The branch, master has been updated via f758706 build: Add exceptions for callcatcher unused function detection via fb54ba1 wintest: Update Win2003 VM via 674278d auth/kerberos: Move gse_get_session_key() to common code and use in gensec_gssapi via a315350 s3-gse: Allow kerberos key type OID to be optional via 6088f44 s3-gse: Fix OID to read for kerberos key type via 05cf2d4 s3-librpc: Remove backup declaration of GSS_C_DCE_STYLE via 9eb8f07 s3-gse: Remove unused OID declaration via 071f3c1 wintest: give host longer to register the SRV record via a7569b6 wintest: use net rpc to put authenticated users into TelentClients if we need to via 111f8f4 wintest: Allow Windows VM to have no default route from ed85e9f Replace smbd_server_connection_loop_once() with tevent_loop_once() directly.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit f758706bd93c88f1bd2510b5552260e8fdce5d96 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 17 15:42:25 2012 +1100 build: Add exceptions for callcatcher unused function detection Autobuild-User: Andrew Bartlett <abart...@samba.org> Autobuild-Date: Fri Feb 17 09:12:47 CET 2012 on sn-devel-104 commit fb54ba193bbeca6abee5c07e1626da2e1ad7773c Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 17 13:43:12 2012 +1100 wintest: Update Win2003 VM commit 674278d5b0d68e96d68f7beab2289a502efa6bc4 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 17 13:36:35 2012 +1100 auth/kerberos: Move gse_get_session_key() to common code and use in gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett commit a315350341d7090402fe8fe2991d18fa530d2398 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 17 12:35:14 2012 +1100 s3-gse: Allow kerberos key type OID to be optional commit 6088f44ed7830691c75846caccf63fcd810436c4 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 17 12:30:55 2012 +1100 s3-gse: Fix OID to read for kerberos key type commit 05cf2d41cc16cf0ebd3605028a1723102449ccc3 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 17 12:04:19 2012 +1100 s3-librpc: Remove backup declaration of GSS_C_DCE_STYLE All our supported krb5 libs provide this. Andrew Bartlett commit 9eb8f07fc42f7f4ee8685ce020b34838ace078b1 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 17 12:00:56 2012 +1100 s3-gse: Remove unused OID declaration commit 071f3c15f265aba43b2bd4ec3c06766f2891530d Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 17 11:27:29 2012 +1100 wintest: give host longer to register the SRV record commit a7569b68f96ca6f70e9e580e7067a31a411a3de3 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 17 11:27:02 2012 +1100 wintest: use net rpc to put authenticated users into TelentClients if we need to commit 111f8f4a7c86951c49dbc0f4c030d3a83d82b060 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 17 11:26:23 2012 +1100 wintest: Allow Windows VM to have no default route ----------------------------------------------------------------------- Summary of changes: auth/kerberos/gssapi_pac.c | 113 ++++++++++++++++++++++++++++++++ callcatcher-exceptions.grep | 22 ++++++ libcli/auth/krb5_wrap.h | 17 +++++ source3/include/smb_krb5.h | 12 ---- source3/librpc/crypto/gse.c | 122 +---------------------------------- source4/auth/gensec/gensec_gssapi.c | 55 ++++++--------- wintest/conf/abartlet.conf | 8 +- wintest/wintest.py | 22 +++++- 8 files changed, 199 insertions(+), 172 deletions(-) create mode 100644 callcatcher-exceptions.grep Changeset truncated at 500 lines: diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c index 70bc9e5..d0de11e 100644 --- a/auth/kerberos/gssapi_pac.c +++ b/auth/kerberos/gssapi_pac.c @@ -22,6 +22,7 @@ #ifdef HAVE_KRB5 #include "libcli/auth/krb5_wrap.h" +#include "lib/util/asn1.h" #if 0 /* FIXME - need proper configure/waf test @@ -47,6 +48,26 @@ const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+1; const gss_OID_desc * const gss_mech_krb5_wrong = krb5_gss_oid_array+2; #endif +#ifndef GSS_KRB5_INQ_SSPI_SESSION_KEY_OID +#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11 +#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" +#endif + +gss_OID_desc gse_sesskey_inq_oid = { + GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH, + (void *)GSS_KRB5_INQ_SSPI_SESSION_KEY_OID +}; + +#ifndef GSS_KRB5_SESSION_KEY_ENCTYPE_OID +#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH 10 +#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04" +#endif + +gss_OID_desc gse_sesskeytype_oid = { + GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH, + (void *)GSS_KRB5_SESSION_KEY_ENCTYPE_OID +}; + /* The Heimdal OID for getting the PAC */ #define EXTRACT_PAC_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 8 /* EXTRACTION OID AUTHZ ID */ @@ -149,4 +170,96 @@ NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx, #endif return NT_STATUS_ACCESS_DENIED; } + +NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, + gss_ctx_id_t gssapi_context, + DATA_BLOB *session_key, + uint32_t *keytype) +{ + OM_uint32 gss_min, gss_maj; + gss_buffer_set_t set = GSS_C_NO_BUFFER_SET; + + gss_maj = gss_inquire_sec_context_by_oid( + &gss_min, gssapi_context, + &gse_sesskey_inq_oid, &set); + if (gss_maj) { + DEBUG(0, ("gss_inquire_sec_context_by_oid failed [%s]\n", + gssapi_error_string(mem_ctx, gss_maj, gss_min, gss_mech_krb5))); + return NT_STATUS_NO_USER_SESSION_KEY; + } + + if ((set == GSS_C_NO_BUFFER_SET) || + (set->count == 0)) { +#ifdef HAVE_GSSKRB5_GET_SUBKEY + krb5_keyblock *subkey; + gss_maj = gsskrb5_get_subkey(&gss_min, + gssapi_context, + &subkey); + if (gss_maj != 0) { + DEBUG(1, ("NO session key for this mech\n")); + return NT_STATUS_NO_USER_SESSION_KEY; + } + if (session_key) { + *session_key = data_blob_talloc(mem_ctx, + KRB5_KEY_DATA(subkey), KRB5_KEY_LENGTH(subkey)); + } + if (keytype) { + *keytype = KRB5_KEY_TYPE(subkey); + } + krb5_free_keyblock(NULL /* should be krb5_context */, subkey); + return NT_STATUS_OK; +#else + DEBUG(0, ("gss_inquire_sec_context_by_oid returned unknown " + "OID for data in results:\n")); + dump_data(1, (uint8_t *)set->elements[1].value, + set->elements[1].length); + return NT_STATUS_NO_USER_SESSION_KEY; +#endif + } + + if (session_key) { + *session_key = data_blob_talloc(mem_ctx, set->elements[0].value, + set->elements[0].length); + } + + if (keytype) { + char *oid; + char *p, *q = NULL; + + if (set->count < 2 + || memcmp(set->elements[1].value, + gse_sesskeytype_oid.elements, + gse_sesskeytype_oid.length) != 0) { + /* Perhaps a non-krb5 session key */ + *keytype = 0; + gss_maj = gss_release_buffer_set(&gss_min, &set); + return NT_STATUS_OK; + } + if (!ber_read_OID_String(mem_ctx, + data_blob_const(set->elements[1].value, + set->elements[1].length), &oid)) { + TALLOC_FREE(oid); + gss_maj = gss_release_buffer_set(&gss_min, &set); + return NT_STATUS_INVALID_PARAMETER; + } + p = strrchr(oid, '.'); + if (!p) { + TALLOC_FREE(oid); + gss_maj = gss_release_buffer_set(&gss_min, &set); + return NT_STATUS_INVALID_PARAMETER; + } else { + p++; + *keytype = strtoul(p, &q, 10); + if (q == NULL || *q != '\0') { + TALLOC_FREE(oid); + return NT_STATUS_INVALID_PARAMETER; + } + } + TALLOC_FREE(oid); + } + + gss_maj = gss_release_buffer_set(&gss_min, &set); + return NT_STATUS_OK; +} + #endif diff --git a/callcatcher-exceptions.grep b/callcatcher-exceptions.grep new file mode 100644 index 0000000..674e7ec --- /dev/null +++ b/callcatcher-exceptions.grep @@ -0,0 +1,22 @@ +^_nss_ +^_gss +^_krb5_ +^krb5_ +^ndr_ +^copy_ +^dcerpc +^_hx509 +^hx509 +^decode_ +^encode_ +^length_ +^hdb_ +^hc_ +2int$ +^init +^int2 +^asn1_ +^der_ +^mp_ +^rk_ +^tdr_ diff --git a/libcli/auth/krb5_wrap.h b/libcli/auth/krb5_wrap.h index 814c427..01ea6ac 100644 --- a/libcli/auth/krb5_wrap.h +++ b/libcli/auth/krb5_wrap.h @@ -24,6 +24,18 @@ struct PAC_SIGNATURE_DATA; struct PAC_DATA; +#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ +#define KRB5_KEY_TYPE(k) ((k)->keytype) +#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) +#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) +#define KRB5_KEY_DATA_CAST void +#else /* MIT */ +#define KRB5_KEY_TYPE(k) ((k)->enctype) +#define KRB5_KEY_LENGTH(k) ((k)->length) +#define KRB5_KEY_DATA(k) ((k)->contents) +#define KRB5_KEY_DATA_CAST krb5_octet +#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ + int create_kerberos_key_from_string_direct(krb5_context context, krb5_principal host_princ, krb5_data *password, @@ -76,6 +88,11 @@ NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx, gss_ctx_id_t gssapi_context, gss_name_t gss_client_name, DATA_BLOB *pac_data); +NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, + gss_ctx_id_t gssapi_context, + DATA_BLOB *session_key, + uint32_t *keytype); + DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2]); bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2]); diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h index bc9996c..1526525 100644 --- a/source3/include/smb_krb5.h +++ b/source3/include/smb_krb5.h @@ -66,18 +66,6 @@ typedef struct { #endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */ } smb_krb5_addresses; -#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ -#define KRB5_KEY_TYPE(k) ((k)->keytype) -#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) -#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) -#define KRB5_KEY_DATA_CAST void -#else /* MIT */ -#define KRB5_KEY_TYPE(k) ((k)->enctype) -#define KRB5_KEY_LENGTH(k) ((k)->length) -#define KRB5_KEY_DATA(k) ((k)->contents) -#define KRB5_KEY_DATA_CAST krb5_octet -#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ - #ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ #define KRB5_KT_KEY(k) (&(k)->key) #elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index fba2c2f..1ce3761 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -35,39 +35,6 @@ #include "smb_krb5.h" #include "gse_krb5.h" -#ifndef GSS_C_DCE_STYLE -#define GSS_C_DCE_STYLE 0x1000 -#endif - -#ifndef GSS_KRB5_INQ_SSPI_SESSION_KEY_OID -#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11 -#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" -#endif - -gss_OID_desc gse_sesskey_inq_oid = { - GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH, - (void *)GSS_KRB5_INQ_SSPI_SESSION_KEY_OID -}; - -#ifndef GSS_KRB5_SESSION_KEY_ENCTYPE_OID -#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH 10 -#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04" -#endif - -gss_OID_desc gse_sesskeytype_oid = { - GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH, - (void *)GSS_KRB5_SESSION_KEY_ENCTYPE_OID -}; - -#define GSE_EXTRACT_RELEVANT_AUTHZ_DATA_OID_LENGTH 12 -/* EXTRACTION OID AUTHZ ID */ -#define GSE_EXTRACT_RELEVANT_AUTHZ_DATA_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0a" "\x01" - -gss_OID_desc gse_authz_data_oid = { - GSE_EXTRACT_RELEVANT_AUTHZ_DATA_OID_LENGTH, - (void *)GSE_EXTRACT_RELEVANT_AUTHZ_DATA_OID -}; - static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min); struct gse_context { @@ -576,89 +543,6 @@ done: return errstr; } -static NTSTATUS gse_get_session_key(TALLOC_CTX *mem_ctx, - struct gse_context *gse_ctx, - DATA_BLOB *session_key, - uint32_t *keytype) -{ - OM_uint32 gss_min, gss_maj; - gss_buffer_set_t set = GSS_C_NO_BUFFER_SET; - - gss_maj = gss_inquire_sec_context_by_oid( - &gss_min, gse_ctx->gssapi_context, - &gse_sesskey_inq_oid, &set); - if (gss_maj) { - DEBUG(0, ("gss_inquire_sec_context_by_oid failed [%s]\n", - gse_errstr(talloc_tos(), gss_maj, gss_min))); - return NT_STATUS_NO_USER_SESSION_KEY; - } - - if ((set == GSS_C_NO_BUFFER_SET) || - (set->count != 2) || - (memcmp(set->elements[1].value, - gse_sesskeytype_oid.elements, - gse_sesskeytype_oid.length) != 0)) { -#ifdef HAVE_GSSKRB5_GET_SUBKEY - krb5_keyblock *subkey; - gss_maj = gsskrb5_get_subkey(&gss_min, - gse_ctx->gssapi_context, - &subkey); - if (gss_maj != 0) { - DEBUG(1, ("NO session key for this mech\n")); - return NT_STATUS_NO_USER_SESSION_KEY; - } - if (session_key) { - *session_key = data_blob_talloc(mem_ctx, - KRB5_KEY_DATA(subkey), KRB5_KEY_LENGTH(subkey)); - } - if (keytype) { - *keytype = KRB5_KEY_TYPE(subkey); - } - krb5_free_keyblock(NULL /* should be krb5_context */, subkey); - return NT_STATUS_OK; -#else - DEBUG(0, ("gss_inquire_sec_context_by_oid returned unknown " - "OID for data in results:\n")); - dump_data(1, (uint8_t *)set->elements[1].value, - set->elements[1].length); - return NT_STATUS_NO_USER_SESSION_KEY; -#endif - } - - if (session_key) { - *session_key = data_blob_talloc(mem_ctx, set->elements[0].value, - set->elements[0].length); - } - - if (keytype) { - char *oid; - char *p, *q = NULL; - if (!ber_read_OID_String(talloc_tos(), - data_blob_const(set->elements[0].value, - set->elements[0].length), &oid)) { - TALLOC_FREE(oid); - gss_maj = gss_release_buffer_set(&gss_min, &set); - return NT_STATUS_INVALID_PARAMETER; - } - p = strrchr(oid, '.'); - if (!p) { - TALLOC_FREE(oid); - gss_maj = gss_release_buffer_set(&gss_min, &set); - return NT_STATUS_INVALID_PARAMETER; - } else { - p++; - *keytype = strtoul(p, &q, 10); - if (q == NULL || *q != '\0') { - return NT_STATUS_INVALID_PARAMETER; - } - } - TALLOC_FREE(oid); - } - - gss_maj = gss_release_buffer_set(&gss_min, &set); - return NT_STATUS_OK; -} - static size_t gse_get_signature_length(struct gse_context *gse_ctx, bool seal, size_t payload_size) { @@ -1131,8 +1015,8 @@ static bool gensec_gse_have_feature(struct gensec_security *gensec_security, return false; } - status = gse_get_session_key(talloc_tos(), - gse_ctx, NULL, &keytype); + status = gssapi_get_session_key(talloc_tos(), + gse_ctx->gssapi_context, NULL, &keytype); /* * We should do a proper sig on the mechListMic unless * we know we have to be backwards compatible with @@ -1174,7 +1058,7 @@ static NTSTATUS gensec_gse_session_key(struct gensec_security *gensec_security, talloc_get_type_abort(gensec_security->private_data, struct gse_context); - return gse_get_session_key(mem_ctx, gse_ctx, session_key, NULL); + return gssapi_get_session_key(mem_ctx, gse_ctx->gssapi_context, session_key, NULL); } /* Get some basic (and authorization) information about the user on diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 7f504c5..b2729a9 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -1229,6 +1229,7 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security, } if (feature & GENSEC_FEATURE_NEW_SPNEGO) { NTSTATUS status; + uint32_t keytype; if (!(gensec_gssapi_state->gss_got_flags & GSS_C_INTEG_FLAG)) { return false; @@ -1241,16 +1242,27 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security, return false; } - status = gensec_gssapi_init_lucid(gensec_gssapi_state); - if (!NT_STATUS_IS_OK(status)) { - return false; - } - - if (gensec_gssapi_state->lucid->protocol == 1) { - return true; + status = gssapi_get_session_key(gensec_gssapi_state, + gensec_gssapi_state->gssapi_context, NULL, &keytype); + /* + * We should do a proper sig on the mechListMic unless + * we know we have to be backwards compatible with + * earlier windows versions. + * + * Negotiating a non-krb5 + * mech for example should be regarded as having + * NEW_SPNEGO + */ + if (NT_STATUS_IS_OK(status)) { + switch (keytype) { + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD5: + case ENCTYPE_ARCFOUR_HMAC: + case ENCTYPE_DES3_CBC_SHA1: + return false; + } } - - return false; + return true; } /* We can always do async (rather than strict request/reply) packets. */ if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { @@ -1271,30 +1283,7 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit { struct gensec_gssapi_state *gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state); - OM_uint32 maj_stat, min_stat; - krb5_keyblock *subkey; - - if (gensec_gssapi_state->sasl_state != STAGE_DONE) { - return NT_STATUS_NO_USER_SESSION_KEY; - } - - maj_stat = gsskrb5_get_subkey(&min_stat, - gensec_gssapi_state->gssapi_context, - &subkey); - if (maj_stat != 0) { - DEBUG(1, ("NO session key for this mech\n")); - return NT_STATUS_NO_USER_SESSION_KEY; - } - - DEBUG(10, ("Got KRB5 session key of length %d%s\n", - (int)KRB5_KEY_LENGTH(subkey), - (gensec_gssapi_state->sasl_state == STAGE_DONE)?" (done)":"")); - *session_key = data_blob_talloc(mem_ctx, - KRB5_KEY_DATA(subkey), KRB5_KEY_LENGTH(subkey)); - krb5_free_keyblock(gensec_gssapi_state->smb_krb5_context->krb5_context, subkey); - dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length); - - return NT_STATUS_OK; + return gssapi_get_session_key(mem_ctx, gensec_gssapi_state->gssapi_context, session_key, NULL); } /* Get some basic (and authorization) information about the user on diff --git a/wintest/conf/abartlet.conf b/wintest/conf/abartlet.conf index 344ff17..d182f2c 100644 --- a/wintest/conf/abartlet.conf +++ b/wintest/conf/abartlet.conf @@ -89,10 +89,10 @@ W2K3B_SNAPSHOT : 1297901376 W2K3B_IP : 192.168.122.155 # this w2k3 VM will become a member in the samba domain -W2K3C_HOSTNAME : Win2003-1 -W2K3C_VM : Win2003-1 +W2K3C_HOSTNAME : Win2003R2-3 +W2K3C_VM : Win2003R2-3 W2K3C_PASS : penguin -W2K3C_SNAPSHOT : 1314652223 -W2K3C_IP : 192.168.122.38 +W2K3C_SNAPSHOT : 1329451062 +W2K3C_IP : 192.168.122.162 diff --git a/wintest/wintest.py b/wintest/wintest.py index da65732..c35710a 100644 --- a/wintest/wintest.py +++ b/wintest/wintest.py @@ -545,9 +545,10 @@ options { child.expect('\d+.\d+.\d+.\d+') self.setvar('WIN_SUBNET_MASK', child.after) child.expect('Default Gateway') - child.expect('\d+.\d+.\d+.\d+') - self.setvar('WIN_DEFAULT_GATEWAY', child.after) - child.expect("C:") + i = child.expect(['\d+.\d+.\d+.\d+', "C:"]) + if i == 0: + self.setvar('WIN_DEFAULT_GATEWAY', child.after) + child.expect("C:") def get_is_dc(self, child): '''check if a windows machine is a domain controller''' @@ -657,6 +658,7 @@ options { '''open a telnet connection to a windows server, return the pexpect child''' set_route = False set_dns = False + set_telnetclients = True if self.getvar('WIN_IP'): -- Samba Shared Repository