1/* 2 Unix SMB/CIFS implementation. 3 Credentials popt routines 4 5 Copyright (C) Jelmer Vernooij 2002,2003,2005 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 3 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program. If not, see <http://www.gnu.org/licenses/>. 19*/ 20 21#include "includes.h" 22#include "lib/cmdline/popt_common.h" 23#include "lib/cmdline/credentials.h" 24#include "auth/credentials/credentials.h" 25#include "auth/gensec/gensec.h" 26#include "param/param.h" 27 28/* Handle command line options: 29 * -U,--user 30 * -A,--authentication-file 31 * -k,--use-kerberos 32 * -N,--no-pass 33 * -S,--signing 34 * -P --machine-pass 35 * --simple-bind-dn 36 * --password 37 */ 38 39 40static bool dont_ask; 41 42enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS }; 43 44/* 45 disable asking for a password 46*/ 47void popt_common_dont_ask(void) 48{ 49 dont_ask = true; 50} 51 52static void popt_common_credentials_callback(poptContext con, 53 enum poptCallbackReason reason, 54 const struct poptOption *opt, 55 const char *arg, const void *data) 56{ 57 if (reason == POPT_CALLBACK_REASON_PRE) { 58 cmdline_credentials = cli_credentials_init(talloc_autofree_context()); 59 return; 60 } 61 62 if (reason == POPT_CALLBACK_REASON_POST) { 63 cli_credentials_guess(cmdline_credentials, cmdline_lp_ctx); 64 65 if (!dont_ask) { 66 cli_credentials_set_cmdline_callbacks(cmdline_credentials); 67 } 68 return; 69 } 70 71 switch(opt->val) { 72 case 'U': 73 { 74 char *lp; 75 76 cli_credentials_parse_string(cmdline_credentials, arg, CRED_SPECIFIED); 77 /* This breaks the abstraction, including the const above */ 78 if ((lp=strchr_m(arg,'%'))) { 79 lp[0]='\0'; 80 lp++; 81 /* Try to prevent this showing up in ps */ 82 memset(lp,0,strlen(lp)); 83 } 84 } 85 break; 86 87 case OPT_PASSWORD: 88 cli_credentials_set_password(cmdline_credentials, arg, CRED_SPECIFIED); 89 /* Try to prevent this showing up in ps */ 90 memset(discard_const(arg),0,strlen(arg)); 91 break; 92 93 case 'A': 94 cli_credentials_parse_file(cmdline_credentials, arg, CRED_SPECIFIED); 95 break; 96 97 case 'P': 98 /* Later, after this is all over, get the machine account details from the secrets.ldb */ 99 cli_credentials_set_machine_account_pending(cmdline_credentials, cmdline_lp_ctx); 100 break; 101 102 case OPT_KERBEROS: 103 { 104 bool use_kerberos = true; 105 /* Force us to only use kerberos */ 106 if (arg) { 107 if (!set_boolean(arg, &use_kerberos)) { 108 fprintf(stderr, "Error parsing -k %s\n", arg); 109 exit(1); 110 break; 111 } 112 } 113 114 cli_credentials_set_kerberos_state(cmdline_credentials, 115 use_kerberos 116 ? CRED_MUST_USE_KERBEROS 117 : CRED_DONT_USE_KERBEROS); 118 break; 119 } 120 121 case OPT_SIMPLE_BIND_DN: 122 cli_credentials_set_bind_dn(cmdline_credentials, arg); 123 break; 124 } 125} 126 127 128 129struct poptOption popt_common_credentials[] = { 130 { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST, (void *)popt_common_credentials_callback }, 131 { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "[DOMAIN/]USERNAME[%PASSWORD]" }, 132 { "no-pass", 'N', POPT_ARG_NONE, &dont_ask, 'N', "Don't ask for a password" }, 133 { "password", 0, POPT_ARG_STRING, NULL, OPT_PASSWORD, "Password" }, 134 { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" }, 135 { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password (implies -k)" }, 136 { "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN to use for a simple bind" }, 137 { "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos" }, 138 { NULL } 139}; 140