From 58e4399d113a2736b3ed6f5fe29d090f350f6a6a Mon Sep 17 00:00:00 2001
From: Olly Betts <olly@survex.com>
Date: Tue, 1 May 2018 13:19:58 +1200
Subject: [PATCH 1/2] net: Add support for a credentials file

Add support for the same -A authfile/--authentication-file authfile
option that most of the other tools already do.

Signed-off-by: Olly Betts <olly@survex.com>
---
 docs-xml/manpages/net.8.xml |  1 +
 source3/utils/net.c         | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 499fd4291de..37dfa2af694 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -26,6 +26,7 @@
 		<arg choice="opt">-w|--workgroup workgroup</arg>
 		<arg choice="opt">-W|--myworkgroup myworkgroup</arg>
 		<arg choice="opt">-U|--user user</arg>
+		<arg choice="opt">-A|--authentication-file authfile</arg>
 		<arg choice="opt">-I|--ipaddress ip-address</arg>
 		<arg choice="opt">-p|--port port</arg>
 		<arg choice="opt">-n myname</arg>
diff --git a/source3/utils/net.c b/source3/utils/net.c
index e0776c8d82c..769e6f86f8f 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -50,6 +50,7 @@
 #include "messages.h"
 #include "cmdline_contexts.h"
 #include "lib/gencache.h"
+#include "auth/credentials/credentials.h"
 
 #ifdef WITH_FAKE_KASERVER
 #include "utils/net_afs.h"
@@ -904,6 +905,26 @@ static struct functable net_func[] = {
 };
 
 
+static void get_credentials_file(struct net_context *c,
+				 const char *file)
+{
+	struct cli_credentials *cred = cli_credentials_init(c);
+
+	if (cred == NULL) {
+		d_printf("ERROR: Unable to allocate memory!\n");
+		exit(-1);
+	}
+
+	if (!cli_credentials_parse_file(cred, file, CRED_GUESS_FILE)) {
+		exit(-1);
+	}
+
+	c->opt_user_name = cli_credentials_get_username(cred);
+	c->opt_user_specified = (c->opt_user_name != NULL);
+	c->opt_password = cli_credentials_get_password(cred);
+	c->opt_target_workgroup = cli_credentials_get_domain(cred);
+}
+
 /****************************************************************************
   main program
 ****************************************************************************/
@@ -923,6 +944,7 @@ static struct functable net_func[] = {
 		{"help",	'h', POPT_ARG_NONE,   0, 'h'},
 		{"workgroup",	'w', POPT_ARG_STRING, &c->opt_target_workgroup},
 		{"user",	'U', POPT_ARG_STRING, &c->opt_user_name, 'U'},
+		{"authentication-file", 'A', POPT_ARG_STRING, &c->opt_user_name, 'A', "Get the credentials from a file", "FILE"},
 		{"ipaddress",	'I', POPT_ARG_STRING, 0,'I'},
 		{"port",	'p', POPT_ARG_INT,    &c->opt_port},
 		{"myname",	'n', POPT_ARG_STRING, &c->opt_requester_name},
@@ -1025,6 +1047,9 @@ static struct functable net_func[] = {
 				c->opt_password = p+1;
 			}
 			break;
+		case 'A':
+			get_credentials_file(c, c->opt_user_name);
+			break;
 		default:
 			d_fprintf(stderr, _("\nInvalid option %s: %s\n"),
 				 poptBadOption(pc, 0), poptStrerror(opt));

From 6a889df5d47693da3e522e054c0b72a5e449f55a Mon Sep 17 00:00:00 2001
From: Olly Betts <olly@survex.com>
Date: Wed, 24 Oct 2018 11:46:11 +1300
Subject: [PATCH 2/2] New testcase samba3.blackbox.net_rpc_join_creds

Tests that you can now use a credentials file with net.

Signed-off-by: Olly Betts <olly@survex.com>
---
 .../script/tests/test_net_rpc_join_creds.sh   | 30 +++++++++++++++++++
 source3/selftest/tests.py                     |  4 +++
 2 files changed, 34 insertions(+)
 create mode 100755 source3/script/tests/test_net_rpc_join_creds.sh

diff --git a/source3/script/tests/test_net_rpc_join_creds.sh b/source3/script/tests/test_net_rpc_join_creds.sh
new file mode 100755
index 00000000000..f47dce4a1ea
--- /dev/null
+++ b/source3/script/tests/test_net_rpc_join_creds.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+if [ $# -lt 5 ]; then
+cat <<EOF
+Usage: test_net_rpc_join_creds.sh  DOMAIN USERNAME PASSWORD SERVER PREFIX
+EOF
+exit 1;
+fi
+
+DOMAIN="$1"
+USERNAME="$2"
+PASSWORD="$3"
+SERVER="$4"
+PREFIX="$5"
+shift 5
+ADDARGS="$*"
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+mkdir -p $PREFIX/private
+# Test using a credentials file.
+credsfile=$PREFIX/creds.$$
+printf '%s\n' "username=$USERNAME" "password=$PASSWORD" "domain=$DOMAIN" > "$credsfile"
+testit "net_rpc_join_creds" $VALGRIND $BINDIR/net rpc join -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private -A"$credsfile" $ADDARGS || failed=`expr $failed + 1`
+testit "net_rpc_testjoin_creds" $VALGRIND $BINDIR/net rpc testjoin -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1`
+testit "net_rpc_changetrustpw_creds" $VALGRIND $BINDIR/net rpc changetrustpw -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1`
+testit "net_rpc_testjoin2_creds" $VALGRIND $BINDIR/net rpc testjoin -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1`
+rm -f $credsfile
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index f3c5c39664b..4b5707e8e27 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -717,6 +717,10 @@ def plansmbtorture4testsuite(name, env, options, description=''):
               [os.path.join(samba3srcdir, "script/tests/test_net_rpc_oldjoin.sh"),
                "$SERVER", "$PREFIX/net_rpc_oldjoin",
                "$SMB_CONF_PATH"])
+plantestsuite("samba3.blackbox.net_rpc_join_creds", "nt4_dc",
+              [os.path.join(samba3srcdir, "script/tests/test_net_rpc_join_creds.sh"),
+               "$DOMAIN", "$USERNAME", "$PASSWORD", "$SERVER", "$PREFIX/net_rpc_join_creds",
+               configuration])
 
 plantestsuite("samba3.blackbox.rpcclient_srvsvc", "simpleserver",
               [os.path.join(samba3srcdir, "script/tests/test_rpcclientsrvsvc.sh"),