1 |
vip-ire |
1.1 |
From a1d2a9077978602f92c4ea38ce4f85a45ce821b3 Mon Sep 17 00:00:00 2001 |
2 |
|
|
From: Stefan Metzmacher <metze@samba.org> |
3 |
|
|
Date: Thu, 19 May 2016 11:47:18 +0200 |
4 |
|
|
Subject: [PATCH] s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT |
5 |
|
|
|
6 |
|
|
This means we'll use the "client ipc min protocol", "client ipc max protocol" |
7 |
|
|
and "client ipc signing" options. But "--signing=no" or "--signing=required" |
8 |
|
|
still overwrite "client ipc signing". |
9 |
|
|
|
10 |
|
|
The following can be used to alter the max protocol |
11 |
|
|
|
12 |
|
|
rpcclient --option="client ipc max protocol=SMB2_10" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername" |
13 |
|
|
Account Name: Administrator, Authority Name: W4EDOM-L4 |
14 |
|
|
|
15 |
|
|
rpcclient --option="client ipc max protocol=NT1" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername" |
16 |
|
|
Account Name: Administrator, Authority Name: W4EDOM-L4 |
17 |
|
|
|
18 |
|
|
rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername" |
19 |
|
|
Account Name: Administrator, Authority Name: W4EDOM-L4 |
20 |
|
|
|
21 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927 |
22 |
|
|
|
23 |
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org> |
24 |
|
|
Reviewed-by: Jeremy Allison <jra@samba.org> |
25 |
|
|
|
26 |
|
|
Autobuild-User(master): Jeremy Allison <jra@samba.org> |
27 |
|
|
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144 |
28 |
|
|
|
29 |
|
|
(cherry picked from commit 2eb824fbaf61dfc5e9c735589c80c41379dabe86) |
30 |
|
|
--- |
31 |
|
|
source3/rpcclient/rpcclient.c | 13 ++++++++++++- |
32 |
|
|
1 file changed, 12 insertions(+), 1 deletion(-) |
33 |
|
|
|
34 |
|
|
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c |
35 |
|
|
index a35e422..ebe72b9 100644 |
36 |
|
|
--- a/source3/rpcclient/rpcclient.c |
37 |
|
|
+++ b/source3/rpcclient/rpcclient.c |
38 |
|
|
@@ -944,6 +944,7 @@ out_free: |
39 |
|
|
const char *binding_string = NULL; |
40 |
|
|
char *user, *domain, *q; |
41 |
|
|
const char *host; |
42 |
|
|
+ int signing_state = SMB_SIGNING_IPC_DEFAULT; |
43 |
|
|
|
44 |
|
|
/* make sure the vars that get altered (4th field) are in |
45 |
|
|
a fixed location or certain compilers complain */ |
46 |
|
|
@@ -1116,6 +1117,16 @@ out_free: |
47 |
|
|
} |
48 |
|
|
} |
49 |
|
|
|
50 |
|
|
+ signing_state = get_cmdline_auth_info_signing_state(rpcclient_auth_info); |
51 |
|
|
+ switch (signing_state) { |
52 |
|
|
+ case SMB_SIGNING_OFF: |
53 |
|
|
+ lp_set_cmdline("client ipc signing", "no"); |
54 |
|
|
+ break; |
55 |
|
|
+ case SMB_SIGNING_REQUIRED: |
56 |
|
|
+ lp_set_cmdline("client ipc signing", "required"); |
57 |
|
|
+ break; |
58 |
|
|
+ } |
59 |
|
|
+ |
60 |
|
|
if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) { |
61 |
|
|
flags |= CLI_FULL_CONNECTION_USE_KERBEROS | |
62 |
|
|
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; |
63 |
|
|
@@ -1143,7 +1154,7 @@ out_free: |
64 |
|
|
get_cmdline_auth_info_domain(rpcclient_auth_info), |
65 |
|
|
get_cmdline_auth_info_password(rpcclient_auth_info), |
66 |
|
|
flags, |
67 |
|
|
- get_cmdline_auth_info_signing_state(rpcclient_auth_info)); |
68 |
|
|
+ SMB_SIGNING_IPC_DEFAULT); |
69 |
|
|
|
70 |
|
|
if (!NT_STATUS_IS_OK(nt_status)) { |
71 |
|
|
DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status))); |
72 |
|
|
-- |
73 |
|
|
1.9.1 |
74 |
|
|
|