]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
s3:libsmb: Use cli_credentials to store traversal creds
authorAndreas Schneider <asn@samba.org>
Wed, 13 Jan 2021 15:11:17 +0000 (16:11 +0100)
committerAndrew Bartlett <abartlet@samba.org>
Fri, 28 May 2021 02:55:31 +0000 (02:55 +0000)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source3/include/libsmb_internal.h
source3/libsmb/libsmb_context.c
source3/libsmb/libsmb_dir.c
source3/libsmb/libsmb_file.c
source3/libsmb/libsmb_stat.c
source3/libsmb/libsmb_xattr.c
source3/libsmb/proto.h
source3/wscript_build

index 8ab427a9f63b52757f043cb8905b99820d709105..88d0fdf8b8ba023ffa2544c5a4edcdd072bb03cc 100644 (file)
@@ -192,10 +192,9 @@ struct SMBC_internal_data {
         bool                                    case_sensitive;
 
        /*
-        * Auth info needed for DFS traversal.
+        * Credentials needed for DFS traversal.
         */
-
-       struct user_auth_info                   *auth_info;
+       struct cli_credentials *creds;
 
         struct smbc_server_cache * server_cache;
 
index ea741f41c7d25bb7e8e6e3ad2f2e7acd93941082..23155fe263fe1f375366e6a55b6a695c98501fae 100644 (file)
@@ -28,6 +28,9 @@
 #include "libsmb_internal.h"
 #include "secrets.h"
 #include "../libcli/smb/smbXcli_base.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "lib/param/param.h"
 
 /*
  * Is the logging working / configfile read ?
@@ -318,7 +321,7 @@ smbc_free_context(SMBCCTX *context,
         DEBUG(3, ("Context %p successfully freed\n", context));
 
        /* Free any DFS auth context. */
-       TALLOC_FREE(context->internal->auth_info);
+       TALLOC_FREE(context->internal->creds);
 
        SAFE_FREE(context->internal);
         SAFE_FREE(context);
@@ -733,18 +736,16 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context,
                                        const char *user,
                                        const char *password)
 {
-       smbc_bool use_kerberos = false;
-       const char *signing_state = "off";
-       struct user_auth_info *auth_info = NULL;
-       TALLOC_CTX *frame;
+       struct loadparm_context *lp_ctx = NULL;
+       struct cli_credentials *creds = NULL;
+       enum credentials_use_kerberos kerberos_state =
+               CRED_USE_KERBEROS_DISABLED;
 
        if (! context) {
 
                return;
        }
 
-       frame = talloc_stackframe();
-
        if (! workgroup || ! *workgroup) {
                workgroup = smbc_getWorkgroup(context);
        }
@@ -757,38 +758,44 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context,
                password = "";
        }
 
-       auth_info = user_auth_info_init(NULL);
-
-       if (! auth_info) {
+       creds = cli_credentials_init(NULL);
+       if (creds == NULL) {
                DEBUG(0, ("smbc_set_credentials_with_fallback: allocation fail\n"));
-               TALLOC_FREE(frame);
                return;
        }
 
-       if (smbc_getOptionUseKerberos(context)) {
-               use_kerberos = True;
+       lp_ctx = loadparm_init_s3(creds, loadparm_s3_helpers());
+       if (lp_ctx == NULL) {
+               TALLOC_FREE(creds);
+               return;
        }
 
-       if (lp_client_signing() != SMB_SIGNING_OFF) {
-               signing_state = "if_required";
-       }
+       cli_credentials_set_conf(creds, lp_ctx);
 
-       if (lp_client_signing() == SMB_SIGNING_REQUIRED) {
-               signing_state = "required";
-       }
+       if (smbc_getOptionUseKerberos(context)) {
+               kerberos_state = CRED_USE_KERBEROS_REQUIRED;
 
-        set_cmdline_auth_info_username(auth_info, user);
-        set_cmdline_auth_info_domain(auth_info, workgroup);
-        set_cmdline_auth_info_password(auth_info, password);
-        set_cmdline_auth_info_use_kerberos(auth_info, use_kerberos);
-        set_cmdline_auth_info_signing_state(auth_info, signing_state);
-       set_cmdline_auth_info_fallback_after_kerberos(auth_info,
-               smbc_getOptionFallbackAfterKerberos(context));
-       set_cmdline_auth_info_use_ccache(
-               auth_info, smbc_getOptionUseCCache(context));
+               if (smbc_getOptionFallbackAfterKerberos(context)) {
+                       kerberos_state = CRED_USE_KERBEROS_DESIRED;
+               }
+       }
 
-       TALLOC_FREE(context->internal->auth_info);
+       cli_credentials_set_username(creds, user, CRED_SPECIFIED);
+       cli_credentials_set_password(creds, password, CRED_SPECIFIED);
+       cli_credentials_set_domain(creds, workgroup, CRED_SPECIFIED);
+       cli_credentials_set_kerberos_state(creds,
+                                          kerberos_state,
+                                          CRED_SPECIFIED);
+       if (smbc_getOptionUseCCache(context)) {
+               uint32_t gensec_features;
+
+               gensec_features = cli_credentials_get_gensec_features(creds);
+               gensec_features |= GENSEC_FEATURE_NTLM_CCACHE;
+               cli_credentials_set_gensec_features(creds,
+                                                   gensec_features,
+                                                   CRED_SPECIFIED);
+       }
 
-        context->internal->auth_info = auth_info;
-       TALLOC_FREE(frame);
+       TALLOC_FREE(context->internal->creds);
+       context->internal->creds = creds;
 }
index 01ccd6d1523c1deb5e8c9458aabe22047a8701fd..026eababca1d3e85f91f511902a84de67b33bae2 100644 (file)
@@ -25,7 +25,6 @@
 #include "includes.h"
 #include "libsmb/namequery.h"
 #include "libsmb/libsmb.h"
-#include "auth_info.h"
 #include "libsmbclient.h"
 #include "libsmb_internal.h"
 #include "rpc_client/cli_pipe.h"
@@ -948,8 +947,7 @@ SMBC_opendir_ctx(SMBCCTX *context,
                                return NULL;
                        }
 
-                       creds = get_cmdline_auth_info_creds(
-                                       context->internal->auth_info);
+                       creds = context->internal->creds;
 
                        status = cli_resolve_path(
                                frame, "",
@@ -1607,7 +1605,7 @@ SMBC_mkdir_ctx(SMBCCTX *context,
 
        }
 
-       creds = get_cmdline_auth_info_creds(context->internal->auth_info);
+       creds = context->internal->creds;
 
        /*d_printf(">>>mkdir: resolving %s\n", path);*/
        status = cli_resolve_path(frame, "",
@@ -1721,7 +1719,7 @@ SMBC_rmdir_ctx(SMBCCTX *context,
 
        }
 
-       creds = get_cmdline_auth_info_creds(context->internal->auth_info),
+       creds = context->internal->creds;
 
        /*d_printf(">>>rmdir: resolving %s\n", path);*/
        status = cli_resolve_path(frame, "",
@@ -2029,7 +2027,7 @@ SMBC_chmod_ctx(SMBCCTX *context,
                return -1;  /* errno set by SMBC_server */
        }
        
-       creds = get_cmdline_auth_info_creds(context->internal->auth_info);
+       creds = context->internal->creds;
 
        /*d_printf(">>>unlink: resolving %s\n", path);*/
        status = cli_resolve_path(frame, "",
@@ -2227,7 +2225,7 @@ SMBC_unlink_ctx(SMBCCTX *context,
 
        }
 
-       creds = get_cmdline_auth_info_creds(context->internal->auth_info);
+       creds = context->internal->creds;
 
        /*d_printf(">>>unlink: resolving %s\n", path);*/
        status = cli_resolve_path(frame, "",
@@ -2403,7 +2401,7 @@ SMBC_rename_ctx(SMBCCTX *ocontext,
                                           password1);
 
        /*d_printf(">>>rename: resolving %s\n", path1);*/
-       ocreds = get_cmdline_auth_info_creds(ocontext->internal->auth_info);
+       ocreds = ocontext->internal->creds;
 
        status = cli_resolve_path(frame, "",
                                  ocreds,
@@ -2423,7 +2421,7 @@ SMBC_rename_ctx(SMBCCTX *ocontext,
        
        /*d_printf(">>>rename: resolved path as %s\n", targetpath1);*/
        /*d_printf(">>>rename: resolving %s\n", path2);*/
-       ncreds = get_cmdline_auth_info_creds(ncontext->internal->auth_info);
+       ncreds = ncontext->internal->creds;
 
        status = cli_resolve_path(frame, "",
                                  ncreds,
index a44925e0e0efd0685fcfcba0369018b3b12f9c76..e9db36e00da9bff9c69dd76338e543e03ae2731f 100644 (file)
@@ -114,8 +114,7 @@ SMBC_open_ctx(SMBCCTX *context,
 
                ZERO_STRUCTP(file);
 
-               creds = get_cmdline_auth_info_creds(
-                                               context->internal->auth_info);
+               creds = context->internal->creds;
                /*d_printf(">>>open: resolving %s\n", path);*/
                status = cli_resolve_path(
                        frame, "",
@@ -496,7 +495,7 @@ SMBC_getatr(SMBCCTX * context,
        }
        DEBUG(4,("SMBC_getatr: sending qpathinfo\n"));
 
-       creds = get_cmdline_auth_info_creds(context->internal->auth_info);
+       creds = context->internal->creds;
 
        status = cli_resolve_path(frame, "",
                                  creds,
index 136f3dddcc93e10771299f1a2bbcab5eaefc1b4c..32c67b048c7439d51a68fc0ef92d135fef19ea13 100644 (file)
@@ -292,7 +292,7 @@ SMBC_fstat_ctx(SMBCCTX *context,
                 return -1;
         }
 
-       creds = get_cmdline_auth_info_creds(context->internal->auth_info);
+       creds = context->internal->creds;
 
        /*d_printf(">>>fstat: resolving %s\n", path);*/
        status = cli_resolve_path(frame, "",
index 9a3a1210ea159496d5ca5edca0ab54fc03fc51a5..c53093d8ff74223536a5a310d13222ab3643967a 100644 (file)
@@ -866,8 +866,7 @@ cacl_get(SMBCCTX *context,
                 /* Point to the portion after "system.nt_sec_desc." */
                 name += 19;     /* if (all) this will be invalid but unused */
 
-               creds = get_cmdline_auth_info_creds(
-                               context->internal->auth_info);
+               creds = context->internal->creds;
 
                status = cli_resolve_path(
                        ctx, "",
@@ -1546,7 +1545,7 @@ cacl_set(SMBCCTX *context,
                return -1;
        }
 
-       creds = get_cmdline_auth_info_creds(context->internal->auth_info);
+       creds = context->internal->creds;
 
        status = cli_resolve_path(ctx, "",
                                  creds,
index dfa0969b3096515dcd113531922c6bee331774f7..e560e6697b83343d65b59cea4b915fb8b4795ba7 100644 (file)
@@ -26,8 +26,6 @@
 #ifndef _LIBSMB_PROTO_H_
 #define _LIBSMB_PROTO_H_
 
-#include "auth_info.h"
-
 struct smb_trans_enc_state;
 struct cli_credentials;
 struct cli_state;
index 67569c0dbe50a6646992e7b26db60171f36cc4ab..66a816a9ef151219982b1715f0323a921578632c 100644 (file)
@@ -464,7 +464,6 @@ bld.SAMBA3_LIBRARY('libsmb',
                         NDR_IOCTL
                        NDR_QUOTA
                         cli_smb_common
-                        util_cmdline
                         tevent
                         ''',
                    private_library=True)