sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-30 17:49:30 +03:00
Code Activity

smbspool: Fix CUPS authentication protocol support.

Browse Source 
There were a couple of places where we weren't checking for
authentication correctly. This chance fixes those places and properly
supports Kerberos where available.
This commit is contained in:
Mike Sweet
2008-04-21 09:19:51 -07:00
committed by James Peach
parent 8c12c5cea0
commit 8eff35bc4a
1 changed files with 75 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
source/client/smbspool.c
View File

@ -53,6 +53,7 @@
* Local functions... * Local functions...
*/ */
static int get_exit_code(struct cli_state *cli, NTSTATUS nt_status);
static void list_devices(void); static void list_devices(void);
static struct cli_state *smb_complete_connection(const char *, const char *,int , const char *, const char *, const char *, const char *, int, int *need_auth); static struct cli_state *smb_complete_connection(const char *, const char *,int , const char *, const char *, const char *, const char *, int, int *need_auth);
static struct cli_state *smb_connect(const char *, const char *, int, const char *, const char *, const char *, const char *, int *need_auth); static struct cli_state *smb_connect(const char *, const char *, int, const char *, const char *, const char *, const char *, int *need_auth);
@ -234,8 +235,7 @@ static bool smb_encrypt;
port=atoi(sep); port=atoi(sep);
} }
else else
port=0; port = 445;
/* /*
* Setup the SAMBA server state... * Setup the SAMBA server state...
@ -263,10 +263,7 @@ static bool smb_encrypt;
if ((cli = smb_connect(workgroup, server, port, printer, username, password, argv[2], &need_auth)) == NULL) if ((cli = smb_connect(workgroup, server, port, printer, username, password, argv[2], &need_auth)) == NULL)
{ {
if (need_auth) if (need_auth)
{
fputs("ATTR: auth-info-required=username,password\n", stderr);
exit(2); exit(2);
}
else if (getenv("CLASS") == NULL) else if (getenv("CLASS") == NULL)
{ {
fprintf(stderr, "ERROR: Unable to connect to CIFS host, will retry in 60 seconds...\n"); fprintf(stderr, "ERROR: Unable to connect to CIFS host, will retry in 60 seconds...\n");
@ -318,6 +315,54 @@ static bool smb_encrypt;
} }
/*
* 'get_exit_code()' - Get the backend exit code based on the current error.
*/
static int
get_exit_code(struct cli_state *cli,
NTSTATUS nt_status)
{
int i;
static const NTSTATUS auth_errors[] =
{ /* List of NTSTATUS errors that are considered authentication errors */
NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_VIOLATION,
NT_STATUS_SHARING_VIOLATION, NT_STATUS_PRIVILEGE_NOT_HELD,
NT_STATUS_INVALID_ACCOUNT_NAME, NT_STATUS_NO_SUCH_USER,
NT_STATUS_WRONG_PASSWORD, NT_STATUS_LOGON_FAILURE,
NT_STATUS_ACCOUNT_RESTRICTION, NT_STATUS_INVALID_LOGON_HOURS,
NT_STATUS_PASSWORD_EXPIRED, NT_STATUS_ACCOUNT_DISABLED
};
fprintf(stderr, "DEBUG: get_exit_code(cli=%p, nt_status=%x)\n", cli, nt_status);
for (i = 0; i < (int)(sizeof(auth_errors) / sizeof(auth_errors[0])); i ++)
if (NT_STATUS_V(nt_status) == NT_STATUS_V(auth_errors[i]))
{
if (cli)
{
if (cli->use_kerberos || (cli->capabilities & CAP_EXTENDED_SECURITY))
fputs("ATTR: auth-info-required=negotiate\n", stderr);
else
fputs("ATTR: auth-info-required=username,password\n", stderr);
}
/*
* 2 = authentication required...
*/
return (2);
}
/*
* 1 = fail
*/
return (1);
}
/* /*
* 'list_devices()' - List the available printers seen on the network... * 'list_devices()' - List the available printers seen on the network...
*/ */
@ -346,16 +391,6 @@ static struct cli_state
{ {
struct cli_state *cli; /* New connection */ struct cli_state *cli; /* New connection */
NTSTATUS nt_status; NTSTATUS nt_status;
int i;
static const NTSTATUS auth_errors[] =
{ /* List of NTSTATUS errors that are considered authentication errors */
NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_VIOLATION,
NT_STATUS_SHARING_VIOLATION, NT_STATUS_PRIVILEGE_NOT_HELD,
NT_STATUS_INVALID_ACCOUNT_NAME, NT_STATUS_NO_SUCH_USER,
NT_STATUS_WRONG_PASSWORD, NT_STATUS_LOGON_FAILURE,
NT_STATUS_ACCOUNT_RESTRICTION, NT_STATUS_INVALID_LOGON_HOURS,
NT_STATUS_PASSWORD_EXPIRED, NT_STATUS_ACCOUNT_DISABLED
};
/* Start the SMB connection */ /* Start the SMB connection */
*need_auth = 0; *need_auth = 0;
@ -367,7 +402,7 @@ static struct cli_state
return NULL; return NULL;
} }
/* We pretty much guarentee password must be valid or a pointer /* We pretty much guarantee password must be valid or a pointer
to a 0 char. */ to a 0 char. */
if (!password) { if (!password) {
*need_auth = 1; *need_auth = 1;
@ -382,12 +417,8 @@ static struct cli_state
{ {
fprintf(stderr,"ERROR: Session setup failed: %s\n", nt_errstr(nt_status)); fprintf(stderr,"ERROR: Session setup failed: %s\n", nt_errstr(nt_status));
for (i = 0; i < (int)(sizeof(auth_errors) / sizeof(auth_errors[0])); i ++) if (get_exit_code(cli, nt_status) == 2)
if (NT_STATUS_V(nt_status) == NT_STATUS_V(auth_errors[i]))
{
*need_auth = 1; *need_auth = 1;
break;
}
cli_shutdown(cli); cli_shutdown(cli);
@ -397,14 +428,9 @@ static struct cli_state
if (!cli_send_tconX(cli, share, "?????", password, strlen(password)+1)) if (!cli_send_tconX(cli, share, "?????", password, strlen(password)+1))
{ {
fprintf(stderr, "ERROR: Tree connect failed (%s)\n", cli_errstr(cli)); fprintf(stderr, "ERROR: Tree connect failed (%s)\n", cli_errstr(cli));
nt_status = cli_nt_error(cli);
for (i = 0; i < (int)(sizeof(auth_errors) / sizeof(auth_errors[0])); i ++) if (get_exit_code(cli, cli_nt_error(cli)) == 2)
if (NT_STATUS_V(nt_status) == NT_STATUS_V(auth_errors[i]))
{
*need_auth = 1; *need_auth = 1;
break;
}
cli_shutdown(cli); cli_shutdown(cli);
@ -466,7 +492,10 @@ smb_connect(const char *workgroup, /* I - Workgroup */
cli = smb_complete_connection(myname, server, port, username, cli = smb_complete_connection(myname, server, port, username,
password, workgroup, share, 0, need_auth); password, workgroup, share, 0, need_auth);
if (cli) if (cli)
return cli; {
fputs("DEBUG: Connected with username/password...\n", stderr);
return (cli);
}
} }
/* /*
@ -476,10 +505,13 @@ smb_connect(const char *workgroup, /* I - Workgroup */
workgroup, share, workgroup, share,
CLI_FULL_CONNECTION_USE_KERBEROS, need_auth); CLI_FULL_CONNECTION_USE_KERBEROS, need_auth);
if (cli ) { return cli; } if (cli)
{
fputs("DEBUG: Connected using Kerberos...\n", stderr);
return (cli);
}
/* give a chance for a passwordless NTLMSSP session setup */ /* give a chance for a passwordless NTLMSSP session setup */
pwd = getpwuid(geteuid()); pwd = getpwuid(geteuid());
if (pwd == NULL) { if (pwd == NULL) {
return NULL; return NULL;
@ -488,7 +520,11 @@ smb_connect(const char *workgroup, /* I - Workgroup */
cli = smb_complete_connection(myname, server, port, pwd->pw_name, "", cli = smb_complete_connection(myname, server, port, pwd->pw_name, "",
workgroup, share, 0, need_auth); workgroup, share, 0, need_auth);
if (cli) { return cli; } if (cli)
{
fputs("DEBUG: Connected with NTLMSSP...\n", stderr);
return (cli);
}
/* /*
* last try. Use anonymous authentication * last try. Use anonymous authentication
@ -536,7 +572,7 @@ smb_print(struct cli_state *cli, /* I - SMB connection */
{ {
fprintf(stderr, "ERROR: %s opening remote spool %s\n", fprintf(stderr, "ERROR: %s opening remote spool %s\n",
cli_errstr(cli), title); cli_errstr(cli), title);
return (1); return (get_exit_code(cli, cli_nt_error(cli)));
} }
/* /*
@ -552,8 +588,13 @@ smb_print(struct cli_state *cli, /* I - SMB connection */
{ {
if (cli_write(cli, fnum, 0, buffer, tbytes, nbytes) != nbytes) if (cli_write(cli, fnum, 0, buffer, tbytes, nbytes) != nbytes)
{ {
int status = get_exit_code(cli, cli_nt_error(cli));
fprintf(stderr, "ERROR: Error writing spool: %s\n", cli_errstr(cli)); fprintf(stderr, "ERROR: Error writing spool: %s\n", cli_errstr(cli));
break; fprintf(stderr, "DEBUG: Returning status %d...\n", status);
cli_close(cli, fnum);
return (status);
} }
tbytes += nbytes; tbytes += nbytes;
@ -563,7 +604,7 @@ smb_print(struct cli_state *cli, /* I - SMB connection */
{ {
fprintf(stderr, "ERROR: %s closing remote spool %s\n", fprintf(stderr, "ERROR: %s closing remote spool %s\n",
cli_errstr(cli), title); cli_errstr(cli), title);
return (1); return (get_exit_code(cli, cli_nt_error(cli)));
} }
else else
return (0); return (0);