The branch, master has been updated via f5d04a43cf6 python:join: fix reused variable name in provision func via e258ea12b01 s4:kdc: Allocate claim value on values context via 3b72dde2027 tests/krb5: Add tests for constructed (authentication silo) claims via 75aecbe6203 tests/krb5: Add method to create authentication silo claim via dc4c51f353a tests/krb5: Add method to create an authentication silo via 8855b525ce1 tests/krb5: Add methods to get authentication policy DNs via 9b96855f370 tests/krb5: Check only for the canonical representation of a security descriptor via f1174c6e0c4 librpc/ndr: Fix NULL pointer dereference via d0d588558d9 Update WHATSNEW.txt via 960fe1ca273 s3:utils: s3:utils: Correctly wire winbind ccache support for smbget via e22eccbe889 s3:utils: Correctly wire NT hash support for smbget via 61424dd2218 auth: Add cli_credentials_is_password_nt_hash() via 97c0982bad9 auth: Remove trailing white spaces in credentials_ntlm.c via 96914246d36 auth: Remove trailing white spaces in credentials.h via de702cb5b18 s3:tests: Add test with testdenied_...@realm.upn via 3fa25a77ca9 s3:tests: Add a kerberos trust test for smbget via 9392a581dbb s3:tests: Add kerberos test for smbget via 267ea547129 s3:utils: Correctly wire Kerberos support for smbget via a2ba787780c s3:tests: Add encryption test for smbget via ada8cd6a627 s3:utils: Correctly wire encryption for smbget via f531dd19826 docs-xml: Remove smbgetrc manpage via 7f8a814c7ad docs-xml: Update smbget manpage via 20b5d98ce58 s3:utils: Use common command line parser for smbget via 42b47e20e71 s3:tests: Use long options for smbget in test_smbget.sh via 0e07d0ac220 s3:utils: Add support for parsing domain/UPN in username for smbget via 34d4ac9907c s3:utils: Always cleanup when leaving smbget main() via 1f3f88603a4 s3:tests: Add smbget msdfs link test with domain and UPN via d81acef3924 s3:tests: Add domain and UPN test for smbget via 1104916d227 s3:tests: Also clear the download area in smbget msdfs_link test via 9c76563ba24 s3:selftest: Pass REALM to samba.blackbox.smbget via badbbceb76f s3:selftest: Move samba3.blackbox.smbget to ad_member via acf259c7e0b s3:selftest: Move the smbget share to the provision function from 925b026a235 lib:ldb:tests: Fix code spelling
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit f5d04a43cf6b32aa8ea443bc5ac485581d77d200 Author: John Mulligan <jmulli...@redhat.com> Date: Fri Mar 24 15:11:59 2023 -0400 python:join: fix reused variable name in provision func Recent updates to run adprep during the provision function re-used a variable name that was already in use as a string. This reassignment changed the type of the referenced object. This variable name is later used to setup the mit krb5 kdc conf and expects the var to contain a string. When executed with default cli options on a mit krb5 based build samba tool fails with a traceback: ``` INFO 2023-03-23 21:22:50,399 pid:6 /usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2021: Fixing provision GUIDs ERROR(<class 'AttributeError'>): uncaught exception - 'DomainUpdate' object has no attribute 'upper' File "/usr/lib64/python3.10/site-packages/samba/netcmd/__init__.py", line 230, in _run return self.run(*args, **kwargs) File "/usr/lib64/python3.10/site-packages/samba/netcmd/domain.py", line 555, in run result = provision(self.logger, File "/usr/lib64/python3.10/site-packages/samba/provision/__init__.py", line 2408, in provision create_kdc_conf(paths.kdcconf, realm, domain, os.path.dirname(lp.get("log file"))) File "/usr/lib64/python3.10/site-packages/samba/provision/kerberos.py", line 43, in create_kdc_conf domain = domain.upper() ``` This change removes the re-use of the existing var name by chaining the calls. Fixes: 4bba26579d1 Signed-off-by: John Mulligan <jmulli...@redhat.com> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Wed Apr 5 02:02:29 UTC 2023 on atb-devel-224 commit e258ea12b01c2f01f049f95c9c7e4c7ec0ada6d6 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Apr 3 13:07:30 2023 +1200 s4:kdc: Allocate claim value on values context Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3b72dde2027fe7bffa03f6022fd2a5aef26845fa Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Apr 3 13:24:12 2023 +1200 tests/krb5: Add tests for constructed (authentication silo) claims Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 75aecbe62030c386e93d179e1cb1aebb6e916df9 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Apr 3 14:28:58 2023 +1200 tests/krb5: Add method to create authentication silo claim Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit dc4c51f353a2bce5b8662a80b77e60846cb00255 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Apr 3 12:54:55 2023 +1200 tests/krb5: Add method to create an authentication silo Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8855b525ce11a343cf1fdab429e39c36b3f5f28c Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Mar 7 17:40:10 2022 +1300 tests/krb5: Add methods to get authentication policy DNs Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9b96855f370e7079baeac41c1797ef5fb3d4cd73 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Mar 28 07:46:23 2023 +1300 tests/krb5: Check only for the canonical representation of a security descriptor As of commit be1aae77b7610933b1121f207e0a4df523c2d278, Samba only produces the canonical form of a security descriptor. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f1174c6e0c4c033b3eae0b9ab94d76ac1382f74b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Apr 3 10:40:02 2023 +1200 librpc/ndr: Fix NULL pointer dereference BUG: https://bugzilla.samba.org/show_bug.cgi?id=15348 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d0d588558d925ecc3e3d4136b8d7185f009154e6 Author: Andreas Schneider <a...@samba.org> Date: Thu Mar 30 13:43:26 2023 +0200 Update WHATSNEW.txt Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 960fe1ca27357d8c2f85f956531dfbe6bbc025f7 Author: Andreas Schneider <a...@samba.org> Date: Mon Apr 3 08:14:30 2023 +0200 s3:utils: s3:utils: Correctly wire winbind ccache support for smbget Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e22eccbe889f27f6cb3661e0ef313cef08cd33f8 Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 31 09:49:44 2023 +0200 s3:utils: Correctly wire NT hash support for smbget Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 61424dd22180a4f84eb11f4ae8263d53904f6e45 Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 31 10:44:16 2023 +0200 auth: Add cli_credentials_is_password_nt_hash() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 97c0982bad9e29955e763bf3d48fab9dc586ba37 Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 31 10:43:59 2023 +0200 auth: Remove trailing white spaces in credentials_ntlm.c Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 96914246d367652b77361d168f7e99a0502d4776 Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 31 10:43:11 2023 +0200 auth: Remove trailing white spaces in credentials.h Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit de702cb5b18f8fe9220229200c87a374fe055cd5 Author: Andreas Schneider <a...@samba.org> Date: Tue Apr 4 09:25:55 2023 +0200 s3:tests: Add test with testdenied_...@realm.upn Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3fa25a77ca98cf4356bc8656e003ebc721a28af5 Author: Andreas Schneider <a...@samba.org> Date: Mon Apr 3 08:30:06 2023 +0200 s3:tests: Add a kerberos trust test for smbget Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9392a581dbb7a668a249a2eaa43942d34b268ba4 Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 31 09:46:02 2023 +0200 s3:tests: Add kerberos test for smbget Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 267ea5471298bb3a47e6b16898c85b62dc48900c Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 31 09:32:02 2023 +0200 s3:utils: Correctly wire Kerberos support for smbget Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a2ba787780c215bd6e9358ec358adbf863eb5c77 Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 31 09:36:46 2023 +0200 s3:tests: Add encryption test for smbget Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ada8cd6a6274f8266ee66e56d164d48f2e1bc41a Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 31 09:31:11 2023 +0200 s3:utils: Correctly wire encryption for smbget Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f531dd19826d5e092ce3c55ddd4882bd658d320d Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 31 08:40:38 2023 +0200 docs-xml: Remove smbgetrc manpage This has been removed, we have support for an authentication file. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 7f8a814c7ad7529a9b1da872927d34ba8ba222f7 Author: Andreas Schneider <a...@samba.org> Date: Thu Mar 30 13:48:06 2023 +0200 docs-xml: Update smbget manpage Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 20b5d98ce58526fb0fc78f5482988aebb95c7e80 Author: Andreas Schneider <a...@samba.org> Date: Thu Mar 30 11:19:01 2023 +0200 s3:utils: Use common command line parser for smbget Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 42b47e20e718b0c29659c6d40b81726ebbf337d2 Author: Andreas Schneider <a...@samba.org> Date: Thu Mar 30 13:00:55 2023 +0200 s3:tests: Use long options for smbget in test_smbget.sh This is more descriptive and will help with the next commit. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 0e07d0ac220226306c10f39dad1031382264d4e4 Author: Andreas Schneider <a...@samba.org> Date: Wed Mar 29 08:48:12 2023 +0200 s3:utils: Add support for parsing domain/UPN in username for smbget The smbget utility doesn't use the common command line parser, so it doesn't support paring of DOMAIN/user or user@realm. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 34d4ac9907c47d6183efd2f850c2293207fa32fa Author: Andreas Schneider <a...@samba.org> Date: Thu Mar 30 11:14:26 2023 +0200 s3:utils: Always cleanup when leaving smbget main() This will not leak any memory. Also rename the bool to 'ok' for better readability. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1f3f88603a40e11cf1c9326a1f16d27e0d9337e1 Author: Andreas Schneider <a...@samba.org> Date: Wed Mar 29 09:03:11 2023 +0200 s3:tests: Add smbget msdfs link test with domain and UPN BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d81acef3924ef1484e3e0467e6441f4792c84f3d Author: Andreas Schneider <a...@samba.org> Date: Wed Mar 29 08:59:09 2023 +0200 s3:tests: Add domain and UPN test for smbget BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1104916d227550f7c445e61d8ee3b62983c052c4 Author: Andreas Schneider <a...@samba.org> Date: Thu Mar 30 10:26:40 2023 +0200 s3:tests: Also clear the download area in smbget msdfs_link test BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9c76563ba2460187bbfc2e2c75e9237b82357139 Author: Andreas Schneider <a...@samba.org> Date: Thu Mar 30 10:06:55 2023 +0200 s3:selftest: Pass REALM to samba.blackbox.smbget BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit badbbceb76f41ddb86481ffd02f06f197258c1cb Author: Andreas Schneider <a...@samba.org> Date: Wed Mar 29 13:08:37 2023 +0200 s3:selftest: Move samba3.blackbox.smbget to ad_member BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit acf259c7e0b81b2b178d467102ced7826c109036 Author: Andreas Schneider <a...@samba.org> Date: Thu Mar 30 10:16:35 2023 +0200 s3:selftest: Move the smbget share to the provision function BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: WHATSNEW.txt | 11 + auth/credentials/credentials.h | 83 +++--- auth/credentials/credentials_ntlm.c | 33 ++- docs-xml/manpages/smbget.1.xml | 100 +++---- docs-xml/manpages/smbgetrc.5.xml | 112 -------- docs-xml/wscript_build | 1 - librpc/ndr/ndr_claims.c | 8 +- python/samba/provision/__init__.py | 9 +- python/samba/tests/krb5/claims_tests.py | 126 ++++++--- python/samba/tests/krb5/kdc_base_test.py | 180 +++++++++++- selftest/knownfail.d/constructed-claims | 1 + selftest/target/Samba3.pm | 15 +- source3/script/tests/test_smbget.sh | 262 ++++++++++++++++-- source3/selftest/tests.py | 16 +- source3/utils/smbget.c | 462 ++++++++++++------------------- source3/utils/wscript_build | 2 +- source4/kdc/ad_claims.c | 2 +- 17 files changed, 829 insertions(+), 594 deletions(-) delete mode 100644 docs-xml/manpages/smbgetrc.5.xml create mode 100644 selftest/knownfail.d/constructed-claims Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d63da177595..d6b23b06f60 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -16,6 +16,17 @@ UPGRADING NEW FEATURES/CHANGES ==================== +Migrated smbget to use common command line parser +------------------------------------------------- + +The smbget utility implemented its own command line parsing logic. After +discovering an issue we decided to migrate it to use the common command line +parser. This has some advantages as you get all the feature it provides like +Kerberos authentication. The downside is that breaks the options interface. +The support for smbgetrc has been removed. You can use an authentication file +if needed, this is documented in the manpage. + +Please check the smbget manpage or --help output. REMOVED FEATURES ================ diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index e9d8b8a44b1..c3a048ecc8d 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -1,4 +1,4 @@ -/* +/* samba -- Unix SMB/CIFS implementation. Client credentials structure @@ -10,12 +10,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -42,7 +42,7 @@ enum smb_signing_setting; enum smb_encryption_setting; /* In order of priority */ -enum credentials_obtained { +enum credentials_obtained { CRED_UNINITIALISED = 0, /* We don't even have a guess yet */ CRED_SMB_CONF, /* Current value should be used, which comes from smb.conf */ CRED_CALLBACK, /* Callback should be used to obtain value */ @@ -81,8 +81,8 @@ enum credentials_krb_forwardable { #define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this flag */ const char *cli_credentials_get_workstation(struct cli_credentials *cred); -bool cli_credentials_set_workstation(struct cli_credentials *cred, - const char *val, +bool cli_credentials_set_workstation(struct cli_credentials *cred, + const char *val, enum credentials_obtained obtained); bool cli_credentials_is_anonymous(struct cli_credentials *cred); struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx); @@ -93,29 +93,29 @@ bool cli_credentials_wrong_password(struct cli_credentials *cred); const char *cli_credentials_get_password(struct cli_credentials *cred); const char *cli_credentials_get_password_and_obtained(struct cli_credentials *cred, enum credentials_obtained *obtained); -void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, - const char **username, +void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, + const char **username, const char **domain); -NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, +NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, int *flags, DATA_BLOB challenge, const NTTIME *server_timestamp, DATA_BLOB target_info, - DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, + DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key); const char *cli_credentials_get_realm(struct cli_credentials *cred); const char *cli_credentials_get_username(struct cli_credentials *cred); const char *cli_credentials_get_username_and_obtained(struct cli_credentials *cred, enum credentials_obtained *obtained); -int cli_credentials_get_krb5_context(struct cli_credentials *cred, +int cli_credentials_get_krb5_context(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct smb_krb5_context **smb_krb5_context); -int cli_credentials_get_ccache(struct cli_credentials *cred, +int cli_credentials_get_ccache(struct cli_credentials *cred, struct tevent_context *event_ctx, struct loadparm_context *lp_ctx, struct ccache_container **ccc, const char **error_string); -int cli_credentials_get_named_ccache(struct cli_credentials *cred, +int cli_credentials_get_named_ccache(struct cli_credentials *cred, struct tevent_context *event_ctx, struct loadparm_context *lp_ctx, char *ccache_name, @@ -123,7 +123,7 @@ int cli_credentials_get_named_ccache(struct cli_credentials *cred, bool cli_credentials_failed_kerberos_login(struct cli_credentials *cred, const char *principal, unsigned int *count); -int cli_credentials_get_keytab(struct cli_credentials *cred, +int cli_credentials_get_keytab(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct keytab_container **_ktc); const char *cli_credentials_get_domain(struct cli_credentials *cred); @@ -133,10 +133,10 @@ void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, bool cli_credentials_set_conf(struct cli_credentials *cred, struct loadparm_context *lp_ctx); char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx); -int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, +int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc); -int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, +int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, struct tevent_context *event_ctx, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc, @@ -148,22 +148,22 @@ bool cli_credentials_set_kerberos_state(struct cli_credentials *creds, enum credentials_obtained obtained); void cli_credentials_set_krb_forwardable(struct cli_credentials *creds, enum credentials_krb_forwardable krb_forwardable); -bool cli_credentials_set_domain(struct cli_credentials *cred, - const char *val, +bool cli_credentials_set_domain(struct cli_credentials *cred, + const char *val, enum credentials_obtained obtained); bool cli_credentials_set_domain_callback(struct cli_credentials *cred, const char *(*domain_cb) (struct cli_credentials *)); -bool cli_credentials_set_username(struct cli_credentials *cred, +bool cli_credentials_set_username(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained); bool cli_credentials_set_username_callback(struct cli_credentials *cred, const char *(*username_cb) (struct cli_credentials *)); -bool cli_credentials_set_principal(struct cli_credentials *cred, - const char *val, +bool cli_credentials_set_principal(struct cli_credentials *cred, + const char *val, enum credentials_obtained obtained); bool cli_credentials_set_principal_callback(struct cli_credentials *cred, const char *(*principal_cb) (struct cli_credentials *)); -bool cli_credentials_set_password(struct cli_credentials *cred, - const char *val, +bool cli_credentials_set_password(struct cli_credentials *cred, + const char *val, enum credentials_obtained obtained); struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx); void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained); @@ -171,8 +171,8 @@ struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, TALLOC_CTX *mem_ctx); struct samr_Password *cli_credentials_get_old_nt_hash(struct cli_credentials *cred, TALLOC_CTX *mem_ctx); -bool cli_credentials_set_realm(struct cli_credentials *cred, - const char *val, +bool cli_credentials_set_realm(struct cli_credentials *cred, + const char *val, enum credentials_obtained obtained); void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, enum netr_SchannelType secure_channel_type); @@ -181,7 +181,7 @@ void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred void cli_credentials_set_netlogon_creds( struct cli_credentials *cred, const struct netlogon_creds_CredentialState *netlogon_creds); -NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, +NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, struct smb_krb5_context *smb_krb5_context); NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, struct loadparm_context *lp_ctx, @@ -206,7 +206,7 @@ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credentials *cred bool cli_credentials_authentication_requested(struct cli_credentials *cred); bool cli_credentials_guess(struct cli_credentials *cred, struct loadparm_context *lp_ctx); -bool cli_credentials_set_bind_dn(struct cli_credentials *cred, +bool cli_credentials_set_bind_dn(struct cli_credentials *cred, const char *bind_dn); const char *cli_credentials_get_bind_dn(struct cli_credentials *cred); bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained); @@ -224,8 +224,9 @@ bool cli_credentials_set_old_utf16_password(struct cli_credentials *cred, const DATA_BLOB *password_utf16); void cli_credentials_set_password_will_be_nt_hash(struct cli_credentials *cred, bool val); +bool cli_credentials_is_password_nt_hash(struct cli_credentials *cred); bool cli_credentials_set_nt_hash(struct cli_credentials *cred, - const struct samr_Password *nt_hash, + const struct samr_Password *nt_hash, enum credentials_obtained obtained); bool cli_credentials_set_old_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash); @@ -235,23 +236,23 @@ bool cli_credentials_set_ntlm_response(struct cli_credentials *cred, const DATA_BLOB *nt_response, const DATA_BLOB *nt_session_key, enum credentials_obtained obtained); -int cli_credentials_set_keytab_name(struct cli_credentials *cred, +int cli_credentials_set_keytab_name(struct cli_credentials *cred, struct loadparm_context *lp_ctx, - const char *keytab_name, + const char *keytab_name, enum credentials_obtained obtained); bool cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features, enum credentials_obtained obtained); uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds); -int cli_credentials_set_ccache(struct cli_credentials *cred, +int cli_credentials_set_ccache(struct cli_credentials *cred, struct loadparm_context *lp_ctx, - const char *name, + const char *name, enum credentials_obtained obtained, const char **error_string); bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained); -bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, +bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, int fd, enum credentials_obtained obtained); -void cli_credentials_invalidate_ccache(struct cli_credentials *cred, +void cli_credentials_invalidate_ccache(struct cli_credentials *cred, enum credentials_obtained obtained); void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal); void cli_credentials_set_impersonate_principal(struct cli_credentials *cred, @@ -265,11 +266,11 @@ const char *cli_credentials_get_target_service(struct cli_credentials *cred); enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds); const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *cred); enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds); -NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, +NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct ldb_context *ldb, const char *base, - const char *filter, + const char *filter, char **error_string); int cli_credentials_get_kvno(struct cli_credentials *cred); @@ -283,8 +284,8 @@ bool cli_credentials_set_username_callback(struct cli_credentials *cred, * @note Return value will never be NULL except by programmer error. */ char *cli_credentials_get_principal_and_obtained(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, enum credentials_obtained *obtained); -bool cli_credentials_set_principal(struct cli_credentials *cred, - const char *val, +bool cli_credentials_set_principal(struct cli_credentials *cred, + const char *val, enum credentials_obtained obtained); bool cli_credentials_set_principal_callback(struct cli_credentials *cred, const char *(*principal_cb) (struct cli_credentials *)); @@ -295,8 +296,8 @@ bool cli_credentials_set_principal_callback(struct cli_credentials *cred, * @retval If set, the cleartext password, otherwise NULL */ const char *cli_credentials_get_old_password(struct cli_credentials *cred); -bool cli_credentials_set_old_password(struct cli_credentials *cred, - const char *val, +bool cli_credentials_set_old_password(struct cli_credentials *cred, + const char *val, enum credentials_obtained obtained); bool cli_credentials_set_domain_callback(struct cli_credentials *cred, const char *(*domain_cb) (struct cli_credentials *)); @@ -336,7 +337,7 @@ bool cli_credentials_set_cmdline_callbacks(struct cli_credentials *cred); void cli_credentials_dump(struct cli_credentials *creds); /** - * Return attached NETLOGON credentials + * Return attached NETLOGON credentials */ struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred); diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c index 1c17148e647..38226453c4a 100644 --- a/auth/credentials/credentials_ntlm.c +++ b/auth/credentials/credentials_ntlm.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. User credentials handling @@ -6,17 +6,17 @@ Copyright (C) Andrew Tridgell 2001 Copyright (C) Andrew Bartlett <abart...@samba.org> 2001-2005 Copyright (C) Stefan Metzmacher 2005 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -35,13 +35,13 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH -_PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, int *flags, DATA_BLOB challenge, const NTTIME *server_timestamp, DATA_BLOB target_info, - DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, - DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key) + DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, + DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key) { TALLOC_CTX *frame = talloc_stackframe(); const char *user = NULL; @@ -152,13 +152,13 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred /* TODO: if the remote server is standalone, then we should replace 'domain' with the server name as supplied above */ - + if (!SMBNTLMv2encrypt_hash(frame, - user, - domain, - nt_hash->hash, &challenge, + user, + domain, + nt_hash->hash, &challenge, server_timestamp, &target_info, - &lm_response, &nt_response, + &lm_response, &nt_response, NULL, &session_key)) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; @@ -263,7 +263,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred SMBsesskeygen_ntv1(nt_hash->hash, session_key.data); dump_data_pw("NT session key:\n", session_key.data, session_key.length); - /* lanman auth is insecure, it may be disabled. + /* lanman auth is insecure, it may be disabled. We may also not have a password */ if (password != NULL) { @@ -458,8 +458,13 @@ _PUBLIC_ void cli_credentials_set_password_will_be_nt_hash(struct cli_credential cred->password_will_be_nt_hash = val; } +_PUBLIC_ bool cli_credentials_is_password_nt_hash(struct cli_credentials *cred) +{ + return cred->password_will_be_nt_hash; +} + _PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, - const struct samr_Password *nt_hash, + const struct samr_Password *nt_hash, enum credentials_obtained obtained) { cred->password_will_be_nt_hash = false; diff --git a/docs-xml/manpages/smbget.1.xml b/docs-xml/manpages/smbget.1.xml index 9d1db967f96..d7eac27ddb8 100644 --- a/docs-xml/manpages/smbget.1.xml +++ b/docs-xml/manpages/smbget.1.xml @@ -21,14 +21,9 @@ <command>smbget</command> <arg choice="opt">-a, --guest</arg> <arg choice="opt">-r, --resume</arg> - <arg choice="opt">-R, --recursive</arg> - <arg choice="opt">-U, --user=STRING</arg> - <arg choice="opt">-w, --workgroup=STRING</arg> - <arg choice="opt">-n, --nonprompt</arg> - <arg choice="opt">-d, --debuglevel=INT</arg> + <arg choice="opt">--recursive</arg> <arg choice="opt">-D, --dots</arg> <arg choice="opt">-o, --outputfile</arg> - <arg choice="opt">-f, --rcfile</arg> <arg choice="opt">-q, --quiet</arg> <arg choice="opt">-v, --verbose</arg> <arg choice="opt">-b, --blocksize</arg> @@ -36,8 +31,34 @@ <arg choice="opt">-u, --update</arg> <arg choice="opt">-e, --encrypt</arg> <arg choice="opt">--limit-rate=INT</arg> - <arg choice="opt">-?, --help</arg> + <arg choice="opt">-?|--help</arg> <arg choice="opt">--usage</arg> + <arg choice="opt">-d|--debuglevel=DEBUGLEVEL</arg> + <arg choice="opt">--debug-stdout</arg> + <arg choice="opt">-s|--configfile=CONFIGFILE</arg> + <arg choice="opt">--option=name=value</arg> + <arg choice="opt">-l|--log-basename=LOGFILEBASE</arg> + <arg choice="opt">--leak-report</arg> + <arg choice="opt">--leak-report-full</arg> + <arg choice="opt">-R|--name-resolve=NAME-RESOLVE-ORDER</arg> + <arg choice="opt">-O|--socket-options=SOCKETOPTIONS</arg> + <arg choice="opt">-m|--max-protocol=MAXPROTOCOL</arg> + <arg choice="opt">-n|--netbiosname=NETBIOSNAME</arg> + <arg choice="opt">--netbios-scope=SCOPE</arg> + <arg choice="opt">-W|--workgroup=WORKGROUP</arg> + <arg choice="opt">--realm=REALM</arg> + <arg choice="opt">-U|--user=[DOMAIN/]USERNAME%[PASSWORD]</arg> + <arg choice="opt">-N|--no-pass</arg> + <arg choice="opt">--password=STRING</arg> + <arg choice="opt">--pw-nt-hash</arg> + <arg choice="opt">-A|--authentication-file=FILE</arg> + <arg choice="opt">-P|--machine-pass</arg> + <arg choice="opt">--simple-bind-dn=DN</arg> + <arg choice="opt">--use-kerberos=desired|required|off</arg> + <arg choice="opt">--use-krb5-ccache=CCACHE</arg> + <arg choice="opt">--use-winbind-ccache</arg> + <arg choice="opt">--client-protection=sign|encrypt|off</arg> + <arg choice="opt">-V|--version</arg> <arg choice="req">smb://host/share/path/to/file</arg> <arg choice="opt">smb://url2/</arg> <arg choice="opt">...</arg> @@ -50,7 +71,7 @@ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> <manvolnum>7</manvolnum></citerefentry> suite.</para> - <para>smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line. + <para>smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line. </para> <para> @@ -73,30 +94,10 @@ </varlistentry> <varlistentry> - <term>-R, --recursive</term> + <term>--recursive</term> <listitem><para>Recursively download files</para></listitem> </varlistentry> - <varlistentry> - <term> -U, --user=<replaceable>username[%password]</replaceable></term> - <listitem><para>Username (and password) to use</para></listitem> - </varlistentry> - - <varlistentry> - <term>-w, --workgroup=STRING</term> - <listitem><para>Workgroup to use (optional)</para></listitem> - </varlistentry> - - <varlistentry> - <term>-n, --nonprompt</term> - <listitem><para>Don't ask anything (non-interactive)</para></listitem> - </varlistentry> - - <varlistentry> - <term>-d, --debuglevel=INT</term> - <listitem><para>Debuglevel to use</para></listitem> - </varlistentry> - <varlistentry> <term>-D, --dots</term> <listitem><para>Show dots as progress indication</para></listitem> @@ -108,15 +109,10 @@ </varlistentry> <varlistentry> - <term>-O, --stdout</term> + <term>--stdout</term> <listitem><para>Write the file that is being downloaded to standard output.</para></listitem> </varlistentry> - <varlistentry> - <term>-f, --rcfile</term> - <listitem><para>Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overridden by the contents of the rcfile.</para></listitem> - </varlistentry> - <varlistentry> <term>-q, --quiet</term> <listitem><para>Be quiet</para></listitem> @@ -132,16 +128,6 @@ <listitem><para>Number of bytes to download in a block. Defaults to 64000.</para></listitem> </varlistentry> - <varlistentry> - <term>-?, --help</term> - <listitem><para>Show help message</para></listitem> - </varlistentry> - - <varlistentry> - <term>--usage</term> - <listitem><para>Display brief usage message</para></listitem> - </varlistentry> - <varlistentry> <term>-u, --update</term> <listitem><para>Download only when remote file is newer than local file or local file is missing.</para></listitem> @@ -157,6 +143,10 @@ <listitem><para>Limit download rate by this many KB/s.</para></listitem> </varlistentry> + &popt.autohelp; + &cmdline.common.samba.client; + &cmdline.common.connection; -- Samba Shared Repository