]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
s3:net: add net_context_creds() helper function
authorStefan Metzmacher <metze@samba.org>
Mon, 11 Nov 2019 12:57:55 +0000 (13:57 +0100)
committerAndreas Schneider <asn@cryptomilk.org>
Thu, 28 May 2020 06:43:37 +0000 (06:43 +0000)
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
source3/utils/net_proto.h
source3/utils/net_util.c

index d04df553e01b7ec4d240f31830b428a6f0d3e240..f49b707338d4ca27e81cb70d91c16609faf3049f 100644 (file)
@@ -418,6 +418,9 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c ,const char *domain,
                                    const struct sockaddr_storage *pss,
                                    unsigned flags, struct cli_state **pcli);
 const char *net_prompt_pass(struct net_context *c, const char *user);
+struct cli_credentials;
+struct cli_credentials *net_context_creds(struct net_context *c,
+                                         TALLOC_CTX *mem_ctx);
 int net_run_function(struct net_context *c, int argc, const char **argv,
                      const char *whoami, struct functable *table);
 void net_display_usage_from_functable(struct functable *table);
index 18ae07f480e1ce373cf57d791dcf8295ae2b93ef..156e9ef99a58ce65289cc553b7e4777e70e08312 100644 (file)
@@ -29,6 +29,8 @@
 #include "secrets.h"
 #include "../libcli/security/security.h"
 #include "libsmb/libsmb.h"
+#include "lib/param/param.h"
+#include "auth/gensec/gensec.h"
 
 NTSTATUS net_rpc_lookup_name(struct net_context *c,
                             TALLOC_CTX *mem_ctx, struct cli_state *cli,
@@ -477,6 +479,107 @@ const char *net_prompt_pass(struct net_context *c, const char *user)
        return SMB_STRDUP(pwd);
 }
 
+struct cli_credentials *net_context_creds(struct net_context *c,
+                                         TALLOC_CTX *mem_ctx)
+{
+       struct cli_credentials *creds = NULL;
+       struct loadparm_context *lp_ctx = NULL;
+
+       c->opt_password = net_prompt_pass(c, c->opt_user_name);
+
+       creds = cli_credentials_init(mem_ctx);
+       if (creds == NULL) {
+               d_printf("ERROR: Unable to allocate memory!\n");
+               exit(-1);
+       }
+
+       lp_ctx = loadparm_init_s3(creds, loadparm_s3_helpers());
+       if (lp_ctx == NULL) {
+               d_printf("loadparm_init_s3 failed\n");
+               exit(-1);
+       }
+
+       cli_credentials_guess(creds, lp_ctx);
+
+       if (c->opt_kerberos && c->opt_user_specified) {
+               cli_credentials_set_kerberos_state(creds,
+                                                  CRED_AUTO_USE_KERBEROS);
+       } else if (c->opt_kerberos) {
+               cli_credentials_set_kerberos_state(creds,
+                                                  CRED_MUST_USE_KERBEROS);
+       } else {
+               cli_credentials_set_kerberos_state(creds,
+                                                  CRED_DONT_USE_KERBEROS);
+       }
+
+       if (c->opt_ccache) {
+               uint32_t features;
+
+               features = cli_credentials_get_gensec_features(creds);
+               features |= GENSEC_FEATURE_NTLM_CCACHE;
+               cli_credentials_set_gensec_features(creds, features);
+
+               if (c->opt_password != NULL && strlen(c->opt_password) == 0) {
+                       /*
+                        * some callers pass "" as no password
+                        *
+                        * GENSEC_FEATURE_NTLM_CCACHE only handles
+                        * NULL as no password.
+                        */
+                       c->opt_password = NULL;
+               }
+       }
+
+       if (c->opt_user_specified) {
+               const char *default_domain =
+                       cli_credentials_get_domain(creds);
+               char *username = NULL;
+               const char *domain = NULL;
+               char *tmp = NULL;
+               char *p = NULL;
+               bool is_default;
+
+               tmp = talloc_strdup(creds, c->opt_user_name);
+               if (tmp == NULL) {
+                       exit(-1);
+               }
+               username = tmp;
+
+               /* allow for workgroups as part of the username */
+               if ((p = strchr_m(tmp, '\\')) ||
+                   (p = strchr_m(tmp, '/')) ||
+                   (p = strchr_m(tmp, *lp_winbind_separator()))) {
+                       *p = 0;
+                       username = p + 1;
+                       domain = tmp;
+               }
+
+               if (domain == NULL) {
+                       domain = c->opt_workgroup;
+               }
+
+               /*
+                * Don't overwrite the value from cli_credentials_guess()
+                * with CRED_SPECIFIED, unless we have to.
+                */
+               is_default = strequal_m(domain, default_domain);
+               if (!is_default) {
+                       cli_credentials_set_domain(creds,
+                                                  domain,
+                                                  CRED_SPECIFIED);
+               }
+
+               cli_credentials_set_username(creds,
+                                            username,
+                                            CRED_SPECIFIED);
+               cli_credentials_set_password(creds,
+                                            c->opt_password,
+                                            CRED_SPECIFIED);
+       }
+
+       return creds;
+}
+
 int net_run_function(struct net_context *c, int argc, const char **argv,
                      const char *whoami, struct functable *table)
 {