ARG_NONE
,
268 .descrip
= "Use stored machine account password",
271 .longName
= "encrypt",
273 .argInfo
= POPT_ARG_NONE
,
275 .descrip
= "Encrypt SMB transport",
278 .longName
= "use-ccache",
280 .argInfo
= POPT_ARG_NONE
,
282 .descrip
= "Use the winbind ccache for authentication",
285 .longName
= "pw-nt-hash",
287 .argInfo
= POPT_ARG_NONE
,
289 .descrip
= "The supplied password is the NT hash",