libsmb/clientgen.c

[Andrew Tridgell]

Luke,

> there is a bug to fix in libsmb/clientgen.c cli_session_setup() it cannot
> be used to send cleartext passwords to systems with user level security
> set.

it can, but only if the server doesn't advertise encryption support.
 
> are there any objections to fixing this issue by moving the password
> encryption routines outside of cli_session_setup() and then replacing the
> two remaining call-sets (in client/client.c:do_connect()) and
> smbwrapper/smbw.c to cli_session_setup(), cli_tcon_X() etc with calls to
> cli_establish_connection()?

yes, I object because it's not as simple as that. smbwrapper does
stuff with those routines that cli_establish_connection() can't do.

If you want to be able to send non-encrypted passwords to an
encrypting server than I suggest you add a flag to cli_session_setup()
or maybe even add a cli_options() generic interface that takes an
enumerated list of options and parameters. The latter would give us a
nice flexible config interface to clientgen.c while maintaining the
black-box design.
 
> the only issue then is to maintain DEBUG output that
> cline/client.c:do_connect() by getting cli_establish_connection() to
> generate the same DEBUG output.

that's not the only issue, unfortunately. smbwrapper does magic with
address cacheing, *SMBSERVER and error handling that requires more
than cli_establish_connection() can do.

It would also mean we couldn't support multiple tconX calls with the
one session.