$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
$cmd .= "$net join $ret->{CONFIGURATION}";
- $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD} -k";
+ $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD} --use-kerberos=required";
if (system($cmd) != 0) {
warn("Join failed\n$cmd");
#include "lib/gencache.h"
#include "auth/credentials/credentials.h"
#include "source3/utils/passwd_proto.h"
+#include "auth/gensec/gensec.h"
#ifdef WITH_FAKE_KASERVER
#include "utils/net_afs.h"
static int net_setauthuser(struct net_context *c, int argc, const char **argv)
{
const char *password = NULL;
- struct cli_credentials *creds = NULL;
bool ok;
if (!secrets_init()) {
return 1;
}
- creds = net_context_creds(c, c);
- if (creds == NULL) {
- d_fprintf(stderr, _("Failed creating auth credentials\n"));
- return 1;
- }
-
- ok = secrets_store_creds(creds);
- TALLOC_FREE(creds);
+ ok = secrets_store_creds(c->creds);
if (!ok) {
d_fprintf(stderr, _("Failed storing auth user credentials\n"));
return 1;
};
-static void get_credentials_file(struct net_context *c,
- const char *file)
-{
- struct cli_credentials *cred = cli_credentials_init(c);
-
- if (cred == NULL) {
- d_printf("ERROR: Unable to allocate memory!\n");
- exit(-1);
- }
-
- if (!cli_credentials_parse_file(cred, file, CRED_GUESS_FILE)) {
- exit(-1);
- }
-
- c->opt_user_name = cli_credentials_get_username(cred);
- c->opt_user_specified = (c->opt_user_name != NULL);
- c->opt_password = cli_credentials_get_password(cred);
- c->opt_target_workgroup = cli_credentials_get_domain(cred);
-}
-
/****************************************************************************
main program
****************************************************************************/
int main(int argc, char **argv)
{
int opt,i;
- char *p;
int rc = 0;
int argc_new = 0;
const char ** argv_new;
.val = 'h',
},
{
- .longName = "workgroup",
+ .longName = "target-workgroup",
.shortName = 'w',
.argInfo = POPT_ARG_STRING,
.arg = &c->opt_target_workgroup,
},
- {
- .longName = "user",
- .shortName = 'U',
- .argInfo = POPT_ARG_STRING,
- .arg = &c->opt_user_name,
- .val = 'U',
- },
- {
- .longName = "authentication-file",
- .shortName = 'A',
- .argInfo = POPT_ARG_STRING,
- .arg = &c->opt_user_name,
- .val = 'A',
- .descrip = "Get the credentials from a file",
- .argDescrip = "FILE",
- },
{
.longName = "ipaddress",
.shortName = 'I',
},
{
.longName = "myname",
- .shortName = 'n',
+ .shortName = 0,
.argInfo = POPT_ARG_STRING,
.arg = &c->opt_requester_name,
},
.argInfo = POPT_ARG_STRING,
.arg = &c->opt_host,
},
- {
- .longName = "encrypt",
- .shortName = 'e',
- .argInfo = POPT_ARG_NONE,
- .arg = NULL,
- .val = 'e',
- .descrip = N_("Encrypt SMB transport"),
- },
{
.longName = "container",
.shortName = 'c',
.argInfo = POPT_ARG_INT,
.arg = &c->opt_request_timeout,
},
- {
- .longName = "machine-pass",
- .shortName = 'P',
- .argInfo = POPT_ARG_NONE,
- .arg = &c->opt_machine_pass,
- },
- {
- .longName = "kerberos",
- .shortName = 'k',
- .argInfo = POPT_ARG_NONE,
- .arg = &c->opt_kerberos,
- },
- {
- .longName = "myworkgroup",
- .shortName = 'W',
- .argInfo = POPT_ARG_STRING,
- .arg = &c->opt_workgroup,
- },
{
.longName = "use-ccache",
.shortName = 0,
},
{
.longName = "ntname",
- .shortName = 'N',
+ .shortName = 0,
.argInfo = POPT_ARG_STRING,
.arg = &c->opt_newntname,
},
{
.longName = "rid",
- .shortName = 'R',
+ .shortName = 0,
.argInfo = POPT_ARG_INT,
.arg = &c->opt_rid,
},
.descrip = "follow symlinks",
},
POPT_COMMON_SAMBA
+ POPT_COMMON_CONNECTION
+ POPT_COMMON_CREDENTIALS
POPT_COMMON_VERSION
+ POPT_LEGACY_S3
POPT_TABLEEND
};
case 'h':
c->display_usage = true;
break;
- case 'e':
- c->smb_encrypt = true;
- break;
case 'I':
if (!interpret_string_addr(&c->opt_dest_ip,
poptGetOptArg(pc), 0)) {
c->opt_have_ip = true;
}
break;
- case 'U':
- c->opt_user_specified = true;
- c->opt_user_name = talloc_strdup(c, c->opt_user_name);
- p = strchr(c->opt_user_name,'%');
- if (p) {
- *p = 0;
- c->opt_password = p+1;
- }
- break;
- case 'A':
- get_credentials_file(c, c->opt_user_name);
- break;
default:
d_fprintf(stderr, _("\nInvalid option %s: %s\n"),
poptBadOption(pc, 0), poptStrerror(opt));
}
}
+ c->creds = samba_cmdline_get_creds();
+ c->lp_ctx = samba_cmdline_get_lp_ctx();
+
+ {
+ enum credentials_obtained username_obtained =
+ CRED_UNINITIALISED;
+ enum smb_encryption_setting encrypt_state =
+ cli_credentials_get_smb_encryption(c->creds);
+ enum credentials_use_kerberos krb5_state =
+ cli_credentials_get_kerberos_state(c->creds);
+ uint32_t gensec_features;
+
+ c->opt_user_name = cli_credentials_get_username_and_obtained(
+ c->creds,
+ &username_obtained);
+ c->opt_user_specified = (username_obtained == CRED_SPECIFIED);
+
+ c->opt_workgroup = cli_credentials_get_domain(c->creds);
+
+ c->smb_encrypt = (encrypt_state == SMB_ENCRYPTION_REQUIRED);
+
+ c->opt_kerberos = (krb5_state > CRED_USE_KERBEROS_DESIRED);
+
+ gensec_features = cli_credentials_get_gensec_features(c->creds);
+ c->opt_ccache = (gensec_features & GENSEC_FEATURE_NTLM_CCACHE);
+ }
+
c->msg_ctx = cmdline_messaging_context(get_dyn_CONFIGFILE());
#if defined(HAVE_BIND_TEXTDOMAIN_CODESET)
lp_set_cmdline("netbios name", c->opt_requester_name);
}
- if (!c->opt_user_name && getenv("LOGNAME")) {
- c->opt_user_name = getenv("LOGNAME");
- }
-
- if (!c->opt_workgroup) {
- c->opt_workgroup = talloc_strdup(c, lp_workgroup());
- }
-
if (!c->opt_target_workgroup) {
c->opt_target_workgroup = talloc_strdup(c, lp_workgroup());
}
that it won't assert because we are not root */
sec_init();
- if (c->opt_machine_pass) {
- /* it is very useful to be able to make ads queries as the
- machine account for testing purposes and for domain leave */
-
- net_use_krb_machine_account(c);
- }
-
- if (!c->opt_password) {
- c->opt_password = getenv("PASSWD");
- }
-
samba_cmdline_burn(argc, argv);
rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
char *prt_dn, *srv_dn, **srv_cn;
char *srv_cn_escaped = NULL, *printername_escaped = NULL;
LDAPMessage *res = NULL;
- struct cli_credentials *creds = NULL;
bool ok;
if (argc < 1 || c->display_usage) {
return -1;
}
- creds = net_context_creds(c, mem_ctx);
- if (creds == NULL) {
- d_fprintf(stderr, "net_context_creds() failed\n");
- ads_destroy(&ads);
- talloc_destroy(mem_ctx);
- return -1;
- }
- cli_credentials_set_kerberos_state(creds,
+ cli_credentials_set_kerberos_state(c->creds,
CRED_USE_KERBEROS_REQUIRED,
CRED_SPECIFIED);
nt_status = cli_full_connection_creds(&cli, lp_netbios_name(), servername,
&server_ss, 0,
"IPC$", "IPC",
- creds,
+ c->creds,
CLI_FULL_CONNECTION_IPC);
if (NT_STATUS_IS_ERR(nt_status)) {
static int net_ads_password(struct net_context *c, int argc, const char **argv)
{
ADS_STRUCT *ads;
- const char *auth_principal = c->opt_user_name;
- const char *auth_password = c->opt_password;
+ const char *auth_principal = cli_credentials_get_username(c->creds);
+ const char *auth_password = cli_credentials_get_password(c->creds);
const char *realm = NULL;
const char *new_password = NULL;
char *chr, *prompt;
return 0;
}
- if (c->opt_user_name == NULL || c->opt_password == NULL) {
+ if (auth_principal == NULL || auth_password == NULL) {
d_fprintf(stderr, _("You must supply an administrator "
"username/password\n"));
return -1;
int net_dom(struct net_context *c, int argc, const char **argv)
{
NET_API_STATUS status;
- struct cli_credentials *creds = NULL;
struct functable func[] = {
{
{NULL, NULL, 0, NULL, NULL}
};
- creds = net_context_creds(c, c);
- if (creds == NULL) {
- return -1;
- }
-
status = libnetapi_net_init(&c->netapi_ctx);
if (status != 0) {
return -1;
}
- status = libnetapi_set_creds(c->netapi_ctx, creds);
+ status = libnetapi_set_creds(c->netapi_ctx, c->creds);
if (status != 0) {
return -1;
}
int net_common_flags_usage(struct net_context *c, int argc, const char **argv)
{
d_printf(_("Valid targets: choose one (none defaults to localhost)\n"));
- d_printf(_("\t-S or --server=<server>\t\tserver name\n"));
- d_printf(_("\t-I or --ipaddress=<ipaddr>\taddress of target server\n"));
- d_printf(_("\t-w or --workgroup=<wg>\t\ttarget workgroup or domain\n"));
+ d_printf(_("\t-S|--server=<server>\t\t\tserver name\n"));
+ d_printf(_("\t-I|--ipaddress=<ipaddr>\t\t\taddress of target server\n"));
+ d_printf(_("\t-w|--target-workgroup=<wg>\t\ttarget workgroup or domain\n"));
d_printf("\n");
- d_printf(_("Valid miscellaneous options are:\n")); /* misc options */
- d_printf(_("\t-p or --port=<port>\t\tconnection port on target\n"));
- d_printf(_("\t-W or --myworkgroup=<wg>\tclient workgroup\n"));
- d_printf(_("\t-d or --debuglevel=<level>\tdebug level (0-10)\n"));
- d_printf(_("\t-n or --myname=<name>\t\tclient name\n"));
- d_printf(_("\t-U or --user=<name>\t\tuser name\n"));
- d_printf(_("\t-s or --configfile=<path>\tpathname of smb.conf file\n"));
- d_printf(_("\t-l or --long\t\t\tDisplay full information\n"));
- d_printf(_("\t-V or --version\t\t\tPrint samba version information\n"));
- d_printf(_("\t-P or --machine-pass\t\tAuthenticate as machine "
- "account\n"));
- d_printf(_("\t-e or --encrypt\t\t\tEncrypt SMB transport "
- "(UNIX extended servers only)\n"));
- d_printf(_("\t-k or --kerberos\t\tUse kerberos (active directory) "
+ d_printf(_("Valid misc options are:\n")); /* misc options */
+ d_printf(_("\t-p|--port=<port>\t\t\tconnection port on target\n"));
+ d_printf(_("\t--myname=<name>\t\t\t\tclient name\n"));
+ d_printf(_("\t--long\t\t\t\t\tDisplay full information\n"));
+
+ d_printf("\n");
+ d_printf(_("Valid common options are:\n")); /* misc options */
+ d_printf(_("\t-d|--debuglevel=<level>\t\t\tdebug level (0-10)\n"));
+ d_printf(_("\t--debug-stdout\t\t\t\tSend debug output to standard "
+ "output\n"));
+ d_printf(_("\t--configfile=<path>\t\t\tpathname of smb.conf file\n"));
+ d_printf(_("\t--option=name=value\t\t\tSet smb.conf option from "
+ "command line\n"));
+ d_printf(_("\t-l|--log-basename=LOGFILEBASE\t\tBasename for "
+ "log/debug files\n"));
+ d_printf(_("\t--leak-report\t\t\t\tenable talloc leak reporting on "
+ "exit\n"));
+ d_printf(_("\t--leak-report-full\t\t\tenable full talloc leak "
+ "reporting on exit\n"));
+ d_printf(_("\t-V|--version\t\t\t\tPrint samba version information\n"));
+
+ d_printf("\n");
+ d_printf(_("Valid connection options are:\n")); /* misc options */
+ d_printf(_("\t-R|--name-resolve=NAME-RESOLVE-ORDER\tUse these name "
+ "resolution services only\n"));
+ d_printf(_("\t-O|--socket-options=SOCKETOPTIONS\tsocket options to use\n"));
+ d_printf(_("\t-m|--maxprotocol=MAXPROTOCOL\t\tSet max protocol level\n"));
+ d_printf(_("\t-n|--netbiosname=NETBIOSNAME\t\tPrimary netbios name\n"));
+ d_printf(_("\t--netbios-scope=SCOPE\t\t\tUse this Netbios scope\n"));
+ d_printf(_("\t-W|--workgroup=WORKGROUP\t\tSet the workgroup name\n"));
+ d_printf(_("\t--realm=REALM\t\t\t\tSet the realm name\n"));
+
+ d_printf("\n");
+ d_printf(_("Valid credential options are:\n")); /* misc options */
+ d_printf(_("\t-U|--user=[DOMAIN/]USERNAME[%%PASSWORD]\tSet the "
+ "network username\n"));
+ d_printf(_("\t-N|--no-pass\t\t\t\tDon't ask for a password\n"));
+ d_printf(_("\t--password=STRING\t\t\tSet a password\n"));
+ d_printf(_("\t--pw-nt-hash\t\t\t\tThe supplied password is the NT hash\n"));
+ d_printf(_("\t-A|--authentication-file=FILE\t\tGet the "
+ "credentials from a file\n"));
+ d_printf(_("\t-P|--machine-pass\t\t\tUse stored machine account password\n"));
+ d_printf(_("\t--simple-bind-dn=DN\t\t\tDN to use for a simple bind\n"));
+ d_printf(_("\t--use-kerberos=desired|required|off\tUse kerberos "
"authentication\n"));
+ d_printf(_("\t--use-krb5-ccache=CCACHE\t\tCredentials cache location "
+ "for Kerberos\n"));
+ d_printf(_("\t--use-winbind-ccache\t\t\tUse the winbind ccache for "
+ "authentication\n"));
+ d_printf(_("\t--client-protection=sign|encrypt|off\tConfigure used "
+ "protection for client connections\n"));
+
return -1;
}
const struct sockaddr_storage *pss,
unsigned flags, struct cli_state **pcli);
const char *net_prompt_pass(struct net_context *c, const char *user);
-struct cli_credentials;
-struct cli_credentials *net_context_creds(struct net_context *c,
- TALLOC_CTX *mem_ctx);
int net_run_function(struct net_context *c, int argc, const char **argv,
const char *whoami, struct functable *table);
void net_display_usage_from_functable(struct functable *table);
}
} else {
if (conn_flags & NET_FLAGS_SEAL) {
- struct cli_credentials *creds = NULL;
-
- creds = net_context_creds(c, mem_ctx);
- if (creds == NULL) {
- DBG_ERR("net_rpc_ntlm_creds() failed\n");
- nt_status = NT_STATUS_INTERNAL_ERROR;
- goto fail;
- }
-
nt_status = cli_rpc_pipe_open_with_creds(
cli, table,
(conn_flags & NET_FLAGS_TCP) ?
DCERPC_AUTH_TYPE_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
smbXcli_conn_remote_name(cli->conn),
- creds, &pipe_hnd);
+ c->creds, &pipe_hnd);
} else {
nt_status = cli_rpc_pipe_open_noauth(
cli, table,
int net_rpc_user(struct net_context *c, int argc, const char **argv)
{
NET_API_STATUS status;
- struct cli_credentials *creds = NULL;
struct functable func[] = {
{
{NULL, NULL, 0, NULL, NULL}
};
- creds = net_context_creds(c, c);
- if (creds == NULL) {
- return -1;
- }
-
status = libnetapi_net_init(&c->netapi_ctx);
if (status != 0) {
return -1;
}
- status = libnetapi_set_creds(c->netapi_ctx, creds);
+ status = libnetapi_set_creds(c->netapi_ctx, c->creds);
if (status != 0) {
return -1;
}
int net_rpc_group(struct net_context *c, int argc, const char **argv)
{
NET_API_STATUS status;
- struct cli_credentials *creds = NULL;
struct functable func[] = {
{
{NULL, NULL, 0, NULL, NULL}
};
- creds = net_context_creds(c, c);
- if (creds == NULL) {
- return -1;
- }
-
status = libnetapi_net_init(&c->netapi_ctx);
if (status != 0) {
return -1;
}
- status = libnetapi_set_creds(c->netapi_ctx, creds);
+ status = libnetapi_set_creds(c->netapi_ctx, c->creds);
if (status != 0) {
return -1;
}
int net_rpc_share(struct net_context *c, int argc, const char **argv)
{
NET_API_STATUS status;
- struct cli_credentials *creds = NULL;
struct functable func[] = {
{
{NULL, NULL, 0, NULL, NULL}
};
- creds = net_context_creds(c, c);
- if (creds == NULL) {
- return -1;
- }
-
status = libnetapi_net_init(&c->netapi_ctx);
if (status != 0) {
return -1;
}
- status = libnetapi_set_creds(c->netapi_ctx, creds);
+ status = libnetapi_set_creds(c->netapi_ctx, c->creds);
if (status != 0) {
return -1;
}
int net_rpc_file(struct net_context *c, int argc, const char **argv)
{
NET_API_STATUS status;
- struct cli_credentials *creds = NULL;
struct functable func[] = {
{
{NULL, NULL, 0, NULL, NULL}
};
- creds = net_context_creds(c, c);
- if (creds == NULL) {
- return -1;
- }
-
status = libnetapi_net_init(&c->netapi_ctx);
if (status != 0) {
return -1;
}
- status = libnetapi_set_creds(c->netapi_ctx, creds);
+ status = libnetapi_set_creds(c->netapi_ctx, c->creds);
if (status != 0) {
return -1;
}
int net_rpc(struct net_context *c, int argc, const char **argv)
{
NET_API_STATUS status;
- struct cli_credentials *creds = NULL;
struct functable func[] = {
{
{NULL, NULL, 0, NULL, NULL}
};
- creds = net_context_creds(c, c);
- if (creds == NULL) {
- return -1;
- }
-
status = libnetapi_net_init(&c->netapi_ctx);
if (status != 0) {
return -1;
}
- status = libnetapi_set_creds(c->netapi_ctx, creds);
+ status = libnetapi_set_creds(c->netapi_ctx, c->creds);
if (status != 0) {
return -1;
}
NTSTATUS status;
struct rpc_sh_ctx *ctx;
struct dom_sid_buf buf;
- struct cli_credentials *creds = NULL;
NET_API_STATUS net_api_status;
if (argc != 0 || c->display_usage) {
return -1;
}
- creds = net_context_creds(c, c);
- if (creds == NULL) {
- return -1;
- }
-
if (libnetapi_net_init(&c->netapi_ctx) != 0) {
return -1;
}
- net_api_status = libnetapi_set_creds(c->netapi_ctx, creds);
+ net_api_status = libnetapi_set_creds(c->netapi_ctx, c->creds);
if (net_api_status != 0) {
return -1;
}
#include "libsmb/libsmb.h"
#include "lib/param/param.h"
#include "auth/gensec/gensec.h"
+#include "lib/cmdline/cmdline.h"
NTSTATUS net_rpc_lookup_name(struct net_context *c,
TALLOC_CTX *mem_ctx, struct cli_state *cli,
const char *service_type)
{
NTSTATUS nt_status;
- struct cli_credentials *creds = NULL;
int flags = 0;
- creds = net_context_creds(c, c);
- if (creds == NULL) {
- d_fprintf(stderr, "net_context_creds() failed.\n");
- return NT_STATUS_INTERNAL_ERROR;
- }
-
if (strequal(service_type, "IPC")) {
flags |= CLI_FULL_CONNECTION_IPC;
}
nt_status = cli_full_connection_creds(cli_ctx, NULL, server_name,
server_ss, c->opt_port,
service_name, service_type,
- creds,
+ c->creds,
flags);
if (!NT_STATUS_IS_OK(nt_status)) {
d_fprintf(stderr, _("Could not connect to server %s\n"),
}
c->opt_user_name = user_name;
c->opt_user_specified = true;
+
+ cli_credentials_set_machine_account(c->creds, c->lp_ctx);
return 0;
}
/****************************************************************************
****************************************************************************/
+/* TODO FIXME: Pass cli_creds via net_context and get rid of this function. */
const char *net_prompt_pass(struct net_context *c, const char *user)
{
- char *prompt = NULL;
- char pwd[256] = {0};
- int rc;
-
- if (c->opt_password) {
- return c->opt_password;
- }
-
- if (c->opt_machine_pass) {
- return NULL;
- }
-
- if (c->opt_kerberos && !c->opt_user_specified) {
- return NULL;
- }
-
- if (c->opt_ccache) {
- return NULL;
- }
-
- if (asprintf(&prompt, _("Enter %s's password:"), user) == -1) {
- return NULL;
- }
-
- rc = samba_getpass(prompt, pwd, sizeof(pwd), false, false);
- SAFE_FREE(prompt);
- if (rc < 0) {
- return NULL;
- }
-
- return SMB_STRDUP(pwd);
-}
-
-struct cli_credentials *net_context_creds(struct net_context *c,
- TALLOC_CTX *mem_ctx)
-{
- struct cli_credentials *creds = NULL;
- struct loadparm_context *lp_ctx = NULL;
-
- /*
- * Do not query the password if we defined we want to use the
- * machine account.
- */
- if (c->opt_machine_pass) {
- c->opt_password = net_prompt_pass(c, c->opt_user_name);
- }
-
- creds = cli_credentials_init(mem_ctx);
- if (creds == NULL) {
- d_printf("ERROR: Unable to allocate memory!\n");
- exit(-1);
- }
-
- lp_ctx = loadparm_init_s3(creds, loadparm_s3_helpers());
- if (lp_ctx == NULL) {
- d_printf("loadparm_init_s3 failed\n");
- exit(-1);
- }
-
- cli_credentials_guess(creds, lp_ctx);
-
- if (c->opt_kerberos && c->opt_user_specified) {
- cli_credentials_set_kerberos_state(creds,
- CRED_USE_KERBEROS_DESIRED,
- CRED_SPECIFIED);
- } else if (c->opt_kerberos) {
- cli_credentials_set_kerberos_state(creds,
- CRED_USE_KERBEROS_REQUIRED,
- CRED_SPECIFIED);
- } else {
- cli_credentials_set_kerberos_state(creds,
- CRED_USE_KERBEROS_DISABLED,
- CRED_SPECIFIED);
- }
-
- if (c->opt_ccache) {
- uint32_t features;
-
- features = cli_credentials_get_gensec_features(creds);
- features |= GENSEC_FEATURE_NTLM_CCACHE;
- cli_credentials_set_gensec_features(creds,
- features,
- CRED_SPECIFIED);
-
- if (c->opt_password != NULL && strlen(c->opt_password) == 0) {
- /*
- * some callers pass "" as no password
- *
- * GENSEC_FEATURE_NTLM_CCACHE only handles
- * NULL as no password.
- */
- c->opt_password = NULL;
- }
- }
-
- if (c->opt_user_specified) {
- const char *default_domain =
- cli_credentials_get_domain(creds);
- char *username = NULL;
- const char *domain = NULL;
- char *tmp = NULL;
- char *p = NULL;
- bool is_default;
-
- tmp = talloc_strdup(creds, c->opt_user_name);
- if (tmp == NULL) {
- exit(-1);
- }
- username = tmp;
-
- /* allow for workgroups as part of the username */
- if ((p = strchr_m(tmp, '\\')) ||
- (p = strchr_m(tmp, '/')) ||
- (p = strchr_m(tmp, *lp_winbind_separator()))) {
- *p = 0;
- username = p + 1;
- domain = tmp;
- }
-
- if (domain == NULL) {
- domain = c->opt_workgroup;
- }
-
- /*
- * Don't overwrite the value from cli_credentials_guess()
- * with CRED_SPECIFIED, unless we have to.
- */
- is_default = strequal_m(domain, default_domain);
- if (!is_default) {
- cli_credentials_set_domain(creds,
- domain,
- CRED_SPECIFIED);
- }
-
- cli_credentials_set_username(creds,
- username,
- CRED_SPECIFIED);
- cli_credentials_set_password(creds,
- c->opt_password,
- CRED_SPECIFIED);
- }
+ struct cli_credentials *creds = samba_cmdline_get_creds();
- if (c->smb_encrypt) {
- cli_credentials_set_smb_encryption(creds,
- SMB_ENCRYPTION_REQUIRED,
- CRED_SPECIFIED);
+ if (c->opt_password == NULL) {
+ c->opt_password = cli_credentials_get_password(creds);
}
- return creds;
+ return c->opt_password;
}
int net_run_function(struct net_context *c, int argc, const char **argv,
pcap_file=$BASEDIR/$WORKDIR/test.pcap
export SOCKET_WRAPPER_PCAP_FILE=$pcap_file
-testit "join" $VALGRIND $net_tool ads join -kU$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --use-kerberos=required || failed=`expr $failed + 1`
-testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
#The leave command does not use the locally-generated
#krb5.conf
testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
-testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
dedicated_keytab_file="$PREFIX_ABS/test_net_ads_dedicated_krb5.keytab"
testit "join (dedicated keytab)" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
-testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
uc_netbios=$(echo $netbios | tr '[:lower:]' '[:upper:]')
rm -f $dedicated_keytab_file
-testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
-testit "join+kerberos" $VALGRIND $net_tool ads join -kU$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+testit "join+kerberos" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --use-kerberos=required || failed=`expr $failed + 1`
-testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
-testit "leave+kerberos" $VALGRIND $net_tool ads leave -kU$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+testit "leave+kerberos" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD --use-kerberos=required || failed=`expr $failed + 1`
-testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
testit "join+server" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD -S$DC_SERVER || failed=`expr $failed + 1`
. `dirname $0`/subunit.sh
# This make sure we are able to join AD in FIPS mode with Kerberos (NTLM doesn't work in FIPS mode).
-testit "join" $VALGRIND $net_tool ads join -k -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+testit "join" $VALGRIND $net_tool ads join --use-kerberos=required -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
-testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1`
testit "changetrustpw" $VALGRIND $net_tool ads changetrustpw || failed=`expr $failed + 1`
-testit "leave" $VALGRIND $net_tool ads leave -k -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+testit "leave" $VALGRIND $net_tool ads leave --use-kerberos=required -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
rm -rf $BASEDIR/$WORKDIR
projects / thirdparty / samba.git / commitdiff
