From 86ec42a062e19e4290ed8ecb02059b00893dbc87 Mon Sep 17 00:00:00 2001 From: David Disseldorp Date: Fri, 16 Jan 2015 16:21:23 +0100 Subject: [PATCH 1/2] libsmb: provide authinfo domain for DFS referral auth libsmbclient uses the smbc_init->smbc_get_auth_data_fn() provided workgroup/domain in initial connections, but then switches to the default smb.conf workgroup/domain when handling DFS referrals. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11059 Signed-off-by: David Disseldorp Reviewed-by: Jeremy Allison (cherry picked from commit 6c9de0cd056afc0b478c02f1bdb0e06532388037) [ddiss@samba.org: 4.1 rebase with cli_init_creds() call] --- source3/libsmb/clidfs.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 840084f..574000a 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -111,6 +111,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, char *newserver, *newshare; const char *username; const char *password; + const char *domain; NTSTATUS status; int flags = 0; @@ -184,11 +185,15 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, username = get_cmdline_auth_info_username(auth_info); password = get_cmdline_auth_info_password(auth_info); + domain = get_cmdline_auth_info_domain(auth_info); + if ((domain == NULL) || (domain[0] == '\0')) { + domain = lp_workgroup(); + } status = cli_session_setup(c, username, password, strlen(password), password, strlen(password), - lp_workgroup()); + domain); if (!NT_STATUS_IS_OK(status)) { /* If a password was not supplied then * try again with a null username. */ @@ -209,7 +214,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, d_printf("Anonymous login successful\n"); status = cli_init_creds(c, "", lp_workgroup(), ""); } else { - status = cli_init_creds(c, username, lp_workgroup(), password); + status = cli_init_creds(c, username, domain, password); } if (!NT_STATUS_IS_OK(status)) { @@ -240,7 +245,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, force_encrypt, username, password, - lp_workgroup())) { + domain)) { cli_shutdown(c); return do_connect(ctx, newserver, newshare, auth_info, false, @@ -262,7 +267,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, status = cli_cm_force_encryption(c, username, password, - lp_workgroup(), + domain, sharename); if (!NT_STATUS_IS_OK(status)) { cli_shutdown(c); -- 2.1.2 From 71ff8aa547008a4fa9a7cae6df3e66e79b06c15f Mon Sep 17 00:00:00 2001 From: David Disseldorp Date: Mon, 19 Jan 2015 13:39:35 +0100 Subject: [PATCH 2/2] libsmb: provide authinfo domain for encrypted session referrals 6c9de0cd056afc0b478c02f1bdb0e06532388037 requires this extra change. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11059 Signed-off-by: David Disseldorp Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jan 21 04:29:06 CET 2015 on sn-devel-104 (cherry picked from commit 6da86012a2ca521efe0cf1bf05fcd04c3099b190) --- source3/libsmb/clidfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 574000a..c24afd1 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -1157,7 +1157,7 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, status = cli_cm_force_encryption(cli, username, password, - lp_workgroup(), + domain, "IPC$"); if (!NT_STATUS_IS_OK(status)) { return false; -- 2.1.2