Disabling SMB1 by default
Stefan Metzmacher
metze at samba.org
Wed Jun 21 20:08:37 UTC 2017
Hi,
> We just don't have all code ready for it.
>
> But I've started to work on passing 'make test' with the changed
> default, it's not 100% there yet, but it's close.
>
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-libsmb-ok
>
> I'll post the patches once they pass an autobuild.
Here're some preparation patches which already passes autobuild.
Please review and push.
Then there's mostly the smbclient banner thing left.
Thanks!
metze
-------------- next part --------------
From ae597d8aab5fe769511994a11b4661a7c3f12e9e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 20 Jun 2017 08:26:45 +0200
Subject: [PATCH 01/22] python/tests: test SMB1 and SMB2/3 in auth_log.py
We should do this explicitly in order to make
the tests independent of 'client max protocol'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
python/samba/tests/auth_log.py | 49 ++++++++++++++++++++++++++++++++++++++++--
1 file changed, 47 insertions(+), 2 deletions(-)
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
index ff84bef..65800c9 100644
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -700,7 +700,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
len(messages),
"Did not receive the expected number of messages")
- def test_smb_anonymous(self):
+ def test_smb1_anonymous(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authorization" and
msg["Authorization"]["serviceDescription"] == "SMB" and
@@ -712,7 +712,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
path = "//%s/IPC$" % server
auth = "-N"
- call(["bin/smbclient", path, auth, "-c quit"])
+ call(["bin/smbclient", path, auth, "-mNT1", "-c quit"])
messages = self.waitForMessages(isLastExpectedMessage)
self.assertEquals(3,
@@ -745,6 +745,51 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("ANONYMOUS LOGON",
msg["Authentication"]["becameAccount"])
+ def test_smb2_anonymous(self):
+ def isLastExpectedMessage(msg):
+ return (msg["type"] == "Authorization" and
+ msg["Authorization"]["serviceDescription"] == "SMB2" and
+ msg["Authorization"]["authType"] == "NTLMSSP" and
+ msg["Authorization"]["account"] == "ANONYMOUS LOGON" and
+ msg["Authorization"]["transportProtection"] == "SMB")
+
+ server = os.environ["SERVER"]
+
+ path = "//%s/IPC$" % server
+ auth = "-N"
+ call(["bin/smbclient", path, auth, "-mSMB3", "-c quit"])
+
+ messages = self.waitForMessages(isLastExpectedMessage)
+ self.assertEquals(3,
+ len(messages),
+ "Did not receive the expected number of messages")
+
+ # Check the first message it should be an Authentication
+ msg = messages[0]
+ self.assertEquals("Authentication", msg["type"])
+ self.assertEquals("NT_STATUS_NO_SUCH_USER",
+ msg["Authentication"]["status"])
+ self.assertEquals("SMB2",
+ msg["Authentication"]["serviceDescription"])
+ self.assertEquals("NTLMSSP",
+ msg["Authentication"]["authDescription"])
+ self.assertEquals("No-Password",
+ msg["Authentication"]["passwordType"])
+
+ # Check the second message it should be an Authentication
+ msg = messages[1]
+ self.assertEquals("Authentication", msg["type"])
+ self.assertEquals("NT_STATUS_OK",
+ msg["Authentication"]["status"])
+ self.assertEquals("SMB2",
+ msg["Authentication"]["serviceDescription"])
+ self.assertEquals("NTLMSSP",
+ msg["Authentication"]["authDescription"])
+ self.assertEquals("No-Password",
+ msg["Authentication"]["passwordType"])
+ self.assertEquals("ANONYMOUS LOGON",
+ msg["Authentication"]["becameAccount"])
+
def test_smb_no_krb_spnego(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authorization" and
--
1.9.1
From 626825f4348adf4fd76a2cda045dcb02dcda0fb6 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 15:46:54 +0200
Subject: [PATCH 02/22] s3:rpc_server/spoolss: allow
spoolss_connect_to_client() to use SMB2
It's just required that we can run DCERPC over the connection.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index e569f22a..9d99e74 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -2460,7 +2460,7 @@ static bool spoolss_connect_to_client(struct rpc_pipe_client **pp_pipe, struct c
return false;
}
- if ( smbXcli_conn_protocol((*pp_cli)->conn) != PROTOCOL_NT1 ) {
+ if ( smbXcli_conn_protocol((*pp_cli)->conn) < PROTOCOL_NT1 ) {
DEBUG(0,("spoolss_connect_to_client: machine %s didn't negotiate NT protocol.\n", remote_machine));
cli_shutdown(*pp_cli);
return false;
--
1.9.1
From 4e015e0c8c75cd15fa48ead61088bd5d7df1d4c9 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Thu, 8 Dec 2016 14:06:16 +0100
Subject: [PATCH 03/22] s3:libsmb: remove unused cli_state_remote_realm()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/libsmb/clientgen.c | 5 -----
source3/libsmb/proto.h | 1 -
2 files changed, 6 deletions(-)
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 2b53a93..e6f372f 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -308,11 +308,6 @@ void cli_shutdown(struct cli_state *cli)
_cli_shutdown(cli);
}
-const char *cli_state_remote_realm(struct cli_state *cli)
-{
- return cli->remote_realm;
-}
-
uint16_t cli_state_get_vc_num(struct cli_state *cli)
{
return cli->smb1.vc_num;
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index 6728c97..78159ad 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -189,7 +189,6 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
int flags);
void cli_nt_pipes_close(struct cli_state *cli);
void cli_shutdown(struct cli_state *cli);
-const char *cli_state_remote_realm(struct cli_state *cli);
uint16_t cli_state_get_vc_num(struct cli_state *cli);
uint32_t cli_setpid(struct cli_state *cli, uint32_t pid);
uint32_t cli_getpid(struct cli_state *cli);
--
1.9.1
From 5113638c31e0ce32da0728fae4ea223a34ab0bdc Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Thu, 8 Dec 2016 14:06:39 +0100
Subject: [PATCH 04/22] s3:libsmb: no longer pass remote_realm to
cli_state_create()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/include/client.h | 1 -
source3/libsmb/cliconnect.c | 2 +-
source3/libsmb/clientgen.c | 8 --------
source3/libsmb/proto.h | 1 -
source3/winbindd/winbindd_cm.c | 3 +--
5 files changed, 2 insertions(+), 13 deletions(-)
diff --git a/source3/include/client.h b/source3/include/client.h
index db8260d..38fba01 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -87,7 +87,6 @@ struct cli_state {
char *dfs_mountpoint;
struct smbXcli_conn *conn;
- const char *remote_realm;
struct {
uint32_t pid;
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 3fa80a2..e01253f 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2686,7 +2686,7 @@ static void cli_connect_nb_done(struct tevent_req *subreq)
return;
}
- state->cli = cli_state_create(state, fd, state->desthost, NULL,
+ state->cli = cli_state_create(state, fd, state->desthost,
state->signing_state, state->flags);
if (tevent_req_nomem(state->cli, req)) {
close(fd);
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index e6f372f..039176e 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -75,7 +75,6 @@ struct GUID cli_state_client_guid;
struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
int fd,
const char *remote_name,
- const char *remote_realm,
int signing_state, int flags)
{
struct cli_state *cli = NULL;
@@ -209,13 +208,6 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
smb2_capabilities = SMB2_CAP_ALL;
- if (remote_realm) {
- cli->remote_realm = talloc_strdup(cli, remote_realm);
- if (cli->remote_realm == NULL) {
- goto error;
- }
- }
-
cli->conn = smbXcli_conn_create(cli, fd, remote_name,
signing_state,
smb1_capabilities,
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index 78159ad..fb122b9 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -184,7 +184,6 @@ extern struct GUID cli_state_client_guid;
struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
int fd,
const char *remote_name,
- const char *remote_realm,
int signing_state,
int flags);
void cli_nt_pipes_close(struct cli_state *cli);
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 7566a30..9b5054c 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1030,8 +1030,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
goto done;
}
- *cli = cli_state_create(NULL, sockfd,
- controller, domain->alt_name,
+ *cli = cli_state_create(NULL, sockfd, controller,
smb_sign_client_connections, flags);
if (*cli == NULL) {
close(sockfd);
--
1.9.1
From 03a86104716dcb4664a4662653b33b9af368c043 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 14:13:37 +0200
Subject: [PATCH 05/22] s3:libsmb: normalize leading slashes in
cli_resolve_path()
As we try to pass the path to an SMB2 server, we should have
just one leading backslash (which then gets ignored in
cli_smb2_create_fnum_send()).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/libsmb/clidfs.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 75012b2..060c4e9 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -919,6 +919,13 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
root_tcon = rootcli->smb1.tcon;
}
+ /*
+ * Avoid more than one leading directory separator
+ */
+ while (IS_DIRECTORY_SEP(path[0]) && IS_DIRECTORY_SEP(path[1])) {
+ path++;
+ }
+
if (!smbXcli_tcon_is_dfs_share(root_tcon)) {
*targetcli = rootcli;
*pp_targetpath = talloc_strdup(ctx, path);
--
1.9.1
From da0ada718103bc2afcb2a9b14d8dceaf9cc26540 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 20 Jun 2017 08:35:13 +0200
Subject: [PATCH 06/22] s3:libsmb: add cli_smb2_delete_on_close*()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/libsmb/cli_smb2_fnum.c | 127 +++++++++++++++++++++++++++++++++++++++++
source3/libsmb/cli_smb2_fnum.h | 7 +++
2 files changed, 134 insertions(+)
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 351fccf..954f3fe 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -485,6 +485,133 @@ NTSTATUS cli_smb2_close_fnum(struct cli_state *cli, uint16_t fnum)
return status;
}
+struct cli_smb2_delete_on_close_state {
+ struct cli_state *cli;
+ uint16_t fnum;
+ struct smb2_hnd *ph;
+ uint8_t data[1];
+ DATA_BLOB inbuf;
+};
+
+static void cli_smb2_delete_on_close_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_delete_on_close_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool flag)
+{
+ struct tevent_req *req = NULL;
+ struct cli_smb2_delete_on_close_state *state = NULL;
+ struct tevent_req *subreq = NULL;
+ uint8_t in_info_type;
+ uint8_t in_file_info_class;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb2_delete_on_close_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ state->fnum = fnum;
+
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ status = map_fnum_to_smb2_handle(cli, fnum, &state->ph);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * setinfo on the handle with info_type SMB2_SETINFO_FILE (1),
+ * level 13 (SMB_FILE_DISPOSITION_INFORMATION - 1000).
+ */
+ in_info_type = 1;
+ in_file_info_class = SMB_FILE_DISPOSITION_INFORMATION - 1000;
+ /* Setup data array. */
+ SCVAL(&state->data[0], 0, flag ? 1 : 0);
+ state->inbuf.data = &state->data[0];
+ state->inbuf.length = 1;
+
+ subreq = smb2cli_set_info_send(state, ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ in_info_type,
+ in_file_info_class,
+ &state->inbuf, /* in_input_buffer */
+ 0, /* in_additional_info */
+ state->ph->fid_persistent,
+ state->ph->fid_volatile);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ cli_smb2_delete_on_close_done,
+ req);
+ return req;
+}
+
+static void cli_smb2_delete_on_close_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = smb2cli_set_info_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_smb2_delete_on_close_recv(struct tevent_req *req)
+{
+ struct cli_smb2_delete_on_close_state *state =
+ tevent_req_data(req,
+ struct cli_smb2_delete_on_close_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->raw_status = status;
+ tevent_req_received(req);
+ return status;
+ }
+
+ state->cli->raw_status = NT_STATUS_OK;
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_smb2_delete_on_close(struct cli_state *cli, uint16_t fnum, bool flag)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb2_delete_on_close_send(frame, ev, cli, fnum, flag);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_smb2_delete_on_close_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
/***************************************************************
Small wrapper that allows SMB2 to create a directory
Synchronous only.
diff --git a/source3/libsmb/cli_smb2_fnum.h b/source3/libsmb/cli_smb2_fnum.h
index 43e0471..190ec59 100644
--- a/source3/libsmb/cli_smb2_fnum.h
+++ b/source3/libsmb/cli_smb2_fnum.h
@@ -54,6 +54,13 @@ struct tevent_req *cli_smb2_close_fnum_send(TALLOC_CTX *mem_ctx,
uint16_t fnum);
NTSTATUS cli_smb2_close_fnum_recv(struct tevent_req *req);
NTSTATUS cli_smb2_close_fnum(struct cli_state *cli, uint16_t fnum);
+struct tevent_req *cli_smb2_delete_on_close_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool flag);
+NTSTATUS cli_smb2_delete_on_close_recv(struct tevent_req *req);
+NTSTATUS cli_smb2_delete_on_close(struct cli_state *cli, uint16_t fnum, bool flag);
NTSTATUS cli_smb2_mkdir(struct cli_state *cli, const char *dirname);
NTSTATUS cli_smb2_rmdir(struct cli_state *cli, const char *dirname);
NTSTATUS cli_smb2_unlink(struct cli_state *cli,const char *fname);
--
1.9.1
From 9fb2760c0a7db9de29083b24372fcc8865adc8a8 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 20 Jun 2017 08:35:47 +0200
Subject: [PATCH 07/22] s3:libsmb: add support for SMB2 to
cli_nt_delete_on_close*()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/libsmb/clifile.c | 37 ++++++++++++++++++++++++++++++-------
1 file changed, 30 insertions(+), 7 deletions(-)
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index cc1d1e4..1455fbd 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -1803,12 +1803,8 @@ struct doc_state {
uint8_t data[1];
};
-static void cli_nt_delete_on_close_done(struct tevent_req *subreq)
-{
- NTSTATUS status = cli_trans_recv(subreq, NULL, NULL, NULL, 0, NULL,
- NULL, 0, NULL, NULL, 0, NULL);
- tevent_req_simple_finish_ntstatus(subreq, status);
-}
+static void cli_nt_delete_on_close_smb1_done(struct tevent_req *subreq);
+static void cli_nt_delete_on_close_smb2_done(struct tevent_req *subreq);
struct tevent_req *cli_nt_delete_on_close_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -1824,6 +1820,18 @@ struct tevent_req *cli_nt_delete_on_close_send(TALLOC_CTX *mem_ctx,
return NULL;
}
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_delete_on_close_send(state, ev, cli,
+ fnum, flag);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ cli_nt_delete_on_close_smb2_done,
+ req);
+ return req;
+ }
+
/* Setup setup word. */
SSVAL(&state->setup, 0, TRANSACT2_SETFILEINFO);
@@ -1856,10 +1864,25 @@ struct tevent_req *cli_nt_delete_on_close_send(TALLOC_CTX *mem_ctx,
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
- tevent_req_set_callback(subreq, cli_nt_delete_on_close_done, req);
+ tevent_req_set_callback(subreq,
+ cli_nt_delete_on_close_smb1_done,
+ req);
return req;
}
+static void cli_nt_delete_on_close_smb1_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_trans_recv(subreq, NULL, NULL, NULL, 0, NULL,
+ NULL, 0, NULL, NULL, 0, NULL);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_nt_delete_on_close_smb2_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_delete_on_close_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
NTSTATUS cli_nt_delete_on_close_recv(struct tevent_req *req)
{
return tevent_req_simple_recv_ntstatus(req);
--
1.9.1
From 40413489d3aa4e7a977c6b41a467084bd176161b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 21:52:54 +0200
Subject: [PATCH 08/22] libcli/smb: add smb_protocol_types_string()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
libcli/smb/smb_util.h | 1 +
libcli/smb/test_smb1cli_session.c | 1 +
libcli/smb/util.c | 38 ++++++++++++++++++++++++++++++++++++++
3 files changed, 40 insertions(+)
diff --git a/libcli/smb/smb_util.h b/libcli/smb/smb_util.h
index 2884786..501b8dd 100644
--- a/libcli/smb/smb_util.h
+++ b/libcli/smb/smb_util.h
@@ -19,6 +19,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+const char *smb_protocol_types_string(enum protocol_types protocol);
char *attrib_string(TALLOC_CTX *mem_ctx, uint32_t attrib);
uint32_t unix_perms_to_wire(mode_t perms);
mode_t wire_perms_to_unix(uint32_t perms);
diff --git a/libcli/smb/test_smb1cli_session.c b/libcli/smb/test_smb1cli_session.c
index e924b32..d1e21d5 100644
--- a/libcli/smb/test_smb1cli_session.c
+++ b/libcli/smb/test_smb1cli_session.c
@@ -6,6 +6,7 @@
#include "replace.h"
#include <talloc.h>
#include "libcli/util/ntstatus.h"
+#include "smb_constants.h"
#include "smb_util.h"
static const uint8_t smb1_session_setup_bytes[] = {
diff --git a/libcli/smb/util.c b/libcli/smb/util.c
index 7ef909c..6fdf35f 100644
--- a/libcli/smb/util.c
+++ b/libcli/smb/util.c
@@ -23,6 +23,44 @@
#include "libcli/smb/smb_common.h"
#include "system/filesys.h"
+const char *smb_protocol_types_string(enum protocol_types protocol)
+{
+ switch (protocol) {
+ case PROTOCOL_DEFAULT:
+ return "DEFAULT";
+ case PROTOCOL_NONE:
+ return "NONE";
+ case PROTOCOL_CORE:
+ return "CORE";
+ case PROTOCOL_COREPLUS:
+ return "COREPLUS";
+ case PROTOCOL_LANMAN1:
+ return "LANMAN1";
+ case PROTOCOL_LANMAN2:
+ return "LANMAN2";
+ case PROTOCOL_NT1:
+ return "NT1";
+ case PROTOCOL_SMB2_02:
+ return "SMB2_02";
+ case PROTOCOL_SMB2_10:
+ return "SMB2_10";
+ case PROTOCOL_SMB2_22:
+ return "SMB2_22";
+ case PROTOCOL_SMB2_24:
+ return "SMB2_24";
+ case PROTOCOL_SMB3_00:
+ return "SMB3_00";
+ case PROTOCOL_SMB3_02:
+ return "SMB3_02";
+ case PROTOCOL_SMB3_10:
+ return "SMB3_10";
+ case PROTOCOL_SMB3_11:
+ return "SMB3_11";
+ }
+
+ return "Invalid protocol_types value";
+}
+
/**
Return a string representing a CIFS attribute for a file.
**/
--
1.9.1
From 9b5401e9291e98d82a2c4530cd342867d2ec4c3d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 21:53:49 +0200
Subject: [PATCH 09/22] s3:torture: make use of smb_protocol_types_string() in
run_smb2_negprot()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/torture/test_smb2.c | 34 +++-------------------------------
1 file changed, 3 insertions(+), 31 deletions(-)
diff --git a/source3/torture/test_smb2.c b/source3/torture/test_smb2.c
index 9368ab3..297c3ab 100644
--- a/source3/torture/test_smb2.c
+++ b/source3/torture/test_smb2.c
@@ -246,40 +246,12 @@ bool run_smb2_negprot(int dummy)
}
protocol = smbXcli_conn_protocol(cli->conn);
+ name = smb_protocol_types_string(protocol);
- switch (protocol) {
- case PROTOCOL_SMB2_02:
- name = "SMB2_02";
- break;
- case PROTOCOL_SMB2_10:
- name = "SMB2_10";
- break;
- case PROTOCOL_SMB2_22:
- name = "SMB2_22";
- break;
- case PROTOCOL_SMB2_24:
- name = "SMB2_24";
- break;
- case PROTOCOL_SMB3_00:
- name = "SMB3_00";
- break;
- case PROTOCOL_SMB3_02:
- name = "SMB3_02";
- break;
- case PROTOCOL_SMB3_10:
- name = "SMB3_10";
- break;
- case PROTOCOL_SMB3_11:
- name = "SMB3_11";
- break;
- default:
- break;
- }
-
- if (name) {
+ if (protocol >= PROTOCOL_SMB2_02) {
printf("Server supports %s\n", name);
} else {
- printf("Server DOES NOT support SMB2\n");
+ printf("Server DOES NOT support SMB2, only %s\n", name);
return false;
}
--
1.9.1
From 1aa9a3fef9f4194eca11c3364c0f89cb71ff31ea Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 08:16:57 +0200
Subject: [PATCH 10/22] s3:libsmb: add CLI_FULL_CONNECTION_FORCE_SMB1
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/include/client.h | 1 +
source3/libsmb/cliconnect.c | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/source3/include/client.h b/source3/include/client.h
index 38fba01..b716a55 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -125,5 +125,6 @@ struct file_info {
#define CLI_FULL_CONNECTION_FORCE_DOS_ERRORS 0x0080
#define CLI_FULL_CONNECTION_FORCE_ASCII 0x0100
#define CLI_FULL_CONNECTION_USE_NT_HASH 0x0200
+#define CLI_FULL_CONNECTION_FORCE_SMB1 0x0400
#endif /* _CLIENT_H */
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index e01253f..b1b7e26 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2780,6 +2780,10 @@ static struct tevent_req *cli_start_connection_send(
state->max_protocol = lp_client_max_protocol();
}
+ if (flags & CLI_FULL_CONNECTION_FORCE_SMB1) {
+ state->max_protocol = MIN(state->max_protocol, PROTOCOL_NT1);
+ }
+
subreq = cli_connect_nb_send(state, ev, dest_host, dest_ss, port,
0x20, my_name, signing_state, flags);
if (tevent_req_nomem(subreq, req)) {
--
1.9.1
From 7a0476064e497a2c42b0e581e6561b593f2d1c49 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 08:17:27 +0200
Subject: [PATCH 11/22] s3:torture: use CLI_FULL_CONNECTION_FORCE_SMB1 in
torture_open_connection_share()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/torture/torture.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 6b6dbdf..c521013 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -328,7 +328,7 @@ static bool torture_open_connection_share(struct cli_state **c,
const char *hostname,
const char *sharename)
{
- int flags = 0;
+ int flags = CLI_FULL_CONNECTION_FORCE_SMB1;
NTSTATUS status;
if (use_oplocks)
--
1.9.1
From 1ecb2b99640a33a3f25ba7ee6143a1322f7f7594 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 08:49:05 +0200
Subject: [PATCH 12/22] s3:client: smbclient -L can't do workgroup listing over
SMB2/3
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/client/client.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/source3/client/client.c b/source3/client/client.c
index 3285240..375d9e3 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5646,16 +5646,21 @@ static int do_host_query(const char *query_host)
goto out;
}
- if (port != NBT_SMB_PORT) {
+ if (port != NBT_SMB_PORT ||
+ smbXcli_conn_protocol(cli->conn) > PROTOCOL_NT1)
+ {
+ int max_proto = MIN(max_protocol, PROTOCOL_NT1);
- /* Workgroups simply don't make sense over anything
- else but port 139... */
+ /*
+ * Workgroups simply don't make sense over anything
+ * else but port 139 and SMB1.
+ */
cli_shutdown(cli);
status = cli_cm_open(talloc_tos(), NULL,
have_ip ? dest_ss_str : query_host,
"IPC$", popt_get_cmdline_auth_info(),
- true, smb_encrypt, max_protocol,
+ true, smb_encrypt, max_proto,
NBT_SMB_PORT, name_type, &cli);
if (!NT_STATUS_IS_OK(status)) {
cli = NULL;
--
1.9.1
From b44914c564f3051467ffb10b1917682b36d761d0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 09:45:05 +0200
Subject: [PATCH 13/22] s3:torture pass flags to
torture_open_connection_share()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/torture/torture.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index c521013..8a1aa12 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -326,16 +326,11 @@ bool smbcli_parse_unc(const char *unc_name, TALLOC_CTX *mem_ctx,
static bool torture_open_connection_share(struct cli_state **c,
const char *hostname,
- const char *sharename)
+ const char *sharename,
+ int flags)
{
- int flags = CLI_FULL_CONNECTION_FORCE_SMB1;
NTSTATUS status;
- if (use_oplocks)
- flags |= CLI_FULL_CONNECTION_OPLOCKS;
- if (use_level_II_oplocks)
- flags |= CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS;
-
status = cli_full_connection_creds(c,
myname,
hostname,
@@ -366,6 +361,14 @@ bool torture_open_connection(struct cli_state **c, int conn_index)
char **unc_list = NULL;
int num_unc_names = 0;
bool result;
+ int flags = CLI_FULL_CONNECTION_FORCE_SMB1;
+
+ if (use_oplocks) {
+ flags |= CLI_FULL_CONNECTION_OPLOCKS;
+ }
+ if (use_level_II_oplocks) {
+ flags |= CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS;
+ }
if (use_multishare_conn==True) {
char *h, *s;
@@ -383,14 +386,14 @@ bool torture_open_connection(struct cli_state **c, int conn_index)
exit(1);
}
- result = torture_open_connection_share(c, h, s);
+ result = torture_open_connection_share(c, h, s, flags);
/* h, s were copied earlier */
TALLOC_FREE(unc_list);
return result;
}
- return torture_open_connection_share(c, host, share);
+ return torture_open_connection_share(c, host, share, flags);
}
bool torture_init_connection(struct cli_state **pcli)
--
1.9.1
From a423951c2cb6bd8491f29760d39010b9440debbc Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 09:45:26 +0200
Subject: [PATCH 14/22] s3:torture: use CLI_FULL_CONNECTION_FORCE_SMB1 in
run_tcon_devtype_test()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/torture/torture.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 8a1aa12..2a55fda 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -1513,7 +1513,7 @@ static bool tcon_devtest(struct cli_state *cli,
static bool run_tcon_devtype_test(int dummy)
{
static struct cli_state *cli1 = NULL;
- int flags = 0;
+ int flags = CLI_FULL_CONNECTION_FORCE_SMB1;
NTSTATUS status;
bool ret = True;
--
1.9.1
From 8932987ccdfc26b63f31acd4f65a89f34a0e60b7 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 09:46:55 +0200
Subject: [PATCH 15/22] s3:torture: use CLI_FULL_CONNECTION_FORCE_SMB1 in
run_chain2()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/torture/torture.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 2a55fda..2f4e684 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -7963,10 +7963,11 @@ static bool run_chain2(int dummy)
struct tevent_req *reqs[2], *smbreqs[2];
bool done = false;
NTSTATUS status;
+ int flags = CLI_FULL_CONNECTION_FORCE_SMB1;
printf("starting chain2 test\n");
status = cli_start_connection(&cli1, lp_netbios_name(), host, NULL,
- port_to_use, SMB_SIGNING_DEFAULT, 0);
+ port_to_use, SMB_SIGNING_DEFAULT, flags);
if (!NT_STATUS_IS_OK(status)) {
return False;
}
--
1.9.1
From 48814eda53c54d6edb1d5fd8fdc4994e0e266079 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 20 Jun 2017 08:02:40 +0200
Subject: [PATCH 16/22] s3:pylibsmb: use CLI_FULL_CONNECTION_FORCE_SMB1 in
py_cli_state_init()
For now we only support SMB1, as most of the cli_*_send() function don't
support SMB2, it's only plugged into the sync wrapper functions currently.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/libsmb/pylibsmb.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
index 59c0998..39afdc8 100644
--- a/source3/libsmb/pylibsmb.c
+++ b/source3/libsmb/pylibsmb.c
@@ -411,6 +411,13 @@ static int py_cli_state_init(struct py_cli_state *self, PyObject *args,
struct cli_credentials *cli_creds;
struct tevent_req *req;
bool ret;
+ /*
+ * For now we only support SMB1,
+ * as most of the cli_*_send() function
+ * don't support SMB2, it's only plugged
+ * into the sync wrapper functions currently.
+ */
+ int flags = CLI_FULL_CONNECTION_FORCE_SMB1;
static const char *kwlist[] = {
"host", "share", "credentials", NULL
@@ -444,7 +451,7 @@ static int py_cli_state_init(struct py_cli_state *self, PyObject *args,
req = cli_full_connection_creds_send(
NULL, self->ev, "myname", host, NULL, 0, share, "?????",
- cli_creds, 0, 0);
+ cli_creds, flags, 0);
if (!py_tevent_req_wait_exc(self->ev, req)) {
return -1;
}
--
1.9.1
From 097bb4ef19153dfba1b0669ac0a825320d9f6c54 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 09:57:28 +0200
Subject: [PATCH 17/22] s3:libsmb: add CLI_FULL_CONNECTION_DISABLE_SMB1
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/include/client.h | 1 +
source3/libsmb/cliconnect.c | 5 +++++
2 files changed, 6 insertions(+)
diff --git a/source3/include/client.h b/source3/include/client.h
index b716a55..1fe3f1cb 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -126,5 +126,6 @@ struct file_info {
#define CLI_FULL_CONNECTION_FORCE_ASCII 0x0100
#define CLI_FULL_CONNECTION_USE_NT_HASH 0x0200
#define CLI_FULL_CONNECTION_FORCE_SMB1 0x0400
+#define CLI_FULL_CONNECTION_DISABLE_SMB1 0x0800
#endif /* _CLIENT_H */
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index b1b7e26..d98debc 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2784,6 +2784,11 @@ static struct tevent_req *cli_start_connection_send(
state->max_protocol = MIN(state->max_protocol, PROTOCOL_NT1);
}
+ if (flags & CLI_FULL_CONNECTION_DISABLE_SMB1) {
+ state->min_protocol = MAX(state->max_protocol, PROTOCOL_SMB2_02);
+ state->max_protocol = MAX(state->max_protocol, PROTOCOL_LATEST);
+ }
+
subreq = cli_connect_nb_send(state, ev, dest_host, dest_ss, port,
0x20, my_name, signing_state, flags);
if (tevent_req_nomem(subreq, req)) {
--
1.9.1
From ffff8acf692e462f5b7f9bd24b74f2173cb2d220 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 10:00:15 +0200
Subject: [PATCH 18/22] s3:torture: add torture_open_connection_flags()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/torture/proto.h | 1 +
source3/torture/torture.c | 24 +++++++++++++++---------
2 files changed, 16 insertions(+), 9 deletions(-)
diff --git a/source3/torture/proto.h b/source3/torture/proto.h
index 6d5ca77..4c3e540 100644
--- a/source3/torture/proto.h
+++ b/source3/torture/proto.h
@@ -65,6 +65,7 @@ bool torture_nttrans_scan(int dummy);
bool smbcli_parse_unc(const char *unc_name, TALLOC_CTX *mem_ctx,
char **hostname, char **sharename);
+bool torture_open_connection_flags(struct cli_state **c, int conn_index, int flags);
bool torture_open_connection(struct cli_state **c, int conn_index);
bool torture_init_connection(struct cli_state **pcli);
bool torture_cli_session_setup2(struct cli_state *cli, uint16_t *new_vuid);
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 2f4e684..10e450e 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -356,19 +356,11 @@ static bool torture_open_connection_share(struct cli_state **c,
return True;
}
-bool torture_open_connection(struct cli_state **c, int conn_index)
+bool torture_open_connection_flags(struct cli_state **c, int conn_index, int flags)
{
char **unc_list = NULL;
int num_unc_names = 0;
bool result;
- int flags = CLI_FULL_CONNECTION_FORCE_SMB1;
-
- if (use_oplocks) {
- flags |= CLI_FULL_CONNECTION_OPLOCKS;
- }
- if (use_level_II_oplocks) {
- flags |= CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS;
- }
if (use_multishare_conn==True) {
char *h, *s;
@@ -396,6 +388,20 @@ bool torture_open_connection(struct cli_state **c, int conn_index)
return torture_open_connection_share(c, host, share, flags);
}
+bool torture_open_connection(struct cli_state **c, int conn_index)
+{
+ int flags = CLI_FULL_CONNECTION_FORCE_SMB1;
+
+ if (use_oplocks) {
+ flags |= CLI_FULL_CONNECTION_OPLOCKS;
+ }
+ if (use_level_II_oplocks) {
+ flags |= CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS;
+ }
+
+ return torture_open_connection_flags(c, conn_index, flags);
+}
+
bool torture_init_connection(struct cli_state **pcli)
{
struct cli_state *cli;
--
1.9.1
From 6ac446c328269f231baf80d5a23504b3c7b8876b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 10:00:32 +0200
Subject: [PATCH 19/22] s3:torture: use CLI_FULL_CONNECTION_DISABLE_SMB1 in
run_oplock_cancel()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/torture/test_oplock_cancel.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/source3/torture/test_oplock_cancel.c b/source3/torture/test_oplock_cancel.c
index aa4218a..d856650 100644
--- a/source3/torture/test_oplock_cancel.c
+++ b/source3/torture/test_oplock_cancel.c
@@ -113,15 +113,22 @@ bool run_oplock_cancel(int dummy)
const char *fname = "oplock-cancel";
uint16_t fnum1;
NTSTATUS status;
+ /*
+ * Currently this test seems to work only
+ * with SMB2/3 and only against Samba.
+ *
+ * TODO: we should change our server
+ * to ignore cancel for SMB2 Create
+ * and behave like Windows.
+ */
+ int flags = CLI_FULL_CONNECTION_DISABLE_SMB1;
- lp_set_cmdline("client max protocol", "smb3");
-
- if (!torture_open_connection(&cli1, 0)) {
+ if (!torture_open_connection_flags(&cli1, 0, flags)) {
return false;
}
cli1->use_oplocks = true;
- if (!torture_open_connection(&cli2, 0)) {
+ if (!torture_open_connection_flags(&cli2, 0, flags)) {
return false;
}
cli2->use_oplocks = true;
--
1.9.1
From 0adaf13ac6ac467517cedfc48c8de0bf30df889e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 19 Jun 2017 15:44:27 +0200
Subject: [PATCH 20/22] s3:test_acl_xattr.sh: use -mNT1 for the 'getfacl'
commands
The getfacl command is SMB1 only and will most likely never
be part the SMB3 unix extensions.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/script/tests/test_acl_xattr.sh | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/source3/script/tests/test_acl_xattr.sh b/source3/script/tests/test_acl_xattr.sh
index 9b8808d..4435199 100755
--- a/source3/script/tests/test_acl_xattr.sh
+++ b/source3/script/tests/test_acl_xattr.sh
@@ -37,9 +37,9 @@ nt_affects_posix() {
local b4
local af
local fname="$share.$$"
- b4=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+ b4=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
$SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -a "ACL:$SERVER\force_user:ALLOWED/0x0/READ" 2>/dev/null || exit 1
- af=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+ af=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
echo "before: $b4"
echo "after: $af"
if test "$expected" = "true" ; then
@@ -70,10 +70,10 @@ nt_affects_chown() {
#basic sanity...
test "$b4_expected != $af_expected" || exit 1
- b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+ b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
b4_actual=$(echo "$b4_actual" | sed -rn 's/^# owner: (.*)/\1/p')
$SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -C force_user 2>/dev/null || exit 1
- af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+ af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
af_actual=$(echo "$af_actual" | sed -rn 's/^# owner: (.*)/\1/p')
echo "before: $b4_actual"
echo "after: $af_actual"
@@ -101,10 +101,10 @@ nt_affects_chgrp() {
#basic sanity...
test "$b4_expected != $af_expected" || exit 1
- b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+ b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
b4_actual=$(echo "$b4_actual" | sed -rn 's/^# group: (.*)/\1/p')
$SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -G domadmins 2>/dev/null || exit 1
- af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+ af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
af_actual=$(echo "$af_actual" | sed -rn 's/^# group: (.*)/\1/p')
echo "before: $b4_actual"
echo "after: $af_actual"
--
1.9.1
From a5b87087d456bc2b54e4c5cbbe31d3af28132efa Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 20 Jun 2017 09:03:02 +0200
Subject: [PATCH 21/22] s3:test_smbclient_s3.sh: make it explizit where we want
to force SMB1 or SMB3
We need to use -mNT1 or -mSMB3 at the end of the command line in order
to overwrite possible '-m' arguments in $ADDARGS.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/script/tests/test_smbclient_s3.sh | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
index 17ef938..030b704 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -736,7 +736,8 @@ EOF
# Test accessing an share with bad names (won't convert).
test_bad_names()
{
- cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/badname-tmp -I $SERVER_IP $ADDARGS -c ls 2>&1'
+ # First with SMB1
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/badname-tmp -I $SERVER_IP $ADDARGS -mNT1 -c ls 2>&1'
eval echo "$cmd"
out=`eval $cmd`
ret=$?
@@ -805,7 +806,7 @@ test_bad_names()
fi
# Now check again with -mSMB3
- cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/badname-tmp -I $SERVER_IP -mSMB3 $ADDARGS -c ls 2>&1'
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/badname-tmp -I $SERVER_IP $ADDARGS -mSMB3 -c ls 2>&1'
eval echo "$cmd"
out=`eval $cmd`
ret=$?
@@ -923,7 +924,8 @@ del smbclient
del scopy_file
quit
EOF
- cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -mSMB3 -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
+ # First SMB3
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS -mSMB3 < $tmpfile 2>&1'
eval echo "$cmd"
out=`eval $cmd`
ret=$?
@@ -959,7 +961,7 @@ del smbclient
del scopy_file
quit
EOF
- cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -mNT1 -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS < $tmpfile 2>&1'
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS -mNT1 < $tmpfile 2>&1'
eval echo "$cmd"
out=`eval $cmd`
ret=$?
@@ -992,7 +994,8 @@ allinfo \\
setmode \\ -a
quit
EOF
- cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP -mSMB3 $ADDARGS < $tmpfile 2>&1'
+ # Only with SMB3???
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS -mSMB3 < $tmpfile 2>&1'
eval echo "$cmd"
out=`eval $cmd`
ret=$?
@@ -1083,7 +1086,8 @@ del foo
ls lost*
quit
EOF
- cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP -mSMB3 $ADDARGS < $tmpfile 2>&1'
+ # This only works with SMB3?
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS -mSMB3 < $tmpfile 2>&1'
eval echo "$cmd"
out=`eval $cmd`
ret=$?
--
1.9.1
From 6cb31dd3034a046471c48fca42a9ee3be63bcc2c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 20 Jun 2017 09:03:02 +0200
Subject: [PATCH 22/22] s3:test_smbclient_s3.sh: pass the protocol (NT1) to the
script
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/script/tests/test_smbclient_s3.sh | 27 +++++++++++++--------------
source3/selftest/tests.py | 10 +++++-----
2 files changed, 18 insertions(+), 19 deletions(-)
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
index 030b704..050dd81 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -2,9 +2,9 @@
# this runs the file serving tests that are expected to pass with samba3
-if [ $# -lt 11 ]; then
+if [ $# -lt 13 ]; then
cat <<EOF
-Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID LOCAL_PATH PREFIX SMBCLIENT WBINFO NET
+Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID LOCAL_PATH PREFIX SMBCLIENT WBINFO NET CONFIGURATION PROTOCOL
EOF
exit 1;
fi
@@ -20,10 +20,13 @@ PREFIX="${8}"
SMBCLIENT="${9}"
WBINFO="${10}"
NET="${11}"
+CONFIGURATION="${12}"
+PROTOCOL="${13}"
SMBCLIENT="$VALGRIND ${SMBCLIENT}"
WBINFO="$VALGRIND ${WBINFO}"
-shift 11
-ADDARGS="$*"
+shift 13
+RAWARGS="${CONFIGURATION} -m${PROTOCOL}"
+ADDARGS="${RAWARGS} $*"
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
@@ -613,8 +616,7 @@ test_ccache_access()
return
fi
- $SMBCLIENT //$SERVER_IP/tmp -C -U "${USERNAME}" \
- -c quit 2>&1
+ $SMBCLIENT //$SERVER_IP/tmp -C -U "${USERNAME}" $ADDARGS -c quit 2>&1
ret=$?
if [ $ret != 0 ] ; then
@@ -632,8 +634,7 @@ test_ccache_access()
return
fi
- $SMBCLIENT //$SERVER_IP/tmp -C -U "${USERNAME}" \
- -c quit 2>&1
+ $SMBCLIENT //$SERVER_IP/tmp -C -U "${USERNAME}" $ADDARGS -c quit 2>&1
ret=$?
if [ $ret -eq 0 ] ; then
@@ -654,8 +655,7 @@ username=${USERNAME}
password=${PASSWORD}
domain=${DOMAIN}
EOF
- $SMBCLIENT //$SERVER_IP/tmp --authentication-file=$tmpfile \
- -c quit 2>&1
+ $SMBCLIENT //$SERVER_IP/tmp --authentication-file=$tmpfile $ADDARGS -c quit 2>&1
ret=$?
rm $tmpfile
@@ -670,8 +670,7 @@ username=${USERNAME}
password=xxxx
domain=${DOMAIN}
EOF
- $SMBCLIENT //$SERVER_IP/tmp --authentication-file=$tmpfile\
- -c quit 2>&1
+ $SMBCLIENT //$SERVER_IP/tmp --authentication-file=$tmpfile $ADDARGS -c quit 2>&1
ret=$?
rm $tmpfile
@@ -1258,8 +1257,8 @@ done
LOGDIR=$(mktemp -d ${PREFIX}/${LOGDIR_PREFIX}_XXXXXX)
-testit "smbclient -L $SERVER_IP" $SMBCLIENT -L $SERVER_IP -N -p 139 || failed=`expr $failed + 1`
-testit "smbclient -L $SERVER -I $SERVER_IP" $SMBCLIENT -L $SERVER -I $SERVER_IP -N -p 139 -c quit || failed=`expr $failed + 1`
+testit "smbclient -L $SERVER_IP" $SMBCLIENT -L $SERVER_IP -N -p 139 ${RAWARGS} || failed=`expr $failed + 1`
+testit "smbclient -L $SERVER -I $SERVER_IP" $SMBCLIENT -L $SERVER -I $SERVER_IP -N -p 139 ${RAWARGS} -c quit || failed=`expr $failed + 1`
testit "noninteractive smbclient does not prompt" \
test_noninteractive_no_prompt || \
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index ac861e8..9d2a8cc 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -205,20 +205,20 @@ plantestsuite("samba3.blackbox.smbclient_ntlm.plain (%s)" % env, env, [os.path.j
# plain
for env in ["nt4_dc"]:
- plantestsuite("samba3.blackbox.smbclient_s3.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration])
+ plantestsuite("samba3.blackbox.smbclient_s3.NT1.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "NT1"])
for env in ["nt4_member", "ad_member"]:
- plantestsuite("samba3.blackbox.smbclient_s3.plain (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER/$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration])
+ plantestsuite("samba3.blackbox.smbclient_s3.NT1.plain (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER/$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "NT1"])
for env in ["nt4_dc"]:
- plantestsuite("samba3.blackbox.smbclient_s3.sign (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "--signing=required"])
+ plantestsuite("samba3.blackbox.smbclient_s3.NT1.sign (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "NT1", "--signing=required"])
for env in ["nt4_member", "ad_member"]:
- plantestsuite("samba3.blackbox.smbclient_s3.sign (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER/$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "--signing=required"])
+ plantestsuite("samba3.blackbox.smbclient_s3.NT1.sign (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER/$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "NT1", "--signing=required"])
for env in ["nt4_dc"]:
# encrypted
- plantestsuite("samba3.blackbox.smbclient_s3.crypt (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "-e"])
+ plantestsuite("samba3.blackbox.smbclient_s3.NT1.crypt (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "NT1", "-e"])
for env in ["fileserver"]:
plantestsuite("samba3.blackbox.preserve_case (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_preserve_case.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3])
--
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170621/6bbd6ddb/signature.sig>
More information about the samba-technical
mailing list