More patches for smbclient SMB2/3 problems...

Stefan Metzmacher metze at samba.org
Wed Aug 16 23:05:12 UTC 2017 

Hi Jeremy,

here's some more patches I have in my tree.
I haven't done much testing with them yet.

I'll start a private autobuild now.

metze
-------------- next part --------------
From c7b7bd9fa12f614469c6447047b3f8e6f534fdee Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Sat, 8 Jul 2017 00:57:59 +0200
Subject: [PATCH 1/5] s3:libsmb: let get_ipc_connect() use
 CLI_FULL_CONNECTION_FORCE_SMB1

get_ipc_connect() is only used for calling cli_NetServerEnum().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/libsmb/cliconnect.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index d98debc..91fd18b 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -3746,6 +3746,8 @@ struct cli_state *get_ipc_connect(char *server,
 		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
 	}
 
+	flags |= CLI_FULL_CONNECTION_FORCE_SMB1;
+
 	nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC", 
 					get_cmdline_auth_info_username(user_info),
 					lp_workgroup(),
-- 
1.9.1


From 3fcc81ffb9f261dcb22292626f71f5a3d2ff3f24 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 16 Aug 2017 08:55:43 +0200
Subject: [PATCH 2/5] s3:smbclient: improve the error messages for smbclient -L

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/client/client.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/source3/client/client.c b/source3/client/client.c
index 83d9b9d..5897cec 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5830,6 +5830,7 @@ static int do_host_query(const char *query_host)
 	}
 
 	if (lp_disable_netbios()) {
+		d_printf("NetBIOS over TCP disabled -- no workgroup available\n");
 		goto out;
 	}
 
@@ -5844,21 +5845,19 @@ static int do_host_query(const char *query_host)
 		 */
 
 		cli_shutdown(cli);
+		d_printf("Reconnecting with SMB1 for workgroup listing.\n");
 		status = cli_cm_open(talloc_tos(), NULL,
 				     have_ip ? dest_ss_str : query_host,
 				     "IPC$", popt_get_cmdline_auth_info(),
 				     smb_encrypt, max_proto,
 				     NBT_SMB_PORT, name_type, &cli);
 		if (!NT_STATUS_IS_OK(status)) {
-			cli = NULL;
+			d_printf("Failed to connect with SMB1 "
+				 "-- no workgroup available\n");
+			return 0;
 		}
 	}
 
-	if (cli == NULL) {
-		d_printf("NetBIOS over TCP disabled -- no workgroup available\n");
-		return 0;
-	}
-
 	cli_set_timeout(cli, io_timeout*1000);
 	list_servers(lp_workgroup());
 out:
-- 
1.9.1


From 7bfc8552b76a837687bfbf3319874fc010797c84 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 16 Aug 2017 08:56:39 +0200
Subject: [PATCH 3/5] s3:smbclient: don't try any workgroup listing with
 "client min protocol = SMB2"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/client/client.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/source3/client/client.c b/source3/client/client.c
index 5897cec..5ef9ad5 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5829,6 +5829,11 @@ static int do_host_query(const char *query_host)
 		}
 	}
 
+	if (lp_client_min_protocol() > PROTOCOL_NT1) {
+		d_printf("SMB1 disabled -- no workgroup available\n");
+		goto out;
+	}
+
 	if (lp_disable_netbios()) {
 		d_printf("NetBIOS over TCP disabled -- no workgroup available\n");
 		goto out;
-- 
1.9.1


From 7f8c5b32c3ccc140c0ef6aa3bd75fd4182dbf8c5 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 16 Aug 2017 12:38:30 +0200
Subject: [PATCH 4/5] s3:libsmb: don't call cli_NetServerEnum() on SMB2/3
 connections in SMBC_opendir_ctx()

This is all we can do with when using we allow SMB2/3 and the server supports
it, 'smb://' can't work unless we implement LLMNR and maybe WSD.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/libsmb/libsmb_dir.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c
index 8038584..72441c4 100644
--- a/source3/libsmb/libsmb_dir.c
+++ b/source3/libsmb/libsmb_dir.c
@@ -590,6 +590,10 @@ SMBC_opendir_ctx(SMBCCTX *context,
                                 continue;
                         }
 
+			if (smbXcli_conn_protocol(srv->cli->conn) > PROTOCOL_NT1) {
+				continue;
+			}
+
                         dir->srv = srv;
                         dir->dir_type = SMBC_WORKGROUP;
 
@@ -704,6 +708,15 @@ SMBC_opendir_ctx(SMBCCTX *context,
 
 				dir->srv = srv;
 
+				if (smbXcli_conn_protocol(srv->cli->conn) > PROTOCOL_NT1) {
+					if (dir) {
+						SAFE_FREE(dir->fname);
+						SAFE_FREE(dir);
+					}
+					TALLOC_FREE(frame);
+					return NULL;
+				}
+
 				/* Now, list the servers ... */
 				if (!cli_NetServerEnum(srv->cli, wgroup,
                                                        0x0000FFFE, list_fn,
-- 
1.9.1


From 92b52b36025bb394d49d89056cf8d48da2b0d393 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 16 Aug 2017 12:42:48 +0200
Subject: [PATCH 5/5] s3:libsmb: let do_connect() debug the negotiation result
 similar to "session request ok"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12881

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/libsmb/clidfs.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index b740007..5cc220a 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -149,6 +149,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 	const char *domain;
 	NTSTATUS status;
 	int flags = 0;
+	enum protocol_types protocol = PROTOCOL_NONE;
 	int signing_state = get_cmdline_auth_info_signing_state(auth_info);
 	struct cli_credentials *creds = NULL;
 
@@ -204,7 +205,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 	}
 
 	if (max_protocol == 0) {
-		max_protocol = PROTOCOL_NT1;
+		max_protocol = PROTOCOL_LATEST;
 	}
 	DEBUG(4,(" session request ok\n"));
 
@@ -218,8 +219,12 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 		cli_shutdown(c);
 		return status;
 	}
+	protocol = smbXcli_conn_protocol(c->conn);
+	DEBUG(4,(" negotiated dialect[%s] against server[%s]\n",
+		 smb_protocol_types_string(protocol),
+		 smbXcli_conn_remote_name(c->conn)));
 
-	if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
+	if (protocol >= PROTOCOL_SMB2_02) {
 		/* Ensure we ask for some initial credits. */
 		smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
 	}
-- 
1.9.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170817/efc51aa0/signature.sig>

More information about the samba-technical mailing list