More patches for smbclient SMB2/3 problems...
Jeremy Allison
jra at samba.org
Thu Aug 17 21:18:25 UTC 2017
On Thu, Aug 17, 2017 at 01:05:12AM +0200, Stefan Metzmacher wrote:
> Hi Jeremy,
>
> here's some more patches I have in my tree.
> I haven't done much testing with them yet.
>
> I'll start a private autobuild now.
>
> metze
> From c7b7bd9fa12f614469c6447047b3f8e6f534fdee Mon Sep 17 00:00:00 2001
> From: Stefan Metzmacher <metze at samba.org>
> Date: Sat, 8 Jul 2017 00:57:59 +0200
> Subject: [PATCH 1/5] s3:libsmb: let get_ipc_connect() use
> CLI_FULL_CONNECTION_FORCE_SMB1
>
> get_ipc_connect() is only used for calling cli_NetServerEnum().
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876
FYI. This isn't actually true - there is a path
inside source3/utils/smbtree.c inside get_shares()
where get_ipc_connect() is used before calling
get_rpc_shares(), which uses dcerpc_srvsvc_NetShareEnumAll(),
not cli_NetServerEnum() to enumerate shares.
Having said that get_shares() is only called
after get_workgroups() returns true, and
get_workgroups() uses old-style NetBIOS broadcast
and cli_NetServerEnum() to get the server list,
so it can't work without SMB1.
Might change the commit comment to record this though...
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> ---
> source3/libsmb/cliconnect.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
> index d98debc..91fd18b 100644
> --- a/source3/libsmb/cliconnect.c
> +++ b/source3/libsmb/cliconnect.c
> @@ -3746,6 +3746,8 @@ struct cli_state *get_ipc_connect(char *server,
> flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
> }
>
> + flags |= CLI_FULL_CONNECTION_FORCE_SMB1;
> +
> nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
> get_cmdline_auth_info_username(user_info),
> lp_workgroup(),
> --
> 1.9.1
>
>
> From 3fcc81ffb9f261dcb22292626f71f5a3d2ff3f24 Mon Sep 17 00:00:00 2001
> From: Stefan Metzmacher <metze at samba.org>
> Date: Wed, 16 Aug 2017 08:55:43 +0200
> Subject: [PATCH 2/5] s3:smbclient: improve the error messages for smbclient -L
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863
>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> ---
> source3/client/client.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/source3/client/client.c b/source3/client/client.c
> index 83d9b9d..5897cec 100644
> --- a/source3/client/client.c
> +++ b/source3/client/client.c
> @@ -5830,6 +5830,7 @@ static int do_host_query(const char *query_host)
> }
>
> if (lp_disable_netbios()) {
> + d_printf("NetBIOS over TCP disabled -- no workgroup available\n");
> goto out;
> }
>
> @@ -5844,21 +5845,19 @@ static int do_host_query(const char *query_host)
> */
>
> cli_shutdown(cli);
> + d_printf("Reconnecting with SMB1 for workgroup listing.\n");
> status = cli_cm_open(talloc_tos(), NULL,
> have_ip ? dest_ss_str : query_host,
> "IPC$", popt_get_cmdline_auth_info(),
> smb_encrypt, max_proto,
> NBT_SMB_PORT, name_type, &cli);
> if (!NT_STATUS_IS_OK(status)) {
> - cli = NULL;
> + d_printf("Failed to connect with SMB1 "
> + "-- no workgroup available\n");
> + return 0;
> }
> }
>
> - if (cli == NULL) {
> - d_printf("NetBIOS over TCP disabled -- no workgroup available\n");
> - return 0;
> - }
> -
> cli_set_timeout(cli, io_timeout*1000);
> list_servers(lp_workgroup());
> out:
> --
> 1.9.1
>
>
> From 7bfc8552b76a837687bfbf3319874fc010797c84 Mon Sep 17 00:00:00 2001
> From: Stefan Metzmacher <metze at samba.org>
> Date: Wed, 16 Aug 2017 08:56:39 +0200
> Subject: [PATCH 3/5] s3:smbclient: don't try any workgroup listing with
> "client min protocol = SMB2"
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863
>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> ---
> source3/client/client.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/source3/client/client.c b/source3/client/client.c
> index 5897cec..5ef9ad5 100644
> --- a/source3/client/client.c
> +++ b/source3/client/client.c
> @@ -5829,6 +5829,11 @@ static int do_host_query(const char *query_host)
> }
> }
>
> + if (lp_client_min_protocol() > PROTOCOL_NT1) {
> + d_printf("SMB1 disabled -- no workgroup available\n");
> + goto out;
> + }
> +
> if (lp_disable_netbios()) {
> d_printf("NetBIOS over TCP disabled -- no workgroup available\n");
> goto out;
> --
> 1.9.1
>
>
> From 7f8c5b32c3ccc140c0ef6aa3bd75fd4182dbf8c5 Mon Sep 17 00:00:00 2001
> From: Stefan Metzmacher <metze at samba.org>
> Date: Wed, 16 Aug 2017 12:38:30 +0200
> Subject: [PATCH 4/5] s3:libsmb: don't call cli_NetServerEnum() on SMB2/3
> connections in SMBC_opendir_ctx()
>
> This is all we can do with when using we allow SMB2/3 and the server supports
> it, 'smb://' can't work unless we implement LLMNR and maybe WSD.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876
>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> ---
> source3/libsmb/libsmb_dir.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c
> index 8038584..72441c4 100644
> --- a/source3/libsmb/libsmb_dir.c
> +++ b/source3/libsmb/libsmb_dir.c
> @@ -590,6 +590,10 @@ SMBC_opendir_ctx(SMBCCTX *context,
> continue;
> }
>
> + if (smbXcli_conn_protocol(srv->cli->conn) > PROTOCOL_NT1) {
> + continue;
> + }
> +
> dir->srv = srv;
> dir->dir_type = SMBC_WORKGROUP;
>
> @@ -704,6 +708,15 @@ SMBC_opendir_ctx(SMBCCTX *context,
>
> dir->srv = srv;
>
> + if (smbXcli_conn_protocol(srv->cli->conn) > PROTOCOL_NT1) {
> + if (dir) {
> + SAFE_FREE(dir->fname);
> + SAFE_FREE(dir);
> + }
> + TALLOC_FREE(frame);
> + return NULL;
> + }
> +
> /* Now, list the servers ... */
> if (!cli_NetServerEnum(srv->cli, wgroup,
> 0x0000FFFE, list_fn,
> --
> 1.9.1
>
>
> From 92b52b36025bb394d49d89056cf8d48da2b0d393 Mon Sep 17 00:00:00 2001
> From: Stefan Metzmacher <metze at samba.org>
> Date: Wed, 16 Aug 2017 12:42:48 +0200
> Subject: [PATCH 5/5] s3:libsmb: let do_connect() debug the negotiation result
> similar to "session request ok"
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12881
>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> ---
> source3/libsmb/clidfs.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
> index b740007..5cc220a 100644
> --- a/source3/libsmb/clidfs.c
> +++ b/source3/libsmb/clidfs.c
> @@ -149,6 +149,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
> const char *domain;
> NTSTATUS status;
> int flags = 0;
> + enum protocol_types protocol = PROTOCOL_NONE;
> int signing_state = get_cmdline_auth_info_signing_state(auth_info);
> struct cli_credentials *creds = NULL;
>
> @@ -204,7 +205,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
> }
>
> if (max_protocol == 0) {
> - max_protocol = PROTOCOL_NT1;
> + max_protocol = PROTOCOL_LATEST;
> }
> DEBUG(4,(" session request ok\n"));
>
> @@ -218,8 +219,12 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
> cli_shutdown(c);
> return status;
> }
> + protocol = smbXcli_conn_protocol(c->conn);
> + DEBUG(4,(" negotiated dialect[%s] against server[%s]\n",
> + smb_protocol_types_string(protocol),
> + smbXcli_conn_remote_name(c->conn)));
>
> - if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
> + if (protocol >= PROTOCOL_SMB2_02) {
> /* Ensure we ask for some initial credits. */
> smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
> }
> --
> 1.9.1
>
More information about the samba-technical
mailing list