search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[GLUE] Rsync SAMBA_3_0 SVN r25598 in order to create the v3-0-test branch.
[Samba.git] / source / libsmb / cliconnect.c
blobd458ce2757caf472bfe0e822dce22238457de2c7
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Andrew Bartlett 2001-2003
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23
24 extern pstring user_socket_options;
25
26 static const struct {
27 int prot;
28 const char *name;
29 } prots[] = {
30 {PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"},
31 {PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"},
32 {PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"},
33 {PROTOCOL_LANMAN1,"LANMAN1.0"},
34 {PROTOCOL_LANMAN2,"LM1.2X002"},
35 {PROTOCOL_LANMAN2,"DOS LANMAN2.1"},
36 {PROTOCOL_LANMAN2,"LANMAN2.1"},
37 {PROTOCOL_LANMAN2,"Samba"},
38 {PROTOCOL_NT1,"NT LANMAN 1.0"},
39 {PROTOCOL_NT1,"NT LM 0.12"},
40 {-1,NULL}
41 };
42
43 /**
44 * Set the user session key for a connection
45 * @param cli The cli structure to add it too
46 * @param session_key The session key used. (A copy of this is taken for the cli struct)
47 *
48 */
49
50 static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB session_key)
51 {
52 cli->user_session_key = data_blob(session_key.data, session_key.length);
53 }
54
55 /****************************************************************************
56 Do an old lanman2 style session setup.
57 ****************************************************************************/
58
59 static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
60 const char *user,
61 const char *pass, size_t passlen,
62 const char *workgroup)
63 {
64 DATA_BLOB session_key = data_blob(NULL, 0);
65 DATA_BLOB lm_response = data_blob(NULL, 0);
66 fstring pword;
67 char *p;
68
69 if (passlen > sizeof(pword)-1) {
70 return NT_STATUS_INVALID_PARAMETER;
71 }
72
73 /* LANMAN servers predate NT status codes and Unicode and ignore those
74 smb flags so we must disable the corresponding default capabilities
75 that would otherwise cause the Unicode and NT Status flags to be
76 set (and even returned by the server) */
77
78 cli->capabilities &= ~(CAP_UNICODE | CAP_STATUS32);
79
80 /* if in share level security then don't send a password now */
81 if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
82 passlen = 0;
83
84 if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) {
85 /* Encrypted mode needed, and non encrypted password supplied. */
86 lm_response = data_blob(NULL, 24);
87 if (!SMBencrypt(pass, cli->secblob.data,(uchar *)lm_response.data)) {
88 DEBUG(1, ("Password is > 14 chars in length, and is therefore incompatible with Lanman authentication\n"));
89 return NT_STATUS_ACCESS_DENIED;
90 }
91 } else if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen == 24) {
92 /* Encrypted mode needed, and encrypted password supplied. */
93 lm_response = data_blob(pass, passlen);
94 } else if (passlen > 0) {
95 /* Plaintext mode needed, assume plaintext supplied. */
96 passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
97 lm_response = data_blob(pass, passlen);
98 }
99
100 /* send a session setup command */
101 memset(cli->outbuf,'\0',smb_size);
102 set_message(cli->outbuf,10, 0, True);
103 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
104 cli_setup_packet(cli);
105
106 SCVAL(cli->outbuf,smb_vwv0,0xFF);
107 SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
108 SSVAL(cli->outbuf,smb_vwv3,2);
109 SSVAL(cli->outbuf,smb_vwv4,1);
110 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
111 SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
112
113 p = smb_buf(cli->outbuf);
114 memcpy(p,lm_response.data,lm_response.length);
115 p += lm_response.length;
116 p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER);
117 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
118 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
119 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
120 cli_setup_bcc(cli, p);
121
122 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
123 return cli_nt_error(cli);
124 }
125
126 show_msg(cli->inbuf);
127
128 if (cli_is_error(cli)) {
129 return cli_nt_error(cli);
130 }
131
132 /* use the returned vuid from now on */
133 cli->vuid = SVAL(cli->inbuf,smb_uid);
134 fstrcpy(cli->user_name, user);
135
136 if (session_key.data) {
137 /* Have plaintext orginal */
138 cli_set_session_key(cli, session_key);
139 }
140
141 return NT_STATUS_OK;
142 }
143
144 /****************************************************************************
145 Work out suitable capabilities to offer the server.
146 ****************************************************************************/
147
148 static uint32 cli_session_setup_capabilities(struct cli_state *cli)
149 {
150 uint32 capabilities = CAP_NT_SMBS;
151
152 if (!cli->force_dos_errors)
153 capabilities |= CAP_STATUS32;
154
155 if (cli->use_level_II_oplocks)
156 capabilities |= CAP_LEVEL_II_OPLOCKS;
157
158 capabilities |= (cli->capabilities & (CAP_UNICODE|CAP_LARGE_FILES|CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_DFS));
159 return capabilities;
160 }
161
162 /****************************************************************************
163 Do a NT1 guest session setup.
164 ****************************************************************************/
165
166 static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
167 {
168 char *p;
169 uint32 capabilities = cli_session_setup_capabilities(cli);
170
171 memset(cli->outbuf, '\0', smb_size);
172 set_message(cli->outbuf,13,0,True);
173 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
174 cli_setup_packet(cli);
175
176 SCVAL(cli->outbuf,smb_vwv0,0xFF);
177 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
178 SSVAL(cli->outbuf,smb_vwv3,2);
179 SSVAL(cli->outbuf,smb_vwv4,cli->pid);
180 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
181 SSVAL(cli->outbuf,smb_vwv7,0);
182 SSVAL(cli->outbuf,smb_vwv8,0);
183 SIVAL(cli->outbuf,smb_vwv11,capabilities);
184 p = smb_buf(cli->outbuf);
185 p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* username */
186 p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* workgroup */
187 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
188 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
189 cli_setup_bcc(cli, p);
190
191 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
192 return cli_nt_error(cli);
193 }
194
195 show_msg(cli->inbuf);
196
197 if (cli_is_error(cli)) {
198 return cli_nt_error(cli);
199 }
200
201 cli->vuid = SVAL(cli->inbuf,smb_uid);
202
203 p = smb_buf(cli->inbuf);
204 p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
205 p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
206 p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
207
208 if (strstr(cli->server_type, "Samba")) {
209 cli->is_samba = True;
210 }
211
212 fstrcpy(cli->user_name, "");
213
214 return NT_STATUS_OK;
215 }
216
217 /****************************************************************************
218 Do a NT1 plaintext session setup.
219 ****************************************************************************/
220
221 static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
222 const char *user, const char *pass,
223 const char *workgroup)
224 {
225 uint32 capabilities = cli_session_setup_capabilities(cli);
226 char *p;
227 fstring lanman;
228
229 fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);
230
231 memset(cli->outbuf, '\0', smb_size);
232 set_message(cli->outbuf,13,0,True);
233 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
234 cli_setup_packet(cli);
235
236 SCVAL(cli->outbuf,smb_vwv0,0xFF);
237 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
238 SSVAL(cli->outbuf,smb_vwv3,2);
239 SSVAL(cli->outbuf,smb_vwv4,cli->pid);
240 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
241 SSVAL(cli->outbuf,smb_vwv8,0);
242 SIVAL(cli->outbuf,smb_vwv11,capabilities);
243 p = smb_buf(cli->outbuf);
244
245 /* check wether to send the ASCII or UNICODE version of the password */
246
247 if ( (capabilities & CAP_UNICODE) == 0 ) {
248 p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
249 SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
250 }
251 else {
252 p += clistr_push(cli, p, pass, -1, STR_UNICODE|STR_TERMINATE); /* unicode password */
253 SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf)));
254 }
255
256 p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
257 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
258 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
259 p += clistr_push(cli, p, lanman, -1, STR_TERMINATE);
260 cli_setup_bcc(cli, p);
261
262 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
263 return cli_nt_error(cli);
264 }
265
266 show_msg(cli->inbuf);
267
268 if (cli_is_error(cli)) {
269 return cli_nt_error(cli);
270 }
271
272 cli->vuid = SVAL(cli->inbuf,smb_uid);
273 p = smb_buf(cli->inbuf);
274 p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
275 p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
276 p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
277 fstrcpy(cli->user_name, user);
278
279 if (strstr(cli->server_type, "Samba")) {
280 cli->is_samba = True;
281 }
282
283 return NT_STATUS_OK;
284 }
285
286 /****************************************************************************
287 do a NT1 NTLM/LM encrypted session setup - for when extended security
288 is not negotiated.
289 @param cli client state to create do session setup on
290 @param user username
291 @param pass *either* cleartext password (passlen !=24) or LM response.
292 @param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
293 @param workgroup The user's domain.
294 ****************************************************************************/
295
296 static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
297 const char *pass, size_t passlen,
298 const char *ntpass, size_t ntpasslen,
299 const char *workgroup)
300 {
301 uint32 capabilities = cli_session_setup_capabilities(cli);
302 DATA_BLOB lm_response = data_blob(NULL, 0);
303 DATA_BLOB nt_response = data_blob(NULL, 0);
304 DATA_BLOB session_key = data_blob(NULL, 0);
305 NTSTATUS result;
306 char *p;
307
308 if (passlen == 0) {
309 /* do nothing - guest login */
310 } else if (passlen != 24) {
311 if (lp_client_ntlmv2_auth()) {
312 DATA_BLOB server_chal;
313 DATA_BLOB names_blob;
314 server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8));
315
316 /* note that the 'workgroup' here is a best guess - we don't know
317 the server's domain at this point. The 'server name' is also
318 dodgy...
319 */
320 names_blob = NTLMv2_generate_names_blob(cli->called.name, workgroup);
321
322 if (!SMBNTLMv2encrypt(user, workgroup, pass, &server_chal,
323 &names_blob,
324 &lm_response, &nt_response, &session_key)) {
325 data_blob_free(&names_blob);
326 data_blob_free(&server_chal);
327 return NT_STATUS_ACCESS_DENIED;
328 }
329 data_blob_free(&names_blob);
330 data_blob_free(&server_chal);
331
332 } else {
333 uchar nt_hash[16];
334 E_md4hash(pass, nt_hash);
335
336 #ifdef LANMAN_ONLY
337 nt_response = data_blob(NULL, 0);
338 #else
339 nt_response = data_blob(NULL, 24);
340 SMBNTencrypt(pass,cli->secblob.data,nt_response.data);
341 #endif
342 /* non encrypted password supplied. Ignore ntpass. */
343 if (lp_client_lanman_auth()) {
344 lm_response = data_blob(NULL, 24);
345 if (!SMBencrypt(pass,cli->secblob.data, lm_response.data)) {
346 /* Oops, the LM response is invalid, just put
347 the NT response there instead */
348 data_blob_free(&lm_response);
349 lm_response = data_blob(nt_response.data, nt_response.length);
350 }
351 } else {
352 /* LM disabled, place NT# in LM field instead */
353 lm_response = data_blob(nt_response.data, nt_response.length);
354 }
355
356 session_key = data_blob(NULL, 16);
357 #ifdef LANMAN_ONLY
358 E_deshash(pass, session_key.data);
359 memset(&session_key.data[8], '\0', 8);
360 #else
361 SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
362 #endif
363 }
364 #ifdef LANMAN_ONLY
365 cli_simple_set_signing(cli, session_key, lm_response);
366 #else
367 cli_simple_set_signing(cli, session_key, nt_response);
368 #endif
369 } else {
370 /* pre-encrypted password supplied. Only used for
371 security=server, can't do
372 signing because we don't have original key */
373
374 lm_response = data_blob(pass, passlen);
375 nt_response = data_blob(ntpass, ntpasslen);
376 }
377
378 /* send a session setup command */
379 memset(cli->outbuf,'\0',smb_size);
380
381 set_message(cli->outbuf,13,0,True);
382 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
383 cli_setup_packet(cli);
384
385 SCVAL(cli->outbuf,smb_vwv0,0xFF);
386 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
387 SSVAL(cli->outbuf,smb_vwv3,2);
388 SSVAL(cli->outbuf,smb_vwv4,cli->pid);
389 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
390 SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
391 SSVAL(cli->outbuf,smb_vwv8,nt_response.length);
392 SIVAL(cli->outbuf,smb_vwv11,capabilities);
393 p = smb_buf(cli->outbuf);
394 if (lm_response.length) {
395 memcpy(p,lm_response.data, lm_response.length); p += lm_response.length;
396 }
397 if (nt_response.length) {
398 memcpy(p,nt_response.data, nt_response.length); p += nt_response.length;
399 }
400 p += clistr_push(cli, p, user, -1, STR_TERMINATE);
401
402 /* Upper case here might help some NTLMv2 implementations */
403 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
404 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
405 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
406 cli_setup_bcc(cli, p);
407
408 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
409 result = cli_nt_error(cli);
410 goto end;
411 }
412
413 /* show_msg(cli->inbuf); */
414
415 if (cli_is_error(cli)) {
416 result = cli_nt_error(cli);
417 goto end;
418 }
419
420 /* use the returned vuid from now on */
421 cli->vuid = SVAL(cli->inbuf,smb_uid);
422
423 p = smb_buf(cli->inbuf);
424 p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
425 p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
426 p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
427
428 if (strstr(cli->server_type, "Samba")) {
429 cli->is_samba = True;
430 }
431
432 fstrcpy(cli->user_name, user);
433
434 if (session_key.data) {
435 /* Have plaintext orginal */
436 cli_set_session_key(cli, session_key);
437 }
438
439 result = NT_STATUS_OK;
440 end:
441 data_blob_free(&lm_response);
442 data_blob_free(&nt_response);
443 data_blob_free(&session_key);
444 return result;
445 }
446
447 /****************************************************************************
448 Send a extended security session setup blob
449 ****************************************************************************/
450
451 static BOOL cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
452 {
453 uint32 capabilities = cli_session_setup_capabilities(cli);
454 char *p;
455
456 capabilities |= CAP_EXTENDED_SECURITY;
457
458 /* send a session setup command */
459 memset(cli->outbuf,'\0',smb_size);
460
461 set_message(cli->outbuf,12,0,True);
462 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
463
464 cli_setup_packet(cli);
465
466 SCVAL(cli->outbuf,smb_vwv0,0xFF);
467 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
468 SSVAL(cli->outbuf,smb_vwv3,2);
469 SSVAL(cli->outbuf,smb_vwv4,1);
470 SIVAL(cli->outbuf,smb_vwv5,0);
471 SSVAL(cli->outbuf,smb_vwv7,blob.length);
472 SIVAL(cli->outbuf,smb_vwv10,capabilities);
473 p = smb_buf(cli->outbuf);
474 memcpy(p, blob.data, blob.length);
475 p += blob.length;
476 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
477 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
478 cli_setup_bcc(cli, p);
479 return cli_send_smb(cli);
480 }
481
482 /****************************************************************************
483 Send a extended security session setup blob, returning a reply blob.
484 ****************************************************************************/
485
486 static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
487 {
488 DATA_BLOB blob2 = data_blob(NULL, 0);
489 char *p;
490 size_t len;
491
492 if (!cli_receive_smb(cli))
493 return blob2;
494
495 show_msg(cli->inbuf);
496
497 if (cli_is_error(cli) && !NT_STATUS_EQUAL(cli_nt_error(cli),
498 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
499 return blob2;
500 }
501
502 /* use the returned vuid from now on */
503 cli->vuid = SVAL(cli->inbuf,smb_uid);
504
505 p = smb_buf(cli->inbuf);
506
507 blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
508
509 p += blob2.length;
510 p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
511
512 /* w2k with kerberos doesn't properly null terminate this field */
513 len = smb_buflen(cli->inbuf) - PTR_DIFF(p, smb_buf(cli->inbuf));
514 p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0);
515
516 return blob2;
517 }
518
519 #ifdef HAVE_KRB5
520 /****************************************************************************
521 Send a extended security session setup blob, returning a reply blob.
522 ****************************************************************************/
523
524 /* The following is calculated from :
525 * (smb_size-4) = 35
526 * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
527 * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
528 * end of packet.
529 */
530
531 #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
532
533 static BOOL cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob, DATA_BLOB session_key_krb5)
534 {
535 int32 remaining = blob.length;
536 int32 cur = 0;
537 DATA_BLOB send_blob = data_blob(NULL, 0);
538 int32 max_blob_size = 0;
539 DATA_BLOB receive_blob = data_blob(NULL, 0);
540
541 if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
542 DEBUG(0,("cli_session_setup_blob: cli->max_xmit too small "
543 "(was %u, need minimum %u)\n",
544 (unsigned int)cli->max_xmit,
545 BASE_SESSSETUP_BLOB_PACKET_SIZE));
546 cli_set_nt_error(cli, NT_STATUS_INVALID_PARAMETER);
547 return False;
548 }
549
550 max_blob_size = cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE;
551
552 while ( remaining > 0) {
553 if (remaining >= max_blob_size) {
554 send_blob.length = max_blob_size;
555 remaining -= max_blob_size;
556 } else {
557 DATA_BLOB null_blob = data_blob(NULL, 0);
558
559 send_blob.length = remaining;
560 remaining = 0;
561
562 /* This is the last packet in the sequence - turn signing on. */
563 cli_simple_set_signing(cli, session_key_krb5, null_blob);
564 }
565
566 send_blob.data = &blob.data[cur];
567 cur += send_blob.length;
568
569 DEBUG(10, ("cli_session_setup_blob: Remaining (%u) sending (%u) current (%u)\n",
570 (unsigned int)remaining,
571 (unsigned int)send_blob.length,
572 (unsigned int)cur ));
573
574 if (!cli_session_setup_blob_send(cli, send_blob)) {
575 DEBUG(0, ("cli_session_setup_blob: send failed\n"));
576 return False;
577 }
578
579 receive_blob = cli_session_setup_blob_receive(cli);
580 data_blob_free(&receive_blob);
581
582 if (cli_is_error(cli) &&
583 !NT_STATUS_EQUAL( cli_get_nt_error(cli),
584 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
585 DEBUG(0, ("cli_session_setup_blob: recieve failed (%s)\n",
586 nt_errstr(cli_get_nt_error(cli)) ));
587 cli->vuid = 0;
588 return False;
589 }
590 }
591
592 return True;
593 }
594
595 /****************************************************************************
596 Use in-memory credentials cache
597 ****************************************************************************/
598
599 static void use_in_memory_ccache(void) {
600 setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
601 }
602
603 /****************************************************************************
604 Do a spnego/kerberos encrypted session setup.
605 ****************************************************************************/
606
607 static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *principal, const char *workgroup)
608 {
609 DATA_BLOB negTokenTarg;
610 DATA_BLOB session_key_krb5;
611 int rc;
612
613 DEBUG(2,("Doing kerberos session setup\n"));
614
615 /* generate the encapsulated kerberos5 ticket */
616 rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5, 0, NULL);
617
618 if (rc) {
619 DEBUG(1, ("cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: %s\n",
620 error_message(rc)));
621 return ADS_ERROR_KRB5(rc);
622 }
623
624 #if 0
625 file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
626 #endif
627
628 if (!cli_session_setup_blob(cli, negTokenTarg, session_key_krb5)) {
629 data_blob_free(&negTokenTarg);
630 data_blob_free(&session_key_krb5);
631 ADS_ERROR_NT(cli_nt_error(cli));
632 }
633
634 cli_set_session_key(cli, session_key_krb5);
635
636 data_blob_free(&negTokenTarg);
637 data_blob_free(&session_key_krb5);
638
639 if (cli_is_error(cli)) {
640 if (NT_STATUS_IS_OK(cli_nt_error(cli))) {
641 return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
642 }
643 }
644 return ADS_ERROR_NT(cli_nt_error(cli));
645 }
646 #endif /* HAVE_KRB5 */
647
648
649 /****************************************************************************
650 Do a spnego/NTLMSSP encrypted session setup.
651 ****************************************************************************/
652
653 static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
654 const char *pass, const char *domain)
655 {
656 struct ntlmssp_state *ntlmssp_state;
657 NTSTATUS nt_status;
658 int turn = 1;
659 DATA_BLOB msg1;
660 DATA_BLOB blob = data_blob(NULL, 0);
661 DATA_BLOB blob_in = data_blob(NULL, 0);
662 DATA_BLOB blob_out = data_blob(NULL, 0);
663
664 cli_temp_set_signing(cli);
665
666 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
667 return nt_status;
668 }
669 ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
670
671 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
672 return nt_status;
673 }
674 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
675 return nt_status;
676 }
677 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, pass))) {
678 return nt_status;
679 }
680
681 do {
682 nt_status = ntlmssp_update(ntlmssp_state,
683 blob_in, &blob_out);
684 data_blob_free(&blob_in);
685 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(nt_status)) {
686 if (turn == 1) {
687 /* and wrap it in a SPNEGO wrapper */
688 msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
689 } else {
690 /* wrap it in SPNEGO */
691 msg1 = spnego_gen_auth(blob_out);
692 }
693
694 /* now send that blob on its way */
695 if (!cli_session_setup_blob_send(cli, msg1)) {
696 DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n"));
697 nt_status = NT_STATUS_UNSUCCESSFUL;
698 } else {
699 blob = cli_session_setup_blob_receive(cli);
700
701 nt_status = cli_nt_error(cli);
702 if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) {
703 if (cli->smb_rw_error == READ_BAD_SIG) {
704 nt_status = NT_STATUS_ACCESS_DENIED;
705 } else {
706 nt_status = NT_STATUS_UNSUCCESSFUL;
707 }
708 }
709 }
710 data_blob_free(&msg1);
711 }
712
713 if (!blob.length) {
714 if (NT_STATUS_IS_OK(nt_status)) {
715 nt_status = NT_STATUS_UNSUCCESSFUL;
716 }
717 } else if ((turn == 1) &&
718 NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
719 DATA_BLOB tmp_blob = data_blob(NULL, 0);
720 /* the server might give us back two challenges */
721 if (!spnego_parse_challenge(blob, &blob_in,
722 &tmp_blob)) {
723 DEBUG(3,("Failed to parse challenges\n"));
724 nt_status = NT_STATUS_INVALID_PARAMETER;
725 }
726 data_blob_free(&tmp_blob);
727 } else {
728 if (!spnego_parse_auth_response(blob, nt_status,
729 &blob_in)) {
730 DEBUG(3,("Failed to parse auth response\n"));
731 if (NT_STATUS_IS_OK(nt_status)
732 || NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED))
733 nt_status = NT_STATUS_INVALID_PARAMETER;
734 }
735 }
736 data_blob_free(&blob);
737 data_blob_free(&blob_out);
738 turn++;
739 } while (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED));
740
741 data_blob_free(&blob_in);
742
743 if (NT_STATUS_IS_OK(nt_status)) {
744
745 DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
746 ntlmssp_state->session_key.length);
747 DATA_BLOB null_blob = data_blob(NULL, 0);
748 BOOL res;
749
750 fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
751 cli_set_session_key(cli, ntlmssp_state->session_key);
752
753 res = cli_simple_set_signing(cli, key, null_blob);
754
755 data_blob_free(&key);
756
757 if (res) {
758
759 /* 'resign' the last message, so we get the right sequence numbers
760 for checking the first reply from the server */
761 cli_calculate_sign_mac(cli);
762
763 if (!cli_check_sign_mac(cli)) {
764 nt_status = NT_STATUS_ACCESS_DENIED;
765 }
766 }
767 }
768
769 /* we have a reference conter on ntlmssp_state, if we are signing
770 then the state will be kept by the signing engine */
771
772 ntlmssp_end(&ntlmssp_state);
773
774 if (!NT_STATUS_IS_OK(nt_status)) {
775 cli->vuid = 0;
776 }
777 return nt_status;
778 }
779
780 /****************************************************************************
781 Do a spnego encrypted session setup.
782 ****************************************************************************/
783
784 ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
785 const char *pass, const char *domain)
786 {
787 char *principal;
788 char *OIDs[ASN1_MAX_OIDS];
789 int i;
790 BOOL got_kerberos_mechanism = False;
791 DATA_BLOB blob;
792
793 DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
794
795 /* the server might not even do spnego */
796 if (cli->secblob.length <= 16) {
797 DEBUG(3,("server didn't supply a full spnego negprot\n"));
798 goto ntlmssp;
799 }
800
801 #if 0
802 file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
803 #endif
804
805 /* there is 16 bytes of GUID before the real spnego packet starts */
806 blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
807
808 /* the server sent us the first part of the SPNEGO exchange in the negprot
809 reply */
810 if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
811 data_blob_free(&blob);
812 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
813 }
814 data_blob_free(&blob);
815
816 /* make sure the server understands kerberos */
817 for (i=0;OIDs[i];i++) {
818 DEBUG(3,("got OID=%s\n", OIDs[i]));
819 if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
820 strcmp(OIDs[i], OID_KERBEROS5) == 0) {
821 got_kerberos_mechanism = True;
822 }
823 free(OIDs[i]);
824 }
825
826 DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
827
828 if (got_kerberos_mechanism && (principal == NULL)) {
829 /*
830 * It is WRONG to depend on the principal sent in the negprot
831 * reply, but right now we do it. So for safety (don't
832 * segfault later) disable Kerberos when no principal was
833 * sent. -- VL
834 */
835 DEBUG(1, ("Kerberos mech was offered, but no principal was "
836 "sent, disabling Kerberos\n"));
837 cli->use_kerberos = False;
838 }
839
840 fstrcpy(cli->user_name, user);
841
842 #ifdef HAVE_KRB5
843 /* If password is set we reauthenticate to kerberos server
844 * and do not store results */
845
846 if (got_kerberos_mechanism && cli->use_kerberos) {
847 ADS_STATUS rc;
848
849 if (pass && *pass) {
850 int ret;
851
852 use_in_memory_ccache();
853 ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
854
855 if (ret){
856 SAFE_FREE(principal);
857 DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
858 if (cli->fallback_after_kerberos)
859 goto ntlmssp;
860 return ADS_ERROR_KRB5(ret);
861 }
862 }
863
864 rc = cli_session_setup_kerberos(cli, principal, domain);
865 if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
866 SAFE_FREE(principal);
867 return rc;
868 }
869 }
870 #endif
871
872 SAFE_FREE(principal);
873
874 ntlmssp:
875
876 return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass, domain));
877 }
878
879 /****************************************************************************
880 Send a session setup. The username and workgroup is in UNIX character
881 format and must be converted to DOS codepage format before sending. If the
882 password is in plaintext, the same should be done.
883 ****************************************************************************/
884
885 NTSTATUS cli_session_setup(struct cli_state *cli,
886 const char *user,
887 const char *pass, int passlen,
888 const char *ntpass, int ntpasslen,
889 const char *workgroup)
890 {
891 char *p;
892 fstring user2;
893
894 /* allow for workgroups as part of the username */
895 fstrcpy(user2, user);
896 if ((p=strchr_m(user2,'\\')) || (p=strchr_m(user2,'/')) ||
897 (p=strchr_m(user2,*lp_winbind_separator()))) {
898 *p = 0;
899 user = p+1;
900 workgroup = user2;
901 }
902
903 if (cli->protocol < PROTOCOL_LANMAN1) {
904 return NT_STATUS_OK;
905 }
906
907 /* now work out what sort of session setup we are going to
908 do. I have split this into separate functions to make the
909 flow a bit easier to understand (tridge) */
910
911 /* if its an older server then we have to use the older request format */
912
913 if (cli->protocol < PROTOCOL_NT1) {
914 if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
915 DEBUG(1, ("Server requested LM password but 'client lanman auth'"
916 " is disabled\n"));
917 return NT_STATUS_ACCESS_DENIED;
918 }
919
920 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
921 !lp_client_plaintext_auth() && (*pass)) {
922 DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
923 " is disabled\n"));
924 return NT_STATUS_ACCESS_DENIED;
925 }
926
927 return cli_session_setup_lanman2(cli, user, pass, passlen,
928 workgroup);
929 }
930
931 /* if no user is supplied then we have to do an anonymous connection.
932 passwords are ignored */
933
934 if (!user || !*user)
935 return cli_session_setup_guest(cli);
936
937 /* if the server is share level then send a plaintext null
938 password at this point. The password is sent in the tree
939 connect */
940
941 if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
942 return cli_session_setup_plaintext(cli, user, "", workgroup);
943
944 /* if the server doesn't support encryption then we have to use
945 plaintext. The second password is ignored */
946
947 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
948 if (!lp_client_plaintext_auth() && (*pass)) {
949 DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
950 " is disabled\n"));
951 return NT_STATUS_ACCESS_DENIED;
952 }
953 return cli_session_setup_plaintext(cli, user, pass, workgroup);
954 }
955
956 /* if the server supports extended security then use SPNEGO */
957
958 if (cli->capabilities & CAP_EXTENDED_SECURITY) {
959 ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup);
960 if (!ADS_ERR_OK(status)) {
961 DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
962 return ads_ntstatus(status);
963 }
964 } else {
965 NTSTATUS status;
966
967 /* otherwise do a NT1 style session setup */
968 status = cli_session_setup_nt1(cli, user, pass, passlen,
969 ntpass, ntpasslen, workgroup);
970 if (!NT_STATUS_IS_OK(status)) {
971 DEBUG(3,("cli_session_setup: NT1 session setup "
972 "failed: %s\n", nt_errstr(status)));
973 return status;
974 }
975 }
976
977 if (strstr(cli->server_type, "Samba")) {
978 cli->is_samba = True;
979 }
980
981 return NT_STATUS_OK;
982
983 }
984
985 /****************************************************************************
986 Send a uloggoff.
987 *****************************************************************************/
988
989 BOOL cli_ulogoff(struct cli_state *cli)
990 {
991 memset(cli->outbuf,'\0',smb_size);
992 set_message(cli->outbuf,2,0,True);
993 SCVAL(cli->outbuf,smb_com,SMBulogoffX);
994 cli_setup_packet(cli);
995 SSVAL(cli->outbuf,smb_vwv0,0xFF);
996 SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */
997
998 cli_send_smb(cli);
999 if (!cli_receive_smb(cli))
1000 return False;
1001
1002 if (cli_is_error(cli)) {
1003 return False;
1004 }
1005
1006 cli->cnum = -1;
1007 return True;
1008 }
1009
1010 /****************************************************************************
1011 Send a tconX.
1012 ****************************************************************************/
1013
1014 BOOL cli_send_tconX(struct cli_state *cli,
1015 const char *share, const char *dev, const char *pass, int passlen)
1016 {
1017 fstring fullshare, pword;
1018 char *p;
1019 memset(cli->outbuf,'\0',smb_size);
1020 memset(cli->inbuf,'\0',smb_size);
1021
1022 fstrcpy(cli->share, share);
1023
1024 /* in user level security don't send a password now */
1025 if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
1026 passlen = 1;
1027 pass = "";
1028 } else if (!pass) {
1029 DEBUG(1, ("Server not using user level security and no password supplied.\n"));
1030 return False;
1031 }
1032
1033 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
1034 *pass && passlen != 24) {
1035 if (!lp_client_lanman_auth()) {
1036 DEBUG(1, ("Server requested LANMAN password (share-level security) but 'client use lanman auth'"
1037 " is disabled\n"));
1038 return False;
1039 }
1040
1041 /*
1042 * Non-encrypted passwords - convert to DOS codepage before encryption.
1043 */
1044 passlen = 24;
1045 SMBencrypt(pass,cli->secblob.data,(uchar *)pword);
1046 } else {
1047 if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL|NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)) == 0) {
1048 if (!lp_client_plaintext_auth() && (*pass)) {
1049 DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
1050 " is disabled\n"));
1051 return False;
1052 }
1053
1054 /*
1055 * Non-encrypted passwords - convert to DOS codepage before using.
1056 */
1057 passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
1058
1059 } else {
1060 if (passlen) {
1061 memcpy(pword, pass, passlen);
1062 }
1063 }
1064 }
1065
1066 slprintf(fullshare, sizeof(fullshare)-1,
1067 "\\\\%s\\%s", cli->desthost, share);
1068
1069 set_message(cli->outbuf,4, 0, True);
1070 SCVAL(cli->outbuf,smb_com,SMBtconX);
1071 cli_setup_packet(cli);
1072
1073 SSVAL(cli->outbuf,smb_vwv0,0xFF);
1074 SSVAL(cli->outbuf,smb_vwv2,TCONX_FLAG_EXTENDED_RESPONSE);
1075 SSVAL(cli->outbuf,smb_vwv3,passlen);
1076
1077 p = smb_buf(cli->outbuf);
1078 if (passlen) {
1079 memcpy(p,pword,passlen);
1080 }
1081 p += passlen;
1082 p += clistr_push(cli, p, fullshare, -1, STR_TERMINATE |STR_UPPER);
1083 p += clistr_push(cli, p, dev, -1, STR_TERMINATE |STR_UPPER | STR_ASCII);
1084
1085 cli_setup_bcc(cli, p);
1086
1087 cli_send_smb(cli);
1088 if (!cli_receive_smb(cli))
1089 return False;
1090
1091 if (cli_is_error(cli))
1092 return False;
1093
1094 clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII);
1095
1096 if (cli->protocol >= PROTOCOL_NT1 &&
1097 smb_buflen(cli->inbuf) == 3) {
1098 /* almost certainly win95 - enable bug fixes */
1099 cli->win95 = True;
1100 }
1101
1102 /* Make sure that we have the optional support 16-bit field. WCT > 2 */
1103 /* Avoids issues when connecting to Win9x boxes sharing files */
1104
1105 cli->dfsroot = False;
1106 if ( (CVAL(cli->inbuf, smb_wct))>2 && cli->protocol >= PROTOCOL_LANMAN2 )
1107 cli->dfsroot = (SVAL( cli->inbuf, smb_vwv2 ) & SMB_SHARE_IN_DFS) ? True : False;
1108
1109 cli->cnum = SVAL(cli->inbuf,smb_tid);
1110 return True;
1111 }
1112
1113 /****************************************************************************
1114 Send a tree disconnect.
1115 ****************************************************************************/
1116
1117 BOOL cli_tdis(struct cli_state *cli)
1118 {
1119 memset(cli->outbuf,'\0',smb_size);
1120 set_message(cli->outbuf,0,0,True);
1121 SCVAL(cli->outbuf,smb_com,SMBtdis);
1122 SSVAL(cli->outbuf,smb_tid,cli->cnum);
1123 cli_setup_packet(cli);
1124
1125 cli_send_smb(cli);
1126 if (!cli_receive_smb(cli))
1127 return False;
1128
1129 if (cli_is_error(cli)) {
1130 return False;
1131 }
1132
1133 cli->cnum = -1;
1134 return True;
1135 }
1136
1137 /****************************************************************************
1138 Send a negprot command.
1139 ****************************************************************************/
1140
1141 void cli_negprot_send(struct cli_state *cli)
1142 {
1143 char *p;
1144 int numprots;
1145
1146 if (cli->protocol < PROTOCOL_NT1)
1147 cli->use_spnego = False;
1148
1149 memset(cli->outbuf,'\0',smb_size);
1150
1151 /* setup the protocol strings */
1152 set_message(cli->outbuf,0,0,True);
1153
1154 p = smb_buf(cli->outbuf);
1155 for (numprots=0;
1156 prots[numprots].name && prots[numprots].prot<=cli->protocol;
1157 numprots++) {
1158 *p++ = 2;
1159 p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1160 }
1161
1162 SCVAL(cli->outbuf,smb_com,SMBnegprot);
1163 cli_setup_bcc(cli, p);
1164 cli_setup_packet(cli);
1165
1166 SCVAL(smb_buf(cli->outbuf),0,2);
1167
1168 cli_send_smb(cli);
1169 }
1170
1171 /****************************************************************************
1172 Send a negprot command.
1173 ****************************************************************************/
1174
1175 BOOL cli_negprot(struct cli_state *cli)
1176 {
1177 char *p;
1178 int numprots;
1179 int plength;
1180
1181 if (cli->protocol < PROTOCOL_NT1)
1182 cli->use_spnego = False;
1183
1184 memset(cli->outbuf,'\0',smb_size);
1185
1186 /* setup the protocol strings */
1187 for (plength=0,numprots=0;
1188 prots[numprots].name && prots[numprots].prot<=cli->protocol;
1189 numprots++)
1190 plength += strlen(prots[numprots].name)+2;
1191
1192 set_message(cli->outbuf,0,plength,True);
1193
1194 p = smb_buf(cli->outbuf);
1195 for (numprots=0;
1196 prots[numprots].name && prots[numprots].prot<=cli->protocol;
1197 numprots++) {
1198 *p++ = 2;
1199 p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1200 }
1201
1202 SCVAL(cli->outbuf,smb_com,SMBnegprot);
1203 cli_setup_packet(cli);
1204
1205 SCVAL(smb_buf(cli->outbuf),0,2);
1206
1207 cli_send_smb(cli);
1208 if (!cli_receive_smb(cli))
1209 return False;
1210
1211 show_msg(cli->inbuf);
1212
1213 if (cli_is_error(cli) ||
1214 ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) {
1215 return(False);
1216 }
1217
1218 cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot;
1219
1220 if ((cli->protocol < PROTOCOL_NT1) && cli->sign_info.mandatory_signing) {
1221 DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
1222 return False;
1223 }
1224
1225 if (cli->protocol >= PROTOCOL_NT1) {
1226 struct timespec ts;
1227 /* NT protocol */
1228 cli->sec_mode = CVAL(cli->inbuf,smb_vwv1);
1229 cli->max_mux = SVAL(cli->inbuf, smb_vwv1+1);
1230 cli->max_xmit = IVAL(cli->inbuf,smb_vwv3+1);
1231 cli->sesskey = IVAL(cli->inbuf,smb_vwv7+1);
1232 cli->serverzone = SVALS(cli->inbuf,smb_vwv15+1);
1233 cli->serverzone *= 60;
1234 /* this time arrives in real GMT */
1235 ts = interpret_long_date(cli->inbuf+smb_vwv11+1);
1236 cli->servertime = ts.tv_sec;
1237 cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
1238 cli->capabilities = IVAL(cli->inbuf,smb_vwv9+1);
1239 if (cli->capabilities & CAP_RAW_MODE) {
1240 cli->readbraw_supported = True;
1241 cli->writebraw_supported = True;
1242 }
1243 /* work out if they sent us a workgroup */
1244 if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
1245 smb_buflen(cli->inbuf) > 8) {
1246 clistr_pull(cli, cli->server_domain,
1247 smb_buf(cli->inbuf)+8, sizeof(cli->server_domain),
1248 smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN);
1249 }
1250
1251 /*
1252 * As signing is slow we only turn it on if either the client or
1253 * the server require it. JRA.
1254 */
1255
1256 if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
1257 /* Fail if server says signing is mandatory and we don't want to support it. */
1258 if (!cli->sign_info.allow_smb_signing) {
1259 DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
1260 return False;
1261 }
1262 cli->sign_info.negotiated_smb_signing = True;
1263 cli->sign_info.mandatory_signing = True;
1264 } else if (cli->sign_info.mandatory_signing && cli->sign_info.allow_smb_signing) {
1265 /* Fail if client says signing is mandatory and the server doesn't support it. */
1266 if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
1267 DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
1268 return False;
1269 }
1270 cli->sign_info.negotiated_smb_signing = True;
1271 cli->sign_info.mandatory_signing = True;
1272 } else if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
1273 cli->sign_info.negotiated_smb_signing = True;
1274 }
1275
1276 if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
1277 SAFE_FREE(cli->outbuf);
1278 SAFE_FREE(cli->inbuf);
1279 cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
1280 cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
1281 cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE;
1282 }
1283
1284 } else if (cli->protocol >= PROTOCOL_LANMAN1) {
1285 cli->use_spnego = False;
1286 cli->sec_mode = SVAL(cli->inbuf,smb_vwv1);
1287 cli->max_xmit = SVAL(cli->inbuf,smb_vwv2);
1288 cli->max_mux = SVAL(cli->inbuf, smb_vwv3);
1289 cli->sesskey = IVAL(cli->inbuf,smb_vwv6);
1290 cli->serverzone = SVALS(cli->inbuf,smb_vwv10);
1291 cli->serverzone *= 60;
1292 /* this time is converted to GMT by make_unix_date */
1293 cli->servertime = cli_make_unix_date(cli,cli->inbuf+smb_vwv8);
1294 cli->readbraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x1) != 0);
1295 cli->writebraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x2) != 0);
1296 cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
1297 } else {
1298 /* the old core protocol */
1299 cli->use_spnego = False;
1300 cli->sec_mode = 0;
1301 cli->serverzone = get_time_zone(time(NULL));
1302 }
1303
1304 cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
1305
1306 /* a way to force ascii SMB */
1307 if (getenv("CLI_FORCE_ASCII"))
1308 cli->capabilities &= ~CAP_UNICODE;
1309
1310 return True;
1311 }
1312
1313 /****************************************************************************
1314 Send a session request. See rfc1002.txt 4.3 and 4.3.2.
1315 ****************************************************************************/
1316
1317 BOOL cli_session_request(struct cli_state *cli,
1318 struct nmb_name *calling, struct nmb_name *called)
1319 {
1320 char *p;
1321 int len = 4;
1322
1323 memcpy(&(cli->calling), calling, sizeof(*calling));
1324 memcpy(&(cli->called ), called , sizeof(*called ));
1325
1326 /* put in the destination name */
1327 p = cli->outbuf+len;
1328 name_mangle(cli->called .name, p, cli->called .name_type);
1329 len += name_len(p);
1330
1331 /* and my name */
1332 p = cli->outbuf+len;
1333 name_mangle(cli->calling.name, p, cli->calling.name_type);
1334 len += name_len(p);
1335
1336 /* 445 doesn't have session request */
1337 if (cli->port == 445)
1338 return True;
1339
1340 /* send a session request (RFC 1002) */
1341 /* setup the packet length
1342 * Remove four bytes from the length count, since the length
1343 * field in the NBT Session Service header counts the number
1344 * of bytes which follow. The cli_send_smb() function knows
1345 * about this and accounts for those four bytes.
1346 * CRH.
1347 */
1348 len -= 4;
1349 _smb_setlen(cli->outbuf,len);
1350 SCVAL(cli->outbuf,0,0x81);
1351
1352 cli_send_smb(cli);
1353 DEBUG(5,("Sent session request\n"));
1354
1355 if (!cli_receive_smb(cli))
1356 return False;
1357
1358 if (CVAL(cli->inbuf,0) == 0x84) {
1359 /* C. Hoch 9/14/95 Start */
1360 /* For information, here is the response structure.
1361 * We do the byte-twiddling to for portability.
1362 struct RetargetResponse{
1363 unsigned char type;
1364 unsigned char flags;
1365 int16 length;
1366 int32 ip_addr;
1367 int16 port;
1368 };
1369 */
1370 int port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
1371 /* SESSION RETARGET */
1372 putip((char *)&cli->dest_ip,cli->inbuf+4);
1373
1374 cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, port, LONG_CONNECT_TIMEOUT);
1375 if (cli->fd == -1)
1376 return False;
1377
1378 DEBUG(3,("Retargeted\n"));
1379
1380 set_socket_options(cli->fd,user_socket_options);
1381
1382 /* Try again */
1383 {
1384 static int depth;
1385 BOOL ret;
1386 if (depth > 4) {
1387 DEBUG(0,("Retarget recursion - failing\n"));
1388 return False;
1389 }
1390 depth++;
1391 ret = cli_session_request(cli, calling, called);
1392 depth--;
1393 return ret;
1394 }
1395 } /* C. Hoch 9/14/95 End */
1396
1397 if (CVAL(cli->inbuf,0) != 0x82) {
1398 /* This is the wrong place to put the error... JRA. */
1399 cli->rap_error = CVAL(cli->inbuf,4);
1400 return False;
1401 }
1402 return(True);
1403 }
1404
1405 /****************************************************************************
1406 Open the client sockets.
1407 ****************************************************************************/
1408
1409 NTSTATUS cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip)
1410 {
1411 int name_type = 0x20;
1412 char *p;
1413
1414 /* reasonable default hostname */
1415 if (!host) host = "*SMBSERVER";
1416
1417 fstrcpy(cli->desthost, host);
1418
1419 /* allow hostnames of the form NAME#xx and do a netbios lookup */
1420 if ((p = strchr(cli->desthost, '#'))) {
1421 name_type = strtol(p+1, NULL, 16);
1422 *p = 0;
1423 }
1424
1425 if (!ip || is_zero_ip(*ip)) {
1426 if (!resolve_name(cli->desthost, &cli->dest_ip, name_type)) {
1427 return NT_STATUS_BAD_NETWORK_NAME;
1428 }
1429 if (ip) *ip = cli->dest_ip;
1430 } else {
1431 cli->dest_ip = *ip;
1432 }
1433
1434 if (getenv("LIBSMB_PROG")) {
1435 cli->fd = sock_exec(getenv("LIBSMB_PROG"));
1436 } else {
1437 /* try 445 first, then 139 */
1438 int port = cli->port?cli->port:445;
1439 cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip,
1440 port, cli->timeout);
1441 if (cli->fd == -1 && cli->port == 0) {
1442 port = 139;
1443 cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip,
1444 port, cli->timeout);
1445 }
1446 if (cli->fd != -1)
1447 cli->port = port;
1448 }
1449 if (cli->fd == -1) {
1450 DEBUG(1,("Error connecting to %s (%s)\n",
1451 ip?inet_ntoa(*ip):host,strerror(errno)));
1452 return map_nt_error_from_unix(errno);
1453 }
1454
1455 set_socket_options(cli->fd,user_socket_options);
1456
1457 return NT_STATUS_OK;
1458 }
1459
1460 /**
1461 establishes a connection to after the negprot.
1462 @param output_cli A fully initialised cli structure, non-null only on success
1463 @param dest_host The netbios name of the remote host
1464 @param dest_ip (optional) The the destination IP, NULL for name based lookup
1465 @param port (optional) The destination port (0 for default)
1466 @param retry BOOL. Did this connection fail with a retryable error ?
1467
1468 */
1469 NTSTATUS cli_start_connection(struct cli_state **output_cli,
1470 const char *my_name,
1471 const char *dest_host,
1472 struct in_addr *dest_ip, int port,
1473 int signing_state, int flags,
1474 BOOL *retry)
1475 {
1476 NTSTATUS nt_status;
1477 struct nmb_name calling;
1478 struct nmb_name called;
1479 struct cli_state *cli;
1480 struct in_addr ip;
1481
1482 if (retry)
1483 *retry = False;
1484
1485 if (!my_name)
1486 my_name = global_myname();
1487
1488 if (!(cli = cli_initialise())) {
1489 return NT_STATUS_NO_MEMORY;
1490 }
1491
1492 make_nmb_name(&calling, my_name, 0x0);
1493 make_nmb_name(&called , dest_host, 0x20);
1494
1495 if (cli_set_port(cli, port) != port) {
1496 cli_shutdown(cli);
1497 return NT_STATUS_UNSUCCESSFUL;
1498 }
1499
1500 cli_set_timeout(cli, 10000); /* 10 seconds. */
1501
1502 if (dest_ip)
1503 ip = *dest_ip;
1504 else
1505 ZERO_STRUCT(ip);
1506
1507 again:
1508
1509 DEBUG(3,("Connecting to host=%s\n", dest_host));
1510
1511 nt_status = cli_connect(cli, dest_host, &ip);
1512 if (!NT_STATUS_IS_OK(nt_status)) {
1513 DEBUG(1,("cli_start_connection: failed to connect to %s (%s). Error %s\n",
1514 nmb_namestr(&called), inet_ntoa(ip), nt_errstr(nt_status) ));
1515 cli_shutdown(cli);
1516 return nt_status;
1517 }
1518
1519 if (retry)
1520 *retry = True;
1521
1522 if (!cli_session_request(cli, &calling, &called)) {
1523 char *p;
1524 DEBUG(1,("session request to %s failed (%s)\n",
1525 called.name, cli_errstr(cli)));
1526 if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
1527 *p = 0;
1528 goto again;
1529 }
1530 if (strcmp(called.name, "*SMBSERVER")) {
1531 make_nmb_name(&called , "*SMBSERVER", 0x20);
1532 goto again;
1533 }
1534 return NT_STATUS_BAD_NETWORK_NAME;
1535 }
1536
1537 cli_setup_signing_state(cli, signing_state);
1538
1539 if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
1540 cli->use_spnego = False;
1541 else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
1542 cli->use_kerberos = True;
1543
1544 if (!cli_negprot(cli)) {
1545 DEBUG(1,("failed negprot\n"));
1546 nt_status = cli_nt_error(cli);
1547 if (NT_STATUS_IS_OK(nt_status)) {
1548 nt_status = NT_STATUS_UNSUCCESSFUL;
1549 }
1550 cli_shutdown(cli);
1551 return nt_status;
1552 }
1553
1554 *output_cli = cli;
1555 return NT_STATUS_OK;
1556 }
1557
1558
1559 /**
1560 establishes a connection right up to doing tconX, password specified.
1561 @param output_cli A fully initialised cli structure, non-null only on success
1562 @param dest_host The netbios name of the remote host
1563 @param dest_ip (optional) The the destination IP, NULL for name based lookup
1564 @param port (optional) The destination port (0 for default)
1565 @param service (optional) The share to make the connection to. Should be 'unqualified' in any way.
1566 @param service_type The 'type' of serivice.
1567 @param user Username, unix string
1568 @param domain User's domain
1569 @param password User's password, unencrypted unix string.
1570 @param retry BOOL. Did this connection fail with a retryable error ?
1571 */
1572
1573 NTSTATUS cli_full_connection(struct cli_state **output_cli,
1574 const char *my_name,
1575 const char *dest_host,
1576 struct in_addr *dest_ip, int port,
1577 const char *service, const char *service_type,
1578 const char *user, const char *domain,
1579 const char *password, int flags,
1580 int signing_state,
1581 BOOL *retry)
1582 {
1583 NTSTATUS nt_status;
1584 struct cli_state *cli = NULL;
1585 int pw_len = password ? strlen(password)+1 : 0;
1586
1587 *output_cli = NULL;
1588
1589 if (password == NULL) {
1590 password = "";
1591 }
1592
1593 nt_status = cli_start_connection(&cli, my_name, dest_host,
1594 dest_ip, port, signing_state, flags, retry);
1595
1596 if (!NT_STATUS_IS_OK(nt_status)) {
1597 return nt_status;
1598 }
1599
1600 nt_status = cli_session_setup(cli, user, password, pw_len, password,
1601 pw_len, domain);
1602 if (!NT_STATUS_IS_OK(nt_status)) {
1603
1604 if (!(flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
1605 DEBUG(1,("failed session setup with %s\n",
1606 nt_errstr(nt_status)));
1607 cli_shutdown(cli);
1608 return nt_status;
1609 }
1610
1611 nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
1612 if (!NT_STATUS_IS_OK(nt_status)) {
1613 DEBUG(1,("anonymous failed session setup with %s\n",
1614 nt_errstr(nt_status)));
1615 cli_shutdown(cli);
1616 return nt_status;
1617 }
1618 }
1619
1620 if (service) {
1621 if (!cli_send_tconX(cli, service, service_type, password, pw_len)) {
1622 nt_status = cli_nt_error(cli);
1623 DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
1624 cli_shutdown(cli);
1625 if (NT_STATUS_IS_OK(nt_status)) {
1626 nt_status = NT_STATUS_UNSUCCESSFUL;
1627 }
1628 return nt_status;
1629 }
1630 }
1631
1632 cli_init_creds(cli, user, domain, password);
1633
1634 *output_cli = cli;
1635 return NT_STATUS_OK;
1636 }
1637
1638 /****************************************************************************
1639 Attempt a NetBIOS session request, falling back to *SMBSERVER if needed.
1640 ****************************************************************************/
1641
1642 BOOL attempt_netbios_session_request(struct cli_state **ppcli, const char *srchost, const char *desthost,
1643 struct in_addr *pdest_ip)
1644 {
1645 struct nmb_name calling, called;
1646
1647 make_nmb_name(&calling, srchost, 0x0);
1648
1649 /*
1650 * If the called name is an IP address
1651 * then use *SMBSERVER immediately.
1652 */
1653
1654 if(is_ipaddress(desthost)) {
1655 make_nmb_name(&called, "*SMBSERVER", 0x20);
1656 } else {
1657 make_nmb_name(&called, desthost, 0x20);
1658 }
1659
1660 if (!cli_session_request(*ppcli, &calling, &called)) {
1661 NTSTATUS status;
1662 struct nmb_name smbservername;
1663
1664 make_nmb_name(&smbservername , "*SMBSERVER", 0x20);
1665
1666 /*
1667 * If the name wasn't *SMBSERVER then
1668 * try with *SMBSERVER if the first name fails.
1669 */
1670
1671 if (nmb_name_equal(&called, &smbservername)) {
1672
1673 /*
1674 * The name used was *SMBSERVER, don't bother with another name.
1675 */
1676
1677 DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
1678 with error %s.\n", desthost, cli_errstr(*ppcli) ));
1679 return False;
1680 }
1681
1682 /* Try again... */
1683 cli_shutdown(*ppcli);
1684
1685 *ppcli = cli_initialise();
1686 if (!*ppcli) {
1687 /* Out of memory... */
1688 return False;
1689 }
1690
1691 status = cli_connect(*ppcli, desthost, pdest_ip);
1692 if (!NT_STATUS_IS_OK(status) ||
1693 !cli_session_request(*ppcli, &calling, &smbservername)) {
1694 DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
1695 name *SMBSERVER with error %s\n", desthost, cli_errstr(*ppcli) ));
1696 return False;
1697 }
1698 }
1699
1700 return True;
1701 }
1702
1703
1704
1705
1706
1707 /****************************************************************************
1708 Send an old style tcon.
1709 ****************************************************************************/
1710 NTSTATUS cli_raw_tcon(struct cli_state *cli,
1711 const char *service, const char *pass, const char *dev,
1712 uint16 *max_xmit, uint16 *tid)
1713 {
1714 char *p;
1715
1716 if (!lp_client_plaintext_auth() && (*pass)) {
1717 DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
1718 " is disabled\n"));
1719 return NT_STATUS_ACCESS_DENIED;
1720 }
1721
1722 memset(cli->outbuf,'\0',smb_size);
1723 memset(cli->inbuf,'\0',smb_size);
1724
1725 set_message(cli->outbuf, 0, 0, True);
1726 SCVAL(cli->outbuf,smb_com,SMBtcon);
1727 cli_setup_packet(cli);
1728
1729 p = smb_buf(cli->outbuf);
1730 *p++ = 4; p += clistr_push(cli, p, service, -1, STR_TERMINATE | STR_NOALIGN);
1731 *p++ = 4; p += clistr_push(cli, p, pass, -1, STR_TERMINATE | STR_NOALIGN);
1732 *p++ = 4; p += clistr_push(cli, p, dev, -1, STR_TERMINATE | STR_NOALIGN);
1733
1734 cli_setup_bcc(cli, p);
1735
1736 cli_send_smb(cli);
1737 if (!cli_receive_smb(cli)) {
1738 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
1739 }
1740
1741 if (cli_is_error(cli)) {
1742 return cli_nt_error(cli);
1743 }
1744
1745 *max_xmit = SVAL(cli->inbuf, smb_vwv0);
1746 *tid = SVAL(cli->inbuf, smb_vwv1);
1747
1748 return NT_STATUS_OK;
1749 }
1750
1751 /* Return a cli_state pointing at the IPC$ share for the given server */
1752
1753 struct cli_state *get_ipc_connect(char *server, struct in_addr *server_ip,
1754 struct user_auth_info *user_info)
1755 {
1756 struct cli_state *cli;
1757 pstring myname;
1758 NTSTATUS nt_status;
1759
1760 get_myname(myname);
1761
1762 nt_status = cli_full_connection(&cli, myname, server, server_ip, 0, "IPC$", "IPC",
1763 user_info->username, lp_workgroup(), user_info->password,
1764 CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK, Undefined, NULL);
1765
1766 if (NT_STATUS_IS_OK(nt_status)) {
1767 return cli;
1768 } else if (is_ipaddress(server)) {
1769 /* windows 9* needs a correct NMB name for connections */
1770 fstring remote_name;
1771
1772 if (name_status_find("*", 0, 0, *server_ip, remote_name)) {
1773 cli = get_ipc_connect(remote_name, server_ip, user_info);
1774 if (cli)
1775 return cli;
1776 }
1777 }
1778 return NULL;
1779 }
1780
1781 /*
1782 * Given the IP address of a master browser on the network, return its
1783 * workgroup and connect to it.
1784 *
1785 * This function is provided to allow additional processing beyond what
1786 * get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
1787 * browsers and obtain each master browsers' list of domains (in case the
1788 * first master browser is recently on the network and has not yet
1789 * synchronized with other master browsers and therefore does not yet have the
1790 * entire network browse list)
1791 */
1792
1793 struct cli_state *get_ipc_connect_master_ip(struct ip_service * mb_ip, pstring workgroup, struct user_auth_info *user_info)
1794 {
1795 static fstring name;
1796 struct cli_state *cli;
1797 struct in_addr server_ip;
1798
1799 DEBUG(99, ("Looking up name of master browser %s\n",
1800 inet_ntoa(mb_ip->ip)));
1801
1802 /*
1803 * Do a name status query to find out the name of the master browser.
1804 * We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
1805 * master browser will not respond to a wildcard query (or, at least,
1806 * an NT4 server acting as the domain master browser will not).
1807 *
1808 * We might be able to use ONLY the query on MSBROWSE, but that's not
1809 * yet been tested with all Windows versions, so until it is, leave
1810 * the original wildcard query as the first choice and fall back to
1811 * MSBROWSE if the wildcard query fails.
1812 */
1813 if (!name_status_find("*", 0, 0x1d, mb_ip->ip, name) &&
1814 !name_status_find(MSBROWSE, 1, 0x1d, mb_ip->ip, name)) {
1815
1816 DEBUG(99, ("Could not retrieve name status for %s\n",
1817 inet_ntoa(mb_ip->ip)));
1818 return NULL;
1819 }
1820
1821 if (!find_master_ip(name, &server_ip)) {
1822 DEBUG(99, ("Could not find master ip for %s\n", name));
1823 return NULL;
1824 }
1825
1826 pstrcpy(workgroup, name);
1827
1828 DEBUG(4, ("found master browser %s, %s\n",
1829 name, inet_ntoa(mb_ip->ip)));
1830
1831 cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info);
1832
1833 return cli;
1834
1835 }
1836
1837 /*
1838 * Return the IP address and workgroup of a master browser on the network, and
1839 * connect to it.
1840 */
1841
1842 struct cli_state *get_ipc_connect_master_ip_bcast(pstring workgroup, struct user_auth_info *user_info)
1843 {
1844 struct ip_service *ip_list;
1845 struct cli_state *cli;
1846 int i, count;
1847
1848 DEBUG(99, ("Do broadcast lookup for workgroups on local network\n"));
1849
1850 /* Go looking for workgroups by broadcasting on the local network */
1851
1852 if (!name_resolve_bcast(MSBROWSE, 1, &ip_list, &count)) {
1853 DEBUG(99, ("No master browsers responded\n"));
1854 return False;
1855 }
1856
1857 for (i = 0; i < count; i++) {
1858 DEBUG(99, ("Found master browser %s\n", inet_ntoa(ip_list[i].ip)));
1859
1860 cli = get_ipc_connect_master_ip(&ip_list[i], workgroup, user_info);
1861 if (cli)
1862 return(cli);
1863 }
1864
1865 return NULL;
1866 }
Samba GIT mirror