CVE-2022-2031 s4:kdc: Reject tickets during the last two minutes of their life
[Samba.git] / lib / cmdline / cmdline_s3.c
blob6e2c154c756baa961db6d68ea7c97bf18a223298
1 /*
2 * Copyright (c) 2020 Andreas Schneider <asn@samba.org>
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, either version 3 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 #include "lib/replace/replace.h"
19 #include <talloc.h>
20 #include "lib/param/param.h"
21 #include "lib/util/debug.h"
22 #include "lib/util/fault.h"
23 #include "source3/param/loadparm.h"
24 #include "dynconfig/dynconfig.h"
25 #include "source3/lib/interface.h"
26 #include "auth/credentials/credentials.h"
27 #include "dynconfig/dynconfig.h"
28 #include "cmdline_private.h"
29 #include "source3/include/secrets.h"
31 static bool _require_smbconf;
32 static enum samba_cmdline_config_type _config_type;
34 static bool _samba_cmdline_load_config_s3(void)
36 struct loadparm_context *lp_ctx = samba_cmdline_get_lp_ctx();
37 const char *config_file = NULL;
38 bool ok = false;
40 /* Load smb conf */
41 config_file = lpcfg_configfile(lp_ctx);
42 if (config_file == NULL) {
43 if (is_default_dyn_CONFIGFILE()) {
44 const char *env = getenv("SMB_CONF_PATH");
45 if (env != NULL && strlen(env) > 0) {
46 set_dyn_CONFIGFILE(env);
51 config_file = get_dyn_CONFIGFILE();
53 switch (_config_type) {
54 case SAMBA_CMDLINE_CONFIG_NONE:
55 return true;
56 case SAMBA_CMDLINE_CONFIG_CLIENT:
57 ok = lp_load_client(config_file);
58 break;
59 case SAMBA_CMDLINE_CONFIG_SERVER:
61 const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg =
62 samba_cmdline_get_daemon_cfg();
64 if (!cmdline_daemon_cfg->interactive) {
65 setup_logging(getprogname(), DEBUG_FILE);
68 ok = lp_load_global(config_file);
69 break;
73 if (!ok) {
74 fprintf(stderr,
75 "Can't load %s - run testparm to debug it\n",
76 config_file);
78 if (_require_smbconf) {
79 return false;
83 load_interfaces();
85 return true;
88 static NTSTATUS _samba_cmd_set_machine_account_s3(
89 struct cli_credentials *cred,
90 struct loadparm_context *lp_ctx)
92 struct db_context *db_ctx = secrets_db_ctx();
93 NTSTATUS status;
95 if (db_ctx == NULL) {
96 DBG_WARNING("failed to open secrets.tdb to obtain our "
97 "trust credentials for %s\n",
98 lpcfg_workgroup(lp_ctx));;
99 return NT_STATUS_INTERNAL_ERROR;
102 status = cli_credentials_set_machine_account_db_ctx(
103 cred, lp_ctx, db_ctx);
104 if (!NT_STATUS_IS_OK(status)) {
105 DBG_WARNING("cli_credentials_set_machine_account_db_ctx "
106 "failed: %s\n",
107 nt_errstr(status));
110 return status;
113 bool samba_cmdline_init(TALLOC_CTX *mem_ctx,
114 enum samba_cmdline_config_type config_type,
115 bool require_smbconf)
117 struct loadparm_context *lp_ctx = NULL;
118 struct cli_credentials *creds = NULL;
119 bool ok;
121 ok = samba_cmdline_init_common(mem_ctx);
122 if (!ok) {
123 return false;
126 lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());
127 if (lp_ctx == NULL) {
128 return false;
130 ok = samba_cmdline_set_lp_ctx(lp_ctx);
131 if (!ok) {
132 return false;
135 _require_smbconf = require_smbconf;
136 _config_type = config_type;
138 creds = cli_credentials_init(mem_ctx);
139 if (creds == NULL) {
140 return false;
142 ok = samba_cmdline_set_creds(creds);
143 if (!ok) {
144 return false;
147 samba_cmdline_set_load_config_fn(_samba_cmdline_load_config_s3);
148 samba_cmdline_set_machine_account_fn(
149 _samba_cmd_set_machine_account_s3);
151 return true;