Context Navigation

source: branches/samba-3.0/source/libsmb/cliconnect.c@ 134

Visit:

Last change on this file since 134 was 134, checked in by Paul Smedley, 17 years ago
Update source to 3.0.29
File size: 57.7 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	client connect/disconnect routines
4	Copyright (C) Andrew Tridgell 1994-1998
5	Copyright (C) Andrew Bartlett 2001-2003
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 2 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program; if not, write to the Free Software
19	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20	*/
21
22	#include "includes.h"
23
24	extern pstring user_socket_options;
25
26	static const struct {
27	int prot;
28	const char *name;
29	} prots[] = {
30	{PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"},
31	{PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"},
32	{PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"},
33	{PROTOCOL_LANMAN1,"LANMAN1.0"},
34	{PROTOCOL_LANMAN2,"LM1.2X002"},
35	{PROTOCOL_LANMAN2,"DOS LANMAN2.1"},
36	{PROTOCOL_LANMAN2,"LANMAN2.1"},
37	{PROTOCOL_LANMAN2,"Samba"},
38	{PROTOCOL_NT1,"NT LANMAN 1.0"},
39	{PROTOCOL_NT1,"NT LM 0.12"},
40	{-1,NULL}
41	};
42
43	static const char star_smbserver_name = "SMBSERVER";
44
45	/**
46	* Set the user session key for a connection
47	* @param cli The cli structure to add it too
48	* @param session_key The session key used. (A copy of this is taken for the cli struct)
49	*
50	*/
51
52	static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB session_key)
53	{
54	cli->user_session_key = data_blob(session_key.data, session_key.length);
55	}
56
57	/****************************************************************************
58	Do an old lanman2 style session setup.
59	****************************************************************************/
60
61	static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
62	const char *user,
63	const char *pass, size_t passlen,
64	const char *workgroup)
65	{
66	DATA_BLOB session_key = data_blob(NULL, 0);
67	DATA_BLOB lm_response = data_blob(NULL, 0);
68	fstring pword;
69	char *p;
70
71	if (passlen > sizeof(pword)-1) {
72	return NT_STATUS_INVALID_PARAMETER;
73	}
74
75	/* LANMAN servers predate NT status codes and Unicode and ignore those
76	smb flags so we must disable the corresponding default capabilities
77	that would otherwise cause the Unicode and NT Status flags to be
78	set (and even returned by the server) */
79
80	cli->capabilities &= ~(CAP_UNICODE \| CAP_STATUS32);
81
82	/* if in share level security then don't send a password now */
83	if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
84	passlen = 0;
85
86	if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) {
87	/* Encrypted mode needed, and non encrypted password supplied. */
88	lm_response = data_blob(NULL, 24);
89	if (!SMBencrypt(pass, cli->secblob.data,(uchar *)lm_response.data)) {
90	DEBUG(1, ("Password is > 14 chars in length, and is therefore incompatible with Lanman authentication\n"));
91	return NT_STATUS_ACCESS_DENIED;
92	}
93	} else if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen == 24) {
94	/* Encrypted mode needed, and encrypted password supplied. */
95	lm_response = data_blob(pass, passlen);
96	} else if (passlen > 0) {
97	/* Plaintext mode needed, assume plaintext supplied. */
98	passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
99	lm_response = data_blob(pass, passlen);
100	}
101
102	/* send a session setup command */
103	memset(cli->outbuf,'\0',smb_size);
104	set_message(cli->outbuf,10, 0, True);
105	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
106	cli_setup_packet(cli);
107
108	SCVAL(cli->outbuf,smb_vwv0,0xFF);
109	SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
110	SSVAL(cli->outbuf,smb_vwv3,2);
111	SSVAL(cli->outbuf,smb_vwv4,1);
112	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
113	SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
114
115	p = smb_buf(cli->outbuf);
116	memcpy(p,lm_response.data,lm_response.length);
117	p += lm_response.length;
118	p += clistr_push(cli, p, user, -1, STR_TERMINATE\|STR_UPPER);
119	p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE\|STR_UPPER);
120	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
121	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
122	cli_setup_bcc(cli, p);
123
124	if (!cli_send_smb(cli) \|\| !cli_receive_smb(cli)) {
125	return cli_nt_error(cli);
126	}
127
128	show_msg(cli->inbuf);
129
130	if (cli_is_error(cli)) {
131	return cli_nt_error(cli);
132	}
133
134	/* use the returned vuid from now on */
135	cli->vuid = SVAL(cli->inbuf,smb_uid);
136	fstrcpy(cli->user_name, user);
137
138	if (session_key.data) {
139	/* Have plaintext orginal */
140	cli_set_session_key(cli, session_key);
141	}
142
143	return NT_STATUS_OK;
144	}
145
146	/****************************************************************************
147	Work out suitable capabilities to offer the server.
148	****************************************************************************/
149
150	static uint32 cli_session_setup_capabilities(struct cli_state *cli)
151	{
152	uint32 capabilities = CAP_NT_SMBS;
153
154	if (!cli->force_dos_errors)
155	capabilities \|= CAP_STATUS32;
156
157	if (cli->use_level_II_oplocks)
158	capabilities \|= CAP_LEVEL_II_OPLOCKS;
159
160	capabilities \|= (cli->capabilities & (CAP_UNICODE\|CAP_LARGE_FILES\|CAP_LARGE_READX\|CAP_LARGE_WRITEX\|CAP_DFS));
161	return capabilities;
162	}
163
164	/****************************************************************************
165	Do a NT1 guest session setup.
166	****************************************************************************/
167
168	static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
169	{
170	char *p;
171	uint32 capabilities = cli_session_setup_capabilities(cli);
172
173	memset(cli->outbuf, '\0', smb_size);
174	set_message(cli->outbuf,13,0,True);
175	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
176	cli_setup_packet(cli);
177
178	SCVAL(cli->outbuf,smb_vwv0,0xFF);
179	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
180	SSVAL(cli->outbuf,smb_vwv3,2);
181	SSVAL(cli->outbuf,smb_vwv4,cli->pid);
182	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
183	SSVAL(cli->outbuf,smb_vwv7,0);
184	SSVAL(cli->outbuf,smb_vwv8,0);
185	SIVAL(cli->outbuf,smb_vwv11,capabilities);
186	p = smb_buf(cli->outbuf);
187	p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* username */
188	p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* workgroup */
189	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
190	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
191	cli_setup_bcc(cli, p);
192
193	if (!cli_send_smb(cli) \|\| !cli_receive_smb(cli)) {
194	return cli_nt_error(cli);
195	}
196
197	show_msg(cli->inbuf);
198
199	if (cli_is_error(cli)) {
200	return cli_nt_error(cli);
201	}
202
203	cli->vuid = SVAL(cli->inbuf,smb_uid);
204
205	p = smb_buf(cli->inbuf);
206	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
207	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
208	p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
209
210	if (strstr(cli->server_type, "Samba")) {
211	cli->is_samba = True;
212	}
213
214	fstrcpy(cli->user_name, "");
215
216	return NT_STATUS_OK;
217	}
218
219	/****************************************************************************
220	Do a NT1 plaintext session setup.
221	****************************************************************************/
222
223	static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
224	const char user, const char pass,
225	const char *workgroup)
226	{
227	uint32 capabilities = cli_session_setup_capabilities(cli);
228	char *p;
229	fstring lanman;
230
231	fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);
232
233	memset(cli->outbuf, '\0', smb_size);
234	set_message(cli->outbuf,13,0,True);
235	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
236	cli_setup_packet(cli);
237
238	SCVAL(cli->outbuf,smb_vwv0,0xFF);
239	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
240	SSVAL(cli->outbuf,smb_vwv3,2);
241	SSVAL(cli->outbuf,smb_vwv4,cli->pid);
242	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
243	SSVAL(cli->outbuf,smb_vwv8,0);
244	SIVAL(cli->outbuf,smb_vwv11,capabilities);
245	p = smb_buf(cli->outbuf);
246
247	/* check wether to send the ASCII or UNICODE version of the password */
248
249	if ( (capabilities & CAP_UNICODE) == 0 ) {
250	p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
251	SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
252	} else {
253	/* For ucs2 passwords clistr_push calls ucs2_align, which causes
254	* the space taken by the unicode password to be one byte too
255	* long (as we're on an odd byte boundary here). Reduce the
256	* count by 1 to cope with this. Fixes smbclient against NetApp
257	* servers which can't cope. Fix from
258	* bryan.kolodziej@allenlund.com in bug #3840.
259	*/
260	p += clistr_push(cli, p, pass, -1, STR_UNICODE\|STR_TERMINATE); /* unicode password */
261	SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf))-1);
262	}
263
264	p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
265	p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
266	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
267	p += clistr_push(cli, p, lanman, -1, STR_TERMINATE);
268	cli_setup_bcc(cli, p);
269
270	if (!cli_send_smb(cli) \|\| !cli_receive_smb(cli)) {
271	return cli_nt_error(cli);
272	}
273
274	show_msg(cli->inbuf);
275
276	if (cli_is_error(cli)) {
277	return cli_nt_error(cli);
278	}
279
280	cli->vuid = SVAL(cli->inbuf,smb_uid);
281	p = smb_buf(cli->inbuf);
282	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
283	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
284	p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
285	fstrcpy(cli->user_name, user);
286
287	if (strstr(cli->server_type, "Samba")) {
288	cli->is_samba = True;
289	}
290
291	return NT_STATUS_OK;
292	}
293
294	/****************************************************************************
295	do a NT1 NTLM/LM encrypted session setup - for when extended security
296	is not negotiated.
297	@param cli client state to create do session setup on
298	@param user username
299	@param pass either cleartext password (passlen !=24) or LM response.
300	@param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
301	@param workgroup The user's domain.
302	****************************************************************************/
303
304	static NTSTATUS cli_session_setup_nt1(struct cli_state cli, const char user,
305	const char *pass, size_t passlen,
306	const char *ntpass, size_t ntpasslen,
307	const char *workgroup)
308	{
309	uint32 capabilities = cli_session_setup_capabilities(cli);
310	DATA_BLOB lm_response = data_blob(NULL, 0);
311	DATA_BLOB nt_response = data_blob(NULL, 0);
312	DATA_BLOB session_key = data_blob(NULL, 0);
313	NTSTATUS result;
314	char *p;
315
316	if (passlen == 0) {
317	/* do nothing - guest login */
318	} else if (passlen != 24) {
319	if (lp_client_ntlmv2_auth()) {
320	DATA_BLOB server_chal;
321	DATA_BLOB names_blob;
322	server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8));
323
324	/* note that the 'workgroup' here is a best guess - we don't know
325	the server's domain at this point. The 'server name' is also
326	dodgy...
327	*/
328	names_blob = NTLMv2_generate_names_blob(cli->called.name, workgroup);
329
330	if (!SMBNTLMv2encrypt(user, workgroup, pass, &server_chal,
331	&names_blob,
332	&lm_response, &nt_response, &session_key)) {
333	data_blob_free(&names_blob);
334	data_blob_free(&server_chal);
335	return NT_STATUS_ACCESS_DENIED;
336	}
337	data_blob_free(&names_blob);
338	data_blob_free(&server_chal);
339
340	} else {
341	uchar nt_hash[16];
342	E_md4hash(pass, nt_hash);
343
344	#ifdef LANMAN_ONLY
345	nt_response = data_blob(NULL, 0);
346	#else
347	nt_response = data_blob(NULL, 24);
348	SMBNTencrypt(pass,cli->secblob.data,nt_response.data);
349	#endif
350	/* non encrypted password supplied. Ignore ntpass. */
351	if (lp_client_lanman_auth()) {
352	lm_response = data_blob(NULL, 24);
353	if (!SMBencrypt(pass,cli->secblob.data, lm_response.data)) {
354	/* Oops, the LM response is invalid, just put
355	the NT response there instead */
356	data_blob_free(&lm_response);
357	lm_response = data_blob(nt_response.data, nt_response.length);
358	}
359	} else {
360	/* LM disabled, place NT# in LM field instead */
361	lm_response = data_blob(nt_response.data, nt_response.length);
362	}
363
364	session_key = data_blob(NULL, 16);
365	#ifdef LANMAN_ONLY
366	E_deshash(pass, session_key.data);
367	memset(&session_key.data[8], '\0', 8);
368	#else
369	SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
370	#endif
371	}
372	#ifdef LANMAN_ONLY
373	cli_simple_set_signing(cli, session_key, lm_response);
374	#else
375	cli_simple_set_signing(cli, session_key, nt_response);
376	#endif
377	} else {
378	/* pre-encrypted password supplied. Only used for
379	security=server, can't do
380	signing because we don't have original key */
381
382	lm_response = data_blob(pass, passlen);
383	nt_response = data_blob(ntpass, ntpasslen);
384	}
385
386	/* send a session setup command */
387	memset(cli->outbuf,'\0',smb_size);
388
389	set_message(cli->outbuf,13,0,True);
390	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
391	cli_setup_packet(cli);
392
393	SCVAL(cli->outbuf,smb_vwv0,0xFF);
394	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
395	SSVAL(cli->outbuf,smb_vwv3,2);
396	SSVAL(cli->outbuf,smb_vwv4,cli->pid);
397	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
398	SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
399	SSVAL(cli->outbuf,smb_vwv8,nt_response.length);
400	SIVAL(cli->outbuf,smb_vwv11,capabilities);
401	p = smb_buf(cli->outbuf);
402	if (lm_response.length) {
403	memcpy(p,lm_response.data, lm_response.length); p += lm_response.length;
404	}
405	if (nt_response.length) {
406	memcpy(p,nt_response.data, nt_response.length); p += nt_response.length;
407	}
408	p += clistr_push(cli, p, user, -1, STR_TERMINATE);
409
410	/* Upper case here might help some NTLMv2 implementations */
411	p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE\|STR_UPPER);
412	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
413	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
414	cli_setup_bcc(cli, p);
415
416	if (!cli_send_smb(cli) \|\| !cli_receive_smb(cli)) {
417	result = cli_nt_error(cli);
418	goto end;
419	}
420
421	/* show_msg(cli->inbuf); */
422
423	if (cli_is_error(cli)) {
424	result = cli_nt_error(cli);
425	goto end;
426	}
427
428	/* use the returned vuid from now on */
429	cli->vuid = SVAL(cli->inbuf,smb_uid);
430
431	p = smb_buf(cli->inbuf);
432	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
433	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
434	p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
435
436	if (strstr(cli->server_type, "Samba")) {
437	cli->is_samba = True;
438	}
439
440	fstrcpy(cli->user_name, user);
441
442	if (session_key.data) {
443	/* Have plaintext orginal */
444	cli_set_session_key(cli, session_key);
445	}
446
447	result = NT_STATUS_OK;
448	end:
449	data_blob_free(&lm_response);
450	data_blob_free(&nt_response);
451	data_blob_free(&session_key);
452	return result;
453	}
454
455	/****************************************************************************
456	Send a extended security session setup blob
457	****************************************************************************/
458
459	static BOOL cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
460	{
461	uint32 capabilities = cli_session_setup_capabilities(cli);
462	char *p;
463
464	capabilities \|= CAP_EXTENDED_SECURITY;
465
466	/* send a session setup command */
467	memset(cli->outbuf,'\0',smb_size);
468
469	set_message(cli->outbuf,12,0,True);
470	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
471
472	cli_setup_packet(cli);
473
474	SCVAL(cli->outbuf,smb_vwv0,0xFF);
475	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
476	SSVAL(cli->outbuf,smb_vwv3,2);
477	SSVAL(cli->outbuf,smb_vwv4,1);
478	SIVAL(cli->outbuf,smb_vwv5,0);
479	SSVAL(cli->outbuf,smb_vwv7,blob.length);
480	SIVAL(cli->outbuf,smb_vwv10,capabilities);
481	p = smb_buf(cli->outbuf);
482	memcpy(p, blob.data, blob.length);
483	p += blob.length;
484	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
485	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
486	cli_setup_bcc(cli, p);
487	return cli_send_smb(cli);
488	}
489
490	/****************************************************************************
491	Send a extended security session setup blob, returning a reply blob.
492	****************************************************************************/
493
494	static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
495	{
496	DATA_BLOB blob2 = data_blob(NULL, 0);
497	char *p;
498	size_t len;
499
500	if (!cli_receive_smb(cli))
501	return blob2;
502
503	show_msg(cli->inbuf);
504
505	if (cli_is_error(cli) && !NT_STATUS_EQUAL(cli_nt_error(cli),
506	NT_STATUS_MORE_PROCESSING_REQUIRED)) {
507	return blob2;
508	}
509
510	/* use the returned vuid from now on */
511	cli->vuid = SVAL(cli->inbuf,smb_uid);
512
513	p = smb_buf(cli->inbuf);
514
515	blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
516
517	p += blob2.length;
518	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
519
520	/* w2k with kerberos doesn't properly null terminate this field */
521	len = smb_buflen(cli->inbuf) - PTR_DIFF(p, smb_buf(cli->inbuf));
522	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0);
523
524	return blob2;
525	}
526
527	#ifdef HAVE_KRB5
528	/****************************************************************************
529	Send a extended security session setup blob, returning a reply blob.
530	****************************************************************************/
531
532	/* The following is calculated from :
533	* (smb_size-4) = 35
534	* (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
535	* (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
536	* end of packet.
537	*/
538
539	#define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
540
541	static BOOL cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob, DATA_BLOB session_key_krb5)
542	{
543	int32 remaining = blob.length;
544	int32 cur = 0;
545	DATA_BLOB send_blob = data_blob(NULL, 0);
546	int32 max_blob_size = 0;
547	DATA_BLOB receive_blob = data_blob(NULL, 0);
548
549	if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
550	DEBUG(0,("cli_session_setup_blob: cli->max_xmit too small "
551	"(was %u, need minimum %u)\n",
552	(unsigned int)cli->max_xmit,
553	BASE_SESSSETUP_BLOB_PACKET_SIZE));
554	cli_set_nt_error(cli, NT_STATUS_INVALID_PARAMETER);
555	return False;
556	}
557
558	max_blob_size = cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE;
559
560	while ( remaining > 0) {
561	if (remaining >= max_blob_size) {
562	send_blob.length = max_blob_size;
563	remaining -= max_blob_size;
564	} else {
565	DATA_BLOB null_blob = data_blob(NULL, 0);
566
567	send_blob.length = remaining;
568	remaining = 0;
569
570	/* This is the last packet in the sequence - turn signing on. */
571	cli_simple_set_signing(cli, session_key_krb5, null_blob);
572	}
573
574	send_blob.data = &blob.data[cur];
575	cur += send_blob.length;
576
577	DEBUG(10, ("cli_session_setup_blob: Remaining (%u) sending (%u) current (%u)\n",
578	(unsigned int)remaining,
579	(unsigned int)send_blob.length,
580	(unsigned int)cur ));
581
582	if (!cli_session_setup_blob_send(cli, send_blob)) {
583	DEBUG(0, ("cli_session_setup_blob: send failed\n"));
584	return False;
585	}
586
587	receive_blob = cli_session_setup_blob_receive(cli);
588	data_blob_free(&receive_blob);
589
590	if (cli_is_error(cli) &&
591	!NT_STATUS_EQUAL( cli_get_nt_error(cli),
592	NT_STATUS_MORE_PROCESSING_REQUIRED)) {
593	DEBUG(0, ("cli_session_setup_blob: recieve failed (%s)\n",
594	nt_errstr(cli_get_nt_error(cli)) ));
595	cli->vuid = 0;
596	return False;
597	}
598	}
599
600	return True;
601	}
602
603	/****************************************************************************
604	Use in-memory credentials cache
605	****************************************************************************/
606
607	static void use_in_memory_ccache(void) {
608	setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
609	}
610
611	/****************************************************************************
612	Do a spnego/kerberos encrypted session setup.
613	****************************************************************************/
614
615	static ADS_STATUS cli_session_setup_kerberos(struct cli_state cli, const char principal, const char *workgroup)
616	{
617	DATA_BLOB negTokenTarg;
618	DATA_BLOB session_key_krb5;
619	int rc;
620
621	DEBUG(2,("Doing kerberos session setup\n"));
622
623	/* generate the encapsulated kerberos5 ticket */
624	rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5, 0, NULL);
625
626	if (rc) {
627	DEBUG(1, ("cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: %s\n",
628	error_message(rc)));
629	return ADS_ERROR_KRB5(rc);
630	}
631
632	#if 0
633	file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
634	#endif
635
636	if (!cli_session_setup_blob(cli, negTokenTarg, session_key_krb5)) {
637	data_blob_free(&negTokenTarg);
638	data_blob_free(&session_key_krb5);
639	return ADS_ERROR_NT(cli_nt_error(cli));
640	}
641
642	cli_set_session_key(cli, session_key_krb5);
643
644	data_blob_free(&negTokenTarg);
645	data_blob_free(&session_key_krb5);
646
647	if (cli_is_error(cli)) {
648	if (NT_STATUS_IS_OK(cli_nt_error(cli))) {
649	return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
650	}
651	}
652	return ADS_ERROR_NT(cli_nt_error(cli));
653	}
654	#endif /* HAVE_KRB5 */
655
656
657	/****************************************************************************
658	Do a spnego/NTLMSSP encrypted session setup.
659	****************************************************************************/
660
661	static NTSTATUS cli_session_setup_ntlmssp(struct cli_state cli, const char user,
662	const char pass, const char domain)
663	{
664	struct ntlmssp_state *ntlmssp_state;
665	NTSTATUS nt_status;
666	int turn = 1;
667	DATA_BLOB msg1;
668	DATA_BLOB blob = data_blob(NULL, 0);
669	DATA_BLOB blob_in = data_blob(NULL, 0);
670	DATA_BLOB blob_out = data_blob(NULL, 0);
671
672	cli_temp_set_signing(cli);
673
674	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
675	return nt_status;
676	}
677	ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
678
679	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
680	return nt_status;
681	}
682	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
683	return nt_status;
684	}
685	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, pass))) {
686	return nt_status;
687	}
688
689	do {
690	nt_status = ntlmssp_update(ntlmssp_state,
691	blob_in, &blob_out);
692	data_blob_free(&blob_in);
693	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) \|\| NT_STATUS_IS_OK(nt_status)) {
694	if (turn == 1) {
695	/* and wrap it in a SPNEGO wrapper */
696	msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
697	} else {
698	/* wrap it in SPNEGO */
699	msg1 = spnego_gen_auth(blob_out);
700	}
701
702	/* now send that blob on its way */
703	if (!cli_session_setup_blob_send(cli, msg1)) {
704	DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n"));
705	nt_status = NT_STATUS_UNSUCCESSFUL;
706	} else {
707	blob = cli_session_setup_blob_receive(cli);
708
709	nt_status = cli_nt_error(cli);
710	if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) {
711	if (cli->smb_rw_error == READ_BAD_SIG) {
712	nt_status = NT_STATUS_ACCESS_DENIED;
713	} else {
714	nt_status = NT_STATUS_UNSUCCESSFUL;
715	}
716	}
717	}
718	data_blob_free(&msg1);
719	}
720
721	if (!blob.length) {
722	if (NT_STATUS_IS_OK(nt_status)) {
723	nt_status = NT_STATUS_UNSUCCESSFUL;
724	}
725	} else if ((turn == 1) &&
726	NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
727	DATA_BLOB tmp_blob = data_blob(NULL, 0);
728	/* the server might give us back two challenges */
729	if (!spnego_parse_challenge(blob, &blob_in,
730	&tmp_blob)) {
731	DEBUG(3,("Failed to parse challenges\n"));
732	nt_status = NT_STATUS_INVALID_PARAMETER;
733	}
734	data_blob_free(&tmp_blob);
735	} else {
736	if (!spnego_parse_auth_response(blob, nt_status,
737	&blob_in)) {
738	DEBUG(3,("Failed to parse auth response\n"));
739	if (NT_STATUS_IS_OK(nt_status)
740	\|\| NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED))
741	nt_status = NT_STATUS_INVALID_PARAMETER;
742	}
743	}
744	data_blob_free(&blob);
745	data_blob_free(&blob_out);
746	turn++;
747	} while (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED));
748
749	data_blob_free(&blob_in);
750
751	if (NT_STATUS_IS_OK(nt_status)) {
752
753	DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
754	ntlmssp_state->session_key.length);
755	DATA_BLOB null_blob = data_blob(NULL, 0);
756	BOOL res;
757
758	fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
759	cli_set_session_key(cli, ntlmssp_state->session_key);
760
761	res = cli_simple_set_signing(cli, key, null_blob);
762
763	data_blob_free(&key);
764
765	if (res) {
766
767	/* 'resign' the last message, so we get the right sequence numbers
768	for checking the first reply from the server */
769	cli_calculate_sign_mac(cli);
770
771	if (!cli_check_sign_mac(cli)) {
772	nt_status = NT_STATUS_ACCESS_DENIED;
773	}
774	}
775	}
776
777	/* we have a reference conter on ntlmssp_state, if we are signing
778	then the state will be kept by the signing engine */
779
780	ntlmssp_end(&ntlmssp_state);
781
782	if (!NT_STATUS_IS_OK(nt_status)) {
783	cli->vuid = 0;
784	}
785	return nt_status;
786	}
787
788	/****************************************************************************
789	Do a spnego encrypted session setup.
790	****************************************************************************/
791
792	ADS_STATUS cli_session_setup_spnego(struct cli_state cli, const char user,
793	const char pass, const char domain)
794	{
795	char *principal;
796	char *OIDs[ASN1_MAX_OIDS];
797	int i;
798	BOOL got_kerberos_mechanism = False;
799	DATA_BLOB blob;
800
801	DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
802
803	/* the server might not even do spnego */
804	if (cli->secblob.length <= 16) {
805	DEBUG(3,("server didn't supply a full spnego negprot\n"));
806	goto ntlmssp;
807	}
808
809	#if 0
810	file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
811	#endif
812
813	/* there is 16 bytes of GUID before the real spnego packet starts */
814	blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
815
816	/* the server sent us the first part of the SPNEGO exchange in the negprot
817	reply */
818	if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
819	data_blob_free(&blob);
820	return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
821	}
822	data_blob_free(&blob);
823
824	/* make sure the server understands kerberos */
825	for (i=0;OIDs[i];i++) {
826	DEBUG(3,("got OID=%s\n", OIDs[i]));
827	if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 \|\|
828	strcmp(OIDs[i], OID_KERBEROS5) == 0) {
829	got_kerberos_mechanism = True;
830	}
831	free(OIDs[i]);
832	}
833
834	DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
835
836	if (got_kerberos_mechanism && (principal == NULL)) {
837	/*
838	* It is WRONG to depend on the principal sent in the negprot
839	* reply, but right now we do it. So for safety (don't
840	* segfault later) disable Kerberos when no principal was
841	* sent. -- VL
842	*/
843	DEBUG(1, ("Kerberos mech was offered, but no principal was "
844	"sent, disabling Kerberos\n"));
845	cli->use_kerberos = False;
846	}
847
848	fstrcpy(cli->user_name, user);
849
850	#ifdef HAVE_KRB5
851	/* If password is set we reauthenticate to kerberos server
852	* and do not store results */
853
854	if (got_kerberos_mechanism && cli->use_kerberos) {
855	ADS_STATUS rc;
856
857	if (pass && *pass) {
858	int ret;
859
860	use_in_memory_ccache();
861	ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
862
863	if (ret){
864	SAFE_FREE(principal);
865	DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
866	if (cli->fallback_after_kerberos)
867	goto ntlmssp;
868	return ADS_ERROR_KRB5(ret);
869	}
870	}
871
872	/* If we get a bad principal, try to guess it if
873	we have a valid host NetBIOS name.
874	*/
875	if (strequal(principal, ADS_IGNORE_PRINCIPAL)) {
876	SAFE_FREE(principal);
877	}
878	if (principal == NULL &&
879	!is_ipaddress(cli->desthost) &&
880	!strequal(star_smbserver_name,
881	cli->desthost)) {
882	char *realm = NULL;
883	char *machine = NULL;
884	char *host = NULL;
885	DEBUG(3,("cli_session_setup_spnego: got a "
886	"bad server principal, trying to guess ...\n"));
887
888	host = strchr_m(cli->desthost, '.');
889	if (host) {
890	machine = SMB_STRNDUP(cli->desthost,
891	host - cli->desthost);
892	} else {
893	machine = SMB_STRDUP(cli->desthost);
894	}
895	if (machine == NULL) {
896	return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
897	}
898
899	realm = kerberos_get_default_realm_from_ccache();
900	if (realm && *realm) {
901	if (asprintf(&principal, "%s$@%s",
902	machine, realm) < 0) {
903	SAFE_FREE(machine);
904	SAFE_FREE(realm);
905	return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
906	}
907	DEBUG(3,("cli_session_setup_spnego: guessed "
908	"server principal=%s\n",
909	principal ? principal : "<null>"));
910	}
911	SAFE_FREE(machine);
912	SAFE_FREE(realm);
913	}
914
915	if (principal) {
916	rc = cli_session_setup_kerberos(cli, principal, domain);
917	if (ADS_ERR_OK(rc) \|\| !cli->fallback_after_kerberos) {
918	SAFE_FREE(principal);
919	return rc;
920	}
921	}
922	}
923	#endif
924
925	SAFE_FREE(principal);
926
927	ntlmssp:
928
929	return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass, domain));
930	}
931
932	/****************************************************************************
933	Send a session setup. The username and workgroup is in UNIX character
934	format and must be converted to DOS codepage format before sending. If the
935	password is in plaintext, the same should be done.
936	****************************************************************************/
937
938	NTSTATUS cli_session_setup(struct cli_state *cli,
939	const char *user,
940	const char *pass, int passlen,
941	const char *ntpass, int ntpasslen,
942	const char *workgroup)
943	{
944	char *p;
945	fstring user2;
946
947	/* allow for workgroups as part of the username */
948	fstrcpy(user2, user);
949	if ((p=strchr_m(user2,'\\')) \|\| (p=strchr_m(user2,'/')) \|\|
950	(p=strchr_m(user2,*lp_winbind_separator()))) {
951	*p = 0;
952	user = p+1;
953	workgroup = user2;
954	}
955
956	if (cli->protocol < PROTOCOL_LANMAN1) {
957	return NT_STATUS_OK;
958	}
959
960	/* now work out what sort of session setup we are going to
961	do. I have split this into separate functions to make the
962	flow a bit easier to understand (tridge) */
963
964	/* if its an older server then we have to use the older request format */
965
966	if (cli->protocol < PROTOCOL_NT1) {
967	if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
968	DEBUG(1, ("Server requested LM password but 'client lanman auth'"
969	" is disabled\n"));
970	return NT_STATUS_ACCESS_DENIED;
971	}
972
973	if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
974	!lp_client_plaintext_auth() && (*pass)) {
975	DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
976	" is disabled\n"));
977	return NT_STATUS_ACCESS_DENIED;
978	}
979
980	return cli_session_setup_lanman2(cli, user, pass, passlen,
981	workgroup);
982	}
983
984	/* if no user is supplied then we have to do an anonymous connection.
985	passwords are ignored */
986
987	if (!user \|\| !*user)
988	return cli_session_setup_guest(cli);
989
990	/* if the server is share level then send a plaintext null
991	password at this point. The password is sent in the tree
992	connect */
993
994	if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
995	return cli_session_setup_plaintext(cli, user, "", workgroup);
996
997	/* if the server doesn't support encryption then we have to use
998	plaintext. The second password is ignored */
999
1000	if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
1001	if (!lp_client_plaintext_auth() && (*pass)) {
1002	DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
1003	" is disabled\n"));
1004	return NT_STATUS_ACCESS_DENIED;
1005	}
1006	return cli_session_setup_plaintext(cli, user, pass, workgroup);
1007	}
1008
1009	/* if the server supports extended security then use SPNEGO */
1010
1011	if (cli->capabilities & CAP_EXTENDED_SECURITY) {
1012	ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup);
1013	if (!ADS_ERR_OK(status)) {
1014	DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
1015	return ads_ntstatus(status);
1016	}
1017	} else {
1018	NTSTATUS status;
1019
1020	/* otherwise do a NT1 style session setup */
1021	status = cli_session_setup_nt1(cli, user, pass, passlen,
1022	ntpass, ntpasslen, workgroup);
1023	if (!NT_STATUS_IS_OK(status)) {
1024	DEBUG(3,("cli_session_setup: NT1 session setup "
1025	"failed: %s\n", nt_errstr(status)));
1026	return status;
1027	}
1028	}
1029
1030	if (strstr(cli->server_type, "Samba")) {
1031	cli->is_samba = True;
1032	}
1033
1034	return NT_STATUS_OK;
1035	}
1036
1037	/****************************************************************************
1038	Send a uloggoff.
1039	*****************************************************************************/
1040
1041	BOOL cli_ulogoff(struct cli_state *cli)
1042	{
1043	memset(cli->outbuf,'\0',smb_size);
1044	set_message(cli->outbuf,2,0,True);
1045	SCVAL(cli->outbuf,smb_com,SMBulogoffX);
1046	cli_setup_packet(cli);
1047	SSVAL(cli->outbuf,smb_vwv0,0xFF);
1048	SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */
1049
1050	cli_send_smb(cli);
1051	if (!cli_receive_smb(cli))
1052	return False;
1053
1054	if (cli_is_error(cli)) {
1055	return False;
1056	}
1057
1058	cli->cnum = -1;
1059	return True;
1060	}
1061
1062	/****************************************************************************
1063	Send a tconX.
1064	****************************************************************************/
1065
1066	BOOL cli_send_tconX(struct cli_state *cli,
1067	const char share, const char dev, const char *pass, int passlen)
1068	{
1069	fstring fullshare, pword;
1070	char *p;
1071	memset(cli->outbuf,'\0',smb_size);
1072	memset(cli->inbuf,'\0',smb_size);
1073
1074	fstrcpy(cli->share, share);
1075
1076	/* in user level security don't send a password now */
1077	if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
1078	passlen = 1;
1079	pass = "";
1080	} else if (!pass) {
1081	DEBUG(1, ("Server not using user level security and no password supplied.\n"));
1082	return False;
1083	}
1084
1085	if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
1086	*pass && passlen != 24) {
1087	if (!lp_client_lanman_auth()) {
1088	DEBUG(1, ("Server requested LANMAN password (share-level security) but 'client use lanman auth'"
1089	" is disabled\n"));
1090	return False;
1091	}
1092
1093	/*
1094	* Non-encrypted passwords - convert to DOS codepage before encryption.
1095	*/
1096	passlen = 24;
1097	SMBencrypt(pass,cli->secblob.data,(uchar *)pword);
1098	} else {
1099	if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL\|NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)) == 0) {
1100	if (!lp_client_plaintext_auth() && (*pass)) {
1101	DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
1102	" is disabled\n"));
1103	return False;
1104	}
1105
1106	/*
1107	* Non-encrypted passwords - convert to DOS codepage before using.
1108	*/
1109	passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
1110
1111	} else {
1112	if (passlen) {
1113	memcpy(pword, pass, passlen);
1114	}
1115	}
1116	}
1117
1118	slprintf(fullshare, sizeof(fullshare)-1,
1119	"\\\\%s\\%s", cli->desthost, share);
1120
1121	set_message(cli->outbuf,4, 0, True);
1122	SCVAL(cli->outbuf,smb_com,SMBtconX);
1123	cli_setup_packet(cli);
1124
1125	SSVAL(cli->outbuf,smb_vwv0,0xFF);
1126	SSVAL(cli->outbuf,smb_vwv2,TCONX_FLAG_EXTENDED_RESPONSE);
1127	SSVAL(cli->outbuf,smb_vwv3,passlen);
1128
1129	p = smb_buf(cli->outbuf);
1130	if (passlen) {
1131	memcpy(p,pword,passlen);
1132	}
1133	p += passlen;
1134	p += clistr_push(cli, p, fullshare, -1, STR_TERMINATE \|STR_UPPER);
1135	p += clistr_push(cli, p, dev, -1, STR_TERMINATE \|STR_UPPER \| STR_ASCII);
1136
1137	cli_setup_bcc(cli, p);
1138
1139	cli_send_smb(cli);
1140	if (!cli_receive_smb(cli))
1141	return False;
1142
1143	if (cli_is_error(cli))
1144	return False;
1145
1146	clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE\|STR_ASCII);
1147
1148	if (cli->protocol >= PROTOCOL_NT1 &&
1149	smb_buflen(cli->inbuf) == 3) {
1150	/* almost certainly win95 - enable bug fixes */
1151	cli->win95 = True;
1152	}
1153
1154	/* Make sure that we have the optional support 16-bit field. WCT > 2 */
1155	/* Avoids issues when connecting to Win9x boxes sharing files */
1156
1157	cli->dfsroot = False;
1158	if ( (CVAL(cli->inbuf, smb_wct))>2 && cli->protocol >= PROTOCOL_LANMAN2 )
1159	cli->dfsroot = (SVAL( cli->inbuf, smb_vwv2 ) & SMB_SHARE_IN_DFS) ? True : False;
1160
1161	cli->cnum = SVAL(cli->inbuf,smb_tid);
1162	return True;
1163	}
1164
1165	/****************************************************************************
1166	Send a tree disconnect.
1167	****************************************************************************/
1168
1169	BOOL cli_tdis(struct cli_state *cli)
1170	{
1171	memset(cli->outbuf,'\0',smb_size);
1172	set_message(cli->outbuf,0,0,True);
1173	SCVAL(cli->outbuf,smb_com,SMBtdis);
1174	SSVAL(cli->outbuf,smb_tid,cli->cnum);
1175	cli_setup_packet(cli);
1176
1177	cli_send_smb(cli);
1178	if (!cli_receive_smb(cli))
1179	return False;
1180
1181	if (cli_is_error(cli)) {
1182	return False;
1183	}
1184
1185	cli->cnum = -1;
1186	return True;
1187	}
1188
1189	/****************************************************************************
1190	Send a negprot command.
1191	****************************************************************************/
1192
1193	void cli_negprot_send(struct cli_state *cli)
1194	{
1195	char *p;
1196	int numprots;
1197
1198	if (cli->protocol < PROTOCOL_NT1)
1199	cli->use_spnego = False;
1200
1201	memset(cli->outbuf,'\0',smb_size);
1202
1203	/* setup the protocol strings */
1204	set_message(cli->outbuf,0,0,True);
1205
1206	p = smb_buf(cli->outbuf);
1207	for (numprots=0;
1208	prots[numprots].name && prots[numprots].prot<=cli->protocol;
1209	numprots++) {
1210	*p++ = 2;
1211	p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1212	}
1213
1214	SCVAL(cli->outbuf,smb_com,SMBnegprot);
1215	cli_setup_bcc(cli, p);
1216	cli_setup_packet(cli);
1217
1218	SCVAL(smb_buf(cli->outbuf),0,2);
1219
1220	cli_send_smb(cli);
1221	}
1222
1223	/****************************************************************************
1224	Send a negprot command.
1225	****************************************************************************/
1226
1227	BOOL cli_negprot(struct cli_state *cli)
1228	{
1229	char *p;
1230	int numprots;
1231	int plength;
1232
1233	if (cli->protocol < PROTOCOL_NT1)
1234	cli->use_spnego = False;
1235
1236	memset(cli->outbuf,'\0',smb_size);
1237
1238	/* setup the protocol strings */
1239	for (plength=0,numprots=0;
1240	prots[numprots].name && prots[numprots].prot<=cli->protocol;
1241	numprots++)
1242	plength += strlen(prots[numprots].name)+2;
1243
1244	set_message(cli->outbuf,0,plength,True);
1245
1246	p = smb_buf(cli->outbuf);
1247	for (numprots=0;
1248	prots[numprots].name && prots[numprots].prot<=cli->protocol;
1249	numprots++) {
1250	*p++ = 2;
1251	p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1252	}
1253
1254	SCVAL(cli->outbuf,smb_com,SMBnegprot);
1255	cli_setup_packet(cli);
1256
1257	SCVAL(smb_buf(cli->outbuf),0,2);
1258
1259	cli_send_smb(cli);
1260	if (!cli_receive_smb(cli))
1261	return False;
1262
1263	show_msg(cli->inbuf);
1264
1265	if (cli_is_error(cli) \|\|
1266	((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) {
1267	return(False);
1268	}
1269
1270	cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot;
1271
1272	if ((cli->protocol < PROTOCOL_NT1) && cli->sign_info.mandatory_signing) {
1273	DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
1274	return False;
1275	}
1276
1277	if (cli->protocol >= PROTOCOL_NT1) {
1278	struct timespec ts;
1279	/* NT protocol */
1280	cli->sec_mode = CVAL(cli->inbuf,smb_vwv1);
1281	cli->max_mux = SVAL(cli->inbuf, smb_vwv1+1);
1282	cli->max_xmit = IVAL(cli->inbuf,smb_vwv3+1);
1283	cli->sesskey = IVAL(cli->inbuf,smb_vwv7+1);
1284	cli->serverzone = SVALS(cli->inbuf,smb_vwv15+1);
1285	cli->serverzone *= 60;
1286	/* this time arrives in real GMT */
1287	ts = interpret_long_date(cli->inbuf+smb_vwv11+1);
1288	cli->servertime = ts.tv_sec;
1289	cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
1290	cli->capabilities = IVAL(cli->inbuf,smb_vwv9+1);
1291	if (cli->capabilities & CAP_RAW_MODE) {
1292	cli->readbraw_supported = True;
1293	cli->writebraw_supported = True;
1294	}
1295	/* work out if they sent us a workgroup */
1296	if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
1297	smb_buflen(cli->inbuf) > 8) {
1298	clistr_pull(cli, cli->server_domain,
1299	smb_buf(cli->inbuf)+8, sizeof(cli->server_domain),
1300	smb_buflen(cli->inbuf)-8, STR_UNICODE\|STR_NOALIGN);
1301	}
1302
1303	/*
1304	* As signing is slow we only turn it on if either the client or
1305	* the server require it. JRA.
1306	*/
1307
1308	if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
1309	/* Fail if server says signing is mandatory and we don't want to support it. */
1310	if (!cli->sign_info.allow_smb_signing) {
1311	DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
1312	return False;
1313	}
1314	cli->sign_info.negotiated_smb_signing = True;
1315	cli->sign_info.mandatory_signing = True;
1316	} else if (cli->sign_info.mandatory_signing && cli->sign_info.allow_smb_signing) {
1317	/* Fail if client says signing is mandatory and the server doesn't support it. */
1318	if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
1319	DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
1320	return False;
1321	}
1322	cli->sign_info.negotiated_smb_signing = True;
1323	cli->sign_info.mandatory_signing = True;
1324	} else if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
1325	cli->sign_info.negotiated_smb_signing = True;
1326	}
1327
1328	if (cli->capabilities & (CAP_LARGE_READX\|CAP_LARGE_WRITEX)) {
1329	SAFE_FREE(cli->outbuf);
1330	SAFE_FREE(cli->inbuf);
1331	cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
1332	cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
1333	cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE;
1334	}
1335
1336	} else if (cli->protocol >= PROTOCOL_LANMAN1) {
1337	cli->use_spnego = False;
1338	cli->sec_mode = SVAL(cli->inbuf,smb_vwv1);
1339	cli->max_xmit = SVAL(cli->inbuf,smb_vwv2);
1340	cli->max_mux = SVAL(cli->inbuf, smb_vwv3);
1341	cli->sesskey = IVAL(cli->inbuf,smb_vwv6);
1342	cli->serverzone = SVALS(cli->inbuf,smb_vwv10);
1343	cli->serverzone *= 60;
1344	/* this time is converted to GMT by make_unix_date */
1345	cli->servertime = cli_make_unix_date(cli,cli->inbuf+smb_vwv8);
1346	cli->readbraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x1) != 0);
1347	cli->writebraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x2) != 0);
1348	cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
1349	} else {
1350	/* the old core protocol */
1351	cli->use_spnego = False;
1352	cli->sec_mode = 0;
1353	cli->serverzone = get_time_zone(time(NULL));
1354	}
1355
1356	cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
1357
1358	/* a way to force ascii SMB */
1359	if (getenv("CLI_FORCE_ASCII"))
1360	cli->capabilities &= ~CAP_UNICODE;
1361
1362	return True;
1363	}
1364
1365	/****************************************************************************
1366	Send a session request. See rfc1002.txt 4.3 and 4.3.2.
1367	****************************************************************************/
1368
1369	BOOL cli_session_request(struct cli_state *cli,
1370	struct nmb_name calling, struct nmb_name called)
1371	{
1372	char *p;
1373	int len = 4;
1374
1375	memcpy(&(cli->calling), calling, sizeof(*calling));
1376	memcpy(&(cli->called ), called , sizeof(*called ));
1377
1378	/* put in the destination name */
1379	p = cli->outbuf+len;
1380	name_mangle(cli->called .name, p, cli->called .name_type);
1381	len += name_len(p);
1382
1383	/* and my name */
1384	p = cli->outbuf+len;
1385	name_mangle(cli->calling.name, p, cli->calling.name_type);
1386	len += name_len(p);
1387
1388	/* 445 doesn't have session request */
1389	if (cli->port == 445)
1390	return True;
1391
1392	/* send a session request (RFC 1002) */
1393	/* setup the packet length
1394	* Remove four bytes from the length count, since the length
1395	* field in the NBT Session Service header counts the number
1396	* of bytes which follow. The cli_send_smb() function knows
1397	* about this and accounts for those four bytes.
1398	* CRH.
1399	*/
1400	len -= 4;
1401	_smb_setlen(cli->outbuf,len);
1402	SCVAL(cli->outbuf,0,0x81);
1403
1404	cli_send_smb(cli);
1405	DEBUG(5,("Sent session request\n"));
1406
1407	if (!cli_receive_smb(cli))
1408	return False;
1409
1410	if (CVAL(cli->inbuf,0) == 0x84) {
1411	/* C. Hoch 9/14/95 Start */
1412	/* For information, here is the response structure.
1413	* We do the byte-twiddling to for portability.
1414	struct RetargetResponse{
1415	unsigned char type;
1416	unsigned char flags;
1417	int16 length;
1418	int32 ip_addr;
1419	int16 port;
1420	};
1421	*/
1422	int port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
1423	/* SESSION RETARGET */
1424	putip((char *)&cli->dest_ip,cli->inbuf+4);
1425
1426	cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, port, LONG_CONNECT_TIMEOUT);
1427	if (cli->fd == -1)
1428	return False;
1429
1430	DEBUG(3,("Retargeted\n"));
1431
1432	set_socket_options(cli->fd,user_socket_options);
1433
1434	/* Try again */
1435	{
1436	static int depth;
1437	BOOL ret;
1438	if (depth > 4) {
1439	DEBUG(0,("Retarget recursion - failing\n"));
1440	return False;
1441	}
1442	depth++;
1443	ret = cli_session_request(cli, calling, called);
1444	depth--;
1445	return ret;
1446	}
1447	} /* C. Hoch 9/14/95 End */
1448
1449	if (CVAL(cli->inbuf,0) != 0x82) {
1450	/* This is the wrong place to put the error... JRA. */
1451	cli->rap_error = CVAL(cli->inbuf,4);
1452	return False;
1453	}
1454	return(True);
1455	}
1456
1457	/****************************************************************************
1458	Open the client sockets.
1459	****************************************************************************/
1460
1461	NTSTATUS cli_connect(struct cli_state cli, const char host, struct in_addr *ip)
1462	{
1463	int name_type = 0x20;
1464	char *p;
1465
1466	/* reasonable default hostname */
1467	if (!host) host = star_smbserver_name;
1468
1469	fstrcpy(cli->desthost, host);
1470
1471	/* allow hostnames of the form NAME#xx and do a netbios lookup */
1472	if ((p = strchr(cli->desthost, '#'))) {
1473	name_type = strtol(p+1, NULL, 16);
1474	*p = 0;
1475	}
1476
1477	if (!ip \|\| is_zero_ip(*ip)) {
1478	if (!resolve_name(cli->desthost, &cli->dest_ip, name_type)) {
1479	return NT_STATUS_BAD_NETWORK_NAME;
1480	}
1481	if (ip) *ip = cli->dest_ip;
1482	} else {
1483	cli->dest_ip = *ip;
1484	}
1485
1486	if (getenv("LIBSMB_PROG")) {
1487	cli->fd = sock_exec(getenv("LIBSMB_PROG"));
1488	} else {
1489	/* try 445 first, then 139 */
1490	int port = cli->port?cli->port:445;
1491	cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip,
1492	port, cli->timeout);
1493	if (cli->fd == -1 && cli->port == 0) {
1494	port = 139;
1495	cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip,
1496	port, cli->timeout);
1497	}
1498	if (cli->fd != -1)
1499	cli->port = port;
1500	}
1501	if (cli->fd == -1) {
1502	DEBUG(1,("Error connecting to %s (%s)\n",
1503	ip?inet_ntoa(*ip):host,strerror(errno)));
1504	return map_nt_error_from_unix(errno);
1505	}
1506
1507	set_socket_options(cli->fd,user_socket_options);
1508
1509	return NT_STATUS_OK;
1510	}
1511
1512	/**
1513	establishes a connection to after the negprot.
1514	@param output_cli A fully initialised cli structure, non-null only on success
1515	@param dest_host The netbios name of the remote host
1516	@param dest_ip (optional) The the destination IP, NULL for name based lookup
1517	@param port (optional) The destination port (0 for default)
1518	@param retry BOOL. Did this connection fail with a retryable error ?
1519
1520	*/
1521	NTSTATUS cli_start_connection(struct cli_state **output_cli,
1522	const char *my_name,
1523	const char *dest_host,
1524	struct in_addr *dest_ip, int port,
1525	int signing_state, int flags,
1526	BOOL *retry)
1527	{
1528	NTSTATUS nt_status;
1529	struct nmb_name calling;
1530	struct nmb_name called;
1531	struct cli_state *cli;
1532	struct in_addr ip;
1533
1534	if (retry)
1535	*retry = False;
1536
1537	if (!my_name)
1538	my_name = global_myname();
1539
1540	if (!(cli = cli_initialise())) {
1541	return NT_STATUS_NO_MEMORY;
1542	}
1543
1544	make_nmb_name(&calling, my_name, 0x0);
1545	make_nmb_name(&called , dest_host, 0x20);
1546
1547	if (cli_set_port(cli, port) != port) {
1548	cli_shutdown(cli);
1549	return NT_STATUS_UNSUCCESSFUL;
1550	}
1551
1552	cli_set_timeout(cli, 10000); /* 10 seconds. */
1553
1554	if (dest_ip)
1555	ip = *dest_ip;
1556	else
1557	ZERO_STRUCT(ip);
1558
1559	again:
1560
1561	DEBUG(3,("Connecting to host=%s\n", dest_host));
1562
1563	nt_status = cli_connect(cli, dest_host, &ip);
1564	if (!NT_STATUS_IS_OK(nt_status)) {
1565	DEBUG(1,("cli_start_connection: failed to connect to %s (%s). Error %s\n",
1566	nmb_namestr(&called), inet_ntoa(ip), nt_errstr(nt_status) ));
1567	cli_shutdown(cli);
1568	return nt_status;
1569	}
1570
1571	if (retry)
1572	*retry = True;
1573
1574	if (!cli_session_request(cli, &calling, &called)) {
1575	char *p;
1576	DEBUG(1,("session request to %s failed (%s)\n",
1577	called.name, cli_errstr(cli)));
1578	if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
1579	*p = 0;
1580	goto again;
1581	}
1582	if (strcmp(called.name, star_smbserver_name)) {
1583	make_nmb_name(&called , star_smbserver_name, 0x20);
1584	goto again;
1585	}
1586	return NT_STATUS_BAD_NETWORK_NAME;
1587	}
1588
1589	cli_setup_signing_state(cli, signing_state);
1590
1591	if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
1592	cli->use_spnego = False;
1593	else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
1594	cli->use_kerberos = True;
1595
1596	if (!cli_negprot(cli)) {
1597	DEBUG(1,("failed negprot\n"));
1598	nt_status = cli_nt_error(cli);
1599	if (NT_STATUS_IS_OK(nt_status)) {
1600	nt_status = NT_STATUS_UNSUCCESSFUL;
1601	}
1602	cli_shutdown(cli);
1603	return nt_status;
1604	}
1605
1606	*output_cli = cli;
1607	return NT_STATUS_OK;
1608	}
1609
1610
1611	/**
1612	establishes a connection right up to doing tconX, password specified.
1613	@param output_cli A fully initialised cli structure, non-null only on success
1614	@param dest_host The netbios name of the remote host
1615	@param dest_ip (optional) The the destination IP, NULL for name based lookup
1616	@param port (optional) The destination port (0 for default)
1617	@param service (optional) The share to make the connection to. Should be 'unqualified' in any way.
1618	@param service_type The 'type' of serivice.
1619	@param user Username, unix string
1620	@param domain User's domain
1621	@param password User's password, unencrypted unix string.
1622	@param retry BOOL. Did this connection fail with a retryable error ?
1623	*/
1624
1625	NTSTATUS cli_full_connection(struct cli_state **output_cli,
1626	const char *my_name,
1627	const char *dest_host,
1628	struct in_addr *dest_ip, int port,
1629	const char service, const char service_type,
1630	const char user, const char domain,
1631	const char *password, int flags,
1632	int signing_state,
1633	BOOL *retry)
1634	{
1635	NTSTATUS nt_status;
1636	struct cli_state *cli = NULL;
1637	int pw_len = password ? strlen(password)+1 : 0;
1638
1639	*output_cli = NULL;
1640
1641	if (password == NULL) {
1642	password = "";
1643	}
1644
1645	nt_status = cli_start_connection(&cli, my_name, dest_host,
1646	dest_ip, port, signing_state, flags, retry);
1647
1648	if (!NT_STATUS_IS_OK(nt_status)) {
1649	return nt_status;
1650	}
1651
1652	nt_status = cli_session_setup(cli, user, password, pw_len, password,
1653	pw_len, domain);
1654	if (!NT_STATUS_IS_OK(nt_status)) {
1655
1656	if (!(flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
1657	DEBUG(1,("failed session setup with %s\n",
1658	nt_errstr(nt_status)));
1659	cli_shutdown(cli);
1660	return nt_status;
1661	}
1662
1663	nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
1664	if (!NT_STATUS_IS_OK(nt_status)) {
1665	DEBUG(1,("anonymous failed session setup with %s\n",
1666	nt_errstr(nt_status)));
1667	cli_shutdown(cli);
1668	return nt_status;
1669	}
1670	}
1671
1672	if (service) {
1673	if (!cli_send_tconX(cli, service, service_type, password, pw_len)) {
1674	nt_status = cli_nt_error(cli);
1675	DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
1676	cli_shutdown(cli);
1677	if (NT_STATUS_IS_OK(nt_status)) {
1678	nt_status = NT_STATUS_UNSUCCESSFUL;
1679	}
1680	return nt_status;
1681	}
1682	}
1683
1684	cli_init_creds(cli, user, domain, password);
1685
1686	*output_cli = cli;
1687	return NT_STATUS_OK;
1688	}
1689
1690	/****************************************************************************
1691	Attempt a NetBIOS session request, falling back to *SMBSERVER if needed.
1692	****************************************************************************/
1693
1694	BOOL attempt_netbios_session_request(struct cli_state *ppcli, const char srchost, const char *desthost,
1695	struct in_addr *pdest_ip)
1696	{
1697	struct nmb_name calling, called;
1698
1699	make_nmb_name(&calling, srchost, 0x0);
1700
1701	/*
1702	* If the called name is an IP address
1703	* then use *SMBSERVER immediately.
1704	*/
1705
1706	if(is_ipaddress(desthost)) {
1707	make_nmb_name(&called, star_smbserver_name, 0x20);
1708	} else {
1709	make_nmb_name(&called, desthost, 0x20);
1710	}
1711
1712	if (!cli_session_request(*ppcli, &calling, &called)) {
1713	NTSTATUS status;
1714	struct nmb_name smbservername;
1715
1716	make_nmb_name(&smbservername, star_smbserver_name, 0x20);
1717
1718	/*
1719	* If the name wasn't *SMBSERVER then
1720	* try with *SMBSERVER if the first name fails.
1721	*/
1722
1723	if (nmb_name_equal(&called, &smbservername)) {
1724
1725	/*
1726	* The name used was *SMBSERVER, don't bother with another name.
1727	*/
1728
1729	DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
1730	with error %s.\n", desthost, cli_errstr(*ppcli) ));
1731	return False;
1732	}
1733
1734	/* Try again... */
1735	cli_shutdown(*ppcli);
1736
1737	*ppcli = cli_initialise();
1738	if (!*ppcli) {
1739	/* Out of memory... */
1740	return False;
1741	}
1742
1743	status = cli_connect(*ppcli, desthost, pdest_ip);
1744	if (!NT_STATUS_IS_OK(status) \|\|
1745	!cli_session_request(*ppcli, &calling, &smbservername)) {
1746	DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
1747	name SMBSERVER with error %s\n", desthost, cli_errstr(ppcli) ));
1748	return False;
1749	}
1750	}
1751
1752	return True;
1753	}
1754
1755
1756
1757
1758
1759	/****************************************************************************
1760	Send an old style tcon.
1761	****************************************************************************/
1762	NTSTATUS cli_raw_tcon(struct cli_state *cli,
1763	const char service, const char pass, const char *dev,
1764	uint16 max_xmit, uint16 tid)
1765	{
1766	char *p;
1767
1768	if (!lp_client_plaintext_auth() && (*pass)) {
1769	DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
1770	" is disabled\n"));
1771	return NT_STATUS_ACCESS_DENIED;
1772	}
1773
1774	memset(cli->outbuf,'\0',smb_size);
1775	memset(cli->inbuf,'\0',smb_size);
1776
1777	set_message(cli->outbuf, 0, 0, True);
1778	SCVAL(cli->outbuf,smb_com,SMBtcon);
1779	cli_setup_packet(cli);
1780
1781	p = smb_buf(cli->outbuf);
1782	*p++ = 4; p += clistr_push(cli, p, service, -1, STR_TERMINATE \| STR_NOALIGN);
1783	*p++ = 4; p += clistr_push(cli, p, pass, -1, STR_TERMINATE \| STR_NOALIGN);
1784	*p++ = 4; p += clistr_push(cli, p, dev, -1, STR_TERMINATE \| STR_NOALIGN);
1785
1786	cli_setup_bcc(cli, p);
1787
1788	cli_send_smb(cli);
1789	if (!cli_receive_smb(cli)) {
1790	return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
1791	}
1792
1793	if (cli_is_error(cli)) {
1794	return cli_nt_error(cli);
1795	}
1796
1797	*max_xmit = SVAL(cli->inbuf, smb_vwv0);
1798	*tid = SVAL(cli->inbuf, smb_vwv1);
1799
1800	return NT_STATUS_OK;
1801	}
1802
1803	/* Return a cli_state pointing at the IPC$ share for the given server */
1804
1805	struct cli_state get_ipc_connect(char server, struct in_addr *server_ip,
1806	struct user_auth_info *user_info)
1807	{
1808	struct cli_state *cli;
1809	pstring myname;
1810	NTSTATUS nt_status;
1811
1812	get_myname(myname);
1813
1814	nt_status = cli_full_connection(&cli, myname, server, server_ip, 0, "IPC$", "IPC",
1815	user_info->username, lp_workgroup(), user_info->password,
1816	CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK, Undefined, NULL);
1817
1818	if (NT_STATUS_IS_OK(nt_status)) {
1819	return cli;
1820	} else if (is_ipaddress(server)) {
1821	/* windows 9* needs a correct NMB name for connections */
1822	fstring remote_name;
1823
1824	if (name_status_find("", 0, 0, server_ip, remote_name)) {
1825	cli = get_ipc_connect(remote_name, server_ip, user_info);
1826	if (cli)
1827	return cli;
1828	}
1829	}
1830	return NULL;
1831	}
1832
1833	/*
1834	* Given the IP address of a master browser on the network, return its
1835	* workgroup and connect to it.
1836	*
1837	* This function is provided to allow additional processing beyond what
1838	* get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
1839	* browsers and obtain each master browsers' list of domains (in case the
1840	* first master browser is recently on the network and has not yet
1841	* synchronized with other master browsers and therefore does not yet have the
1842	* entire network browse list)
1843	*/
1844
1845	struct cli_state get_ipc_connect_master_ip(struct ip_service mb_ip, pstring workgroup, struct user_auth_info *user_info)
1846	{
1847	static fstring name;
1848	struct cli_state *cli;
1849	struct in_addr server_ip;
1850
1851	DEBUG(99, ("Looking up name of master browser %s\n",
1852	inet_ntoa(mb_ip->ip)));
1853
1854	/*
1855	* Do a name status query to find out the name of the master browser.
1856	* We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
1857	* master browser will not respond to a wildcard query (or, at least,
1858	* an NT4 server acting as the domain master browser will not).
1859	*
1860	* We might be able to use ONLY the query on MSBROWSE, but that's not
1861	* yet been tested with all Windows versions, so until it is, leave
1862	* the original wildcard query as the first choice and fall back to
1863	* MSBROWSE if the wildcard query fails.
1864	*/
1865	if (!name_status_find("*", 0, 0x1d, mb_ip->ip, name) &&
1866	!name_status_find(MSBROWSE, 1, 0x1d, mb_ip->ip, name)) {
1867
1868	DEBUG(99, ("Could not retrieve name status for %s\n",
1869	inet_ntoa(mb_ip->ip)));
1870	return NULL;
1871	}
1872
1873	if (!find_master_ip(name, &server_ip)) {
1874	DEBUG(99, ("Could not find master ip for %s\n", name));
1875	return NULL;
1876	}
1877
1878	pstrcpy(workgroup, name);
1879
1880	DEBUG(4, ("found master browser %s, %s\n",
1881	name, inet_ntoa(mb_ip->ip)));
1882
1883	cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info);
1884
1885	return cli;
1886
1887	}
1888
1889	/*
1890	* Return the IP address and workgroup of a master browser on the network, and
1891	* connect to it.
1892	*/
1893
1894	struct cli_state get_ipc_connect_master_ip_bcast(pstring workgroup, struct user_auth_info user_info)
1895	{
1896	struct ip_service *ip_list;
1897	struct cli_state *cli;
1898	int i, count;
1899
1900	DEBUG(99, ("Do broadcast lookup for workgroups on local network\n"));
1901
1902	/* Go looking for workgroups by broadcasting on the local network */
1903
1904	if (!name_resolve_bcast(MSBROWSE, 1, &ip_list, &count)) {
1905	DEBUG(99, ("No master browsers responded\n"));
1906	return False;
1907	}
1908
1909	for (i = 0; i < count; i++) {
1910	DEBUG(99, ("Found master browser %s\n", inet_ntoa(ip_list[i].ip)));
1911
1912	cli = get_ipc_connect_master_ip(&ip_list[i], workgroup, user_info);
1913	if (cli)
1914	return(cli);
1915	}
1916
1917	return NULL;
1918	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: