mirror of
https://github.com/samba-team/samba.git
synced 2025-02-05 21:57:51 +03:00
Cleint-side-auth/kerberos fixes from HEAD, and don't connect to a share
twice, let the libsmb code determine what form the share name should take. Andrew Bartlett
This commit is contained in:
Andrew Bartlett
-
parent
935c66f6a0
commit
a25f612664
@ -41,6 +41,7 @@ static pstring password;
|
||||
static pstring username;
|
||||
static pstring workgroup;
|
||||
static char *cmdstr;
|
||||
static BOOL got_user;
|
||||
static BOOL got_pass;
|
||||
static int io_bufsize = 64512;
|
||||
static BOOL use_kerberos;
|
||||
@ -2433,24 +2434,9 @@ static struct cli_state *do_connect(const char *server, const char *share)
|
||||
|
||||
if (!cli_send_tconX(c, sharename, "?????",
|
||||
password, strlen(password)+1)) {
|
||||
pstring full_share;
|
||||
|
||||
/*
|
||||
* Some servers require \\server\share for the share
|
||||
* while others are happy with share as we gave above
|
||||
* Lets see if we give it the long form if it works
|
||||
*/
|
||||
pstrcpy(full_share, "\\\\");
|
||||
pstrcat(full_share, server);
|
||||
pstrcat(full_share, "\\");
|
||||
pstrcat(full_share, sharename);
|
||||
if (!cli_send_tconX(c, full_share, "?????", password,
|
||||
strlen(password) + 1)) {
|
||||
|
||||
d_printf("tree connect failed: %s\n", cli_errstr(c));
|
||||
cli_shutdown(c);
|
||||
return NULL;
|
||||
}
|
||||
d_printf("tree connect failed: %s\n", cli_errstr(c));
|
||||
cli_shutdown(c);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
DEBUG(4,(" tconx ok\n"));
|
||||
@ -2889,6 +2875,8 @@ static void remember_query_host(const char *arg,
|
||||
case 'U':
|
||||
{
|
||||
char *lp;
|
||||
|
||||
got_user = True;
|
||||
pstrcpy(username,optarg);
|
||||
if ((lp=strchr_m(username,'%'))) {
|
||||
*lp = 0;
|
||||
@ -2985,7 +2973,6 @@ static void remember_query_host(const char *arg,
|
||||
case 'k':
|
||||
#ifdef HAVE_KRB5
|
||||
use_kerberos = True;
|
||||
got_pass = True;
|
||||
#else
|
||||
d_printf("No kerberos support compiled in\n");
|
||||
exit(1);
|
||||
@ -2997,6 +2984,9 @@ static void remember_query_host(const char *arg,
|
||||
}
|
||||
}
|
||||
|
||||
if (use_kerberos && !got_user)
|
||||
got_pass = True;
|
||||
|
||||
init_names();
|
||||
|
||||
if(*new_name_resolve_order)
|
||||
|
||||
@ -41,12 +41,16 @@ static pstring options;
|
||||
static struct in_addr dest_ip;
|
||||
static BOOL have_ip;
|
||||
static int smb_port = 0;
|
||||
static BOOL got_user;
|
||||
static BOOL got_pass;
|
||||
static uid_t mount_uid;
|
||||
static gid_t mount_gid;
|
||||
static int mount_ro;
|
||||
static unsigned mount_fmask;
|
||||
static unsigned mount_dmask;
|
||||
static BOOL use_kerberos;
|
||||
/* TODO: Add code to detect smbfs version in kernel */
|
||||
static BOOL status32_smbfs = False;
|
||||
|
||||
static void usage(void);
|
||||
|
||||
@ -155,7 +159,14 @@ static struct cli_state *do_connection(char *the_service)
|
||||
}
|
||||
|
||||
/* SPNEGO doesn't work till we get NTSTATUS error support */
|
||||
c->use_spnego = False;
|
||||
/* But it is REQUIRED for kerberos authentication */
|
||||
if(!use_kerberos) c->use_spnego = False;
|
||||
|
||||
/* The kernel doesn't yet know how to sign it's packets */
|
||||
c->sign_info.allow_smb_signing = False;
|
||||
|
||||
/* Use kerberos authentication if specified */
|
||||
c->use_kerberos = use_kerberos;
|
||||
|
||||
if (!cli_session_request(c, &calling, &called)) {
|
||||
char *p;
|
||||
@ -190,9 +201,17 @@ static struct cli_state *do_connection(char *the_service)
|
||||
|
||||
/* This should be right for current smbfs. Future versions will support
|
||||
large files as well as unicode and oplocks. */
|
||||
c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS |
|
||||
CAP_NT_FIND | CAP_STATUS32 | CAP_LEVEL_II_OPLOCKS);
|
||||
c->force_dos_errors = True;
|
||||
if (status32_smbfs) {
|
||||
c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS |
|
||||
CAP_NT_FIND | CAP_LEVEL_II_OPLOCKS);
|
||||
}
|
||||
else {
|
||||
c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS |
|
||||
CAP_NT_FIND | CAP_STATUS32 |
|
||||
CAP_LEVEL_II_OPLOCKS);
|
||||
c->force_dos_errors = True;
|
||||
}
|
||||
|
||||
if (!cli_session_setup(c, username,
|
||||
password, strlen(password),
|
||||
password, strlen(password),
|
||||
@ -504,6 +523,9 @@ static void init_mount(void)
|
||||
fprintf(stderr,"smbmnt failed: %d\n", WEXITSTATUS(status));
|
||||
/* FIXME: do some proper error handling */
|
||||
exit(1);
|
||||
} else if (WIFSIGNALED(status)) {
|
||||
fprintf(stderr, "smbmnt killed by signal %d\n", WTERMSIG(status));
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* Ok... This is the rubicon for that mount point... At any point
|
||||
@ -623,8 +645,9 @@ static void read_credentials_file(char *filename)
|
||||
pstrcpy(password, val);
|
||||
got_pass = True;
|
||||
}
|
||||
else if (strwicmp("username", param) == 0)
|
||||
else if (strwicmp("username", param) == 0) {
|
||||
pstrcpy(username, val);
|
||||
}
|
||||
|
||||
memset(buf, 0, sizeof(buf));
|
||||
}
|
||||
@ -646,6 +669,7 @@ static void usage(void)
|
||||
username=<arg> SMB username\n\
|
||||
password=<arg> SMB password\n\
|
||||
credentials=<filename> file with username/password\n\
|
||||
krb use kerberos (active directory)\n\
|
||||
netbiosname=<arg> source NetBIOS name\n\
|
||||
uid=<arg> mount uid or username\n\
|
||||
gid=<arg> mount gid or groupname\n\
|
||||
@ -687,6 +711,17 @@ static void parse_mount_smb(int argc, char **argv)
|
||||
int val;
|
||||
char *p;
|
||||
|
||||
/* FIXME: This function can silently fail if the arguments are
|
||||
* not in the expected order.
|
||||
|
||||
> The arguments syntax of smbmount 2.2.3a (smbfs of Debian stable)
|
||||
> requires that one gives "-o" before further options like username=...
|
||||
> . Without -o, the username=.. setting is *silently* ignored. I've
|
||||
> spent about an hour trying to find out why I couldn't log in now..
|
||||
|
||||
*/
|
||||
|
||||
|
||||
if (argc < 2 || argv[1][0] == '-') {
|
||||
usage();
|
||||
exit(1);
|
||||
@ -721,6 +756,7 @@ static void parse_mount_smb(int argc, char **argv)
|
||||
if (!strcmp(opts, "username") ||
|
||||
!strcmp(opts, "logon")) {
|
||||
char *lp;
|
||||
got_user = True;
|
||||
pstrcpy(username,opteq+1);
|
||||
if ((lp=strchr_m(username,'%'))) {
|
||||
*lp = 0;
|
||||
@ -778,6 +814,16 @@ static void parse_mount_smb(int argc, char **argv)
|
||||
} else if(!strcmp(opts, "guest")) {
|
||||
*password = '\0';
|
||||
got_pass = True;
|
||||
} else if(!strcmp(opts, "krb")) {
|
||||
#ifdef HAVE_KRB5
|
||||
|
||||
use_kerberos = True;
|
||||
if(!status32_smbfs)
|
||||
fprintf(stderr, "Warning: kerberos support will only work for samba servers\n");
|
||||
#else
|
||||
fprintf(stderr,"No kerberos support compiled in\n");
|
||||
exit(1);
|
||||
#endif
|
||||
} else if(!strcmp(opts, "rw")) {
|
||||
mount_ro = 0;
|
||||
} else if(!strcmp(opts, "ro")) {
|
||||
@ -862,6 +908,10 @@ static void parse_mount_smb(int argc, char **argv)
|
||||
|
||||
parse_mount_smb(argc, argv);
|
||||
|
||||
if (use_kerberos && !got_user) {
|
||||
got_pass = True;
|
||||
}
|
||||
|
||||
if (*credentials != 0) {
|
||||
read_credentials_file(credentials);
|
||||
}
|
||||
|
||||
@ -4018,6 +4018,7 @@ static void usage(void)
|
||||
{
|
||||
int opt, i;
|
||||
char *p;
|
||||
int gotuser = 0;
|
||||
int gotpass = 0;
|
||||
extern char *optarg;
|
||||
extern int optind;
|
||||
@ -4103,13 +4104,13 @@ static void usage(void)
|
||||
case 'k':
|
||||
#ifdef HAVE_KRB5
|
||||
use_kerberos = True;
|
||||
gotpass = True;
|
||||
#else
|
||||
d_printf("No kerberos support compiled in\n");
|
||||
exit(1);
|
||||
#endif
|
||||
break;
|
||||
case 'U':
|
||||
gotuser = 1;
|
||||
fstrcpy(username,optarg);
|
||||
p = strchr_m(username,'%');
|
||||
if (p) {
|
||||
@ -4124,6 +4125,7 @@ static void usage(void)
|
||||
}
|
||||
}
|
||||
|
||||
if(use_kerberos && !gotuser) gotpass = True;
|
||||
|
||||
while (!gotpass) {
|
||||
p = getpass("Password:");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user