Attachment #102810 for bug #215645

View | Details | Raw Unified | Return to bug 215645
Collapse All | Expand All

Lines 226-232 Link Here

(-)python/py_common.c (-1 / +1 lines)
226		226
227	result = cli_full_connection(	227	result = cli_full_connection(
228	&cli, NULL, server, NULL, 0, "IPC$", "IPC",	228	&cli, NULL, server, NULL, 0, "IPC$", "IPC",
229	username, domain, password, 0, Undefined, NULL);	229	username, domain, password, 0, Undefined, 0, NULL);
230		230
231	if (!NT_STATUS_IS_OK(result)) {	231	if (!NT_STATUS_IS_OK(result)) {
232	*errstr = SMB_STRDUP("error connecting to IPC$ pipe");	232	*errstr = SMB_STRDUP("error connecting to IPC$ pipe");

Lines 800-806 Link Here

(-)rpcclient/rpcclient.c (-1 / +1 lines)
800	lp_workgroup(),	800	lp_workgroup(),
801	cmdline_auth_info.password,	801	cmdline_auth_info.password,
802	cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,	802	cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
803	cmdline_auth_info.signing_state,NULL);	803	cmdline_auth_info.signing_state, 0, NULL);
804		804
805	if (!NT_STATUS_IS_OK(nt_status)) {	805	if (!NT_STATUS_IS_OK(nt_status)) {
806	DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));	806	DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));

Lines 2631-2637 Link Here

(-)rpcclient/cmd_spoolss.c (-1 / +1 lines)
2631	lp_workgroup(),	2631	lp_workgroup(),
2632	cmdline_auth_info.password,	2632	cmdline_auth_info.password,
2633	cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,	2633	cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
2634	cmdline_auth_info.signing_state, NULL);	2634	cmdline_auth_info.signing_state, 0, NULL);
2635		2635
2636	if ( !NT_STATUS_IS_OK(nt_status) )	2636	if ( !NT_STATUS_IS_OK(nt_status) )
2637	return WERR_GENERAL_FAILURE;	2637	return WERR_GENERAL_FAILURE;

Lines 61-67 Link Here

(-)smbd/change_trust_pw.c (-1 / +1 lines)
61	NULL, 0,	61	NULL, 0,
62	"IPC$", "IPC",	62	"IPC$", "IPC",
63	"", "",	63	"", "",
64	"", 0, Undefined, NULL))) {	64	"", 0, Undefined, 0, NULL))) {
65	DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name));	65	DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name));
66	nt_status = NT_STATUS_UNSUCCESSFUL;	66	nt_status = NT_STATUS_UNSUCCESSFUL;
67	goto failed;	67	goto failed;

Lines 75-81 Link Here

(-)auth/auth_domain.c (-1 / +1 lines)
75	/* Attempt connection */	75	/* Attempt connection */
76	*retry = True;	76	*retry = True;
77	result = cli_full_connection(cli, global_myname(), dc_name, &dc_ip, 0,	77	result = cli_full_connection(cli, global_myname(), dc_name, &dc_ip, 0,
78	"IPC$", "IPC", "", "", "", 0, Undefined, retry);	78	"IPC$", "IPC", "", "", "", 0, Undefined, 0, retry);
79		79
80	if (!NT_STATUS_IS_OK(result)) {	80	if (!NT_STATUS_IS_OK(result)) {
81	/* map to something more useful */	81	/* map to something more useful */

Lines 169-175 Link Here

(-)libsmb/trusts_util.c (-1 / +1 lines)
169	/* setup the anonymous connection */	172	/* setup the anonymous connection */
170		173
171	result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC",	174	result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC",
172	"", "", "", 0, Undefined, &retry);	175	"", "", "", 0, Undefined, 0, &retry);
173	if ( !NT_STATUS_IS_OK(result) )	176	if ( !NT_STATUS_IS_OK(result) )
174	goto done;	177	goto done;
175		178

Lines 954-960 Link Here

(-)libsmb/libsmbclient.c (-1 / +1 lines)
954	&ip, 0, "IPC$", "?????",	957	&ip, 0, "IPC$", "?????",
955	username, workgroup,	958	username, workgroup,
956	password, 0,	959	password, 0,
957	Undefined, NULL);	960	Undefined, 0, NULL);
958	if (! NT_STATUS_IS_OK(nt_status)) {	961	if (! NT_STATUS_IS_OK(nt_status)) {
959	DEBUG(1,("cli_full_connection failed! (%s)\n",	962	DEBUG(1,("cli_full_connection failed! (%s)\n",
960	nt_errstr(nt_status)));	963	nt_errstr(nt_status)));




	cli->user_session_key = data_blob(session_key.data, session_key.length);
}

/**
 * Adjust clock_skew using kerberos libraries for a kerberized session setup
 * @param cli The cli structure to add it to
 * @param time_diff The current clock_skew
 *
 */

static void cli_set_time_diff(struct cli_state *cli, const time_t time_diff) 
{
	cli->clockskew = time_diff;
}

/****************************************************************************
 Do an old lanman2 style session setup.
****************************************************************************/

	DEBUG(2,("Doing kerberos session setup\n"));

	/* generate the encapsulated kerberos5 ticket */
	rc = spnego_gen_negTokenTarg(principal, cli->clockskew, &negTokenTarg, &session_key_krb5, 0);

	if (rc) {
		DEBUG(1, ("spnego_gen_negTokenTarg failed: %s\n", error_message(rc)));


		if (pass && *pass) {
			int ret;

			/* gd: here we need a krb5 conf prepared as the kinit expects one... - 
			  breaks krb5 connects to remote domains */

			use_in_memory_ccache();
			ret = kerberos_kinit_password(user, pass, cli->clockskew, NULL);
			
			if (ret){
				SAFE_FREE(principal);

			     const char *service, const char *service_type,
			     const char *user, const char *domain, 
			     const char *password, int flags,
			     int signing_state, time_t time_diff,
			     BOOL *retry) 
{
	NTSTATUS nt_status;

		return nt_status;
	}

	cli_set_time_diff(cli, time_diff);

	nt_status = cli_session_setup(cli, user, password, pw_len, password,
				      pw_len, domain);
	if (!NT_STATUS_IS_OK(nt_status)) {

	
	nt_status = cli_full_connection(&cli, myname, server, server_ip, 0, "IPC$", "IPC", 
					user_info->username, lp_workgroup(), user_info->password, 
					CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK, Undefined, 0, NULL);

	if (NT_STATUS_IS_OK(nt_status)) {
		return cli;


	return NULL;
}


Lines 2534-2540 Link Here

(-)rpc_server/srv_spoolss_nt.c (-1 / +1 lines)
2534	"", /* username */	2534	"", /* username */
2535	"", /* domain */	2535	"", /* domain */
2536	"", /* password */	2536	"", /* password */
2537	0, lp_client_signing(), NULL );	2537	0, lp_client_signing(), 0, NULL );
2538		2538
2539	if ( !NT_STATUS_IS_OK( ret ) ) {	2539	if ( !NT_STATUS_IS_OK( ret ) ) {
2540	DEBUG(2,("spoolss_connect_to_client: connection to [%s] failed!\n",	2540	DEBUG(2,("spoolss_connect_to_client: connection to [%s] failed!\n",

Lines 226-232 Link Here

(-)sam/idmap_rid.c (-1 / +1 lines)
226	username,	226	username,
227	lp_workgroup(),	227	lp_workgroup(),
228	password,	228	password,
229	CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK, True, NULL);	229	CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK, True, 0, NULL);
230		230
231	if (!NT_STATUS_IS_OK(status)) {	231	if (!NT_STATUS_IS_OK(status)) {
232	DEBUG(1, ("rid_idmap_get_domains: could not setup connection to dc\n"));	232	DEBUG(1, ("rid_idmap_get_domains: could not setup connection to dc\n"));

Lines 134-139 Link Here

(-)include/client.h (+1 lines)
134	uint32 sesskey;	134	uint32 sesskey;
135	int serverzone;	135	int serverzone;
136	uint32 servertime;	136	uint32 servertime;
		137	time_t clockskew;
137	int readbraw_supported;	138	int readbraw_supported;
138	int writebraw_supported;	139	int writebraw_supported;
139	int timeout; /* in milliseconds. */	140	int timeout; /* in milliseconds. */

Lines 103-108 Link Here

(-)utils/netlookup.c (+1 lines)
103	#endif	103	#endif
104	0,	104	0,
105	Undefined,	105	Undefined,
		106	0,
106	NULL);	107	NULL);
107		108
108	if (!NT_STATUS_IS_OK(nt_status)) {	109	if (!NT_STATUS_IS_OK(nt_status)) {

Lines 376-382 Link Here

(-)utils/smbcquotas.c (-1 / +1 lines)
376	share, "?????",	376	share, "?????",
377	cmdline_auth_info.username, lp_workgroup(),	377	cmdline_auth_info.username, lp_workgroup(),
378	cmdline_auth_info.password, 0,	378	cmdline_auth_info.password, 0,
379	cmdline_auth_info.signing_state, NULL))) {	379	cmdline_auth_info.signing_state, 0, NULL))) {
380	return c;	380	return c;
381	} else {	381	} else {
382	DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));	382	DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));

Lines 789-795 Link Here

(-)utils/smbcacls.c (-1 / +1 lines)
789	share, "?????",	789	share, "?????",
790	cmdline_auth_info.username, lp_workgroup(),	790	cmdline_auth_info.username, lp_workgroup(),
791	cmdline_auth_info.password, 0,	791	cmdline_auth_info.password, 0,
792	cmdline_auth_info.signing_state, NULL))) {	792	cmdline_auth_info.signing_state, 0, NULL))) {
793	return c;	793	return c;
794	} else {	794	} else {
795	DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));	795	DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));

Lines 1700-1706 Link Here

(-)utils/net_ads.c (-1 / +1 lines)
1700	opt_user_name, opt_workgroup,	1700	opt_user_name, opt_workgroup,
1701	opt_password ? opt_password : "",	1701	opt_password ? opt_password : "",
1702	CLI_FULL_CONNECTION_USE_KERBEROS,	1702	CLI_FULL_CONNECTION_USE_KERBEROS,
1703	Undefined, NULL);	1703	Undefined, ads->auth.time_offset, NULL);
1704		1704
1705	if (NT_STATUS_IS_ERR(nt_status)) {	1705	if (NT_STATUS_IS_ERR(nt_status)) {
1706	d_fprintf(stderr, "Unable to open a connnection to %s to obtain data "	1706	d_fprintf(stderr, "Unable to open a connnection to %s to obtain data "




					server_ip, opt_port,
					service_name, service_type,  
					opt_user_name, opt_workgroup,
					opt_password, 0, Undefined, 0, NULL);
	
	if (NT_STATUS_IS_OK(nt_status)) {
		return nt_status;

					server_ip, opt_port,
					"IPC$", "IPC",  
					"", "",
					"", 0, Undefined, 0, NULL);
	
	if (NT_STATUS_IS_OK(nt_status)) {
		return nt_status;

					"IPC$", "IPC",  
					opt_user_name, opt_workgroup,
					opt_password, CLI_FULL_CONNECTION_USE_KERBEROS, 
					Undefined, 0, NULL);
	
	if (NT_STATUS_IS_OK(nt_status)) {
		return nt_status;

Lines 222-228 Link Here

(-)torture/torture.c (-2 / +2 lines)
222	hostname, NULL, port_to_use,	222	hostname, NULL, port_to_use,
223	sharename, "?????",	223	sharename, "?????",
224	username, workgroup,	224	username, workgroup,
225	password, flags, Undefined, &retry);	225	password, flags, Undefined, 0, &retry);
226	if (!NT_STATUS_IS_OK(status)) {	226	if (!NT_STATUS_IS_OK(status)) {
227	printf("failed to open share connection: //%s/%s port:%d - %s\n",	227	printf("failed to open share connection: //%s/%s port:%d - %s\n",
228	hostname, sharename, port_to_use, nt_errstr(status));	228	hostname, sharename, port_to_use, nt_errstr(status));
Lines 1240-1246 Link Here
1240	host, NULL, port_to_use,	1240	host, NULL, port_to_use,
1241	NULL, NULL,	1241	NULL, NULL,
1242	username, workgroup,	1242	username, workgroup,
1243	password, flags, Undefined, &retry);	1243	password, flags, Undefined, 0, &retry);
1244		1244
1245	if (!NT_STATUS_IS_OK(status)) {	1245	if (!NT_STATUS_IS_OK(status)) {
1246	printf("could not open connection\n");	1246	printf("could not open connection\n");

Lines 176-182 Link Here

(-)torture/locktest2.c (-1 / +1 lines)
176		176
177	nt_status = cli_full_connection(&c, myname, server_n, NULL, 0, share, "?????",	177	nt_status = cli_full_connection(&c, myname, server_n, NULL, 0, share, "?????",
178	username, lp_workgroup(), password, 0,	178	username, lp_workgroup(), password, 0,
179	Undefined, NULL);	179	Undefined, 0, NULL);
180		180
181	if (!NT_STATUS_IS_OK(nt_status)) {	181	if (!NT_STATUS_IS_OK(nt_status)) {
182	DEBUG(0, ("cli_full_connection failed with error %s\n", nt_errstr(nt_status)));	182	DEBUG(0, ("cli_full_connection failed with error %s\n", nt_errstr(nt_status)));

Lines 568-574 Link Here

(-)libgpo/gpo_util.c (-1 / +1 lines)
568	share, "A:",	568	share, "A:",
569	ads->auth.user_name, NULL, ads->auth.password,	569	ads->auth.user_name, NULL, ads->auth.password,
570	CLI_FULL_CONNECTION_USE_KERBEROS,	570	CLI_FULL_CONNECTION_USE_KERBEROS,
571	Undefined, NULL);	571	Undefined, ads->auth.time_offset, NULL);
572	if (!NT_STATUS_IS_OK(result)) {	572	if (!NT_STATUS_IS_OK(result)) {
573	DEBUG(10,("check_refresh_gpo: failed to connect: %s\n", nt_errstr(result)));	573	DEBUG(10,("check_refresh_gpo: failed to connect: %s\n", nt_errstr(result)));
574	goto out;	574	goto out;

Return to bug 215645

Lines 51-56 Link Here

(-)libsmb/cliconnect.c (-5 / +23 lines)
51	cli->user_session_key = data_blob(session_key.data, session_key.length);	54	cli->user_session_key = data_blob(session_key.data, session_key.length);
52	}	55	}
53		56
		57	/**
		58	* Adjust clock_skew using kerberos libraries for a kerberized session setup
		59	* @param cli The cli structure to add it to
		60	* @param time_diff The current clock_skew
		61	*
		62	*/
		63
		64	static void cli_set_time_diff(struct cli_state *cli, const time_t time_diff)
		65	{
		66	cli->clockskew = time_diff;
		67	}
		68
54	/****************************************************************************	69	/****************************************************************************
55	Do an old lanman2 style session setup.	70	Do an old lanman2 style session setup.
56	****************************************************************************/	71	****************************************************************************/
Lines 553-559 Link Here
553	DEBUG(2,("Doing kerberos session setup\n"));	568	DEBUG(2,("Doing kerberos session setup\n"));
554		569
555	/* generate the encapsulated kerberos5 ticket */	570	/* generate the encapsulated kerberos5 ticket */
556	rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5, 0);	571	rc = spnego_gen_negTokenTarg(principal, cli->clockskew, &negTokenTarg, &session_key_krb5, 0);
557		572
558	if (rc) {	573	if (rc) {
559	DEBUG(1, ("spnego_gen_negTokenTarg failed: %s\n", error_message(rc)));	574	DEBUG(1, ("spnego_gen_negTokenTarg failed: %s\n", error_message(rc)));
Lines 775-783 Link Here
775		790
776	if (pass && *pass) {	791	if (pass && *pass) {
777	int ret;	792	int ret;
778		793
		794	/* gd: here we need a krb5 conf prepared as the kinit expects one... -
		795	breaks krb5 connects to remote domains */
		796
779	use_in_memory_ccache();	797	use_in_memory_ccache();
780	ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);	798	ret = kerberos_kinit_password(user, pass, cli->clockskew, NULL);
781		799
782	if (ret){	800	if (ret){
783	SAFE_FREE(principal);	801	SAFE_FREE(principal);
Lines 1506-1512 Link Here
1506	const char service, const char service_type,	1524	const char service, const char service_type,
1507	const char user, const char domain,	1525	const char user, const char domain,
1508	const char *password, int flags,	1526	const char *password, int flags,
1509	int signing_state,	1527	int signing_state, time_t time_diff,
1510	BOOL *retry)	1528	BOOL *retry)
1511	{	1529	{
1512	NTSTATUS nt_status;	1530	NTSTATUS nt_status;
Lines 1526-1531 Link Here
1526	return nt_status;	1544	return nt_status;
1527	}	1545	}
1528		1546
		1547	cli_set_time_diff(cli, time_diff);
		1548
1529	nt_status = cli_session_setup(cli, user, password, pw_len, password,	1549	nt_status = cli_session_setup(cli, user, password, pw_len, password,
1530	pw_len, domain);	1550	pw_len, domain);
1531	if (!NT_STATUS_IS_OK(nt_status)) {	1551	if (!NT_STATUS_IS_OK(nt_status)) {
Lines 1688-1694 Link Here
1688		1708
1689	nt_status = cli_full_connection(&cli, myname, server, server_ip, 0, "IPC$", "IPC",	1709	nt_status = cli_full_connection(&cli, myname, server, server_ip, 0, "IPC$", "IPC",
1690	user_info->username, lp_workgroup(), user_info->password,	1710	user_info->username, lp_workgroup(), user_info->password,
1691	CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK, Undefined, NULL);	1711	CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK, Undefined, 0, NULL);
1692		1712
1693	if (NT_STATUS_IS_OK(nt_status)) {	1713	if (NT_STATUS_IS_OK(nt_status)) {
1694	return cli;	1714	return cli;
Lines 1791-1793 Link Here
1791		1811
1792	return NULL;	1812	return NULL;
1793	}	1813	}
		1814

Lines 178-184 Link Here

(-)utils/net.c (-3 / +3 lines)
178	server_ip, opt_port,	178	server_ip, opt_port,
179	service_name, service_type,	179	service_name, service_type,
180	opt_user_name, opt_workgroup,	180	opt_user_name, opt_workgroup,
181	opt_password, 0, Undefined, NULL);	181	opt_password, 0, Undefined, 0, NULL);
182		182
183	if (NT_STATUS_IS_OK(nt_status)) {	183	if (NT_STATUS_IS_OK(nt_status)) {
184	return nt_status;	184	return nt_status;
Lines 225-231 Link Here
225	server_ip, opt_port,	225	server_ip, opt_port,
226	"IPC$", "IPC",	226	"IPC$", "IPC",
227	"", "",	227	"", "",
228	"", 0, Undefined, NULL);	228	"", 0, Undefined, 0, NULL);
229		229
230	if (NT_STATUS_IS_OK(nt_status)) {	230	if (NT_STATUS_IS_OK(nt_status)) {
231	return nt_status;	231	return nt_status;
Lines 248-254 Link Here
248	"IPC$", "IPC",	248	"IPC$", "IPC",
249	opt_user_name, opt_workgroup,	249	opt_user_name, opt_workgroup,
250	opt_password, CLI_FULL_CONNECTION_USE_KERBEROS,	250	opt_password, CLI_FULL_CONNECTION_USE_KERBEROS,
251	Undefined, NULL);	251	Undefined, 0, NULL);
252		252
253	if (NT_STATUS_IS_OK(nt_status)) {	253	if (NT_STATUS_IS_OK(nt_status)) {
254	return nt_status;	254	return nt_status;