summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-02-24 03:28:37 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-02-24 03:28:37 +0000
commit630944d179bd3b1ff877b9c52c00c3f452a2e9cf (patch)
tree1adaab9002c0faa2dbcbd2766a26614517b9c7f0
parenta9ae0df3332270cc66cd9167564ff9ee93f23f44 (diff)
downloadsamba-630944d179bd3b1ff877b9c52c00c3f452a2e9cf.tar.gz
samba-630944d179bd3b1ff877b9c52c00c3f452a2e9cf.tar.bz2
samba-630944d179bd3b1ff877b9c52c00c3f452a2e9cf.zip
Cleint-side-auth/kerberos fixes from HEAD, and don't connect to a share
twice, let the libsmb code determine what form the share name should take. Andrew Bartlett (This used to be commit a25f6126647c94551c03bfc28e3fb5ec5ef6264a)
-rw-r--r--source3/client/client.c28
-rw-r--r--source3/client/smbmount.c60
-rw-r--r--source3/torture/torture.c4
3 files changed, 67 insertions, 25 deletions
diff --git a/source3/client/client.c b/source3/client/client.c
index 4761b0ae5c..5da12fd984 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -41,6 +41,7 @@ static pstring password;
static pstring username;
static pstring workgroup;
static char *cmdstr;
+static BOOL got_user;
static BOOL got_pass;
static int io_bufsize = 64512;
static BOOL use_kerberos;
@@ -2433,24 +2434,9 @@ static struct cli_state *do_connect(const char *server, const char *share)
if (!cli_send_tconX(c, sharename, "?????",
password, strlen(password)+1)) {
- pstring full_share;
-
- /*
- * Some servers require \\server\share for the share
- * while others are happy with share as we gave above
- * Lets see if we give it the long form if it works
- */
- pstrcpy(full_share, "\\\\");
- pstrcat(full_share, server);
- pstrcat(full_share, "\\");
- pstrcat(full_share, sharename);
- if (!cli_send_tconX(c, full_share, "?????", password,
- strlen(password) + 1)) {
-
- d_printf("tree connect failed: %s\n", cli_errstr(c));
- cli_shutdown(c);
- return NULL;
- }
+ d_printf("tree connect failed: %s\n", cli_errstr(c));
+ cli_shutdown(c);
+ return NULL;
}
DEBUG(4,(" tconx ok\n"));
@@ -2889,6 +2875,8 @@ static void remember_query_host(const char *arg,
case 'U':
{
char *lp;
+
+ got_user = True;
pstrcpy(username,optarg);
if ((lp=strchr_m(username,'%'))) {
*lp = 0;
@@ -2985,7 +2973,6 @@ static void remember_query_host(const char *arg,
case 'k':
#ifdef HAVE_KRB5
use_kerberos = True;
- got_pass = True;
#else
d_printf("No kerberos support compiled in\n");
exit(1);
@@ -2997,6 +2984,9 @@ static void remember_query_host(const char *arg,
}
}
+ if (use_kerberos && !got_user)
+ got_pass = True;
+
init_names();
if(*new_name_resolve_order)
diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c
index 2c70f3ff50..e2372d02b4 100644
--- a/source3/client/smbmount.c
+++ b/source3/client/smbmount.c
@@ -41,12 +41,16 @@ static pstring options;
static struct in_addr dest_ip;
static BOOL have_ip;
static int smb_port = 0;
+static BOOL got_user;
static BOOL got_pass;
static uid_t mount_uid;
static gid_t mount_gid;
static int mount_ro;
static unsigned mount_fmask;
static unsigned mount_dmask;
+static BOOL use_kerberos;
+/* TODO: Add code to detect smbfs version in kernel */
+static BOOL status32_smbfs = False;
static void usage(void);
@@ -155,7 +159,14 @@ static struct cli_state *do_connection(char *the_service)
}
/* SPNEGO doesn't work till we get NTSTATUS error support */
- c->use_spnego = False;
+ /* But it is REQUIRED for kerberos authentication */
+ if(!use_kerberos) c->use_spnego = False;
+
+ /* The kernel doesn't yet know how to sign it's packets */
+ c->sign_info.allow_smb_signing = False;
+
+ /* Use kerberos authentication if specified */
+ c->use_kerberos = use_kerberos;
if (!cli_session_request(c, &calling, &called)) {
char *p;
@@ -190,9 +201,17 @@ static struct cli_state *do_connection(char *the_service)
/* This should be right for current smbfs. Future versions will support
large files as well as unicode and oplocks. */
- c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS |
- CAP_NT_FIND | CAP_STATUS32 | CAP_LEVEL_II_OPLOCKS);
- c->force_dos_errors = True;
+ if (status32_smbfs) {
+ c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS |
+ CAP_NT_FIND | CAP_LEVEL_II_OPLOCKS);
+ }
+ else {
+ c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS |
+ CAP_NT_FIND | CAP_STATUS32 |
+ CAP_LEVEL_II_OPLOCKS);
+ c->force_dos_errors = True;
+ }
+
if (!cli_session_setup(c, username,
password, strlen(password),
password, strlen(password),
@@ -504,6 +523,9 @@ static void init_mount(void)
fprintf(stderr,"smbmnt failed: %d\n", WEXITSTATUS(status));
/* FIXME: do some proper error handling */
exit(1);
+ } else if (WIFSIGNALED(status)) {
+ fprintf(stderr, "smbmnt killed by signal %d\n", WTERMSIG(status));
+ exit(1);
}
/* Ok... This is the rubicon for that mount point... At any point
@@ -623,8 +645,9 @@ static void read_credentials_file(char *filename)
pstrcpy(password, val);
got_pass = True;
}
- else if (strwicmp("username", param) == 0)
+ else if (strwicmp("username", param) == 0) {
pstrcpy(username, val);
+ }
memset(buf, 0, sizeof(buf));
}
@@ -646,6 +669,7 @@ static void usage(void)
username=<arg> SMB username\n\
password=<arg> SMB password\n\
credentials=<filename> file with username/password\n\
+ krb use kerberos (active directory)\n\
netbiosname=<arg> source NetBIOS name\n\
uid=<arg> mount uid or username\n\
gid=<arg> mount gid or groupname\n\
@@ -687,6 +711,17 @@ static void parse_mount_smb(int argc, char **argv)
int val;
char *p;
+ /* FIXME: This function can silently fail if the arguments are
+ * not in the expected order.
+
+ > The arguments syntax of smbmount 2.2.3a (smbfs of Debian stable)
+ > requires that one gives "-o" before further options like username=...
+ > . Without -o, the username=.. setting is *silently* ignored. I've
+ > spent about an hour trying to find out why I couldn't log in now..
+
+ */
+
+
if (argc < 2 || argv[1][0] == '-') {
usage();
exit(1);
@@ -721,6 +756,7 @@ static void parse_mount_smb(int argc, char **argv)
if (!strcmp(opts, "username") ||
!strcmp(opts, "logon")) {
char *lp;
+ got_user = True;
pstrcpy(username,opteq+1);
if ((lp=strchr_m(username,'%'))) {
*lp = 0;
@@ -778,6 +814,16 @@ static void parse_mount_smb(int argc, char **argv)
} else if(!strcmp(opts, "guest")) {
*password = '\0';
got_pass = True;
+ } else if(!strcmp(opts, "krb")) {
+#ifdef HAVE_KRB5
+
+ use_kerberos = True;
+ if(!status32_smbfs)
+ fprintf(stderr, "Warning: kerberos support will only work for samba servers\n");
+#else
+ fprintf(stderr,"No kerberos support compiled in\n");
+ exit(1);
+#endif
} else if(!strcmp(opts, "rw")) {
mount_ro = 0;
} else if(!strcmp(opts, "ro")) {
@@ -862,6 +908,10 @@ static void parse_mount_smb(int argc, char **argv)
parse_mount_smb(argc, argv);
+ if (use_kerberos && !got_user) {
+ got_pass = True;
+ }
+
if (*credentials != 0) {
read_credentials_file(credentials);
}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 5466d8ef9e..3fd0d7aa66 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -4018,6 +4018,7 @@ static void usage(void)
{
int opt, i;
char *p;
+ int gotuser = 0;
int gotpass = 0;
extern char *optarg;
extern int optind;
@@ -4103,13 +4104,13 @@ static void usage(void)
case 'k':
#ifdef HAVE_KRB5
use_kerberos = True;
- gotpass = True;
#else
d_printf("No kerberos support compiled in\n");
exit(1);
#endif
break;
case 'U':
+ gotuser = 1;
fstrcpy(username,optarg);
p = strchr_m(username,'%');
if (p) {
@@ -4124,6 +4125,7 @@ static void usage(void)
}
}
+ if(use_kerberos && !gotuser) gotpass = True;
while (!gotpass) {
p = getpass("Password:");