From 8dd1faaa2992851f6852ba7ea4498445af5faadd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 17 Mar 2009 14:53:06 -0700 Subject: Remove the global "struct cm_cred_struct" and associated calls, make callers pass in a struct user_auth_info * instead. This commit causes smbc_set_credentials() to print out a message telling callers to use smbc_set_credentials_with_fallback() instead, as smbc_set_credentials() has a broken API (no SMBCCTX * pointer). No more global variables used in the connection manager API for client dfs calls. Jeremy. --- source3/libsmb/clidfs.c | 143 ++++++++++++++-------------------------- source3/libsmb/libsmb_context.c | 59 +++++++++-------- source3/libsmb/libsmb_dir.c | 37 +++++++---- source3/libsmb/libsmb_file.c | 35 ++++++---- source3/libsmb/libsmb_stat.c | 5 +- source3/libsmb/libsmb_xattr.c | 37 ++++++----- 6 files changed, 148 insertions(+), 168 deletions(-) (limited to 'source3/libsmb') diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 8544d5520e..18e7ab1dec 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -32,17 +32,6 @@ as a separator when looking at the pathname part.... JRA. ********************************************************************/ -static struct cm_cred_struct { - char *username; - char *password; - bool got_pass; - bool use_kerberos; - bool fallback_after_kerberos; - int signing_state; -} cm_creds; - -static void cm_set_password(const char *newpass); - static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, struct cli_state *cli, const char *sharename, @@ -96,6 +85,7 @@ NTSTATUS cli_cm_force_encryption(struct cli_state *c, static struct cli_state *do_connect(TALLOC_CTX *ctx, const char *server, const char *share, + const struct user_auth_info *auth_info, bool show_sessetup, bool force_encrypt, int max_protocol, @@ -143,7 +133,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, zero_sockaddr(&ss); /* have to open a new connection */ - if (!(c=cli_initialise_ex(cm_creds.signing_state))) { + if (!(c=cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)))) { d_printf("Connection to %s failed\n", server_n); if (c) { cli_shutdown(c); @@ -167,8 +157,9 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, max_protocol = PROTOCOL_NT1; } c->protocol = max_protocol; - c->use_kerberos = cm_creds.use_kerberos; - c->fallback_after_kerberos = cm_creds.fallback_after_kerberos; + c->use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info); + c->fallback_after_kerberos = + get_cmdline_auth_info_fallback_after_kerberos(auth_info); if (!cli_session_request(c, &calling, &called)) { char *p; @@ -198,20 +189,8 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, return NULL; } - if (!cm_creds.got_pass && !cm_creds.use_kerberos) { - char *label = NULL; - char *pass; - label = talloc_asprintf(ctx, "Enter %s's password: ", - cm_creds.username); - pass = getpass(label); - if (pass) { - cm_set_password(pass); - } - TALLOC_FREE(label); - } - - username = cm_creds.username ? cm_creds.username : ""; - password = cm_creds.password ? cm_creds.password : ""; + username = get_cmdline_auth_info_username(auth_info); + password = get_cmdline_auth_info_password(auth_info); if (!NT_STATUS_IS_OK(cli_session_setup(c, username, password, strlen(password), @@ -219,8 +198,9 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, lp_workgroup()))) { /* If a password was not supplied then * try again with a null username. */ - if (password[0] || !username[0] || cm_creds.use_kerberos || - !NT_STATUS_IS_OK(cli_session_setup(c, "", + if (password[0] || !username[0] || + get_cmdline_auth_info_use_kerberos(auth_info) || + !NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0, lp_workgroup()))) { @@ -259,7 +239,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, lp_workgroup())) { cli_shutdown(c); return do_connect(ctx, newserver, - newshare, false, + newshare, auth_info, false, force_encrypt, max_protocol, port, name_type); } @@ -313,6 +293,7 @@ static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx, struct cli_state *referring_cli, const char *server, const char *share, + const struct user_auth_info *auth_info, bool show_hdr, bool force_encrypt, int max_protocol, @@ -322,6 +303,7 @@ static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx, struct cli_state *cli; cli = do_connect(ctx, server, share, + auth_info, show_hdr, force_encrypt, max_protocol, port, name_type); @@ -389,6 +371,7 @@ struct cli_state *cli_cm_open(TALLOC_CTX *ctx, struct cli_state *referring_cli, const char *server, const char *share, + const struct user_auth_info *auth_info, bool show_hdr, bool force_encrypt, int max_protocol, @@ -402,9 +385,25 @@ struct cli_state *cli_cm_open(TALLOC_CTX *ctx, return c; } - return cli_cm_connect(ctx, referring_cli, - server, share, show_hdr, force_encrypt, - max_protocol, port, name_type); + if (auth_info == NULL) { + /* Can't do a new connection + * without auth info. */ + d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] " + "without auth info\n", + server, share ); + return NULL; + } + + return cli_cm_connect(ctx, + referring_cli, + server, + share, + auth_info, + show_hdr, + force_encrypt, + max_protocol, + port, + name_type); } /**************************************************************************** @@ -423,18 +422,10 @@ void cli_cm_display(const struct cli_state *cli) /**************************************************************************** ****************************************************************************/ -static void cm_set_password(const char *newpass) -{ - SAFE_FREE(cm_creds.password); - cm_creds.password = SMB_STRDUP(newpass); - if (cm_creds.password) { - cm_creds.got_pass = true; - } -} - /**************************************************************************** ****************************************************************************/ +#if 0 void cli_cm_set_credentials(struct user_auth_info *auth_info) { SAFE_FREE(cm_creds.username); @@ -449,51 +440,7 @@ void cli_cm_set_credentials(struct user_auth_info *auth_info) cm_creds.fallback_after_kerberos = false; cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info); } - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_set_signing_state(int state) -{ - cm_creds.signing_state = state; -} - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_set_username(const char *username) -{ - SAFE_FREE(cm_creds.username); - cm_creds.username = SMB_STRDUP(username); -} - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_set_password(const char *newpass) -{ - SAFE_FREE(cm_creds.password); - cm_creds.password = SMB_STRDUP(newpass); - if (cm_creds.password) { - cm_creds.got_pass = true; - } -} - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_set_use_kerberos(void) -{ - cm_creds.use_kerberos = true; -} - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_set_fallback_after_kerberos(void) -{ - cm_creds.fallback_after_kerberos = true; -} +#endif /********************************************************************** split a dfs path into the server, share name, and extrapath components @@ -763,6 +710,7 @@ bool cli_dfs_get_referral(TALLOC_CTX *ctx, bool cli_resolve_path(TALLOC_CTX *ctx, const char *mountpt, + const struct user_auth_info *dfs_auth_info, struct cli_state *rootcli, const char *path, struct cli_state **targetcli, @@ -843,13 +791,16 @@ bool cli_resolve_path(TALLOC_CTX *ctx, /* Check for the referral. */ - if (!(cli_ipc = cli_cm_open(ctx, rootcli, - rootcli->desthost, - "IPC$", false, - (rootcli->trans_enc_state != NULL), - rootcli->protocol, - 0, - 0x20))) { + if (!(cli_ipc = cli_cm_open(ctx, + rootcli, + rootcli->desthost, + "IPC$", + dfs_auth_info, + false, + (rootcli->trans_enc_state != NULL), + rootcli->protocol, + 0, + 0x20))) { return false; } @@ -893,6 +844,7 @@ bool cli_resolve_path(TALLOC_CTX *ctx, if ((*targetcli = cli_cm_open(ctx, rootcli, server, share, + dfs_auth_info, false, (rootcli->trans_enc_state != NULL), rootcli->protocol, @@ -952,6 +904,7 @@ bool cli_resolve_path(TALLOC_CTX *ctx, if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) { if (cli_resolve_path(ctx, newmount, + dfs_auth_info, *targetcli, *pp_targetpath, &newcli, diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c index 4c12d18ab7..f09e9c6287 100644 --- a/source3/libsmb/libsmb_context.c +++ b/source3/libsmb/libsmb_context.c @@ -203,6 +203,9 @@ smbc_free_context(SMBCCTX *context, DEBUG(3, ("Context %p successfully freed\n", context)); + /* Free any DFS auth context. */ + TALLOC_FREE(context->internal->auth_info); + SAFE_FREE(context->internal); SAFE_FREE(context); @@ -625,32 +628,20 @@ smbc_version(void) return samba_version_string(); } - /* * Set the credentials so DFS will work when following referrals. + * This function is broken and must be removed. No SMBCCTX arg... + * JRA. */ + void smbc_set_credentials(const char *workgroup, - const char *user, - const char *password, - smbc_bool use_kerberos, - const char *signing_state) + const char *user, + const char *password, + smbc_bool use_kerberos, + const char *signing_state) { - struct user_auth_info *auth_info; - - auth_info = user_auth_info_init(talloc_tos()); - if (auth_info == NULL) { - return; - } - set_cmdline_auth_info_username(auth_info, user); - set_cmdline_auth_info_password(auth_info, password); - set_cmdline_auth_info_use_kerberos(auth_info, use_kerberos); - if (! set_cmdline_auth_info_signing_state(auth_info, signing_state)) { - DEBUG(0, ("Invalid signing state: %s", signing_state)); - } - set_global_myworkgroup(workgroup); - cli_cm_set_credentials(auth_info); - TALLOC_FREE(auth_info); + d_printf("smbc_set_credentials is obsolete. Replace with smbc_set_credentials_with_fallback().\n"); } void smbc_set_credentials_with_fallback(SMBCCTX *context, @@ -660,7 +651,11 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, { smbc_bool use_kerberos = false; const char *signing_state = "off"; - + struct user_auth_info *auth_info = user_auth_info_init(NULL); + + if (auth_info) { + } + if (! context || ! workgroup || ! *workgroup || ! user || ! *user || @@ -669,6 +664,13 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, return; } + auth_info = user_auth_info_init(NULL); + + if (auth_info) { + DEBUG(0, ("smbc_set_credentials_with_fallback: allocation fail\n")); + return; + } + if (smbc_getOptionUseKerberos(context)) { use_kerberos = True; } @@ -681,10 +683,15 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, signing_state = "force"; } - smbc_set_credentials(workgroup, user, password, - use_kerberos, signing_state); + set_cmdline_auth_info_username(auth_info, user); + set_cmdline_auth_info_password(auth_info, password); + set_cmdline_auth_info_use_kerberos(auth_info, use_kerberos); + set_cmdline_auth_info_signing_state(auth_info, signing_state); + set_cmdline_auth_info_fallback_after_kerberos(auth_info, + smbc_getOptionFallbackAfterKerberos(context)); + set_global_myworkgroup(workgroup); - if (smbc_getOptionFallbackAfterKerberos(context)) { - cli_cm_set_fallback_after_kerberos(); - } + TALLOC_FREE(context->internal->auth_info); + + context->internal->auth_info = auth_info; } diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c index 56661af70b..2255db6617 100644 --- a/source3/libsmb/libsmb_dir.c +++ b/source3/libsmb/libsmb_dir.c @@ -770,8 +770,9 @@ SMBC_opendir_ctx(SMBCCTX *context, return NULL; } - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); if (dir) { SAFE_FREE(dir->fname); @@ -1166,8 +1167,9 @@ SMBC_mkdir_ctx(SMBCCTX *context, } /*d_printf(">>>mkdir: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -1272,8 +1274,9 @@ SMBC_rmdir_ctx(SMBCCTX *context, } /*d_printf(">>>rmdir: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -1554,8 +1557,9 @@ SMBC_chmod_ctx(SMBCCTX *context, } /*d_printf(">>>unlink: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -1745,8 +1749,9 @@ SMBC_unlink_ctx(SMBCCTX *context, } /*d_printf(">>>unlink: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -1917,8 +1922,10 @@ SMBC_rename_ctx(SMBCCTX *ocontext, password1); /*d_printf(">>>rename: resolving %s\n", path1);*/ - if (!cli_resolve_path(frame, "", srv->cli, path1, - &targetcli1, &targetpath1)) { + if (!cli_resolve_path(frame, "", ocontext->internal->auth_info, + srv->cli, + path1, + &targetcli1, &targetpath1)) { d_printf("Could not resolve %s\n", path1); TALLOC_FREE(frame); return -1; @@ -1932,8 +1939,10 @@ SMBC_rename_ctx(SMBCCTX *ocontext, /*d_printf(">>>rename: resolved path as %s\n", targetpath1);*/ /*d_printf(">>>rename: resolving %s\n", path2);*/ - if (!cli_resolve_path(frame, "", srv->cli, path2, - &targetcli2, &targetpath2)) { + if (!cli_resolve_path(frame, "", ncontext->internal->auth_info, + srv->cli, + path2, + &targetcli2, &targetpath2)) { d_printf("Could not resolve %s\n", path2); TALLOC_FREE(frame); return -1; diff --git a/source3/libsmb/libsmb_file.c b/source3/libsmb/libsmb_file.c index 28256bb241..06e41ad21e 100644 --- a/source3/libsmb/libsmb_file.c +++ b/source3/libsmb/libsmb_file.c @@ -115,8 +115,9 @@ SMBC_open_ctx(SMBCCTX *context, ZERO_STRUCTP(file); /*d_printf(">>>open: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); SAFE_FREE(file); TALLOC_FREE(frame); @@ -295,8 +296,9 @@ SMBC_read_ctx(SMBCCTX *context, } /*d_printf(">>>read: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -384,8 +386,9 @@ SMBC_write_ctx(SMBCCTX *context, } /*d_printf(">>>write: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -459,8 +462,9 @@ SMBC_close_ctx(SMBCCTX *context, } /*d_printf(">>>close: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -541,8 +545,9 @@ SMBC_getatr(SMBCCTX * context, } DEBUG(4,("SMBC_getatr: sending qpathinfo\n")); - if (!cli_resolve_path(frame, "", srv->cli, fixedpath, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, fixedpath, + &targetcli, &targetpath)) { d_printf("Couldn't resolve %s\n", path); TALLOC_FREE(frame); return False; @@ -753,8 +758,9 @@ SMBC_lseek_ctx(SMBCCTX *context, } /*d_printf(">>>lseek: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -844,8 +850,9 @@ SMBC_ftruncate_ctx(SMBCCTX *context, } /*d_printf(">>>fstat: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; diff --git a/source3/libsmb/libsmb_stat.c b/source3/libsmb/libsmb_stat.c index f8571ff110..dc904d2753 100644 --- a/source3/libsmb/libsmb_stat.c +++ b/source3/libsmb/libsmb_stat.c @@ -257,8 +257,9 @@ SMBC_fstat_ctx(SMBCCTX *context, } /*d_printf(">>>fstat: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c index 70fbc27883..1ea53eb99a 100644 --- a/source3/libsmb/libsmb_xattr.c +++ b/source3/libsmb/libsmb_xattr.c @@ -891,7 +891,8 @@ cacl_get(SMBCCTX *context, /* Point to the portion after "system.nt_sec_desc." */ name += 19; /* if (all) this will be invalid but unused */ - if (!cli_resolve_path(ctx, "", cli, filename, + if (!cli_resolve_path(ctx, "", context->internal->auth_info, + cli, filename, &targetcli, &targetpath)) { DEBUG(5, ("cacl_get Could not resolve %s\n", filename)); @@ -1496,14 +1497,15 @@ cacl_get(SMBCCTX *context, set the ACLs on a file given an ascii description *******************************************************/ static int -cacl_set(TALLOC_CTX *ctx, - struct cli_state *cli, - struct cli_state *ipc_cli, - POLICY_HND *pol, - const char *filename, - char *the_acl, - int mode, - int flags) +cacl_set(SMBCCTX *context, + TALLOC_CTX *ctx, + struct cli_state *cli, + struct cli_state *ipc_cli, + POLICY_HND *pol, + const char *filename, + char *the_acl, + int mode, + int flags) { int fnum; int err = 0; @@ -1547,8 +1549,9 @@ cacl_set(TALLOC_CTX *ctx, return -1; } - if (!cli_resolve_path(ctx, "", cli, filename, - &targetcli, &targetpath)) { + if (!cli_resolve_path(ctx, "", context->internal->auth_info, + cli, filename, + &targetcli, &targetpath)) { DEBUG(5,("cacl_set: Could not resolve %s\n", filename)); errno = ENOENT; return -1; @@ -1793,7 +1796,7 @@ SMBC_setxattr_ctx(SMBCCTX *context, } if (ipc_srv) { - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, namevalue, (*namevalue == '*' @@ -1857,7 +1860,7 @@ SMBC_setxattr_ctx(SMBCCTX *context, errno = ENOMEM; ret = -1; } else { - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, namevalue, (*namevalue == '*' @@ -1887,7 +1890,7 @@ SMBC_setxattr_ctx(SMBCCTX *context, errno = ENOMEM; ret = -1; } else { - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, namevalue, SMBC_XATTR_MODE_CHOWN, 0); } @@ -1914,7 +1917,7 @@ SMBC_setxattr_ctx(SMBCCTX *context, errno = ENOMEM; ret = -1; } else { - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, namevalue, SMBC_XATTR_MODE_CHGRP, 0); } @@ -2216,7 +2219,7 @@ SMBC_removexattr_ctx(SMBCCTX *context, StrCaseCmp(name, "system.nt_sec_desc.*+") == 0) { /* Yup. */ - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0); TALLOC_FREE(frame); @@ -2236,7 +2239,7 @@ SMBC_removexattr_ctx(SMBCCTX *context, StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) { /* Yup. */ - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, CONST_DISCARD(char *, name) + 19, SMBC_XATTR_MODE_REMOVE, 0); -- cgit