[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Thu May 28 08:05:03 UTC 2020
The branch, master has been updated
via bae35ebcf34 s3:libsmb: remove finally unused credential flags
via d15c6a0d93d examples/fuse/smb2mount: avoid using CLI_FULL_CONNECTION_{USE,FALLBACK_AFTER}_KERBEROS flags
via f2087876de3 s3:rpcclient: avoid using auth related CLI_FULL_CONNECTION_* flags
via f66f4788bd9 s3:torture: don't use CLI_FULL_CONNECTION_USE_KERBEROS in open_nbt_connection()
via 0c742ee2686 s3:smbspool: avoid using CLI_FULL_CONNECTION_{USE,FALLBACK_AFTER}_KERBEROS flags
via 0de5c488ed9 s3:libsmb: remove unused cli_full_connection()
via 0b3e3311111 s3:libsmb: remove unused cli_cm_force_encryption()
via 4f3733957e0 s3:libsmb_server: fix error handling in SMBC_server_internal()
via 4386986f434 s3:libsmb_server: make use of SMBC_auth_credentials() in SMBC_attr_server()
via cf041240f1e s3:libsmb_server: split out SMBC_auth_credentials() helper
via ff2123d4997 s3:libsmb_server: don't use auth related flags in SMBC_server_internal()
via 2723a8ed89b s3:locktest2: use cli_session_creds_init() directly
via 719a2f5898d s3:net: make use of net_context_creds() in net_ads_printer_publish()
via b610549d5d9 s3:libnet_join: call cli_session_creds_init() directly
via ceaa3ead152 s3:netlookup: make use of cli_credentials_init_anon()
via b7c366f1f8d s3:net: make use of net_context_creds() in connect_to_service()
via cf142ab619d s3:net: make use of cli_credentials_init_anon() in connect_to_ipc_anonymous()
via 4fb99f92ac2 s3:libnet_join: make use of cli_credentials_init_anon()
via f563d0098bc s3:rpc_server/spoolss: make use of cli_credentials_init_anon()
via b0c06861f34 s3:rpcclient: Use get_cmdline_auth_info_creds()
via 2079a8f83d4 s3:rpcclient: Rename creds to trust_creds
via 2465301226f s3:libsmb: make use of get_cmdline_auth_info_creds() in get_ipc_connect()
via 16fbb196fc2 s3:smbcacls: make use of get_cmdline_auth_info_creds()
via f8275387a9a s3:smbcquotas: make use of get_cmdline_auth_info_creds()
via a72cac6bc0c s3:mdfind: make use of get_cmdline_auth_info_creds()
via f399e7e6a4d s3:rpcclient: make use of get_cmdline_auth_info_creds() in cmd_spoolss.c
via bec9c47cbc8 examples/fuse/smb2mount: make use of get_cmdline_auth_info_creds()
via 1aaf32c327c s3:cli_pipe: remove unused cli_rpc_pipe_open_generic_auth()
via ee4eab14f16 s3:cli_pipe: improve debug messages in cli_rpc_pipe_open_with_creds()
via e8d71172caf s3:net: make use of cli_rpc_pipe_open_with_creds() by using net_context_creds()
via f6e0582eaa0 s3:net: avoid prompting for a password if --use-ccache is used
via e7119198e09 s3:net: add net_context_creds() helper function
via 715d8751447 s3:net: always set ctx->opt_user_specified = true when we overwrite opt_user_name
via 84f04f90bd3 s3:net: remove unused net_use_machine_account()
via 6e6e0bc638e s3:cli_pipe: remove unused 'use_kerberos' from cli_rpc_pipe_open_generic_auth()
from bb912a48279 OID: Reserve 1.3.6.1.4.1.7165.777.x for use on the wiki
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bae35ebcf3465bedc2f75c14e9cff7a891d7789e
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 17:52:13 2019 +0100
s3:libsmb: remove finally unused credential flags
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu May 28 08:04:12 UTC 2020 on sn-devel-184
commit d15c6a0d93d91b55d23dcbb0f39552704db59949
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 17:47:42 2019 +0100
examples/fuse/smb2mount: avoid using CLI_FULL_CONNECTION_{USE,FALLBACK_AFTER}_KERBEROS flags
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f2087876de310214e82e34344b324f89f03a2dde
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 17:49:48 2019 +0100
s3:rpcclient: avoid using auth related CLI_FULL_CONNECTION_* flags
We use get_cmdline_auth_info_creds() and pass cli_credentials arround.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f66f4788bd96835294337d0de02f8710b3d0de91
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 17:49:05 2019 +0100
s3:torture: don't use CLI_FULL_CONNECTION_USE_KERBEROS in open_nbt_connection()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0c742ee2686fe1444279dbb75efc899d67969b74
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 17:47:42 2019 +0100
s3:smbspool: avoid using CLI_FULL_CONNECTION_{USE,FALLBACK_AFTER}_KERBEROS flags
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0de5c488ed96f185c18450b6fe3a22c122b5aa84
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 17:29:57 2019 +0100
s3:libsmb: remove unused cli_full_connection()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0b3e33111115346a2b8a5743dac0fe3640cb7b24
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 17:28:35 2019 +0100
s3:libsmb: remove unused cli_cm_force_encryption()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4f3733957e0a0c54c4ac8e6810a383712d2327da
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 17:26:53 2019 +0100
s3:libsmb_server: fix error handling in SMBC_server_internal()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4386986f4342cd9622d6e40c513448133dfabd54
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 17:25:47 2019 +0100
s3:libsmb_server: make use of SMBC_auth_credentials() in SMBC_attr_server()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit cf041240f1e298f17cab959916c17e0d7c661f93
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 16:40:40 2019 +0100
s3:libsmb_server: split out SMBC_auth_credentials() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ff2123d4997eb81f37a3c62f7557fd5c2781525f
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 17:23:14 2019 +0100
s3:libsmb_server: don't use auth related flags in SMBC_server_internal()
These are ignored at the lower levels if we're passing cli_credential
structures along.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2723a8ed89b5e93d04b47fc7c1c8e1f167655d57
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 16:14:38 2019 +0100
s3:locktest2: use cli_session_creds_init() directly
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 719a2f5898d281f55c9ccce3e33081691741e5e3
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 15:46:16 2019 +0100
s3:net: make use of net_context_creds() in net_ads_printer_publish()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b610549d5d950643d136f1864454b3bc666ca0d3
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 15:38:24 2019 +0100
s3:libnet_join: call cli_session_creds_init() directly
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ceaa3ead1520118496d7a9e7d64610f3db4df2b8
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 15:23:45 2019 +0100
s3:netlookup: make use of cli_credentials_init_anon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b7c366f1f8d8f2f1547d64801db6a49674570c6d
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 15:18:11 2019 +0100
s3:net: make use of net_context_creds() in connect_to_service()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit cf142ab619dd41e6151a4cd48058336c0bcdfebd
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 15:14:18 2019 +0100
s3:net: make use of cli_credentials_init_anon() in connect_to_ipc_anonymous()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4fb99f92ac2ab3491e77373c612171b5203d1acb
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 15:10:10 2019 +0100
s3:libnet_join: make use of cli_credentials_init_anon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f563d0098bca018cf1389f714a58223a9414463e
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 15:02:11 2019 +0100
s3:rpc_server/spoolss: make use of cli_credentials_init_anon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b0c06861f34bda395bd2e7a983b702b06cf64693
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 00:44:22 2019 +0100
s3:rpcclient: Use get_cmdline_auth_info_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2079a8f83d43b0a8067699df31af059b9321ed3e
Author: Andreas Schneider <asn at samba.org>
Date: Tue May 26 12:10:06 2020 +0200
s3:rpcclient: Rename creds to trust_creds
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 2465301226f39de29c2927232e6b9f208a1efda6
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 15:01:03 2019 +0100
s3:libsmb: make use of get_cmdline_auth_info_creds() in get_ipc_connect()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 16fbb196fc2dda0f76c4a48cf586923df0dce4de
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 14:48:12 2019 +0100
s3:smbcacls: make use of get_cmdline_auth_info_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f8275387a9a88973a419d19136e20ba89961c8c7
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 14:48:12 2019 +0100
s3:smbcquotas: make use of get_cmdline_auth_info_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a72cac6bc0c45ff830c27c3f5b6b640bdd49b91e
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 14:45:43 2019 +0100
s3:mdfind: make use of get_cmdline_auth_info_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f399e7e6a4de486876eebf286f2f9f0268687a16
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 14:38:19 2019 +0100
s3:rpcclient: make use of get_cmdline_auth_info_creds() in cmd_spoolss.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit bec9c47cbc8de832e7137470566765aa76edc951
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 14:34:36 2019 +0100
examples/fuse/smb2mount: make use of get_cmdline_auth_info_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1aaf32c327c61b9e9e0e818f776db960cf162935
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 14:28:06 2019 +0100
s3:cli_pipe: remove unused cli_rpc_pipe_open_generic_auth()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ee4eab14f16f967188a1e68fcf27e8e9fd653eeb
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 14:27:25 2019 +0100
s3:cli_pipe: improve debug messages in cli_rpc_pipe_open_with_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit e8d71172cafd74a622bb0d375507f6f5ee3ffe88
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 13:58:37 2019 +0100
s3:net: make use of cli_rpc_pipe_open_with_creds() by using net_context_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f6e0582eaa0fbc7b1cb1747f3f3aa395b1cd83b3
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 13:58:37 2019 +0100
s3:net: avoid prompting for a password if --use-ccache is used
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit e7119198e0939dac0657fa247917feee315cece5
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 13:57:55 2019 +0100
s3:net: add net_context_creds() helper function
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 715d8751447e3ec140cb70084d27ba958c07c21a
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 13:43:02 2019 +0100
s3:net: always set ctx->opt_user_specified = true when we overwrite opt_user_name
If we force changing the used username we should make that clear.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 84f04f90bd35c678e4336191968cbb48b0fb596b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 13:35:16 2019 +0100
s3:net: remove unused net_use_machine_account()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6e6e0bc638e5699a9f6a264d6495687c54430427
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 11 13:11:53 2019 +0100
s3:cli_pipe: remove unused 'use_kerberos' from cli_rpc_pipe_open_generic_auth()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
examples/fuse/smb2mount.c | 17 +--
source3/client/smbspool.c | 38 ++----
source3/include/client.h | 9 --
source3/libnet/libnet_join.c | 77 +++++++++----
source3/libsmb/cliconnect.c | 122 +-------------------
source3/libsmb/clidfs.c | 41 -------
source3/libsmb/clientgen.c | 14 ---
source3/libsmb/libsmb_server.c | 116 ++++++++++---------
source3/libsmb/proto.h | 13 ---
source3/rpc_client/cli_pipe.c | 78 ++-----------
source3/rpc_client/cli_pipe.h | 12 --
source3/rpc_server/spoolss/srv_spoolss_nt.c | 16 ++-
source3/rpcclient/cmd_spoolss.c | 11 +-
source3/rpcclient/rpcclient.c | 61 ++++------
source3/torture/locktest2.c | 26 ++++-
source3/torture/torture.c | 4 -
source3/utils/mdfind.c | 47 +++-----
source3/utils/net_ads.c | 16 ++-
source3/utils/net_proto.h | 4 +-
source3/utils/net_rpc.c | 16 ++-
source3/utils/net_rpc_trust.c | 1 +
source3/utils/net_util.c | 173 ++++++++++++++++++++--------
source3/utils/netlookup.c | 33 ++----
source3/utils/smbcacls.c | 17 +--
source3/utils/smbcquotas.c | 21 +---
25 files changed, 385 insertions(+), 598 deletions(-)
Changeset truncated at 500 lines:
diff --git a/examples/fuse/smb2mount.c b/examples/fuse/smb2mount.c
index ec4be809f6d..ea1d9a11e0b 100644
--- a/examples/fuse/smb2mount.c
+++ b/examples/fuse/smb2mount.c
@@ -33,17 +33,10 @@ static struct cli_state *connect_one(const struct user_auth_info *auth_info,
NTSTATUS nt_status;
uint32_t flags = 0;
- if (get_cmdline_auth_info_use_kerberos(auth_info)) {
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
- CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
- }
-
- nt_status = cli_full_connection(&c, lp_netbios_name(), server,
+ nt_status = cli_full_connection_creds(&c, lp_netbios_name(), server,
NULL, port,
share, "?????",
- get_cmdline_auth_info_username(auth_info),
- lp_workgroup(),
- get_cmdline_auth_info_password(auth_info),
+ get_cmdline_auth_info_creds(auth_info),
flags,
get_cmdline_auth_info_signing_state(auth_info));
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -53,11 +46,9 @@ static struct cli_state *connect_one(const struct user_auth_info *auth_info,
}
if (get_cmdline_auth_info_smb_encrypt(auth_info)) {
- nt_status = cli_cm_force_encryption(
+ nt_status = cli_cm_force_encryption_creds(
c,
- get_cmdline_auth_info_username(auth_info),
- get_cmdline_auth_info_password(auth_info),
- lp_workgroup(),
+ get_cmdline_auth_info_creds(auth_info),
share);
if (!NT_STATUS_IS_OK(nt_status)) {
cli_shutdown(c);
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index e8be739f5cd..f56dc323b6e 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -64,16 +64,6 @@
static int get_exit_code(NTSTATUS nt_status);
static void list_devices(void);
static NTSTATUS
-smb_complete_connection(struct cli_state **output_cli,
- const char *myname,
- const char *server,
- int port,
- const char *username,
- const char *password,
- const char *workgroup,
- const char *share,
- int flags);
-static NTSTATUS
smb_connect(struct cli_state **output_cli,
const char *workgroup,
const char *server,
@@ -546,30 +536,21 @@ smb_complete_connection(struct cli_state **output_cli,
const char *password,
const char *workgroup,
const char *share,
- int flags)
+ bool use_kerberos,
+ bool fallback_after_kerberos)
{
struct cli_state *cli; /* New connection */
NTSTATUS nt_status;
struct cli_credentials *creds = NULL;
- bool use_kerberos = false;
- bool fallback_after_kerberos = false;
/* Start the SMB connection */
nt_status = cli_start_connection(&cli, myname, server, NULL, port,
- SMB_SIGNING_DEFAULT, flags);
+ SMB_SIGNING_DEFAULT, 0);
if (!NT_STATUS_IS_OK(nt_status)) {
fprintf(stderr, "ERROR: Connection failed: %s\n", nt_errstr(nt_status));
return nt_status;
}
- if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
- use_kerberos = true;
- }
-
- if (flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) {
- fallback_after_kerberos = true;
- }
-
creds = cli_session_creds_init(cli,
username,
workgroup,
@@ -694,8 +675,8 @@ smb_connect(struct cli_state **output_cli,
struct cli_state *cli = NULL; /* New connection */
char *myname = NULL; /* Client name */
struct passwd *pwd;
- int flags = CLI_FULL_CONNECTION_USE_KERBEROS;
bool use_kerberos = false;
+ bool fallback_after_kerberos = false;
const char *user = username;
NTSTATUS nt_status;
@@ -726,7 +707,7 @@ smb_connect(struct cli_state **output_cli,
}
/* Fallback to NTLM */
- flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+ fallback_after_kerberos = true;
fprintf(stderr,
"DEBUG: Try to connect using username/password ...\n");
@@ -734,7 +715,7 @@ smb_connect(struct cli_state **output_cli,
goto anonymous;
} else if (strcmp(auth_info_required, "samba") == 0) {
if (username != NULL) {
- flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+ fallback_after_kerberos = true;
} else if (kerberos_ccache_is_valid()) {
auth_info_required = "negotiate";
@@ -757,7 +738,8 @@ smb_connect(struct cli_state **output_cli,
password,
workgroup,
share,
- flags);
+ true, /* try kerberos */
+ fallback_after_kerberos);
if (NT_STATUS_IS_OK(nt_status)) {
fprintf(stderr, "DEBUG: SMB connection established.\n");
@@ -784,7 +766,7 @@ smb_connect(struct cli_state **output_cli,
"",
workgroup,
share,
- 0);
+ false, false);
if (NT_STATUS_IS_OK(nt_status)) {
fputs("DEBUG: Connected with NTLMSSP...\n", stderr);
@@ -805,7 +787,7 @@ anonymous:
"",
workgroup,
share,
- 0);
+ false, false);
if (NT_STATUS_IS_OK(nt_status)) {
*output_cli = cli;
return NT_STATUS_OK;
diff --git a/source3/include/client.h b/source3/include/client.h
index 23ba86d2a2c..fdb5d7da830 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -76,11 +76,6 @@ struct cli_state {
/* The list of pipes currently open on this connection. */
struct rpc_pipe_client *pipe_list;
- bool use_kerberos;
- bool fallback_after_kerberos;
- bool use_ccache;
- bool pw_nt_hash;
-
bool use_oplocks; /* should we use oplocks? */
/* Where (if anywhere) this is mounted under DFS. */
@@ -119,15 +114,11 @@ struct file_info {
};
#define CLI_FULL_CONNECTION_DONT_SPNEGO 0x0001
-#define CLI_FULL_CONNECTION_USE_KERBEROS 0x0002
#define CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK 0x0004
-#define CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS 0x0008
#define CLI_FULL_CONNECTION_OPLOCKS 0x0010
#define CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS 0x0020
-#define CLI_FULL_CONNECTION_USE_CCACHE 0x0040
#define CLI_FULL_CONNECTION_FORCE_DOS_ERRORS 0x0080
#define CLI_FULL_CONNECTION_FORCE_ASCII 0x0100
-#define CLI_FULL_CONNECTION_USE_NT_HASH 0x0200
#define CLI_FULL_CONNECTION_FORCE_SMB1 0x0400
#define CLI_FULL_CONNECTION_DISABLE_SMB1 0x0800
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index eb8e0ea17f7..9fdc18c4994 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1057,25 +1057,47 @@ static NTSTATUS libnet_join_connect_dc_ipc(const char *dc,
bool use_kerberos,
struct cli_state **cli)
{
+ TALLOC_CTX *frame = talloc_stackframe();
+ bool fallback_after_kerberos = false;
+ bool use_ccache = false;
+ bool pw_nt_hash = false;
+ struct cli_credentials *creds = NULL;
int flags = 0;
+ NTSTATUS status;
- if (use_kerberos) {
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+ if (use_kerberos && pass) {
+ fallback_after_kerberos = true;
+ }
+
+ creds = cli_session_creds_init(frame,
+ user,
+ domain,
+ NULL, /* realm (use default) */
+ pass,
+ use_kerberos,
+ fallback_after_kerberos,
+ use_ccache,
+ pw_nt_hash);
+ if (creds == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
}
- if (use_kerberos && pass) {
- flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
- }
-
- return cli_full_connection(cli, NULL,
- dc,
- NULL, 0,
- "IPC$", "IPC",
- user,
- domain,
- pass,
- flags,
- SMB_SIGNING_IPC_DEFAULT);
+ status = cli_full_connection_creds(cli,
+ NULL,
+ dc,
+ NULL, 0,
+ "IPC$", "IPC",
+ creds,
+ flags,
+ SMB_SIGNING_IPC_DEFAULT);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
}
/****************************************************************
@@ -1692,15 +1714,22 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
SMB_SIGNING_IPC_DEFAULT);
if (!NT_STATUS_IS_OK(status)) {
- status = cli_full_connection(&cli, NULL,
- dc_name,
- NULL, 0,
- "IPC$", "IPC",
- "",
- NULL,
- "",
- 0,
- SMB_SIGNING_IPC_DEFAULT);
+ struct cli_credentials *anon_creds = NULL;
+
+ anon_creds = cli_credentials_init_anon(frame);
+ if (anon_creds == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = cli_full_connection_creds(&cli,
+ NULL,
+ dc_name,
+ NULL, 0,
+ "IPC$", "IPC",
+ anon_creds,
+ 0,
+ SMB_SIGNING_OFF);
}
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 23b2bd2bdf7..9d0296873ea 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1433,8 +1433,6 @@ struct tevent_req *cli_session_setup_creds_send(TALLOC_CTX *mem_ctx,
uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
bool use_spnego = false;
int flags = 0;
- enum credentials_use_kerberos krb5_state;
- uint32_t gensec_features;
const char *username = "";
const char *domain = "";
DATA_BLOB target_info = data_blob_null;
@@ -1456,30 +1454,6 @@ struct tevent_req *cli_session_setup_creds_send(TALLOC_CTX *mem_ctx,
tevent_req_set_cleanup_fn(req, cli_session_setup_creds_cleanup);
- krb5_state = cli_credentials_get_kerberos_state(creds);
- gensec_features = cli_credentials_get_gensec_features(creds);
-
- switch (krb5_state) {
- case CRED_MUST_USE_KERBEROS:
- cli->use_kerberos = true;
- cli->fallback_after_kerberos = false;
- break;
- case CRED_AUTO_USE_KERBEROS:
- cli->use_kerberos = true;
- cli->fallback_after_kerberos = true;
- break;
- case CRED_DONT_USE_KERBEROS:
- cli->use_kerberos = false;
- cli->fallback_after_kerberos = false;
- break;
- }
-
- if (gensec_features & GENSEC_FEATURE_NTLM_CCACHE) {
- cli->use_ccache = true;
- } else {
- cli->use_ccache = false;
- }
-
/*
* Now work out what sort of session setup we are going to
* do. I have split this into separate functions to make the flow a bit
@@ -3391,8 +3365,6 @@ struct tevent_req *cli_full_connection_creds_send(
{
struct tevent_req *req, *subreq;
struct cli_full_connection_creds_state *state;
- enum credentials_use_kerberos krb5_state;
- uint32_t gensec_features = 0;
req = tevent_req_create(mem_ctx, &state,
struct cli_full_connection_creds_state);
@@ -3401,30 +3373,6 @@ struct tevent_req *cli_full_connection_creds_send(
}
talloc_set_destructor(state, cli_full_connection_creds_state_destructor);
- flags &= ~CLI_FULL_CONNECTION_USE_KERBEROS;
- flags &= ~CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
- flags &= ~CLI_FULL_CONNECTION_USE_CCACHE;
- flags &= ~CLI_FULL_CONNECTION_USE_NT_HASH;
-
- krb5_state = cli_credentials_get_kerberos_state(creds);
- switch (krb5_state) {
- case CRED_MUST_USE_KERBEROS:
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
- flags &= ~CLI_FULL_CONNECTION_DONT_SPNEGO;
- break;
- case CRED_AUTO_USE_KERBEROS:
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
- flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
- break;
- case CRED_DONT_USE_KERBEROS:
- break;
- }
-
- gensec_features = cli_credentials_get_gensec_features(creds);
- if (gensec_features & GENSEC_FEATURE_NTLM_CCACHE) {
- flags |= CLI_FULL_CONNECTION_USE_CCACHE;
- }
-
state->ev = ev;
state->service = service;
state->service_type = service_type;
@@ -3597,66 +3545,6 @@ NTSTATUS cli_full_connection_creds(struct cli_state **output_cli,
return status;
}
-NTSTATUS cli_full_connection(struct cli_state **output_cli,
- const char *my_name,
- const char *dest_host,
- const struct sockaddr_storage *dest_ss, int port,
- const char *service, const char *service_type,
- const char *user, const char *domain,
- const char *password, int flags,
- int signing_state)
-{
- TALLOC_CTX *frame = talloc_stackframe();
- NTSTATUS status;
- bool use_kerberos = false;
- bool fallback_after_kerberos = false;
- bool use_ccache = false;
- bool pw_nt_hash = false;
- struct cli_credentials *creds = NULL;
-
- if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
- use_kerberos = true;
- }
-
- if (flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) {
- fallback_after_kerberos = true;
- }
-
- if (flags & CLI_FULL_CONNECTION_USE_CCACHE) {
- use_ccache = true;
- }
-
- if (flags & CLI_FULL_CONNECTION_USE_NT_HASH) {
- pw_nt_hash = true;
- }
-
- creds = cli_session_creds_init(frame,
- user,
- domain,
- NULL, /* realm (use default) */
- password,
- use_kerberos,
- fallback_after_kerberos,
- use_ccache,
- pw_nt_hash);
- if (creds == NULL) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
- status = cli_full_connection_creds(output_cli, my_name,
- dest_host, dest_ss, port,
- service, service_type,
- creds, flags, signing_state);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(frame);
- return status;
- }
-
- TALLOC_FREE(frame);
- return NT_STATUS_OK;
-}
-
/****************************************************************************
Send an old style tcon.
****************************************************************************/
@@ -3784,16 +3672,10 @@ struct cli_state *get_ipc_connect(char *server,
NTSTATUS nt_status;
uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
- if (get_cmdline_auth_info_use_kerberos(user_info)) {
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
- }
-
flags |= CLI_FULL_CONNECTION_FORCE_SMB1;
- nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
- get_cmdline_auth_info_username(user_info),
- lp_workgroup(),
- get_cmdline_auth_info_password(user_info),
+ nt_status = cli_full_connection_creds(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
+ get_cmdline_auth_info_creds(user_info),
flags,
SMB_SIGNING_DEFAULT);
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 25f932c60bb..ba091243147 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -99,34 +99,6 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
return NT_STATUS_OK;
}
-NTSTATUS cli_cm_force_encryption(struct cli_state *c,
- const char *username,
- const char *password,
- const char *domain,
- const char *sharename)
-{
- struct cli_credentials *creds = NULL;
- NTSTATUS status;
-
- creds = cli_session_creds_init(c,
- username,
- domain,
- NULL, /* default realm */
- password,
- c->use_kerberos,
- c->fallback_after_kerberos,
- c->use_ccache,
- c->pw_nt_hash);
- if (creds == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- status = cli_cm_force_encryption_creds(c, creds, sharename);
- /* gensec currently references the creds so we can't free them here */
- talloc_unlink(c, creds);
- return status;
-}
-
/********************************************************************
Return a connection to a server.
********************************************************************/
@@ -178,19 +150,6 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- if (get_cmdline_auth_info_use_kerberos(auth_info)) {
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
- }
- if (get_cmdline_auth_info_fallback_after_kerberos(auth_info)) {
- flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
- }
- if (get_cmdline_auth_info_use_ccache(auth_info)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list