/* The list of pipes currently open on this connection. */
struct rpc_pipe_client *pipe_list;
- bool use_kerberos;
- bool fallback_after_kerberos;
- bool use_ccache;
- bool pw_nt_hash;
-
bool use_oplocks; /* should we use oplocks? */
/* Where (if anywhere) this is mounted under DFS. */
};
#define CLI_FULL_CONNECTION_DONT_SPNEGO 0x0001
-#define CLI_FULL_CONNECTION_USE_KERBEROS 0x0002
#define CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK 0x0004
-#define CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS 0x0008
#define CLI_FULL_CONNECTION_OPLOCKS 0x0010
#define CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS 0x0020
-#define CLI_FULL_CONNECTION_USE_CCACHE 0x0040
#define CLI_FULL_CONNECTION_FORCE_DOS_ERRORS 0x0080
#define CLI_FULL_CONNECTION_FORCE_ASCII 0x0100
-#define CLI_FULL_CONNECTION_USE_NT_HASH 0x0200
#define CLI_FULL_CONNECTION_FORCE_SMB1 0x0400
#define CLI_FULL_CONNECTION_DISABLE_SMB1 0x0800
uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
bool use_spnego = false;
int flags = 0;
- enum credentials_use_kerberos krb5_state;
- uint32_t gensec_features;
const char *username = "";
const char *domain = "";
DATA_BLOB target_info = data_blob_null;
tevent_req_set_cleanup_fn(req, cli_session_setup_creds_cleanup);
- krb5_state = cli_credentials_get_kerberos_state(creds);
- gensec_features = cli_credentials_get_gensec_features(creds);
-
- switch (krb5_state) {
- case CRED_MUST_USE_KERBEROS:
- cli->use_kerberos = true;
- cli->fallback_after_kerberos = false;
- break;
- case CRED_AUTO_USE_KERBEROS:
- cli->use_kerberos = true;
- cli->fallback_after_kerberos = true;
- break;
- case CRED_DONT_USE_KERBEROS:
- cli->use_kerberos = false;
- cli->fallback_after_kerberos = false;
- break;
- }
-
- if (gensec_features & GENSEC_FEATURE_NTLM_CCACHE) {
- cli->use_ccache = true;
- } else {
- cli->use_ccache = false;
- }
-
/*
* Now work out what sort of session setup we are going to
* do. I have split this into separate functions to make the flow a bit
{
struct tevent_req *req, *subreq;
struct cli_full_connection_creds_state *state;
- enum credentials_use_kerberos krb5_state;
- uint32_t gensec_features = 0;
req = tevent_req_create(mem_ctx, &state,
struct cli_full_connection_creds_state);
}
talloc_set_destructor(state, cli_full_connection_creds_state_destructor);
- flags &= ~CLI_FULL_CONNECTION_USE_KERBEROS;
- flags &= ~CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
- flags &= ~CLI_FULL_CONNECTION_USE_CCACHE;
- flags &= ~CLI_FULL_CONNECTION_USE_NT_HASH;
-
- krb5_state = cli_credentials_get_kerberos_state(creds);
- switch (krb5_state) {
- case CRED_MUST_USE_KERBEROS:
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
- flags &= ~CLI_FULL_CONNECTION_DONT_SPNEGO;
- break;
- case CRED_AUTO_USE_KERBEROS:
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
- flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
- break;
- case CRED_DONT_USE_KERBEROS:
- break;
- }
-
- gensec_features = cli_credentials_get_gensec_features(creds);
- if (gensec_features & GENSEC_FEATURE_NTLM_CCACHE) {
- flags |= CLI_FULL_CONNECTION_USE_CCACHE;
- }
-
state->ev = ev;
state->service = service;
state->service_type = service_type;
return NT_STATUS_INVALID_PARAMETER;
}
- if (get_cmdline_auth_info_use_kerberos(auth_info)) {
- flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
- }
- if (get_cmdline_auth_info_fallback_after_kerberos(auth_info)) {
- flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
- }
- if (get_cmdline_auth_info_use_ccache(auth_info)) {
- flags |= CLI_FULL_CONNECTION_USE_CCACHE;
- }
- if (get_cmdline_auth_info_use_pw_nt_hash(auth_info)) {
- flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
- }
-
status = cli_connect_nb(
server, dest_ss, port, name_type, NULL,
signing_state,
if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) {
use_spnego = false;
- } else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
- cli->use_kerberos = true;
- }
- if ((flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) &&
- cli->use_kerberos) {
- cli->fallback_after_kerberos = true;
- }
-
- if (flags & CLI_FULL_CONNECTION_USE_CCACHE) {
- cli->use_ccache = true;
- }
-
- if (flags & CLI_FULL_CONNECTION_USE_NT_HASH) {
- cli->pw_nt_hash = true;
}
if (flags & CLI_FULL_CONNECTION_OPLOCKS) {