sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-04 08:22:08 +03:00
Code Activity

Fix client authentication with -P switch in client tools (Bug 5435).

Browse Source 
Guenther
(This used to be commit d077ef64cd)
This commit is contained in:
Günther Deschner
2008-05-05 16:58:24 +02:00
parent 1a3f50559e
commit 4d8836ab96
9 changed files with 122 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source3/client/client.c
View File

@ -4875,6 +4875,11 @@ static int do_message_op(void)
argv[0], get_dyn_CONFIGFILE()); argv[0], get_dyn_CONFIGFILE());
} }
if (get_cmdline_auth_info_use_machine_account() &&
!set_cmdline_auth_info_machine_account_creds()) {
exit(-1);
}
load_interfaces(); load_interfaces();
if (service_opt && service) { if (service_opt && service) {

1
source3/include/popt_common.h
View File

@ -50,6 +50,7 @@ struct user_auth_info {
bool use_kerberos; bool use_kerberos;
int signing_state; int signing_state;
bool smb_encrypt; bool smb_encrypt;
bool use_machine_account;
}; };
#endif /* _POPT_COMMON_H */ #endif /* _POPT_COMMON_H */

30
source3/lib/popt_common.c
View File

@ -514,35 +514,7 @@ static void popt_common_credentials_callback(poptContext con,
} }
break; break;
case 'P': case 'P':
{ set_cmdline_auth_info_use_machine_account();
char *opt_password = NULL;
char *pwd = NULL;
/* it is very useful to be able to make ads queries as the
machine account for testing purposes and for domain leave */
if (!secrets_init()) {
d_printf("ERROR: Unable to open secrets database\n");
exit(1);
}
opt_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
if (!opt_password) {
d_printf("ERROR: Unable to fetch machine password\n");
exit(1);
}
if (asprintf(&pwd, "%s$", global_myname()) < 0) {
exit(ENOMEM);
}
set_cmdline_auth_info_username(pwd);
set_cmdline_auth_info_password(opt_password);
SAFE_FREE(pwd);
SAFE_FREE(opt_password);
/* machine accounts only work with kerberos */
set_cmdline_auth_info_use_krb5_ticket();
}
break; break;
case 'N': case 'N':
set_cmdline_auth_info_password(""); set_cmdline_auth_info_password("");

49
source3/lib/util.c
View File

@ -291,7 +291,8 @@ static struct user_auth_info cmdline_auth_info = {
false, /* got_pass */ false, /* got_pass */
false, /* use_kerberos */ false, /* use_kerberos */
Undefined, /* signing state */ Undefined, /* signing state */
false /* smb_encrypt */ false, /* smb_encrypt */
false /* use machine account */
}; };
const char *get_cmdline_auth_info_username(void) const char *get_cmdline_auth_info_username(void)
@ -370,6 +371,11 @@ void set_cmdline_auth_info_smb_encrypt(void)
cmdline_auth_info.smb_encrypt = true; cmdline_auth_info.smb_encrypt = true;
} }
void set_cmdline_auth_info_use_machine_account(void)
{
cmdline_auth_info.use_machine_account = true;
}
bool get_cmdline_auth_info_got_pass(void) bool get_cmdline_auth_info_got_pass(void)
{ {
return cmdline_auth_info.got_pass; return cmdline_auth_info.got_pass;
@ -380,6 +386,11 @@ bool get_cmdline_auth_info_smb_encrypt(void)
return cmdline_auth_info.smb_encrypt; return cmdline_auth_info.smb_encrypt;
} }
bool get_cmdline_auth_info_use_machine_account(void)
{
return cmdline_auth_info.use_machine_account;
}
bool get_cmdline_auth_info_copy(struct user_auth_info *info) bool get_cmdline_auth_info_copy(struct user_auth_info *info)
{ {
*info = cmdline_auth_info; *info = cmdline_auth_info;
@ -392,6 +403,42 @@ bool get_cmdline_auth_info_copy(struct user_auth_info *info)
return true; return true;
} }
bool set_cmdline_auth_info_machine_account_creds(void)
{
char *pass = NULL;
char *account = NULL;
if (!get_cmdline_auth_info_use_machine_account()) {
return false;
}
if (!secrets_init()) {
d_printf("ERROR: Unable to open secrets database\n");
return false;
}
if (asprintf(&account, "%s$@%s", global_myname(), lp_realm()) < 0) {
return false;
}
pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
if (!pass) {
d_printf("ERROR: Unable to fetch machine password for "
"%s in domain %s\n",
account, lp_workgroup());
SAFE_FREE(account);
return false;
}
set_cmdline_auth_info_username(account);
set_cmdline_auth_info_password(pass);
SAFE_FREE(account);
SAFE_FREE(pass);
return true;
}
/**************************************************************************n /**************************************************************************n
Find a suitable temporary directory. The result should be copied immediately Find a suitable temporary directory. The result should be copied immediately
as it may be overwritten by a subsequent call. as it may be overwritten by a subsequent call.

22
source3/libsmb/cliconnect.c
View File

@ -795,6 +795,8 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
int i; int i;
bool got_kerberos_mechanism = False; bool got_kerberos_mechanism = False;
DATA_BLOB blob; DATA_BLOB blob;
const char *p = NULL;
char *account = NULL;
DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length)); DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
@ -925,7 +927,17 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
ntlmssp: ntlmssp:
return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass, domain)); account = talloc_strdup(talloc_tos(), user);
ADS_ERROR_HAVE_NO_MEMORY(account);
/* when falling back to ntlmssp while authenticating with a machine
* account strip off the realm - gd */
if ((p = strchr_m(user, '@')) != NULL) {
account[PTR_DIFF(p,user)] = '\0';
}
return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, domain));
} }
/**************************************************************************** /****************************************************************************
@ -1867,12 +1879,18 @@ struct cli_state *get_ipc_connect(char *server,
{ {
struct cli_state *cli; struct cli_state *cli;
NTSTATUS nt_status; NTSTATUS nt_status;
uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
if (user_info->use_kerberos) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
}
nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC", nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
user_info->username ? user_info->username : "", user_info->username ? user_info->username : "",
lp_workgroup(), lp_workgroup(),
user_info->password ? user_info->password : "", user_info->password ? user_info->password : "",
CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK, Undefined, NULL); flags,
Undefined, NULL);
if (NT_STATUS_IS_OK(nt_status)) { if (NT_STATUS_IS_OK(nt_status)) {
return cli; return cli;

15
source3/rpcclient/rpcclient.c
View File

@ -736,6 +736,7 @@ out_free:
fstring new_workgroup; fstring new_workgroup;
int result = 0; int result = 0;
TALLOC_CTX *frame = talloc_stackframe(); TALLOC_CTX *frame = talloc_stackframe();
uint32_t flags = 0;
/* make sure the vars that get altered (4th field) are in /* make sure the vars that get altered (4th field) are in
a fixed location or certain compilers complain */ a fixed location or certain compilers complain */
@ -827,6 +828,12 @@ out_free:
* from stdin if necessary * from stdin if necessary
*/ */
if (get_cmdline_auth_info_use_machine_account() &&
!set_cmdline_auth_info_machine_account_creds()) {
result = 1;
goto done;
}
if (!get_cmdline_auth_info_got_pass()) { if (!get_cmdline_auth_info_got_pass()) {
char *pass = getpass("Password:"); char *pass = getpass("Password:");
if (pass) { if (pass) {
@ -839,13 +846,19 @@ out_free:
server += 2; server += 2;
} }
if (get_cmdline_auth_info_use_kerberos()) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
nt_status = cli_full_connection(&cli, global_myname(), server, nt_status = cli_full_connection(&cli, global_myname(), server,
opt_ipaddr ? &server_ss : NULL, opt_port, opt_ipaddr ? &server_ss : NULL, opt_port,
"IPC$", "IPC", "IPC$", "IPC",
get_cmdline_auth_info_username(), get_cmdline_auth_info_username(),
lp_workgroup(), lp_workgroup(),
get_cmdline_auth_info_password(), get_cmdline_auth_info_password(),
get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0, flags,
get_cmdline_auth_info_signing_state(),NULL); get_cmdline_auth_info_signing_state(),NULL);
if (!NT_STATUS_IS_OK(nt_status)) { if (!NT_STATUS_IS_OK(nt_status)) {

14
source3/utils/smbcacls.c
View File

@ -821,8 +821,20 @@ static struct cli_state *connect_one(const char *server, const char *share)
struct cli_state *c = NULL; struct cli_state *c = NULL;
struct sockaddr_storage ss; struct sockaddr_storage ss;
NTSTATUS nt_status; NTSTATUS nt_status;
uint32_t flags = 0;
zero_addr(&ss); zero_addr(&ss);
if (get_cmdline_auth_info_use_kerberos()) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
if (get_cmdline_auth_info_use_machine_account() &&
!set_cmdline_auth_info_machine_account_creds()) {
return NULL;
}
if (!get_cmdline_auth_info_got_pass()) { if (!get_cmdline_auth_info_got_pass()) {
char *pass = getpass("Password: "); char *pass = getpass("Password: ");
if (pass) { if (pass) {
@ -836,7 +848,7 @@ static struct cli_state *connect_one(const char *server, const char *share)
get_cmdline_auth_info_username(), get_cmdline_auth_info_username(),
lp_workgroup(), lp_workgroup(),
get_cmdline_auth_info_password(), get_cmdline_auth_info_password(),
get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0, flags,
get_cmdline_auth_info_signing_state(), get_cmdline_auth_info_signing_state(),
NULL); NULL);
if (!NT_STATUS_IS_OK(nt_status)) { if (!NT_STATUS_IS_OK(nt_status)) {

15
source3/utils/smbcquotas.c
View File

@ -371,8 +371,21 @@ static struct cli_state *connect_one(const char *share)
struct cli_state *c; struct cli_state *c;
struct sockaddr_storage ss; struct sockaddr_storage ss;
NTSTATUS nt_status; NTSTATUS nt_status;
uint32_t flags = 0;
zero_addr(&ss); zero_addr(&ss);
if (get_cmdline_auth_info_use_machine_account() &&
!set_cmdline_auth_info_machine_account_creds()) {
return NULL;
}
if (get_cmdline_auth_info_use_kerberos()) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
if (!get_cmdline_auth_info_got_pass()) { if (!get_cmdline_auth_info_got_pass()) {
char *pass = getpass("Password: "); char *pass = getpass("Password: ");
if (pass) { if (pass) {
@ -386,7 +399,7 @@ static struct cli_state *connect_one(const char *share)
get_cmdline_auth_info_username(), get_cmdline_auth_info_username(),
lp_workgroup(), lp_workgroup(),
get_cmdline_auth_info_password(), get_cmdline_auth_info_password(),
0, flags,
get_cmdline_auth_info_signing_state(), get_cmdline_auth_info_signing_state(),
NULL); NULL);
if (!NT_STATUS_IS_OK(nt_status)) { if (!NT_STATUS_IS_OK(nt_status)) {

6
source3/utils/smbtree.c
View File

@ -302,6 +302,12 @@ static bool print_tree(struct user_auth_info *user_info)
/* Parse command line args */ /* Parse command line args */
if (get_cmdline_auth_info_use_machine_account() &&
!set_cmdline_auth_info_machine_account_creds()) {
TALLOC_FREE(frame);
return 1;
}
if (!get_cmdline_auth_info_got_pass()) { if (!get_cmdline_auth_info_got_pass()) {
char *pass = getpass("Password: "); char *pass = getpass("Password: ");
if (pass) { if (pass) {