1 |
From a1d2a9077978602f92c4ea38ce4f85a45ce821b3 Mon Sep 17 00:00:00 2001 |
2 |
From: Stefan Metzmacher <metze@samba.org> |
3 |
Date: Thu, 19 May 2016 11:47:18 +0200 |
4 |
Subject: [PATCH] s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT |
5 |
|
6 |
This means we'll use the "client ipc min protocol", "client ipc max protocol" |
7 |
and "client ipc signing" options. But "--signing=no" or "--signing=required" |
8 |
still overwrite "client ipc signing". |
9 |
|
10 |
The following can be used to alter the max protocol |
11 |
|
12 |
rpcclient --option="client ipc max protocol=SMB2_10" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername" |
13 |
Account Name: Administrator, Authority Name: W4EDOM-L4 |
14 |
|
15 |
rpcclient --option="client ipc max protocol=NT1" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername" |
16 |
Account Name: Administrator, Authority Name: W4EDOM-L4 |
17 |
|
18 |
rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername" |
19 |
Account Name: Administrator, Authority Name: W4EDOM-L4 |
20 |
|
21 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927 |
22 |
|
23 |
Signed-off-by: Stefan Metzmacher <metze@samba.org> |
24 |
Reviewed-by: Jeremy Allison <jra@samba.org> |
25 |
|
26 |
Autobuild-User(master): Jeremy Allison <jra@samba.org> |
27 |
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144 |
28 |
|
29 |
(cherry picked from commit 2eb824fbaf61dfc5e9c735589c80c41379dabe86) |
30 |
--- |
31 |
source3/rpcclient/rpcclient.c | 13 ++++++++++++- |
32 |
1 file changed, 12 insertions(+), 1 deletion(-) |
33 |
|
34 |
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c |
35 |
index a35e422..ebe72b9 100644 |
36 |
--- a/source3/rpcclient/rpcclient.c |
37 |
+++ b/source3/rpcclient/rpcclient.c |
38 |
@@ -944,6 +944,7 @@ out_free: |
39 |
const char *binding_string = NULL; |
40 |
char *user, *domain, *q; |
41 |
const char *host; |
42 |
+ int signing_state = SMB_SIGNING_IPC_DEFAULT; |
43 |
|
44 |
/* make sure the vars that get altered (4th field) are in |
45 |
a fixed location or certain compilers complain */ |
46 |
@@ -1116,6 +1117,16 @@ out_free: |
47 |
} |
48 |
} |
49 |
|
50 |
+ signing_state = get_cmdline_auth_info_signing_state(rpcclient_auth_info); |
51 |
+ switch (signing_state) { |
52 |
+ case SMB_SIGNING_OFF: |
53 |
+ lp_set_cmdline("client ipc signing", "no"); |
54 |
+ break; |
55 |
+ case SMB_SIGNING_REQUIRED: |
56 |
+ lp_set_cmdline("client ipc signing", "required"); |
57 |
+ break; |
58 |
+ } |
59 |
+ |
60 |
if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) { |
61 |
flags |= CLI_FULL_CONNECTION_USE_KERBEROS | |
62 |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; |
63 |
@@ -1143,7 +1154,7 @@ out_free: |
64 |
get_cmdline_auth_info_domain(rpcclient_auth_info), |
65 |
get_cmdline_auth_info_password(rpcclient_auth_info), |
66 |
flags, |
67 |
- get_cmdline_auth_info_signing_state(rpcclient_auth_info)); |
68 |
+ SMB_SIGNING_IPC_DEFAULT); |
69 |
|
70 |
if (!NT_STATUS_IS_OK(nt_status)) { |
71 |
DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status))); |
72 |
-- |
73 |
1.9.1 |
74 |
|