bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info *auth_info)
{
char *pass = NULL;
char *account = NULL;
if (!get_cmdline_auth_info_use_machine_account(auth_info)) {
return false;
}
if (!secrets_init()) {
d_printf("ERROR: Unable to open secrets database\n");
return false;
}
if (asprintf(&account, "%s$@%s", lp_netbios_name(), lp_realm()) < 0) {
return false;
}
pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
if (!pass) {
d_printf("ERROR: Unable to fetch machine password for "
"%s in domain %s\n",
account, lp_workgroup());
SAFE_FREE(account);
return false;
}
set_cmdline_auth_info_username(auth_info, account);
set_cmdline_auth_info_password(auth_info, pass);
SAFE_FREE(account);
SAFE_FREE(pass);
return true;
}
static void get_credentials_file(struct user_auth_info *auth_info,
const char *file)
{
XFILE *auth;
fstring buf;
uint16 len = 0;
char *ptr, *val, *param;
if ((auth=x_fopen(file, O_RDONLY, 0)) == NULL)
{
/* fail if we can't open the credentials file */
d_printf("ERROR: Unable to open credentials file!\n");
exit(-1);
}
while (!x_feof(auth))
{
/* get a line from the file */
if (!x_fgets(buf, sizeof(buf), auth))
continue;
len = strlen(buf);
if ((len) && (buf[len-1]=='\n'))
{
buf[len-1] = '\0';
len--;
}
if (len == 0)
continue;
/* break up the line into parameter & value.
* will need to eat a little whitespace possibly */
param = buf;
if (!(ptr = strchr_m (buf, '=')))
continue;
val = ptr+1;
*ptr = '\0';
/* eat leading white space */
while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
val++;
if (strwicmp("password", param) == 0) {
set_cmdline_auth_info_password(auth_info, val);
} else if (strwicmp("username", param) == 0) {
set_cmdline_auth_info_username(auth_info, val);
} else if (strwicmp("domain", param) == 0) {
set_cmdline_auth_info_domain(auth_info, val);
}
memset(buf, 0, sizeof(buf));
}
x_fclose(auth);
}
static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx,
const char *server_name,
struct cli_state **cli)
{
struct user_auth_info *auth_info = NULL;
struct cli_state *cli_ipc = NULL;
if (!ctx || !cli || !server_name) {
return WERR_INVALID_PARAM;
}
auth_info = user_auth_info_init(NULL);
if (!auth_info) {
return WERR_NOMEM;
}
auth_info->signing_state = Undefined;
set_cmdline_auth_info_use_kerberos(auth_info, ctx->use_kerberos);
set_cmdline_auth_info_username(auth_info, ctx->username);
if (ctx->password) {
set_cmdline_auth_info_password(auth_info, ctx->password);
} else {
set_cmdline_auth_info_getpass(auth_info);
}
if (ctx->username && ctx->username[0] &&
ctx->password && ctx->password[0] &&
ctx->use_kerberos) {
set_cmdline_auth_info_fallback_after_kerberos(auth_info, true);
}
cli_ipc = cli_cm_open(ctx, NULL,
server_name, "IPC$",
auth_info,
false, false,
PROTOCOL_NT1,
0, 0x20);
if (cli_ipc) {
cli_set_username(cli_ipc, ctx->username);
cli_set_password(cli_ipc, ctx->password);
cli_set_domain(cli_ipc, ctx->workgroup);
}
TALLOC_FREE(auth_info);
if (!cli_ipc) {
libnetapi_set_error_string(ctx,
"Failed to connect to IPC$ share on %s", server_name);
return WERR_CAN_NOT_COMPLETE;
}
*cli = cli_ipc;
return WERR_OK;
}
static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx,
const char *server_name,
struct client_ipc_connection **pp)
{
struct libnetapi_private_ctx *priv_ctx;
struct user_auth_info *auth_info = NULL;
struct cli_state *cli_ipc = NULL;
struct client_ipc_connection *p;
NTSTATUS status;
if (!ctx || !pp || !server_name) {
return WERR_INVALID_PARAM;
}
priv_ctx = (struct libnetapi_private_ctx *)ctx->private_data;
p = ipc_cm_find(priv_ctx, server_name);
if (p) {
*pp = p;
return WERR_OK;
}
auth_info = user_auth_info_init(ctx);
if (!auth_info) {
return WERR_NOMEM;
}
auth_info->signing_state = SMB_SIGNING_DEFAULT;
set_cmdline_auth_info_use_kerberos(auth_info, ctx->use_kerberos);
set_cmdline_auth_info_username(auth_info, ctx->username);
if (ctx->password) {
set_cmdline_auth_info_password(auth_info, ctx->password);
} else {
set_cmdline_auth_info_getpass(auth_info);
}
if (ctx->username && ctx->username[0] &&
ctx->password && ctx->password[0] &&
ctx->use_kerberos) {
set_cmdline_auth_info_fallback_after_kerberos(auth_info, true);
}
if (ctx->use_ccache) {
set_cmdline_auth_info_use_ccache(auth_info, true);
}
status = cli_cm_open(ctx, NULL,
server_name, "IPC$",
auth_info,
false, false,
PROTOCOL_NT1,
0, 0x20, &cli_ipc);
if (NT_STATUS_IS_OK(status)) {
cli_set_username(cli_ipc, ctx->username);
cli_set_password(cli_ipc, ctx->password);
cli_set_domain(cli_ipc, ctx->workgroup);
} else {
cli_ipc = NULL;
}
TALLOC_FREE(auth_info);
if (!cli_ipc) {
libnetapi_set_error_string(ctx,
"Failed to connect to IPC$ share on %s", server_name);
return WERR_CAN_NOT_COMPLETE;
}
p = talloc_zero(ctx, struct client_ipc_connection);
if (p == NULL) {
return WERR_NOMEM;
}
p->cli = cli_ipc;
DLIST_ADD(priv_ctx->ipc_connections, p);
*pp = p;
return WERR_OK;
}
static void popt_common_credentials_callback(poptContext con,
enum poptCallbackReason reason,
const struct poptOption *opt,
const char *arg, const void *data)
{
struct user_auth_info *auth_info = talloc_get_type_abort(
*((const char **)data), struct user_auth_info);
char *p;
if (reason == POPT_CALLBACK_REASON_PRE) {
set_cmdline_auth_info_username(auth_info, "GUEST");
if (getenv("LOGNAME")) {
set_cmdline_auth_info_username(auth_info,
getenv("LOGNAME"));
}
if (getenv("USER")) {
char *puser = SMB_STRDUP(getenv("USER"));
if (!puser) {
exit(ENOMEM);
}
set_cmdline_auth_info_username(auth_info, puser);
}
if (getenv("PASSWD")) {
set_cmdline_auth_info_password(auth_info,
getenv("PASSWD"));
}
if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
get_password_file(auth_info);
}
return;
}
switch(opt->val) {
case 'U':
{
char *lp;
char *puser = SMB_STRDUP(arg);
if ((lp=strchr_m(puser,'%'))) {
size_t len;
*lp = '\0';
set_cmdline_auth_info_username(auth_info,
puser);
set_cmdline_auth_info_password(auth_info,
lp+1);
len = strlen(lp+1);
memset(lp + 1, '\0', len);
} else {
set_cmdline_auth_info_username(auth_info,
puser);
}
SAFE_FREE(puser);
}
break;
case 'A':
get_credentials_file(auth_info, arg);
break;
case 'k':
#ifndef HAVE_KRB5
d_printf("No kerberos support compiled in\n");
exit(1);
#else
set_cmdline_auth_info_use_krb5_ticket(auth_info);
#endif
break;
case 'S':
if (!set_cmdline_auth_info_signing_state(auth_info, arg)) {
fprintf(stderr, "Unknown signing option %s\n", arg );
exit(1);
}
break;
case 'P':
set_cmdline_auth_info_use_machine_account(auth_info);
break;
case 'N':
set_cmdline_auth_info_password(auth_info, "");
break;
case 'e':
set_cmdline_auth_info_smb_encrypt(auth_info);
break;
case 'C':
set_cmdline_auth_info_use_ccache(auth_info, true);
break;
case 'H':
set_cmdline_auth_info_use_pw_nt_hash(auth_info, true);
break;
}
}
