Attachment 16734 Details for Bug 14793 – Patch for v4-13-test (only covers smbclient)

[patch] Patch for v4-13-test (only covers smbclient)

tmp413.diff.txt (text/plain), 3.20 KB, created by Stefan Metzmacher on 2021-08-13 09:05:42 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Metzmacher

Created: 2021-08-13 09:05:42 UTC

Size: 3.20 KB

patch

obsolete

>From 991adcf769059aea7674be3e9521b29e8294aff6 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Wed, 11 Aug 2021 14:33:24 +0200
>Subject: [PATCH] s3:libsmb: start encryption as soon as possible after the
> session setup
>
>For the SMB1 UNIX CIFS extensions we create a temporary IPC$ tcon,
>if there's no tcon yet.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>(similar to commit 21302649c46441ea325c66457294225ddb1d6235)
>---
> source3/libsmb/clidfs.c | 44 +++++++++++++++++++++++++++++++----------
> 1 file changed, 34 insertions(+), 10 deletions(-)
>
>diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
>index 3cc52cc5ac9f..2a2509870e3a 100644
>--- a/source3/libsmb/clidfs.c
>+++ b/source3/libsmb/clidfs.c
>@@ -50,6 +50,7 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
> 	uint16_t major, minor;
> 	uint32_t caplow, caphigh;
> 	NTSTATUS status;
>+	bool temp_ipc = false;
> 
> 	if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
> 		status = smb2cli_session_encryption_on(c->smb2.session);
>@@ -72,12 +73,26 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
> 		return NT_STATUS_NOT_SUPPORTED;
> 	}
> 
>+	if (c->smb1.tcon == NULL) {
>+		status = cli_tree_connect_creds(c, "IPC$", "IPC", creds);
>+		if (!NT_STATUS_IS_OK(status)) {
>+			d_printf("Encryption required and "
>+				"can't connect to IPC$ to check "
>+				"UNIX CIFS extensions.\n");
>+			return NT_STATUS_UNKNOWN_REVISION;
>+		}
>+		temp_ipc = true;
>+	}
>+
> 	status = cli_unix_extensions_version(c, &major, &minor, &caplow,
> 					     &caphigh);
> 	if (!NT_STATUS_IS_OK(status)) {
> 		d_printf("Encryption required and "
> 			"can't get UNIX CIFS extensions "
> 			"version from server.\n");
>+		if (temp_ipc) {
>+			cli_tdis(c);
>+		}
> 		return NT_STATUS_UNKNOWN_REVISION;
> 	}
> 
>@@ -85,6 +100,9 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
> 		d_printf("Encryption required and "
> 			"share %s doesn't support "
> 			"encryption.\n", sharename);
>+		if (temp_ipc) {
>+			cli_tdis(c);
>+		}
> 		return NT_STATUS_UNSUPPORTED_COMPRESSION;
> 	}
> 
>@@ -93,9 +111,15 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
> 		d_printf("Encryption required and "
> 			"setup failed with error %s.\n",
> 			nt_errstr(status));
>+		if (temp_ipc) {
>+			cli_tdis(c);
>+		}
> 		return status;
> 	}
> 
>+	if (temp_ipc) {
>+		cli_tdis(c);
>+	}
> 	return NT_STATUS_OK;
> }
> 
>@@ -221,6 +245,16 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
> 
> 	DEBUG(4,(" session setup ok\n"));
> 
>+	if (force_encrypt) {
>+		status = cli_cm_force_encryption_creds(c,
>+						       creds,
>+						       sharename);
>+		if (!NT_STATUS_IS_OK(status)) {
>+			cli_shutdown(c);
>+			return status;
>+		}
>+	}
>+
> 	/* here's the fun part....to support 'msdfs proxy' shares
> 	   (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
> 	   here before trying to connect to the original share.
>@@ -246,16 +280,6 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
> 		return status;
> 	}
> 
>-	if (force_encrypt) {
>-		status = cli_cm_force_encryption_creds(c,
>-						       creds,
>-						       sharename);
>-		if (!NT_STATUS_IS_OK(status)) {
>-			cli_shutdown(c);
>-			return status;
>-		}
>-	}
>-
> 	DEBUG(4,(" tconx ok\n"));
> 	*pcli = c;
> 	return NT_STATUS_OK;
>-- 
>2.25.1
>

Flags:

jra: review+

Actions: View

Attachments on bug 14793: 16732 | 16733 | 16734