Context Navigation

source: vendor/3.6.23/source3/libsmb/libsmb_server.c

Visit:

Last change on this file was 740, checked in by Silvan Scherrer, 13 years ago
Samba Server: update vendor to 3.6.0
File size: 28.4 KB

Line
1	/*
2	Unix SMB/Netbios implementation.
3	SMB client library implementation
4	Copyright (C) Andrew Tridgell 1998
5	Copyright (C) Richard Sharpe 2000, 2002
6	Copyright (C) John Terpstra 2000
7	Copyright (C) Tom Jansen (Ninja ISD) 2002
8	Copyright (C) Derrell Lipman 2003-2008
9	Copyright (C) Jeremy Allison 2007, 2008
10	Copyright (C) SATOH Fumiyasu <fumiyas@osstech.co.jp> 2009.
11
12	This program is free software; you can redistribute it and/or modify
13	it under the terms of the GNU General Public License as published by
14	the Free Software Foundation; either version 3 of the License, or
15	(at your option) any later version.
16
17	This program is distributed in the hope that it will be useful,
18	but WITHOUT ANY WARRANTY; without even the implied warranty of
19	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20	GNU General Public License for more details.
21
22	You should have received a copy of the GNU General Public License
23	along with this program. If not, see <http://www.gnu.org/licenses/>.
24	*/
25
26	#include "includes.h"
27	#include "libsmb/libsmb.h"
28	#include "libsmbclient.h"
29	#include "libsmb_internal.h"
30	#include "../librpc/gen_ndr/ndr_lsa.h"
31	#include "rpc_client/cli_pipe.h"
32	#include "rpc_client/cli_lsarpc.h"
33	#include "libcli/security/security.h"
34	#include "libsmb/nmblib.h"
35
36	/*
37	* Check a server for being alive and well.
38	* returns 0 if the server is in shape. Returns 1 on error
39	*
40	* Also useable outside libsmbclient to enable external cache
41	* to do some checks too.
42	*/
43	int
44	SMBC_check_server(SMBCCTX * context,
45	SMBCSRV * server)
46	{
47	socklen_t size;
48	struct sockaddr addr;
49
50	size = sizeof(addr);
51	return (getpeername(server->cli->fd, &addr, &size) == -1);
52	}
53
54	/*
55	* Remove a server from the cached server list it's unused.
56	* On success, 0 is returned. 1 is returned if the server could not be removed.
57	*
58	* Also useable outside libsmbclient
59	*/
60	int
61	SMBC_remove_unused_server(SMBCCTX * context,
62	SMBCSRV * srv)
63	{
64	SMBCFILE * file;
65
66	/* are we being fooled ? */
67	if (!context \|\| !context->internal->initialized \|\| !srv) {
68	return 1;
69	}
70
71	/* Check all open files/directories for a relation with this server */
72	for (file = context->internal->files; file; file = file->next) {
73	if (file->srv == srv) {
74	/* Still used */
75	DEBUG(3, ("smbc_remove_usused_server: "
76	"%p still used by %p.\n",
77	srv, file));
78	return 1;
79	}
80	}
81
82	DLIST_REMOVE(context->internal->servers, srv);
83
84	cli_shutdown(srv->cli);
85	srv->cli = NULL;
86
87	DEBUG(3, ("smbc_remove_usused_server: %p removed.\n", srv));
88
89	smbc_getFunctionRemoveCachedServer(context)(context, srv);
90
91	SAFE_FREE(srv);
92	return 0;
93	}
94
95	/****************************************************************
96	* Call the auth_fn with fixed size (fstring) buffers.
97	***************************************************************/
98	void
99	SMBC_call_auth_fn(TALLOC_CTX *ctx,
100	SMBCCTX *context,
101	const char *server,
102	const char *share,
103	char **pp_workgroup,
104	char **pp_username,
105	char **pp_password)
106	{
107	fstring workgroup;
108	fstring username;
109	fstring password;
110	smbc_get_auth_data_with_context_fn auth_with_context_fn;
111
112	strlcpy(workgroup, *pp_workgroup, sizeof(workgroup));
113	strlcpy(username, *pp_username, sizeof(username));
114	strlcpy(password, *pp_password, sizeof(password));
115
116	/* See if there's an authentication with context function provided */
117	auth_with_context_fn = smbc_getFunctionAuthDataWithContext(context);
118	if (auth_with_context_fn)
119	{
120	(* auth_with_context_fn)(context,
121	server, share,
122	workgroup, sizeof(workgroup),
123	username, sizeof(username),
124	password, sizeof(password));
125	}
126	else
127	{
128	smbc_getFunctionAuthData(context)(server, share,
129	workgroup, sizeof(workgroup),
130	username, sizeof(username),
131	password, sizeof(password));
132	}
133
134	TALLOC_FREE(*pp_workgroup);
135	TALLOC_FREE(*pp_username);
136	TALLOC_FREE(*pp_password);
137
138	*pp_workgroup = talloc_strdup(ctx, workgroup);
139	*pp_username = talloc_strdup(ctx, username);
140	*pp_password = talloc_strdup(ctx, password);
141	}
142
143
144	void
145	SMBC_get_auth_data(const char server, const char share,
146	char *workgroup_buf, int workgroup_buf_len,
147	char *username_buf, int username_buf_len,
148	char *password_buf, int password_buf_len)
149	{
150	/* Default function just uses provided data. Nothing to do. */
151	}
152
153
154
155	SMBCSRV *
156	SMBC_find_server(TALLOC_CTX *ctx,
157	SMBCCTX *context,
158	const char *server,
159	const char *share,
160	char **pp_workgroup,
161	char **pp_username,
162	char **pp_password)
163	{
164	SMBCSRV *srv;
165	int auth_called = 0;
166
167	if (!pp_workgroup \|\| !pp_username \|\| !pp_password) {
168	return NULL;
169	}
170
171	check_server_cache:
172
173	srv = smbc_getFunctionGetCachedServer(context)(context,
174	server, share,
175	*pp_workgroup,
176	*pp_username);
177
178	if (!auth_called && !srv && (!pp_username \|\| !(pp_username)[0] \|\|
179	!pp_password \|\| !(pp_password)[0])) {
180	SMBC_call_auth_fn(ctx, context, server, share,
181	pp_workgroup, pp_username, pp_password);
182
183	/*
184	* However, smbc_auth_fn may have picked up info relating to
185	* an existing connection, so try for an existing connection
186	* again ...
187	*/
188	auth_called = 1;
189	goto check_server_cache;
190
191	}
192
193	if (srv) {
194	if (smbc_getFunctionCheckServer(context)(context, srv)) {
195	/*
196	* This server is no good anymore
197	* Try to remove it and check for more possible
198	* servers in the cache
199	*/
200	if (smbc_getFunctionRemoveUnusedServer(context)(context,
201	srv)) {
202	/*
203	* We could not remove the server completely,
204	* remove it from the cache so we will not get
205	* it again. It will be removed when the last
206	* file/dir is closed.
207	*/
208	smbc_getFunctionRemoveCachedServer(context)(context,
209	srv);
210	}
211
212	/*
213	* Maybe there are more cached connections to this
214	* server
215	*/
216	goto check_server_cache;
217	}
218
219	return srv;
220	}
221
222	return NULL;
223	}
224
225	/*
226	* Connect to a server, possibly on an existing connection
227	*
228	* Here, what we want to do is: If the server and username
229	* match an existing connection, reuse that, otherwise, establish a
230	* new connection.
231	*
232	* If we have to create a new connection, call the auth_fn to get the
233	* info we need, unless the username and password were passed in.
234	*/
235
236	static SMBCSRV *
237	SMBC_server_internal(TALLOC_CTX *ctx,
238	SMBCCTX *context,
239	bool connect_if_not_found,
240	const char *server,
241	const char *share,
242	char **pp_workgroup,
243	char **pp_username,
244	char **pp_password,
245	bool *in_cache)
246	{
247	SMBCSRV *srv=NULL;
248	char *workgroup = NULL;
249	struct cli_state *c;
250	struct nmb_name called, calling;
251	const char *server_n = server;
252	struct sockaddr_storage ss;
253	int tried_reverse = 0;
254	int port_try_first;
255	int port_try_next;
256	int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
257	uint32 fs_attrs = 0;
258	const char *username_used;
259	NTSTATUS status;
260	char newserver, newshare;
261
262	zero_sockaddr(&ss);
263	ZERO_STRUCT(c);
264	*in_cache = false;
265
266	if (server[0] == 0) {
267	errno = EPERM;
268	return NULL;
269	}
270
271	/* Look for a cached connection */
272	srv = SMBC_find_server(ctx, context, server, share,
273	pp_workgroup, pp_username, pp_password);
274
275	/*
276	* If we found a connection and we're only allowed one share per
277	* server...
278	*/
279	if (srv &&
280	*share != '\0' &&
281	smbc_getOptionOneSharePerServer(context)) {
282
283	/*
284	* ... then if there's no current connection to the share,
285	* connect to it. SMBC_find_server(), or rather the function
286	* pointed to by context->get_cached_srv_fn which
287	* was called by SMBC_find_server(), will have issued a tree
288	* disconnect if the requested share is not the same as the
289	* one that was already connected.
290	*/
291
292	/*
293	* Use srv->cli->desthost and srv->cli->share instead of
294	* server and share below to connect to the actual share,
295	* i.e., a normal share or a referred share from
296	* 'msdfs proxy' share.
297	*/
298	if (srv->cli->cnum == (uint16) -1) {
299	/* Ensure we have accurate auth info */
300	SMBC_call_auth_fn(ctx, context,
301	srv->cli->desthost,
302	srv->cli->share,
303	pp_workgroup,
304	pp_username,
305	pp_password);
306
307	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
308	errno = ENOMEM;
309	cli_shutdown(srv->cli);
310	srv->cli = NULL;
311	smbc_getFunctionRemoveCachedServer(context)(context,
312	srv);
313	return NULL;
314	}
315
316	/*
317	* We don't need to renegotiate encryption
318	* here as the encryption context is not per
319	* tid.
320	*/
321
322	status = cli_tcon_andx(srv->cli, srv->cli->share, "?????",
323	*pp_password,
324	strlen(*pp_password)+1);
325	if (!NT_STATUS_IS_OK(status)) {
326	errno = map_errno_from_nt_status(status);
327	cli_shutdown(srv->cli);
328	srv->cli = NULL;
329	smbc_getFunctionRemoveCachedServer(context)(context,
330	srv);
331	srv = NULL;
332	}
333
334	/* Determine if this share supports case sensitivity */
335	if (is_ipc) {
336	DEBUG(4,
337	("IPC$ so ignore case sensitivity\n"));
338	} else if (!NT_STATUS_IS_OK(cli_get_fs_attr_info(c, &fs_attrs))) {
339	DEBUG(4, ("Could not retrieve "
340	"case sensitivity flag: %s.\n",
341	cli_errstr(c)));
342
343	/*
344	* We can't determine the case sensitivity of
345	* the share. We have no choice but to use the
346	* user-specified case sensitivity setting.
347	*/
348	if (smbc_getOptionCaseSensitive(context)) {
349	cli_set_case_sensitive(c, True);
350	} else {
351	cli_set_case_sensitive(c, False);
352	}
353	} else {
354	DEBUG(4,
355	("Case sensitive: %s\n",
356	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
357	? "True"
358	: "False")));
359	cli_set_case_sensitive(
360	c,
361	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
362	? True
363	: False));
364	}
365
366	/*
367	* Regenerate the dev value since it's based on both
368	* server and share
369	*/
370	if (srv) {
371	srv->dev = (dev_t)(str_checksum(srv->cli->desthost) ^
372	str_checksum(srv->cli->share));
373	}
374	}
375	}
376
377	/* If we have a connection... */
378	if (srv) {
379
380	/* ... then we're done here. Give 'em what they came for. */
381	*in_cache = true;
382	goto done;
383	}
384
385	/* If we're not asked to connect when a connection doesn't exist... */
386	if (! connect_if_not_found) {
387	/* ... then we're done here. */
388	return NULL;
389	}
390
391	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
392	errno = ENOMEM;
393	return NULL;
394	}
395
396	make_nmb_name(&calling, smbc_getNetbiosName(context), 0x0);
397	make_nmb_name(&called , server, 0x20);
398
399	DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
400
401	DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
402
403	again:
404
405	zero_sockaddr(&ss);
406
407	/* have to open a new connection */
408	if ((c = cli_initialise()) == NULL) {
409	errno = ENOMEM;
410	return NULL;
411	}
412
413	if (smbc_getOptionUseKerberos(context)) {
414	c->use_kerberos = True;
415	}
416
417	if (smbc_getOptionFallbackAfterKerberos(context)) {
418	c->fallback_after_kerberos = True;
419	}
420
421	if (smbc_getOptionUseCCache(context)) {
422	c->use_ccache = True;
423	}
424
425	c->timeout = smbc_getTimeout(context);
426
427	/*
428	* Force use of port 139 for first try if share is $IPC, empty, or
429	* null, so browse lists can work
430	*/
431	if (share == NULL \|\| *share == '\0' \|\| is_ipc) {
432	port_try_first = 139;
433	port_try_next = 445;
434	} else {
435	port_try_first = 445;
436	port_try_next = 139;
437	}
438
439	c->port = port_try_first;
440
441	status = cli_connect(c, server_n, &ss);
442	if (!NT_STATUS_IS_OK(status)) {
443
444	/* First connection attempt failed. Try alternate port. */
445	c->port = port_try_next;
446
447	status = cli_connect(c, server_n, &ss);
448	if (!NT_STATUS_IS_OK(status)) {
449	cli_shutdown(c);
450	errno = ETIMEDOUT;
451	return NULL;
452	}
453	}
454
455	if (!cli_session_request(c, &calling, &called)) {
456	cli_shutdown(c);
457	if (strcmp(called.name, "*SMBSERVER")) {
458	make_nmb_name(&called , "*SMBSERVER", 0x20);
459	goto again;
460	} else { /* Try one more time, but ensure we don't loop */
461
462	/* Only try this if server is an IP address ... */
463
464	if (is_ipaddress(server) && !tried_reverse) {
465	fstring remote_name;
466	struct sockaddr_storage rem_ss;
467
468	if (!interpret_string_addr(&rem_ss, server,
469	NI_NUMERICHOST)) {
470	DEBUG(4, ("Could not convert IP address "
471	"%s to struct sockaddr_storage\n",
472	server));
473	errno = ETIMEDOUT;
474	return NULL;
475	}
476
477	tried_reverse++; /* Yuck */
478
479	if (name_status_find("*", 0, 0,
480	&rem_ss, remote_name)) {
481	make_nmb_name(&called,
482	remote_name,
483	0x20);
484	goto again;
485	}
486	}
487	}
488	errno = ETIMEDOUT;
489	return NULL;
490	}
491
492	DEBUG(4,(" session request ok\n"));
493
494	status = cli_negprot(c);
495
496	if (!NT_STATUS_IS_OK(status)) {
497	cli_shutdown(c);
498	errno = ETIMEDOUT;
499	return NULL;
500	}
501
502	username_used = *pp_username;
503
504	if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
505	*pp_password,
506	strlen(*pp_password),
507	*pp_password,
508	strlen(*pp_password),
509	*pp_workgroup))) {
510
511	/* Failed. Try an anonymous login, if allowed by flags. */
512	username_used = "";
513
514	if (smbc_getOptionNoAutoAnonymousLogin(context) \|\|
515	!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
516	*pp_password, 1,
517	*pp_password, 0,
518	*pp_workgroup))) {
519
520	cli_shutdown(c);
521	errno = EPERM;
522	return NULL;
523	}
524	}
525
526	status = cli_init_creds(c, username_used,
527	pp_workgroup, pp_password);
528	if (!NT_STATUS_IS_OK(status)) {
529	errno = map_errno_from_nt_status(status);
530	cli_shutdown(c);
531	return NULL;
532	}
533
534	DEBUG(4,(" session setup ok\n"));
535
536	/* here's the fun part....to support 'msdfs proxy' shares
537	(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
538	here before trying to connect to the original share.
539	cli_check_msdfs_proxy() will fail if it is a normal share. */
540
541	if ((c->capabilities & CAP_DFS) &&
542	cli_check_msdfs_proxy(ctx, c, share,
543	&newserver, &newshare,
544	/* FIXME: cli_check_msdfs_proxy() does
545	not support smbc_smb_encrypt_level type */
546	context->internal->smb_encryption_level ?
547	true : false,
548	*pp_username,
549	*pp_password,
550	*pp_workgroup)) {
551	cli_shutdown(c);
552	srv = SMBC_server_internal(ctx, context, connect_if_not_found,
553	newserver, newshare, pp_workgroup,
554	pp_username, pp_password, in_cache);
555	TALLOC_FREE(newserver);
556	TALLOC_FREE(newshare);
557	return srv;
558	}
559
560	/* must be a normal share */
561
562	status = cli_tcon_andx(c, share, "?????", *pp_password,
563	strlen(*pp_password)+1);
564	if (!NT_STATUS_IS_OK(status)) {
565	errno = map_errno_from_nt_status(status);
566	cli_shutdown(c);
567	return NULL;
568	}
569
570	DEBUG(4,(" tconx ok\n"));
571
572	/* Determine if this share supports case sensitivity */
573	if (is_ipc) {
574	DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
575	} else if (!NT_STATUS_IS_OK(cli_get_fs_attr_info(c, &fs_attrs))) {
576	DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
577	cli_errstr(c)));
578
579	/*
580	* We can't determine the case sensitivity of the share. We
581	* have no choice but to use the user-specified case
582	* sensitivity setting.
583	*/
584	if (smbc_getOptionCaseSensitive(context)) {
585	cli_set_case_sensitive(c, True);
586	} else {
587	cli_set_case_sensitive(c, False);
588	}
589	} else {
590	DEBUG(4, ("Case sensitive: %s\n",
591	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
592	? "True"
593	: "False")));
594	cli_set_case_sensitive(c,
595	(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
596	? True
597	: False));
598	}
599
600	if (context->internal->smb_encryption_level) {
601	/* Attempt UNIX smb encryption. */
602	if (!NT_STATUS_IS_OK(cli_force_encryption(c,
603	username_used,
604	*pp_password,
605	*pp_workgroup))) {
606
607	/*
608	* context->smb_encryption_level == 1
609	* means don't fail if encryption can't be negotiated,
610	* == 2 means fail if encryption can't be negotiated.
611	*/
612
613	DEBUG(4,(" SMB encrypt failed\n"));
614
615	if (context->internal->smb_encryption_level == 2) {
616	cli_shutdown(c);
617	errno = EPERM;
618	return NULL;
619	}
620	}
621	DEBUG(4,(" SMB encrypt ok\n"));
622	}
623
624	/*
625	* Ok, we have got a nice connection
626	* Let's allocate a server structure.
627	*/
628
629	srv = SMB_MALLOC_P(SMBCSRV);
630	if (!srv) {
631	cli_shutdown(c);
632	errno = ENOMEM;
633	return NULL;
634	}
635
636	ZERO_STRUCTP(srv);
637	srv->cli = c;
638	srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
639	srv->no_pathinfo = False;
640	srv->no_pathinfo2 = False;
641	srv->no_nt_session = False;
642
643	done:
644	if (!pp_workgroup \|\| !pp_workgroup \|\| !*pp_workgroup) {
645	workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
646	} else {
647	workgroup = *pp_workgroup;
648	}
649	if(!workgroup) {
650	return NULL;
651	}
652
653	/* set the credentials to make DFS work */
654	smbc_set_credentials_with_fallback(context,
655	workgroup,
656	*pp_username,
657	*pp_password);
658
659	return srv;
660	}
661
662	SMBCSRV *
663	SMBC_server(TALLOC_CTX *ctx,
664	SMBCCTX *context,
665	bool connect_if_not_found,
666	const char *server,
667	const char *share,
668	char **pp_workgroup,
669	char **pp_username,
670	char **pp_password)
671	{
672	SMBCSRV *srv=NULL;
673	bool in_cache = false;
674
675	srv = SMBC_server_internal(ctx, context, connect_if_not_found,
676	server, share, pp_workgroup,
677	pp_username, pp_password, &in_cache);
678
679	if (!srv) {
680	return NULL;
681	}
682	if (in_cache) {
683	return srv;
684	}
685
686	/* Now add it to the cache (internal or external) */
687	/* Let the cache function set errno if it wants to */
688	errno = 0;
689	if (smbc_getFunctionAddCachedServer(context)(context, srv,
690	server, share,
691	*pp_workgroup,
692	*pp_username)) {
693	int saved_errno = errno;
694	DEBUG(3, (" Failed to add server to cache\n"));
695	errno = saved_errno;
696	if (errno == 0) {
697	errno = ENOMEM;
698	}
699	SAFE_FREE(srv);
700	return NULL;
701	}
702
703	DEBUG(2, ("Server connect ok: //%s/%s: %p\n",
704	server, share, srv));
705
706	DLIST_ADD(context->internal->servers, srv);
707	return srv;
708	}
709
710	/*
711	* Connect to a server for getting/setting attributes, possibly on an existing
712	* connection. This works similarly to SMBC_server().
713	*/
714	SMBCSRV *
715	SMBC_attr_server(TALLOC_CTX *ctx,
716	SMBCCTX *context,
717	const char *server,
718	const char *share,
719	char **pp_workgroup,
720	char **pp_username,
721	char **pp_password)
722	{
723	int flags;
724	struct sockaddr_storage ss;
725	struct cli_state *ipc_cli = NULL;
726	struct rpc_pipe_client *pipe_hnd = NULL;
727	NTSTATUS nt_status;
728	SMBCSRV *srv=NULL;
729	SMBCSRV *ipc_srv=NULL;
730
731	/*
732	* Use srv->cli->desthost and srv->cli->share instead of
733	* server and share below to connect to the actual share,
734	* i.e., a normal share or a referred share from
735	* 'msdfs proxy' share.
736	*/
737	srv = SMBC_server(ctx, context, true, server, share,
738	pp_workgroup, pp_username, pp_password);
739	if (!srv) {
740	return NULL;
741	}
742	server = srv->cli->desthost;
743	share = srv->cli->share;
744
745	/*
746	* See if we've already created this special connection. Reference
747	* our "special" share name '*IPC$', which is an impossible real share
748	* name due to the leading asterisk.
749	*/
750	ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
751	pp_workgroup, pp_username, pp_password);
752	if (!ipc_srv) {
753
754	/* We didn't find a cached connection. Get the password */
755	if (!pp_password \|\| (pp_password)[0] == '\0') {
756	/* ... then retrieve it now. */
757	SMBC_call_auth_fn(ctx, context, server, share,
758	pp_workgroup,
759	pp_username,
760	pp_password);
761	if (!pp_workgroup \|\| !pp_username \|\| !*pp_password) {
762	errno = ENOMEM;
763	return NULL;
764	}
765	}
766
767	flags = 0;
768	if (smbc_getOptionUseKerberos(context)) {
769	flags \|= CLI_FULL_CONNECTION_USE_KERBEROS;
770	}
771	if (smbc_getOptionUseCCache(context)) {
772	flags \|= CLI_FULL_CONNECTION_USE_CCACHE;
773	}
774
775	zero_sockaddr(&ss);
776	nt_status = cli_full_connection(&ipc_cli,
777	global_myname(), server,
778	&ss, 0, "IPC$", "?????",
779	*pp_username,
780	*pp_workgroup,
781	*pp_password,
782	flags,
783	Undefined);
784	if (! NT_STATUS_IS_OK(nt_status)) {
785	DEBUG(1,("cli_full_connection failed! (%s)\n",
786	nt_errstr(nt_status)));
787	errno = ENOTSUP;
788	return NULL;
789	}
790
791	if (context->internal->smb_encryption_level) {
792	/* Attempt UNIX smb encryption. */
793	if (!NT_STATUS_IS_OK(cli_force_encryption(ipc_cli,
794	*pp_username,
795	*pp_password,
796	*pp_workgroup))) {
797
798	/*
799	* context->smb_encryption_level ==
800	* 1 means don't fail if encryption can't be
801	* negotiated, == 2 means fail if encryption
802	* can't be negotiated.
803	*/
804
805	DEBUG(4,(" SMB encrypt failed on IPC$\n"));
806
807	if (context->internal->smb_encryption_level == 2) {
808	cli_shutdown(ipc_cli);
809	errno = EPERM;
810	return NULL;
811	}
812	}
813	DEBUG(4,(" SMB encrypt ok on IPC$\n"));
814	}
815
816	ipc_srv = SMB_MALLOC_P(SMBCSRV);
817	if (!ipc_srv) {
818	errno = ENOMEM;
819	cli_shutdown(ipc_cli);
820	return NULL;
821	}
822
823	ZERO_STRUCTP(ipc_srv);
824	ipc_srv->cli = ipc_cli;
825
826	nt_status = cli_rpc_pipe_open_noauth(
827	ipc_srv->cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd);
828	if (!NT_STATUS_IS_OK(nt_status)) {
829	DEBUG(1, ("cli_nt_session_open fail!\n"));
830	errno = ENOTSUP;
831	cli_shutdown(ipc_srv->cli);
832	free(ipc_srv);
833	return NULL;
834	}
835
836	/*
837	* Some systems don't support
838	* SEC_FLAG_MAXIMUM_ALLOWED, but NT sends 0x2000000
839	* so we might as well do it too.
840	*/
841
842	nt_status = rpccli_lsa_open_policy(
843	pipe_hnd,
844	talloc_tos(),
845	True,
846	GENERIC_EXECUTE_ACCESS,
847	&ipc_srv->pol);
848
849	if (!NT_STATUS_IS_OK(nt_status)) {
850	errno = SMBC_errno(context, ipc_srv->cli);
851	cli_shutdown(ipc_srv->cli);
852	return NULL;
853	}
854
855	/* now add it to the cache (internal or external) */
856
857	errno = 0; /* let cache function set errno if it likes */
858	if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv,
859	server,
860	"*IPC$",
861	*pp_workgroup,
862	*pp_username)) {
863	DEBUG(3, (" Failed to add server to cache\n"));
864	if (errno == 0) {
865	errno = ENOMEM;
866	}
867	cli_shutdown(ipc_srv->cli);
868	free(ipc_srv);
869	return NULL;
870	}
871
872	DLIST_ADD(context->internal->servers, ipc_srv);
873	}
874
875	return ipc_srv;
876	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: