bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info *auth_info) { char *pass = NULL; char *account = NULL; if (!get_cmdline_auth_info_use_machine_account(auth_info)) { return false; } if (!secrets_init()) { d_printf("ERROR: Unable to open secrets database\n"); return false; } if (asprintf(&account, "%s$@%s", lp_netbios_name(), lp_realm()) < 0) { return false; } pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); if (!pass) { d_printf("ERROR: Unable to fetch machine password for " "%s in domain %s\n", account, lp_workgroup()); SAFE_FREE(account); return false; } set_cmdline_auth_info_username(auth_info, account); set_cmdline_auth_info_password(auth_info, pass); SAFE_FREE(account); SAFE_FREE(pass); return true; }
static struct cli_state *connect_one(const char *share) { struct cli_state *c; struct sockaddr_storage ss; NTSTATUS nt_status; uint32_t flags = 0; zero_sockaddr(&ss); if (get_cmdline_auth_info_use_machine_account() && !set_cmdline_auth_info_machine_account_creds()) { return NULL; } if (get_cmdline_auth_info_use_kerberos()) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } if (!get_cmdline_auth_info_got_pass()) { char *pass = getpass("Password: "******"?????", get_cmdline_auth_info_username(), lp_workgroup(), get_cmdline_auth_info_password(), flags, get_cmdline_auth_info_signing_state(), NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); return NULL; } if (get_cmdline_auth_info_smb_encrypt()) { nt_status = cli_cm_force_encryption(c, get_cmdline_auth_info_username(), get_cmdline_auth_info_password(), lp_workgroup(), share); if (!NT_STATUS_IS_OK(nt_status)) { cli_shutdown(c); return NULL; } } return c; }
static void get_credentials_file(struct user_auth_info *auth_info, const char *file) { XFILE *auth; fstring buf; uint16 len = 0; char *ptr, *val, *param; if ((auth=x_fopen(file, O_RDONLY, 0)) == NULL) { /* fail if we can't open the credentials file */ d_printf("ERROR: Unable to open credentials file!\n"); exit(-1); } while (!x_feof(auth)) { /* get a line from the file */ if (!x_fgets(buf, sizeof(buf), auth)) continue; len = strlen(buf); if ((len) && (buf[len-1]=='\n')) { buf[len-1] = '\0'; len--; } if (len == 0) continue; /* break up the line into parameter & value. * will need to eat a little whitespace possibly */ param = buf; if (!(ptr = strchr_m (buf, '='))) continue; val = ptr+1; *ptr = '\0'; /* eat leading white space */ while ((*val!='\0') && ((*val==' ') || (*val=='\t'))) val++; if (strwicmp("password", param) == 0) { set_cmdline_auth_info_password(auth_info, val); } else if (strwicmp("username", param) == 0) { set_cmdline_auth_info_username(auth_info, val); } else if (strwicmp("domain", param) == 0) { set_cmdline_auth_info_domain(auth_info, val); } memset(buf, 0, sizeof(buf)); } x_fclose(auth); }
static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx, const char *server_name, struct cli_state **cli) { struct user_auth_info *auth_info = NULL; struct cli_state *cli_ipc = NULL; if (!ctx || !cli || !server_name) { return WERR_INVALID_PARAM; } auth_info = user_auth_info_init(NULL); if (!auth_info) { return WERR_NOMEM; } auth_info->signing_state = Undefined; set_cmdline_auth_info_use_kerberos(auth_info, ctx->use_kerberos); set_cmdline_auth_info_username(auth_info, ctx->username); if (ctx->password) { set_cmdline_auth_info_password(auth_info, ctx->password); } else { set_cmdline_auth_info_getpass(auth_info); } if (ctx->username && ctx->username[0] && ctx->password && ctx->password[0] && ctx->use_kerberos) { set_cmdline_auth_info_fallback_after_kerberos(auth_info, true); } cli_ipc = cli_cm_open(ctx, NULL, server_name, "IPC$", auth_info, false, false, PROTOCOL_NT1, 0, 0x20); if (cli_ipc) { cli_set_username(cli_ipc, ctx->username); cli_set_password(cli_ipc, ctx->password); cli_set_domain(cli_ipc, ctx->workgroup); } TALLOC_FREE(auth_info); if (!cli_ipc) { libnetapi_set_error_string(ctx, "Failed to connect to IPC$ share on %s", server_name); return WERR_CAN_NOT_COMPLETE; } *cli = cli_ipc; return WERR_OK; }
void set_cmdline_auth_info_getpass(struct user_auth_info *auth_info) { char *label = NULL; char *pass; TALLOC_CTX *frame; if (get_cmdline_auth_info_got_pass(auth_info) || get_cmdline_auth_info_use_kerberos(auth_info)) { /* Already got one... */ return; } frame = talloc_stackframe(); label = talloc_asprintf(frame, "Enter %s's password: ", get_cmdline_auth_info_username(auth_info)); pass = getpass(label); if (pass) { set_cmdline_auth_info_password(auth_info, pass); } TALLOC_FREE(frame); }
static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx, const char *server_name, struct client_ipc_connection **pp) { struct libnetapi_private_ctx *priv_ctx; struct user_auth_info *auth_info = NULL; struct cli_state *cli_ipc = NULL; struct client_ipc_connection *p; NTSTATUS status; if (!ctx || !pp || !server_name) { return WERR_INVALID_PARAM; } priv_ctx = (struct libnetapi_private_ctx *)ctx->private_data; p = ipc_cm_find(priv_ctx, server_name); if (p) { *pp = p; return WERR_OK; } auth_info = user_auth_info_init(ctx); if (!auth_info) { return WERR_NOMEM; } auth_info->signing_state = SMB_SIGNING_DEFAULT; set_cmdline_auth_info_use_kerberos(auth_info, ctx->use_kerberos); set_cmdline_auth_info_username(auth_info, ctx->username); if (ctx->password) { set_cmdline_auth_info_password(auth_info, ctx->password); } else { set_cmdline_auth_info_getpass(auth_info); } if (ctx->username && ctx->username[0] && ctx->password && ctx->password[0] && ctx->use_kerberos) { set_cmdline_auth_info_fallback_after_kerberos(auth_info, true); } if (ctx->use_ccache) { set_cmdline_auth_info_use_ccache(auth_info, true); } status = cli_cm_open(ctx, NULL, server_name, "IPC$", auth_info, false, false, PROTOCOL_NT1, 0, 0x20, &cli_ipc); if (NT_STATUS_IS_OK(status)) { cli_set_username(cli_ipc, ctx->username); cli_set_password(cli_ipc, ctx->password); cli_set_domain(cli_ipc, ctx->workgroup); } else { cli_ipc = NULL; } TALLOC_FREE(auth_info); if (!cli_ipc) { libnetapi_set_error_string(ctx, "Failed to connect to IPC$ share on %s", server_name); return WERR_CAN_NOT_COMPLETE; } p = talloc_zero(ctx, struct client_ipc_connection); if (p == NULL) { return WERR_NOMEM; } p->cli = cli_ipc; DLIST_ADD(priv_ctx->ipc_connections, p); *pp = p; return WERR_OK; }
/**************************************************************************** main program ****************************************************************************/ int main(int argc,char *argv[]) { TALLOC_CTX *frame = talloc_stackframe(); struct user_auth_info local_auth_info; struct poptOption long_options[] = { POPT_AUTOHELP { "broadcast", 'b', POPT_ARG_VAL, &use_bcast, True, "Use broadcast instead of using the master browser" }, { "domains", 'D', POPT_ARG_VAL, &level, LEV_WORKGROUP, "List only domains (workgroups) of tree" }, { "servers", 'S', POPT_ARG_VAL, &level, LEV_SERVER, "List domains(workgroups) and servers of tree" }, POPT_COMMON_SAMBA POPT_COMMON_CREDENTIALS POPT_TABLEEND }; poptContext pc; /* Initialise samba stuff */ load_case_tables(); setlinebuf(stdout); dbf = x_stderr; setup_logging(argv[0],True); pc = poptGetContext("smbtree", argc, (const char **)argv, long_options, POPT_CONTEXT_KEEP_FIRST); while(poptGetNextOpt(pc) != -1); poptFreeContext(pc); lp_load(get_dyn_CONFIGFILE(),True,False,False,True); load_interfaces(); /* Parse command line args */ if (get_cmdline_auth_info_use_machine_account() && !set_cmdline_auth_info_machine_account_creds()) { TALLOC_FREE(frame); return 1; } if (!get_cmdline_auth_info_got_pass()) { char *pass = getpass("Password: "); if (pass) { set_cmdline_auth_info_password(pass); } } /* Now do our stuff */ if (!get_cmdline_auth_info_copy(&local_auth_info)) { return 1; } if (!print_tree(&local_auth_info)) { TALLOC_FREE(frame); return 1; } TALLOC_FREE(frame); return 0; }
static void popt_common_credentials_callback(poptContext con, enum poptCallbackReason reason, const struct poptOption *opt, const char *arg, const void *data) { struct user_auth_info *auth_info = talloc_get_type_abort( *((const char **)data), struct user_auth_info); char *p; if (reason == POPT_CALLBACK_REASON_PRE) { set_cmdline_auth_info_username(auth_info, "GUEST"); if (getenv("LOGNAME")) { set_cmdline_auth_info_username(auth_info, getenv("LOGNAME")); } if (getenv("USER")) { char *puser = SMB_STRDUP(getenv("USER")); if (!puser) { exit(ENOMEM); } set_cmdline_auth_info_username(auth_info, puser); } if (getenv("PASSWD")) { set_cmdline_auth_info_password(auth_info, getenv("PASSWD")); } if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) { get_password_file(auth_info); } return; } switch(opt->val) { case 'U': { char *lp; char *puser = SMB_STRDUP(arg); if ((lp=strchr_m(puser,'%'))) { size_t len; *lp = '\0'; set_cmdline_auth_info_username(auth_info, puser); set_cmdline_auth_info_password(auth_info, lp+1); len = strlen(lp+1); memset(lp + 1, '\0', len); } else { set_cmdline_auth_info_username(auth_info, puser); } SAFE_FREE(puser); } break; case 'A': get_credentials_file(auth_info, arg); break; case 'k': #ifndef HAVE_KRB5 d_printf("No kerberos support compiled in\n"); exit(1); #else set_cmdline_auth_info_use_krb5_ticket(auth_info); #endif break; case 'S': if (!set_cmdline_auth_info_signing_state(auth_info, arg)) { fprintf(stderr, "Unknown signing option %s\n", arg ); exit(1); } break; case 'P': set_cmdline_auth_info_use_machine_account(auth_info); break; case 'N': set_cmdline_auth_info_password(auth_info, ""); break; case 'e': set_cmdline_auth_info_smb_encrypt(auth_info); break; case 'C': set_cmdline_auth_info_use_ccache(auth_info, true); break; case 'H': set_cmdline_auth_info_use_pw_nt_hash(auth_info, true); break; } }
static void get_password_file(struct user_auth_info *auth_info) { int fd = -1; char *p; bool close_it = False; char *spec = NULL; char pass[128]; if ((p = getenv("PASSWD_FD")) != NULL) { if (asprintf(&spec, "descriptor %s", p) < 0) { return; } sscanf(p, "%d", &fd); close_it = false; } else if ((p = getenv("PASSWD_FILE")) != NULL) { fd = open(p, O_RDONLY, 0); spec = SMB_STRDUP(p); if (fd < 0) { fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n", spec, strerror(errno)); exit(1); } close_it = True; } if (fd < 0) { fprintf(stderr, "fd = %d, < 0\n", fd); exit(1); } for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */ p && p - pass < sizeof(pass);) { switch (read(fd, p, 1)) { case 1: if (*p != '\n' && *p != '\0') { *++p = '\0'; /* advance p, and null-terminate pass */ break; } case 0: if (p - pass) { *p = '\0'; /* null-terminate it, just in case... */ p = NULL; /* then force the loop condition to become false */ break; } else { fprintf(stderr, "Error reading password from file %s: %s\n", spec, "empty password\n"); SAFE_FREE(spec); exit(1); } default: fprintf(stderr, "Error reading password from file %s: %s\n", spec, strerror(errno)); SAFE_FREE(spec); exit(1); } } SAFE_FREE(spec); set_cmdline_auth_info_password(auth_info, pass); if (close_it) { close(fd); } }