[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-2271-g7460ed9
Michael Adam
ma at sernet.de
Tue May 6 07:26:07 GMT 2008
Hi Jeremy,
I am not completely sure how you produced that commit,
the commit message looks kind of strange anyways.
But are you aware that you can just pick one commit from
one branch to another by simply issuing
"git cherry-pick [-x] d077ef64cd1d9bbaeb936566c2c70da508de829f"
in the target branch?
Cheers - Michael
Jeremy Allison wrote:
> The branch, v3-2-test has been updated
> via 7460ed9a2773e374cae4eac0750759fc2f3fcb20 (commit)
> from f4b38c07515b02265591d20b9ec9f77cf81fa9c2 (commit)
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
>
>
> - Log -----------------------------------------------------------------
> commit 7460ed9a2773e374cae4eac0750759fc2f3fcb20
> Author: Günther Deschner <gd at samba.org>
> Date: Mon May 5 10:00:37 2008 -0500
>
> Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2279-gd077ef6
>
> The branch, v3-3-test has been updated
> via d077ef64cd1d9bbaeb936566c2c70da508de829f (commit)
> from 6e0e0cb8dd6f57de36c041e2ba4b82feeb357ce8 (commit)
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
>
> - Log -----------------------------------------------------------------
> commit d077ef64cd1d9bbaeb936566c2c70da508de829f
> Author: Günther Deschner <gd at samba.org>
> Date: Mon May 5 16:58:24 2008 +0200
>
> Fix client authentication with -P switch in client tools (Bug 5435).
>
> Guenther
>
> -----------------------------------------------------------------------
>
> Summary of changes:
> source/client/client.c | 5 ++++
> source/include/popt_common.h | 1 +
> source/lib/popt_common.c | 30 +------------------------
> source/lib/util.c | 49 +++++++++++++++++++++++++++++++++++++++++-
> source/libsmb/cliconnect.c | 22 +++++++++++++++++-
> source/rpcclient/rpcclient.c | 15 ++++++++++++-
> source/utils/smbcacls.c | 14 +++++++++++-
> source/utils/smbcquotas.c | 15 ++++++++++++-
> source/utils/smbtree.c | 6 +++++
> 9 files changed, 122 insertions(+), 35 deletions(-)
>
> Changeset truncated at 500 lines:
>
> -----------------------------------------------------------------------
>
> Summary of changes:
> source/client/client.c | 5 ++++
> source/include/popt_common.h | 1 +
> source/lib/popt_common.c | 30 +------------------------
> source/lib/util.c | 49 +++++++++++++++++++++++++++++++++++++++++-
> source/libsmb/cliconnect.c | 22 +++++++++++++++++-
> source/rpcclient/rpcclient.c | 15 ++++++++++++-
> source/utils/smbcacls.c | 14 +++++++++++-
> source/utils/smbcquotas.c | 15 ++++++++++++-
> source/utils/smbtree.c | 6 +++++
> 9 files changed, 122 insertions(+), 35 deletions(-)
>
>
> Changeset truncated at 500 lines:
>
> diff --git a/source/client/client.c b/source/client/client.c
> index 276ffb9..e08fa89 100644
> --- a/source/client/client.c
> +++ b/source/client/client.c
> @@ -4875,6 +4875,11 @@ static int do_message_op(void)
> argv[0], get_dyn_CONFIGFILE());
> }
>
> + if (get_cmdline_auth_info_use_machine_account() &&
> + !set_cmdline_auth_info_machine_account_creds()) {
> + exit(-1);
> + }
> +
> load_interfaces();
>
> if (service_opt && service) {
> diff --git a/source/include/popt_common.h b/source/include/popt_common.h
> index 9e5503f..c889d2e 100644
> --- a/source/include/popt_common.h
> +++ b/source/include/popt_common.h
> @@ -50,6 +50,7 @@ struct user_auth_info {
> bool use_kerberos;
> int signing_state;
> bool smb_encrypt;
> + bool use_machine_account;
> };
>
> #endif /* _POPT_COMMON_H */
> diff --git a/source/lib/popt_common.c b/source/lib/popt_common.c
> index 8f0f7c6..25e41ab 100644
> --- a/source/lib/popt_common.c
> +++ b/source/lib/popt_common.c
> @@ -514,35 +514,7 @@ static void popt_common_credentials_callback(poptContext con,
> }
> break;
> case 'P':
> - {
> - char *opt_password = NULL;
> - char *pwd = NULL;
> -
> - /* it is very useful to be able to make ads queries as the
> - machine account for testing purposes and for domain leave */
> -
> - if (!secrets_init()) {
> - d_printf("ERROR: Unable to open secrets database\n");
> - exit(1);
> - }
> -
> - opt_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
> -
> - if (!opt_password) {
> - d_printf("ERROR: Unable to fetch machine password\n");
> - exit(1);
> - }
> - if (asprintf(&pwd, "%s$", global_myname()) < 0) {
> - exit(ENOMEM);
> - }
> - set_cmdline_auth_info_username(pwd);
> - set_cmdline_auth_info_password(opt_password);
> - SAFE_FREE(pwd);
> - SAFE_FREE(opt_password);
> -
> - /* machine accounts only work with kerberos */
> - set_cmdline_auth_info_use_krb5_ticket();
> - }
> + set_cmdline_auth_info_use_machine_account();
> break;
> case 'N':
> set_cmdline_auth_info_password("");
> diff --git a/source/lib/util.c b/source/lib/util.c
> index 953981e..5f95bcc 100644
> --- a/source/lib/util.c
> +++ b/source/lib/util.c
> @@ -291,7 +291,8 @@ static struct user_auth_info cmdline_auth_info = {
> false, /* got_pass */
> false, /* use_kerberos */
> Undefined, /* signing state */
> - false /* smb_encrypt */
> + false, /* smb_encrypt */
> + false /* use machine account */
> };
>
> const char *get_cmdline_auth_info_username(void)
> @@ -370,6 +371,11 @@ void set_cmdline_auth_info_smb_encrypt(void)
> cmdline_auth_info.smb_encrypt = true;
> }
>
> +void set_cmdline_auth_info_use_machine_account(void)
> +{
> + cmdline_auth_info.use_machine_account = true;
> +}
> +
> bool get_cmdline_auth_info_got_pass(void)
> {
> return cmdline_auth_info.got_pass;
> @@ -380,6 +386,11 @@ bool get_cmdline_auth_info_smb_encrypt(void)
> return cmdline_auth_info.smb_encrypt;
> }
>
> +bool get_cmdline_auth_info_use_machine_account(void)
> +{
> + return cmdline_auth_info.use_machine_account;
> +}
> +
> bool get_cmdline_auth_info_copy(struct user_auth_info *info)
> {
> *info = cmdline_auth_info;
> @@ -392,6 +403,42 @@ bool get_cmdline_auth_info_copy(struct user_auth_info *info)
> return true;
> }
>
> +bool set_cmdline_auth_info_machine_account_creds(void)
> +{
> + char *pass = NULL;
> + char *account = NULL;
> +
> + if (!get_cmdline_auth_info_use_machine_account()) {
> + return false;
> + }
> +
> + if (!secrets_init()) {
> + d_printf("ERROR: Unable to open secrets database\n");
> + return false;
> + }
> +
> + if (asprintf(&account, "%s$@%s", global_myname(), lp_realm()) < 0) {
> + return false;
> + }
> +
> + pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
> + if (!pass) {
> + d_printf("ERROR: Unable to fetch machine password for "
> + "%s in domain %s\n",
> + account, lp_workgroup());
> + SAFE_FREE(account);
> + return false;
> + }
> +
> + set_cmdline_auth_info_username(account);
> + set_cmdline_auth_info_password(pass);
> +
> + SAFE_FREE(account);
> + SAFE_FREE(pass);
> +
> + return true;
> +}
> +
> /**************************************************************************n
> Find a suitable temporary directory. The result should be copied immediately
> as it may be overwritten by a subsequent call.
> diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
> index 949bca7..e0c18d8 100644
> --- a/source/libsmb/cliconnect.c
> +++ b/source/libsmb/cliconnect.c
> @@ -795,6 +795,8 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
> int i;
> bool got_kerberos_mechanism = False;
> DATA_BLOB blob;
> + const char *p = NULL;
> + char *account = NULL;
>
> DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
>
> @@ -925,7 +927,17 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
>
> ntlmssp:
>
> - return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass, domain));
> + account = talloc_strdup(talloc_tos(), user);
> + ADS_ERROR_HAVE_NO_MEMORY(account);
> +
> + /* when falling back to ntlmssp while authenticating with a machine
> + * account strip off the realm - gd */
> +
> + if ((p = strchr_m(user, '@')) != NULL) {
> + account[PTR_DIFF(p,user)] = '\0';
> + }
> +
> + return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, domain));
> }
>
> /****************************************************************************
> @@ -1869,12 +1881,18 @@ struct cli_state *get_ipc_connect(char *server,
> {
> struct cli_state *cli;
> NTSTATUS nt_status;
> + uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
> +
> + if (user_info->use_kerberos) {
> + flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
> + }
>
> nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
> user_info->username ? user_info->username : "",
> lp_workgroup(),
> user_info->password ? user_info->password : "",
> - CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK, Undefined, NULL);
> + flags,
> + Undefined, NULL);
>
> if (NT_STATUS_IS_OK(nt_status)) {
> return cli;
> diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c
> index 52dba22..19026fe 100644
> --- a/source/rpcclient/rpcclient.c
> +++ b/source/rpcclient/rpcclient.c
> @@ -734,6 +734,7 @@ out_free:
> fstring new_workgroup;
> int result = 0;
> TALLOC_CTX *frame = talloc_stackframe();
> + uint32_t flags = 0;
>
> /* make sure the vars that get altered (4th field) are in
> a fixed location or certain compilers complain */
> @@ -825,6 +826,12 @@ out_free:
> * from stdin if necessary
> */
>
> + if (get_cmdline_auth_info_use_machine_account() &&
> + !set_cmdline_auth_info_machine_account_creds()) {
> + result = 1;
> + goto done;
> + }
> +
> if (!get_cmdline_auth_info_got_pass()) {
> char *pass = getpass("Password:");
> if (pass) {
> @@ -837,13 +844,19 @@ out_free:
> server += 2;
> }
>
> + if (get_cmdline_auth_info_use_kerberos()) {
> + flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
> + CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
> + }
> +
> +
> nt_status = cli_full_connection(&cli, global_myname(), server,
> opt_ipaddr ? &server_ss : NULL, opt_port,
> "IPC$", "IPC",
> get_cmdline_auth_info_username(),
> lp_workgroup(),
> get_cmdline_auth_info_password(),
> - get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
> + flags,
> get_cmdline_auth_info_signing_state(),NULL);
>
> if (!NT_STATUS_IS_OK(nt_status)) {
> diff --git a/source/utils/smbcacls.c b/source/utils/smbcacls.c
> index 134f561..97d194a 100644
> --- a/source/utils/smbcacls.c
> +++ b/source/utils/smbcacls.c
> @@ -825,8 +825,20 @@ static struct cli_state *connect_one(const char *server, const char *share)
> struct cli_state *c = NULL;
> struct sockaddr_storage ss;
> NTSTATUS nt_status;
> + uint32_t flags = 0;
> +
> zero_addr(&ss);
>
> + if (get_cmdline_auth_info_use_kerberos()) {
> + flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
> + CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
> + }
> +
> + if (get_cmdline_auth_info_use_machine_account() &&
> + !set_cmdline_auth_info_machine_account_creds()) {
> + return NULL;
> + }
> +
> if (!get_cmdline_auth_info_got_pass()) {
> char *pass = getpass("Password: ");
> if (pass) {
> @@ -840,7 +852,7 @@ static struct cli_state *connect_one(const char *server, const char *share)
> get_cmdline_auth_info_username(),
> lp_workgroup(),
> get_cmdline_auth_info_password(),
> - get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
> + flags,
> get_cmdline_auth_info_signing_state(),
> NULL);
> if (!NT_STATUS_IS_OK(nt_status)) {
> diff --git a/source/utils/smbcquotas.c b/source/utils/smbcquotas.c
> index 508a2dc..a73c3b4 100644
> --- a/source/utils/smbcquotas.c
> +++ b/source/utils/smbcquotas.c
> @@ -371,8 +371,21 @@ static struct cli_state *connect_one(const char *share)
> struct cli_state *c;
> struct sockaddr_storage ss;
> NTSTATUS nt_status;
> + uint32_t flags = 0;
> +
> zero_addr(&ss);
>
> + if (get_cmdline_auth_info_use_machine_account() &&
> + !set_cmdline_auth_info_machine_account_creds()) {
> + return NULL;
> + }
> +
> + if (get_cmdline_auth_info_use_kerberos()) {
> + flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
> + CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
> +
> + }
> +
> if (!get_cmdline_auth_info_got_pass()) {
> char *pass = getpass("Password: ");
> if (pass) {
> @@ -386,7 +399,7 @@ static struct cli_state *connect_one(const char *share)
> get_cmdline_auth_info_username(),
> lp_workgroup(),
> get_cmdline_auth_info_password(),
> - 0,
> + flags,
> get_cmdline_auth_info_signing_state(),
> NULL);
> if (!NT_STATUS_IS_OK(nt_status)) {
> diff --git a/source/utils/smbtree.c b/source/utils/smbtree.c
> index 48eae5a..b070c0e 100644
> --- a/source/utils/smbtree.c
> +++ b/source/utils/smbtree.c
> @@ -302,6 +302,12 @@ static bool print_tree(struct user_auth_info *user_info)
>
> /* Parse command line args */
>
> + if (get_cmdline_auth_info_use_machine_account() &&
> + !set_cmdline_auth_info_machine_account_creds()) {
> + TALLOC_FREE(frame);
> + return 1;
> + }
> +
> if (!get_cmdline_auth_info_got_pass()) {
> char *pass = getpass("Password: ");
> if (pass) {
>
>
> --
> Samba Shared Repository
--
Michael Adam <ma at sernet.de> <obnox at samba.org>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080506/78507c9f/attachment.bin
More information about the samba-technical
mailing list