[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Apr 5 02:03:01 UTC 2023
The branch, master has been updated
via f5d04a43cf6 python:join: fix reused variable name in provision func
via e258ea12b01 s4:kdc: Allocate claim value on values context
via 3b72dde2027 tests/krb5: Add tests for constructed (authentication silo) claims
via 75aecbe6203 tests/krb5: Add method to create authentication silo claim
via dc4c51f353a tests/krb5: Add method to create an authentication silo
via 8855b525ce1 tests/krb5: Add methods to get authentication policy DNs
via 9b96855f370 tests/krb5: Check only for the canonical representation of a security descriptor
via f1174c6e0c4 librpc/ndr: Fix NULL pointer dereference
via d0d588558d9 Update WHATSNEW.txt
via 960fe1ca273 s3:utils: s3:utils: Correctly wire winbind ccache support for smbget
via e22eccbe889 s3:utils: Correctly wire NT hash support for smbget
via 61424dd2218 auth: Add cli_credentials_is_password_nt_hash()
via 97c0982bad9 auth: Remove trailing white spaces in credentials_ntlm.c
via 96914246d36 auth: Remove trailing white spaces in credentials.h
via de702cb5b18 s3:tests: Add test with testdenied_upn at REALM.upn
via 3fa25a77ca9 s3:tests: Add a kerberos trust test for smbget
via 9392a581dbb s3:tests: Add kerberos test for smbget
via 267ea547129 s3:utils: Correctly wire Kerberos support for smbget
via a2ba787780c s3:tests: Add encryption test for smbget
via ada8cd6a627 s3:utils: Correctly wire encryption for smbget
via f531dd19826 docs-xml: Remove smbgetrc manpage
via 7f8a814c7ad docs-xml: Update smbget manpage
via 20b5d98ce58 s3:utils: Use common command line parser for smbget
via 42b47e20e71 s3:tests: Use long options for smbget in test_smbget.sh
via 0e07d0ac220 s3:utils: Add support for parsing domain/UPN in username for smbget
via 34d4ac9907c s3:utils: Always cleanup when leaving smbget main()
via 1f3f88603a4 s3:tests: Add smbget msdfs link test with domain and UPN
via d81acef3924 s3:tests: Add domain and UPN test for smbget
via 1104916d227 s3:tests: Also clear the download area in smbget msdfs_link test
via 9c76563ba24 s3:selftest: Pass REALM to samba.blackbox.smbget
via badbbceb76f s3:selftest: Move samba3.blackbox.smbget to ad_member
via acf259c7e0b s3:selftest: Move the smbget share to the provision function
from 925b026a235 lib:ldb:tests: Fix code spelling
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f5d04a43cf6b32aa8ea443bc5ac485581d77d200
Author: John Mulligan <jmulligan at redhat.com>
Date: Fri Mar 24 15:11:59 2023 -0400
python:join: fix reused variable name in provision func
Recent updates to run adprep during the provision function re-used a
variable name that was already in use as a string. This reassignment
changed the type of the referenced object. This variable name is later
used to setup the mit krb5 kdc conf and expects the var to contain a
string. When executed with default cli options on a mit krb5 based build
samba tool fails with a traceback:
```
INFO 2023-03-23 21:22:50,399 pid:6
/usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2021:
Fixing provision GUIDs
ERROR(<class 'AttributeError'>): uncaught exception - 'DomainUpdate'
object has no attribute 'upper'
File "/usr/lib64/python3.10/site-packages/samba/netcmd/__init__.py",
line 230, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python3.10/site-packages/samba/netcmd/domain.py",
line 555, in run
result = provision(self.logger,
File
"/usr/lib64/python3.10/site-packages/samba/provision/__init__.py", line
2408, in provision
create_kdc_conf(paths.kdcconf, realm, domain,
os.path.dirname(lp.get("log file")))
File
"/usr/lib64/python3.10/site-packages/samba/provision/kerberos.py", line
43, in create_kdc_conf
domain = domain.upper()
```
This change removes the re-use of the existing var name by chaining
the calls.
Fixes: 4bba26579d1
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 5 02:02:29 UTC 2023 on atb-devel-224
commit e258ea12b01c2f01f049f95c9c7e4c7ec0ada6d6
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Apr 3 13:07:30 2023 +1200
s4:kdc: Allocate claim value on values context
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3b72dde2027fe7bffa03f6022fd2a5aef26845fa
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Apr 3 13:24:12 2023 +1200
tests/krb5: Add tests for constructed (authentication silo) claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 75aecbe62030c386e93d179e1cb1aebb6e916df9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Apr 3 14:28:58 2023 +1200
tests/krb5: Add method to create authentication silo claim
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dc4c51f353a2bce5b8662a80b77e60846cb00255
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Apr 3 12:54:55 2023 +1200
tests/krb5: Add method to create an authentication silo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8855b525ce11a343cf1fdab429e39c36b3f5f28c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Mar 7 17:40:10 2022 +1300
tests/krb5: Add methods to get authentication policy DNs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9b96855f370e7079baeac41c1797ef5fb3d4cd73
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Mar 28 07:46:23 2023 +1300
tests/krb5: Check only for the canonical representation of a security descriptor
As of commit be1aae77b7610933b1121f207e0a4df523c2d278, Samba only
produces the canonical form of a security descriptor.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f1174c6e0c4c033b3eae0b9ab94d76ac1382f74b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Apr 3 10:40:02 2023 +1200
librpc/ndr: Fix NULL pointer dereference
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15348
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d0d588558d925ecc3e3d4136b8d7185f009154e6
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 30 13:43:26 2023 +0200
Update WHATSNEW.txt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 960fe1ca27357d8c2f85f956531dfbe6bbc025f7
Author: Andreas Schneider <asn at samba.org>
Date: Mon Apr 3 08:14:30 2023 +0200
s3:utils: s3:utils: Correctly wire winbind ccache support for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e22eccbe889f27f6cb3661e0ef313cef08cd33f8
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 31 09:49:44 2023 +0200
s3:utils: Correctly wire NT hash support for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 61424dd22180a4f84eb11f4ae8263d53904f6e45
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 31 10:44:16 2023 +0200
auth: Add cli_credentials_is_password_nt_hash()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 97c0982bad9e29955e763bf3d48fab9dc586ba37
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 31 10:43:59 2023 +0200
auth: Remove trailing white spaces in credentials_ntlm.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 96914246d367652b77361d168f7e99a0502d4776
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 31 10:43:11 2023 +0200
auth: Remove trailing white spaces in credentials.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit de702cb5b18f8fe9220229200c87a374fe055cd5
Author: Andreas Schneider <asn at samba.org>
Date: Tue Apr 4 09:25:55 2023 +0200
s3:tests: Add test with testdenied_upn at REALM.upn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3fa25a77ca98cf4356bc8656e003ebc721a28af5
Author: Andreas Schneider <asn at samba.org>
Date: Mon Apr 3 08:30:06 2023 +0200
s3:tests: Add a kerberos trust test for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9392a581dbb7a668a249a2eaa43942d34b268ba4
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 31 09:46:02 2023 +0200
s3:tests: Add kerberos test for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 267ea5471298bb3a47e6b16898c85b62dc48900c
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 31 09:32:02 2023 +0200
s3:utils: Correctly wire Kerberos support for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a2ba787780c215bd6e9358ec358adbf863eb5c77
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 31 09:36:46 2023 +0200
s3:tests: Add encryption test for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ada8cd6a6274f8266ee66e56d164d48f2e1bc41a
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 31 09:31:11 2023 +0200
s3:utils: Correctly wire encryption for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f531dd19826d5e092ce3c55ddd4882bd658d320d
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 31 08:40:38 2023 +0200
docs-xml: Remove smbgetrc manpage
This has been removed, we have support for an authentication file.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7f8a814c7ad7529a9b1da872927d34ba8ba222f7
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 30 13:48:06 2023 +0200
docs-xml: Update smbget manpage
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 20b5d98ce58526fb0fc78f5482988aebb95c7e80
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 30 11:19:01 2023 +0200
s3:utils: Use common command line parser for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 42b47e20e718b0c29659c6d40b81726ebbf337d2
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 30 13:00:55 2023 +0200
s3:tests: Use long options for smbget in test_smbget.sh
This is more descriptive and will help with the next commit.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0e07d0ac220226306c10f39dad1031382264d4e4
Author: Andreas Schneider <asn at samba.org>
Date: Wed Mar 29 08:48:12 2023 +0200
s3:utils: Add support for parsing domain/UPN in username for smbget
The smbget utility doesn't use the common command line parser, so it
doesn't support paring of DOMAIN/user or user at realm.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 34d4ac9907c47d6183efd2f850c2293207fa32fa
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 30 11:14:26 2023 +0200
s3:utils: Always cleanup when leaving smbget main()
This will not leak any memory. Also rename the bool to 'ok' for better
readability.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1f3f88603a40e11cf1c9326a1f16d27e0d9337e1
Author: Andreas Schneider <asn at samba.org>
Date: Wed Mar 29 09:03:11 2023 +0200
s3:tests: Add smbget msdfs link test with domain and UPN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d81acef3924ef1484e3e0467e6441f4792c84f3d
Author: Andreas Schneider <asn at samba.org>
Date: Wed Mar 29 08:59:09 2023 +0200
s3:tests: Add domain and UPN test for smbget
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1104916d227550f7c445e61d8ee3b62983c052c4
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 30 10:26:40 2023 +0200
s3:tests: Also clear the download area in smbget msdfs_link test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9c76563ba2460187bbfc2e2c75e9237b82357139
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 30 10:06:55 2023 +0200
s3:selftest: Pass REALM to samba.blackbox.smbget
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit badbbceb76f41ddb86481ffd02f06f197258c1cb
Author: Andreas Schneider <asn at samba.org>
Date: Wed Mar 29 13:08:37 2023 +0200
s3:selftest: Move samba3.blackbox.smbget to ad_member
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit acf259c7e0b81b2b178d467102ced7826c109036
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 30 10:16:35 2023 +0200
s3:selftest: Move the smbget share to the provision function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 11 +
auth/credentials/credentials.h | 83 +++---
auth/credentials/credentials_ntlm.c | 33 ++-
docs-xml/manpages/smbget.1.xml | 100 +++----
docs-xml/manpages/smbgetrc.5.xml | 112 --------
docs-xml/wscript_build | 1 -
librpc/ndr/ndr_claims.c | 8 +-
python/samba/provision/__init__.py | 9 +-
python/samba/tests/krb5/claims_tests.py | 126 ++++++---
python/samba/tests/krb5/kdc_base_test.py | 180 +++++++++++-
selftest/knownfail.d/constructed-claims | 1 +
selftest/target/Samba3.pm | 15 +-
source3/script/tests/test_smbget.sh | 262 ++++++++++++++++--
source3/selftest/tests.py | 16 +-
source3/utils/smbget.c | 462 ++++++++++++-------------------
source3/utils/wscript_build | 2 +-
source4/kdc/ad_claims.c | 2 +-
17 files changed, 829 insertions(+), 594 deletions(-)
delete mode 100644 docs-xml/manpages/smbgetrc.5.xml
create mode 100644 selftest/knownfail.d/constructed-claims
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index d63da177595..d6b23b06f60 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -16,6 +16,17 @@ UPGRADING
NEW FEATURES/CHANGES
====================
+Migrated smbget to use common command line parser
+-------------------------------------------------
+
+The smbget utility implemented its own command line parsing logic. After
+discovering an issue we decided to migrate it to use the common command line
+parser. This has some advantages as you get all the feature it provides like
+Kerberos authentication. The downside is that breaks the options interface.
+The support for smbgetrc has been removed. You can use an authentication file
+if needed, this is documented in the manpage.
+
+Please check the smbget manpage or --help output.
REMOVED FEATURES
================
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index e9d8b8a44b1..c3a048ecc8d 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -1,4 +1,4 @@
-/*
+/*
samba -- Unix SMB/CIFS implementation.
Client credentials structure
@@ -10,12 +10,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -42,7 +42,7 @@ enum smb_signing_setting;
enum smb_encryption_setting;
/* In order of priority */
-enum credentials_obtained {
+enum credentials_obtained {
CRED_UNINITIALISED = 0, /* We don't even have a guess yet */
CRED_SMB_CONF, /* Current value should be used, which comes from smb.conf */
CRED_CALLBACK, /* Callback should be used to obtain value */
@@ -81,8 +81,8 @@ enum credentials_krb_forwardable {
#define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this flag */
const char *cli_credentials_get_workstation(struct cli_credentials *cred);
-bool cli_credentials_set_workstation(struct cli_credentials *cred,
- const char *val,
+bool cli_credentials_set_workstation(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained);
bool cli_credentials_is_anonymous(struct cli_credentials *cred);
struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx);
@@ -93,29 +93,29 @@ bool cli_credentials_wrong_password(struct cli_credentials *cred);
const char *cli_credentials_get_password(struct cli_credentials *cred);
const char *cli_credentials_get_password_and_obtained(struct cli_credentials *cred,
enum credentials_obtained *obtained);
-void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
- const char **username,
+void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
+ const char **username,
const char **domain);
-NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
+NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
int *flags,
DATA_BLOB challenge,
const NTTIME *server_timestamp,
DATA_BLOB target_info,
- DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,
+ DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,
DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key);
const char *cli_credentials_get_realm(struct cli_credentials *cred);
const char *cli_credentials_get_username(struct cli_credentials *cred);
const char *cli_credentials_get_username_and_obtained(struct cli_credentials *cred,
enum credentials_obtained *obtained);
-int cli_credentials_get_krb5_context(struct cli_credentials *cred,
+int cli_credentials_get_krb5_context(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context);
-int cli_credentials_get_ccache(struct cli_credentials *cred,
+int cli_credentials_get_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ccache_container **ccc,
const char **error_string);
-int cli_credentials_get_named_ccache(struct cli_credentials *cred,
+int cli_credentials_get_named_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
char *ccache_name,
@@ -123,7 +123,7 @@ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
bool cli_credentials_failed_kerberos_login(struct cli_credentials *cred,
const char *principal,
unsigned int *count);
-int cli_credentials_get_keytab(struct cli_credentials *cred,
+int cli_credentials_get_keytab(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc);
const char *cli_credentials_get_domain(struct cli_credentials *cred);
@@ -133,10 +133,10 @@ void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
bool cli_credentials_set_conf(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
-int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
+int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc);
-int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
+int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc,
@@ -148,22 +148,22 @@ bool cli_credentials_set_kerberos_state(struct cli_credentials *creds,
enum credentials_obtained obtained);
void cli_credentials_set_krb_forwardable(struct cli_credentials *creds,
enum credentials_krb_forwardable krb_forwardable);
-bool cli_credentials_set_domain(struct cli_credentials *cred,
- const char *val,
+bool cli_credentials_set_domain(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained);
bool cli_credentials_set_domain_callback(struct cli_credentials *cred,
const char *(*domain_cb) (struct cli_credentials *));
-bool cli_credentials_set_username(struct cli_credentials *cred,
+bool cli_credentials_set_username(struct cli_credentials *cred,
const char *val, enum credentials_obtained obtained);
bool cli_credentials_set_username_callback(struct cli_credentials *cred,
const char *(*username_cb) (struct cli_credentials *));
-bool cli_credentials_set_principal(struct cli_credentials *cred,
- const char *val,
+bool cli_credentials_set_principal(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained);
bool cli_credentials_set_principal_callback(struct cli_credentials *cred,
const char *(*principal_cb) (struct cli_credentials *));
-bool cli_credentials_set_password(struct cli_credentials *cred,
- const char *val,
+bool cli_credentials_set_password(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained);
struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx);
void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained);
@@ -171,8 +171,8 @@ struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
TALLOC_CTX *mem_ctx);
struct samr_Password *cli_credentials_get_old_nt_hash(struct cli_credentials *cred,
TALLOC_CTX *mem_ctx);
-bool cli_credentials_set_realm(struct cli_credentials *cred,
- const char *val,
+bool cli_credentials_set_realm(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained);
void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
enum netr_SchannelType secure_channel_type);
@@ -181,7 +181,7 @@ void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred
void cli_credentials_set_netlogon_creds(
struct cli_credentials *cred,
const struct netlogon_creds_CredentialState *netlogon_creds);
-NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
+NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
struct smb_krb5_context *smb_krb5_context);
NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
@@ -206,7 +206,7 @@ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credentials *cred
bool cli_credentials_authentication_requested(struct cli_credentials *cred);
bool cli_credentials_guess(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
-bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
+bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
const char *bind_dn);
const char *cli_credentials_get_bind_dn(struct cli_credentials *cred);
bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained);
@@ -224,8 +224,9 @@ bool cli_credentials_set_old_utf16_password(struct cli_credentials *cred,
const DATA_BLOB *password_utf16);
void cli_credentials_set_password_will_be_nt_hash(struct cli_credentials *cred,
bool val);
+bool cli_credentials_is_password_nt_hash(struct cli_credentials *cred);
bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
- const struct samr_Password *nt_hash,
+ const struct samr_Password *nt_hash,
enum credentials_obtained obtained);
bool cli_credentials_set_old_nt_hash(struct cli_credentials *cred,
const struct samr_Password *nt_hash);
@@ -235,23 +236,23 @@ bool cli_credentials_set_ntlm_response(struct cli_credentials *cred,
const DATA_BLOB *nt_response,
const DATA_BLOB *nt_session_key,
enum credentials_obtained obtained);
-int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+int cli_credentials_set_keytab_name(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
- const char *keytab_name,
+ const char *keytab_name,
enum credentials_obtained obtained);
bool cli_credentials_set_gensec_features(struct cli_credentials *creds,
uint32_t gensec_features,
enum credentials_obtained obtained);
uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
-int cli_credentials_set_ccache(struct cli_credentials *cred,
+int cli_credentials_set_ccache(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
- const char *name,
+ const char *name,
enum credentials_obtained obtained,
const char **error_string);
bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained);
-bool cli_credentials_parse_password_fd(struct cli_credentials *credentials,
+bool cli_credentials_parse_password_fd(struct cli_credentials *credentials,
int fd, enum credentials_obtained obtained);
-void cli_credentials_invalidate_ccache(struct cli_credentials *cred,
+void cli_credentials_invalidate_ccache(struct cli_credentials *cred,
enum credentials_obtained obtained);
void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal);
void cli_credentials_set_impersonate_principal(struct cli_credentials *cred,
@@ -265,11 +266,11 @@ const char *cli_credentials_get_target_service(struct cli_credentials *cred);
enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *cred);
enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds);
-NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
+NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct ldb_context *ldb,
const char *base,
- const char *filter,
+ const char *filter,
char **error_string);
int cli_credentials_get_kvno(struct cli_credentials *cred);
@@ -283,8 +284,8 @@ bool cli_credentials_set_username_callback(struct cli_credentials *cred,
* @note Return value will never be NULL except by programmer error.
*/
char *cli_credentials_get_principal_and_obtained(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, enum credentials_obtained *obtained);
-bool cli_credentials_set_principal(struct cli_credentials *cred,
- const char *val,
+bool cli_credentials_set_principal(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained);
bool cli_credentials_set_principal_callback(struct cli_credentials *cred,
const char *(*principal_cb) (struct cli_credentials *));
@@ -295,8 +296,8 @@ bool cli_credentials_set_principal_callback(struct cli_credentials *cred,
* @retval If set, the cleartext password, otherwise NULL
*/
const char *cli_credentials_get_old_password(struct cli_credentials *cred);
-bool cli_credentials_set_old_password(struct cli_credentials *cred,
- const char *val,
+bool cli_credentials_set_old_password(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained);
bool cli_credentials_set_domain_callback(struct cli_credentials *cred,
const char *(*domain_cb) (struct cli_credentials *));
@@ -336,7 +337,7 @@ bool cli_credentials_set_cmdline_callbacks(struct cli_credentials *cred);
void cli_credentials_dump(struct cli_credentials *creds);
/**
- * Return attached NETLOGON credentials
+ * Return attached NETLOGON credentials
*/
struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index 1c17148e647..38226453c4a 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
User credentials handling
@@ -6,17 +6,17 @@
Copyright (C) Andrew Tridgell 2001
Copyright (C) Andrew Bartlett <abartlet at samba.org> 2001-2005
Copyright (C) Stefan Metzmacher 2005
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -35,13 +35,13 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
-_PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
int *flags,
DATA_BLOB challenge,
const NTTIME *server_timestamp,
DATA_BLOB target_info,
- DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,
- DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key)
+ DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,
+ DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key)
{
TALLOC_CTX *frame = talloc_stackframe();
const char *user = NULL;
@@ -152,13 +152,13 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
/* TODO: if the remote server is standalone, then we should replace 'domain'
with the server name as supplied above */
-
+
if (!SMBNTLMv2encrypt_hash(frame,
- user,
- domain,
- nt_hash->hash, &challenge,
+ user,
+ domain,
+ nt_hash->hash, &challenge,
server_timestamp, &target_info,
- &lm_response, &nt_response,
+ &lm_response, &nt_response,
NULL, &session_key)) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
@@ -263,7 +263,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
SMBsesskeygen_ntv1(nt_hash->hash, session_key.data);
dump_data_pw("NT session key:\n", session_key.data, session_key.length);
- /* lanman auth is insecure, it may be disabled.
+ /* lanman auth is insecure, it may be disabled.
We may also not have a password */
if (password != NULL) {
@@ -458,8 +458,13 @@ _PUBLIC_ void cli_credentials_set_password_will_be_nt_hash(struct cli_credential
cred->password_will_be_nt_hash = val;
}
+_PUBLIC_ bool cli_credentials_is_password_nt_hash(struct cli_credentials *cred)
+{
+ return cred->password_will_be_nt_hash;
+}
+
_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
- const struct samr_Password *nt_hash,
+ const struct samr_Password *nt_hash,
enum credentials_obtained obtained)
{
cred->password_will_be_nt_hash = false;
diff --git a/docs-xml/manpages/smbget.1.xml b/docs-xml/manpages/smbget.1.xml
index 9d1db967f96..d7eac27ddb8 100644
--- a/docs-xml/manpages/smbget.1.xml
+++ b/docs-xml/manpages/smbget.1.xml
@@ -21,14 +21,9 @@
<command>smbget</command>
<arg choice="opt">-a, --guest</arg>
<arg choice="opt">-r, --resume</arg>
- <arg choice="opt">-R, --recursive</arg>
- <arg choice="opt">-U, --user=STRING</arg>
- <arg choice="opt">-w, --workgroup=STRING</arg>
- <arg choice="opt">-n, --nonprompt</arg>
- <arg choice="opt">-d, --debuglevel=INT</arg>
+ <arg choice="opt">--recursive</arg>
<arg choice="opt">-D, --dots</arg>
<arg choice="opt">-o, --outputfile</arg>
- <arg choice="opt">-f, --rcfile</arg>
<arg choice="opt">-q, --quiet</arg>
<arg choice="opt">-v, --verbose</arg>
<arg choice="opt">-b, --blocksize</arg>
@@ -36,8 +31,34 @@
<arg choice="opt">-u, --update</arg>
<arg choice="opt">-e, --encrypt</arg>
<arg choice="opt">--limit-rate=INT</arg>
- <arg choice="opt">-?, --help</arg>
+ <arg choice="opt">-?|--help</arg>
<arg choice="opt">--usage</arg>
+ <arg choice="opt">-d|--debuglevel=DEBUGLEVEL</arg>
+ <arg choice="opt">--debug-stdout</arg>
+ <arg choice="opt">-s|--configfile=CONFIGFILE</arg>
+ <arg choice="opt">--option=name=value</arg>
+ <arg choice="opt">-l|--log-basename=LOGFILEBASE</arg>
+ <arg choice="opt">--leak-report</arg>
+ <arg choice="opt">--leak-report-full</arg>
+ <arg choice="opt">-R|--name-resolve=NAME-RESOLVE-ORDER</arg>
+ <arg choice="opt">-O|--socket-options=SOCKETOPTIONS</arg>
+ <arg choice="opt">-m|--max-protocol=MAXPROTOCOL</arg>
+ <arg choice="opt">-n|--netbiosname=NETBIOSNAME</arg>
+ <arg choice="opt">--netbios-scope=SCOPE</arg>
+ <arg choice="opt">-W|--workgroup=WORKGROUP</arg>
+ <arg choice="opt">--realm=REALM</arg>
+ <arg choice="opt">-U|--user=[DOMAIN/]USERNAME%[PASSWORD]</arg>
+ <arg choice="opt">-N|--no-pass</arg>
+ <arg choice="opt">--password=STRING</arg>
+ <arg choice="opt">--pw-nt-hash</arg>
+ <arg choice="opt">-A|--authentication-file=FILE</arg>
+ <arg choice="opt">-P|--machine-pass</arg>
+ <arg choice="opt">--simple-bind-dn=DN</arg>
+ <arg choice="opt">--use-kerberos=desired|required|off</arg>
+ <arg choice="opt">--use-krb5-ccache=CCACHE</arg>
+ <arg choice="opt">--use-winbind-ccache</arg>
+ <arg choice="opt">--client-protection=sign|encrypt|off</arg>
+ <arg choice="opt">-V|--version</arg>
<arg choice="req">smb://host/share/path/to/file</arg>
<arg choice="opt">smb://url2/</arg>
<arg choice="opt">...</arg>
@@ -50,7 +71,7 @@
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
- <para>smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line.
+ <para>smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line.
</para>
<para>
@@ -73,30 +94,10 @@
</varlistentry>
<varlistentry>
- <term>-R, --recursive</term>
+ <term>--recursive</term>
<listitem><para>Recursively download files</para></listitem>
</varlistentry>
- <varlistentry>
- <term> -U, --user=<replaceable>username[%password]</replaceable></term>
- <listitem><para>Username (and password) to use</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>-w, --workgroup=STRING</term>
- <listitem><para>Workgroup to use (optional)</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>-n, --nonprompt</term>
- <listitem><para>Don't ask anything (non-interactive)</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>-d, --debuglevel=INT</term>
- <listitem><para>Debuglevel to use</para></listitem>
- </varlistentry>
-
<varlistentry>
<term>-D, --dots</term>
<listitem><para>Show dots as progress indication</para></listitem>
@@ -108,15 +109,10 @@
</varlistentry>
<varlistentry>
- <term>-O, --stdout</term>
+ <term>--stdout</term>
<listitem><para>Write the file that is being downloaded to standard output.</para></listitem>
</varlistentry>
- <varlistentry>
- <term>-f, --rcfile</term>
- <listitem><para>Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overridden by the contents of the rcfile.</para></listitem>
- </varlistentry>
-
<varlistentry>
<term>-q, --quiet</term>
<listitem><para>Be quiet</para></listitem>
@@ -132,16 +128,6 @@
<listitem><para>Number of bytes to download in a block. Defaults to 64000.</para></listitem>
</varlistentry>
- <varlistentry>
- <term>-?, --help</term>
- <listitem><para>Show help message</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>--usage</term>
- <listitem><para>Display brief usage message</para></listitem>
- </varlistentry>
-
<varlistentry>
<term>-u, --update</term>
<listitem><para>Download only when remote file is newer than local file or local file is missing.</para></listitem>
@@ -157,6 +143,10 @@
<listitem><para>Limit download rate by this many KB/s.</para></listitem>
</varlistentry>
+ &popt.autohelp;
+ &cmdline.common.samba.client;
+ &cmdline.common.connection;
--
Samba Shared Repository
More information about the samba-cvs
mailing list