NTSTATUS connect_to_ipc_krb5(struct net_context *c,
struct cli_state **cli_ctx,
struct sockaddr_storage *server_ss,
const char *server_name)
{
NTSTATUS nt_status;
char *user_and_realm = NULL;
/* FIXME: Should get existing kerberos ticket if possible. */
c->opt_password = net_prompt_pass(c, c->opt_user_name);
if (!c->opt_password) {
return NT_STATUS_NO_MEMORY;
}
user_and_realm = get_user_and_realm(c->opt_user_name);
if (!user_and_realm) {
return NT_STATUS_NO_MEMORY;
}
nt_status = cli_full_connection(cli_ctx, NULL, server_name,
server_ss, c->opt_port,
"IPC$", "IPC",
user_and_realm, c->opt_workgroup,
c->opt_password,
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined);
SAFE_FREE(user_and_realm);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status)));
return nt_status;
}
if (c->smb_encrypt) {
nt_status = cli_cm_force_encryption(*cli_ctx,
user_and_realm,
c->opt_password,
c->opt_workgroup,
"IPC$");
if (!NT_STATUS_IS_OK(nt_status)) {
cli_shutdown(*cli_ctx);
*cli_ctx = NULL;
}
}
return nt_status;
}
NTSTATUS connect_to_ipc_krb5(struct cli_state **c,
struct sockaddr_storage *server_ss,
const char *server_name)
{
NTSTATUS nt_status;
char *user_and_realm = NULL;
opt_password = net_prompt_pass(opt_user_name);
if (!opt_password) {
return NT_STATUS_NO_MEMORY;
}
user_and_realm = get_user_and_realm(opt_user_name);
if (!user_and_realm) {
return NT_STATUS_NO_MEMORY;
}
nt_status = cli_full_connection(c, NULL, server_name,
server_ss, opt_port,
"IPC$", "IPC",
user_and_realm, opt_workgroup,
opt_password, CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
SAFE_FREE(user_and_realm);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status)));
return nt_status;
}
if (smb_encrypt) {
nt_status = cli_cm_force_encryption(*c,
user_and_realm,
opt_password,
opt_workgroup,
"IPC$");
if (!NT_STATUS_IS_OK(nt_status)) {
cli_shutdown(*c);
*c = NULL;
}
}
return nt_status;
}
/**
* @brief Set the authorised user for winbindd access in secrets.tdb
*/
static int net_setauthuser(struct net_context *c, int argc, const char **argv)
{
const char *password = NULL;
if (!secrets_init()) {
d_fprintf(stderr, _("Failed to open secrets.tdb.\n"));
return 1;
}
/* Delete the settings. */
if (argc >= 1) {
if (strncmp(argv[0], "delete", 6) != 0) {
d_fprintf(stderr,_("Usage:\n"));
d_fprintf(stderr,
_(" net setauthuser -U user[%%password] \n"
" Set the auth user account to user"
"password. Prompt for password if not "
"specified.\n"));
d_fprintf(stderr,
_(" net setauthuser delete\n"
" Delete the auth user setting.\n"));
return 1;
}
secrets_delete(SECRETS_AUTH_USER);
secrets_delete(SECRETS_AUTH_DOMAIN);
secrets_delete(SECRETS_AUTH_PASSWORD);
return 0;
}
if (!c->opt_user_specified) {
d_fprintf(stderr, _("Usage:\n"));
d_fprintf(stderr,
_(" net setauthuser -U user[%%password]\n"
" Set the auth user account to user"
"password. Prompt for password if not "
"specified.\n"));
d_fprintf(stderr,
_(" net setauthuser delete\n"
" Delete the auth user setting.\n"));
return 1;
}
password = net_prompt_pass(c, _("the auth user"));
if (password == NULL) {
d_fprintf(stderr,_("Failed to get the auth users password.\n"));
return 1;
}
if (!secrets_store(SECRETS_AUTH_USER, c->opt_user_name,
strlen(c->opt_user_name) + 1)) {
d_fprintf(stderr, _("error storing auth user name\n"));
return 1;
}
if (!secrets_store(SECRETS_AUTH_DOMAIN, c->opt_workgroup,
strlen(c->opt_workgroup) + 1)) {
d_fprintf(stderr, _("error storing auth user domain\n"));
return 1;
}
if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
strlen(password) + 1)) {
d_fprintf(stderr, _("error storing auth user password\n"));
return 1;
}
return 0;
}
NTSTATUS connect_to_service(struct net_context *c,
struct cli_state **cli_ctx,
struct sockaddr_storage *server_ss,
const char *server_name,
const char *service_name,
const char *service_type)
{
NTSTATUS nt_status;
int flags = 0;
c->opt_password = net_prompt_pass(c, c->opt_user_name);
if (c->opt_kerberos) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
}
if (c->opt_kerberos && c->opt_password) {
flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
if (c->opt_ccache) {
flags |= CLI_FULL_CONNECTION_USE_CCACHE;
}
nt_status = cli_full_connection(cli_ctx, NULL, server_name,
server_ss, c->opt_port,
service_name, service_type,
c->opt_user_name, c->opt_workgroup,
c->opt_password, flags, Undefined);
if (!NT_STATUS_IS_OK(nt_status)) {
d_fprintf(stderr, _("Could not connect to server %s\n"),
server_name);
/* Display a nicer message depending on the result */
if (NT_STATUS_V(nt_status) ==
NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
d_fprintf(stderr,
_("The username or password was not "
"correct.\n"));
if (NT_STATUS_V(nt_status) ==
NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
d_fprintf(stderr, _("The account was locked out.\n"));
if (NT_STATUS_V(nt_status) ==
NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
d_fprintf(stderr, _("The account was disabled.\n"));
return nt_status;
}
if (c->smb_encrypt) {
nt_status = cli_force_encryption(*cli_ctx,
c->opt_user_name,
c->opt_password,
c->opt_workgroup);
if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) {
d_printf(_("Encryption required and "
"server that doesn't support "
"UNIX extensions - failing connect\n"));
} else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNKNOWN_REVISION)) {
d_printf(_("Encryption required and "
"can't get UNIX CIFS extensions "
"version from server.\n"));
} else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
d_printf(_("Encryption required and "
"share %s doesn't support "
"encryption.\n"), service_name);
} else if (!NT_STATUS_IS_OK(nt_status)) {
d_printf(_("Encryption required and "
"setup failed with error %s.\n"),
nt_errstr(nt_status));
}
if (!NT_STATUS_IS_OK(nt_status)) {
cli_shutdown(*cli_ctx);
*cli_ctx = NULL;
}
}
return nt_status;
}
NTSTATUS connect_to_service(struct cli_state **c,
struct sockaddr_storage *server_ss,
const char *server_name,
const char *service_name,
const char *service_type)
{
NTSTATUS nt_status;
opt_password = net_prompt_pass(opt_user_name);
if (!opt_password) {
return NT_STATUS_NO_MEMORY;
}
nt_status = cli_full_connection(c, NULL, server_name,
server_ss, opt_port,
service_name, service_type,
opt_user_name, opt_workgroup,
opt_password, 0, Undefined, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
d_fprintf(stderr, "Could not connect to server %s\n", server_name);
/* Display a nicer message depending on the result */
if (NT_STATUS_V(nt_status) ==
NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
d_fprintf(stderr, "The username or password was not correct.\n");
if (NT_STATUS_V(nt_status) ==
NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
d_fprintf(stderr, "The account was locked out.\n");
if (NT_STATUS_V(nt_status) ==
NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
d_fprintf(stderr, "The account was disabled.\n");
return nt_status;
}
if (smb_encrypt) {
nt_status = cli_force_encryption(*c,
opt_user_name,
opt_password,
opt_workgroup);
if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) {
d_printf("Encryption required and "
"server that doesn't support "
"UNIX extensions - failing connect\n");
} else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNKNOWN_REVISION)) {
d_printf("Encryption required and "
"can't get UNIX CIFS extensions "
"version from server.\n");
} else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
d_printf("Encryption required and "
"share %s doesn't support "
"encryption.\n", service_name);
} else if (!NT_STATUS_IS_OK(nt_status)) {
d_printf("Encryption required and "
"setup failed with error %s.\n",
nt_errstr(nt_status));
}
if (!NT_STATUS_IS_OK(nt_status)) {
cli_shutdown(*c);
*c = NULL;
}
}
return nt_status;
}
