diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-02-24 03:28:37 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-24 03:28:37 +0000 |
commit | 630944d179bd3b1ff877b9c52c00c3f452a2e9cf (patch) | |
tree | 1adaab9002c0faa2dbcbd2766a26614517b9c7f0 | |
parent | a9ae0df3332270cc66cd9167564ff9ee93f23f44 (diff) | |
download | samba-630944d179bd3b1ff877b9c52c00c3f452a2e9cf.tar.gz samba-630944d179bd3b1ff877b9c52c00c3f452a2e9cf.tar.bz2 samba-630944d179bd3b1ff877b9c52c00c3f452a2e9cf.zip |
Cleint-side-auth/kerberos fixes from HEAD, and don't connect to a share
twice, let the libsmb code determine what form the share name should take.
Andrew Bartlett
(This used to be commit a25f6126647c94551c03bfc28e3fb5ec5ef6264a)
-rw-r--r-- | source3/client/client.c | 28 | ||||
-rw-r--r-- | source3/client/smbmount.c | 60 | ||||
-rw-r--r-- | source3/torture/torture.c | 4 |
3 files changed, 67 insertions, 25 deletions
diff --git a/source3/client/client.c b/source3/client/client.c index 4761b0ae5c..5da12fd984 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -41,6 +41,7 @@ static pstring password; static pstring username; static pstring workgroup; static char *cmdstr; +static BOOL got_user; static BOOL got_pass; static int io_bufsize = 64512; static BOOL use_kerberos; @@ -2433,24 +2434,9 @@ static struct cli_state *do_connect(const char *server, const char *share) if (!cli_send_tconX(c, sharename, "?????", password, strlen(password)+1)) { - pstring full_share; - - /* - * Some servers require \\server\share for the share - * while others are happy with share as we gave above - * Lets see if we give it the long form if it works - */ - pstrcpy(full_share, "\\\\"); - pstrcat(full_share, server); - pstrcat(full_share, "\\"); - pstrcat(full_share, sharename); - if (!cli_send_tconX(c, full_share, "?????", password, - strlen(password) + 1)) { - - d_printf("tree connect failed: %s\n", cli_errstr(c)); - cli_shutdown(c); - return NULL; - } + d_printf("tree connect failed: %s\n", cli_errstr(c)); + cli_shutdown(c); + return NULL; } DEBUG(4,(" tconx ok\n")); @@ -2889,6 +2875,8 @@ static void remember_query_host(const char *arg, case 'U': { char *lp; + + got_user = True; pstrcpy(username,optarg); if ((lp=strchr_m(username,'%'))) { *lp = 0; @@ -2985,7 +2973,6 @@ static void remember_query_host(const char *arg, case 'k': #ifdef HAVE_KRB5 use_kerberos = True; - got_pass = True; #else d_printf("No kerberos support compiled in\n"); exit(1); @@ -2997,6 +2984,9 @@ static void remember_query_host(const char *arg, } } + if (use_kerberos && !got_user) + got_pass = True; + init_names(); if(*new_name_resolve_order) diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c index 2c70f3ff50..e2372d02b4 100644 --- a/source3/client/smbmount.c +++ b/source3/client/smbmount.c @@ -41,12 +41,16 @@ static pstring options; static struct in_addr dest_ip; static BOOL have_ip; static int smb_port = 0; +static BOOL got_user; static BOOL got_pass; static uid_t mount_uid; static gid_t mount_gid; static int mount_ro; static unsigned mount_fmask; static unsigned mount_dmask; +static BOOL use_kerberos; +/* TODO: Add code to detect smbfs version in kernel */ +static BOOL status32_smbfs = False; static void usage(void); @@ -155,7 +159,14 @@ static struct cli_state *do_connection(char *the_service) } /* SPNEGO doesn't work till we get NTSTATUS error support */ - c->use_spnego = False; + /* But it is REQUIRED for kerberos authentication */ + if(!use_kerberos) c->use_spnego = False; + + /* The kernel doesn't yet know how to sign it's packets */ + c->sign_info.allow_smb_signing = False; + + /* Use kerberos authentication if specified */ + c->use_kerberos = use_kerberos; if (!cli_session_request(c, &calling, &called)) { char *p; @@ -190,9 +201,17 @@ static struct cli_state *do_connection(char *the_service) /* This should be right for current smbfs. Future versions will support large files as well as unicode and oplocks. */ - c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS | - CAP_NT_FIND | CAP_STATUS32 | CAP_LEVEL_II_OPLOCKS); - c->force_dos_errors = True; + if (status32_smbfs) { + c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS | + CAP_NT_FIND | CAP_LEVEL_II_OPLOCKS); + } + else { + c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS | + CAP_NT_FIND | CAP_STATUS32 | + CAP_LEVEL_II_OPLOCKS); + c->force_dos_errors = True; + } + if (!cli_session_setup(c, username, password, strlen(password), password, strlen(password), @@ -504,6 +523,9 @@ static void init_mount(void) fprintf(stderr,"smbmnt failed: %d\n", WEXITSTATUS(status)); /* FIXME: do some proper error handling */ exit(1); + } else if (WIFSIGNALED(status)) { + fprintf(stderr, "smbmnt killed by signal %d\n", WTERMSIG(status)); + exit(1); } /* Ok... This is the rubicon for that mount point... At any point @@ -623,8 +645,9 @@ static void read_credentials_file(char *filename) pstrcpy(password, val); got_pass = True; } - else if (strwicmp("username", param) == 0) + else if (strwicmp("username", param) == 0) { pstrcpy(username, val); + } memset(buf, 0, sizeof(buf)); } @@ -646,6 +669,7 @@ static void usage(void) username=<arg> SMB username\n\ password=<arg> SMB password\n\ credentials=<filename> file with username/password\n\ + krb use kerberos (active directory)\n\ netbiosname=<arg> source NetBIOS name\n\ uid=<arg> mount uid or username\n\ gid=<arg> mount gid or groupname\n\ @@ -687,6 +711,17 @@ static void parse_mount_smb(int argc, char **argv) int val; char *p; + /* FIXME: This function can silently fail if the arguments are + * not in the expected order. + + > The arguments syntax of smbmount 2.2.3a (smbfs of Debian stable) + > requires that one gives "-o" before further options like username=... + > . Without -o, the username=.. setting is *silently* ignored. I've + > spent about an hour trying to find out why I couldn't log in now.. + + */ + + if (argc < 2 || argv[1][0] == '-') { usage(); exit(1); @@ -721,6 +756,7 @@ static void parse_mount_smb(int argc, char **argv) if (!strcmp(opts, "username") || !strcmp(opts, "logon")) { char *lp; + got_user = True; pstrcpy(username,opteq+1); if ((lp=strchr_m(username,'%'))) { *lp = 0; @@ -778,6 +814,16 @@ static void parse_mount_smb(int argc, char **argv) } else if(!strcmp(opts, "guest")) { *password = '\0'; got_pass = True; + } else if(!strcmp(opts, "krb")) { +#ifdef HAVE_KRB5 + + use_kerberos = True; + if(!status32_smbfs) + fprintf(stderr, "Warning: kerberos support will only work for samba servers\n"); +#else + fprintf(stderr,"No kerberos support compiled in\n"); + exit(1); +#endif } else if(!strcmp(opts, "rw")) { mount_ro = 0; } else if(!strcmp(opts, "ro")) { @@ -862,6 +908,10 @@ static void parse_mount_smb(int argc, char **argv) parse_mount_smb(argc, argv); + if (use_kerberos && !got_user) { + got_pass = True; + } + if (*credentials != 0) { read_credentials_file(credentials); } diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 5466d8ef9e..3fd0d7aa66 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -4018,6 +4018,7 @@ static void usage(void) { int opt, i; char *p; + int gotuser = 0; int gotpass = 0; extern char *optarg; extern int optind; @@ -4103,13 +4104,13 @@ static void usage(void) case 'k': #ifdef HAVE_KRB5 use_kerberos = True; - gotpass = True; #else d_printf("No kerberos support compiled in\n"); exit(1); #endif break; case 'U': + gotuser = 1; fstrcpy(username,optarg); p = strchr_m(username,'%'); if (p) { @@ -4124,6 +4125,7 @@ static void usage(void) } } + if(use_kerberos && !gotuser) gotpass = True; while (!gotpass) { p = getpass("Password:"); |