2 Unix SMB/CIFS implementation.
3 Samba utility functions
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2007
6 Copyright (C) Simo Sorce 2001
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
8 Copyright (C) James Peach 2006
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "auth_info.h"
28 /**************************************************************************n
29 Code to cope with username/password auth options from the commandline.
30 Used mainly in client tools.
31 ****************************************************************************/
33 struct user_auth_info
{
41 bool use_machine_account
;
42 bool fallback_after_kerberos
;
47 struct user_auth_info
*user_auth_info_init(TALLOC_CTX
*mem_ctx
)
49 struct user_auth_info
*result
;
51 result
= talloc_zero(mem_ctx
, struct user_auth_info
);
56 result
->signing_state
= SMB_SIGNING_DEFAULT
;
60 const char *get_cmdline_auth_info_username(const struct user_auth_info
*auth_info
)
62 if (!auth_info
->username
) {
65 return auth_info
->username
;
68 void set_cmdline_auth_info_username(struct user_auth_info
*auth_info
,
73 bool contains_domain
= false;
75 s
= talloc_strdup(auth_info
, username
);
80 p
= strchr_m(s
, '\\');
82 contains_domain
= true;
84 if (!contains_domain
) {
87 contains_domain
= true;
90 if (!contains_domain
) {
91 char sep
= *lp_winbind_separator();
94 p
= strchr_m(s
, *lp_winbind_separator());
96 contains_domain
= true;
101 if (contains_domain
) {
105 /* s is now the workgroup part */
106 set_cmdline_auth_info_domain(auth_info
, s
);
109 TALLOC_FREE(auth_info
->username
);
110 auth_info
->username
= talloc_strdup(auth_info
, username
);
114 if (!auth_info
->username
) {
119 const char *get_cmdline_auth_info_domain(const struct user_auth_info
*auth_info
)
121 if (!auth_info
->domain
) {
124 return auth_info
->domain
;
127 void set_cmdline_auth_info_domain(struct user_auth_info
*auth_info
,
130 TALLOC_FREE(auth_info
->domain
);
131 auth_info
->domain
= talloc_strdup(auth_info
, domain
);
132 if (!auth_info
->domain
) {
137 const char *get_cmdline_auth_info_password(const struct user_auth_info
*auth_info
)
139 if (!auth_info
->password
) {
142 return auth_info
->password
;
145 void set_cmdline_auth_info_password(struct user_auth_info
*auth_info
,
146 const char *password
)
148 TALLOC_FREE(auth_info
->password
);
149 if (password
== NULL
) {
152 auth_info
->password
= talloc_strdup(auth_info
, password
);
153 if (!auth_info
->password
) {
156 auth_info
->got_pass
= true;
159 bool set_cmdline_auth_info_signing_state(struct user_auth_info
*auth_info
,
162 auth_info
->signing_state
= SMB_SIGNING_DEFAULT
;
163 if (strequal(arg
, "off") || strequal(arg
, "no") ||
164 strequal(arg
, "false")) {
165 auth_info
->signing_state
= SMB_SIGNING_OFF
;
166 } else if (strequal(arg
, "on") || strequal(arg
, "yes") ||
167 strequal(arg
, "if_required") ||
168 strequal(arg
, "true") || strequal(arg
, "auto")) {
169 auth_info
->signing_state
= SMB_SIGNING_IF_REQUIRED
;
170 } else if (strequal(arg
, "force") || strequal(arg
, "required") ||
171 strequal(arg
, "forced")) {
172 auth_info
->signing_state
= SMB_SIGNING_REQUIRED
;
179 void set_cmdline_auth_info_signing_state_raw(struct user_auth_info
*auth_info
,
182 auth_info
->signing_state
= signing_state
;
185 int get_cmdline_auth_info_signing_state(const struct user_auth_info
*auth_info
)
187 return auth_info
->signing_state
;
190 void set_cmdline_auth_info_use_ccache(struct user_auth_info
*auth_info
, bool b
)
192 auth_info
->use_ccache
= b
;
195 bool get_cmdline_auth_info_use_ccache(const struct user_auth_info
*auth_info
)
197 return auth_info
->use_ccache
;
200 void set_cmdline_auth_info_use_pw_nt_hash(struct user_auth_info
*auth_info
,
203 auth_info
->use_pw_nt_hash
= b
;
206 bool get_cmdline_auth_info_use_pw_nt_hash(
207 const struct user_auth_info
*auth_info
)
209 return auth_info
->use_pw_nt_hash
;
212 void set_cmdline_auth_info_use_kerberos(struct user_auth_info
*auth_info
,
215 auth_info
->use_kerberos
= b
;
218 bool get_cmdline_auth_info_use_kerberos(const struct user_auth_info
*auth_info
)
220 return auth_info
->use_kerberos
;
223 void set_cmdline_auth_info_fallback_after_kerberos(struct user_auth_info
*auth_info
,
226 auth_info
->fallback_after_kerberos
= b
;
229 bool get_cmdline_auth_info_fallback_after_kerberos(const struct user_auth_info
*auth_info
)
231 return auth_info
->fallback_after_kerberos
;
234 /* This should only be used by lib/popt_common.c JRA */
235 void set_cmdline_auth_info_use_krb5_ticket(struct user_auth_info
*auth_info
)
237 auth_info
->use_kerberos
= true;
238 auth_info
->got_pass
= true;
241 /* This should only be used by lib/popt_common.c JRA */
242 void set_cmdline_auth_info_smb_encrypt(struct user_auth_info
*auth_info
)
244 auth_info
->smb_encrypt
= true;
247 void set_cmdline_auth_info_use_machine_account(struct user_auth_info
*auth_info
)
249 auth_info
->use_machine_account
= true;
252 bool get_cmdline_auth_info_got_pass(const struct user_auth_info
*auth_info
)
254 return auth_info
->got_pass
;
257 bool get_cmdline_auth_info_smb_encrypt(const struct user_auth_info
*auth_info
)
259 return auth_info
->smb_encrypt
;
262 bool get_cmdline_auth_info_use_machine_account(const struct user_auth_info
*auth_info
)
264 return auth_info
->use_machine_account
;
267 bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info
*auth_info
)
270 char *account
= NULL
;
271 const char *realm
= lp_realm();
275 if (!get_cmdline_auth_info_use_machine_account(auth_info
)) {
279 if (!secrets_init()) {
280 d_printf("ERROR: Unable to open secrets database\n");
284 if (realm
!= NULL
&& realm
[0] != '\0') {
285 rc
= asprintf(&account
,
293 rc
= asprintf(&account
,
301 pass
= secrets_fetch_machine_password(lp_workgroup(), NULL
, NULL
);
303 d_printf("ERROR: Unable to fetch machine password for "
305 account
, lp_workgroup());
310 set_cmdline_auth_info_username(auth_info
, account
);
311 set_cmdline_auth_info_password(auth_info
, pass
);
319 /****************************************************************************
320 Ensure we have a password if one not given.
321 ****************************************************************************/
323 void set_cmdline_auth_info_getpass(struct user_auth_info
*auth_info
)
330 if (get_cmdline_auth_info_got_pass(auth_info
) ||
331 get_cmdline_auth_info_use_ccache(auth_info
) ||
332 get_cmdline_auth_info_use_kerberos(auth_info
)) {
333 /* Already got one... */
337 frame
= talloc_stackframe();
338 label
= talloc_asprintf(frame
, "Enter %s's password: ",
339 get_cmdline_auth_info_username(auth_info
));
340 rc
= samba_getpass(label
, pwd
, sizeof(pwd
), false, false);
342 set_cmdline_auth_info_password(auth_info
, pwd
);