[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Tue Nov 15 13:52:06 UTC 2016
The branch, master has been updated
via 31ee1c5 s3-winbind: Directly pass creds with cli_session_setup_creds()
via 38438fd s3:libsmb: make use of cli_{session_setup,rpc_pipe_open_with}_creds() in passchange.c
via a484a70 s3:client: use cli_session_setup_creds() in smbspool.c
via 5e51f64 s3:client: use cli_session_setup_creds() in client.c cmd_logon()
via 6fe1c8a s3:torture: make use of auth_generic_set_creds() in test_smb2.c
via 6d93c32 s3:torture: make use of cli_session_setup_creds() in test_smb2.c
via 43b987d s3:torture: make use of cli_session_setup_creds() in torture.c
via 23c5fa1 s3:torture: create a global 'torture_creds' cli_credentials structure
via 2aaf3c5 s3:torture: make use of cli_session_creds_init() in masktest.c
via 045bab5 s3:torture: make use of cli_session_setup_anon()
via 6bb917a s3:nmbd: make use of cli_session_setup_anon()
via f70d1cf s3:libsmb: make use of cli_session_setup_anon()
via dafab66 s3:libsmb: make cli_session_creds_init() non-static
via f49b9ad s3:libsmb: add cli_session_setup_anon()
via 3a14eec s3:libsmb: change cli_session_setup_send/recv into cli_session_setup_creds_send/recv
via 32438b7 s3:libsmb: move domain\username magic to cli_session_creds_init()
via fb13eee s3:libsmb: get the plaintext and NTLM authentication details out of cli_credentials
via b64b24a s3:libsmb: move cli_session_creds_init() to cli_session_setup_send()
via 8a4f76e s3:libsmb: move cli_session_setup_get_account into cli_session_creds_init()
via f4cfff3 s3:libsmb: pass cli_credentials to cli_session_setup_gensec_send()
via da5e12e s3:libsmb: split out a cli_session_creds_init() function
via a460e6b s3:libsmb: pass the optional dest_realm via the cli_credentials
via 75b68d0 s3:libsmb: let gensec handle the fallback from krb5 to ntlmssp
via 7512eb5 s3:libsmb: remove target_principal argument from cli_session_setup_gensec_send()
via 721b823 s3:libsmb: always pass the servers gss blob to gensec
via c758df6 s3:libsmb: remove unused cli_session_setup_{lanman2,plain,nt1}*
via a54d250 s3:libsmb: make use of smb1cli_session_setup_{nt1,lm21}_send/recv()
via 9fffec8 s3:libsmb: make use of smb1cli_session_setup_ext_send/recv()
via 5b8ed50 s3:libsmb: handle the spnego as a first action in cli_session_setup_send()
via cb10628 s3:libsmb: add some comments to the noop case for < PROTOCOL_LANMAN1 in cli_session_setup_send()
via c01efce libcli/smb: add smb1cli_session_setup_ext_send/recv()
via 35ed3ee libcli/smb: add smb1cli_session_setup_nt1_send/recv()
via 2182817 libcli/smb: add smb1cli_session_setup_lm21_send/recv()
via 4334f2d libcli/smb: reformat wscript
via 5b0a54d libcli/smb: Add smb_bytes_pull_str() helper function
via 7999e6f libcli/smb: move {smb,trans2}_bytes_push_{str,bytes}() to common code
via 482d3b3 s3:libsmb: let the callers only pass the password string to cli_session_setup[_send]()
via d6d8893 s3:popt_common: simplify popt_common_credentials handling
via d134f57 s3:gse: We need to use the users realm in the target_principal
via 558e78c s4:gensec_gssapi: We need to use the users realm in the target_principal
via fee23c3 auth/credentials: make cli_credentials_get_ntlm_response() more robust
via 02f7906 auth/credentials: anonymous should not have a user principal
from 5462d27 s4-torture: add test for winspool_AsyncGetPrinterDriverDirectory()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 31ee1c5350697516fe44c89c29b51f708d31ff5f
Author: Andreas Schneider <asn at samba.org>
Date: Wed Sep 14 09:19:42 2016 +0200
s3-winbind: Directly pass creds with cli_session_setup_creds()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Nov 15 14:51:02 CET 2016 on sn-devel-144
commit 38438fde2dcd18afb70040a844ea48963201492b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 13:48:23 2016 +0200
s3:libsmb: make use of cli_{session_setup,rpc_pipe_open_with}_creds() in passchange.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a484a70f223ae8f0d5eeabd6d7576bfa1f7a7e94
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 13:33:58 2016 +0200
s3:client: use cli_session_setup_creds() in smbspool.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5e51f6457e5afbcd0c6cf7803b8a21199ce29ade
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 13:33:58 2016 +0200
s3:client: use cli_session_setup_creds() in client.c cmd_logon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6fe1c8a8a17b26a959ead8aa01131ba259603b98
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 12:44:51 2016 +0200
s3:torture: make use of auth_generic_set_creds() in test_smb2.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6d93c320344ee67db2283e99f933c2597ae6f0a5
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 12:44:51 2016 +0200
s3:torture: make use of cli_session_setup_creds() in test_smb2.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 43b987df182584fc2ab62625aa1896c904eb708e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 12:44:51 2016 +0200
s3:torture: make use of cli_session_setup_creds() in torture.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 23c5fa1adf949e308b0082ad23135aa304335ba7
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 12:43:44 2016 +0200
s3:torture: create a global 'torture_creds' cli_credentials structure
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2aaf3c5ea5baad7cf21f48fb1bde48ce629ebbb8
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 12:42:01 2016 +0200
s3:torture: make use of cli_session_creds_init() in masktest.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 045bab521a2776ad627a1444fb00696b24bd2048
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 12:15:20 2016 +0200
s3:torture: make use of cli_session_setup_anon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6bb917ae3770a81346333120ec7116d4f8894941
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 12:15:20 2016 +0200
s3:nmbd: make use of cli_session_setup_anon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f70d1cfcc2dc972cad6d2bb8bd05bdf3bdd803fc
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 12:15:20 2016 +0200
s3:libsmb: make use of cli_session_setup_anon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit dafab66481d4d3e68ea18ef444499330c89b3793
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 12:09:05 2016 +0200
s3:libsmb: make cli_session_creds_init() non-static
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f49b9ada6069f695a65ba8b7b55690ae4314c781
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 12:01:50 2016 +0200
s3:libsmb: add cli_session_setup_anon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3a14eec09e9b63205b1e6a28d5182b680d6526ab
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 13:17:59 2016 +0200
s3:libsmb: change cli_session_setup_send/recv into cli_session_setup_creds_send/recv
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 32438b7cec32cb1b4604c6eba274552c71a00f3a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 12:41:10 2016 +0200
s3:libsmb: move domain\\username magic to cli_session_creds_init()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit fb13eeecea8c63dcebd4129e2bf7ebddc42240b0
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 12:01:45 2016 +0200
s3:libsmb: get the plaintext and NTLM authentication details out of cli_credentials
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b64b24a493a45554bf6672b8009f05f0fd977d97
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Oct 22 11:24:48 2016 +0200
s3:libsmb: move cli_session_creds_init() to cli_session_setup_send()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 8a4f76e0602510951ccd669f444cf20608e2d127
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Oct 22 11:00:39 2016 +0200
s3:libsmb: move cli_session_setup_get_account into cli_session_creds_init()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f4cfff3669a15ee1b97aa0f67d2d9640ba234d8c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 21 20:35:01 2016 +0200
s3:libsmb: pass cli_credentials to cli_session_setup_gensec_send()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit da5e12efa844a6bcf783fe5d2ba4d5a2f613424c
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 13 14:40:36 2016 +0200
s3:libsmb: split out a cli_session_creds_init() function
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit a460e6beef5b784d5ac37c398c91ac3e86dc432d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 28 09:00:46 2016 +0200
s3:libsmb: pass the optional dest_realm via the cli_credentials
'dest_realm' is only valid in the winbindd use case, where we also have
the account in that realm.
We need to ask the DC to which KDC the principal belongs to, in order to
get the potential trust referrals right.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 75b68d0360c497cbae104e5162f84498b4ce3067
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Oct 22 09:52:48 2016 +0200
s3:libsmb: let gensec handle the fallback from krb5 to ntlmssp
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 7512eb5dfb34162b9663a88a54494d643e8096da
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 27 15:03:07 2016 +0200
s3:libsmb: remove target_principal argument from cli_session_setup_gensec_send()
It's enough to pass down target_service and target_hostname, that's all we
have at the smb layer. The kerberos layer should figure out what
the final target_principals is based on the users realm.
The gse_krb5 backend doesn't use it currently, so it's also unused.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 721b823762b2e27f9d200ee8da0c602d9cf684b5
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 27 15:00:47 2016 +0200
s3:libsmb: always pass the servers gss blob to gensec
The spnego backend will take the "client use spnego principal" option.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c758df6b4a00e2c276402ee4d0ba87aa5805f77f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 12:04:41 2016 +0200
s3:libsmb: remove unused cli_session_setup_{lanman2,plain,nt1}*
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a54d250e0962e1c3777653af5c6f7b7c6eb04d24
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 12:01:45 2016 +0200
s3:libsmb: make use of smb1cli_session_setup_{nt1,lm21}_send/recv()
This separates the construction of the ASCII-Password (lm_response)
and UNICODE-Password (nt_response) values from the marshalling logic.
We don't need the NT1 marshalling logic 3 times (guest, plain, nt1),
we just need it once now in smb1cli_session_setup_nt1*.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9fffec88033a385f3ebb8fe8520b9b39c831d98f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 25 21:50:44 2016 +0200
s3:libsmb: make use of smb1cli_session_setup_ext_send/recv()
This separates the spnego authentication logic from the
marshalling logic.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5b8ed5009bb4868c1391841193a3911fb0681cb5
Author: Andreas Schneider <asn at samba.org>
Date: Mon Nov 7 15:06:09 2016 +0100
s3:libsmb: handle the spnego as a first action in cli_session_setup_send()
This will make further restructuring easier.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit cb10628a725c3ff3fbc653db34c5e230a79f8314
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 02:03:17 2016 +0200
s3:libsmb: add some comments to the noop case for < PROTOCOL_LANMAN1 in cli_session_setup_send()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c01efce2dc588d307cea91cbd097f1334aa9bf44
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 25 21:01:37 2016 +0200
libcli/smb: add smb1cli_session_setup_ext_send/recv()
This does a session setup for the NT1 protocol with CAP_EXTENDED_SECURITY.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 35ed3eeb0670ce90c704ca3aac6f31f81b4750e8
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 25 15:40:59 2016 +0200
libcli/smb: add smb1cli_session_setup_nt1_send/recv()
This does a session setup for the NT1 protocol (without CAP_EXTENDED_SECURITY).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2182817c9705c16e39acae3cf4aff8b1c3d27913
Author: Andreas Schneider <asn at samba.org>
Date: Thu Nov 3 16:28:12 2016 +0100
libcli/smb: add smb1cli_session_setup_lm21_send/recv()
This does a session setup for the LANMAN 2(.1) protocol.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4334f2dad07b610ab8e55a0c7fc9ec2f16ba5ffd
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 25 13:27:54 2016 +0200
libcli/smb: reformat wscript
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5b0a54d36c79b92eea68f0ca6550c88d1f552dad
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 25 14:50:41 2016 +0200
libcli/smb: Add smb_bytes_pull_str() helper function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 7999e6f6c042a96e2d444407c375cb94f7298996
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 25 13:31:08 2016 +0200
libcli/smb: move {smb,trans2}_bytes_push_{str,bytes}() to common code
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 482d3b35e99ab8c5b911fc3e863c1c35a500f791
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 25 11:31:07 2016 +0200
s3:libsmb: let the callers only pass the password string to cli_session_setup[_send]()
There're no callers which tried to pass raw {lm,nt}_response any more.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d6d8893d56d0f7b6be7e9a8c34d454f4933525d5
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 21 17:22:03 2016 +0200
s3:popt_common: simplify popt_common_credentials handling
This offers a global 'struct user_auth_info *cmdline_auth_info',
similar to the 'cmdline_credentials' we have in
source4/lib/cmdline/popt_common.c.
And we create that in the POPT_CALLBACK_REASON_PRE stage
and finalize it in the POPT_CALLBACK_REASON_POST stage.
That means much less boring work for the callers
and more freedom to change the user_auth_info internals
in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d134f57ccf76bf7b09272d3c58a786e7b881934f
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 24 11:26:12 2016 +0200
s3:gse: We need to use the users realm in the target_principal
This is important in order to let the kdc of the users realm start with
the trust referral routing.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 558e78c7e3b2814a7daed7c7c94e9c004f9922b7
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 24 11:26:12 2016 +0200
s4:gensec_gssapi: We need to use the users realm in the target_principal
This is important in order to let the kdc of the users realm start with
the trust referral routing.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit fee23c33ae279e96d0a70e2f313d20d7fae106ff
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 27 13:32:31 2016 +0200
auth/credentials: make cli_credentials_get_ntlm_response() more robust
We always provide each output blob as it's own talloc memory
and also check for talloc failures.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 02f79060a0bc5c13a32cce76ce6fde22593f8d5a
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Oct 22 11:19:05 2016 +0200
auth/credentials: anonymous should not have a user principal
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 1 +
auth/credentials/credentials_ntlm.c | 204 ++--
examples/fuse/smb2mount.c | 18 +-
libcli/smb/smb1cli_create.c | 71 --
libcli/smb/smb1cli_session.c | 823 +++++++++++++
libcli/smb/smbXcli_base.h | 65 ++
libcli/smb/smb_util.h | 14 +
libcli/smb/util.c | 200 ++++
libcli/smb/wscript | 92 +-
source3/client/client.c | 44 +-
source3/client/smbspool.c | 21 +-
source3/include/popt_common.h | 5 +-
source3/lib/popt_common.c | 58 +-
source3/librpc/crypto/gse.c | 6 +-
source3/libsmb/cliconnect.c | 2162 ++++++++++++++---------------------
source3/libsmb/clidfs.c | 9 +-
source3/libsmb/clifile.c | 127 --
source3/libsmb/libsmb_server.c | 21 +-
source3/libsmb/passchange.c | 51 +-
source3/libsmb/proto.h | 38 +-
source3/nmbd/nmbd_synclists.c | 4 +-
source3/rpcclient/rpcclient.c | 15 +-
source3/torture/masktest.c | 40 +-
source3/torture/test_smb2.c | 101 +-
source3/torture/torture.c | 69 +-
source3/utils/regedit.c | 6 -
source3/utils/smbcacls.c | 19 +-
source3/utils/smbcquotas.c | 14 +-
source3/utils/smbtree.c | 27 +-
source3/winbindd/winbindd_cm.c | 88 +-
source4/auth/gensec/gensec_gssapi.c | 2 +-
31 files changed, 2374 insertions(+), 2041 deletions(-)
create mode 100644 libcli/smb/smb1cli_session.c
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index bfa397c..b8171f3 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -928,6 +928,7 @@ _PUBLIC_ void cli_credentials_set_anonymous(struct cli_credentials *cred)
cli_credentials_set_username(cred, "", CRED_SPECIFIED);
cli_credentials_set_domain(cred, "", CRED_SPECIFIED);
cli_credentials_set_password(cred, NULL, CRED_SPECIFIED);
+ cli_credentials_set_principal(cred, NULL, CRED_SPECIFIED);
cli_credentials_set_realm(cred, NULL, CRED_SPECIFIED);
cli_credentials_set_workstation(cred, "", CRED_UNINITIALISED);
cli_credentials_set_kerberos_state(cred, CRED_DONT_USE_KERBEROS);
diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index 0abbb5c..3603647 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -36,29 +36,57 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,
DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key)
{
- const char *user, *domain;
- DATA_BLOB lm_response, nt_response;
- DATA_BLOB lm_session_key, session_key;
- const struct samr_Password *nt_hash;
- lm_session_key = data_blob(NULL, 0);
+ TALLOC_CTX *frame = talloc_stackframe();
+ const char *user = NULL;
+ const char *domain = NULL;
+ DATA_BLOB lm_response = data_blob_null;
+ DATA_BLOB nt_response = data_blob_null;
+ DATA_BLOB lm_session_key = data_blob_null;
+ DATA_BLOB session_key = data_blob_null;
+ const struct samr_Password *nt_hash = NULL;
+
+ if (cred->use_kerberos == CRED_MUST_USE_KERBEROS) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
/* We may already have an NTLM response we prepared earlier.
* This is used for NTLM pass-though authentication */
if (cred->nt_response.data || cred->lm_response.data) {
- *_nt_response = cred->nt_response;
- *_lm_response = cred->lm_response;
+ if (cred->nt_response.length != 0) {
+ nt_response = data_blob_dup_talloc(frame,
+ cred->nt_response);
+ if (nt_response.data == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ if (cred->lm_response.length != 0) {
+ lm_response = data_blob_dup_talloc(frame,
+ cred->lm_response);
+ if (lm_response.data == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
- if (!cred->lm_response.data) {
+ if (cred->lm_response.data == NULL) {
*flags = *flags & ~CLI_CRED_LANMAN_AUTH;
}
- *_lm_session_key = data_blob(NULL, 0);
- *_session_key = data_blob(NULL, 0);
- return NT_STATUS_OK;
+ goto done;
}
- nt_hash = cli_credentials_get_nt_hash(cred, mem_ctx);
+ nt_hash = cli_credentials_get_nt_hash(cred, frame);
- cli_credentials_get_ntlm_username_domain(cred, mem_ctx, &user, &domain);
+ cli_credentials_get_ntlm_username_domain(cred, frame, &user, &domain);
+ if (user == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (domain == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
/* If we are sending a username at realm login (see function
* above), then we will not send LM, it will not be
@@ -71,22 +99,22 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
if (cred->machine_account) {
*flags = *flags & ~CLI_CRED_LANMAN_AUTH;
}
-
- if (cred->use_kerberos == CRED_MUST_USE_KERBEROS) {
- return NT_STATUS_ACCESS_DENIED;
- }
if (!nt_hash) {
- static const uint8_t zeros[16];
/* do nothing - blobs are zero length */
/* session key is all zeros */
- session_key = data_blob_talloc(mem_ctx, zeros, 16);
- lm_session_key = data_blob_talloc(mem_ctx, zeros, 16);
+ session_key = data_blob_talloc_zero(frame, 16);
+ if (session_key.data == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ lm_session_key = data_blob_talloc_zero(frame, 16);
+ if (lm_session_key.data == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
- lm_response = data_blob(NULL, 0);
- nt_response = data_blob(NULL, 0);
-
/* not doing NTLM2 without a password */
*flags &= ~CLI_CRED_NTLM2;
} else if (*flags & CLI_CRED_NTLMv2_AUTH) {
@@ -94,19 +122,21 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
if (!target_info.length) {
/* be lazy, match win2k - we can't do NTLMv2 without it */
DEBUG(1, ("Server did not provide 'target information', required for NTLMv2\n"));
+ TALLOC_FREE(frame);
return NT_STATUS_INVALID_PARAMETER;
}
/* TODO: if the remote server is standalone, then we should replace 'domain'
with the server name as supplied above */
- if (!SMBNTLMv2encrypt_hash(mem_ctx,
+ if (!SMBNTLMv2encrypt_hash(frame,
user,
domain,
nt_hash->hash, &challenge,
server_timestamp, &target_info,
&lm_response, &nt_response,
NULL, &session_key)) {
+ TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -123,103 +153,131 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
uint8_t session_nonce[16];
uint8_t session_nonce_hash[16];
uint8_t user_session_key[16];
-
- lm_response = data_blob_talloc(mem_ctx, NULL, 24);
+
+ lm_response = data_blob_talloc_zero(frame, 24);
+ if (lm_response.data == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
generate_random_buffer(lm_response.data, 8);
- memset(lm_response.data+8, 0, 16);
memcpy(session_nonce, challenge.data, 8);
memcpy(&session_nonce[8], lm_response.data, 8);
-
+
MD5Init(&md5_session_nonce_ctx);
- MD5Update(&md5_session_nonce_ctx, challenge.data, 8);
- MD5Update(&md5_session_nonce_ctx, lm_response.data, 8);
+ MD5Update(&md5_session_nonce_ctx, session_nonce,
+ sizeof(session_nonce));
MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
DEBUG(5, ("NTLMSSP challenge set by NTLM2\n"));
DEBUG(5, ("challenge is: \n"));
dump_data(5, session_nonce_hash, 8);
-
- nt_response = data_blob_talloc(mem_ctx, NULL, 24);
+
+ nt_response = data_blob_talloc_zero(frame, 24);
+ if (nt_response.data == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
SMBOWFencrypt(nt_hash->hash,
session_nonce_hash,
nt_response.data);
-
- session_key = data_blob_talloc(mem_ctx, NULL, 16);
+
+ session_key = data_blob_talloc_zero(frame, 16);
+ if (session_key.data == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
SMBsesskeygen_ntv1(nt_hash->hash, user_session_key);
hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data);
+ ZERO_STRUCT(user_session_key);
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
/* LM Key is incompatible... */
*flags &= ~CLI_CRED_LANMAN_AUTH;
} else {
+ const char *password = cli_credentials_get_password(cred);
uint8_t lm_hash[16];
- nt_response = data_blob_talloc(mem_ctx, NULL, 24);
+ bool do_lm = false;
+
+ nt_response = data_blob_talloc_zero(frame, 24);
+ if (nt_response.data == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
SMBOWFencrypt(nt_hash->hash, challenge.data,
nt_response.data);
-
- session_key = data_blob_talloc(mem_ctx, NULL, 16);
+
+ session_key = data_blob_talloc_zero(frame, 16);
+ if (session_key.data == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
SMBsesskeygen_ntv1(nt_hash->hash, session_key.data);
dump_data_pw("NT session key:\n", session_key.data, session_key.length);
/* lanman auth is insecure, it may be disabled.
We may also not have a password */
- if (*flags & CLI_CRED_LANMAN_AUTH) {
- const char *password;
- password = cli_credentials_get_password(cred);
- if (!password) {
- lm_response = nt_response;
- } else {
- lm_response = data_blob_talloc(mem_ctx, NULL, 24);
- if (!SMBencrypt(password,challenge.data,
- lm_response.data)) {
- /* If the LM password was too long (and therefore the LM hash being
- of the first 14 chars only), don't send it.
-
- We don't have any better options but to send the NT response
- */
- data_blob_free(&lm_response);
- lm_response = nt_response;
- /* LM Key is incompatible with 'long' passwords */
- *flags &= ~CLI_CRED_LANMAN_AUTH;
- } else if (E_deshash(password, lm_hash)) {
- lm_session_key = data_blob_talloc(mem_ctx, NULL, 16);
- memcpy(lm_session_key.data, lm_hash, 8);
- memset(&lm_session_key.data[8], '\0', 8);
-
- if (!(*flags & CLI_CRED_NTLM_AUTH)) {
- session_key = lm_session_key;
- }
- }
+
+ if (password != NULL) {
+ do_lm = E_deshash(password, lm_hash);
+ }
+
+ if (*flags & CLI_CRED_LANMAN_AUTH && do_lm) {
+ lm_response = data_blob_talloc_zero(frame, 24);
+ if (lm_response.data == NULL) {
+ ZERO_STRUCT(lm_hash);
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
}
+
+ SMBencrypt_hash(lm_hash,
+ challenge.data,
+ lm_response.data);
} else {
- const char *password;
+ /* just copy the nt_response */
+ lm_response = data_blob_dup_talloc(frame, nt_response);
+ if (lm_response.data == NULL) {
+ ZERO_STRUCT(lm_hash);
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
- /* LM Key is incompatible... */
- lm_response = nt_response;
- *flags &= ~CLI_CRED_LANMAN_AUTH;
+ if (do_lm) {
+ lm_session_key = data_blob_talloc_zero(frame, 16);
+ if (lm_session_key.data == NULL) {
+ ZERO_STRUCT(lm_hash);
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ memcpy(lm_session_key.data, lm_hash, 8);
- password = cli_credentials_get_password(cred);
- if (password && E_deshash(password, lm_hash)) {
- lm_session_key = data_blob_talloc(mem_ctx, NULL, 16);
- memcpy(lm_session_key.data, lm_hash, 8);
- memset(&lm_session_key.data[8], '\0', 8);
+ if (!(*flags & CLI_CRED_NTLM_AUTH)) {
+ memcpy(session_key.data, lm_session_key.data, 16);
}
+ ZERO_STRUCT(lm_hash);
}
}
+
+done:
if (_lm_response) {
+ talloc_steal(mem_ctx, lm_response.data);
*_lm_response = lm_response;
}
if (_nt_response) {
+ talloc_steal(mem_ctx, nt_response.data);
*_nt_response = nt_response;
}
if (_lm_session_key) {
+ talloc_steal(mem_ctx, lm_session_key.data);
*_lm_session_key = lm_session_key;
}
if (_session_key) {
+ talloc_steal(mem_ctx, session_key.data);
*_session_key = session_key;
}
+ TALLOC_FREE(frame);
return NT_STATUS_OK;
}
diff --git a/examples/fuse/smb2mount.c b/examples/fuse/smb2mount.c
index 2c06ed5..b90e115 100644
--- a/examples/fuse/smb2mount.c
+++ b/examples/fuse/smb2mount.c
@@ -25,7 +25,7 @@
#include "libsmb/proto.h"
#include "clifuse.h"
-static struct cli_state *connect_one(struct user_auth_info *auth_info,
+static struct cli_state *connect_one(const struct user_auth_info *auth_info,
const char *server, const char *share)
{
struct cli_state *c = NULL;
@@ -37,13 +37,6 @@ static struct cli_state *connect_one(struct user_auth_info *auth_info,
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
- if (get_cmdline_auth_info_use_machine_account(auth_info) &&
- !set_cmdline_auth_info_machine_account_creds(auth_info)) {
- return NULL;
- }
-
- set_cmdline_auth_info_getpass(auth_info);
-
nt_status = cli_full_connection(&c, lp_netbios_name(), server,
NULL, 0,
share, "?????",
@@ -78,7 +71,6 @@ int main(int argc, char *argv[])
{
const char **argv_const = discard_const_p(const char *, argv);
TALLOC_CTX *frame = talloc_stackframe();
- struct user_auth_info *auth_info;
poptContext pc;
int opt, ret;
char *unc, *mountpoint, *server, *share;
@@ -96,12 +88,6 @@ int main(int argc, char *argv[])
lp_set_cmdline("client min protocol", "SMB2");
lp_set_cmdline("client max protocol", "SMB3_11");
- auth_info = user_auth_info_init(frame);
- if (auth_info == NULL) {
- exit(1);
- }
- popt_common_set_auth_info(auth_info);
-
lp_load_global(get_dyn_CONFIGFILE());
load_interfaces();
@@ -151,7 +137,7 @@ int main(int argc, char *argv[])
*share = 0;
share++;
- cli = connect_one(auth_info, server, share);
+ cli = connect_one(cmdline_auth_info, server, share);
if (cli == NULL) {
return -1;
}
diff --git a/libcli/smb/smb1cli_create.c b/libcli/smb/smb1cli_create.c
index 1963aed..d9887a0 100644
--- a/libcli/smb/smb1cli_create.c
+++ b/libcli/smb/smb1cli_create.c
@@ -24,77 +24,6 @@
#include "smb_common.h"
#include "smbXcli_base.h"
-static uint8_t *internal_bytes_push_str(uint8_t *buf, bool ucs2,
- const char *str, size_t str_len,
- bool align_odd,
- size_t *pconverted_size)
-{
- TALLOC_CTX *frame = talloc_stackframe();
- size_t buflen;
- char *converted;
- size_t converted_size;
-
- /*
- * This check prevents us from
- * (re)alloc buf on a NULL TALLOC_CTX.
- */
- if (buf == NULL) {
- TALLOC_FREE(frame);
- return NULL;
- }
-
- buflen = talloc_get_size(buf);
-
- if (ucs2 &&
- ((align_odd && (buflen % 2 == 0)) ||
- (!align_odd && (buflen % 2 == 1)))) {
- /*
- * We're pushing into an SMB buffer, align odd
- */
- buf = talloc_realloc(NULL, buf, uint8_t, buflen + 1);
- if (buf == NULL) {
- TALLOC_FREE(frame);
- return NULL;
- }
- buf[buflen] = '\0';
- buflen += 1;
- }
-
- if (!convert_string_talloc(frame, CH_UNIX,
- ucs2 ? CH_UTF16LE : CH_DOS,
- str, str_len, &converted,
- &converted_size)) {
- TALLOC_FREE(frame);
- return NULL;
- }
-
- buf = talloc_realloc(NULL, buf, uint8_t,
- buflen + converted_size);
- if (buf == NULL) {
- TALLOC_FREE(frame);
- return NULL;
- }
-
- memcpy(buf + buflen, converted, converted_size);
-
- TALLOC_FREE(converted);
-
- if (pconverted_size) {
- *pconverted_size = converted_size;
- }
-
- TALLOC_FREE(frame);
- return buf;
-}
-
-static uint8_t *smb_bytes_push_str(uint8_t *buf, bool ucs2,
- const char *str, size_t str_len,
- size_t *pconverted_size)
-{
- return internal_bytes_push_str(buf, ucs2, str, str_len,
- true, pconverted_size);
-}
-
struct smb1cli_ntcreatex_state {
uint16_t vwv[24];
uint16_t fnum;
diff --git a/libcli/smb/smb1cli_session.c b/libcli/smb/smb1cli_session.c
new file mode 100644
index 0000000..9d92aa6
--- /dev/null
+++ b/libcli/smb/smb1cli_session.c
@@ -0,0 +1,823 @@
+/*
+ Unix SMB/CIFS implementation.
+ client connect/disconnect routines
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Andrew Bartlett 2001-2003
+ Copyright (C) Volker Lendecke 2011
+ Copyright (C) Jeremy Allison 2011
+ Copyright (C) Stefan Metzmacher 2016
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "../libcli/smb/smb_common.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+
+struct smb1cli_session_setup_lm21_state {
--
Samba Shared Repository
More information about the samba-cvs
mailing list