Context Navigation

source: branches/samba-3.3.x/source/libsmb/cliconnect.c@ 972

Visit:

Last change on this file since 972 was 370, checked in by Herwig Bauernfeind, 16 years ago
Update Samba 3.3 to 3.3.10 (source)
File size: 60.0 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	client connect/disconnect routines
4	Copyright (C) Andrew Tridgell 1994-1998
5	Copyright (C) Andrew Bartlett 2001-2003
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program. If not, see <http://www.gnu.org/licenses/>.
19	*/
20
21	#include "includes.h"
22	#include "smb_krb5.h"
23
24	static const struct {
25	int prot;
26	const char *name;
27	} prots[] = {
28	{PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"},
29	{PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"},
30	{PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"},
31	{PROTOCOL_LANMAN1,"LANMAN1.0"},
32	{PROTOCOL_LANMAN2,"LM1.2X002"},
33	{PROTOCOL_LANMAN2,"DOS LANMAN2.1"},
34	{PROTOCOL_LANMAN2,"LANMAN2.1"},
35	{PROTOCOL_LANMAN2,"Samba"},
36	{PROTOCOL_NT1,"NT LANMAN 1.0"},
37	{PROTOCOL_NT1,"NT LM 0.12"},
38	{-1,NULL}
39	};
40
41	static const char star_smbserver_name = "SMBSERVER";
42
43	/**
44	* Set the user session key for a connection
45	* @param cli The cli structure to add it too
46	* @param session_key The session key used. (A copy of this is taken for the cli struct)
47	*
48	*/
49
50	static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB session_key)
51	{
52	cli->user_session_key = data_blob(session_key.data, session_key.length);
53	}
54
55	/****************************************************************************
56	Do an old lanman2 style session setup.
57	****************************************************************************/
58
59	static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
60	const char *user,
61	const char *pass, size_t passlen,
62	const char *workgroup)
63	{
64	DATA_BLOB session_key = data_blob_null;
65	DATA_BLOB lm_response = data_blob_null;
66	fstring pword;
67	char *p;
68
69	if (passlen > sizeof(pword)-1) {
70	return NT_STATUS_INVALID_PARAMETER;
71	}
72
73	/* LANMAN servers predate NT status codes and Unicode and ignore those
74	smb flags so we must disable the corresponding default capabilities
75	that would otherwise cause the Unicode and NT Status flags to be
76	set (and even returned by the server) */
77
78	cli->capabilities &= ~(CAP_UNICODE \| CAP_STATUS32);
79
80	/* if in share level security then don't send a password now */
81	if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
82	passlen = 0;
83
84	if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) {
85	/* Encrypted mode needed, and non encrypted password supplied. */
86	lm_response = data_blob(NULL, 24);
87	if (!SMBencrypt(pass, cli->secblob.data,(uchar *)lm_response.data)) {
88	DEBUG(1, ("Password is > 14 chars in length, and is therefore incompatible with Lanman authentication\n"));
89	return NT_STATUS_ACCESS_DENIED;
90	}
91	} else if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen == 24) {
92	/* Encrypted mode needed, and encrypted password supplied. */
93	lm_response = data_blob(pass, passlen);
94	} else if (passlen > 0) {
95	/* Plaintext mode needed, assume plaintext supplied. */
96	passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
97	lm_response = data_blob(pass, passlen);
98	}
99
100	/* send a session setup command */
101	memset(cli->outbuf,'\0',smb_size);
102	cli_set_message(cli->outbuf,10, 0, True);
103	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
104	cli_setup_packet(cli);
105
106	SCVAL(cli->outbuf,smb_vwv0,0xFF);
107	SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
108	SSVAL(cli->outbuf,smb_vwv3,2);
109	SSVAL(cli->outbuf,smb_vwv4,1);
110	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
111	SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
112
113	p = smb_buf(cli->outbuf);
114	memcpy(p,lm_response.data,lm_response.length);
115	p += lm_response.length;
116	p += clistr_push(cli, p, user, -1, STR_TERMINATE\|STR_UPPER);
117	p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE\|STR_UPPER);
118	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
119	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
120	cli_setup_bcc(cli, p);
121
122	if (!cli_send_smb(cli) \|\| !cli_receive_smb(cli)) {
123	return cli_nt_error(cli);
124	}
125
126	show_msg(cli->inbuf);
127
128	if (cli_is_error(cli)) {
129	return cli_nt_error(cli);
130	}
131
132	/* use the returned vuid from now on */
133	cli->vuid = SVAL(cli->inbuf,smb_uid);
134	fstrcpy(cli->user_name, user);
135
136	if (session_key.data) {
137	/* Have plaintext orginal */
138	cli_set_session_key(cli, session_key);
139	}
140
141	return NT_STATUS_OK;
142	}
143
144	/****************************************************************************
145	Work out suitable capabilities to offer the server.
146	****************************************************************************/
147
148	static uint32 cli_session_setup_capabilities(struct cli_state *cli)
149	{
150	uint32 capabilities = CAP_NT_SMBS;
151
152	if (!cli->force_dos_errors)
153	capabilities \|= CAP_STATUS32;
154
155	if (cli->use_level_II_oplocks)
156	capabilities \|= CAP_LEVEL_II_OPLOCKS;
157
158	capabilities \|= (cli->capabilities & (CAP_UNICODE\|CAP_LARGE_FILES\|CAP_LARGE_READX\|CAP_LARGE_WRITEX\|CAP_DFS));
159	return capabilities;
160	}
161
162	/****************************************************************************
163	Do a NT1 guest session setup.
164	****************************************************************************/
165
166	static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
167	{
168	char *p;
169	uint32 capabilities = cli_session_setup_capabilities(cli);
170
171	memset(cli->outbuf, '\0', smb_size);
172	cli_set_message(cli->outbuf,13,0,True);
173	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
174	cli_setup_packet(cli);
175
176	SCVAL(cli->outbuf,smb_vwv0,0xFF);
177	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
178	SSVAL(cli->outbuf,smb_vwv3,2);
179	SSVAL(cli->outbuf,smb_vwv4,cli->pid);
180	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
181	SSVAL(cli->outbuf,smb_vwv7,0);
182	SSVAL(cli->outbuf,smb_vwv8,0);
183	SIVAL(cli->outbuf,smb_vwv11,capabilities);
184	p = smb_buf(cli->outbuf);
185	p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* username */
186	p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* workgroup */
187	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
188	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
189	cli_setup_bcc(cli, p);
190
191	if (!cli_send_smb(cli) \|\| !cli_receive_smb(cli)) {
192	return cli_nt_error(cli);
193	}
194
195	show_msg(cli->inbuf);
196
197	if (cli_is_error(cli)) {
198	return cli_nt_error(cli);
199	}
200
201	cli->vuid = SVAL(cli->inbuf,smb_uid);
202
203	p = smb_buf(cli->inbuf);
204	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
205	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
206	p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
207
208	if (strstr(cli->server_type, "Samba")) {
209	cli->is_samba = True;
210	}
211
212	fstrcpy(cli->user_name, "");
213
214	return NT_STATUS_OK;
215	}
216
217	/****************************************************************************
218	Do a NT1 plaintext session setup.
219	****************************************************************************/
220
221	static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
222	const char user, const char pass,
223	const char *workgroup)
224	{
225	uint32 capabilities = cli_session_setup_capabilities(cli);
226	char *p;
227	fstring lanman;
228
229	fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);
230
231	memset(cli->outbuf, '\0', smb_size);
232	cli_set_message(cli->outbuf,13,0,True);
233	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
234	cli_setup_packet(cli);
235
236	SCVAL(cli->outbuf,smb_vwv0,0xFF);
237	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
238	SSVAL(cli->outbuf,smb_vwv3,2);
239	SSVAL(cli->outbuf,smb_vwv4,cli->pid);
240	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
241	SSVAL(cli->outbuf,smb_vwv8,0);
242	SIVAL(cli->outbuf,smb_vwv11,capabilities);
243	p = smb_buf(cli->outbuf);
244
245	/* check wether to send the ASCII or UNICODE version of the password */
246
247	if ( (capabilities & CAP_UNICODE) == 0 ) {
248	p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
249	SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
250	}
251	else {
252	/* For ucs2 passwords clistr_push calls ucs2_align, which causes
253	* the space taken by the unicode password to be one byte too
254	* long (as we're on an odd byte boundary here). Reduce the
255	* count by 1 to cope with this. Fixes smbclient against NetApp
256	* servers which can't cope. Fix from
257	* bryan.kolodziej@allenlund.com in bug #3840.
258	*/
259	p += clistr_push(cli, p, pass, -1, STR_UNICODE\|STR_TERMINATE); /* unicode password */
260	SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf))-1);
261	}
262
263	p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
264	p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
265	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
266	p += clistr_push(cli, p, lanman, -1, STR_TERMINATE);
267	cli_setup_bcc(cli, p);
268
269	if (!cli_send_smb(cli) \|\| !cli_receive_smb(cli)) {
270	return cli_nt_error(cli);
271	}
272
273	show_msg(cli->inbuf);
274
275	if (cli_is_error(cli)) {
276	return cli_nt_error(cli);
277	}
278
279	cli->vuid = SVAL(cli->inbuf,smb_uid);
280	p = smb_buf(cli->inbuf);
281	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
282	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
283	p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
284	fstrcpy(cli->user_name, user);
285
286	if (strstr(cli->server_type, "Samba")) {
287	cli->is_samba = True;
288	}
289
290	return NT_STATUS_OK;
291	}
292
293	/****************************************************************************
294	do a NT1 NTLM/LM encrypted session setup - for when extended security
295	is not negotiated.
296	@param cli client state to create do session setup on
297	@param user username
298	@param pass either cleartext password (passlen !=24) or LM response.
299	@param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
300	@param workgroup The user's domain.
301	****************************************************************************/
302
303	static NTSTATUS cli_session_setup_nt1(struct cli_state cli, const char user,
304	const char *pass, size_t passlen,
305	const char *ntpass, size_t ntpasslen,
306	const char *workgroup)
307	{
308	uint32 capabilities = cli_session_setup_capabilities(cli);
309	DATA_BLOB lm_response = data_blob_null;
310	DATA_BLOB nt_response = data_blob_null;
311	DATA_BLOB session_key = data_blob_null;
312	NTSTATUS result;
313	char *p;
314
315	if (passlen == 0) {
316	/* do nothing - guest login */
317	} else if (passlen != 24) {
318	if (lp_client_ntlmv2_auth()) {
319	DATA_BLOB server_chal;
320	DATA_BLOB names_blob;
321	server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8));
322
323	/* note that the 'workgroup' here is a best guess - we don't know
324	the server's domain at this point. The 'server name' is also
325	dodgy...
326	*/
327	names_blob = NTLMv2_generate_names_blob(cli->called.name, workgroup);
328
329	if (!SMBNTLMv2encrypt(user, workgroup, pass, &server_chal,
330	&names_blob,
331	&lm_response, &nt_response, &session_key)) {
332	data_blob_free(&names_blob);
333	data_blob_free(&server_chal);
334	return NT_STATUS_ACCESS_DENIED;
335	}
336	data_blob_free(&names_blob);
337	data_blob_free(&server_chal);
338
339	} else {
340	uchar nt_hash[16];
341	E_md4hash(pass, nt_hash);
342
343	#ifdef LANMAN_ONLY
344	nt_response = data_blob_null;
345	#else
346	nt_response = data_blob(NULL, 24);
347	SMBNTencrypt(pass,cli->secblob.data,nt_response.data);
348	#endif
349	/* non encrypted password supplied. Ignore ntpass. */
350	if (lp_client_lanman_auth()) {
351	lm_response = data_blob(NULL, 24);
352	if (!SMBencrypt(pass,cli->secblob.data, lm_response.data)) {
353	/* Oops, the LM response is invalid, just put
354	the NT response there instead */
355	data_blob_free(&lm_response);
356	lm_response = data_blob(nt_response.data, nt_response.length);
357	}
358	} else {
359	/* LM disabled, place NT# in LM field instead */
360	lm_response = data_blob(nt_response.data, nt_response.length);
361	}
362
363	session_key = data_blob(NULL, 16);
364	#ifdef LANMAN_ONLY
365	E_deshash(pass, session_key.data);
366	memset(&session_key.data[8], '\0', 8);
367	#else
368	SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
369	#endif
370	}
371	#ifdef LANMAN_ONLY
372	cli_simple_set_signing(cli, session_key, lm_response);
373	#else
374	cli_simple_set_signing(cli, session_key, nt_response);
375	#endif
376	} else {
377	/* pre-encrypted password supplied. Only used for
378	security=server, can't do
379	signing because we don't have original key */
380
381	lm_response = data_blob(pass, passlen);
382	nt_response = data_blob(ntpass, ntpasslen);
383	}
384
385	/* send a session setup command */
386	memset(cli->outbuf,'\0',smb_size);
387
388	cli_set_message(cli->outbuf,13,0,True);
389	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
390	cli_setup_packet(cli);
391
392	SCVAL(cli->outbuf,smb_vwv0,0xFF);
393	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
394	SSVAL(cli->outbuf,smb_vwv3,2);
395	SSVAL(cli->outbuf,smb_vwv4,cli->pid);
396	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
397	SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
398	SSVAL(cli->outbuf,smb_vwv8,nt_response.length);
399	SIVAL(cli->outbuf,smb_vwv11,capabilities);
400	p = smb_buf(cli->outbuf);
401	if (lm_response.length) {
402	memcpy(p,lm_response.data, lm_response.length); p += lm_response.length;
403	}
404	if (nt_response.length) {
405	memcpy(p,nt_response.data, nt_response.length); p += nt_response.length;
406	}
407	p += clistr_push(cli, p, user, -1, STR_TERMINATE);
408
409	/* Upper case here might help some NTLMv2 implementations */
410	p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE\|STR_UPPER);
411	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
412	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
413	cli_setup_bcc(cli, p);
414
415	if (!cli_send_smb(cli) \|\| !cli_receive_smb(cli)) {
416	result = cli_nt_error(cli);
417	goto end;
418	}
419
420	/* show_msg(cli->inbuf); */
421
422	if (cli_is_error(cli)) {
423	result = cli_nt_error(cli);
424	goto end;
425	}
426
427	/* use the returned vuid from now on */
428	cli->vuid = SVAL(cli->inbuf,smb_uid);
429
430	p = smb_buf(cli->inbuf);
431	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
432	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
433	p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
434
435	if (strstr(cli->server_type, "Samba")) {
436	cli->is_samba = True;
437	}
438
439	fstrcpy(cli->user_name, user);
440
441	if (session_key.data) {
442	/* Have plaintext orginal */
443	cli_set_session_key(cli, session_key);
444	}
445
446	result = NT_STATUS_OK;
447	end:
448	data_blob_free(&lm_response);
449	data_blob_free(&nt_response);
450	data_blob_free(&session_key);
451	return result;
452	}
453
454	/****************************************************************************
455	Send a extended security session setup blob
456	****************************************************************************/
457
458	static bool cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
459	{
460	uint32 capabilities = cli_session_setup_capabilities(cli);
461	char *p;
462
463	capabilities \|= CAP_EXTENDED_SECURITY;
464
465	/* send a session setup command */
466	memset(cli->outbuf,'\0',smb_size);
467
468	cli_set_message(cli->outbuf,12,0,True);
469	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
470
471	cli_setup_packet(cli);
472
473	SCVAL(cli->outbuf,smb_vwv0,0xFF);
474	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
475	SSVAL(cli->outbuf,smb_vwv3,2);
476	SSVAL(cli->outbuf,smb_vwv4,1);
477	SIVAL(cli->outbuf,smb_vwv5,0);
478	SSVAL(cli->outbuf,smb_vwv7,blob.length);
479	SIVAL(cli->outbuf,smb_vwv10,capabilities);
480	p = smb_buf(cli->outbuf);
481	memcpy(p, blob.data, blob.length);
482	p += blob.length;
483	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
484	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
485	cli_setup_bcc(cli, p);
486	return cli_send_smb(cli);
487	}
488
489	/****************************************************************************
490	Send a extended security session setup blob, returning a reply blob.
491	****************************************************************************/
492
493	static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
494	{
495	DATA_BLOB blob2 = data_blob_null;
496	char *p;
497	size_t len;
498
499	if (!cli_receive_smb(cli))
500	return blob2;
501
502	show_msg(cli->inbuf);
503
504	if (cli_is_error(cli) && !NT_STATUS_EQUAL(cli_nt_error(cli),
505	NT_STATUS_MORE_PROCESSING_REQUIRED)) {
506	return blob2;
507	}
508
509	/* use the returned vuid from now on */
510	cli->vuid = SVAL(cli->inbuf,smb_uid);
511
512	p = smb_buf(cli->inbuf);
513
514	blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
515
516	p += blob2.length;
517	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
518
519	/* w2k with kerberos doesn't properly null terminate this field */
520	len = smb_buflen(cli->inbuf) - PTR_DIFF(p, smb_buf(cli->inbuf));
521	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0);
522
523	return blob2;
524	}
525
526	#ifdef HAVE_KRB5
527	/****************************************************************************
528	Send a extended security session setup blob, returning a reply blob.
529	****************************************************************************/
530
531	/* The following is calculated from :
532	* (smb_size-4) = 35
533	* (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
534	* (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
535	* end of packet.
536	*/
537
538	#define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
539
540	static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
541	{
542	int32 remaining = blob.length;
543	int32 cur = 0;
544	DATA_BLOB send_blob = data_blob_null;
545	int32 max_blob_size = 0;
546	DATA_BLOB receive_blob = data_blob_null;
547
548	if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
549	DEBUG(0,("cli_session_setup_blob: cli->max_xmit too small "
550	"(was %u, need minimum %u)\n",
551	(unsigned int)cli->max_xmit,
552	BASE_SESSSETUP_BLOB_PACKET_SIZE));
553	cli_set_nt_error(cli, NT_STATUS_INVALID_PARAMETER);
554	return False;
555	}
556
557	max_blob_size = cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE;
558
559	while ( remaining > 0) {
560	if (remaining >= max_blob_size) {
561	send_blob.length = max_blob_size;
562	remaining -= max_blob_size;
563	} else {
564	send_blob.length = remaining;
565	remaining = 0;
566	}
567
568	send_blob.data = &blob.data[cur];
569	cur += send_blob.length;
570
571	DEBUG(10, ("cli_session_setup_blob: Remaining (%u) sending (%u) current (%u)\n",
572	(unsigned int)remaining,
573	(unsigned int)send_blob.length,
574	(unsigned int)cur ));
575
576	if (!cli_session_setup_blob_send(cli, send_blob)) {
577	DEBUG(0, ("cli_session_setup_blob: send failed\n"));
578	return False;
579	}
580
581	receive_blob = cli_session_setup_blob_receive(cli);
582	data_blob_free(&receive_blob);
583
584	if (cli_is_error(cli) &&
585	!NT_STATUS_EQUAL( cli_get_nt_error(cli),
586	NT_STATUS_MORE_PROCESSING_REQUIRED)) {
587	DEBUG(0, ("cli_session_setup_blob: receive failed "
588	"(%s)\n", nt_errstr(cli_get_nt_error(cli))));
589	cli->vuid = 0;
590	return False;
591	}
592	}
593
594	return True;
595	}
596
597	/****************************************************************************
598	Use in-memory credentials cache
599	****************************************************************************/
600
601	static void use_in_memory_ccache(void) {
602	setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
603	}
604
605	/****************************************************************************
606	Do a spnego/kerberos encrypted session setup.
607	****************************************************************************/
608
609	static ADS_STATUS cli_session_setup_kerberos(struct cli_state cli, const char principal, const char *workgroup)
610	{
611	DATA_BLOB negTokenTarg;
612	DATA_BLOB session_key_krb5;
613	NTSTATUS nt_status;
614	int rc;
615
616	cli_temp_set_signing(cli);
617
618	DEBUG(2,("Doing kerberos session setup\n"));
619
620	/* generate the encapsulated kerberos5 ticket */
621	rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5, 0, NULL);
622
623	if (rc) {
624	DEBUG(1, ("cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: %s\n",
625	error_message(rc)));
626	return ADS_ERROR_KRB5(rc);
627	}
628
629	#if 0
630	file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
631	#endif
632
633	if (!cli_session_setup_blob(cli, negTokenTarg)) {
634	nt_status = cli_nt_error(cli);
635	goto nt_error;
636	}
637
638	if (cli_is_error(cli)) {
639	nt_status = cli_nt_error(cli);
640	if (NT_STATUS_IS_OK(nt_status)) {
641	nt_status = NT_STATUS_UNSUCCESSFUL;
642	}
643	goto nt_error;
644	}
645
646	cli_set_session_key(cli, session_key_krb5);
647
648	if (cli_simple_set_signing(
649	cli, session_key_krb5, data_blob_null)) {
650
651	/* 'resign' the last message, so we get the right sequence numbers
652	for checking the first reply from the server */
653	cli_calculate_sign_mac(cli, cli->outbuf);
654
655	if (!cli_check_sign_mac(cli, cli->inbuf)) {
656	nt_status = NT_STATUS_ACCESS_DENIED;
657	goto nt_error;
658	}
659	}
660
661	data_blob_free(&negTokenTarg);
662	data_blob_free(&session_key_krb5);
663
664	return ADS_ERROR_NT(NT_STATUS_OK);
665
666	nt_error:
667	data_blob_free(&negTokenTarg);
668	data_blob_free(&session_key_krb5);
669	cli->vuid = 0;
670	return ADS_ERROR_NT(nt_status);
671	}
672	#endif /* HAVE_KRB5 */
673
674
675	/****************************************************************************
676	Do a spnego/NTLMSSP encrypted session setup.
677	****************************************************************************/
678
679	static NTSTATUS cli_session_setup_ntlmssp(struct cli_state cli, const char user,
680	const char pass, const char domain)
681	{
682	struct ntlmssp_state *ntlmssp_state;
683	NTSTATUS nt_status;
684	int turn = 1;
685	DATA_BLOB msg1;
686	DATA_BLOB blob = data_blob_null;
687	DATA_BLOB blob_in = data_blob_null;
688	DATA_BLOB blob_out = data_blob_null;
689
690	cli_temp_set_signing(cli);
691
692	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
693	return nt_status;
694	}
695	ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
696
697	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
698	return nt_status;
699	}
700	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
701	return nt_status;
702	}
703	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, pass))) {
704	return nt_status;
705	}
706
707	do {
708	nt_status = ntlmssp_update(ntlmssp_state,
709	blob_in, &blob_out);
710	data_blob_free(&blob_in);
711	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) \|\| NT_STATUS_IS_OK(nt_status)) {
712	if (turn == 1) {
713	/* and wrap it in a SPNEGO wrapper */
714	msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
715	} else {
716	/* wrap it in SPNEGO */
717	msg1 = spnego_gen_auth(blob_out);
718	}
719
720	/* now send that blob on its way */
721	if (!cli_session_setup_blob_send(cli, msg1)) {
722	DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n"));
723	nt_status = NT_STATUS_UNSUCCESSFUL;
724	} else {
725	blob = cli_session_setup_blob_receive(cli);
726
727	nt_status = cli_nt_error(cli);
728	if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) {
729	if (cli->smb_rw_error == SMB_READ_BAD_SIG) {
730	nt_status = NT_STATUS_ACCESS_DENIED;
731	} else {
732	nt_status = NT_STATUS_UNSUCCESSFUL;
733	}
734	}
735	}
736	data_blob_free(&msg1);
737	}
738
739	if (!blob.length) {
740	if (NT_STATUS_IS_OK(nt_status)) {
741	nt_status = NT_STATUS_UNSUCCESSFUL;
742	}
743	} else if ((turn == 1) &&
744	NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
745	DATA_BLOB tmp_blob = data_blob_null;
746	/* the server might give us back two challenges */
747	if (!spnego_parse_challenge(blob, &blob_in,
748	&tmp_blob)) {
749	DEBUG(3,("Failed to parse challenges\n"));
750	nt_status = NT_STATUS_INVALID_PARAMETER;
751	}
752	data_blob_free(&tmp_blob);
753	} else {
754	if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP,
755	&blob_in)) {
756	DEBUG(3,("Failed to parse auth response\n"));
757	if (NT_STATUS_IS_OK(nt_status)
758	\|\| NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED))
759	nt_status = NT_STATUS_INVALID_PARAMETER;
760	}
761	}
762	data_blob_free(&blob);
763	data_blob_free(&blob_out);
764	turn++;
765	} while (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED));
766
767	data_blob_free(&blob_in);
768
769	if (NT_STATUS_IS_OK(nt_status)) {
770
771	DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
772	ntlmssp_state->session_key.length);
773	DATA_BLOB null_blob = data_blob_null;
774	bool res;
775
776	fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
777	cli_set_session_key(cli, ntlmssp_state->session_key);
778
779	res = cli_simple_set_signing(cli, key, null_blob);
780
781	data_blob_free(&key);
782
783	if (res) {
784
785	/* 'resign' the last message, so we get the right sequence numbers
786	for checking the first reply from the server */
787	cli_calculate_sign_mac(cli, cli->outbuf);
788
789	if (!cli_check_sign_mac(cli, cli->inbuf)) {
790	nt_status = NT_STATUS_ACCESS_DENIED;
791	}
792	}
793	}
794
795	/* we have a reference conter on ntlmssp_state, if we are signing
796	then the state will be kept by the signing engine */
797
798	ntlmssp_end(&ntlmssp_state);
799
800	if (!NT_STATUS_IS_OK(nt_status)) {
801	cli->vuid = 0;
802	}
803	return nt_status;
804	}
805
806	/****************************************************************************
807	Do a spnego encrypted session setup.
808
809	user_domain: The shortname of the domain the user/machine is a member of.
810	dest_realm: The realm we're connecting to, if NULL we use our default realm.
811	****************************************************************************/
812
813	ADS_STATUS cli_session_setup_spnego(struct cli_state cli, const char user,
814	const char pass, const char user_domain,
815	const char * dest_realm)
816	{
817	char *principal = NULL;
818	char *OIDs[ASN1_MAX_OIDS];
819	int i;
820	DATA_BLOB blob;
821	const char *p = NULL;
822	char *account = NULL;
823
824	DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
825
826	/* the server might not even do spnego */
827	if (cli->secblob.length <= 16) {
828	DEBUG(3,("server didn't supply a full spnego negprot\n"));
829	goto ntlmssp;
830	}
831
832	#if 0
833	file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
834	#endif
835
836	/* there is 16 bytes of GUID before the real spnego packet starts */
837	blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
838
839	/* The server sent us the first part of the SPNEGO exchange in the
840	* negprot reply. It is WRONG to depend on the principal sent in the
841	* negprot reply, but right now we do it. If we don't receive one,
842	* we try to best guess, then fall back to NTLM. */
843	if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
844	data_blob_free(&blob);
845	return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
846	}
847	data_blob_free(&blob);
848
849	/* make sure the server understands kerberos */
850	for (i=0;OIDs[i];i++) {
851	DEBUG(3,("got OID=%s\n", OIDs[i]));
852	if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 \|\|
853	strcmp(OIDs[i], OID_KERBEROS5) == 0) {
854	cli->got_kerberos_mechanism = True;
855	}
856	free(OIDs[i]);
857	}
858
859	DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
860
861	fstrcpy(cli->user_name, user);
862
863	#ifdef HAVE_KRB5
864	/* If password is set we reauthenticate to kerberos server
865	* and do not store results */
866
867	if (cli->got_kerberos_mechanism && cli->use_kerberos) {
868	ADS_STATUS rc;
869
870	if (pass && *pass) {
871	int ret;
872
873	use_in_memory_ccache();
874	ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
875
876	if (ret){
877	SAFE_FREE(principal);
878	DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
879	if (cli->fallback_after_kerberos)
880	goto ntlmssp;
881	return ADS_ERROR_KRB5(ret);
882	}
883	}
884
885	/* If we get a bad principal, try to guess it if
886	we have a valid host NetBIOS name.
887	*/
888	if (strequal(principal, ADS_IGNORE_PRINCIPAL)) {
889	SAFE_FREE(principal);
890	}
891
892	if (principal == NULL &&
893	!is_ipaddress(cli->desthost) &&
894	!strequal(star_smbserver_name,
895	cli->desthost)) {
896	char *realm = NULL;
897	char *machine = NULL;
898	char *host = NULL;
899	DEBUG(3,("cli_session_setup_spnego: got a "
900	"bad server principal, trying to guess ...\n"));
901
902	host = strchr_m(cli->desthost, '.');
903	if (host) {
904	machine = SMB_STRNDUP(cli->desthost,
905	host - cli->desthost);
906	} else {
907	machine = SMB_STRDUP(cli->desthost);
908	}
909	if (machine == NULL) {
910	return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
911	}
912
913	if (dest_realm) {
914	realm = SMB_STRDUP(dest_realm);
915	strupper_m(realm);
916	} else {
917	realm = kerberos_get_default_realm_from_ccache();
918	}
919	if (realm && *realm) {
920	if (asprintf(&principal, "%s$@%s",
921	machine, realm) < 0) {
922	SAFE_FREE(machine);
923	SAFE_FREE(realm);
924	return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
925	}
926	DEBUG(3,("cli_session_setup_spnego: guessed "
927	"server principal=%s\n",
928	principal ? principal : "<null>"));
929	}
930	SAFE_FREE(machine);
931	SAFE_FREE(realm);
932	}
933
934	if (principal) {
935	rc = cli_session_setup_kerberos(cli, principal,
936	dest_realm);
937	if (ADS_ERR_OK(rc) \|\| !cli->fallback_after_kerberos) {
938	SAFE_FREE(principal);
939	return rc;
940	}
941	}
942	}
943	#endif
944
945	SAFE_FREE(principal);
946
947	ntlmssp:
948
949	account = talloc_strdup(talloc_tos(), user);
950	if (!account) {
951	return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
952	}
953
954	/* when falling back to ntlmssp while authenticating with a machine
955	* account strip off the realm - gd */
956
957	if ((p = strchr_m(user, '@')) != NULL) {
958	account[PTR_DIFF(p,user)] = '\0';
959	}
960
961	return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, user_domain));
962	}
963
964	/****************************************************************************
965	Send a session setup. The username and workgroup is in UNIX character
966	format and must be converted to DOS codepage format before sending. If the
967	password is in plaintext, the same should be done.
968	****************************************************************************/
969
970	NTSTATUS cli_session_setup(struct cli_state *cli,
971	const char *user,
972	const char *pass, int passlen,
973	const char *ntpass, int ntpasslen,
974	const char *workgroup)
975	{
976	char *p;
977	fstring user2;
978
979	if (user) {
980	fstrcpy(user2, user);
981	} else {
982	user2[0] ='\0';
983	}
984
985	if (!workgroup) {
986	workgroup = "";
987	}
988
989	/* allow for workgroups as part of the username */
990	if ((p=strchr_m(user2,'\\')) \|\| (p=strchr_m(user2,'/')) \|\|
991	(p=strchr_m(user2,*lp_winbind_separator()))) {
992	*p = 0;
993	user = p+1;
994	workgroup = user2;
995	}
996
997	if (cli->protocol < PROTOCOL_LANMAN1) {
998	return NT_STATUS_OK;
999	}
1000
1001	/* now work out what sort of session setup we are going to
1002	do. I have split this into separate functions to make the
1003	flow a bit easier to understand (tridge) */
1004
1005	/* if its an older server then we have to use the older request format */
1006
1007	if (cli->protocol < PROTOCOL_NT1) {
1008	if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
1009	DEBUG(1, ("Server requested LM password but 'client lanman auth'"
1010	" is disabled\n"));
1011	return NT_STATUS_ACCESS_DENIED;
1012	}
1013
1014	if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
1015	!lp_client_plaintext_auth() && (*pass)) {
1016	DEBUG(1, ("Server requested plaintext password but "
1017	"'client plaintext auth' is disabled\n"));
1018	return NT_STATUS_ACCESS_DENIED;
1019	}
1020
1021	return cli_session_setup_lanman2(cli, user, pass, passlen,
1022	workgroup);
1023	}
1024
1025	/* if no user is supplied then we have to do an anonymous connection.
1026	passwords are ignored */
1027
1028	if (!user \|\| !*user)
1029	return cli_session_setup_guest(cli);
1030
1031	/* if the server is share level then send a plaintext null
1032	password at this point. The password is sent in the tree
1033	connect */
1034
1035	if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
1036	return cli_session_setup_plaintext(cli, user, "", workgroup);
1037
1038	/* if the server doesn't support encryption then we have to use
1039	plaintext. The second password is ignored */
1040
1041	if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
1042	if (!lp_client_plaintext_auth() && (*pass)) {
1043	DEBUG(1, ("Server requested plaintext password but "
1044	"'client plaintext auth' is disabled\n"));
1045	return NT_STATUS_ACCESS_DENIED;
1046	}
1047	return cli_session_setup_plaintext(cli, user, pass, workgroup);
1048	}
1049
1050	/* if the server supports extended security then use SPNEGO */
1051
1052	if (cli->capabilities & CAP_EXTENDED_SECURITY) {
1053	ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
1054	workgroup, NULL);
1055	if (!ADS_ERR_OK(status)) {
1056	DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
1057	return ads_ntstatus(status);
1058	}
1059	} else {
1060	NTSTATUS status;
1061
1062	/* otherwise do a NT1 style session setup */
1063	status = cli_session_setup_nt1(cli, user, pass, passlen,
1064	ntpass, ntpasslen, workgroup);
1065	if (!NT_STATUS_IS_OK(status)) {
1066	DEBUG(3,("cli_session_setup: NT1 session setup "
1067	"failed: %s\n", nt_errstr(status)));
1068	return status;
1069	}
1070	}
1071
1072	if (strstr(cli->server_type, "Samba")) {
1073	cli->is_samba = True;
1074	}
1075
1076	return NT_STATUS_OK;
1077	}
1078
1079	/****************************************************************************
1080	Send a uloggoff.
1081	*****************************************************************************/
1082
1083	bool cli_ulogoff(struct cli_state *cli)
1084	{
1085	memset(cli->outbuf,'\0',smb_size);
1086	cli_set_message(cli->outbuf,2,0,True);
1087	SCVAL(cli->outbuf,smb_com,SMBulogoffX);
1088	cli_setup_packet(cli);
1089	SSVAL(cli->outbuf,smb_vwv0,0xFF);
1090	SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */
1091
1092	cli_send_smb(cli);
1093	if (!cli_receive_smb(cli))
1094	return False;
1095
1096	if (cli_is_error(cli)) {
1097	return False;
1098	}
1099
1100	cli->vuid = -1;
1101	return True;
1102	}
1103
1104	/****************************************************************************
1105	Send a tconX.
1106	****************************************************************************/
1107
1108	bool cli_send_tconX(struct cli_state *cli,
1109	const char share, const char dev, const char *pass, int passlen)
1110	{
1111	fstring fullshare, pword;
1112	char *p;
1113	memset(cli->outbuf,'\0',smb_size);
1114	memset(cli->inbuf,'\0',smb_size);
1115
1116	fstrcpy(cli->share, share);
1117
1118	/* in user level security don't send a password now */
1119	if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
1120	passlen = 1;
1121	pass = "";
1122	} else if (!pass) {
1123	DEBUG(1, ("Server not using user level security and no password supplied.\n"));
1124	return False;
1125	}
1126
1127	if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
1128	*pass && passlen != 24) {
1129	if (!lp_client_lanman_auth()) {
1130	DEBUG(1, ("Server requested LANMAN password "
1131	"(share-level security) but "
1132	"'client lanman auth' is disabled\n"));
1133	return False;
1134	}
1135
1136	/*
1137	* Non-encrypted passwords - convert to DOS codepage before encryption.
1138	*/
1139	passlen = 24;
1140	SMBencrypt(pass,cli->secblob.data,(uchar *)pword);
1141	} else {
1142	if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL\|NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)) == 0) {
1143	if (!lp_client_plaintext_auth() && (*pass)) {
1144	DEBUG(1, ("Server requested plaintext "
1145	"password but 'client plaintext "
1146	"auth' is disabled\n"));
1147	return False;
1148	}
1149
1150	/*
1151	* Non-encrypted passwords - convert to DOS codepage before using.
1152	*/
1153	passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
1154
1155	} else {
1156	if (passlen) {
1157	memcpy(pword, pass, passlen);
1158	}
1159	}
1160	}
1161
1162	slprintf(fullshare, sizeof(fullshare)-1,
1163	"\\\\%s\\%s", cli->desthost, share);
1164
1165	cli_set_message(cli->outbuf,4, 0, True);
1166	SCVAL(cli->outbuf,smb_com,SMBtconX);
1167	cli_setup_packet(cli);
1168
1169	SSVAL(cli->outbuf,smb_vwv0,0xFF);
1170	SSVAL(cli->outbuf,smb_vwv2,TCONX_FLAG_EXTENDED_RESPONSE);
1171	SSVAL(cli->outbuf,smb_vwv3,passlen);
1172
1173	p = smb_buf(cli->outbuf);
1174	if (passlen) {
1175	memcpy(p,pword,passlen);
1176	}
1177	p += passlen;
1178	p += clistr_push(cli, p, fullshare, -1, STR_TERMINATE \|STR_UPPER);
1179	p += clistr_push(cli, p, dev, -1, STR_TERMINATE \|STR_UPPER \| STR_ASCII);
1180
1181	cli_setup_bcc(cli, p);
1182
1183	cli_send_smb(cli);
1184	if (!cli_receive_smb(cli))
1185	return False;
1186
1187	if (cli_is_error(cli))
1188	return False;
1189
1190	clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE\|STR_ASCII);
1191
1192	if (cli->protocol >= PROTOCOL_NT1 &&
1193	smb_buflen(cli->inbuf) == 3) {
1194	/* almost certainly win95 - enable bug fixes */
1195	cli->win95 = True;
1196	}
1197
1198	/* Make sure that we have the optional support 16-bit field. WCT > 2 */
1199	/* Avoids issues when connecting to Win9x boxes sharing files */
1200
1201	cli->dfsroot = False;
1202	if ( (CVAL(cli->inbuf, smb_wct))>2 && cli->protocol >= PROTOCOL_LANMAN2 )
1203	cli->dfsroot = (SVAL( cli->inbuf, smb_vwv2 ) & SMB_SHARE_IN_DFS) ? True : False;
1204
1205	cli->cnum = SVAL(cli->inbuf,smb_tid);
1206	return True;
1207	}
1208
1209	/****************************************************************************
1210	Send a tree disconnect.
1211	****************************************************************************/
1212
1213	bool cli_tdis(struct cli_state *cli)
1214	{
1215	memset(cli->outbuf,'\0',smb_size);
1216	cli_set_message(cli->outbuf,0,0,True);
1217	SCVAL(cli->outbuf,smb_com,SMBtdis);
1218	SSVAL(cli->outbuf,smb_tid,cli->cnum);
1219	cli_setup_packet(cli);
1220
1221	cli_send_smb(cli);
1222	if (!cli_receive_smb(cli))
1223	return False;
1224
1225	if (cli_is_error(cli)) {
1226	return False;
1227	}
1228
1229	cli->cnum = -1;
1230	return True;
1231	}
1232
1233	/****************************************************************************
1234	Send a negprot command.
1235	****************************************************************************/
1236
1237	void cli_negprot_send(struct cli_state *cli)
1238	{
1239	char *p;
1240	int numprots;
1241
1242	if (cli->protocol < PROTOCOL_NT1)
1243	cli->use_spnego = False;
1244
1245	memset(cli->outbuf,'\0',smb_size);
1246
1247	/* setup the protocol strings */
1248	cli_set_message(cli->outbuf,0,0,True);
1249
1250	p = smb_buf(cli->outbuf);
1251	for (numprots=0;
1252	prots[numprots].name && prots[numprots].prot<=cli->protocol;
1253	numprots++) {
1254	*p++ = 2;
1255	p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1256	}
1257
1258	SCVAL(cli->outbuf,smb_com,SMBnegprot);
1259	cli_setup_bcc(cli, p);
1260	cli_setup_packet(cli);
1261
1262	SCVAL(smb_buf(cli->outbuf),0,2);
1263
1264	cli_send_smb(cli);
1265	}
1266
1267	/****************************************************************************
1268	Send a negprot command.
1269	****************************************************************************/
1270
1271	bool cli_negprot(struct cli_state *cli)
1272	{
1273	char *p;
1274	int numprots;
1275	int plength;
1276
1277	if (cli->protocol < PROTOCOL_NT1)
1278	cli->use_spnego = False;
1279
1280	memset(cli->outbuf,'\0',smb_size);
1281
1282	/* setup the protocol strings */
1283	for (plength=0,numprots=0;
1284	prots[numprots].name && prots[numprots].prot<=cli->protocol;
1285	numprots++)
1286	plength += strlen(prots[numprots].name)+2;
1287
1288	cli_set_message(cli->outbuf,0,plength,True);
1289
1290	p = smb_buf(cli->outbuf);
1291	for (numprots=0;
1292	prots[numprots].name && prots[numprots].prot<=cli->protocol;
1293	numprots++) {
1294	*p++ = 2;
1295	p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1296	}
1297
1298	SCVAL(cli->outbuf,smb_com,SMBnegprot);
1299	cli_setup_packet(cli);
1300
1301	SCVAL(smb_buf(cli->outbuf),0,2);
1302
1303	cli_send_smb(cli);
1304	if (!cli_receive_smb(cli))
1305	return False;
1306
1307	show_msg(cli->inbuf);
1308
1309	if (cli_is_error(cli) \|\|
1310	((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) {
1311	return(False);
1312	}
1313
1314	cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot;
1315
1316	if ((cli->protocol < PROTOCOL_NT1) && cli->sign_info.mandatory_signing) {
1317	DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
1318	return False;
1319	}
1320
1321	if (cli->protocol >= PROTOCOL_NT1) {
1322	struct timespec ts;
1323	/* NT protocol */
1324	cli->sec_mode = CVAL(cli->inbuf,smb_vwv1);
1325	cli->max_mux = SVAL(cli->inbuf, smb_vwv1+1);
1326	cli->max_xmit = IVAL(cli->inbuf,smb_vwv3+1);
1327	cli->sesskey = IVAL(cli->inbuf,smb_vwv7+1);
1328	cli->serverzone = SVALS(cli->inbuf,smb_vwv15+1);
1329	cli->serverzone *= 60;
1330	/* this time arrives in real GMT */
1331	ts = interpret_long_date(cli->inbuf+smb_vwv11+1);
1332	cli->servertime = ts.tv_sec;
1333	cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
1334	cli->capabilities = IVAL(cli->inbuf,smb_vwv9+1);
1335	if (cli->capabilities & CAP_RAW_MODE) {
1336	cli->readbraw_supported = True;
1337	cli->writebraw_supported = True;
1338	}
1339	/* work out if they sent us a workgroup */
1340	if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
1341	smb_buflen(cli->inbuf) > 8) {
1342	clistr_pull(cli, cli->server_domain,
1343	smb_buf(cli->inbuf)+8, sizeof(cli->server_domain),
1344	smb_buflen(cli->inbuf)-8, STR_UNICODE\|STR_NOALIGN);
1345	}
1346
1347	/*
1348	* As signing is slow we only turn it on if either the client or
1349	* the server require it. JRA.
1350	*/
1351
1352	if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
1353	/* Fail if server says signing is mandatory and we don't want to support it. */
1354	if (!cli->sign_info.allow_smb_signing) {
1355	DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
1356	return False;
1357	}
1358	cli->sign_info.negotiated_smb_signing = True;
1359	cli->sign_info.mandatory_signing = True;
1360	} else if (cli->sign_info.mandatory_signing && cli->sign_info.allow_smb_signing) {
1361	/* Fail if client says signing is mandatory and the server doesn't support it. */
1362	if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
1363	DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
1364	return False;
1365	}
1366	cli->sign_info.negotiated_smb_signing = True;
1367	cli->sign_info.mandatory_signing = True;
1368	} else if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
1369	cli->sign_info.negotiated_smb_signing = True;
1370	}
1371
1372	if (cli->capabilities & (CAP_LARGE_READX\|CAP_LARGE_WRITEX)) {
1373	SAFE_FREE(cli->outbuf);
1374	SAFE_FREE(cli->inbuf);
1375	cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
1376	cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
1377	cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
1378	}
1379
1380	} else if (cli->protocol >= PROTOCOL_LANMAN1) {
1381	cli->use_spnego = False;
1382	cli->sec_mode = SVAL(cli->inbuf,smb_vwv1);
1383	cli->max_xmit = SVAL(cli->inbuf,smb_vwv2);
1384	cli->max_mux = SVAL(cli->inbuf, smb_vwv3);
1385	cli->sesskey = IVAL(cli->inbuf,smb_vwv6);
1386	cli->serverzone = SVALS(cli->inbuf,smb_vwv10);
1387	cli->serverzone *= 60;
1388	/* this time is converted to GMT by make_unix_date */
1389	cli->servertime = cli_make_unix_date(cli,cli->inbuf+smb_vwv8);
1390	cli->readbraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x1) != 0);
1391	cli->writebraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x2) != 0);
1392	cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
1393	} else {
1394	/* the old core protocol */
1395	cli->use_spnego = False;
1396	cli->sec_mode = 0;
1397	cli->serverzone = get_time_zone(time(NULL));
1398	}
1399
1400	cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
1401
1402	/* a way to force ascii SMB */
1403	if (getenv("CLI_FORCE_ASCII"))
1404	cli->capabilities &= ~CAP_UNICODE;
1405
1406	return True;
1407	}
1408
1409	/****************************************************************************
1410	Send a session request. See rfc1002.txt 4.3 and 4.3.2.
1411	****************************************************************************/
1412
1413	bool cli_session_request(struct cli_state *cli,
1414	struct nmb_name calling, struct nmb_name called)
1415	{
1416	char *p;
1417	int len = 4;
1418
1419	memcpy(&(cli->calling), calling, sizeof(*calling));
1420	memcpy(&(cli->called ), called , sizeof(*called ));
1421
1422	/* put in the destination name */
1423	p = cli->outbuf+len;
1424	name_mangle(cli->called .name, p, cli->called .name_type);
1425	len += name_len(p);
1426
1427	/* and my name */
1428	p = cli->outbuf+len;
1429	name_mangle(cli->calling.name, p, cli->calling.name_type);
1430	len += name_len(p);
1431
1432	/* 445 doesn't have session request */
1433	if (cli->port == 445)
1434	return True;
1435
1436	/* send a session request (RFC 1002) */
1437	/* setup the packet length
1438	* Remove four bytes from the length count, since the length
1439	* field in the NBT Session Service header counts the number
1440	* of bytes which follow. The cli_send_smb() function knows
1441	* about this and accounts for those four bytes.
1442	* CRH.
1443	*/
1444	len -= 4;
1445	_smb_setlen(cli->outbuf,len);
1446	SCVAL(cli->outbuf,0,0x81);
1447
1448	cli_send_smb(cli);
1449	DEBUG(5,("Sent session request\n"));
1450
1451	if (!cli_receive_smb(cli))
1452	return False;
1453
1454	if (CVAL(cli->inbuf,0) == 0x84) {
1455	/* C. Hoch 9/14/95 Start */
1456	/* For information, here is the response structure.
1457	* We do the byte-twiddling to for portability.
1458	struct RetargetResponse{
1459	unsigned char type;
1460	unsigned char flags;
1461	int16 length;
1462	int32 ip_addr;
1463	int16 port;
1464	};
1465	*/
1466	uint16_t port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
1467	struct in_addr dest_ip;
1468
1469	/* SESSION RETARGET */
1470	putip((char *)&dest_ip,cli->inbuf+4);
1471	in_addr_to_sockaddr_storage(&cli->dest_ss, dest_ip);
1472
1473	cli->fd = open_socket_out(SOCK_STREAM,
1474	&cli->dest_ss,
1475	port,
1476	LONG_CONNECT_TIMEOUT);
1477	if (cli->fd == -1)
1478	return False;
1479
1480	DEBUG(3,("Retargeted\n"));
1481
1482	set_socket_options(cli->fd, lp_socket_options());
1483
1484	/* Try again */
1485	{
1486	static int depth;
1487	bool ret;
1488	if (depth > 4) {
1489	DEBUG(0,("Retarget recursion - failing\n"));
1490	return False;
1491	}
1492	depth++;
1493	ret = cli_session_request(cli, calling, called);
1494	depth--;
1495	return ret;
1496	}
1497	} /* C. Hoch 9/14/95 End */
1498
1499	if (CVAL(cli->inbuf,0) != 0x82) {
1500	/* This is the wrong place to put the error... JRA. */
1501	cli->rap_error = CVAL(cli->inbuf,4);
1502	return False;
1503	}
1504	return(True);
1505	}
1506
1507	/****************************************************************************
1508	Open the client sockets.
1509	****************************************************************************/
1510
1511	NTSTATUS cli_connect(struct cli_state *cli,
1512	const char *host,
1513	struct sockaddr_storage *dest_ss)
1514
1515	{
1516	int name_type = 0x20;
1517	TALLOC_CTX *frame = talloc_stackframe();
1518	unsigned int num_addrs = 0;
1519	unsigned int i = 0;
1520	struct sockaddr_storage *ss_arr = NULL;
1521	char *p = NULL;
1522
1523	/* reasonable default hostname */
1524	if (!host) {
1525	host = star_smbserver_name;
1526	}
1527
1528	fstrcpy(cli->desthost, host);
1529
1530	/* allow hostnames of the form NAME#xx and do a netbios lookup */
1531	if ((p = strchr(cli->desthost, '#'))) {
1532	name_type = strtol(p+1, NULL, 16);
1533	*p = 0;
1534	}
1535
1536	if (!dest_ss \|\| is_zero_addr(dest_ss)) {
1537	NTSTATUS status =resolve_name_list(frame,
1538	cli->desthost,
1539	name_type,
1540	&ss_arr,
1541	&num_addrs);
1542	if (!NT_STATUS_IS_OK(status)) {
1543	TALLOC_FREE(frame);
1544	return NT_STATUS_BAD_NETWORK_NAME;
1545	}
1546	} else {
1547	num_addrs = 1;
1548	ss_arr = TALLOC_P(frame, struct sockaddr_storage);
1549	if (!ss_arr) {
1550	TALLOC_FREE(frame);
1551	return NT_STATUS_NO_MEMORY;
1552	}
1553	ss_arr = dest_ss;
1554	}
1555
1556	for (i = 0; i < num_addrs; i++) {
1557	cli->dest_ss = ss_arr[i];
1558	if (getenv("LIBSMB_PROG")) {
1559	cli->fd = sock_exec(getenv("LIBSMB_PROG"));
1560	} else {
1561	/* try 445 first, then 139 */
1562	uint16_t port = cli->port?cli->port:445;
1563	cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ss,
1564	port, cli->timeout);
1565	if (cli->fd == -1 && cli->port == 0) {
1566	port = 139;
1567	cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ss,
1568	port, cli->timeout);
1569	}
1570	if (cli->fd != -1) {
1571	cli->port = port;
1572	}
1573	}
1574	if (cli->fd == -1) {
1575	char addr[INET6_ADDRSTRLEN];
1576	print_sockaddr(addr, sizeof(addr), &ss_arr[i]);
1577	DEBUG(2,("Error connecting to %s (%s)\n",
1578	dest_ss?addr:host,strerror(errno)));
1579	} else {
1580	/* Exit from loop on first connection. */
1581	break;
1582	}
1583	}
1584
1585	if (cli->fd == -1) {
1586	TALLOC_FREE(frame);
1587	return map_nt_error_from_unix(errno);
1588	}
1589
1590	if (dest_ss) {
1591	*dest_ss = cli->dest_ss;
1592	}
1593
1594	set_socket_options(cli->fd, lp_socket_options());
1595
1596	TALLOC_FREE(frame);
1597	return NT_STATUS_OK;
1598	}
1599
1600	/**
1601	establishes a connection to after the negprot.
1602	@param output_cli A fully initialised cli structure, non-null only on success
1603	@param dest_host The netbios name of the remote host
1604	@param dest_ss (optional) The the destination IP, NULL for name based lookup
1605	@param port (optional) The destination port (0 for default)
1606	@param retry bool. Did this connection fail with a retryable error ?
1607
1608	*/
1609	NTSTATUS cli_start_connection(struct cli_state **output_cli,
1610	const char *my_name,
1611	const char *dest_host,
1612	struct sockaddr_storage *dest_ss, int port,
1613	int signing_state, int flags,
1614	bool *retry)
1615	{
1616	NTSTATUS nt_status;
1617	struct nmb_name calling;
1618	struct nmb_name called;
1619	struct cli_state *cli;
1620	struct sockaddr_storage ss;
1621
1622	if (retry)
1623	*retry = False;
1624
1625	if (!my_name)
1626	my_name = global_myname();
1627
1628	if (!(cli = cli_initialise())) {
1629	return NT_STATUS_NO_MEMORY;
1630	}
1631
1632	make_nmb_name(&calling, my_name, 0x0);
1633	make_nmb_name(&called , dest_host, 0x20);
1634
1635	if (cli_set_port(cli, port) != port) {
1636	cli_shutdown(cli);
1637	return NT_STATUS_UNSUCCESSFUL;
1638	}
1639
1640	cli_set_timeout(cli, 10000); /* 10 seconds. */
1641
1642	if (dest_ss) {
1643	ss = *dest_ss;
1644	} else {
1645	zero_sockaddr(&ss);
1646	}
1647
1648	again:
1649
1650	DEBUG(3,("Connecting to host=%s\n", dest_host));
1651
1652	nt_status = cli_connect(cli, dest_host, &ss);
1653	if (!NT_STATUS_IS_OK(nt_status)) {
1654	char addr[INET6_ADDRSTRLEN];
1655	print_sockaddr(addr, sizeof(addr), &ss);
1656	DEBUG(1,("cli_start_connection: failed to connect to %s (%s). Error %s\n",
1657	nmb_namestr(&called), addr, nt_errstr(nt_status) ));
1658	cli_shutdown(cli);
1659	return nt_status;
1660	}
1661
1662	if (retry)
1663	*retry = True;
1664
1665	if (!cli_session_request(cli, &calling, &called)) {
1666	char *p;
1667	DEBUG(1,("session request to %s failed (%s)\n",
1668	called.name, cli_errstr(cli)));
1669	if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
1670	*p = 0;
1671	goto again;
1672	}
1673	if (strcmp(called.name, star_smbserver_name)) {
1674	make_nmb_name(&called , star_smbserver_name, 0x20);
1675	goto again;
1676	}
1677	return NT_STATUS_BAD_NETWORK_NAME;
1678	}
1679
1680	cli_setup_signing_state(cli, signing_state);
1681
1682	if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
1683	cli->use_spnego = False;
1684	else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
1685	cli->use_kerberos = True;
1686
1687	if ((flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) &&
1688	cli->use_kerberos) {
1689	cli->fallback_after_kerberos = true;
1690	}
1691
1692	if (!cli_negprot(cli)) {
1693	DEBUG(1,("failed negprot\n"));
1694	nt_status = cli_nt_error(cli);
1695	if (NT_STATUS_IS_OK(nt_status)) {
1696	nt_status = NT_STATUS_UNSUCCESSFUL;
1697	}
1698	cli_shutdown(cli);
1699	return nt_status;
1700	}
1701
1702	*output_cli = cli;
1703	return NT_STATUS_OK;
1704	}
1705
1706
1707	/**
1708	establishes a connection right up to doing tconX, password specified.
1709	@param output_cli A fully initialised cli structure, non-null only on success
1710	@param dest_host The netbios name of the remote host
1711	@param dest_ip (optional) The the destination IP, NULL for name based lookup
1712	@param port (optional) The destination port (0 for default)
1713	@param service (optional) The share to make the connection to. Should be 'unqualified' in any way.
1714	@param service_type The 'type' of serivice.
1715	@param user Username, unix string
1716	@param domain User's domain
1717	@param password User's password, unencrypted unix string.
1718	@param retry bool. Did this connection fail with a retryable error ?
1719	*/
1720
1721	NTSTATUS cli_full_connection(struct cli_state **output_cli,
1722	const char *my_name,
1723	const char *dest_host,
1724	struct sockaddr_storage *dest_ss, int port,
1725	const char service, const char service_type,
1726	const char user, const char domain,
1727	const char *password, int flags,
1728	int signing_state,
1729	bool *retry)
1730	{
1731	NTSTATUS nt_status;
1732	struct cli_state *cli = NULL;
1733	int pw_len = password ? strlen(password)+1 : 0;
1734
1735	*output_cli = NULL;
1736
1737	if (password == NULL) {
1738	password = "";
1739	}
1740
1741	nt_status = cli_start_connection(&cli, my_name, dest_host,
1742	dest_ss, port, signing_state,
1743	flags, retry);
1744
1745	if (!NT_STATUS_IS_OK(nt_status)) {
1746	return nt_status;
1747	}
1748
1749	nt_status = cli_session_setup(cli, user, password, pw_len, password,
1750	pw_len, domain);
1751	if (!NT_STATUS_IS_OK(nt_status)) {
1752
1753	if (!(flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
1754	DEBUG(1,("failed session setup with %s\n",
1755	nt_errstr(nt_status)));
1756	cli_shutdown(cli);
1757	return nt_status;
1758	}
1759
1760	nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
1761	if (!NT_STATUS_IS_OK(nt_status)) {
1762	DEBUG(1,("anonymous failed session setup with %s\n",
1763	nt_errstr(nt_status)));
1764	cli_shutdown(cli);
1765	return nt_status;
1766	}
1767	}
1768
1769	if (service) {
1770	if (!cli_send_tconX(cli, service, service_type, password, pw_len)) {
1771	nt_status = cli_nt_error(cli);
1772	DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
1773	cli_shutdown(cli);
1774	if (NT_STATUS_IS_OK(nt_status)) {
1775	nt_status = NT_STATUS_UNSUCCESSFUL;
1776	}
1777	return nt_status;
1778	}
1779	}
1780
1781	cli_init_creds(cli, user, domain, password);
1782
1783	*output_cli = cli;
1784	return NT_STATUS_OK;
1785	}
1786
1787	/****************************************************************************
1788	Attempt a NetBIOS session request, falling back to *SMBSERVER if needed.
1789	****************************************************************************/
1790
1791	bool attempt_netbios_session_request(struct cli_state *ppcli, const char srchost, const char *desthost,
1792	struct sockaddr_storage *pdest_ss)
1793	{
1794	struct nmb_name calling, called;
1795
1796	make_nmb_name(&calling, srchost, 0x0);
1797
1798	/*
1799	* If the called name is an IP address
1800	* then use *SMBSERVER immediately.
1801	*/
1802
1803	if(is_ipaddress(desthost)) {
1804	make_nmb_name(&called, star_smbserver_name, 0x20);
1805	} else {
1806	make_nmb_name(&called, desthost, 0x20);
1807	}
1808
1809	if (!cli_session_request(*ppcli, &calling, &called)) {
1810	NTSTATUS status;
1811	struct nmb_name smbservername;
1812
1813	make_nmb_name(&smbservername, star_smbserver_name, 0x20);
1814
1815	/*
1816	* If the name wasn't *SMBSERVER then
1817	* try with *SMBSERVER if the first name fails.
1818	*/
1819
1820	if (nmb_name_equal(&called, &smbservername)) {
1821
1822	/*
1823	* The name used was *SMBSERVER, don't bother with another name.
1824	*/
1825
1826	DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
1827	with error %s.\n", desthost, cli_errstr(*ppcli) ));
1828	return False;
1829	}
1830
1831	/* Try again... */
1832	cli_shutdown(*ppcli);
1833
1834	*ppcli = cli_initialise();
1835	if (!*ppcli) {
1836	/* Out of memory... */
1837	return False;
1838	}
1839
1840	status = cli_connect(*ppcli, desthost, pdest_ss);
1841	if (!NT_STATUS_IS_OK(status) \|\|
1842	!cli_session_request(*ppcli, &calling, &smbservername)) {
1843	DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
1844	name SMBSERVER with error %s\n", desthost, cli_errstr(ppcli) ));
1845	return False;
1846	}
1847	}
1848
1849	return True;
1850	}
1851
1852	/****************************************************************************
1853	Send an old style tcon.
1854	****************************************************************************/
1855	NTSTATUS cli_raw_tcon(struct cli_state *cli,
1856	const char service, const char pass, const char *dev,
1857	uint16 max_xmit, uint16 tid)
1858	{
1859	char *p;
1860
1861	if (!lp_client_plaintext_auth() && (*pass)) {
1862	DEBUG(1, ("Server requested plaintext password but 'client "
1863	"plaintext auth' is disabled\n"));
1864	return NT_STATUS_ACCESS_DENIED;
1865	}
1866
1867	memset(cli->outbuf,'\0',smb_size);
1868	memset(cli->inbuf,'\0',smb_size);
1869
1870	cli_set_message(cli->outbuf, 0, 0, True);
1871	SCVAL(cli->outbuf,smb_com,SMBtcon);
1872	cli_setup_packet(cli);
1873
1874	p = smb_buf(cli->outbuf);
1875	*p++ = 4; p += clistr_push(cli, p, service, -1, STR_TERMINATE \| STR_NOALIGN);
1876	*p++ = 4; p += clistr_push(cli, p, pass, -1, STR_TERMINATE \| STR_NOALIGN);
1877	*p++ = 4; p += clistr_push(cli, p, dev, -1, STR_TERMINATE \| STR_NOALIGN);
1878
1879	cli_setup_bcc(cli, p);
1880
1881	cli_send_smb(cli);
1882	if (!cli_receive_smb(cli)) {
1883	return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
1884	}
1885
1886	if (cli_is_error(cli)) {
1887	return cli_nt_error(cli);
1888	}
1889
1890	*max_xmit = SVAL(cli->inbuf, smb_vwv0);
1891	*tid = SVAL(cli->inbuf, smb_vwv1);
1892
1893	return NT_STATUS_OK;
1894	}
1895
1896	/* Return a cli_state pointing at the IPC$ share for the given server */
1897
1898	struct cli_state get_ipc_connect(char server,
1899	struct sockaddr_storage *server_ss,
1900	const struct user_auth_info *user_info)
1901	{
1902	struct cli_state *cli;
1903	NTSTATUS nt_status;
1904	uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
1905
1906	if (user_info->use_kerberos) {
1907	flags \|= CLI_FULL_CONNECTION_USE_KERBEROS;
1908	}
1909
1910	nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
1911	user_info->username ? user_info->username : "",
1912	lp_workgroup(),
1913	user_info->password ? user_info->password : "",
1914	flags,
1915	Undefined, NULL);
1916
1917	if (NT_STATUS_IS_OK(nt_status)) {
1918	return cli;
1919	} else if (is_ipaddress(server)) {
1920	/* windows 9* needs a correct NMB name for connections */
1921	fstring remote_name;
1922
1923	if (name_status_find("*", 0, 0, server_ss, remote_name)) {
1924	cli = get_ipc_connect(remote_name, server_ss, user_info);
1925	if (cli)
1926	return cli;
1927	}
1928	}
1929	return NULL;
1930	}
1931
1932	/*
1933	* Given the IP address of a master browser on the network, return its
1934	* workgroup and connect to it.
1935	*
1936	* This function is provided to allow additional processing beyond what
1937	* get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
1938	* browsers and obtain each master browsers' list of domains (in case the
1939	* first master browser is recently on the network and has not yet
1940	* synchronized with other master browsers and therefore does not yet have the
1941	* entire network browse list)
1942	*/
1943
1944	struct cli_state get_ipc_connect_master_ip(TALLOC_CTX ctx,
1945	struct ip_service *mb_ip,
1946	const struct user_auth_info *user_info,
1947	char **pp_workgroup_out)
1948	{
1949	char addr[INET6_ADDRSTRLEN];
1950	fstring name;
1951	struct cli_state *cli;
1952	struct sockaddr_storage server_ss;
1953
1954	*pp_workgroup_out = NULL;
1955
1956	print_sockaddr(addr, sizeof(addr), &mb_ip->ss);
1957	DEBUG(99, ("Looking up name of master browser %s\n",
1958	addr));
1959
1960	/*
1961	* Do a name status query to find out the name of the master browser.
1962	* We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
1963	* master browser will not respond to a wildcard query (or, at least,
1964	* an NT4 server acting as the domain master browser will not).
1965	*
1966	* We might be able to use ONLY the query on MSBROWSE, but that's not
1967	* yet been tested with all Windows versions, so until it is, leave
1968	* the original wildcard query as the first choice and fall back to
1969	* MSBROWSE if the wildcard query fails.
1970	*/
1971	if (!name_status_find("*", 0, 0x1d, &mb_ip->ss, name) &&
1972	!name_status_find(MSBROWSE, 1, 0x1d, &mb_ip->ss, name)) {
1973
1974	DEBUG(99, ("Could not retrieve name status for %s\n",
1975	addr));
1976	return NULL;
1977	}
1978
1979	if (!find_master_ip(name, &server_ss)) {
1980	DEBUG(99, ("Could not find master ip for %s\n", name));
1981	return NULL;
1982	}
1983
1984	*pp_workgroup_out = talloc_strdup(ctx, name);
1985
1986	DEBUG(4, ("found master browser %s, %s\n", name, addr));
1987
1988	print_sockaddr(addr, sizeof(addr), &server_ss);
1989	cli = get_ipc_connect(addr, &server_ss, user_info);
1990
1991	return cli;
1992	}
1993
1994	/*
1995	* Return the IP address and workgroup of a master browser on the network, and
1996	* connect to it.
1997	*/
1998
1999	struct cli_state get_ipc_connect_master_ip_bcast(TALLOC_CTX ctx,
2000	const struct user_auth_info *user_info,
2001	char **pp_workgroup_out)
2002	{
2003	struct ip_service *ip_list;
2004	struct cli_state *cli;
2005	int i, count;
2006
2007	*pp_workgroup_out = NULL;
2008
2009	DEBUG(99, ("Do broadcast lookup for workgroups on local network\n"));
2010
2011	/* Go looking for workgroups by broadcasting on the local network */
2012
2013	if (!NT_STATUS_IS_OK(name_resolve_bcast(MSBROWSE, 1, &ip_list,
2014	&count))) {
2015	DEBUG(99, ("No master browsers responded\n"));
2016	return False;
2017	}
2018
2019	for (i = 0; i < count; i++) {
2020	char addr[INET6_ADDRSTRLEN];
2021	print_sockaddr(addr, sizeof(addr), &ip_list[i].ss);
2022	DEBUG(99, ("Found master browser %s\n", addr));
2023
2024	cli = get_ipc_connect_master_ip(ctx, &ip_list[i],
2025	user_info, pp_workgroup_out);
2026	if (cli)
2027	return(cli);
2028	}
2029
2030	return NULL;
2031	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: