The branch, v3-4-test has been updated
via eadbd85b2797683b3a17a1919c4aea28d6519a01 (commit)
from ec18e0f11eda8d25feb14c92cf7d90bda8d79269 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit eadbd85b2797683b3a17a1919c4aea28d6519a01
Author: Kai Blin <k...@samba.org>
Date: Wed Jun 10 13:08:40 2009 +0200
Revert "net: Use samba default command line arguments."
This reverts commit c039bc15ba597d955d0ccbf5642388b0a03ba40b and dependent
commits 33c6ba805756739b7b4395bedb66ae00797cbcb1 and
ce18ba7e24b5578672d2f2ffaab97ef708421067.
While it certainly would be a nice to have feature, this has caused more
hassle than reasonable, e.g. in net commands that need to use the machine
account like net (ads|rpc) testjoin.
This un-fixes bug #6305.
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 39 --------------
source3/utils/net.c | 43 ++++++++++++----
source3/utils/net.h | 9 +++-
source3/utils/net_ads.c | 82 +++++++++++++++---------------
source3/utils/net_dom.c | 8 +--
source3/utils/net_help.c | 1 -
source3/utils/net_proto.h | 3 +
source3/utils/net_rpc.c | 74 +++++++++-----------------
source3/utils/net_rpc_join.c | 3 +-
source3/utils/net_rpc_samsync.c | 4 +-
source3/utils/net_rpc_shell.c | 9 +--
source3/utils/net_util.c | 109 ++++++++++++++++++++++++++++++++------
12 files changed, 209 insertions(+), 175 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index a8c4afe..108945a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -35,9 +35,6 @@ o The code has been cleaned up and the major basic interfaces
are shared with
Samba4 now.
o An asynchronous API has been added.
-net Command Changes:
-o Parameter syntax made more consistent.
-
Configuration changes
=====================
@@ -120,38 +117,6 @@ these two versions.
An asynchronous API has been added.
-net Command Changes
-===================
-
-The net command now accepts the common command line parameters most other Samba
-command line utilities use, with a couple of remaining differences:
-
--l still gives long output for net commands supporting the --long flag. This
was
-more useful than the common --log-base parameter.
-
--i still tells net to read data from stdin (like --stdin) instead of toggling
-the common --scope flag.
-
--S still tells net the server to connect to (like --server) instead of
-negotiating the common --signing flag. As -S is probably used by most scripts
-doing net rpc commands, this would have been a high-impact change for little
-gain.
-
-This change was mainly done to unify the authentification options. Here, one
-flag changed it's meaning and one useful flag was added.
-
--N used to be the short version of --ntname. It now matches the Samba default
of
---no-pass. Use this to stop net from prompting for a password if you want
-anonymous authentication.
-
--A --authentication-file now takes an authentication file with the username and
-password you want net to use, avoiding a password prompt as with plain -U user
-or having to give a password on the command line as in -U user%pass.
-
-Last but not least net now always falls back to your local unix username if no
--U is specified and a username is needed. net rpc commands will now prompt for
a
-password unless one is specified using either -U user%pass or -A auth_file
-
######################################################################
Changes
#######
@@ -302,10 +267,6 @@ o Michael Adam <ob...@samba.org>
* Fix linking with --disable-shared-libs.
-o Kai Blin <k...@samba.org>
- * BUG #6357: Use Samba default command line arguments in 'net'.
-
-
o Steven Danneman <steven.danne...@isilon.com>
* Fix issue with missing entries when enumerating directories.
* Map NULL domains to our global sam name.
diff --git a/source3/utils/net.c b/source3/utils/net.c
index 2033082..d58858c 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -618,6 +618,7 @@ static struct functable net_func[] = {
int main(int argc, const char **argv)
{
int opt,i;
+ char *p;
int rc = 0;
int argc_new = 0;
const char ** argv_new;
@@ -628,10 +629,12 @@ static struct functable net_func[] = {
struct poptOption long_options[] = {
{"help", 'h', POPT_ARG_NONE, 0, 'h'},
{"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup},
+ {"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'},
{"ipaddress", 'I', POPT_ARG_STRING, 0,'I'},
{"port", 'p', POPT_ARG_INT, &c->opt_port},
{"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name},
{"server", 'S', POPT_ARG_STRING, &c->opt_host},
+ {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB
transport (UNIX extended servers only)" },
{"container", 'c', POPT_ARG_STRING, &c->opt_container},
{"comment", 'C', POPT_ARG_STRING, &c->opt_comment},
{"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers},
@@ -642,13 +645,15 @@ static struct functable net_func[] = {
{"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin},
{"timeout", 't', POPT_ARG_INT, &c->opt_timeout},
{"request-timeout",0,POPT_ARG_INT, &c->opt_request_timeout},
+ {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass},
+ {"kerberos", 'k', POPT_ARG_NONE, &c->opt_kerberos},
{"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup},
{"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose},
{"test", 'T', POPT_ARG_NONE, &c->opt_testmode},
/* Options for 'net groupmap set' */
{"local", 'L', POPT_ARG_NONE, &c->opt_localgroup},
{"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup},
- {"ntname", 0, POPT_ARG_STRING, &c->opt_newntname},
+ {"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname},
{"rid", 'R', POPT_ARG_INT, &c->opt_rid},
/* Options for 'net rpc share migrate' */
{"acls", 0, POPT_ARG_NONE, &c->opt_acls},
@@ -663,7 +668,6 @@ static struct functable net_func[] = {
{"clean-old-entries", 0, POPT_ARG_NONE,
&c->opt_clean_old_entries},
POPT_COMMON_SAMBA
- POPT_COMMON_CREDENTIALS
{ 0, 0, 0, 0}
};
@@ -677,13 +681,6 @@ static struct functable net_func[] = {
dbf = x_stderr;
c->private_data = net_func;
- c->auth_info = user_auth_info_init(frame);
- if (c->auth_info == NULL) {
- d_fprintf(stderr, "\nOut of memory!\n");
- exit(1);
- }
- popt_common_set_auth_info(c->auth_info);
-
pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
@@ -691,7 +688,9 @@ static struct functable net_func[] = {
switch (opt) {
case 'h':
c->display_usage = true;
- set_cmdline_auth_info_password(c->auth_info, "");
+ break;
+ case 'e':
+ c->smb_encrypt = true;
break;
case 'I':
if (!interpret_string_addr(&c->opt_dest_ip,
@@ -701,6 +700,15 @@ static struct functable net_func[] = {
c->opt_have_ip = true;
}
break;
+ case 'U':
+ c->opt_user_specified = true;
+ c->opt_user_name = SMB_STRDUP(c->opt_user_name);
+ p = strchr(c->opt_user_name,'%');
+ if (p) {
+ *p = 0;
+ c->opt_password = p+1;
+ }
+ break;
default:
d_fprintf(stderr, "\nInvalid option %s: %s\n",
poptBadOption(pc, 0), poptStrerror(opt));
@@ -734,6 +742,10 @@ static struct functable net_func[] = {
set_global_myname(c->opt_requester_name);
}
+ if (!c->opt_user_name && getenv("LOGNAME")) {
+ c->opt_user_name = getenv("LOGNAME");
+ }
+
if (!c->opt_workgroup) {
c->opt_workgroup = smb_xstrdup(lp_workgroup());
}
@@ -751,6 +763,17 @@ static struct functable net_func[] = {
that it won't assert becouse we are not root */
sec_init();
+ if (c->opt_machine_pass) {
+ /* it is very useful to be able to make ads queries as the
+ machine account for testing purposes and for domain leave */
+
+ net_use_krb_machine_account(c);
+ }
+
+ if (!c->opt_password) {
+ c->opt_password = getenv("PASSWD");
+ }
+
rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
DEBUG(2,("return code = %d\n", rc));
diff --git a/source3/utils/net.h b/source3/utils/net.h
index f604d96..d88f962 100644
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -28,8 +28,11 @@
struct net_context {
const char *opt_requester_name;
const char *opt_host;
- int opt_long_list_entries;
+ const char *opt_password;
+ const char *opt_user_name;
+ bool opt_user_specified;
const char *opt_workgroup;
+ int opt_long_list_entries;
int opt_reboot;
int opt_force;
int opt_stdin;
@@ -42,6 +45,7 @@ struct net_context {
int opt_timeout;
int opt_request_timeout;
const char *opt_target_workgroup;
+ int opt_machine_pass;
int opt_localgroup;
int opt_domaingroup;
int do_talloc_report;
@@ -53,14 +57,15 @@ struct net_context {
const char *opt_exclude;
const char *opt_destination;
int opt_testmode;
+ bool opt_kerberos;
int opt_force_full_repl;
int opt_single_obj_repl;
int opt_clean_old_entries;
int opt_have_ip;
struct sockaddr_storage opt_dest_ip;
+ bool smb_encrypt;
struct libnetapi_ctx *netapi_ctx;
- struct user_auth_info *auth_info;
bool display_usage;
void *private_data;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 588f57f..8e927be 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -231,22 +231,32 @@ retry_connect:
ads = ads_init(realm, c->opt_target_workgroup, c->opt_host);
+ if (!c->opt_user_name) {
+ c->opt_user_name = "administrator";
+ }
+
+ if (c->opt_user_specified) {
+ need_password = true;
+ }
+
retry:
- if (need_password) {
- set_cmdline_auth_info_getpass(c->auth_info);
+ if (!c->opt_password && need_password && !c->opt_machine_pass) {
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
+ if (!c->opt_password) {
+ ads_destroy(&ads);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
}
- if (get_cmdline_auth_info_got_pass(c->auth_info)) {
+ if (c->opt_password) {
use_in_memory_ccache();
SAFE_FREE(ads->auth.password);
- ads->auth.password = smb_xstrdup(
- get_cmdline_auth_info_password(c->auth_info));
+ ads->auth.password = smb_xstrdup(c->opt_password);
}
ads->auth.flags |= auth_flags;
SAFE_FREE(ads->auth.user_name);
- ads->auth.user_name = smb_xstrdup(
- get_cmdline_auth_info_username(c->auth_info));
+ ads->auth.user_name = smb_xstrdup(c->opt_user_name);
/*
* If the username is of the form "n...@realm",
@@ -865,7 +875,6 @@ static int net_ads_leave(struct net_context *c, int argc,
const char **argv)
TALLOC_CTX *ctx;
struct libnet_UnjoinCtx *r = NULL;
WERROR werr;
- struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -884,7 +893,7 @@ static int net_ads_leave(struct net_context *c, int argc,
const char **argv)
return -1;
}
- if (!get_cmdline_auth_info_use_kerberos(ai)) {
+ if (!c->opt_kerberos) {
use_in_memory_ccache();
}
@@ -894,14 +903,12 @@ static int net_ads_leave(struct net_context *c, int argc,
const char **argv)
return -1;
}
- set_cmdline_auth_info_getpass(ai);
-
r->in.debug = true;
- r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai);
+ r->in.use_kerberos = c->opt_kerberos;
r->in.dc_name = c->opt_host;
r->in.domain_name = lp_realm();
- r->in.admin_account = get_cmdline_auth_info_username(ai);
- r->in.admin_password = get_cmdline_auth_info_password(ai);
+ r->in.admin_account = c->opt_user_name;
+ r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
r->in.modify_config = lp_config_backend_is_registry();
r->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
@@ -952,8 +959,7 @@ static NTSTATUS net_ads_join_ok(struct net_context *c)
return NT_STATUS_ACCESS_DENIED;
}
- set_cmdline_auth_info_use_machine_account(c->auth_info);
- set_cmdline_auth_info_machine_account_creds(c->auth_info);
+ net_use_krb_machine_account(c);
status = ads_startup(c, true, &ads);
if (!ADS_ERR_OK(status)) {
@@ -1184,7 +1190,6 @@ int net_ads_join(struct net_context *c, int argc, const
char **argv)
const char *os_name = NULL;
const char *os_version = NULL;
bool modify_config = lp_config_backend_is_registry();
- struct user_auth_info *ai = c->auth_info;;
if (c->display_usage)
return net_ads_join_usage(c, argc, argv);
@@ -1204,7 +1209,7 @@ int net_ads_join(struct net_context *c, int argc, const
char **argv)
goto fail;
}
- if (!get_cmdline_auth_info_use_kerberos(ai)) {
+ if (!c->opt_kerberos) {
use_in_memory_ccache();
}
@@ -1254,8 +1259,6 @@ int net_ads_join(struct net_context *c, int argc, const
char **argv)
/* Do the domain join here */
- set_cmdline_auth_info_getpass(ai);
-
r->in.domain_name = domain;
r->in.create_upn = createupn;
r->in.upn = machineupn;
@@ -1263,10 +1266,10 @@ int net_ads_join(struct net_context *c, int argc, const
char **argv)
r->in.os_name = os_name;
r->in.os_version = os_version;
r->in.dc_name = c->opt_host;
- r->in.admin_account = get_cmdline_auth_info_username(ai);
- r->in.admin_password = get_cmdline_auth_info_password(ai);
+ r->in.admin_account = c->opt_user_name;
+ r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
r->in.debug = true;
- r->in.use_kerberos = get_cmdline_auth_info_use_kerberos(ai);
+ r->in.use_kerberos = c->opt_kerberos;
r->in.modify_config = modify_config;
r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
@@ -1577,7 +1580,6 @@ static int net_ads_printer_publish(struct net_context *c,
int argc, const char *
char *prt_dn, *srv_dn, **srv_cn;
char *srv_cn_escaped = NULL, *printername_escaped = NULL;
LDAPMessage *res = NULL;
- struct user_auth_info *ai = c->auth_info;
if (argc < 1 || c->display_usage) {
d_printf("Usage:\n"
@@ -1609,9 +1611,8 @@ static int net_ads_printer_publish(struct net_context *c,
int argc, const char *
nt_status = cli_full_connection(&cli, global_myname(), servername,
&server_ss, 0,
"IPC$", "IPC",
- get_cmdline_auth_info_username(ai),
- c->opt_workgroup,
- get_cmdline_auth_info_password(ai),
+ c->opt_user_name, c->opt_workgroup,
+ c->opt_password ? c->opt_password : "",
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
@@ -1799,8 +1800,8 @@ static int net_ads_printer(struct net_context *c, int
argc, const char **argv)
static int net_ads_password(struct net_context *c, int argc, const char **argv)
{
ADS_STRUCT *ads;
- const char *auth_principal;
- const char *auth_password;
+ const char *auth_principal = c->opt_user_name;
+ const char *auth_password = c->opt_password;
char *realm = NULL;
char *new_password = NULL;
char *chr, *prompt;
@@ -1815,9 +1816,10 @@ static int net_ads_password(struct net_context *c, int
argc, const char **argv)
return 0;
}
- auth_principal = get_cmdline_auth_info_username(c->auth_info);
- set_cmdline_auth_info_getpass(c->auth_info);
- auth_password = get_cmdline_auth_info_password(c->auth_info);
+ if (c->opt_user_name == NULL || c->opt_password == NULL) {
+ d_fprintf(stderr, "You must supply an administrator
username/password\n");
+ return -1;
+ }
if (argc < 1) {
d_fprintf(stderr, "ERROR: You must say which username to change
password for\n");
@@ -1899,7 +1901,7 @@ int net_ads_changetrustpw(struct net_context *c, int
argc, const char **argv)
return -1;
}
- set_cmdline_auth_info_use_machine_account(c->auth_info);
+ net_use_krb_machine_account(c);
use_in_memory_ccache();
@@ -2281,7 +2283,6 @@ static int net_ads_kerberos_pac(struct net_context *c,
int argc, const char **ar
TALLOC_CTX *mem_ctx = NULL;
NTSTATUS status;
int ret = -1;
- struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -2295,11 +2296,11 @@ static int net_ads_kerberos_pac(struct net_context *c,
int argc, const char **ar
goto out;
}
- set_cmdline_auth_info_getpass(ai);
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
status = kerberos_return_pac(mem_ctx,
- get_cmdline_auth_info_username(ai),
- get_cmdline_auth_info_password(ai),
+ c->opt_user_name,
+ c->opt_password,
0,
NULL,
NULL,
@@ -2332,7 +2333,6 @@ static int net_ads_kerberos_kinit(struct net_context *c,
int argc, const char **
TALLOC_CTX *mem_ctx = NULL;
int ret = -1;
NTSTATUS status;
- struct user_auth_info *ai = c->auth_info;
if (c->display_usage) {
d_printf("Usage:\n"
@@ -2346,10 +2346,10 @@ static int net_ads_kerberos_kinit(struct net_context
*c, int argc, const char **
goto out;
}
- set_cmdline_auth_info_getpass(ai);
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
- ret = kerberos_kinit_password_ext(get_cmdline_auth_info_username(ai),
- get_cmdline_auth_info_password(ai),
+ ret = kerberos_kinit_password_ext(c->opt_user_name,
+ c->opt_password,
0,
NULL,
NULL,
diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c
index a13f52c..4010797 100644
--- a/source3/utils/net_dom.c
+++ b/source3/utils/net_dom.c
@@ -368,11 +368,9 @@ int net_dom(struct net_context *c, int argc, const char
**argv)
return -1;
}
- libnetapi_set_username(c->netapi_ctx,
- get_cmdline_auth_info_username(c->auth_info));
- libnetapi_set_password(c->netapi_ctx,
- get_cmdline_auth_info_password(c->auth_info));
- if (get_cmdline_auth_info_use_kerberos(c->auth_info)) {
+ libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
+ libnetapi_set_password(c->netapi_ctx, c->opt_password);
+ if (c->opt_kerberos) {
libnetapi_set_use_kerberos(c->netapi_ctx);
}
diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c
index 5a17079..0502373 100644
--- a/source3/utils/net_help.c
+++ b/source3/utils/net_help.c
@@ -65,6 +65,5 @@ int net_help(struct net_context *c, int argc, const char
**argv)
}
c->display_usage = true;
- set_cmdline_auth_info_password(c->auth_info, "");
return net_run_function(c, argc, argv, "net help", func);
}
diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
index 8a09147..75ac032 100644
--- a/source3/utils/net_proto.h
+++ b/source3/utils/net_proto.h
@@ -459,6 +459,8 @@ NTSTATUS connect_to_ipc_krb5(struct net_context *c,
NTSTATUS connect_dst_pipe(struct net_context *c, struct cli_state **cli_dst,
struct rpc_pipe_client **pp_pipe_hnd,
const struct ndr_syntax_id *interface);
+int net_use_krb_machine_account(struct net_context *c);
+int net_use_machine_account(struct net_context *c);
bool net_find_server(struct net_context *c,
const char *domain,
unsigned flags,
@@ -473,6 +475,7 @@ NTSTATUS net_make_ipc_connection_ex(struct net_context *c
,const char *domain,
const char *server,
struct sockaddr_storage *pss,
--
Samba Shared Repository
