📄 credentials.c
字号:
* Obtain the 'short' or 'NetBIOS' domain for this credentials context. * @param cred credentials context * @retval The domain set on this context. * @note Return value will never be NULL except by programmer error. */_PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred){ if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, cred->machine_account_pending_lp_ctx); } if (cred->domain_obtained == CRED_CALLBACK && !cred->callback_running) { cred->callback_running = true; cred->domain = cred->domain_cb(cred); cred->callback_running = false; cred->domain_obtained = CRED_SPECIFIED; cli_credentials_invalidate_ccache(cred, cred->domain_obtained); } return cred->domain;}_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained){ if (obtained >= cred->domain_obtained) { /* it is important that the domain be in upper case, * particularly for the sensitive NTLMv2 * calculations */ cred->domain = strupper_talloc(cred, val); cred->domain_obtained = obtained; cli_credentials_invalidate_ccache(cred, cred->domain_obtained); return true; } return false;}bool cli_credentials_set_domain_callback(struct cli_credentials *cred, const char *(*domain_cb) (struct cli_credentials *)){ if (cred->domain_obtained < CRED_CALLBACK) { cred->domain_cb = domain_cb; cred->domain_obtained = CRED_CALLBACK; return true; } return false;}/** * Obtain the Kerberos realm for this credentials context. * @param cred credentials context * @retval The realm set on this context. * @note Return value will never be NULL except by programmer error. */_PUBLIC_ const char *cli_credentials_get_realm(struct cli_credentials *cred){ if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, cred->machine_account_pending_lp_ctx); } if (cred->realm_obtained == CRED_CALLBACK && !cred->callback_running) { cred->callback_running = true; cred->realm = cred->realm_cb(cred); cred->callback_running = false; cred->realm_obtained = CRED_SPECIFIED; cli_credentials_invalidate_ccache(cred, cred->realm_obtained); } return cred->realm;}/** * Set the realm for this credentials context, and force it to * uppercase for the sainity of our local kerberos libraries */_PUBLIC_ bool cli_credentials_set_realm(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained){ if (obtained >= cred->realm_obtained) { cred->realm = strupper_talloc(cred, val); cred->realm_obtained = obtained; cli_credentials_invalidate_ccache(cred, cred->realm_obtained); return true; } return false;}bool cli_credentials_set_realm_callback(struct cli_credentials *cred, const char *(*realm_cb) (struct cli_credentials *)){ if (cred->realm_obtained < CRED_CALLBACK) { cred->realm_cb = realm_cb; cred->realm_obtained = CRED_CALLBACK; return true; } return false;}/** * Obtain the 'short' or 'NetBIOS' workstation name for this credentials context. * * @param cred credentials context * @retval The workstation name set on this context. * @note Return value will never be NULL except by programmer error. */_PUBLIC_ const char *cli_credentials_get_workstation(struct cli_credentials *cred){ if (cred->workstation_obtained == CRED_CALLBACK && !cred->callback_running) { cred->callback_running = true; cred->workstation = cred->workstation_cb(cred); cred->callback_running = false; cred->workstation_obtained = CRED_SPECIFIED; } return cred->workstation;}_PUBLIC_ bool cli_credentials_set_workstation(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained){ if (obtained >= cred->workstation_obtained) { cred->workstation = talloc_strdup(cred, val); cred->workstation_obtained = obtained; return true; } return false;}bool cli_credentials_set_workstation_callback(struct cli_credentials *cred, const char *(*workstation_cb) (struct cli_credentials *)){ if (cred->workstation_obtained < CRED_CALLBACK) { cred->workstation_cb = workstation_cb; cred->workstation_obtained = CRED_CALLBACK; return true; } return false;}/** * Given a string, typically obtained from a -U argument, parse it into domain, username, realm and password fields * * The format accepted is [domain\\]user[%password] or user[@realm][%password] * * @param credentials Credentials structure on which to set the password * @param data the string containing the username, password etc * @param obtained This enum describes how 'specified' this password is */_PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained){ char *uname, *p; if (strcmp("%",data) == 0) { cli_credentials_set_anonymous(credentials); return; } uname = talloc_strdup(credentials, data); if ((p = strchr_m(uname,'%'))) { *p = 0; cli_credentials_set_password(credentials, p+1, obtained); } if ((p = strchr_m(uname,'@'))) { cli_credentials_set_principal(credentials, uname, obtained); *p = 0; cli_credentials_set_realm(credentials, p+1, obtained); return; } else if ((p = strchr_m(uname,'\\')) || (p = strchr_m(uname, '/'))) { *p = 0; cli_credentials_set_domain(credentials, uname, obtained); uname = p+1; } cli_credentials_set_username(credentials, uname, obtained);}/** * Given a a credentials structure, print it as a string * * The format output is [domain\\]user[%password] or user[@realm][%password] * * @param credentials Credentials structure on which to set the password * @param mem_ctx The memory context to place the result on */_PUBLIC_ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx){ const char *bind_dn = cli_credentials_get_bind_dn(credentials); const char *domain; const char *username; const char *name; if (bind_dn) { name = talloc_reference(mem_ctx, bind_dn); } else { cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, &username, &domain); if (domain && domain[0]) { name = talloc_asprintf(mem_ctx, "%s\\%s", domain, username); } else { name = talloc_asprintf(mem_ctx, "%s", username); } } return name;}/** * Specifies default values for domain, workstation and realm * from the smb.conf configuration file * * @param cred Credentials structure to fill in */_PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred, struct loadparm_context *lp_ctx){ cli_credentials_set_username(cred, "", CRED_UNINITIALISED); cli_credentials_set_domain(cred, lp_workgroup(lp_ctx), CRED_UNINITIALISED); cli_credentials_set_workstation(cred, lp_netbios_name(lp_ctx), CRED_UNINITIALISED); cli_credentials_set_realm(cred, lp_realm(lp_ctx), CRED_UNINITIALISED);}/** * Guess defaults for credentials from environment variables, * and from the configuration file * * @param cred Credentials structure to fill in */_PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred, struct loadparm_context *lp_ctx){ char *p; if (lp_ctx != NULL) { cli_credentials_set_conf(cred, lp_ctx); } if (getenv("LOGNAME")) { cli_credentials_set_username(cred, getenv("LOGNAME"), CRED_GUESS_ENV); } if (getenv("USER")) { cli_credentials_parse_string(cred, getenv("USER"), CRED_GUESS_ENV); if ((p = strchr_m(getenv("USER"),'%'))) { memset(p,0,strlen(cred->password)); } } if (getenv("PASSWD")) { cli_credentials_set_password(cred, getenv("PASSWD"), CRED_GUESS_ENV); } if (getenv("PASSWD_FD")) { cli_credentials_parse_password_fd(cred, atoi(getenv("PASSWD_FD")), CRED_GUESS_FILE); } p = getenv("PASSWD_FILE"); if (p && p[0]) { cli_credentials_parse_password_file(cred, p, CRED_GUESS_FILE); } if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) { cli_credentials_set_ccache(cred, event_context_find(cred), lp_ctx, NULL, CRED_GUESS_FILE); }}/** * Attach NETLOGON credentials for use with SCHANNEL */_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, struct creds_CredentialState *netlogon_creds){ cred->netlogon_creds = talloc_reference(cred, netlogon_creds);}/** * Return attached NETLOGON credentials */struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred){ return cred->netlogon_creds;}/** * Set NETLOGON secure channel type */_PUBLIC_ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, enum netr_SchannelType secure_channel_type){ cred->secure_channel_type = secure_channel_type;}/** * Return NETLOGON secure chanel type */_PUBLIC_ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred){ return cred->secure_channel_type;}/** * Fill in a credentials structure as the anonymous user */_PUBLIC_ void cli_credentials_set_anonymous(struct cli_credentials *cred) { cli_credentials_set_username(cred, "", CRED_SPECIFIED); cli_credentials_set_domain(cred, "", CRED_SPECIFIED); cli_credentials_set_password(cred, NULL, CRED_SPECIFIED); cli_credentials_set_realm(cred, NULL, CRED_SPECIFIED); cli_credentials_set_workstation(cred, "", CRED_UNINITIALISED);}/** * Describe a credentials context as anonymous or authenticated * @retval true if anonymous, false if a username is specified */_PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred){ const char *username; if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, cred->machine_account_pending_lp_ctx); } username = cli_credentials_get_username(cred); /* Yes, it is deliberate that we die if we have a NULL pointer * here - anonymous is "", not NULL, which is 'never specified, * never guessed', ie programmer bug */ if (!username[0]) { return true; } return false;}/** * Mark the current password for a credentials struct as wrong. This will * cause the password to be prompted again (if a callback is set). * * This will decrement the number of times the password can be tried. * * @retval whether the credentials struct is finished */_PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred){ if (cred->password_obtained != CRED_CALLBACK_RESULT) { return false; } cred->password_obtained = CRED_CALLBACK; cred->tries--; return (cred->tries > 0);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -