The branch, master has been updated via 080c1ca s3: Make --pw-nt-hash useable in smbclient via a40a566 s3: Add --pw-nt-hash to popt_common_credentials via 93e950c s3: Add cli_state->pw_nt_hash via 2be5ace s3: Add user_auth_info->use_pw_nt_hash via 93e0844 s3-libsmbclient: change vnum to 0.2.0 via 6c13a46 s3-libsmbclient: Add OptionUseNTHash via 4fb283e s3: Add CLI_FULL_CONNECTION_USE_NT_HASH via 3b63a67 S3: Add ntlmssp_set_password_hash via ae82192 s3-libsmbclient: Make SMBC_call_auth_fn static from 25216d7 s4:smbd: fix typos
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 080c1ca64b618a906a9246556d07e3a0573a6cc1 Author: Volker Lendecke <v...@samba.org> Date: Mon Jun 11 14:10:23 2012 +0200 s3: Make --pw-nt-hash useable in smbclient Signed-off-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Tue Jun 12 12:41:10 CEST 2012 on sn-devel-104 commit a40a566504ec76d8ca4829c9d690d8a353330250 Author: Volker Lendecke <v...@samba.org> Date: Mon Jun 11 14:03:16 2012 +0200 s3: Add --pw-nt-hash to popt_common_credentials Signed-off-by: Stefan Metzmacher <me...@samba.org> commit 93e950caf8db42750869a0ec8a8d2bcb62a1d98d Author: Volker Lendecke <v...@samba.org> Date: Mon Jun 11 14:02:03 2012 +0200 s3: Add cli_state->pw_nt_hash Signed-off-by: Stefan Metzmacher <me...@samba.org> commit 2be5ace544a5ec280abb72504f3d4acf5240c425 Author: Volker Lendecke <v...@samba.org> Date: Mon Jun 11 14:01:08 2012 +0200 s3: Add user_auth_info->use_pw_nt_hash Signed-off-by: Stefan Metzmacher <me...@samba.org> commit 93e0844471f468f27c3c617b068b9d5aa26f4f1b Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jun 11 23:47:48 2012 +0200 s3-libsmbclient: change vnum to 0.2.0 metze commit 6c13a46732f61b596273e2bd7ff3c78a4b953195 Author: Volker Lendecke <v...@samba.org> Date: Mon Jun 11 13:29:10 2012 +0200 s3-libsmbclient: Add OptionUseNTHash Signed-off-by: Stefan Metzmacher <me...@samba.org> commit 4fb283e70e26c3328f1ab86276a5728601cc3432 Author: Volker Lendecke <v...@samba.org> Date: Mon Jun 11 13:32:07 2012 +0200 s3: Add CLI_FULL_CONNECTION_USE_NT_HASH ... as an indicator that the password supplied is the NT hash Signed-off-by: Stefan Metzmacher <me...@samba.org> commit 3b63a6794a008b35cd7b5bc03bcc9e4f8d4124a4 Author: Volker Lendecke <v...@samba.org> Date: Mon Jun 11 13:12:30 2012 +0200 S3: Add ntlmssp_set_password_hash Signed-off-by: Stefan Metzmacher <me...@samba.org> commit ae821929a0ec048da69084b71c53270eecdb3e6e Author: Volker Lendecke <v...@samba.org> Date: Mon Jun 11 10:15:08 2012 +0200 s3-libsmbclient: Make SMBC_call_auth_fn static Signed-off-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/include/auth_info.h | 5 ++++ source3/include/client.h | 2 + source3/include/libsmb_internal.h | 13 +++-------- source3/include/libsmbclient.h | 8 +++++++ source3/include/proto.h | 2 + source3/lib/popt_common.c | 5 ++++ source3/lib/util_cmdline.c | 12 ++++++++++ .../{smbclient-0.1.0.sigs => smbclient-0.2.0.sigs} | 2 + source3/libsmb/cliconnect.c | 6 ++++- source3/libsmb/clidfs.c | 3 ++ source3/libsmb/clientgen.c | 4 +++ source3/libsmb/libsmb_server.c | 6 ++++- source3/libsmb/libsmb_setget.c | 18 ++++++++++++++++ source3/libsmb/ntlmssp.c | 22 ++++++++++++++++++++ source3/libsmb/wscript | 2 +- 15 files changed, 98 insertions(+), 12 deletions(-) copy source3/libsmb/ABI/{smbclient-0.1.0.sigs => smbclient-0.2.0.sigs} (98%) Changeset truncated at 500 lines: diff --git a/source3/include/auth_info.h b/source3/include/auth_info.h index 6b5105d..d8d8317 100644 --- a/source3/include/auth_info.h +++ b/source3/include/auth_info.h @@ -31,6 +31,7 @@ struct user_auth_info { bool use_machine_account; bool fallback_after_kerberos; bool use_ccache; + bool use_pw_nt_hash; }; struct user_auth_info *user_auth_info_init(TALLOC_CTX *mem_ctx); @@ -49,6 +50,10 @@ int get_cmdline_auth_info_signing_state(const struct user_auth_info *auth_info); void set_cmdline_auth_info_use_ccache(struct user_auth_info *auth_info, bool b); bool get_cmdline_auth_info_use_ccache(const struct user_auth_info *auth_info); +void set_cmdline_auth_info_use_pw_nt_hash(struct user_auth_info *auth_info, + bool b); +bool get_cmdline_auth_info_use_pw_nt_hash( + const struct user_auth_info *auth_info); void set_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info, bool b); bool get_cmdline_auth_info_use_kerberos(const struct user_auth_info *auth_info); diff --git a/source3/include/client.h b/source3/include/client.h index 18bf26e..5694ed0 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -87,6 +87,7 @@ struct cli_state { bool use_kerberos; bool fallback_after_kerberos; bool use_ccache; + bool pw_nt_hash; bool got_kerberos_mechanism; /* Server supports krb5 in SPNEGO. */ bool use_oplocks; /* should we use oplocks? */ @@ -141,5 +142,6 @@ struct file_info { #define CLI_FULL_CONNECTION_USE_CCACHE 0x0040 #define CLI_FULL_CONNECTION_FORCE_DOS_ERRORS 0x0080 #define CLI_FULL_CONNECTION_FORCE_ASCII 0x0100 +#define CLI_FULL_CONNECTION_USE_NT_HASH 0x0200 #endif /* _CLIENT_H */ diff --git a/source3/include/libsmb_internal.h b/source3/include/libsmb_internal.h index 0c8d8ab..aba159a 100644 --- a/source3/include/libsmb_internal.h +++ b/source3/include/libsmb_internal.h @@ -48,6 +48,10 @@ typedef struct DOS_ATTR_DESC { SMB_INO_T inode; } DOS_ATTR_DESC; +/* + * Extension of libsmbclient.h's #defines + */ +#define SMB_CTX_FLAG_USE_NT_HASH (1 << 4) /* * Internal flags for extended attributes @@ -450,15 +454,6 @@ SMBC_remove_unused_server(SMBCCTX * context, SMBCSRV * srv); void -SMBC_call_auth_fn(TALLOC_CTX *ctx, - SMBCCTX *context, - const char *server, - const char *share, - char **pp_workgroup, - char **pp_username, - char **pp_password); - -void SMBC_get_auth_data(const char *server, const char *share, char *workgroup_buf, int workgroup_buf_len, char *username_buf, int username_buf_len, diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h index ccf80da..61ff6a3 100644 --- a/source3/include/libsmbclient.h +++ b/source3/include/libsmbclient.h @@ -743,6 +743,14 @@ smbc_getOptionUseCCache(SMBCCTX *c); void smbc_setOptionUseCCache(SMBCCTX *c, smbc_bool b); +/** Get indication that the password supplied is the NT hash */ +smbc_bool +smbc_getOptionUseNTHash(SMBCCTX *c); + +/** Set indication that the password supplied is the NT hash */ +void +smbc_setOptionUseNTHash(SMBCCTX *c, smbc_bool b); + /************************************* diff --git a/source3/include/proto.h b/source3/include/proto.h index b265d7a..d1d7131 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -939,6 +939,8 @@ bool get_dc_name(const char *domain, struct ntlmssp_state; NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user) ; NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password) ; +NTSTATUS ntlmssp_set_password_hash(struct ntlmssp_state *ntlmssp_state, + const char *hash); NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ; void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list); void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature); diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c index 3bcee1c..94e551d 100644 --- a/source3/lib/popt_common.c +++ b/source3/lib/popt_common.c @@ -592,6 +592,9 @@ static void popt_common_credentials_callback(poptContext con, case 'C': set_cmdline_auth_info_use_ccache(auth_info, true); break; + case 'H': + set_cmdline_auth_info_use_pw_nt_hash(auth_info, true); + break; } } @@ -615,5 +618,7 @@ struct poptOption popt_common_credentials[] = { {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" }, {"use-ccache", 'C', POPT_ARG_NONE, NULL, 'C', "Use the winbind ccache for authentication" }, + {"pw-nt-hash", '\0', POPT_ARG_NONE, NULL, 'H', + "The supplied password is the NT hash" }, POPT_TABLEEND }; diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c index 1d2c725..4403846 100644 --- a/source3/lib/util_cmdline.c +++ b/source3/lib/util_cmdline.c @@ -136,6 +136,18 @@ bool get_cmdline_auth_info_use_ccache(const struct user_auth_info *auth_info) return auth_info->use_ccache; } +void set_cmdline_auth_info_use_pw_nt_hash(struct user_auth_info *auth_info, + bool b) +{ + auth_info->use_pw_nt_hash = b; +} + +bool get_cmdline_auth_info_use_pw_nt_hash( + const struct user_auth_info *auth_info) +{ + return auth_info->use_pw_nt_hash; +} + void set_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info, bool b) { diff --git a/source3/libsmb/ABI/smbclient-0.1.0.sigs b/source3/libsmb/ABI/smbclient-0.2.0.sigs similarity index 98% copy from source3/libsmb/ABI/smbclient-0.1.0.sigs copy to source3/libsmb/ABI/smbclient-0.2.0.sigs index bbd7700..aa85859 100644 --- a/source3/libsmb/ABI/smbclient-0.1.0.sigs +++ b/source3/libsmb/ABI/smbclient-0.2.0.sigs @@ -64,6 +64,7 @@ smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *) smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *) smbc_getOptionUseCCache: smbc_bool (SMBCCTX *) smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *) +smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *) smbc_getOptionUserData: void *(SMBCCTX *) smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *) smbc_getTimeout: int (SMBCCTX *) @@ -148,6 +149,7 @@ smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level) smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool) smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool) smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool) +smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool) smbc_setOptionUserData: void (SMBCCTX *, void *) smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *) smbc_setTimeout: void (SMBCCTX *, int) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index f46ce06..acc3a21 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1648,7 +1648,11 @@ static struct tevent_req *cli_session_setup_ntlmssp_send( if (!NT_STATUS_IS_OK(status)) { goto fail; } - status = ntlmssp_set_password(state->ntlmssp_state, pass); + if (cli->pw_nt_hash) { + status = ntlmssp_set_password_hash(state->ntlmssp_state, pass); + } else { + status = ntlmssp_set_password(state->ntlmssp_state, pass); + } if (!NT_STATUS_IS_OK(status)) { goto fail; } diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 4655915..95f8817 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -129,6 +129,9 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, if (get_cmdline_auth_info_use_ccache(auth_info)) { flags |= CLI_FULL_CONNECTION_USE_CCACHE; } + if (get_cmdline_auth_info_use_pw_nt_hash(auth_info)) { + flags |= CLI_FULL_CONNECTION_USE_NT_HASH; + } status = cli_connect_nb( server, NULL, port, name_type, NULL, diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index c8bd7e5..4398d80 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -209,6 +209,10 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx, cli->use_ccache = true; } + if (flags & CLI_FULL_CONNECTION_USE_NT_HASH) { + cli->pw_nt_hash = true; + } + if (flags & CLI_FULL_CONNECTION_OPLOCKS) { cli->use_oplocks = true; } diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c index c7ec142..99aa74c 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -96,7 +96,7 @@ SMBC_remove_unused_server(SMBCCTX * context, /**************************************************************** * Call the auth_fn with fixed size (fstring) buffers. ***************************************************************/ -void +static void SMBC_call_auth_fn(TALLOC_CTX *ctx, SMBCCTX *context, const char *server, @@ -417,6 +417,10 @@ SMBC_server_internal(TALLOC_CTX *ctx, flags |= CLI_FULL_CONNECTION_USE_CCACHE; } + if (smbc_getOptionUseNTHash(context)) { + flags |= CLI_FULL_CONNECTION_USE_NT_HASH; + } + if (share == NULL || *share == '\0' || is_ipc) { /* * Try 139 first for IPC$ diff --git a/source3/libsmb/libsmb_setget.c b/source3/libsmb/libsmb_setget.c index 0a02346..60bbc8b 100644 --- a/source3/libsmb/libsmb_setget.c +++ b/source3/libsmb/libsmb_setget.c @@ -457,6 +457,24 @@ smbc_setOptionUseCCache(SMBCCTX *c, smbc_bool b) } } +/** Get whether to enable use of the winbind ccache */ +smbc_bool +smbc_getOptionUseNTHash(SMBCCTX *c) +{ + return (c->flags & SMB_CTX_FLAG_USE_NT_HASH) != 0; +} + +/** Set indication that the password supplied is the NT hash */ +void +smbc_setOptionUseNTHash(SMBCCTX *c, smbc_bool b) +{ + if (b) { + c->flags |= SMB_CTX_FLAG_USE_NT_HASH; + } else { + c->flags &= ~SMB_CTX_FLAG_USE_NT_HASH; + } +} + /** Get the function for obtaining authentication data */ smbc_get_auth_data_fn smbc_getFunctionAuthData(SMBCCTX *c) diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 95a5dc9..fb41c3c 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -106,6 +106,28 @@ NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *p return NT_STATUS_OK; } +NTSTATUS ntlmssp_set_password_hash(struct ntlmssp_state *state, + const char *pwhash) +{ + char nt_hash[16]; + size_t converted; + + converted = strhex_to_str( + nt_hash, sizeof(nt_hash), pwhash, strlen(pwhash)); + if (converted != sizeof(nt_hash)) { + return NT_STATUS_INVALID_PARAMETER; + } + + TALLOC_FREE(state->lm_hash); + TALLOC_FREE(state->nt_hash); + + state->nt_hash = (uint8_t *)talloc_memdup(state, nt_hash, 16); + if (!state->nt_hash) { + return NT_STATUS_NO_MEMORY; + } + return NT_STATUS_OK; +} + /** * Set a domain on an NTLMSSP context - ensures it is talloc()ed * diff --git a/source3/libsmb/wscript b/source3/libsmb/wscript index e614557..c5444b0 100644 --- a/source3/libsmb/wscript +++ b/source3/libsmb/wscript @@ -27,5 +27,5 @@ def build(bld): public_headers='../include/libsmbclient.h', abi_directory='ABI', abi_match='smbc_*', - vnum='0.1.0', + vnum='0.2.0', pc_files='smbclient.pc') -- Samba Shared Repository