Changeset 988 for vendor/current/source4/ntvfs/cifs

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/source4/ntvfs/cifs/vfs_cifs.c (modified) (14 diffs)

vendor/current/source4/ntvfs/cifs/vfs_cifs.c

@@ -35 +35 @@
 #include "param/param.h"
 #include "libcli/resolve/resolve.h"
+#include "../libcli/smb/smbXcli_base.h"
 
 struct cvfs_file {
@@ -64 +65 @@
 };
 
+NTSTATUS ntvfs_cifs_init(void);
+
 #define CHECK_UPSTREAM_OPEN do { \
-        if (! p->transport->socket->sock) { \
+        if (!smbXcli_conn_is_connected(p->transport->conn)) { \
                 req->async_states->state|=NTVFS_ASYNC_STATE_CLOSE; \
                 return NT_STATUS_CONNECTION_DISCONNECTED; \
@@ -98 +101 @@
 #define CIFS_SHARE              "cifs:share"
 #define CIFS_USE_MACHINE_ACCT   "cifs:use-machine-account"
+#define CIFS_USE_S4U2PROXY      "cifs:use-s4u2proxy"
 #define CIFS_MAP_GENERIC        "cifs:map-generic"
 #define CIFS_MAP_TRANS2         "cifs:map-trans2"
 
 #define CIFS_USE_MACHINE_ACCT_DEFAULT   false
+#define CIFS_USE_S4U2PROXY_DEFAULT      false
 #define CIFS_MAP_GENERIC_DEFAULT        false
 #define CIFS_MAP_TRANS2_DEFAULT         true
@@ -149 +154 @@
         struct cli_credentials *credentials;
         bool machine_account;
+        bool s4u2proxy;
         const char* sharename;
+        TALLOC_CTX *tmp_ctx;
+
+        tmp_ctx = talloc_new(req);
+        if (tmp_ctx == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
 
         switch (tcon->generic.level) {
@@ -162 +174 @@
                 break;
         default:
-                return NT_STATUS_INVALID_LEVEL;
+                status = NT_STATUS_INVALID_LEVEL;
+                goto out;
         }
 
@@ -174 +187 @@
         /* Here we need to determine which server to connect to.
          * For now we use parametric options, type cifs.
-         * Later we will use security=server and auth_server.c.
          */
-        host = share_string_option(scfg, CIFS_SERVER, NULL);
-        user = share_string_option(scfg, CIFS_USER, NULL);
-        pass = share_string_option(scfg, CIFS_PASSWORD, NULL);
-        domain = share_string_option(scfg, CIFS_DOMAIN, NULL);
-        remote_share = share_string_option(scfg, CIFS_SHARE, NULL);
+        host = share_string_option(tmp_ctx, scfg, CIFS_SERVER, NULL);
+        user = share_string_option(tmp_ctx, scfg, CIFS_USER, NULL);
+        pass = share_string_option(tmp_ctx, scfg, CIFS_PASSWORD, NULL);
+        domain = share_string_option(tmp_ctx, scfg, CIFS_DOMAIN, NULL);
+        remote_share = share_string_option(tmp_ctx, scfg, CIFS_SHARE, NULL);
         if (!remote_share) {
                 remote_share = sharename;
@@ -186 +198 @@
 
         machine_account = share_bool_option(scfg, CIFS_USE_MACHINE_ACCT, CIFS_USE_MACHINE_ACCT_DEFAULT);
+        s4u2proxy = share_bool_option(scfg, CIFS_USE_S4U2PROXY, CIFS_USE_S4U2PROXY_DEFAULT);
 
         p = talloc_zero(ntvfs, struct cvfs_private);
         if (!p) {
-                return NT_STATUS_NO_MEMORY;
+                status = NT_STATUS_NO_MEMORY;
+                goto out;
         }
 
@@ -196 +210 @@
         if (!host) {
                 DEBUG(1,("CIFS backend: You must supply server\n"));
-                return NT_STATUS_INVALID_PARAMETER;
+                status = NT_STATUS_INVALID_PARAMETER;
+                goto out;
         } 
         
@@ -203 +218 @@
                 credentials = cli_credentials_init(p);
                 if (!credentials) {
-                        return NT_STATUS_NO_MEMORY;
+                        status = NT_STATUS_NO_MEMORY;
+                        goto out;
                 }
                 cli_credentials_set_conf(credentials, ntvfs->ctx->lp_ctx);
@@ -220 +236 @@
                 status = cli_credentials_set_machine_account(credentials, ntvfs->ctx->lp_ctx);
                 if (!NT_STATUS_IS_OK(status)) {
-                        return status;
+                        goto out;
                 }
         } else if (req->session_info->credentials) {
                 DEBUG(5, ("CIFS backend: Using delegated credentials\n"));
                 credentials = req->session_info->credentials;
+        } else if (s4u2proxy) {
+                struct ccache_container *ccc = NULL;
+                const char *err_str = NULL;
+                int ret;
+                char *impersonate_principal;
+                char *self_service;
+                char *target_service;
+
+                impersonate_principal = talloc_asprintf(req, "%s@%s",
+                                                req->session_info->info->account_name,
+                                                req->session_info->info->domain_name);
+
+                self_service = talloc_asprintf(req, "cifs/%s",
+                                               lpcfg_netbios_name(ntvfs->ctx->lp_ctx));
+
+                target_service = talloc_asprintf(req, "cifs/%s", host);
+
+                DEBUG(5, ("CIFS backend: Using S4U2Proxy credentials\n"));
+
+                credentials = cli_credentials_init(p);
+                cli_credentials_set_conf(credentials, ntvfs->ctx->lp_ctx);
+                if (domain) {
+                        cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+                }
+                status = cli_credentials_set_machine_account(credentials, ntvfs->ctx->lp_ctx);
+                if (!NT_STATUS_IS_OK(status)) {
+                        goto out;
+                }
+                cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+                cli_credentials_set_impersonate_principal(credentials,
+                                                          impersonate_principal,
+                                                          self_service);
+                cli_credentials_set_target_service(credentials, target_service);
+                ret = cli_credentials_get_ccache(credentials,
+                                                 ntvfs->ctx->event_ctx,
+                                                 ntvfs->ctx->lp_ctx,
+                                                 &ccc,
+                                                 &err_str);
+                if (ret != 0) {
+                        status = NT_STATUS_CROSSREALM_DELEGATION_FAILURE;
+                        DEBUG(1,("S4U2Proxy: cli_credentials_get_ccache() gave: ret[%d] str[%s] - %s\n",
+                                ret, err_str, nt_errstr(status)));
+                        goto out;
+                }
+
         } else {
                 DEBUG(1,("CIFS backend: NO delegated credentials found: You must supply server, user and password or the client must supply delegated credentials\n"));
-                return NT_STATUS_INVALID_PARAMETER;
+                status = NT_STATUS_INTERNAL_ERROR;
+                goto out;
         }
 
@@ -252 +314 @@
                                           ntvfs->ctx->event_ctx);
         status = smb_composite_connect_recv(creq, p);
-        NT_STATUS_NOT_OK_RETURN(status);
+        if (!NT_STATUS_IS_OK(status)) {
+                goto out;
+        }
 
         p->tree = io.out.tree;
@@ -261 +325 @@
 
         ntvfs->ctx->fs_type = talloc_strdup(ntvfs->ctx, "NTFS");
-        NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->fs_type);
+        if (ntvfs->ctx->fs_type == NULL) {
+                status = NT_STATUS_NO_MEMORY;
+                goto out;
+        }
         ntvfs->ctx->dev_type = talloc_strdup(ntvfs->ctx, "A:");
-        NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->dev_type);
+        if (ntvfs->ctx->dev_type == NULL) {
+                status = NT_STATUS_NO_MEMORY;
+                goto out;
+        }
 
         if (tcon->generic.level == RAW_TCON_TCONX) {
@@ -277 +347 @@
         p->map_trans2 = share_bool_option(scfg, CIFS_MAP_TRANS2, CIFS_MAP_TRANS2_DEFAULT);
 
-        return NT_STATUS_OK;
+        status = NT_STATUS_OK;
+
+out:
+        TALLOC_FREE(tmp_ctx);
+        return status;
 }
 
@@ -1141 +1215 @@
         
         /* fill in all the operations */
-        ops.connect = cvfs_connect;
-        ops.disconnect = cvfs_disconnect;
-        ops.unlink = cvfs_unlink;
-        ops.chkpath = cvfs_chkpath;
-        ops.qpathinfo = cvfs_qpathinfo;
-        ops.setpathinfo = cvfs_setpathinfo;
-        ops.open = cvfs_open;
-        ops.mkdir = cvfs_mkdir;
-        ops.rmdir = cvfs_rmdir;
-        ops.rename = cvfs_rename;
-        ops.copy = cvfs_copy;
-        ops.ioctl = cvfs_ioctl;
-        ops.read = cvfs_read;
-        ops.write = cvfs_write;
-        ops.seek = cvfs_seek;
-        ops.flush = cvfs_flush; 
-        ops.close = cvfs_close;
-        ops.exit = cvfs_exit;
-        ops.lock = cvfs_lock;
-        ops.setfileinfo = cvfs_setfileinfo;
-        ops.qfileinfo = cvfs_qfileinfo;
-        ops.fsinfo = cvfs_fsinfo;
-        ops.lpq = cvfs_lpq;
-        ops.search_first = cvfs_search_first;
-        ops.search_next = cvfs_search_next;
-        ops.search_close = cvfs_search_close;
-        ops.trans = cvfs_trans;
-        ops.logoff = cvfs_logoff;
-        ops.async_setup = cvfs_async_setup;
-        ops.cancel = cvfs_cancel;
-        ops.notify = cvfs_notify;
-        ops.trans2 = cvfs_trans2;
+        ops.connect_fn = cvfs_connect;
+        ops.disconnect_fn = cvfs_disconnect;
+        ops.unlink_fn = cvfs_unlink;
+        ops.chkpath_fn = cvfs_chkpath;
+        ops.qpathinfo_fn = cvfs_qpathinfo;
+        ops.setpathinfo_fn = cvfs_setpathinfo;
+        ops.open_fn = cvfs_open;
+        ops.mkdir_fn = cvfs_mkdir;
+        ops.rmdir_fn = cvfs_rmdir;
+        ops.rename_fn = cvfs_rename;
+        ops.copy_fn = cvfs_copy;
+        ops.ioctl_fn = cvfs_ioctl;
+        ops.read_fn = cvfs_read;
+        ops.write_fn = cvfs_write;
+        ops.seek_fn = cvfs_seek;
+        ops.flush_fn = cvfs_flush;
+        ops.close_fn = cvfs_close;
+        ops.exit_fn = cvfs_exit;
+        ops.lock_fn = cvfs_lock;
+        ops.setfileinfo_fn = cvfs_setfileinfo;
+        ops.qfileinfo_fn = cvfs_qfileinfo;
+        ops.fsinfo_fn = cvfs_fsinfo;
+        ops.lpq_fn = cvfs_lpq;
+        ops.search_first_fn = cvfs_search_first;
+        ops.search_next_fn = cvfs_search_next;
+        ops.search_close_fn = cvfs_search_close;
+        ops.trans_fn = cvfs_trans;
+        ops.logoff_fn = cvfs_logoff;
+        ops.async_setup_fn = cvfs_async_setup;
+        ops.cancel_fn = cvfs_cancel;
+        ops.notify_fn = cvfs_notify;
+        ops.trans2_fn = cvfs_trans2;
 
         /* register ourselves with the NTVFS subsystem. We register