/* Attempt connection */
*retry = True;
result = cli_full_connection(cli, global_myname(), dc_name, &dc_ip, 0,
- "IPC$", "IPC", "", "", "", 0, retry);
+ "IPC$", "IPC", "", "", "", 0, Undefined, retry);
if (!NT_STATUS_IS_OK(result)) {
/* map to something more useful */
c->protocol = max_protocol;
c->use_kerberos = use_kerberos;
+ cli_setup_signing_state(c, cmdline_auth_info.signing_state);
+
if (!cli_session_request(c, &calling, &called)) {
char *p;
get_myname(myname);
nt_status = cli_full_connection(&c, myname, server, NULL, 0, share, "?????",
- username, workgroup, password, 0, NULL);
+ username, workgroup, password, 0, Undefined, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
fprintf(stderr, "ERROR: Connection failed with error %s\n", nt_errstr(nt_status));
pstring password;
BOOL got_pass;
BOOL use_kerberos;
+ int signing_state;
};
extern struct user_auth_info cmdline_auth_info;
#define SMB_PORT2 139
#define SMB_PORTS "445 139"
+#define Undefined (-1)
#define False (0)
#define True (1)
#define Auto (2)
* -A,--authentication-file
* -k,--use-kerberos
* -N,--no-pass
+ * -S,--signing
*/
static void popt_common_credentials_callback(poptContext con,
- enum poptCallbackReason reason,
- const struct poptOption *opt,
- const char *arg, const void *data)
+ enum poptCallbackReason reason,
+ const struct poptOption *opt,
+ const char *arg, const void *data)
{
char *p;
if (reason == POPT_CALLBACK_REASON_PRE) {
cmdline_auth_info.use_kerberos = False;
cmdline_auth_info.got_pass = False;
+ cmdline_auth_info.signing_state = Undefined;
pstrcpy(cmdline_auth_info.username, "GUEST");
if (getenv("LOGNAME"))pstrcpy(cmdline_auth_info.username,getenv("LOGNAME"));
cmdline_auth_info.got_pass = True;
#endif
break;
+
+ case 'S':
+ {
+ cmdline_auth_info.signing_state = -1;
+ if (strequal(arg, "off") || strequal(arg, "no") || strequal(arg, "false"))
+ cmdline_auth_info.signing_state = False;
+ else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true"))
+ cmdline_auth_info.signing_state = True;
+ else if (strequal(arg, "force") || strequal(arg, "required") || strequal(arg, "forced"))
+ cmdline_auth_info.signing_state = Required;
+ else {
+ fprintf(stderr, "Unknown signing option %s\n", arg );
+ exit(1);
+ }
+ }
+ break;
}
}
{ "no-pass", 'N', POPT_ARG_NONE, &cmdline_auth_info.got_pass, 0, "Don't ask for a password" },
{ "kerberos", 'k', POPT_ARG_NONE, &cmdline_auth_info.use_kerberos, 'k', "Use kerberos (active directory) authentication" },
{ "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
+ { "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" },
POPT_TABLEEND
};
cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot;
- if ((cli->protocol < PROTOCOL_NT1) && (lp_client_signing() == Required)) {
+ if ((cli->protocol < PROTOCOL_NT1) && cli->sign_info.mandatory_signing) {
DEBUG(1,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
return False;
}
if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED)) {
/* Fail if signing is mandatory and we don't want to support it. */
- if (!lp_client_signing()) {
+ if (!cli->sign_info.allow_smb_signing) {
DEBUG(1,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
return False;
}
const char *service, const char *service_type,
const char *user, const char *domain,
const char *password, int flags,
+ int signing_state,
BOOL *retry)
{
struct ntuser_creds creds;
return NT_STATUS_UNSUCCESSFUL;
}
+ cli_setup_signing_state(cli, signing_state);
+
if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
cli->use_spnego = False;
else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
nt_status = cli_full_connection(&cli, myname, server, server_ip, 0, "IPC$", "IPC",
user_info->username, lp_workgroup(), user_info->password,
- CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK, NULL);
+ CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK, Undefined, NULL);
if (NT_STATUS_IS_OK(nt_status)) {
return cli;
cli->user_name, cli->domain));
}
+/****************************************************************************
+ Set the signing state (used from the command line).
+****************************************************************************/
+
+void cli_setup_signing_state(struct cli_state *cli, int signing_state)
+{
+ if (signing_state == Undefined)
+ return;
+
+ if (signing_state == False) {
+ cli->sign_info.allow_smb_signing = False;
+ cli->sign_info.mandatory_signing = False;
+ return;
+ }
+
+ cli->sign_info.allow_smb_signing = True;
+
+ if (signing_state == Required)
+ cli->sign_info.mandatory_signing = True;
+}
+
/****************************************************************************
Initialise a client structure.
****************************************************************************/
/* setup the anonymous connection */
result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC",
- "", "", "", 0, &retry);
+ "", "", "", 0, Undefined, &retry);
if ( !NT_STATUS_IS_OK(result) )
goto done;
result = cli_full_connection(&new_conn->cli, global_myname(), new_conn->controller,
&dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain,
- ipc_password, CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK, &retry);
+ ipc_password, CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK,
+ Undefined, &retry);
secrets_named_mutex_release(new_conn->controller);
result = cli_full_connection(
&cli, NULL, server, NULL, 0, "IPC$", "IPC",
- username, domain, password, 0, NULL);
+ username, domain, password, 0, Undefined, NULL);
if (!NT_STATUS_IS_OK(result)) {
*errstr = strdup("error connecting to IPC$ pipe");
opt_ipaddr ? &server_ip : NULL, 0,
"IPC$", "IPC",
cmdline_auth_info.username, lp_workgroup(),
- cmdline_auth_info.password, 0, NULL);
+ cmdline_auth_info.password, 0,
+ cmdline_auth_info.signing_state,NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
NULL, 0,
"IPC$", "IPC",
"", "",
- "", 0, NULL)))
+ "", 0, Undefined, NULL)))
{
DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine));
nt_status = NT_STATUS_UNSUCCESSFUL;
nt_status = cli_full_connection(&c, myname, server_n, NULL, 0, share, "?????",
username, lp_workgroup(), password, 0,
- NULL);
+ Undefined, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("cli_full_connection failed with error %s\n", nt_errstr(nt_status)));
host, NULL, port_to_use,
share, "?????",
username, workgroup,
- password, flags, &retry);
+ password, flags, Undefined, &retry);
if (!NT_STATUS_IS_OK(status)) {
return False;
}
host, NULL, port_to_use,
NULL, NULL,
username, workgroup,
- password, flags, &retry);
+ password, flags, Undefined, &retry);
if (!NT_STATUS_IS_OK(status)) {
printf("could not open connection\n");
server_ip, opt_port,
"IPC$", "IPC",
opt_user_name, opt_workgroup,
- opt_password, 0, NULL);
+ opt_password, 0, Undefined, NULL);
if (NT_STATUS_IS_OK(nt_status)) {
return nt_status;
server_ip, opt_port,
"IPC$", "IPC",
"", "",
- "", 0, NULL);
+ "", 0, Undefined, NULL);
if (NT_STATUS_IS_OK(nt_status)) {
return nt_status;
opt_user_name, opt_workgroup,
opt_password ? opt_password : "",
CLI_FULL_CONNECTION_USE_KERBEROS,
- NULL);
+ Undefined, NULL);
if (NT_STATUS_IS_ERR(nt_status)) {
d_printf("Unable to open a connnection to %s to obtain data "
&ip, 0,
share, "?????",
cmdline_auth_info.username, lp_workgroup(),
- cmdline_auth_info.password, 0, NULL))) {
+ cmdline_auth_info.password, 0,
+ cmdline_auth_info.signing_state, NULL))) {
return c;
} else {
DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));
&ip, 0,
share, "?????",
cmdline_auth_info.username, lp_workgroup(),
- cmdline_auth_info.password, 0, NULL))) {
+ cmdline_auth_info.password, 0,
+ cmdline_auth_info.signing_state, NULL))) {
return c;
} else {
DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));