diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index eaac4638a90..e3e2bc4e0b5 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2854,6 +2854,7 @@ NTSTATUS cli_connect_nb(const char *host, const struct sockaddr_storage *dest_ss int fd = -1; char *desthost; char *p; + int flags = 0; desthost = talloc_strdup(talloc_tos(), host); if (desthost == NULL) { @@ -2875,7 +2876,7 @@ NTSTATUS cli_connect_nb(const char *host, const struct sockaddr_storage *dest_ss goto fail; } - cli = cli_state_create(NULL, fd, desthost, NULL, signing_state); + cli = cli_state_create(NULL, fd, desthost, NULL, signing_state, flags); if (cli == NULL) { goto fail; } diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 4689c7aa63e..20b64b616c0 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -165,7 +165,7 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx, int fd, const char *remote_name, const char *remote_realm, - int signing_state) + int signing_state, int flags) { struct cli_state *cli = NULL; bool allow_smb_signing = false; @@ -204,6 +204,27 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx, if (getenv("CLI_FORCE_DOSERR")) cli->force_dos_errors = true; + if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) { + cli->use_spnego = false; + } else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) { + cli->use_kerberos = true; + } + if ((flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) && + cli->use_kerberos) { + cli->fallback_after_kerberos = true; + } + + if (flags & CLI_FULL_CONNECTION_USE_CCACHE) { + cli->use_ccache = true; + } + + if (flags & CLI_FULL_CONNECTION_OPLOCKS) { + cli->use_oplocks = true; + } + if (flags & CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS) { + cli->use_level_II_oplocks = true; + } + if (lp_client_signing()) { allow_smb_signing = true; } diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h index f9329241c7f..8ff0a1b2d6a 100644 --- a/source3/libsmb/proto.h +++ b/source3/libsmb/proto.h @@ -159,7 +159,8 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx, int fd, const char *remote_name, const char *remote_realm, - int signing_state); + int signing_state, + int flags); bool cli_state_encryption_on(struct cli_state *cli); void cli_nt_pipes_close(struct cli_state *cli); void cli_shutdown(struct cli_state *cli); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 09189aaa748..807ad40d378 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -787,6 +787,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, char *ipc_username = NULL; char *ipc_domain = NULL; char *ipc_password = NULL; + int flags = 0; struct named_mutex *mutex; @@ -806,9 +807,11 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, goto done; } + flags |= CLI_FULL_CONNECTION_USE_KERBEROS; + *cli = cli_state_create(NULL, sockfd, controller, domain->alt_name, - Undefined); + Undefined, flags); if (*cli == NULL) { DEBUG(1, ("Could not cli_initialize\n")); result = NT_STATUS_NO_MEMORY; @@ -817,8 +820,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, cli_set_timeout(*cli, 10000); /* 10 seconds */ - (*cli)->use_kerberos = True; - result = cli_negprot(*cli); if (!NT_STATUS_IS_OK(result)) {