Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: vendor/3.5.11/source3/libsmb/libsmb_server.c

Visit:

Last change on this file was 414, checked in by Herwig Bauernfeind, 16 years ago
Samba 3.5.0: Initial import
File size: 27.3 KB

Line
1	/*
2	Unix SMB/Netbios implementation.
3	SMB client library implementation
4	Copyright (C) Andrew Tridgell 1998
5	Copyright (C) Richard Sharpe 2000, 2002
6	Copyright (C) John Terpstra 2000
7	Copyright (C) Tom Jansen (Ninja ISD) 2002
8	Copyright (C) Derrell Lipman 2003-2008
9	Copyright (C) Jeremy Allison 2007, 2008
10	Copyright (C) SATOH Fumiyasu <fumiyas@osstech.co.jp> 2009.
11
12	This program is free software; you can redistribute it and/or modify
13	it under the terms of the GNU General Public License as published by
14	the Free Software Foundation; either version 3 of the License, or
15	(at your option) any later version.
16
17	This program is distributed in the hope that it will be useful,
18	but WITHOUT ANY WARRANTY; without even the implied warranty of
19	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20	GNU General Public License for more details.
21
22	You should have received a copy of the GNU General Public License
23	along with this program. If not, see <http://www.gnu.org/licenses/>.
24	*/
25
26	#include "includes.h"
27	#include "libsmbclient.h"
28	#include "libsmb_internal.h"
29
30
31	/*
32	* Check a server for being alive and well.
33	* returns 0 if the server is in shape. Returns 1 on error
34	*
35	* Also useable outside libsmbclient to enable external cache
36	* to do some checks too.
37	*/
38	int
39	SMBC_check_server(SMBCCTX * context,
40	SMBCSRV * server)
41	{
42	socklen_t size;
43	struct sockaddr addr;
44
45	size = sizeof(addr);
46	return (getpeername(server->cli->fd, &addr, &size) == -1);
47	}
48
49	/*
50	* Remove a server from the cached server list it's unused.
51	* On success, 0 is returned. 1 is returned if the server could not be removed.
52	*
53	* Also useable outside libsmbclient
54	*/
55	int
56	SMBC_remove_unused_server(SMBCCTX * context,
57	SMBCSRV * srv)
58	{
59	SMBCFILE * file;
60
61	/* are we being fooled ? */
62	if (!context \|\| !context->internal->initialized \|\| !srv) {
63	return 1;
64	}
65
66	/* Check all open files/directories for a relation with this server */
67	for (file = context->internal->files; file; file = file->next) {
68	if (file->srv == srv) {
69	/* Still used */
70	DEBUG(3, ("smbc_remove_usused_server: "
71	"%p still used by %p.\n",
72	srv, file));
73	return 1;
74	}
75	}
76
77	DLIST_REMOVE(context->internal->servers, srv);
78
79	cli_shutdown(srv->cli);
80	srv->cli = NULL;
81
82	DEBUG(3, ("smbc_remove_usused_server: %p removed.\n", srv));
83
84	smbc_getFunctionRemoveCachedServer(context)(context, srv);
85
86	SAFE_FREE(srv);
87	return 0;
88	}
89
90	/****************************************************************
91	* Call the auth_fn with fixed size (fstring) buffers.
92	***************************************************************/
93	void
94	SMBC_call_auth_fn(TALLOC_CTX *ctx,
95	SMBCCTX *context,
96	const char *server,
97	const char *share,
98	char **pp_workgroup,
99	char **pp_username,
100	char **pp_password)
101	{
102	fstring workgroup;
103	fstring username;
104	fstring password;
105	smbc_get_auth_data_with_context_fn auth_with_context_fn;
106
107	strlcpy(workgroup, *pp_workgroup, sizeof(workgroup));
108	strlcpy(username, *pp_username, sizeof(username));
109	strlcpy(password, *pp_password, sizeof(password));
110
111	/* See if there's an authentication with context function provided */
112	auth_with_context_fn = smbc_getFunctionAuthDataWithContext(context);
113	if (auth_with_context_fn)
114	{
115	(* auth_with_context_fn)(context,
116	server, share,
117	workgroup, sizeof(workgroup),
118	username, sizeof(username),
119	password, sizeof(password));
120	}
121	else
122	{
123	smbc_getFunctionAuthData(context)(server, share,
124	workgroup, sizeof(workgroup),
125	username, sizeof(username),
126	password, sizeof(password));
127	}
128
129	TALLOC_FREE(*pp_workgroup);
130	TALLOC_FREE(*pp_username);
131	TALLOC_FREE(*pp_password);
132
133	*pp_workgroup = talloc_strdup(ctx, workgroup);
134	*pp_username = talloc_strdup(ctx, username);
135	*pp_password = talloc_strdup(ctx, password);
136	}
137
138
139	void
140	SMBC_get_auth_data(const char server, const char share,
141	char *workgroup_buf, int workgroup_buf_len,
142	char *username_buf, int username_buf_len,
143	char *password_buf, int password_buf_len)
144	{
145	/* Default function just uses provided data. Nothing to do. */
146	}
147
148
149
150	SMBCSRV *
151	SMBC_find_server(TALLOC_CTX *ctx,
152	SMBCCTX *context,
153	const char *server,
154	const char *share,
155	char **pp_workgroup,
156	char **pp_username,
157	char **pp_password)
158	{
159	SMBCSRV *srv;
160	int auth_called = 0;
161
162	if (!pp_workgroup \|\| !pp_username \|\| !pp_password) {
163	return NULL;
164	}
165
166	check_server_cache:
167
168	srv = smbc_getFunctionGetCachedServer(context)(context,
169	server, share,
170	*pp_workgroup,
171	*pp_username);
172
173	if (!auth_called && !srv && (!pp_username \|\| !(pp_username)[0] \|\|
174	!pp_password \|\| !(pp_password)[0])) {
175	SMBC_call_auth_fn(ctx, context, server, share,
176	pp_workgroup, pp_username, pp_password);
177
178	/*
179	* However, smbc_auth_fn may have picked up info relating to
180	* an existing connection, so try for an existing connection
181	* again ...
182	*/
183	auth_called = 1;
184	goto check_server_cache;
185
186	}
187
188	if (srv) {
189	if (smbc_getFunctionCheckServer(context)(context, srv)) {
190	/*
191	* This server is no good anymore
192	* Try to remove it and check for more possible
193	* servers in the cache
194	*/
195	if (smbc_getFunctionRemoveUnusedServer(context)(context,
196	srv)) {
197	/*
198	* We could not remove the server completely,
199	* remove it from the cache so we will not get
200	* it again. It will be removed when the last
201	* file/dir is closed.
202	*/
203	smbc_getFunctionRemoveCachedServer(context)(context,
204	srv);
205	}
206
207	/*
208	* Maybe there are more cached connections to this
209	* server
210	*/
211	goto check_server_cache;
212	}
213
214	return srv;
215	}
216
217	return NULL;
218	}
219
220	/*
221	* Connect to a server, possibly on an existing connection
222	*
223	* Here, what we want to do is: If the server and username
224	* match an existing connection, reuse that, otherwise, establish a
225	* new connection.
226	*
227	* If we have to create a new connection, call the auth_fn to get the
228	* info we need, unless the username and password were passed in.
229	*/
230
231	static SMBCSRV *
232	SMBC_server_internal(TALLOC_CTX *ctx,
233	SMBCCTX *context,
234	bool connect_if_not_found,
235	const char *server,
236	const char *share,
237	char **pp_workgroup,
238	char **pp_username,
239	char **pp_password,
240	bool *in_cache)
241	{
242	SMBCSRV *srv=NULL;
243	char *workgroup = NULL;
244	struct cli_state *c;
245	struct nmb_name called, calling;
246	const char *server_n = server;
247	struct sockaddr_storage ss;
248	int tried_reverse = 0;
249	int port_try_first;
250	int port_try_next;
251	int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
252	uint32 fs_attrs = 0;
253	const char *username_used;
254	NTSTATUS status;
255	char newserver, newshare;
256
257	zero_sockaddr(&ss);
258	ZERO_STRUCT(c);
259	*in_cache = false;
260
261	if (server[0] == 0) {
262	errno = EPERM;
263	return NULL;
264	}
265
266	/* Look for a cached connection */
267	srv = SMBC_find_server(ctx, context, server, share,
268	pp_workgroup, pp_username, pp_password);
269
270	/*
271	* If we found a connection and we're only allowed one share per
272	* server...
273	*/
274	if (srv &&
275	*share != '\0' &&
276	smbc_getOptionOneSharePerServer(context)) {
277
278	/*
279	* ... then if there's no current connection to the share,
280	* connect to it. SMBC_find_server(), or rather the function
281	* pointed to by context->get_cached_srv_fn which
282	* was called by SMBC_find_server(), will have issued a tree
283	* disconnect if the requested share is not the same as the
284	* one that was already connected.
285	*/
286
287	/*
288	* Use srv->cli->desthost and srv->cli->share instead of
289	* server and share below to connect to the actual share,
290	* i.e., a normal share or a referred share from
291	* 'msdfs proxy' share.
292	*/
293	if (srv->cli->cnum == (uint16) -1) {
294	/* Ensure we have accurate auth info */
295	SMBC_call_auth_fn(ctx, context,
296	srv->cli->desthost,
297	srv->cli->share,
298	pp_workgroup,
299	pp_username,
300	pp_password);
301
302	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
303	errno = ENOMEM;
304	cli_shutdown(srv->cli);
305	srv->cli = NULL;
306	smbc_getFunctionRemoveCachedServer(context)(context,
307	srv);
308	return NULL;
309	}
310
311	/*
312	* We don't need to renegotiate encryption
313	* here as the encryption context is not per
314	* tid.
315	*/
316
317	status = cli_tcon_andx(srv->cli, srv->cli->share, "?????",
318	*pp_password,
319	strlen(*pp_password)+1);
320	if (!NT_STATUS_IS_OK(status)) {
321	errno = map_errno_from_nt_status(status);
322	cli_shutdown(srv->cli);
323	srv->cli = NULL;
324	smbc_getFunctionRemoveCachedServer(context)(context,
325	srv);
326	srv = NULL;
327	}
328
329	/* Determine if this share supports case sensitivity */
330	if (is_ipc) {
331	DEBUG(4,
332	("IPC$ so ignore case sensitivity\n"));
333	} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
334	DEBUG(4, ("Could not retrieve "
335	"case sensitivity flag: %s.\n",
336	cli_errstr(c)));
337
338	/*
339	* We can't determine the case sensitivity of
340	* the share. We have no choice but to use the
341	* user-specified case sensitivity setting.
342	*/
343	if (smbc_getOptionCaseSensitive(context)) {
344	cli_set_case_sensitive(c, True);
345	} else {
346	cli_set_case_sensitive(c, False);
347	}
348	} else {
349	DEBUG(4,
350	("Case sensitive: %s\n",
351	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
352	? "True"
353	: "False")));
354	cli_set_case_sensitive(
355	c,
356	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
357	? True
358	: False));
359	}
360
361	/*
362	* Regenerate the dev value since it's based on both
363	* server and share
364	*/
365	if (srv) {
366	srv->dev = (dev_t)(str_checksum(srv->cli->desthost) ^
367	str_checksum(srv->cli->share));
368	}
369	}
370	}
371
372	/* If we have a connection... */
373	if (srv) {
374
375	/* ... then we're done here. Give 'em what they came for. */
376	*in_cache = true;
377	goto done;
378	}
379
380	/* If we're not asked to connect when a connection doesn't exist... */
381	if (! connect_if_not_found) {
382	/* ... then we're done here. */
383	return NULL;
384	}
385
386	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
387	errno = ENOMEM;
388	return NULL;
389	}
390
391	make_nmb_name(&calling, smbc_getNetbiosName(context), 0x0);
392	make_nmb_name(&called , server, 0x20);
393
394	DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
395
396	DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
397
398	again:
399
400	zero_sockaddr(&ss);
401
402	/* have to open a new connection */
403	if ((c = cli_initialise()) == NULL) {
404	errno = ENOMEM;
405	return NULL;
406	}
407
408	if (smbc_getOptionUseKerberos(context)) {
409	c->use_kerberos = True;
410	}
411
412	if (smbc_getOptionFallbackAfterKerberos(context)) {
413	c->fallback_after_kerberos = True;
414	}
415
416	if (smbc_getOptionUseCCache(context)) {
417	c->use_ccache = True;
418	}
419
420	c->timeout = smbc_getTimeout(context);
421
422	/*
423	* Force use of port 139 for first try if share is $IPC, empty, or
424	* null, so browse lists can work
425	*/
426	if (share == NULL \|\| *share == '\0' \|\| is_ipc) {
427	port_try_first = 139;
428	port_try_next = 445;
429	} else {
430	port_try_first = 445;
431	port_try_next = 139;
432	}
433
434	c->port = port_try_first;
435
436	status = cli_connect(c, server_n, &ss);
437	if (!NT_STATUS_IS_OK(status)) {
438
439	/* First connection attempt failed. Try alternate port. */
440	c->port = port_try_next;
441
442	status = cli_connect(c, server_n, &ss);
443	if (!NT_STATUS_IS_OK(status)) {
444	cli_shutdown(c);
445	errno = ETIMEDOUT;
446	return NULL;
447	}
448	}
449
450	if (!cli_session_request(c, &calling, &called)) {
451	cli_shutdown(c);
452	if (strcmp(called.name, "*SMBSERVER")) {
453	make_nmb_name(&called , "*SMBSERVER", 0x20);
454	goto again;
455	} else { /* Try one more time, but ensure we don't loop */
456
457	/* Only try this if server is an IP address ... */
458
459	if (is_ipaddress(server) && !tried_reverse) {
460	fstring remote_name;
461	struct sockaddr_storage rem_ss;
462
463	if (!interpret_string_addr(&rem_ss, server,
464	NI_NUMERICHOST)) {
465	DEBUG(4, ("Could not convert IP address "
466	"%s to struct sockaddr_storage\n",
467	server));
468	errno = ETIMEDOUT;
469	return NULL;
470	}
471
472	tried_reverse++; /* Yuck */
473
474	if (name_status_find("*", 0, 0,
475	&rem_ss, remote_name)) {
476	make_nmb_name(&called,
477	remote_name,
478	0x20);
479	goto again;
480	}
481	}
482	}
483	errno = ETIMEDOUT;
484	return NULL;
485	}
486
487	DEBUG(4,(" session request ok\n"));
488
489	status = cli_negprot(c);
490
491	if (!NT_STATUS_IS_OK(status)) {
492	cli_shutdown(c);
493	errno = ETIMEDOUT;
494	return NULL;
495	}
496
497	username_used = *pp_username;
498
499	if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
500	*pp_password,
501	strlen(*pp_password),
502	*pp_password,
503	strlen(*pp_password),
504	*pp_workgroup))) {
505
506	/* Failed. Try an anonymous login, if allowed by flags. */
507	username_used = "";
508
509	if (smbc_getOptionNoAutoAnonymousLogin(context) \|\|
510	!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
511	*pp_password, 1,
512	*pp_password, 0,
513	*pp_workgroup))) {
514
515	cli_shutdown(c);
516	errno = EPERM;
517	return NULL;
518	}
519	}
520
521	status = cli_init_creds(c, username_used,
522	pp_workgroup, pp_password);
523	if (!NT_STATUS_IS_OK(status)) {
524	errno = map_errno_from_nt_status(status);
525	cli_shutdown(c);
526	return NULL;
527	}
528
529	DEBUG(4,(" session setup ok\n"));
530
531	/* here's the fun part....to support 'msdfs proxy' shares
532	(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
533	here before trying to connect to the original share.
534	cli_check_msdfs_proxy() will fail if it is a normal share. */
535
536	if ((c->capabilities & CAP_DFS) &&
537	cli_check_msdfs_proxy(ctx, c, share,
538	&newserver, &newshare,
539	/* FIXME: cli_check_msdfs_proxy() does
540	not support smbc_smb_encrypt_level type */
541	context->internal->smb_encryption_level ?
542	true : false,
543	*pp_username,
544	*pp_password,
545	*pp_workgroup)) {
546	cli_shutdown(c);
547	srv = SMBC_server_internal(ctx, context, connect_if_not_found,
548	newserver, newshare, pp_workgroup,
549	pp_username, pp_password, in_cache);
550	TALLOC_FREE(newserver);
551	TALLOC_FREE(newshare);
552	return srv;
553	}
554
555	/* must be a normal share */
556
557	status = cli_tcon_andx(c, share, "?????", *pp_password,
558	strlen(*pp_password)+1);
559	if (!NT_STATUS_IS_OK(status)) {
560	errno = map_errno_from_nt_status(status);
561	cli_shutdown(c);
562	return NULL;
563	}
564
565	DEBUG(4,(" tconx ok\n"));
566
567	/* Determine if this share supports case sensitivity */
568	if (is_ipc) {
569	DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
570	} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
571	DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
572	cli_errstr(c)));
573
574	/*
575	* We can't determine the case sensitivity of the share. We
576	* have no choice but to use the user-specified case
577	* sensitivity setting.
578	*/
579	if (smbc_getOptionCaseSensitive(context)) {
580	cli_set_case_sensitive(c, True);
581	} else {
582	cli_set_case_sensitive(c, False);
583	}
584	} else {
585	DEBUG(4, ("Case sensitive: %s\n",
586	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
587	? "True"
588	: "False")));
589	cli_set_case_sensitive(c,
590	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
591	? True
592	: False));
593	}
594
595	if (context->internal->smb_encryption_level) {
596	/* Attempt UNIX smb encryption. */
597	if (!NT_STATUS_IS_OK(cli_force_encryption(c,
598	username_used,
599	*pp_password,
600	*pp_workgroup))) {
601
602	/*
603	* context->smb_encryption_level == 1
604	* means don't fail if encryption can't be negotiated,
605	* == 2 means fail if encryption can't be negotiated.
606	*/
607
608	DEBUG(4,(" SMB encrypt failed\n"));
609
610	if (context->internal->smb_encryption_level == 2) {
611	cli_shutdown(c);
612	errno = EPERM;
613	return NULL;
614	}
615	}
616	DEBUG(4,(" SMB encrypt ok\n"));
617	}
618
619	/*
620	* Ok, we have got a nice connection
621	* Let's allocate a server structure.
622	*/
623
624	srv = SMB_MALLOC_P(SMBCSRV);
625	if (!srv) {
626	cli_shutdown(c);
627	errno = ENOMEM;
628	return NULL;
629	}
630
631	ZERO_STRUCTP(srv);
632	srv->cli = c;
633	srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
634	srv->no_pathinfo = False;
635	srv->no_pathinfo2 = False;
636	srv->no_nt_session = False;
637
638	done:
639	if (!pp_workgroup \|\| !pp_workgroup \|\| !*pp_workgroup) {
640	workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
641	} else {
642	workgroup = *pp_workgroup;
643	}
644	if(!workgroup) {
645	return NULL;
646	}
647
648	/* set the credentials to make DFS work */
649	smbc_set_credentials_with_fallback(context,
650	workgroup,
651	*pp_username,
652	*pp_password);
653
654	return srv;
655	}
656
657	SMBCSRV *
658	SMBC_server(TALLOC_CTX *ctx,
659	SMBCCTX *context,
660	bool connect_if_not_found,
661	const char *server,
662	const char *share,
663	char **pp_workgroup,
664	char **pp_username,
665	char **pp_password)
666	{
667	SMBCSRV *srv=NULL;
668	bool in_cache = false;
669
670	srv = SMBC_server_internal(ctx, context, connect_if_not_found,
671	server, share, pp_workgroup,
672	pp_username, pp_password, &in_cache);
673
674	if (!srv) {
675	return NULL;
676	}
677	if (in_cache) {
678	return srv;
679	}
680
681	/* Now add it to the cache (internal or external) */
682	/* Let the cache function set errno if it wants to */
683	errno = 0;
684	if (smbc_getFunctionAddCachedServer(context)(context, srv,
685	server, share,
686	*pp_workgroup,
687	*pp_username)) {
688	int saved_errno = errno;
689	DEBUG(3, (" Failed to add server to cache\n"));
690	errno = saved_errno;
691	if (errno == 0) {
692	errno = ENOMEM;
693	}
694	SAFE_FREE(srv);
695	return NULL;
696	}
697
698	DEBUG(2, ("Server connect ok: //%s/%s: %p\n",
699	server, share, srv));
700
701	DLIST_ADD(context->internal->servers, srv);
702	return srv;
703	}
704
705	/*
706	* Connect to a server for getting/setting attributes, possibly on an existing
707	* connection. This works similarly to SMBC_server().
708	*/
709	SMBCSRV *
710	SMBC_attr_server(TALLOC_CTX *ctx,
711	SMBCCTX *context,
712	const char *server,
713	const char *share,
714	char **pp_workgroup,
715	char **pp_username,
716	char **pp_password)
717	{
718	int flags;
719	struct sockaddr_storage ss;
720	struct cli_state *ipc_cli = NULL;
721	struct rpc_pipe_client *pipe_hnd = NULL;
722	NTSTATUS nt_status;
723	SMBCSRV *srv=NULL;
724	SMBCSRV *ipc_srv=NULL;
725
726	/*
727	* Use srv->cli->desthost and srv->cli->share instead of
728	* server and share below to connect to the actual share,
729	* i.e., a normal share or a referred share from
730	* 'msdfs proxy' share.
731	*/
732	srv = SMBC_server(ctx, context, true, server, share,
733	pp_workgroup, pp_username, pp_password);
734	if (!srv) {
735	return NULL;
736	}
737	server = srv->cli->desthost;
738	share = srv->cli->share;
739
740	/*
741	* See if we've already created this special connection. Reference
742	* our "special" share name '*IPC$', which is an impossible real share
743	* name due to the leading asterisk.
744	*/
745	ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
746	pp_workgroup, pp_username, pp_password);
747	if (!ipc_srv) {
748
749	/* We didn't find a cached connection. Get the password */
750	if (!pp_password \|\| (pp_password)[0] == '\0') {
751	/* ... then retrieve it now. */
752	SMBC_call_auth_fn(ctx, context, server, share,
753	pp_workgroup,
754	pp_username,
755	pp_password);
756	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
757	errno = ENOMEM;
758	return NULL;
759	}
760	}
761
762	flags = 0;
763	if (smbc_getOptionUseKerberos(context)) {
764	flags \|= CLI_FULL_CONNECTION_USE_KERBEROS;
765	}
766	if (smbc_getOptionUseCCache(context)) {
767	flags \|= CLI_FULL_CONNECTION_USE_CCACHE;
768	}
769
770	zero_sockaddr(&ss);
771	nt_status = cli_full_connection(&ipc_cli,
772	global_myname(), server,
773	&ss, 0, "IPC$", "?????",
774	*pp_username,
775	*pp_workgroup,
776	*pp_password,
777	flags,
778	Undefined, NULL);
779	if (! NT_STATUS_IS_OK(nt_status)) {
780	DEBUG(1,("cli_full_connection failed! (%s)\n",
781	nt_errstr(nt_status)));
782	errno = ENOTSUP;
783	return NULL;
784	}
785
786	if (context->internal->smb_encryption_level) {
787	/* Attempt UNIX smb encryption. */
788	if (!NT_STATUS_IS_OK(cli_force_encryption(ipc_cli,
789	*pp_username,
790	*pp_password,
791	*pp_workgroup))) {
792
793	/*
794	* context->smb_encryption_level ==
795	* 1 means don't fail if encryption can't be
796	* negotiated, == 2 means fail if encryption
797	* can't be negotiated.
798	*/
799
800	DEBUG(4,(" SMB encrypt failed on IPC$\n"));
801
802	if (context->internal->smb_encryption_level == 2) {
803	cli_shutdown(ipc_cli);
804	errno = EPERM;
805	return NULL;
806	}
807	}
808	DEBUG(4,(" SMB encrypt ok on IPC$\n"));
809	}
810
811	ipc_srv = SMB_MALLOC_P(SMBCSRV);
812	if (!ipc_srv) {
813	errno = ENOMEM;
814	cli_shutdown(ipc_cli);
815	return NULL;
816	}
817
818	ZERO_STRUCTP(ipc_srv);
819	ipc_srv->cli = ipc_cli;
820
821	nt_status = cli_rpc_pipe_open_noauth(
822	ipc_srv->cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd);
823	if (!NT_STATUS_IS_OK(nt_status)) {
824	DEBUG(1, ("cli_nt_session_open fail!\n"));
825	errno = ENOTSUP;
826	cli_shutdown(ipc_srv->cli);
827	free(ipc_srv);
828	return NULL;
829	}
830
831	/*
832	* Some systems don't support
833	* SEC_FLAG_MAXIMUM_ALLOWED, but NT sends 0x2000000
834	* so we might as well do it too.
835	*/
836
837	nt_status = rpccli_lsa_open_policy(
838	pipe_hnd,
839	talloc_tos(),
840	True,
841	GENERIC_EXECUTE_ACCESS,
842	&ipc_srv->pol);
843
844	if (!NT_STATUS_IS_OK(nt_status)) {
845	errno = SMBC_errno(context, ipc_srv->cli);
846	cli_shutdown(ipc_srv->cli);
847	return NULL;
848	}
849
850	/* now add it to the cache (internal or external) */
851
852	errno = 0; /* let cache function set errno if it likes */
853	if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv,
854	server,
855	"*IPC$",
856	*pp_workgroup,
857	*pp_username)) {
858	DEBUG(3, (" Failed to add server to cache\n"));
859	if (errno == 0) {
860	errno = ENOMEM;
861	}
862	cli_shutdown(ipc_srv->cli);
863	free(ipc_srv);
864	return NULL;
865	}
866
867	DLIST_ADD(context->internal->servers, ipc_srv);
868	}
869
870	return ipc_srv;
871	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: