The branch, master has been updated
via 8d0392f Add documentation for the new internal command timeout to
smbclient.
via f7dc59b Add documentation for the new -t <timeout> parameter in
smbclient.
via 4044e2b Fix the documentation of --encrypt to explain SMB3
encryption for smbclient.
via 90566fd Fix the documentation of the iosize command to explain the
new zero default for smbclient.
via 659f5fe Fix the documentation for --send-buffersize for the new
default value of zero for smbclient.
via 252a6b6 Expand on the documentation of -m max-protocol for SMB2/3
for smbclient.
via 5b60d95 Add "-e" encrypt transport command line option
documentation for smbcacls.
via 646ed68 Add "max protocol" command line documentation for smbcacls.
via d9c88a5 Add new "timeout" command and -t option to smbclient to set
the per-operation timeout.
via 81e1058 As SMB3 has transport level encryption, allow smbclient -e
to force encryted SMB3 transport.
via 25521c9 Remove restrictions on setting iosize inside smbclient for
SMB2 connections.
from 6e82f70 Fix bug #10100 - rpcclient crashes when sending the
'netshareenum 502' command
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8d0392f9f7973e72a6082d66f81180d19eb0a56f
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 16:57:34 2013 -0700
Add documentation for the new internal command timeout to smbclient.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
Autobuild-User(master): Michael Adam <ob...@samba.org>
Autobuild-Date(master): Wed Aug 21 19:24:06 CEST 2013 on sn-devel-104
commit f7dc59b3ad293105756433ef52c67e195eb49361
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 16:56:22 2013 -0700
Add documentation for the new -t <timeout> parameter in smbclient.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 4044e2beb7145afb261c98e100574e4e842e1b9e
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 16:53:45 2013 -0700
Fix the documentation of --encrypt to explain SMB3 encryption for smbclient.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 90566fd0deb8768acc96b0a0bc573183c4db20ef
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 16:49:41 2013 -0700
Fix the documentation of the iosize command to explain the new zero default
for smbclient.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 659f5fecd69fb240c1a2ea385584c22d00476b59
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 16:48:18 2013 -0700
Fix the documentation for --send-buffersize for the new default value of
zero for smbclient.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 252a6b6d8a27f4b8be61c6b091318ddb76776471
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 16:47:13 2013 -0700
Expand on the documentation of -m max-protocol for SMB2/3 for smbclient.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 5b60d95abc767131b97151f03d7f668c81e728cb
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 16:45:26 2013 -0700
Add "-e" encrypt transport command line option documentation for smbcacls.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 646ed6884c91cde7c9aec6fdb1a25d0e6a0898d0
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 16:44:14 2013 -0700
Add "max protocol" command line documentation for smbcacls.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit d9c88a56dc451be09e8c9fc9aa8857e312fcb444
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 13:49:39 2013 -0700
Add new "timeout" command and -t option to smbclient to set the
per-operation timeout.
This is needed as once SMB3 encryption is selected the server
response time can be very slow when requesting large numbers
(256) of large encrypted packets (1MB) from a Windows 2012
virtual machine. This allows clients to tune their allowable
wait time.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 81e1058e20bcfc1efab2b39dd7642d8dbbe0cb3b
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 10:44:34 2013 -0700
As SMB3 has transport level encryption, allow smbclient -e to force
encryted SMB3 transport.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 25521c90859de0651216c459273b2ffd916ee299
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 16 11:45:43 2013 -0700
Remove restrictions on setting iosize inside smbclient for SMB2 connections.
Also remove the SMB1 restriction to minimum iosize of 16384 (0x4000):
Now values >= 0 and <= 0xFFFF00 can be set for SMB1, 0 meaning server
defined behaviour. 0 is the new default for iosize, both for SMB1 and SMB2.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/smbcacls.1.xml | 27 +++++++++++++
docs-xml/manpages/smbclient.1.xml | 77 ++++++++++++++++++++++++++++---------
libcli/smb/smbXcli_base.c | 21 ++++++++++
libcli/smb/smbXcli_base.h | 1 +
source3/client/client.c | 75 ++++++++++++++++++++++++++++--------
source3/libsmb/clidfs.c | 18 ++++++++-
6 files changed, 183 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/smbcacls.1.xml b/docs-xml/manpages/smbcacls.1.xml
index a292368..f8816ad 100644
--- a/docs-xml/manpages/smbcacls.1.xml
+++ b/docs-xml/manpages/smbcacls.1.xml
@@ -33,6 +33,8 @@
<arg choice="opt">-U username</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-d</arg>
+ <arg choice="opt">-e</arg>
+ <arg choice="opt">-m|--max-protocol LEVEL</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -139,6 +141,31 @@
</varlistentry>
<varlistentry>
+ <term>-e</term>
+ <listitem><para>This command line parameter requires the remote
+ server support the UNIX extensions or that the SMB3 protocol
has been selected.
+ Requests that the connection be encrypted. Negotiates SMB
encryption using either
+ SMB3 or POSIX extensions via GSSAPI. Uses the given credentials
for
+ the encryption negotiation (either kerberos or NTLMv1/v2 if
given
+ domain/username/password triple. Fails the connection if
encryption
+ cannot be negotiated.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-m|--max-protocol PROTOCOL_NAME</term>
+ <listitem><para>This allows the user to select the
+ highest SMB protocol level that smbcacls will use to
+ connect to the server. By default this is set to
+ NT1, which is the highest available SMB1 protocol.
+ To connect using SMB2 or SMB3 protocol, use the
+ strings SMB2 or SMB3 respectively. Note that to connect
+ to a Windows 2012 server with encrypted transport selecting
+ a max-protocol of SMB3 is required.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-t|--test-args</term>
<listitem><para>
Don't actually do anything, only validate the correctness of
diff --git a/docs-xml/manpages/smbclient.1.xml
b/docs-xml/manpages/smbclient.1.xml
index 5465edd..b9e55e9 100644
--- a/docs-xml/manpages/smbclient.1.xml
+++ b/docs-xml/manpages/smbclient.1.xml
@@ -37,6 +37,7 @@
<arg choice="opt">-p port</arg>
<arg choice="opt">-R <name resolve order></arg>
<arg choice="opt">-s <smb config file></arg>
+ <arg choice="opt">-t <per-operation timeout in
seconds></arg>
<arg choice="opt">-k</arg>
<arg choice="opt">-P</arg>
<arg choice="opt">-c <command></arg>
@@ -67,6 +68,7 @@
<arg choice="opt">-p port</arg>
<arg choice="opt">-R <name resolve order></arg>
<arg choice="opt">-s <smb config file></arg>
+ <arg choice="opt">-t <per-operation timeout in
seconds></arg>
<arg choice="opt">-T<c|x>IXFqgbNan</arg>
<arg choice="opt">-k</arg>
</cmdsynopsis>
@@ -256,7 +258,14 @@
<varlistentry>
<term>-m|--max-protocol protocol</term>
- <listitem><para>This parameter sets the maximum protocol
version announced by the client.
+ <listitem><para>This allows the user to select the
+ highest SMB protocol level that smbclient will use to
+ connect to the server. By default this is set to
+ NT1, which is the highest available SMB1 protocol.
+ To connect using SMB2 or SMB3 protocol, use the
+ strings SMB2 or SMB3 respectively. Note that to connect
+ to a Windows 2012 server with encrypted transport selecting
+ a max-protocol of SMB3 is required.
</para></listitem>
</varlistentry>
@@ -309,22 +318,29 @@
<varlistentry>
<term>-b|--send-buffer buffersize</term>
- <listitem><para>This option changes the transmit/send buffer
- size when getting or putting a file from/to the server. The
default
- is 65520 bytes. Setting this value smaller (to 1200 bytes) has
been
- observed to speed up file transfers to and from a Win9x server.
+ <listitem><para>
+ When sending or receiving files, smbclient uses an
+ internal buffer sized by the maximum number of allowed requests
+ to the connected server. This command allows this size to be
set to any
+ range between 0 (which means use the default server controlled
size) bytes
+ and 16776960 (0xFFFF00) bytes. Using the server controlled size
is the
+ most efficient as smbclient will pipeline as many simultaneous
reads or
+ writes needed to keep the server as busy as possible. Setting
this to
+ any other size will slow down the transfer. This can also be set
+ using the <command>iosize</command> command inside smbclient.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-e|--encrypt</term>
- <listitem><para>This command line parameter requires the remote
- server support the UNIX extensions. Request that the connection
be
- encrypted. This is new for Samba 3.2 and will only work with
Samba
- 3.2 or above servers. Negotiates SMB encryption using GSSAPI.
Uses
- the given credentials for the encryption negotiation (either
kerberos
- or NTLMv1/v2 if given domain/username/password triple. Fails the
- connection if encryption cannot be negotiated.
+ <listitem><para>
+ This command line parameter requires the remote
+ server support the UNIX extensions or that the SMB3 protocol
has been selected.
+ Requests that the connection be encrypted. Negotiates SMB
encryption using either
+ SMB3 or POSIX extensions via GSSAPI. Uses the given credentials
for
+ the encryption negotiation (either kerberos or NTLMv1/v2 if
given
+ domain/username/password triple. Fails the connection if
encryption
+ cannot be negotiated.
</para></listitem>
</varlistentry>
@@ -334,6 +350,18 @@
&popt.common.connection;
<varlistentry>
+ <term>-t|--timeout <timeout-seconds></term>
+ <listitem><para>This allows the user to tune the default
+ timeout used for each SMB request. The default setting is
+ 20 seconds. Increase it if requests to the server sometimes
+ time out. This can happen when SMB3 encryption is selected
+ and smbclient is overwhelming the server with requests.
+ This can also be set using the <command>timeout</command>
+ command inside smbclient.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-T|--tar tar options</term>
<listitem><para>smbclient may be used to create <command>tar(1)
</command> compatible backups of all the files on an SMB/CIFS
@@ -694,12 +722,15 @@
<varlistentry>
<term>iosize <bytes></term>
- <listitem><para>When sending or receiving files, smbclient uses
an
- internal memory buffer by default of size 64512 bytes. This
command
- allows this size to be set to any range between 16384 (0x4000)
bytes
- and 16776960 (0xFFFF00) bytes. Larger sizes may mean more
efficient
- data transfer as smbclient will try and use the most efficient
- read and write calls for the connected server.
+ <listitem><para>
+ When sending or receiving files, smbclient uses an
+ internal buffer sized by the maximum number of allowed requests
+ to the connected server. This command allows this size to be
set to any
+ range between 0 (which means use the default server controlled
size) bytes
+ and 16776960 (0xFFFF00) bytes. Using the server controlled size
is the
+ most efficient as smbclient will pipeline as many simultaneous
reads or
+ writes needed to keep the server as busy as possible. Setting
this to
+ any other size will slow down the transfer.
</para></listitem>
</varlistentry>
@@ -1041,6 +1072,16 @@
</varlistentry>
<varlistentry>
+ <term>timeout <per-operation timeout in seconds></term>
+ <listitem><para>This allows the user to tune the default
+ timeout used for each SMB request. The default setting is
+ 20 seconds. Increase it if requests to the server sometimes
+ time out. This can happen when SMB3 encryption is selected
+ and smbclient is overwhelming the server with requests.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>unlock <filenum> <hex-start>
<hex-len></term>
<listitem><para>This command depends on the server supporting
the CIFS
UNIX extensions and will fail if the server does not. Tries to
unlock a POSIX
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 1176bb8..8cbf27a 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4949,6 +4949,27 @@ NTSTATUS smb2cli_session_set_channel_key(struct
smbXcli_session *session,
return NT_STATUS_OK;
}
+NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
+{
+ if (session->smb2->should_encrypt) {
+ return NT_STATUS_OK;
+ }
+
+ if (session->conn->protocol < PROTOCOL_SMB2_24) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ if (!(session->conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ if (session->smb2->signing_key.data == NULL) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+ session->smb2->should_encrypt = true;
+ return NT_STATUS_OK;
+}
+
struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx)
{
struct smbXcli_tcon *tcon;
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index a7cfcc3..3d93427 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -294,6 +294,7 @@ NTSTATUS smb2cli_session_create_channel(TALLOC_CTX *mem_ctx,
NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
const DATA_BLOB channel_key,
const struct iovec *recv_iov);
+NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session);
struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx);
uint16_t smb1cli_tcon_current_id(struct smbXcli_tcon *tcon);
diff --git a/source3/client/client.c b/source3/client/client.c
index d302d43..581b9c6 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -56,6 +56,7 @@ static char *cmdstr = NULL;
const char *cmd_ptr = NULL;
static int io_bufsize = 0; /* we use the default size */
+static int io_timeout = (CLIENT_TIMEOUT/1000); /* Per operation timeout (in
seconds). */
static int name_type = 0x20;
static int max_protocol = -1;
@@ -4528,29 +4529,35 @@ int cmd_iosize(void)
int iosize;
if (!next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
- if (!smb_encrypt) {
- d_printf("iosize <n> or iosize 0x<n>. "
- "Minimum is 16384 (0x4000), "
- "max is 16776960 (0xFFFF00)\n");
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+ if (!smb_encrypt) {
+ d_printf("iosize <n> or iosize 0x<n>. "
+ "Minimum is 0 (default), "
+ "max is 16776960 (0xFFFF00)\n");
+ } else {
+ d_printf("iosize <n> or iosize 0x<n>. "
+ "(Encrypted connection) ,"
+ "Minimum is 0 (default), "
+ "max is 130048 (0x1FC00)\n");
+ }
} else {
- d_printf("iosize <n> or iosize 0x<n>. "
- "(Encrypted connection) ,"
- "Minimum is 16384 (0x4000), "
- "max is 130048 (0x1FC00)\n");
+ d_printf("iosize <n> or iosize 0x<n>.\n");
}
return 1;
}
iosize = strtol(buf,NULL,0);
- if (smb_encrypt && (iosize < 0x4000 || iosize > 0xFC00)) {
- d_printf("iosize out of range for encrypted "
- "connection (min = 16384 (0x4000), "
- "max = 130048 (0x1FC00)");
- return 1;
- } else if (!smb_encrypt && (iosize < 0x4000 || iosize > 0xFFFF00)) {
- d_printf("iosize out of range (min = 16384 (0x4000), "
- "max = 16776960 (0xFFFF00)");
- return 1;
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+ if (smb_encrypt && (iosize < 0 || iosize > 0xFC00)) {
+ d_printf("iosize out of range for encrypted "
+ "connection (min = 0 (default), "
+ "max = 130048 (0x1FC00)");
+ return 1;
+ } else if (!smb_encrypt && (iosize < 0 || iosize > 0xFFFF00)) {
+ d_printf("iosize out of range (min = 0 (default), "
+ "max = 16776960 (0xFFFF00)");
+ return 1;
+ }
}
io_bufsize = iosize;
@@ -4559,6 +4566,31 @@ int cmd_iosize(void)
}
/****************************************************************************
+ timeout command
+***************************************************************************/
+
+static int cmd_timeout(void)
+{
+ TALLOC_CTX *ctx = talloc_tos();
+ char *buf;
+
+ if (!next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
+ unsigned int old_timeout = cli_set_timeout(cli, 0);
+ cli_set_timeout(cli, old_timeout);
+ d_printf("timeout <n> (per-operation timeout "
+ "in seconds - currently %u).\n",
+ old_timeout/1000);
+ return 1;
+ }
+
+ io_timeout = strtol(buf,NULL,0);
+ cli_set_timeout(cli, io_timeout*1000);
+ d_printf("io_timeout per operation is now %d\n", io_timeout);
+ return 0;
+}
+
+
+/****************************************************************************
history
****************************************************************************/
static int cmd_history(void)
@@ -4666,6 +4698,7 @@ static struct {
{"symlink",cmd_symlink,"<oldname> <newname> create a UNIX
symlink",{COMPL_REMOTE,COMPL_REMOTE}},
{"tar",cmd_tar,"tar <c|x>[IXFqbgNan] current directory to/from <file
name>",{COMPL_NONE,COMPL_NONE}},
{"tarmode",cmd_tarmode,"<full|inc|reset|noreset> tar's behaviour towards
archive bits",{COMPL_NONE,COMPL_NONE}},
+ {"timeout",cmd_timeout,"timeout <number> - set the per-operation timeout in
seconds (default 20)",{COMPL_NONE,COMPL_NONE}},
{"translate",cmd_translate,"toggle text translation for
printing",{COMPL_NONE,COMPL_NONE}},
{"unlock",cmd_unlock,"unlock <fnum> <hex-start> <hex-len> : remove a POSIX
lock",{COMPL_REMOTE,COMPL_REMOTE}},
{"volume",cmd_volume,"print the volume name",{COMPL_NONE,COMPL_NONE}},
@@ -4769,6 +4802,7 @@ static int process_command_string(const char *cmd_in)
if (!NT_STATUS_IS_OK(status)) {
return 1;
}
+ cli_set_timeout(cli, io_timeout*1000);
}
while (cmd[0] != '\0') {
@@ -5196,6 +5230,8 @@ static int process(const char *base_directory)
return 1;
}
+ cli_set_timeout(cli, io_timeout*1000);
+
if (base_directory && *base_directory) {
rc = do_cd(base_directory);
if (rc) {
@@ -5230,6 +5266,7 @@ static int do_host_query(const char *query_host)
return 1;
}
+ cli_set_timeout(cli, io_timeout*1000);
browse_host(true);
/* Ensure that the host can do IPv4 */
@@ -5265,6 +5302,7 @@ static int do_host_query(const char *query_host)
return 1;
}
+ cli_set_timeout(cli, io_timeout*1000);
list_servers(lp_workgroup());
cli_shutdown(cli);
@@ -5291,6 +5329,7 @@ static int do_tar_op(const char *base_directory)
if (!NT_STATUS_IS_OK(status)) {
return 1;
}
+ cli_set_timeout(cli, io_timeout*1000);
}
recurse=true;
@@ -5326,6 +5365,7 @@ static int do_message_op(struct user_auth_info *a_info)
return 1;
}
+ cli_set_timeout(cli, io_timeout*1000);
send_message(get_cmdline_auth_info_username(a_info));
cli_shutdown(cli);
@@ -5362,6 +5402,7 @@ static int do_message_op(struct user_auth_info *a_info)
{ "directory", 'D', POPT_ARG_STRING, NULL, 'D', "Start from
directory", "DIR" },
{ "command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute
semicolon separated commands" },
{ "send-buffer", 'b', POPT_ARG_INT, &io_bufsize, 'b', "Changes
the transmit/send buffer", "BYTES" },
+ { "timeout", 't', POPT_ARG_INT, &io_timeout, 'b', "Changes the
per-operation timeout", "SECONDS" },
{ "port", 'p', POPT_ARG_INT, &port, 'p', "Port to connect to",
"PORT" },
{ "grepable", 'g', POPT_ARG_NONE, NULL, 'g', "Produce grepable
output" },
{ "browse", 'B', POPT_ARG_NONE, NULL, 'B', "Browse SMB servers
using DNS" },
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 1d92843..57126e6 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -48,7 +48,23 @@ NTSTATUS cli_cm_force_encryption(struct cli_state *c,
const char *domain,
const char *sharename)
{
- NTSTATUS status = cli_force_encryption(c,
+ NTSTATUS status;
+
+ if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
+ status = smb2cli_session_encryption_on(c->smb2.session);
+ if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
+ d_printf("Encryption required and "
+ "server doesn't support "
+ "SMB3 encryption - failing connect\n");
+ } else if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Encryption required and "
+ "setup failed with error %s.\n",
+ nt_errstr(status));
+ }
+ return status;
+ }
+
+ status = cli_force_encryption(c,
username,
password,
domain);
--
Samba Shared Repository
