[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Thu May 28 08:05:03 UTC 2020


The branch, master has been updated
       via  bae35ebcf34 s3:libsmb: remove finally unused credential flags
       via  d15c6a0d93d examples/fuse/smb2mount: avoid using CLI_FULL_CONNECTION_{USE,FALLBACK_AFTER}_KERBEROS flags
       via  f2087876de3 s3:rpcclient: avoid using auth related CLI_FULL_CONNECTION_* flags
       via  f66f4788bd9 s3:torture: don't use CLI_FULL_CONNECTION_USE_KERBEROS in open_nbt_connection()
       via  0c742ee2686 s3:smbspool: avoid using CLI_FULL_CONNECTION_{USE,FALLBACK_AFTER}_KERBEROS flags
       via  0de5c488ed9 s3:libsmb: remove unused cli_full_connection()
       via  0b3e3311111 s3:libsmb: remove unused cli_cm_force_encryption()
       via  4f3733957e0 s3:libsmb_server: fix error handling in SMBC_server_internal()
       via  4386986f434 s3:libsmb_server: make use of SMBC_auth_credentials() in SMBC_attr_server()
       via  cf041240f1e s3:libsmb_server: split out SMBC_auth_credentials() helper
       via  ff2123d4997 s3:libsmb_server: don't use auth related flags in SMBC_server_internal()
       via  2723a8ed89b s3:locktest2: use cli_session_creds_init() directly
       via  719a2f5898d s3:net: make use of net_context_creds() in net_ads_printer_publish()
       via  b610549d5d9 s3:libnet_join: call cli_session_creds_init() directly
       via  ceaa3ead152 s3:netlookup: make use of cli_credentials_init_anon()
       via  b7c366f1f8d s3:net: make use of net_context_creds() in connect_to_service()
       via  cf142ab619d s3:net: make use of cli_credentials_init_anon() in connect_to_ipc_anonymous()
       via  4fb99f92ac2 s3:libnet_join: make use of cli_credentials_init_anon()
       via  f563d0098bc s3:rpc_server/spoolss: make use of cli_credentials_init_anon()
       via  b0c06861f34 s3:rpcclient: Use get_cmdline_auth_info_creds()
       via  2079a8f83d4 s3:rpcclient: Rename creds to trust_creds
       via  2465301226f s3:libsmb: make use of get_cmdline_auth_info_creds() in get_ipc_connect()
       via  16fbb196fc2 s3:smbcacls: make use of get_cmdline_auth_info_creds()
       via  f8275387a9a s3:smbcquotas: make use of get_cmdline_auth_info_creds()
       via  a72cac6bc0c s3:mdfind: make use of get_cmdline_auth_info_creds()
       via  f399e7e6a4d s3:rpcclient: make use of get_cmdline_auth_info_creds() in cmd_spoolss.c
       via  bec9c47cbc8 examples/fuse/smb2mount: make use of get_cmdline_auth_info_creds()
       via  1aaf32c327c s3:cli_pipe: remove unused cli_rpc_pipe_open_generic_auth()
       via  ee4eab14f16 s3:cli_pipe: improve debug messages in cli_rpc_pipe_open_with_creds()
       via  e8d71172caf s3:net: make use of cli_rpc_pipe_open_with_creds() by using net_context_creds()
       via  f6e0582eaa0 s3:net: avoid prompting for a password if --use-ccache is used
       via  e7119198e09 s3:net: add net_context_creds() helper function
       via  715d8751447 s3:net: always set ctx->opt_user_specified = true when we overwrite opt_user_name
       via  84f04f90bd3 s3:net: remove unused net_use_machine_account()
       via  6e6e0bc638e s3:cli_pipe: remove unused 'use_kerberos' from cli_rpc_pipe_open_generic_auth()
      from  bb912a48279 OID: Reserve 1.3.6.1.4.1.7165.777.x for use on the wiki

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit bae35ebcf3465bedc2f75c14e9cff7a891d7789e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 17:52:13 2019 +0100

    s3:libsmb: remove finally unused credential flags
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Thu May 28 08:04:12 UTC 2020 on sn-devel-184

commit d15c6a0d93d91b55d23dcbb0f39552704db59949
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 17:47:42 2019 +0100

    examples/fuse/smb2mount: avoid using CLI_FULL_CONNECTION_{USE,FALLBACK_AFTER}_KERBEROS flags
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit f2087876de310214e82e34344b324f89f03a2dde
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 17:49:48 2019 +0100

    s3:rpcclient: avoid using auth related CLI_FULL_CONNECTION_* flags
    
    We use get_cmdline_auth_info_creds() and pass cli_credentials arround.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit f66f4788bd96835294337d0de02f8710b3d0de91
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 17:49:05 2019 +0100

    s3:torture: don't use CLI_FULL_CONNECTION_USE_KERBEROS in open_nbt_connection()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 0c742ee2686fe1444279dbb75efc899d67969b74
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 17:47:42 2019 +0100

    s3:smbspool: avoid using CLI_FULL_CONNECTION_{USE,FALLBACK_AFTER}_KERBEROS flags
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 0de5c488ed96f185c18450b6fe3a22c122b5aa84
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 17:29:57 2019 +0100

    s3:libsmb: remove unused cli_full_connection()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 0b3e33111115346a2b8a5743dac0fe3640cb7b24
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 17:28:35 2019 +0100

    s3:libsmb: remove unused cli_cm_force_encryption()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 4f3733957e0a0c54c4ac8e6810a383712d2327da
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 17:26:53 2019 +0100

    s3:libsmb_server: fix error handling in SMBC_server_internal()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 4386986f4342cd9622d6e40c513448133dfabd54
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 17:25:47 2019 +0100

    s3:libsmb_server: make use of SMBC_auth_credentials() in SMBC_attr_server()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit cf041240f1e298f17cab959916c17e0d7c661f93
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 16:40:40 2019 +0100

    s3:libsmb_server: split out SMBC_auth_credentials() helper
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit ff2123d4997eb81f37a3c62f7557fd5c2781525f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 17:23:14 2019 +0100

    s3:libsmb_server: don't use auth related flags in SMBC_server_internal()
    
    These are ignored at the lower levels if we're passing cli_credential
    structures along.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 2723a8ed89b5e93d04b47fc7c1c8e1f167655d57
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 16:14:38 2019 +0100

    s3:locktest2: use cli_session_creds_init() directly
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 719a2f5898d281f55c9ccce3e33081691741e5e3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 15:46:16 2019 +0100

    s3:net: make use of net_context_creds() in net_ads_printer_publish()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit b610549d5d950643d136f1864454b3bc666ca0d3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 15:38:24 2019 +0100

    s3:libnet_join: call cli_session_creds_init() directly
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit ceaa3ead1520118496d7a9e7d64610f3db4df2b8
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 15:23:45 2019 +0100

    s3:netlookup: make use of cli_credentials_init_anon()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit b7c366f1f8d8f2f1547d64801db6a49674570c6d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 15:18:11 2019 +0100

    s3:net: make use of net_context_creds() in connect_to_service()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit cf142ab619dd41e6151a4cd48058336c0bcdfebd
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 15:14:18 2019 +0100

    s3:net: make use of cli_credentials_init_anon() in connect_to_ipc_anonymous()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 4fb99f92ac2ab3491e77373c612171b5203d1acb
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 15:10:10 2019 +0100

    s3:libnet_join: make use of cli_credentials_init_anon()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit f563d0098bca018cf1389f714a58223a9414463e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 15:02:11 2019 +0100

    s3:rpc_server/spoolss: make use of cli_credentials_init_anon()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit b0c06861f34bda395bd2e7a983b702b06cf64693
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 00:44:22 2019 +0100

    s3:rpcclient: Use get_cmdline_auth_info_creds()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 2079a8f83d43b0a8067699df31af059b9321ed3e
Author: Andreas Schneider <asn at samba.org>
Date:   Tue May 26 12:10:06 2020 +0200

    s3:rpcclient: Rename creds to trust_creds
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 2465301226f39de29c2927232e6b9f208a1efda6
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 15:01:03 2019 +0100

    s3:libsmb: make use of get_cmdline_auth_info_creds() in get_ipc_connect()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 16fbb196fc2dda0f76c4a48cf586923df0dce4de
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 14:48:12 2019 +0100

    s3:smbcacls: make use of get_cmdline_auth_info_creds()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit f8275387a9a88973a419d19136e20ba89961c8c7
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 14:48:12 2019 +0100

    s3:smbcquotas: make use of get_cmdline_auth_info_creds()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit a72cac6bc0c45ff830c27c3f5b6b640bdd49b91e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 14:45:43 2019 +0100

    s3:mdfind: make use of get_cmdline_auth_info_creds()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit f399e7e6a4de486876eebf286f2f9f0268687a16
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 14:38:19 2019 +0100

    s3:rpcclient: make use of get_cmdline_auth_info_creds() in cmd_spoolss.c
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit bec9c47cbc8de832e7137470566765aa76edc951
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 14:34:36 2019 +0100

    examples/fuse/smb2mount: make use of get_cmdline_auth_info_creds()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 1aaf32c327c61b9e9e0e818f776db960cf162935
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 14:28:06 2019 +0100

    s3:cli_pipe: remove unused cli_rpc_pipe_open_generic_auth()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit ee4eab14f16f967188a1e68fcf27e8e9fd653eeb
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 14:27:25 2019 +0100

    s3:cli_pipe: improve debug messages in cli_rpc_pipe_open_with_creds()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit e8d71172cafd74a622bb0d375507f6f5ee3ffe88
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 13:58:37 2019 +0100

    s3:net: make use of cli_rpc_pipe_open_with_creds() by using net_context_creds()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit f6e0582eaa0fbc7b1cb1747f3f3aa395b1cd83b3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 13:58:37 2019 +0100

    s3:net: avoid prompting for a password if --use-ccache is used
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit e7119198e0939dac0657fa247917feee315cece5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 13:57:55 2019 +0100

    s3:net: add net_context_creds() helper function
    
    Pair-Programmed-With: Andreas Schneider <asn at samba.org>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 715d8751447e3ec140cb70084d27ba958c07c21a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 13:43:02 2019 +0100

    s3:net: always set ctx->opt_user_specified = true when we overwrite opt_user_name
    
    If we force changing the used username we should make that clear.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 84f04f90bd35c678e4336191968cbb48b0fb596b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 13:35:16 2019 +0100

    s3:net: remove unused net_use_machine_account()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 6e6e0bc638e5699a9f6a264d6495687c54430427
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 11 13:11:53 2019 +0100

    s3:cli_pipe: remove unused 'use_kerberos' from cli_rpc_pipe_open_generic_auth()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 examples/fuse/smb2mount.c                   |  17 +--
 source3/client/smbspool.c                   |  38 ++----
 source3/include/client.h                    |   9 --
 source3/libnet/libnet_join.c                |  77 +++++++++----
 source3/libsmb/cliconnect.c                 | 122 +-------------------
 source3/libsmb/clidfs.c                     |  41 -------
 source3/libsmb/clientgen.c                  |  14 ---
 source3/libsmb/libsmb_server.c              | 116 ++++++++++---------
 source3/libsmb/proto.h                      |  13 ---
 source3/rpc_client/cli_pipe.c               |  78 ++-----------
 source3/rpc_client/cli_pipe.h               |  12 --
 source3/rpc_server/spoolss/srv_spoolss_nt.c |  16 ++-
 source3/rpcclient/cmd_spoolss.c             |  11 +-
 source3/rpcclient/rpcclient.c               |  61 ++++------
 source3/torture/locktest2.c                 |  26 ++++-
 source3/torture/torture.c                   |   4 -
 source3/utils/mdfind.c                      |  47 +++-----
 source3/utils/net_ads.c                     |  16 ++-
 source3/utils/net_proto.h                   |   4 +-
 source3/utils/net_rpc.c                     |  16 ++-
 source3/utils/net_rpc_trust.c               |   1 +
 source3/utils/net_util.c                    | 173 ++++++++++++++++++++--------
 source3/utils/netlookup.c                   |  33 ++----
 source3/utils/smbcacls.c                    |  17 +--
 source3/utils/smbcquotas.c                  |  21 +---
 25 files changed, 385 insertions(+), 598 deletions(-)


Changeset truncated at 500 lines:

diff --git a/examples/fuse/smb2mount.c b/examples/fuse/smb2mount.c
index ec4be809f6d..ea1d9a11e0b 100644
--- a/examples/fuse/smb2mount.c
+++ b/examples/fuse/smb2mount.c
@@ -33,17 +33,10 @@ static struct cli_state *connect_one(const struct user_auth_info *auth_info,
 	NTSTATUS nt_status;
 	uint32_t flags = 0;
 
-	if (get_cmdline_auth_info_use_kerberos(auth_info)) {
-		flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
-			 CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
-	}
-
-	nt_status = cli_full_connection(&c, lp_netbios_name(), server,
+	nt_status = cli_full_connection_creds(&c, lp_netbios_name(), server,
 				NULL, port,
 				share, "?????",
-				get_cmdline_auth_info_username(auth_info),
-				lp_workgroup(),
-				get_cmdline_auth_info_password(auth_info),
+				get_cmdline_auth_info_creds(auth_info),
 				flags,
 				get_cmdline_auth_info_signing_state(auth_info));
 	if (!NT_STATUS_IS_OK(nt_status)) {
@@ -53,11 +46,9 @@ static struct cli_state *connect_one(const struct user_auth_info *auth_info,
 	}
 
 	if (get_cmdline_auth_info_smb_encrypt(auth_info)) {
-		nt_status = cli_cm_force_encryption(
+		nt_status = cli_cm_force_encryption_creds(
 			c,
-			get_cmdline_auth_info_username(auth_info),
-			get_cmdline_auth_info_password(auth_info),
-			lp_workgroup(),
+			get_cmdline_auth_info_creds(auth_info),
 			share);
                 if (!NT_STATUS_IS_OK(nt_status)) {
 			cli_shutdown(c);
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index e8be739f5cd..f56dc323b6e 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -64,16 +64,6 @@
 static int      get_exit_code(NTSTATUS nt_status);
 static void     list_devices(void);
 static NTSTATUS
-smb_complete_connection(struct cli_state **output_cli,
-			const char *myname,
-			const char *server,
-			int port,
-			const char *username,
-			const char *password,
-			const char *workgroup,
-			const char *share,
-			int flags);
-static NTSTATUS
 smb_connect(struct cli_state **output_cli,
 	    const char *workgroup,
 	    const char *server,
@@ -546,30 +536,21 @@ smb_complete_connection(struct cli_state **output_cli,
 			const char *password,
 			const char *workgroup,
 			const char *share,
-			int flags)
+			bool use_kerberos,
+			bool fallback_after_kerberos)
 {
 	struct cli_state *cli;	/* New connection */
 	NTSTATUS        nt_status;
 	struct cli_credentials *creds = NULL;
-	bool use_kerberos = false;
-	bool fallback_after_kerberos = false;
 
 	/* Start the SMB connection */
 	nt_status = cli_start_connection(&cli, myname, server, NULL, port,
-					 SMB_SIGNING_DEFAULT, flags);
+					 SMB_SIGNING_DEFAULT, 0);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		fprintf(stderr, "ERROR: Connection failed: %s\n", nt_errstr(nt_status));
 		return nt_status;
 	}
 
-	if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
-		use_kerberos = true;
-	}
-
-	if (flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) {
-		fallback_after_kerberos = true;
-	}
-
 	creds = cli_session_creds_init(cli,
 				       username,
 				       workgroup,
@@ -694,8 +675,8 @@ smb_connect(struct cli_state **output_cli,
 	struct cli_state *cli = NULL;	/* New connection */
 	char           *myname = NULL;	/* Client name */
 	struct passwd  *pwd;
-	int flags = CLI_FULL_CONNECTION_USE_KERBEROS;
 	bool use_kerberos = false;
+	bool fallback_after_kerberos = false;
 	const char *user = username;
 	NTSTATUS nt_status;
 
@@ -726,7 +707,7 @@ smb_connect(struct cli_state **output_cli,
 		}
 
 		/* Fallback to NTLM */
-		flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+		fallback_after_kerberos = true;
 
 		fprintf(stderr,
 			"DEBUG: Try to connect using username/password ...\n");
@@ -734,7 +715,7 @@ smb_connect(struct cli_state **output_cli,
 		goto anonymous;
 	} else if (strcmp(auth_info_required, "samba") == 0) {
 		if (username != NULL) {
-			flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+			fallback_after_kerberos = true;
 		} else if (kerberos_ccache_is_valid()) {
 			auth_info_required = "negotiate";
 
@@ -757,7 +738,8 @@ smb_connect(struct cli_state **output_cli,
 					    password,
 					    workgroup,
 					    share,
-					    flags);
+					    true, /* try kerberos */
+					    fallback_after_kerberos);
 	if (NT_STATUS_IS_OK(nt_status)) {
 		fprintf(stderr, "DEBUG: SMB connection established.\n");
 
@@ -784,7 +766,7 @@ smb_connect(struct cli_state **output_cli,
 					    "",
 					    workgroup,
 					    share,
-					    0);
+					    false, false);
 	if (NT_STATUS_IS_OK(nt_status)) {
 		fputs("DEBUG: Connected with NTLMSSP...\n", stderr);
 
@@ -805,7 +787,7 @@ anonymous:
 					    "",
 					    workgroup,
 					    share,
-					    0);
+					    false, false);
 	if (NT_STATUS_IS_OK(nt_status)) {
 		*output_cli = cli;
 		return NT_STATUS_OK;
diff --git a/source3/include/client.h b/source3/include/client.h
index 23ba86d2a2c..fdb5d7da830 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -76,11 +76,6 @@ struct cli_state {
 	/* The list of pipes currently open on this connection. */
 	struct rpc_pipe_client *pipe_list;
 
-	bool use_kerberos;
-	bool fallback_after_kerberos;
-	bool use_ccache;
-	bool pw_nt_hash;
-
 	bool use_oplocks; /* should we use oplocks? */
 
 	/* Where (if anywhere) this is mounted under DFS. */
@@ -119,15 +114,11 @@ struct file_info {
 };
 
 #define CLI_FULL_CONNECTION_DONT_SPNEGO 0x0001
-#define CLI_FULL_CONNECTION_USE_KERBEROS 0x0002
 #define CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK 0x0004
-#define CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS 0x0008
 #define CLI_FULL_CONNECTION_OPLOCKS 0x0010
 #define CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS 0x0020
-#define CLI_FULL_CONNECTION_USE_CCACHE 0x0040
 #define CLI_FULL_CONNECTION_FORCE_DOS_ERRORS 0x0080
 #define CLI_FULL_CONNECTION_FORCE_ASCII 0x0100
-#define CLI_FULL_CONNECTION_USE_NT_HASH 0x0200
 #define CLI_FULL_CONNECTION_FORCE_SMB1 0x0400
 #define CLI_FULL_CONNECTION_DISABLE_SMB1 0x0800
 
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index eb8e0ea17f7..9fdc18c4994 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1057,25 +1057,47 @@ static NTSTATUS libnet_join_connect_dc_ipc(const char *dc,
 					   bool use_kerberos,
 					   struct cli_state **cli)
 {
+	TALLOC_CTX *frame = talloc_stackframe();
+	bool fallback_after_kerberos = false;
+	bool use_ccache = false;
+	bool pw_nt_hash = false;
+	struct cli_credentials *creds = NULL;
 	int flags = 0;
+	NTSTATUS status;
 
-	if (use_kerberos) {
-		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+	if (use_kerberos && pass) {
+		fallback_after_kerberos = true;
+	}
+
+	creds = cli_session_creds_init(frame,
+				       user,
+				       domain,
+				       NULL, /* realm (use default) */
+				       pass,
+				       use_kerberos,
+				       fallback_after_kerberos,
+				       use_ccache,
+				       pw_nt_hash);
+	if (creds == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (use_kerberos && pass) {
-		flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
-	}
-
-	return cli_full_connection(cli, NULL,
-				   dc,
-				   NULL, 0,
-				   "IPC$", "IPC",
-				   user,
-				   domain,
-				   pass,
-				   flags,
-				   SMB_SIGNING_IPC_DEFAULT);
+	status = cli_full_connection_creds(cli,
+					   NULL,
+					   dc,
+					   NULL, 0,
+					   "IPC$", "IPC",
+					   creds,
+					   flags,
+					   SMB_SIGNING_IPC_DEFAULT);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
 }
 
 /****************************************************************
@@ -1692,15 +1714,22 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
 					   SMB_SIGNING_IPC_DEFAULT);
 
 	if (!NT_STATUS_IS_OK(status)) {
-		status = cli_full_connection(&cli, NULL,
-					     dc_name,
-					     NULL, 0,
-					     "IPC$", "IPC",
-					     "",
-					     NULL,
-					     "",
-					     0,
-					     SMB_SIGNING_IPC_DEFAULT);
+		struct cli_credentials *anon_creds = NULL;
+
+		anon_creds = cli_credentials_init_anon(frame);
+		if (anon_creds == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		status = cli_full_connection_creds(&cli,
+						   NULL,
+						   dc_name,
+						   NULL, 0,
+						   "IPC$", "IPC",
+						   anon_creds,
+						   0,
+						   SMB_SIGNING_OFF);
 	}
 
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 23b2bd2bdf7..9d0296873ea 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1433,8 +1433,6 @@ struct tevent_req *cli_session_setup_creds_send(TALLOC_CTX *mem_ctx,
 	uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
 	bool use_spnego = false;
 	int flags = 0;
-	enum credentials_use_kerberos krb5_state;
-	uint32_t gensec_features;
 	const char *username = "";
 	const char *domain = "";
 	DATA_BLOB target_info = data_blob_null;
@@ -1456,30 +1454,6 @@ struct tevent_req *cli_session_setup_creds_send(TALLOC_CTX *mem_ctx,
 
 	tevent_req_set_cleanup_fn(req, cli_session_setup_creds_cleanup);
 
-	krb5_state = cli_credentials_get_kerberos_state(creds);
-	gensec_features = cli_credentials_get_gensec_features(creds);
-
-	switch (krb5_state) {
-	case CRED_MUST_USE_KERBEROS:
-		cli->use_kerberos = true;
-		cli->fallback_after_kerberos = false;
-		break;
-	case CRED_AUTO_USE_KERBEROS:
-		cli->use_kerberos = true;
-		cli->fallback_after_kerberos = true;
-		break;
-	case CRED_DONT_USE_KERBEROS:
-		cli->use_kerberos = false;
-		cli->fallback_after_kerberos = false;
-		break;
-	}
-
-	if (gensec_features & GENSEC_FEATURE_NTLM_CCACHE) {
-		cli->use_ccache = true;
-	} else {
-		cli->use_ccache = false;
-	}
-
 	/*
 	 * Now work out what sort of session setup we are going to
 	 * do. I have split this into separate functions to make the flow a bit
@@ -3391,8 +3365,6 @@ struct tevent_req *cli_full_connection_creds_send(
 {
 	struct tevent_req *req, *subreq;
 	struct cli_full_connection_creds_state *state;
-	enum credentials_use_kerberos krb5_state;
-	uint32_t gensec_features = 0;
 
 	req = tevent_req_create(mem_ctx, &state,
 				struct cli_full_connection_creds_state);
@@ -3401,30 +3373,6 @@ struct tevent_req *cli_full_connection_creds_send(
 	}
 	talloc_set_destructor(state, cli_full_connection_creds_state_destructor);
 
-	flags &= ~CLI_FULL_CONNECTION_USE_KERBEROS;
-	flags &= ~CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
-	flags &= ~CLI_FULL_CONNECTION_USE_CCACHE;
-	flags &= ~CLI_FULL_CONNECTION_USE_NT_HASH;
-
-	krb5_state = cli_credentials_get_kerberos_state(creds);
-	switch (krb5_state) {
-	case CRED_MUST_USE_KERBEROS:
-		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
-		flags &= ~CLI_FULL_CONNECTION_DONT_SPNEGO;
-		break;
-	case CRED_AUTO_USE_KERBEROS:
-		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
-		flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
-		break;
-	case CRED_DONT_USE_KERBEROS:
-		break;
-	}
-
-	gensec_features = cli_credentials_get_gensec_features(creds);
-	if (gensec_features & GENSEC_FEATURE_NTLM_CCACHE) {
-		flags |= CLI_FULL_CONNECTION_USE_CCACHE;
-	}
-
 	state->ev = ev;
 	state->service = service;
 	state->service_type = service_type;
@@ -3597,66 +3545,6 @@ NTSTATUS cli_full_connection_creds(struct cli_state **output_cli,
 	return status;
 }
 
-NTSTATUS cli_full_connection(struct cli_state **output_cli,
-			     const char *my_name,
-			     const char *dest_host,
-			     const struct sockaddr_storage *dest_ss, int port,
-			     const char *service, const char *service_type,
-			     const char *user, const char *domain,
-			     const char *password, int flags,
-			     int signing_state)
-{
-	TALLOC_CTX *frame = talloc_stackframe();
-	NTSTATUS status;
-	bool use_kerberos = false;
-	bool fallback_after_kerberos = false;
-	bool use_ccache = false;
-	bool pw_nt_hash = false;
-	struct cli_credentials *creds = NULL;
-
-	if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
-		use_kerberos = true;
-	}
-
-	if (flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) {
-		fallback_after_kerberos = true;
-	}
-
-	if (flags & CLI_FULL_CONNECTION_USE_CCACHE) {
-		use_ccache = true;
-	}
-
-	if (flags & CLI_FULL_CONNECTION_USE_NT_HASH) {
-		pw_nt_hash = true;
-	}
-
-	creds = cli_session_creds_init(frame,
-				       user,
-				       domain,
-				       NULL, /* realm (use default) */
-				       password,
-				       use_kerberos,
-				       fallback_after_kerberos,
-				       use_ccache,
-				       pw_nt_hash);
-	if (creds == NULL) {
-		TALLOC_FREE(frame);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	status = cli_full_connection_creds(output_cli, my_name,
-					   dest_host, dest_ss, port,
-					   service, service_type,
-					   creds, flags, signing_state);
-	if (!NT_STATUS_IS_OK(status)) {
-		TALLOC_FREE(frame);
-		return status;
-	}
-
-	TALLOC_FREE(frame);
-	return NT_STATUS_OK;
-}
-
 /****************************************************************************
  Send an old style tcon.
 ****************************************************************************/
@@ -3784,16 +3672,10 @@ struct cli_state *get_ipc_connect(char *server,
 	NTSTATUS nt_status;
 	uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
 
-	if (get_cmdline_auth_info_use_kerberos(user_info)) {
-		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
-	}
-
 	flags |= CLI_FULL_CONNECTION_FORCE_SMB1;
 
-	nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC", 
-					get_cmdline_auth_info_username(user_info),
-					lp_workgroup(),
-					get_cmdline_auth_info_password(user_info),
+	nt_status = cli_full_connection_creds(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
+					get_cmdline_auth_info_creds(user_info),
 					flags,
 					SMB_SIGNING_DEFAULT);
 
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 25f932c60bb..ba091243147 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -99,34 +99,6 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
 	return NT_STATUS_OK;
 }
 
-NTSTATUS cli_cm_force_encryption(struct cli_state *c,
-			const char *username,
-			const char *password,
-			const char *domain,
-			const char *sharename)
-{
-	struct cli_credentials *creds = NULL;
-	NTSTATUS status;
-
-	creds = cli_session_creds_init(c,
-				       username,
-				       domain,
-				       NULL, /* default realm */
-				       password,
-				       c->use_kerberos,
-				       c->fallback_after_kerberos,
-				       c->use_ccache,
-				       c->pw_nt_hash);
-	if (creds == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	status = cli_cm_force_encryption_creds(c, creds, sharename);
-	/* gensec currently references the creds so we can't free them here */
-	talloc_unlink(c, creds);
-	return status;
-}
-
 /********************************************************************
  Return a connection to a server.
 ********************************************************************/
@@ -178,19 +150,6 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (get_cmdline_auth_info_use_kerberos(auth_info)) {
-		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
-	}
-	if (get_cmdline_auth_info_fallback_after_kerberos(auth_info)) {
-		flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
-	}
-	if (get_cmdline_auth_info_use_ccache(auth_info)) {


-- 
Samba Shared Repository



More information about the samba-cvs mailing list