NTSTATUS connect_to_ipc_krb5(struct net_context *c, struct cli_state **cli_ctx, struct sockaddr_storage *server_ss, const char *server_name) { NTSTATUS nt_status; char *user_and_realm = NULL; /* FIXME: Should get existing kerberos ticket if possible. */ c->opt_password = net_prompt_pass(c, c->opt_user_name); if (!c->opt_password) { return NT_STATUS_NO_MEMORY; } user_and_realm = get_user_and_realm(c->opt_user_name); if (!user_and_realm) { return NT_STATUS_NO_MEMORY; } nt_status = cli_full_connection(cli_ctx, NULL, server_name, server_ss, c->opt_port, "IPC$", "IPC", user_and_realm, c->opt_workgroup, c->opt_password, CLI_FULL_CONNECTION_USE_KERBEROS, Undefined); SAFE_FREE(user_and_realm); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status))); return nt_status; } if (c->smb_encrypt) { nt_status = cli_cm_force_encryption(*cli_ctx, user_and_realm, c->opt_password, c->opt_workgroup, "IPC$"); if (!NT_STATUS_IS_OK(nt_status)) { cli_shutdown(*cli_ctx); *cli_ctx = NULL; } } return nt_status; }
NTSTATUS connect_to_ipc_krb5(struct cli_state **c, struct sockaddr_storage *server_ss, const char *server_name) { NTSTATUS nt_status; char *user_and_realm = NULL; opt_password = net_prompt_pass(opt_user_name); if (!opt_password) { return NT_STATUS_NO_MEMORY; } user_and_realm = get_user_and_realm(opt_user_name); if (!user_and_realm) { return NT_STATUS_NO_MEMORY; } nt_status = cli_full_connection(c, NULL, server_name, server_ss, opt_port, "IPC$", "IPC", user_and_realm, opt_workgroup, opt_password, CLI_FULL_CONNECTION_USE_KERBEROS, Undefined, NULL); SAFE_FREE(user_and_realm); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status))); return nt_status; } if (smb_encrypt) { nt_status = cli_cm_force_encryption(*c, user_and_realm, opt_password, opt_workgroup, "IPC$"); if (!NT_STATUS_IS_OK(nt_status)) { cli_shutdown(*c); *c = NULL; } } return nt_status; }
/** * @brief Set the authorised user for winbindd access in secrets.tdb */ static int net_setauthuser(struct net_context *c, int argc, const char **argv) { const char *password = NULL; if (!secrets_init()) { d_fprintf(stderr, _("Failed to open secrets.tdb.\n")); return 1; } /* Delete the settings. */ if (argc >= 1) { if (strncmp(argv[0], "delete", 6) != 0) { d_fprintf(stderr,_("Usage:\n")); d_fprintf(stderr, _(" net setauthuser -U user[%%password] \n" " Set the auth user account to user" "password. Prompt for password if not " "specified.\n")); d_fprintf(stderr, _(" net setauthuser delete\n" " Delete the auth user setting.\n")); return 1; } secrets_delete(SECRETS_AUTH_USER); secrets_delete(SECRETS_AUTH_DOMAIN); secrets_delete(SECRETS_AUTH_PASSWORD); return 0; } if (!c->opt_user_specified) { d_fprintf(stderr, _("Usage:\n")); d_fprintf(stderr, _(" net setauthuser -U user[%%password]\n" " Set the auth user account to user" "password. Prompt for password if not " "specified.\n")); d_fprintf(stderr, _(" net setauthuser delete\n" " Delete the auth user setting.\n")); return 1; } password = net_prompt_pass(c, _("the auth user")); if (password == NULL) { d_fprintf(stderr,_("Failed to get the auth users password.\n")); return 1; } if (!secrets_store(SECRETS_AUTH_USER, c->opt_user_name, strlen(c->opt_user_name) + 1)) { d_fprintf(stderr, _("error storing auth user name\n")); return 1; } if (!secrets_store(SECRETS_AUTH_DOMAIN, c->opt_workgroup, strlen(c->opt_workgroup) + 1)) { d_fprintf(stderr, _("error storing auth user domain\n")); return 1; } if (!secrets_store(SECRETS_AUTH_PASSWORD, password, strlen(password) + 1)) { d_fprintf(stderr, _("error storing auth user password\n")); return 1; } return 0; }
NTSTATUS connect_to_service(struct net_context *c, struct cli_state **cli_ctx, struct sockaddr_storage *server_ss, const char *server_name, const char *service_name, const char *service_type) { NTSTATUS nt_status; int flags = 0; c->opt_password = net_prompt_pass(c, c->opt_user_name); if (c->opt_kerberos) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS; } if (c->opt_kerberos && c->opt_password) { flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } if (c->opt_ccache) { flags |= CLI_FULL_CONNECTION_USE_CCACHE; } nt_status = cli_full_connection(cli_ctx, NULL, server_name, server_ss, c->opt_port, service_name, service_type, c->opt_user_name, c->opt_workgroup, c->opt_password, flags, Undefined); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, _("Could not connect to server %s\n"), server_name); /* Display a nicer message depending on the result */ if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_LOGON_FAILURE)) d_fprintf(stderr, _("The username or password was not " "correct.\n")); if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT)) d_fprintf(stderr, _("The account was locked out.\n")); if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED)) d_fprintf(stderr, _("The account was disabled.\n")); return nt_status; } if (c->smb_encrypt) { nt_status = cli_force_encryption(*cli_ctx, c->opt_user_name, c->opt_password, c->opt_workgroup); if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) { d_printf(_("Encryption required and " "server that doesn't support " "UNIX extensions - failing connect\n")); } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNKNOWN_REVISION)) { d_printf(_("Encryption required and " "can't get UNIX CIFS extensions " "version from server.\n")); } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNSUPPORTED_COMPRESSION)) { d_printf(_("Encryption required and " "share %s doesn't support " "encryption.\n"), service_name); } else if (!NT_STATUS_IS_OK(nt_status)) { d_printf(_("Encryption required and " "setup failed with error %s.\n"), nt_errstr(nt_status)); } if (!NT_STATUS_IS_OK(nt_status)) { cli_shutdown(*cli_ctx); *cli_ctx = NULL; } } return nt_status; }
NTSTATUS connect_to_service(struct cli_state **c, struct sockaddr_storage *server_ss, const char *server_name, const char *service_name, const char *service_type) { NTSTATUS nt_status; opt_password = net_prompt_pass(opt_user_name); if (!opt_password) { return NT_STATUS_NO_MEMORY; } nt_status = cli_full_connection(c, NULL, server_name, server_ss, opt_port, service_name, service_type, opt_user_name, opt_workgroup, opt_password, 0, Undefined, NULL); if (!NT_STATUS_IS_OK(nt_status)) { d_fprintf(stderr, "Could not connect to server %s\n", server_name); /* Display a nicer message depending on the result */ if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_LOGON_FAILURE)) d_fprintf(stderr, "The username or password was not correct.\n"); if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT)) d_fprintf(stderr, "The account was locked out.\n"); if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED)) d_fprintf(stderr, "The account was disabled.\n"); return nt_status; } if (smb_encrypt) { nt_status = cli_force_encryption(*c, opt_user_name, opt_password, opt_workgroup); if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) { d_printf("Encryption required and " "server that doesn't support " "UNIX extensions - failing connect\n"); } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNKNOWN_REVISION)) { d_printf("Encryption required and " "can't get UNIX CIFS extensions " "version from server.\n"); } else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNSUPPORTED_COMPRESSION)) { d_printf("Encryption required and " "share %s doesn't support " "encryption.\n", service_name); } else if (!NT_STATUS_IS_OK(nt_status)) { d_printf("Encryption required and " "setup failed with error %s.\n", nt_errstr(nt_status)); } if (!NT_STATUS_IS_OK(nt_status)) { cli_shutdown(*c); *c = NULL; } } return nt_status; }