From: Andreas Schneider Date: Wed, 13 Jan 2021 15:11:17 +0000 (+0100) Subject: s3:libsmb: Use cli_credentials to store traversal creds X-Git-Tag: tevent-0.11.0~715 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=84b5440eb4f3c10e2729e916d097f5af07150dcd;p=thirdparty%2Fsamba.git s3:libsmb: Use cli_credentials to store traversal creds Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett --- diff --git a/source3/include/libsmb_internal.h b/source3/include/libsmb_internal.h index 8ab427a9f63..88d0fdf8b8b 100644 --- a/source3/include/libsmb_internal.h +++ b/source3/include/libsmb_internal.h @@ -192,10 +192,9 @@ struct SMBC_internal_data { bool case_sensitive; /* - * Auth info needed for DFS traversal. + * Credentials needed for DFS traversal. */ - - struct user_auth_info *auth_info; + struct cli_credentials *creds; struct smbc_server_cache * server_cache; diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c index ea741f41c7d..23155fe263f 100644 --- a/source3/libsmb/libsmb_context.c +++ b/source3/libsmb/libsmb_context.c @@ -28,6 +28,9 @@ #include "libsmb_internal.h" #include "secrets.h" #include "../libcli/smb/smbXcli_base.h" +#include "auth/credentials/credentials.h" +#include "auth/gensec/gensec.h" +#include "lib/param/param.h" /* * Is the logging working / configfile read ? @@ -318,7 +321,7 @@ smbc_free_context(SMBCCTX *context, DEBUG(3, ("Context %p successfully freed\n", context)); /* Free any DFS auth context. */ - TALLOC_FREE(context->internal->auth_info); + TALLOC_FREE(context->internal->creds); SAFE_FREE(context->internal); SAFE_FREE(context); @@ -733,18 +736,16 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, const char *user, const char *password) { - smbc_bool use_kerberos = false; - const char *signing_state = "off"; - struct user_auth_info *auth_info = NULL; - TALLOC_CTX *frame; + struct loadparm_context *lp_ctx = NULL; + struct cli_credentials *creds = NULL; + enum credentials_use_kerberos kerberos_state = + CRED_USE_KERBEROS_DISABLED; if (! context) { return; } - frame = talloc_stackframe(); - if (! workgroup || ! *workgroup) { workgroup = smbc_getWorkgroup(context); } @@ -757,38 +758,44 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, password = ""; } - auth_info = user_auth_info_init(NULL); - - if (! auth_info) { + creds = cli_credentials_init(NULL); + if (creds == NULL) { DEBUG(0, ("smbc_set_credentials_with_fallback: allocation fail\n")); - TALLOC_FREE(frame); return; } - if (smbc_getOptionUseKerberos(context)) { - use_kerberos = True; + lp_ctx = loadparm_init_s3(creds, loadparm_s3_helpers()); + if (lp_ctx == NULL) { + TALLOC_FREE(creds); + return; } - if (lp_client_signing() != SMB_SIGNING_OFF) { - signing_state = "if_required"; - } + cli_credentials_set_conf(creds, lp_ctx); - if (lp_client_signing() == SMB_SIGNING_REQUIRED) { - signing_state = "required"; - } + if (smbc_getOptionUseKerberos(context)) { + kerberos_state = CRED_USE_KERBEROS_REQUIRED; - set_cmdline_auth_info_username(auth_info, user); - set_cmdline_auth_info_domain(auth_info, workgroup); - set_cmdline_auth_info_password(auth_info, password); - set_cmdline_auth_info_use_kerberos(auth_info, use_kerberos); - set_cmdline_auth_info_signing_state(auth_info, signing_state); - set_cmdline_auth_info_fallback_after_kerberos(auth_info, - smbc_getOptionFallbackAfterKerberos(context)); - set_cmdline_auth_info_use_ccache( - auth_info, smbc_getOptionUseCCache(context)); + if (smbc_getOptionFallbackAfterKerberos(context)) { + kerberos_state = CRED_USE_KERBEROS_DESIRED; + } + } - TALLOC_FREE(context->internal->auth_info); + cli_credentials_set_username(creds, user, CRED_SPECIFIED); + cli_credentials_set_password(creds, password, CRED_SPECIFIED); + cli_credentials_set_domain(creds, workgroup, CRED_SPECIFIED); + cli_credentials_set_kerberos_state(creds, + kerberos_state, + CRED_SPECIFIED); + if (smbc_getOptionUseCCache(context)) { + uint32_t gensec_features; + + gensec_features = cli_credentials_get_gensec_features(creds); + gensec_features |= GENSEC_FEATURE_NTLM_CCACHE; + cli_credentials_set_gensec_features(creds, + gensec_features, + CRED_SPECIFIED); + } - context->internal->auth_info = auth_info; - TALLOC_FREE(frame); + TALLOC_FREE(context->internal->creds); + context->internal->creds = creds; } diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c index 01ccd6d1523..026eababca1 100644 --- a/source3/libsmb/libsmb_dir.c +++ b/source3/libsmb/libsmb_dir.c @@ -25,7 +25,6 @@ #include "includes.h" #include "libsmb/namequery.h" #include "libsmb/libsmb.h" -#include "auth_info.h" #include "libsmbclient.h" #include "libsmb_internal.h" #include "rpc_client/cli_pipe.h" @@ -948,8 +947,7 @@ SMBC_opendir_ctx(SMBCCTX *context, return NULL; } - creds = get_cmdline_auth_info_creds( - context->internal->auth_info); + creds = context->internal->creds; status = cli_resolve_path( frame, "", @@ -1607,7 +1605,7 @@ SMBC_mkdir_ctx(SMBCCTX *context, } - creds = get_cmdline_auth_info_creds(context->internal->auth_info); + creds = context->internal->creds; /*d_printf(">>>mkdir: resolving %s\n", path);*/ status = cli_resolve_path(frame, "", @@ -1721,7 +1719,7 @@ SMBC_rmdir_ctx(SMBCCTX *context, } - creds = get_cmdline_auth_info_creds(context->internal->auth_info), + creds = context->internal->creds; /*d_printf(">>>rmdir: resolving %s\n", path);*/ status = cli_resolve_path(frame, "", @@ -2029,7 +2027,7 @@ SMBC_chmod_ctx(SMBCCTX *context, return -1; /* errno set by SMBC_server */ } - creds = get_cmdline_auth_info_creds(context->internal->auth_info); + creds = context->internal->creds; /*d_printf(">>>unlink: resolving %s\n", path);*/ status = cli_resolve_path(frame, "", @@ -2227,7 +2225,7 @@ SMBC_unlink_ctx(SMBCCTX *context, } - creds = get_cmdline_auth_info_creds(context->internal->auth_info); + creds = context->internal->creds; /*d_printf(">>>unlink: resolving %s\n", path);*/ status = cli_resolve_path(frame, "", @@ -2403,7 +2401,7 @@ SMBC_rename_ctx(SMBCCTX *ocontext, password1); /*d_printf(">>>rename: resolving %s\n", path1);*/ - ocreds = get_cmdline_auth_info_creds(ocontext->internal->auth_info); + ocreds = ocontext->internal->creds; status = cli_resolve_path(frame, "", ocreds, @@ -2423,7 +2421,7 @@ SMBC_rename_ctx(SMBCCTX *ocontext, /*d_printf(">>>rename: resolved path as %s\n", targetpath1);*/ /*d_printf(">>>rename: resolving %s\n", path2);*/ - ncreds = get_cmdline_auth_info_creds(ncontext->internal->auth_info); + ncreds = ncontext->internal->creds; status = cli_resolve_path(frame, "", ncreds, diff --git a/source3/libsmb/libsmb_file.c b/source3/libsmb/libsmb_file.c index a44925e0e0e..e9db36e00da 100644 --- a/source3/libsmb/libsmb_file.c +++ b/source3/libsmb/libsmb_file.c @@ -114,8 +114,7 @@ SMBC_open_ctx(SMBCCTX *context, ZERO_STRUCTP(file); - creds = get_cmdline_auth_info_creds( - context->internal->auth_info); + creds = context->internal->creds; /*d_printf(">>>open: resolving %s\n", path);*/ status = cli_resolve_path( frame, "", @@ -496,7 +495,7 @@ SMBC_getatr(SMBCCTX * context, } DEBUG(4,("SMBC_getatr: sending qpathinfo\n")); - creds = get_cmdline_auth_info_creds(context->internal->auth_info); + creds = context->internal->creds; status = cli_resolve_path(frame, "", creds, diff --git a/source3/libsmb/libsmb_stat.c b/source3/libsmb/libsmb_stat.c index 136f3dddcc9..32c67b048c7 100644 --- a/source3/libsmb/libsmb_stat.c +++ b/source3/libsmb/libsmb_stat.c @@ -292,7 +292,7 @@ SMBC_fstat_ctx(SMBCCTX *context, return -1; } - creds = get_cmdline_auth_info_creds(context->internal->auth_info); + creds = context->internal->creds; /*d_printf(">>>fstat: resolving %s\n", path);*/ status = cli_resolve_path(frame, "", diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c index 9a3a1210ea1..c53093d8ff7 100644 --- a/source3/libsmb/libsmb_xattr.c +++ b/source3/libsmb/libsmb_xattr.c @@ -866,8 +866,7 @@ cacl_get(SMBCCTX *context, /* Point to the portion after "system.nt_sec_desc." */ name += 19; /* if (all) this will be invalid but unused */ - creds = get_cmdline_auth_info_creds( - context->internal->auth_info); + creds = context->internal->creds; status = cli_resolve_path( ctx, "", @@ -1546,7 +1545,7 @@ cacl_set(SMBCCTX *context, return -1; } - creds = get_cmdline_auth_info_creds(context->internal->auth_info); + creds = context->internal->creds; status = cli_resolve_path(ctx, "", creds, diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h index dfa0969b309..e560e6697b8 100644 --- a/source3/libsmb/proto.h +++ b/source3/libsmb/proto.h @@ -26,8 +26,6 @@ #ifndef _LIBSMB_PROTO_H_ #define _LIBSMB_PROTO_H_ -#include "auth_info.h" - struct smb_trans_enc_state; struct cli_credentials; struct cli_state; diff --git a/source3/wscript_build b/source3/wscript_build index 67569c0dbe5..66a816a9ef1 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -464,7 +464,6 @@ bld.SAMBA3_LIBRARY('libsmb', NDR_IOCTL NDR_QUOTA cli_smb_common - util_cmdline tevent ''', private_library=True)