Hi,
I'm working to cleaning up the mess we have with our client cmdline UI [1].
Currently we have a source3 and a source4 parsing implementation. I have
rewritten the command line parsing code. The only real difference between the
two is only how the config file is loaded. So I created a s3 and s4 config
loader and that's it.
The big change is that we need new options to fix a lot of issues face: The
biggest change is probably about Kerberos:
--use-kerberos=yes|auto|no
New is that we have options to correctly request signing and encryption:
--gensec-client-protection=plain|sign|seal
--smb-signing=off|if_required|desired|required
--smb-ipc-signing=off|if_required|desired|required
--smb-encryption=off|if_required|desired|required
You can find the code at [2].
NOTE that this is still work in progress and no all the stuff is
wired correctly yet!
But I wanted to show you what I'm working on and you can comment. Using that
parser will break the command line options for **all** client tools. But I
think it is worth the effort, see [1].
Attached is the output of
smbclient --help
which I just migrated to give you a full example of the new parser.
Feedback is welcome :-)
Andreas
[1] https://sambaxp.org/archive_data/sxp19/SambaXP2019-SLIDES/dbagnall-what-should-we-do-with-our-ui.pdf
[2] https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-cli-creds
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
-------------- next part --------------
Usage: smbclient [OPTIONS] service <password>
-R, --name-resolve=NAME-RESOLVE-ORDER Use these name
resolution
services only
-M, --message=HOST Send message
-I, --ip-address=IP Use this IP to
connect to
-E, --stderr Write messages to
stderr instead of
stdout
-L, --list=HOST Get a list of
shares available
on a host
-T, --tar=<c|x>IXFvgbNan Command line tar
-D, --directory=DIR Start from
directory
-c, --command=STRING Execute semicolon
separated commands
-b, --send-buffer=BYTES Changes the
transmit/send
buffer
-t, --timeout=SECONDS Changes the
per-operation
timeout
-p, --port=PORT Port to connect to
-g, --grepable Produce grepable
output
-q, --quiet Suppress help
message
-B, --browse Browse SMB
servers using DNS
Help options:
-?, --help Show this help
message
--usage Display brief
usage message
Common Samba options:
-d, --debuglevel=DEBUGLEVEL Set debug level
--debug-stderr Send debug output
to STDERR
-s, --configfile=CONFIGFILE Use alternative
configuration file
--option=name=value Set smb.conf
option from
command line
-l, --log-basename=LOGFILEBASE Basename for
log/debug files
--leak-report enable talloc
leak reporting on
exit
--leak-report-full enable full
talloc leak
reporting on exit
Connection options:
-R, --name-resolve=NAME-RESOLVE-ORDER Use these name
resolution
services only
-O, --socket-options=SOCKETOPTIONS socket options to
use
-n, --netbiosname=NETBIOSNAME Primary netbios
name
-W, --workgroup=WORKGROUP Set the workgroup
name
--realm=REALM Set the realm name
-i, --scope=SCOPE Use this Netbios
scope
-m, --maxprotocol=MAXPROTOCOL Set max protocol
level
Credential options:
-U, --user=[DOMAIN/]USERNAME[%PASSWORD] Set the network
username
-N, --no-pass Don't ask for a
password
--password=STRING Password
-A, --authentication-file=FILE Get the
credentials from
a file
-P, --machine-pass Use stored
machine account
password
--simple-bind-dn=DN DN to use for a
simple bind
--use-kerberos=yes|auto|no|default Use Kerberos
authentication
--use-krb5-ccache=CCACHE Credentials cache
location for
Kerberos
-C, --use-winbind-ccache Use the winbind
ccache for
authentication
--gensec-client-protection=plain|sign|seal Configure gensec
client protection
--smb-signing=off|if_required|desired|required Configure SMB
singing
--smb-ipc-signing=off|if_required|desired|required Configure SMB
singing
--smb-encryption=off|if_required|desired|required Configure SMB
encrpytion
Version options:
-V, --version Print version