s3:libsmb: let cli_tree_connect_creds() only call cli_credentials_get_password()...

Only legacy protocols need a password for share level authentication,
so avoid triggering the password prompt for the common case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr 23 15:21:38 UTC 2024 on atb-devel-224

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index d42f08fbb1a9235656dde7f1cfc86eae4b4787c9..169960282a4986c9c2bd90c104826efab38596f5 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2424,9 +2424,25 @@ NTSTATUS cli_tree_connect_creds(struct cli_state *cli,
                                const char *share, const char *dev,
                                struct cli_credentials *creds)
 {
+       bool need_pass = false;
        const char *pw = NULL;
 
-       if (creds != NULL) {
+       /*
+        * We should work out if the protocol
+        * will make use of a password for share level
+        * authentication before we may cause
+        * the password prompt to be called.
+        */
+       if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+               uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
+
+               /* in user level security don't send a password now */
+               if (!(sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
+                       need_pass = true;
+               }
+       }
+
+       if (need_pass && creds != NULL) {
                pw = cli_credentials_get_password(creds);
        }