[SCM] Samba Shared Repository - branch v3-4-test updated -
release-4-0-0alpha7-1069-gc039bc1
Kai Blin
kai at samba.org
Tue May 26 05:30:31 GMT 2009
The branch, v3-4-test has been updated
via c039bc15ba597d955d0ccbf5642388b0a03ba40b (commit)
from 8987ca29062db53db117d6c9d9ce2ad01ed17d22 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit c039bc15ba597d955d0ccbf5642388b0a03ba40b
Author: Kai Blin <kai at samba.org>
Date: Thu May 14 11:39:01 2009 +0200
net: Use samba default command line arguments.
Attention:
The meaning of the -N flag changed.
To get the old meaning for net groupmap set, use the long option --ntname
The long option for using kerberos changed from --kerberos to --use-kerberos
net rpc commands will now prompt for a password if none is given.
As a benefit, net will now accept an authentication file like other samba
command line tools. So no need to specify the password on the command line in
scripts anymore.
This should fix bug #6357
Signed-off-by: Kai Blin <kai at samba.org>
(cherry picked from commit fb262f79fab00374023e59476e8d05a1015a7041)
-----------------------------------------------------------------------
Summary of changes:
source3/utils/net.c | 43 ++++------------
source3/utils/net.h | 9 +---
source3/utils/net_ads.c | 81 ++++++++++++++---------------
source3/utils/net_dom.c | 8 ++-
source3/utils/net_help.c | 1 +
source3/utils/net_proto.h | 3 -
source3/utils/net_rpc.c | 74 +++++++++++++++++---------
source3/utils/net_rpc_join.c | 3 +-
source3/utils/net_rpc_samsync.c | 4 +-
source3/utils/net_rpc_shell.c | 9 ++-
source3/utils/net_util.c | 109 ++++++--------------------------------
11 files changed, 135 insertions(+), 209 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/utils/net.c b/source3/utils/net.c
index d58858c..2033082 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -618,7 +618,6 @@ static struct functable net_func[] = {
int main(int argc, const char **argv)
{
int opt,i;
- char *p;
int rc = 0;
int argc_new = 0;
const char ** argv_new;
@@ -629,12 +628,10 @@ static struct functable net_func[] = {
struct poptOption long_options[] = {
{"help", 'h', POPT_ARG_NONE, 0, 'h'},
{"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup},
- {"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'},
{"ipaddress", 'I', POPT_ARG_STRING, 0,'I'},
{"port", 'p', POPT_ARG_INT, &c->opt_port},
{"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name},
{"server", 'S', POPT_ARG_STRING, &c->opt_host},
- {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
{"container", 'c', POPT_ARG_STRING, &c->opt_container},
{"comment", 'C', POPT_ARG_STRING, &c->opt_comment},
{"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers},
@@ -645,15 +642,13 @@ static struct functable net_func[] = {
{"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin},
{"timeout", 't', POPT_ARG_INT, &c->opt_timeout},
{"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout},
- {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass},
- {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos},
{"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup},
{"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose},
{"test", 'T', POPT_ARG_NONE, &c->opt_testmode},
/* Options for 'net groupmap set' */
{"local", 'L', POPT_ARG_NONE, &c->opt_localgroup},
{"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup},
- {"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname},
+ {"ntname", 0, POPT_ARG_STRING, &c->opt_newntname},
{"rid", 'R', POPT_ARG_INT, &c->opt_rid},
/* Options for 'net rpc share migrate' */
{"acls", 0, POPT_ARG_NONE, &c->opt_acls},
@@ -668,6 +663,7 @@ static struct functable net_func[] = {
{"clean-old-entries", 0, POPT_ARG_NONE, &c->opt_clean_old_entries},
POPT_COMMON_SAMBA
+ POPT_COMMON_CREDENTIALS
{ 0, 0, 0, 0}
};
@@ -681,6 +677,13 @@ static struct functable net_func[] = {
dbf = x_stderr;
c->private_data = net_func;
+ c->auth_info = user_auth_info_init(frame);
+ if (c->auth_info == NULL) {
+ d_fprintf(stderr, "\nOut of memory!\n");
+ exit(1);
+ }
+ popt_common_set_auth_info(c->auth_info);
+
pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
@@ -688,9 +691,7 @@ static struct functable net_func[] = {
switch (opt) {
case 'h':
c->display_usage = true;
- break;
- case 'e':
- c->smb_encrypt = true;
+ set_cmdline_auth_info_password(c->auth_info, "");
break;
case 'I':
if (!interpret_string_addr(&c->opt_dest_ip,
@@ -700,15 +701,6 @@ static struct functable net_func[] = {
c->opt_have_ip = true;
}
break;
- case 'U':
- c->opt_user_specified = true;
- c->opt_user_name = SMB_STRDUP(c->opt_user_name);
- p = strchr(c->opt_user_name,'%');
- if (p) {
- *p = 0;
- c->opt_password = p+1;
- }
- break;
default:
d_fprintf(stderr, "\nInvalid option %s: %s\n",
poptBadOption(pc, 0), poptStrerror(opt));
@@ -742,10 +734,6 @@ static struct functable net_func[] = {
set_global_myname(c->opt_requester_name);
}
- if (!c->opt_user_name && getenv("LOGNAME")) {
- c->opt_user_name = getenv("LOGNAME");
- }
-
if (!c->opt_workgroup) {
c->opt_workgroup = smb_xstrdup(lp_workgroup());
}
@@ -763,17 +751,6 @@ static struct functable net_func[] = {
that it won't assert becouse we are not root */
sec_init();
- if (c->opt_machine_pass) {
- /* it is very useful to be able to make ads queries as the
- machine account for testing purposes and for domain leave */
-
- net_use_krb_machine_account(c);
- }
-
- if (!c->opt_password) {
- c->opt_password = getenv("PASSWD");
- }
-
rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
DEBUG(2,("return code = %d\n", rc));
diff --git a/source3/utils/net.h b/source3/utils/net.h
index d88f962..f604d96 100644
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -28,11 +28,8 @@
struct net_context {
const char *opt_requester_name;
const char *opt_host;
- const char *opt_password;
- const char *opt_user_name;
- bool opt_user_specified;
- const char *opt_workgroup;
int opt_long_list_entries;
+ const char *opt_workgroup;
int opt_reboot;
int opt_force;
int opt_stdin;
@@ -45,7 +42,6 @@ struct net_context {
int opt_timeout;
int opt_request_timeout;
const char *opt_target_workgroup;
- int opt_machine_pass;
int opt_localgroup;
int opt_domaingroup;
int do_talloc_report;
@@ -57,15 +53,14 @@ struct net_context {
const char *opt_exclude;
const char *opt_destination;
int opt_testmode;
- bool opt_kerberos;
int opt_force_full_repl;
int opt_single_obj_repl;
int opt_clean_old_entries;
int opt_have_ip;
struct sockaddr_storage opt_dest_ip;
- bool smb_encrypt;
struct libnetapi_ctx *netapi_ctx;
+ struct user_auth_info *auth_info;
bool display_usage;
void *private_data;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 8e927be..4503231 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -231,32 +231,22 @@ retry_connect:
ads = ads_init(realm, c->opt_target_workgroup, c->opt_host);
- if (!c->opt_user_name) {
- c->opt_user_name = "administrator";
- }
-
- if (c->opt_user_specified) {
- need_password = true;
- }
-
retry:
- if (!c->opt_password && need_password && !c->opt_machine_pass) {
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
- if (!c->opt_password) {
- ads_destroy(&ads);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
+ if (need_password) {
+ set_cmdline_auth_info_getpass(c->auth_info);
}
- if (c->opt_password) {
+ if (get_cmdline_auth_info_got_pass(c->auth_info)) {
use_in_memory_ccache();
SAFE_FREE(ads->auth.password);
- ads->auth.password = smb_xstrdup(c->opt_password);
+ ads->auth.password = smb_xstrdup(
+ get_cmdline_auth_info_password(c->auth_info));
}
ads->auth.flags |= auth_flags;
SAFE_FREE(ads->auth.user_name);
- ads->auth.user_name = smb_xstrdup(c->opt_user_name);
+ ads->auth.user_name = smb_xstrdup(
+ get_cmdline_auth_info_username(c->auth_info));
/*
* If the username is of the form "name at realm",
@@ -875,6 +865,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
TALLOC_CTX *ctx;
struct libnet_UnjoinCtx *r = NULL;
WERROR werr;
+ struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -893,7 +884,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
return -1;
}
- if (!c->opt_kerberos) {
+ if (!get_cmdline_auth_info_use_kerberos(ai)) {
use_in_memory_ccache();
}
@@ -903,12 +894,14 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
return -1;
}
+ set_cmdline_auth_info_getpass(ai);
+
r->in.debug = true;
- r->in.use_kerberos = c->opt_kerberos;
+ r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai);
r->in.dc_name = c->opt_host;
r->in.domain_name = lp_realm();
- r->in.admin_account = c->opt_user_name;
- r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
+ r->in.admin_account = get_cmdline_auth_info_username(ai);
+ r->in.admin_password = get_cmdline_auth_info_password(ai);
r->in.modify_config = lp_config_backend_is_registry();
r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
@@ -959,7 +952,7 @@ static NTSTATUS net_ads_join_ok(struct net_context *c)
return NT_STATUS_ACCESS_DENIED;
}
- net_use_krb_machine_account(c);
+ set_cmdline_auth_info_use_machine_account(c->auth_info);
status = ads_startup(c, true, &ads);
if (!ADS_ERR_OK(status)) {
@@ -1190,6 +1183,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
const char *os_name = NULL;
const char *os_version = NULL;
bool modify_config = lp_config_backend_is_registry();
+ struct user_auth_info *ai = c->auth_info;;
if (c->display_usage)
return net_ads_join_usage(c, argc, argv);
@@ -1209,7 +1203,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
goto fail;
}
- if (!c->opt_kerberos) {
+ if (!get_cmdline_auth_info_use_kerberos(ai)) {
use_in_memory_ccache();
}
@@ -1259,6 +1253,8 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
/* Do the domain join here */
+ set_cmdline_auth_info_getpass(ai);
+
r->in.domain_name = domain;
r->in.create_upn = createupn;
r->in.upn = machineupn;
@@ -1266,10 +1262,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
r->in.os_name = os_name;
r->in.os_version = os_version;
r->in.dc_name = c->opt_host;
- r->in.admin_account = c->opt_user_name;
- r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
+ r->in.admin_account = get_cmdline_auth_info_username(ai);
+ r->in.admin_password = get_cmdline_auth_info_password(ai);
r->in.debug = true;
- r->in.use_kerberos = c->opt_kerberos;
+ r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai);
r->in.modify_config = modify_config;
r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
@@ -1580,6 +1576,7 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
char *prt_dn, *srv_dn, **srv_cn;
char *srv_cn_escaped = NULL, *printername_escaped = NULL;
LDAPMessage *res = NULL;
+ struct user_auth_info *ai = c->auth_info;
if (argc < 1 || c->display_usage) {
d_printf("Usage:\n"
@@ -1611,8 +1608,9 @@ static int net_ads_printer_publish(struct net_context *c, int argc, const char *
nt_status = cli_full_connection(&cli, global_myname(), servername,
&server_ss, 0,
"IPC$", "IPC",
- c->opt_user_name, c->opt_workgroup,
- c->opt_password ? c->opt_password : "",
+ get_cmdline_auth_info_username(ai),
+ c->opt_workgroup,
+ get_cmdline_auth_info_password(ai),
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
@@ -1800,8 +1798,8 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv)
static int net_ads_password(struct net_context *c, int argc, const char **argv)
{
ADS_STRUCT *ads;
- const char *auth_principal = c->opt_user_name;
- const char *auth_password = c->opt_password;
+ const char *auth_principal;
+ const char *auth_password;
char *realm = NULL;
char *new_password = NULL;
char *chr, *prompt;
@@ -1816,10 +1814,9 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv)
return 0;
}
- if (c->opt_user_name == NULL || c->opt_password == NULL) {
- d_fprintf(stderr, "You must supply an administrator username/password\n");
- return -1;
- }
+ auth_principal = get_cmdline_auth_info_username(c->auth_info);
+ set_cmdline_auth_info_getpass(c->auth_info);
+ auth_password = get_cmdline_auth_info_password(c->auth_info);
if (argc < 1) {
d_fprintf(stderr, "ERROR: You must say which username to change password for\n");
@@ -1901,7 +1898,7 @@ int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)
return -1;
}
- net_use_krb_machine_account(c);
+ set_cmdline_auth_info_use_machine_account(c->auth_info);
use_in_memory_ccache();
@@ -2283,6 +2280,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
TALLOC_CTX *mem_ctx = NULL;
NTSTATUS status;
int ret = -1;
+ struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -2296,11 +2294,11 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
goto out;
}
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
+ set_cmdline_auth_info_getpass(ai);
status = kerberos_return_pac(mem_ctx,
- c->opt_user_name,
- c->opt_password,
+ get_cmdline_auth_info_username(ai),
+ get_cmdline_auth_info_password(ai),
0,
NULL,
NULL,
@@ -2333,6 +2331,7 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **
TALLOC_CTX *mem_ctx = NULL;
int ret = -1;
NTSTATUS status;
+ struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -2346,10 +2345,10 @@ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **
goto out;
}
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
+ set_cmdline_auth_info_getpass(ai);
- ret = kerberos_kinit_password_ext(c->opt_user_name,
- c->opt_password,
+ ret = kerberos_kinit_password_ext(get_cmdline_auth_info_username(ai),
+ get_cmdline_auth_info_password(ai),
0,
NULL,
NULL,
diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c
index 4010797..a13f52c 100644
--- a/source3/utils/net_dom.c
+++ b/source3/utils/net_dom.c
@@ -368,9 +368,11 @@ int net_dom(struct net_context *c, int argc, const char **argv)
return -1;
}
- libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
- libnetapi_set_password(c->netapi_ctx, c->opt_password);
- if (c->opt_kerberos) {
+ libnetapi_set_username(c->netapi_ctx,
+ get_cmdline_auth_info_username(c->auth_info));
+ libnetapi_set_password(c->netapi_ctx,
+ get_cmdline_auth_info_password(c->auth_info));
+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c
index 0502373..5a17079 100644
--- a/source3/utils/net_help.c
+++ b/source3/utils/net_help.c
@@ -65,5 +65,6 @@ int net_help(struct net_context *c, int argc, const char **argv)
}
c->display_usage = true;
+ set_cmdline_auth_info_password(c->auth_info, "");
return net_run_function(c, argc, argv, "net help", func);
}
diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
index 75ac032..8a09147 100644
--- a/source3/utils/net_proto.h
+++ b/source3/utils/net_proto.h
@@ -459,8 +459,6 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
struct rpc_pipe_client **pp_pipe_hnd,
const struct ndr_syntax_id *interface);
-int net_use_krb_machine_account(struct net_context *c);
-int net_use_machine_account(struct net_context *c);
bool net_find_server(struct net_context *c,
const char *domain,
unsigned flags,
@@ -475,7 +473,6 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
const char *server,
struct sockaddr_storage *pss,
unsigned flags, struct cli_state **pcli);
-const char *net_prompt_pass(struct net_context *c, const char *user);
int net_run_function(struct net_context *c, int argc, const char **argv,
const char *whoami, struct functable *table);
void net_display_usage_from_functable(struct functable *table);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 3a1aeb0..fab83da 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -24,7 +24,8 @@
#include "utils/net.h"
static int net_mode_share;
-static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
+static bool sync_files(struct copy_clistate *cp_clistate, const char *mask,
+ const struct user_auth_info *auth_info);
/**
* @file net_rpc.c
@@ -121,6 +122,7 @@ int run_rpc_command(struct net_context *c,
DOM_SID *domain_sid;
const char *domain_name;
int ret = -1;
+ struct user_auth_info *ai = c->auth_info;
/* make use of cli_state handed over as an argument, if possible */
if (!cli_arg) {
@@ -170,8 +172,10 @@ int run_rpc_command(struct net_context *c,
nt_status = cli_rpc_pipe_open_ntlmssp(
cli, interface,
PIPE_AUTH_LEVEL_PRIVACY,
- lp_workgroup(), c->opt_user_name,
- c->opt_password, &pipe_hnd);
+ lp_workgroup(),
+ get_cmdline_auth_info_username(ai),
+ get_cmdline_auth_info_password(ai),
+ &pipe_hnd);
} else {
nt_status = cli_rpc_pipe_open_noauth(
cli, interface,
@@ -939,9 +943,12 @@ int net_rpc_user(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
- libnetapi_set_password(c->netapi_ctx, c->opt_password);
- if (c->opt_kerberos) {
+ set_cmdline_auth_info_getpass(c->auth_info);
+ libnetapi_set_username(c->netapi_ctx,
+ get_cmdline_auth_info_username(c->auth_info));
+ libnetapi_set_password(c->netapi_ctx,
+ get_cmdline_auth_info_password(c->auth_info));
+ if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
@@ -2755,9 +2762,12 @@ int net_rpc_group(struct net_context *c, int argc, const char **argv)
if (status != 0) {
return -1;
}
- libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
- libnetapi_set_password(c->netapi_ctx, c->opt_password);
- if (c->opt_kerberos) {
+ set_cmdline_auth_info_getpass(c->auth_info);
+ libnetapi_set_username(c->netapi_ctx,
--
Samba Shared Repository
More information about the samba-cvs
mailing list