[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-unstable-1109-g0475bdc
Jeremy Allison
jra at samba.org
Sat Jan 5 09:03:58 GMT 2008
The branch, v3-2-test has been updated
via 0475bdcf44d21bbdefb57f15d403c91c44d8d90a (commit)
via 07d47996f9535731ccdc1792c405c8bee1a082ae (commit)
via f97b1247c1053f47aef64be95ab9b3c3d8702c8a (commit)
via ef1bbcdfb98da185c07005dd7810039f99f0685f (commit)
from 7b0826aeec284fb129dc1101a5eae2ca96c7cfb6 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 0475bdcf44d21bbdefb57f15d403c91c44d8d90a
Author: Jeremy Allison <jra at samba.org>
Date: Sat Jan 5 00:51:50 2008 -0800
Add -e to smbget.
Jeremy.
commit 07d47996f9535731ccdc1792c405c8bee1a082ae
Author: Jeremy Allison <jra at samba.org>
Date: Sat Jan 5 00:51:18 2008 -0800
Add the options smb_encrypt_level to set the requested
encrypt level and smb_encrypt_on to query it.
Jeremy.
commit f97b1247c1053f47aef64be95ab9b3c3d8702c8a
Author: Jeremy Allison <jra at samba.org>
Date: Sat Jan 5 00:50:03 2008 -0800
Fix -e for smbcquotas.
Jeremy.
commit ef1bbcdfb98da185c07005dd7810039f99f0685f
Author: Jeremy Allison <jra at samba.org>
Date: Sat Jan 5 00:46:04 2008 -0800
Use the common -e option not the custom one.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/client/client.c | 2 +-
source/include/libsmb_internal.h | 7 +++
source/libsmb/libsmbclient.c | 98 ++++++++++++++++++++++++++++++++++++++
source/utils/smbcquotas.c | 35 +++++++++----
source/utils/smbget.c | 12 +++++
5 files changed, 142 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/client/client.c b/source/client/client.c
index a5e4a38..46f0560 100644
--- a/source/client/client.c
+++ b/source/client/client.c
@@ -4598,7 +4598,6 @@ static int do_message_op(void)
{ "port", 'p', POPT_ARG_INT, &port, 'p', "Port to connect to", "PORT" },
{ "grepable", 'g', POPT_ARG_NONE, NULL, 'g', "Produce grepable output" },
{ "browse", 'B', POPT_ARG_NONE, NULL, 'B', "Browse SMB servers using DNS" },
- { "encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
POPT_COMMON_SAMBA
POPT_COMMON_CONNECTION
POPT_COMMON_CREDENTIALS
@@ -4834,6 +4833,7 @@ static int do_message_op(void)
calling_name = talloc_strdup(frame, global_myname() );
}
+ smb_encrypt = get_cmdline_auth_info_smb_encrypt();
init_names();
if(new_name_resolve_order)
diff --git a/source/include/libsmb_internal.h b/source/include/libsmb_internal.h
index 19a3edc..dbc1154 100644
--- a/source/include/libsmb_internal.h
+++ b/source/include/libsmb_internal.h
@@ -106,6 +106,13 @@ struct smbc_internal_data {
* and retrieved with smbc_option_set() and smbc_option_get().
*/
void * _user_data;
+
+ /*
+ * Should we attempt UNIX smb encryption ?
+ * Set to 0 if we should never attempt, set to 1 if
+ * encryption requested, set to 2 if encryption required.
+ */
+ int _smb_encryption_level;
};
diff --git a/source/libsmb/libsmbclient.c b/source/libsmb/libsmbclient.c
index 2ff2830..da8f1e3 100644
--- a/source/libsmb/libsmbclient.c
+++ b/source/libsmb/libsmbclient.c
@@ -6,6 +6,7 @@
Copyright (C) John Terpstra 2000
Copyright (C) Tom Jansen (Ninja ISD) 2002
Copyright (C) Derrell Lipman 2003, 2004
+ Copyright (C) Jeremy Allison 2007, 2008
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -739,6 +740,12 @@ smbc_server(SMBCCTX *context,
password, strlen(password)+1);
}
+ /*
+ * We don't need to renegotiate encryption
+ * here as the encryption context is not per
+ * tid.
+ */
+
if (! cli_send_tconX(srv->cli, share, "?????",
password, strlen(password)+1)) {
@@ -903,6 +910,30 @@ smbc_server(SMBCCTX *context,
DEBUG(4,(" tconx ok\n"));
+ if (context->internal->_smb_encryption_level) {
+ /* Attempt UNIX smb encryption. */
+ if (!NT_STATUS_IS_OK(cli_force_encryption(c,
+ username_used,
+ password,
+ workgroup))) {
+
+ /*
+ * context->internal->_smb_encryption_level == 1
+ * means don't fail if encryption can't be negotiated,
+ * == 2 means fail if encryption can't be negotiated.
+ */
+
+ DEBUG(4,(" SMB encrypt failed\n"));
+
+ if (context->internal->_smb_encryption_level == 2) {
+ cli_shutdown(c);
+ errno = EPERM;
+ return NULL;
+ }
+ }
+ DEBUG(4,(" SMB encrypt ok\n"));
+ }
+
/*
* Ok, we have got a nice connection
* Let's allocate a server structure.
@@ -1019,6 +1050,30 @@ smbc_attr_server(SMBCCTX *context,
return NULL;
}
+ if (context->internal->_smb_encryption_level) {
+ /* Attempt UNIX smb encryption. */
+ if (!NT_STATUS_IS_OK(cli_force_encryption(ipc_cli,
+ username,
+ password,
+ workgroup))) {
+
+ /*
+ * context->internal->_smb_encryption_level == 1
+ * means don't fail if encryption can't be negotiated,
+ * == 2 means fail if encryption can't be negotiated.
+ */
+
+ DEBUG(4,(" SMB encrypt failed on IPC$\n"));
+
+ if (context->internal->_smb_encryption_level == 2) {
+ cli_shutdown(ipc_cli);
+ errno = EPERM;
+ return NULL;
+ }
+ }
+ DEBUG(4,(" SMB encrypt ok on IPC$\n"));
+ }
+
ipc_srv = SMB_MALLOC_P(SMBCSRV);
if (!ipc_srv) {
errno = ENOMEM;
@@ -6724,6 +6779,7 @@ smbc_option_set(SMBCCTX *context,
bool b;
smbc_get_auth_data_with_context_fn auth_fn;
void *v;
+ const char *s;
} option_value;
va_start(ap, option_name);
@@ -6772,6 +6828,19 @@ smbc_option_set(SMBCCTX *context,
*/
option_value.v = va_arg(ap, void *);
context->internal->_user_data = option_value.v;
+ } else if (strcmp(option_name, "smb_encrypt_level") == 0) {
+ /*
+ * Save an encoded value for encryption level.
+ * 0 = off, 1 = attempt, 2 = required.
+ */
+ option_value.s = va_arg(ap, const char *);
+ if (strcmp(option_value.s, "none") == 0) {
+ context->internal->_smb_encryption_level = 0;
+ } else if (strcmp(option_value.s, "request") == 0) {
+ context->internal->_smb_encryption_level = 1;
+ } else if (strcmp(option_value.s, "require") == 0) {
+ context->internal->_smb_encryption_level = 2;
+ }
}
va_end(ap);
@@ -6821,6 +6890,35 @@ smbc_option_get(SMBCCTX *context,
* with smbc_option_get()
*/
return context->internal->_user_data;
+ } else if (strcmp(option_name, "smb_encrypt_level") == 0) {
+ /*
+ * Return the current smb encrypt negotiate option as a string.
+ */
+ switch (context->internal->_smb_encryption_level) {
+ case 0:
+ return (void *) "none";
+ case 1:
+ return (void *) "request";
+ case 2:
+ return (void *) "require";
+ }
+ } else if (strcmp(option_name, "smb_encrypt_on") == 0) {
+ /*
+ * Return the current smb encrypt status option as a bool.
+ * false = off, true = on. We don't know what server is
+ * being requested, so we only return true if all servers
+ * are using an encrypted connection.
+ */
+ SMBCSRV *s;
+ unsigned int num_servers = 0;
+
+ for (s = context->internal->_servers; s; s = s->next) {
+ num_servers++;
+ if (s->cli->trans_enc_state == NULL) {
+ return (void *)false;
+ }
+ }
+ return (void *) (bool) (num_servers > 0);
}
return NULL;
diff --git a/source/utils/smbcquotas.c b/source/utils/smbcquotas.c
index e6aa5e8..508a2dc 100644
--- a/source/utils/smbcquotas.c
+++ b/source/utils/smbcquotas.c
@@ -380,20 +380,33 @@ static struct cli_state *connect_one(const char *share)
}
}
- if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname(), server,
- &ss, 0,
- share, "?????",
- get_cmdline_auth_info_username(),
- lp_workgroup(),
- get_cmdline_auth_info_password(),
- 0,
- get_cmdline_auth_info_signing_state(),
- NULL))) {
- return c;
- } else {
+ nt_status = cli_full_connection(&c, global_myname(), server,
+ &ss, 0,
+ share, "?????",
+ get_cmdline_auth_info_username(),
+ lp_workgroup(),
+ get_cmdline_auth_info_password(),
+ 0,
+ get_cmdline_auth_info_signing_state(),
+ NULL);
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));
return NULL;
}
+
+ if (get_cmdline_auth_info_smb_encrypt()) {
+ nt_status = cli_cm_force_encryption(c,
+ get_cmdline_auth_info_username(),
+ get_cmdline_auth_info_password(),
+ lp_workgroup(),
+ share);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ cli_shutdown(c);
+ return NULL;
+ }
+ }
+
+ return c;
}
/****************************************************************************
diff --git a/source/utils/smbget.c b/source/utils/smbget.c
index ac662e6..63b7f48 100644
--- a/source/utils/smbget.c
+++ b/source/utils/smbget.c
@@ -521,9 +521,11 @@ int main(int argc, const char **argv)
int c = 0;
const char *file = NULL;
char *rcfile = NULL;
+ bool smb_encrypt = false;
TALLOC_CTX *frame = talloc_stackframe();
struct poptOption long_options[] = {
{"guest", 'a', POPT_ARG_NONE, NULL, 'a', "Work as user guest" },
+ {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
{"resume", 'r', POPT_ARG_NONE, &_resume, 0, "Automatically resume aborted files" },
{"recursive", 'R', POPT_ARG_NONE, &_recursive, 0, "Recursively download files" },
{"username", 'u', POPT_ARG_STRING, &username, 'u', "Username to use" },
@@ -568,6 +570,9 @@ int main(int argc, const char **argv)
case 'a':
username = ""; password = "";
break;
+ case 'e':
+ smb_encrypt = true;
+ break;
}
}
@@ -586,6 +591,13 @@ int main(int argc, const char **argv)
return 1;
}
+ if (smb_encrypt) {
+ SMBCCTX *smb_ctx = smbc_set_context(NULL);
+ smbc_option_set(smb_ctx,
+ CONST_DISCARD(char *, "smb_encrypt_level"),
+ "require");
+ }
+
columns = get_num_cols();
total_start_time = time(NULL);
--
Samba Shared Repository
More information about the samba-cvs
mailing list