sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT

Browse Source 
This means we'll use the "client ipc min protocol", "client ipc max protocol"
and "client ipc signing" options. But "--signing=no" or "--signing=required"
still overwrite "client ipc signing".

The following can be used to alter the max protocol

rpcclient --option="client ipc max protocol=SMB2_10" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

rpcclient --option="client ipc max protocol=NT1" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144
This commit is contained in:
Stefan Metzmacher 2016-05-19 11:47:18 +02:00 committed by Jeremy Allison
parent f4b5e9d44d
commit 2eb824fbaf
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
source3/rpcclient/rpcclient.c
View File

@ -904,6 +904,7 @@ out_free:
const char *binding_string = NULL;
char *user, *domain, *q;
const char *host;
int signing_state = SMB_SIGNING_IPC_DEFAULT;
/* make sure the vars that get altered (4th field) are in
a fixed location or certain compilers complain */
@ -1077,6 +1078,16 @@ out_free:
}
}
signing_state = get_cmdline_auth_info_signing_state(rpcclient_auth_info);
switch (signing_state) {
case SMB_SIGNING_OFF:
lp_set_cmdline("client ipc signing", "no");
break;
case SMB_SIGNING_REQUIRED:
lp_set_cmdline("client ipc signing", "required");
break;
}
if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
@ -1107,7 +1118,7 @@ out_free:
get_cmdline_auth_info_domain(rpcclient_auth_info),
get_cmdline_auth_info_password(rpcclient_auth_info),
flags,
get_cmdline_auth_info_signing_state(rpcclient_auth_info));
SMB_SIGNING_IPC_DEFAULT);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));