search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:util_cmdline: make struct user_auth_info private to util_cmdline.c
[Samba.git] / source3 / lib / util_cmdline.c
blob68ba7aad24450f53a9501473bf56710f7926ce51
1 /*
2 Unix SMB/CIFS implementation.
3 Samba utility functions
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2007
6 Copyright (C) Simo Sorce 2001
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
8 Copyright (C) James Peach 2006
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "auth_info.h"
26 #include "secrets.h"
27
28 /**************************************************************************n
29 Code to cope with username/password auth options from the commandline.
30 Used mainly in client tools.
31 ****************************************************************************/
32
33 struct user_auth_info {
34 char *username;
35 char *domain;
36 char *password;
37 bool got_pass;
38 bool use_kerberos;
39 int signing_state;
40 bool smb_encrypt;
41 bool use_machine_account;
42 bool fallback_after_kerberos;
43 bool use_ccache;
44 bool use_pw_nt_hash;
45 };
46
47 struct user_auth_info *user_auth_info_init(TALLOC_CTX *mem_ctx)
48 {
49 struct user_auth_info *result;
50
51 result = talloc_zero(mem_ctx, struct user_auth_info);
52 if (result == NULL) {
53 return NULL;
54 }
55
56 result->signing_state = SMB_SIGNING_DEFAULT;
57 return result;
58 }
59
60 const char *get_cmdline_auth_info_username(const struct user_auth_info *auth_info)
61 {
62 if (!auth_info->username) {
63 return "";
64 }
65 return auth_info->username;
66 }
67
68 void set_cmdline_auth_info_username(struct user_auth_info *auth_info,
69 const char *username)
70 {
71 char *s;
72 char *p;
73 bool contains_domain = false;
74
75 s = talloc_strdup(auth_info, username);
76 if (s == NULL) {
77 exit(ENOMEM);
78 }
79
80 p = strchr_m(s, '\\');
81 if (p != NULL) {
82 contains_domain = true;
83 }
84 if (!contains_domain) {
85 p = strchr_m(s, '/');
86 if (p != NULL) {
87 contains_domain = true;
88 }
89 }
90 if (!contains_domain) {
91 char sep = *lp_winbind_separator();
92
93 if (sep != '\0') {
94 p = strchr_m(s, *lp_winbind_separator());
95 if (p != NULL) {
96 contains_domain = true;
97 }
98 }
99 }
100
101 if (contains_domain) {
102 *p = '\0';
103 username = p + 1;
104
105 /* s is now the workgroup part */
106 set_cmdline_auth_info_domain(auth_info, s);
107 }
108
109 TALLOC_FREE(auth_info->username);
110 auth_info->username = talloc_strdup(auth_info, username);
111
112 TALLOC_FREE(s);
113
114 if (!auth_info->username) {
115 exit(ENOMEM);
116 }
117 }
118
119 const char *get_cmdline_auth_info_domain(const struct user_auth_info *auth_info)
120 {
121 if (!auth_info->domain) {
122 return "";
123 }
124 return auth_info->domain;
125 }
126
127 void set_cmdline_auth_info_domain(struct user_auth_info *auth_info,
128 const char *domain)
129 {
130 TALLOC_FREE(auth_info->domain);
131 auth_info->domain = talloc_strdup(auth_info, domain);
132 if (!auth_info->domain) {
133 exit(ENOMEM);
134 }
135 }
136
137 const char *get_cmdline_auth_info_password(const struct user_auth_info *auth_info)
138 {
139 if (!auth_info->password) {
140 return "";
141 }
142 return auth_info->password;
143 }
144
145 void set_cmdline_auth_info_password(struct user_auth_info *auth_info,
146 const char *password)
147 {
148 TALLOC_FREE(auth_info->password);
149 if (password == NULL) {
150 password = "";
151 }
152 auth_info->password = talloc_strdup(auth_info, password);
153 if (!auth_info->password) {
154 exit(ENOMEM);
155 }
156 auth_info->got_pass = true;
157 }
158
159 bool set_cmdline_auth_info_signing_state(struct user_auth_info *auth_info,
160 const char *arg)
161 {
162 auth_info->signing_state = SMB_SIGNING_DEFAULT;
163 if (strequal(arg, "off") || strequal(arg, "no") ||
164 strequal(arg, "false")) {
165 auth_info->signing_state = SMB_SIGNING_OFF;
166 } else if (strequal(arg, "on") || strequal(arg, "yes") ||
167 strequal(arg, "if_required") ||
168 strequal(arg, "true") || strequal(arg, "auto")) {
169 auth_info->signing_state = SMB_SIGNING_IF_REQUIRED;
170 } else if (strequal(arg, "force") || strequal(arg, "required") ||
171 strequal(arg, "forced")) {
172 auth_info->signing_state = SMB_SIGNING_REQUIRED;
173 } else {
174 return false;
175 }
176 return true;
177 }
178
179 void set_cmdline_auth_info_signing_state_raw(struct user_auth_info *auth_info,
180 int signing_state)
181 {
182 auth_info->signing_state = signing_state;
183 }
184
185 int get_cmdline_auth_info_signing_state(const struct user_auth_info *auth_info)
186 {
187 return auth_info->signing_state;
188 }
189
190 void set_cmdline_auth_info_use_ccache(struct user_auth_info *auth_info, bool b)
191 {
192 auth_info->use_ccache = b;
193 }
194
195 bool get_cmdline_auth_info_use_ccache(const struct user_auth_info *auth_info)
196 {
197 return auth_info->use_ccache;
198 }
199
200 void set_cmdline_auth_info_use_pw_nt_hash(struct user_auth_info *auth_info,
201 bool b)
202 {
203 auth_info->use_pw_nt_hash = b;
204 }
205
206 bool get_cmdline_auth_info_use_pw_nt_hash(
207 const struct user_auth_info *auth_info)
208 {
209 return auth_info->use_pw_nt_hash;
210 }
211
212 void set_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info,
213 bool b)
214 {
215 auth_info->use_kerberos = b;
216 }
217
218 bool get_cmdline_auth_info_use_kerberos(const struct user_auth_info *auth_info)
219 {
220 return auth_info->use_kerberos;
221 }
222
223 void set_cmdline_auth_info_fallback_after_kerberos(struct user_auth_info *auth_info,
224 bool b)
225 {
226 auth_info->fallback_after_kerberos = b;
227 }
228
229 bool get_cmdline_auth_info_fallback_after_kerberos(const struct user_auth_info *auth_info)
230 {
231 return auth_info->fallback_after_kerberos;
232 }
233
234 /* This should only be used by lib/popt_common.c JRA */
235 void set_cmdline_auth_info_use_krb5_ticket(struct user_auth_info *auth_info)
236 {
237 auth_info->use_kerberos = true;
238 auth_info->got_pass = true;
239 }
240
241 /* This should only be used by lib/popt_common.c JRA */
242 void set_cmdline_auth_info_smb_encrypt(struct user_auth_info *auth_info)
243 {
244 auth_info->smb_encrypt = true;
245 }
246
247 void set_cmdline_auth_info_use_machine_account(struct user_auth_info *auth_info)
248 {
249 auth_info->use_machine_account = true;
250 }
251
252 bool get_cmdline_auth_info_got_pass(const struct user_auth_info *auth_info)
253 {
254 return auth_info->got_pass;
255 }
256
257 bool get_cmdline_auth_info_smb_encrypt(const struct user_auth_info *auth_info)
258 {
259 return auth_info->smb_encrypt;
260 }
261
262 bool get_cmdline_auth_info_use_machine_account(const struct user_auth_info *auth_info)
263 {
264 return auth_info->use_machine_account;
265 }
266
267 bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info *auth_info)
268 {
269 char *pass = NULL;
270 char *account = NULL;
271 const char *realm = lp_realm();
272 int rc;
273
274
275 if (!get_cmdline_auth_info_use_machine_account(auth_info)) {
276 return false;
277 }
278
279 if (!secrets_init()) {
280 d_printf("ERROR: Unable to open secrets database\n");
281 return false;
282 }
283
284 if (realm != NULL && realm[0] != '\0') {
285 rc = asprintf(&account,
286 "%s$@%s",
287 lp_netbios_name(),
288 realm);
289 if (rc < 0) {
290 return false;
291 }
292 } else {
293 rc = asprintf(&account,
294 "%s$",
295 lp_netbios_name());
296 if (rc < 0) {
297 return false;
298 }
299 }
300
301 pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
302 if (!pass) {
303 d_printf("ERROR: Unable to fetch machine password for "
304 "%s in domain %s\n",
305 account, lp_workgroup());
306 SAFE_FREE(account);
307 return false;
308 }
309
310 set_cmdline_auth_info_username(auth_info, account);
311 set_cmdline_auth_info_password(auth_info, pass);
312
313 SAFE_FREE(account);
314 SAFE_FREE(pass);
315
316 return true;
317 }
318
319 /****************************************************************************
320 Ensure we have a password if one not given.
321 ****************************************************************************/
322
323 void set_cmdline_auth_info_getpass(struct user_auth_info *auth_info)
324 {
325 char *label = NULL;
326 char pwd[256] = {0};
327 int rc;
328 TALLOC_CTX *frame;
329
330 if (get_cmdline_auth_info_got_pass(auth_info) ||
331 get_cmdline_auth_info_use_ccache(auth_info) ||
332 get_cmdline_auth_info_use_kerberos(auth_info)) {
333 /* Already got one... */
334 return;
335 }
336
337 frame = talloc_stackframe();
338 label = talloc_asprintf(frame, "Enter %s's password: ",
339 get_cmdline_auth_info_username(auth_info));
340 rc = samba_getpass(label, pwd, sizeof(pwd), false, false);
341 if (rc == 0) {
342 set_cmdline_auth_info_password(auth_info, pwd);
343 }
344 TALLOC_FREE(frame);
345 }
Samba GIT mirror