search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: Fix an uninitialized variable reference
[Samba.git] / source / libsmb / cliconnect.c
blob136296048b2483308df8f2a95767b3988e0a7922
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Andrew Bartlett 2001-2003
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smb_krb5.h"
23
24 static const struct {
25 int prot;
26 const char *name;
27 } prots[] = {
28 {PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"},
29 {PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"},
30 {PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"},
31 {PROTOCOL_LANMAN1,"LANMAN1.0"},
32 {PROTOCOL_LANMAN2,"LM1.2X002"},
33 {PROTOCOL_LANMAN2,"DOS LANMAN2.1"},
34 {PROTOCOL_LANMAN2,"LANMAN2.1"},
35 {PROTOCOL_LANMAN2,"Samba"},
36 {PROTOCOL_NT1,"NT LANMAN 1.0"},
37 {PROTOCOL_NT1,"NT LM 0.12"},
38 {-1,NULL}
39 };
40
41 static const char *star_smbserver_name = "*SMBSERVER";
42
43 /**
44 * Set the user session key for a connection
45 * @param cli The cli structure to add it too
46 * @param session_key The session key used. (A copy of this is taken for the cli struct)
47 *
48 */
49
50 static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB session_key)
51 {
52 cli->user_session_key = data_blob(session_key.data, session_key.length);
53 }
54
55 /****************************************************************************
56 Do an old lanman2 style session setup.
57 ****************************************************************************/
58
59 static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
60 const char *user,
61 const char *pass, size_t passlen,
62 const char *workgroup)
63 {
64 DATA_BLOB session_key = data_blob_null;
65 DATA_BLOB lm_response = data_blob_null;
66 fstring pword;
67 char *p;
68
69 if (passlen > sizeof(pword)-1) {
70 return NT_STATUS_INVALID_PARAMETER;
71 }
72
73 /* LANMAN servers predate NT status codes and Unicode and ignore those
74 smb flags so we must disable the corresponding default capabilities
75 that would otherwise cause the Unicode and NT Status flags to be
76 set (and even returned by the server) */
77
78 cli->capabilities &= ~(CAP_UNICODE | CAP_STATUS32);
79
80 /* if in share level security then don't send a password now */
81 if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
82 passlen = 0;
83
84 if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) {
85 /* Encrypted mode needed, and non encrypted password supplied. */
86 lm_response = data_blob(NULL, 24);
87 if (!SMBencrypt(pass, cli->secblob.data,(uchar *)lm_response.data)) {
88 DEBUG(1, ("Password is > 14 chars in length, and is therefore incompatible with Lanman authentication\n"));
89 return NT_STATUS_ACCESS_DENIED;
90 }
91 } else if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen == 24) {
92 /* Encrypted mode needed, and encrypted password supplied. */
93 lm_response = data_blob(pass, passlen);
94 } else if (passlen > 0) {
95 /* Plaintext mode needed, assume plaintext supplied. */
96 passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
97 lm_response = data_blob(pass, passlen);
98 }
99
100 /* send a session setup command */
101 memset(cli->outbuf,'\0',smb_size);
102 cli_set_message(cli->outbuf,10, 0, True);
103 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
104 cli_setup_packet(cli);
105
106 SCVAL(cli->outbuf,smb_vwv0,0xFF);
107 SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
108 SSVAL(cli->outbuf,smb_vwv3,2);
109 SSVAL(cli->outbuf,smb_vwv4,1);
110 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
111 SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
112
113 p = smb_buf(cli->outbuf);
114 memcpy(p,lm_response.data,lm_response.length);
115 p += lm_response.length;
116 p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER);
117 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
118 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
119 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
120 cli_setup_bcc(cli, p);
121
122 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
123 return cli_nt_error(cli);
124 }
125
126 show_msg(cli->inbuf);
127
128 if (cli_is_error(cli)) {
129 return cli_nt_error(cli);
130 }
131
132 /* use the returned vuid from now on */
133 cli->vuid = SVAL(cli->inbuf,smb_uid);
134 fstrcpy(cli->user_name, user);
135
136 if (session_key.data) {
137 /* Have plaintext orginal */
138 cli_set_session_key(cli, session_key);
139 }
140
141 return NT_STATUS_OK;
142 }
143
144 /****************************************************************************
145 Work out suitable capabilities to offer the server.
146 ****************************************************************************/
147
148 static uint32 cli_session_setup_capabilities(struct cli_state *cli)
149 {
150 uint32 capabilities = CAP_NT_SMBS;
151
152 if (!cli->force_dos_errors)
153 capabilities |= CAP_STATUS32;
154
155 if (cli->use_level_II_oplocks)
156 capabilities |= CAP_LEVEL_II_OPLOCKS;
157
158 capabilities |= (cli->capabilities & (CAP_UNICODE|CAP_LARGE_FILES|CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_DFS));
159 return capabilities;
160 }
161
162 /****************************************************************************
163 Do a NT1 guest session setup.
164 ****************************************************************************/
165
166 static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
167 {
168 char *p;
169 uint32 capabilities = cli_session_setup_capabilities(cli);
170
171 memset(cli->outbuf, '\0', smb_size);
172 cli_set_message(cli->outbuf,13,0,True);
173 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
174 cli_setup_packet(cli);
175
176 SCVAL(cli->outbuf,smb_vwv0,0xFF);
177 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
178 SSVAL(cli->outbuf,smb_vwv3,2);
179 SSVAL(cli->outbuf,smb_vwv4,cli->pid);
180 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
181 SSVAL(cli->outbuf,smb_vwv7,0);
182 SSVAL(cli->outbuf,smb_vwv8,0);
183 SIVAL(cli->outbuf,smb_vwv11,capabilities);
184 p = smb_buf(cli->outbuf);
185 p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* username */
186 p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* workgroup */
187 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
188 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
189 cli_setup_bcc(cli, p);
190
191 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
192 return cli_nt_error(cli);
193 }
194
195 show_msg(cli->inbuf);
196
197 if (cli_is_error(cli)) {
198 return cli_nt_error(cli);
199 }
200
201 cli->vuid = SVAL(cli->inbuf,smb_uid);
202
203 p = smb_buf(cli->inbuf);
204 p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
205 p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
206 p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
207
208 if (strstr(cli->server_type, "Samba")) {
209 cli->is_samba = True;
210 }
211
212 fstrcpy(cli->user_name, "");
213
214 return NT_STATUS_OK;
215 }
216
217 /****************************************************************************
218 Do a NT1 plaintext session setup.
219 ****************************************************************************/
220
221 static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
222 const char *user, const char *pass,
223 const char *workgroup)
224 {
225 uint32 capabilities = cli_session_setup_capabilities(cli);
226 char *p;
227 fstring lanman;
228
229 fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);
230
231 memset(cli->outbuf, '\0', smb_size);
232 cli_set_message(cli->outbuf,13,0,True);
233 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
234 cli_setup_packet(cli);
235
236 SCVAL(cli->outbuf,smb_vwv0,0xFF);
237 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
238 SSVAL(cli->outbuf,smb_vwv3,2);
239 SSVAL(cli->outbuf,smb_vwv4,cli->pid);
240 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
241 SSVAL(cli->outbuf,smb_vwv8,0);
242 SIVAL(cli->outbuf,smb_vwv11,capabilities);
243 p = smb_buf(cli->outbuf);
244
245 /* check wether to send the ASCII or UNICODE version of the password */
246
247 if ( (capabilities & CAP_UNICODE) == 0 ) {
248 p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
249 SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
250 }
251 else {
252 /* For ucs2 passwords clistr_push calls ucs2_align, which causes
253 * the space taken by the unicode password to be one byte too
254 * long (as we're on an odd byte boundary here). Reduce the
255 * count by 1 to cope with this. Fixes smbclient against NetApp
256 * servers which can't cope. Fix from
257 * bryan.kolodziej@allenlund.com in bug #3840.
258 */
259 p += clistr_push(cli, p, pass, -1, STR_UNICODE|STR_TERMINATE); /* unicode password */
260 SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf))-1);
261 }
262
263 p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
264 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
265 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
266 p += clistr_push(cli, p, lanman, -1, STR_TERMINATE);
267 cli_setup_bcc(cli, p);
268
269 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
270 return cli_nt_error(cli);
271 }
272
273 show_msg(cli->inbuf);
274
275 if (cli_is_error(cli)) {
276 return cli_nt_error(cli);
277 }
278
279 cli->vuid = SVAL(cli->inbuf,smb_uid);
280 p = smb_buf(cli->inbuf);
281 p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
282 p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
283 p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
284 fstrcpy(cli->user_name, user);
285
286 if (strstr(cli->server_type, "Samba")) {
287 cli->is_samba = True;
288 }
289
290 return NT_STATUS_OK;
291 }
292
293 /****************************************************************************
294 do a NT1 NTLM/LM encrypted session setup - for when extended security
295 is not negotiated.
296 @param cli client state to create do session setup on
297 @param user username
298 @param pass *either* cleartext password (passlen !=24) or LM response.
299 @param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
300 @param workgroup The user's domain.
301 ****************************************************************************/
302
303 static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
304 const char *pass, size_t passlen,
305 const char *ntpass, size_t ntpasslen,
306 const char *workgroup)
307 {
308 uint32 capabilities = cli_session_setup_capabilities(cli);
309 DATA_BLOB lm_response = data_blob_null;
310 DATA_BLOB nt_response = data_blob_null;
311 DATA_BLOB session_key = data_blob_null;
312 NTSTATUS result;
313 char *p;
314
315 if (passlen == 0) {
316 /* do nothing - guest login */
317 } else if (passlen != 24) {
318 if (lp_client_ntlmv2_auth()) {
319 DATA_BLOB server_chal;
320 DATA_BLOB names_blob;
321 server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8));
322
323 /* note that the 'workgroup' here is a best guess - we don't know
324 the server's domain at this point. The 'server name' is also
325 dodgy...
326 */
327 names_blob = NTLMv2_generate_names_blob(cli->called.name, workgroup);
328
329 if (!SMBNTLMv2encrypt(user, workgroup, pass, &server_chal,
330 &names_blob,
331 &lm_response, &nt_response, &session_key)) {
332 data_blob_free(&names_blob);
333 data_blob_free(&server_chal);
334 return NT_STATUS_ACCESS_DENIED;
335 }
336 data_blob_free(&names_blob);
337 data_blob_free(&server_chal);
338
339 } else {
340 uchar nt_hash[16];
341 E_md4hash(pass, nt_hash);
342
343 #ifdef LANMAN_ONLY
344 nt_response = data_blob_null;
345 #else
346 nt_response = data_blob(NULL, 24);
347 SMBNTencrypt(pass,cli->secblob.data,nt_response.data);
348 #endif
349 /* non encrypted password supplied. Ignore ntpass. */
350 if (lp_client_lanman_auth()) {
351 lm_response = data_blob(NULL, 24);
352 if (!SMBencrypt(pass,cli->secblob.data, lm_response.data)) {
353 /* Oops, the LM response is invalid, just put
354 the NT response there instead */
355 data_blob_free(&lm_response);
356 lm_response = data_blob(nt_response.data, nt_response.length);
357 }
358 } else {
359 /* LM disabled, place NT# in LM field instead */
360 lm_response = data_blob(nt_response.data, nt_response.length);
361 }
362
363 session_key = data_blob(NULL, 16);
364 #ifdef LANMAN_ONLY
365 E_deshash(pass, session_key.data);
366 memset(&session_key.data[8], '\0', 8);
367 #else
368 SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
369 #endif
370 }
371 #ifdef LANMAN_ONLY
372 cli_simple_set_signing(cli, session_key, lm_response);
373 #else
374 cli_simple_set_signing(cli, session_key, nt_response);
375 #endif
376 } else {
377 /* pre-encrypted password supplied. Only used for
378 security=server, can't do
379 signing because we don't have original key */
380
381 lm_response = data_blob(pass, passlen);
382 nt_response = data_blob(ntpass, ntpasslen);
383 }
384
385 /* send a session setup command */
386 memset(cli->outbuf,'\0',smb_size);
387
388 cli_set_message(cli->outbuf,13,0,True);
389 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
390 cli_setup_packet(cli);
391
392 SCVAL(cli->outbuf,smb_vwv0,0xFF);
393 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
394 SSVAL(cli->outbuf,smb_vwv3,2);
395 SSVAL(cli->outbuf,smb_vwv4,cli->pid);
396 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
397 SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
398 SSVAL(cli->outbuf,smb_vwv8,nt_response.length);
399 SIVAL(cli->outbuf,smb_vwv11,capabilities);
400 p = smb_buf(cli->outbuf);
401 if (lm_response.length) {
402 memcpy(p,lm_response.data, lm_response.length); p += lm_response.length;
403 }
404 if (nt_response.length) {
405 memcpy(p,nt_response.data, nt_response.length); p += nt_response.length;
406 }
407 p += clistr_push(cli, p, user, -1, STR_TERMINATE);
408
409 /* Upper case here might help some NTLMv2 implementations */
410 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
411 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
412 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
413 cli_setup_bcc(cli, p);
414
415 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
416 result = cli_nt_error(cli);
417 goto end;
418 }
419
420 /* show_msg(cli->inbuf); */
421
422 if (cli_is_error(cli)) {
423 result = cli_nt_error(cli);
424 goto end;
425 }
426
427 /* use the returned vuid from now on */
428 cli->vuid = SVAL(cli->inbuf,smb_uid);
429
430 p = smb_buf(cli->inbuf);
431 p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
432 p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
433 p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
434
435 if (strstr(cli->server_type, "Samba")) {
436 cli->is_samba = True;
437 }
438
439 fstrcpy(cli->user_name, user);
440
441 if (session_key.data) {
442 /* Have plaintext orginal */
443 cli_set_session_key(cli, session_key);
444 }
445
446 result = NT_STATUS_OK;
447 end:
448 data_blob_free(&lm_response);
449 data_blob_free(&nt_response);
450 data_blob_free(&session_key);
451 return result;
452 }
453
454 /****************************************************************************
455 Send a extended security session setup blob
456 ****************************************************************************/
457
458 static bool cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
459 {
460 uint32 capabilities = cli_session_setup_capabilities(cli);
461 char *p;
462
463 capabilities |= CAP_EXTENDED_SECURITY;
464
465 /* send a session setup command */
466 memset(cli->outbuf,'\0',smb_size);
467
468 cli_set_message(cli->outbuf,12,0,True);
469 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
470
471 cli_setup_packet(cli);
472
473 SCVAL(cli->outbuf,smb_vwv0,0xFF);
474 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
475 SSVAL(cli->outbuf,smb_vwv3,2);
476 SSVAL(cli->outbuf,smb_vwv4,1);
477 SIVAL(cli->outbuf,smb_vwv5,0);
478 SSVAL(cli->outbuf,smb_vwv7,blob.length);
479 SIVAL(cli->outbuf,smb_vwv10,capabilities);
480 p = smb_buf(cli->outbuf);
481 memcpy(p, blob.data, blob.length);
482 p += blob.length;
483 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
484 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
485 cli_setup_bcc(cli, p);
486 return cli_send_smb(cli);
487 }
488
489 /****************************************************************************
490 Send a extended security session setup blob, returning a reply blob.
491 ****************************************************************************/
492
493 static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
494 {
495 DATA_BLOB blob2 = data_blob_null;
496 char *p;
497 size_t len;
498
499 if (!cli_receive_smb(cli))
500 return blob2;
501
502 show_msg(cli->inbuf);
503
504 if (cli_is_error(cli) && !NT_STATUS_EQUAL(cli_nt_error(cli),
505 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
506 return blob2;
507 }
508
509 /* use the returned vuid from now on */
510 cli->vuid = SVAL(cli->inbuf,smb_uid);
511
512 p = smb_buf(cli->inbuf);
513
514 blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
515
516 p += blob2.length;
517 p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
518
519 /* w2k with kerberos doesn't properly null terminate this field */
520 len = smb_buflen(cli->inbuf) - PTR_DIFF(p, smb_buf(cli->inbuf));
521 p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0);
522
523 return blob2;
524 }
525
526 #ifdef HAVE_KRB5
527 /****************************************************************************
528 Send a extended security session setup blob, returning a reply blob.
529 ****************************************************************************/
530
531 /* The following is calculated from :
532 * (smb_size-4) = 35
533 * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
534 * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
535 * end of packet.
536 */
537
538 #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
539
540 static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
541 {
542 int32 remaining = blob.length;
543 int32 cur = 0;
544 DATA_BLOB send_blob = data_blob_null;
545 int32 max_blob_size = 0;
546 DATA_BLOB receive_blob = data_blob_null;
547
548 if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
549 DEBUG(0,("cli_session_setup_blob: cli->max_xmit too small "
550 "(was %u, need minimum %u)\n",
551 (unsigned int)cli->max_xmit,
552 BASE_SESSSETUP_BLOB_PACKET_SIZE));
553 cli_set_nt_error(cli, NT_STATUS_INVALID_PARAMETER);
554 return False;
555 }
556
557 max_blob_size = cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE;
558
559 while ( remaining > 0) {
560 if (remaining >= max_blob_size) {
561 send_blob.length = max_blob_size;
562 remaining -= max_blob_size;
563 } else {
564 send_blob.length = remaining;
565 remaining = 0;
566 }
567
568 send_blob.data = &blob.data[cur];
569 cur += send_blob.length;
570
571 DEBUG(10, ("cli_session_setup_blob: Remaining (%u) sending (%u) current (%u)\n",
572 (unsigned int)remaining,
573 (unsigned int)send_blob.length,
574 (unsigned int)cur ));
575
576 if (!cli_session_setup_blob_send(cli, send_blob)) {
577 DEBUG(0, ("cli_session_setup_blob: send failed\n"));
578 return False;
579 }
580
581 receive_blob = cli_session_setup_blob_receive(cli);
582 data_blob_free(&receive_blob);
583
584 if (cli_is_error(cli) &&
585 !NT_STATUS_EQUAL( cli_get_nt_error(cli),
586 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
587 DEBUG(0, ("cli_session_setup_blob: receive failed "
588 "(%s)\n", nt_errstr(cli_get_nt_error(cli))));
589 cli->vuid = 0;
590 return False;
591 }
592 }
593
594 return True;
595 }
596
597 /****************************************************************************
598 Use in-memory credentials cache
599 ****************************************************************************/
600
601 static void use_in_memory_ccache(void) {
602 setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
603 }
604
605 /****************************************************************************
606 Do a spnego/kerberos encrypted session setup.
607 ****************************************************************************/
608
609 static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *principal, const char *workgroup)
610 {
611 DATA_BLOB negTokenTarg;
612 DATA_BLOB session_key_krb5;
613 NTSTATUS nt_status;
614 int rc;
615
616 cli_temp_set_signing(cli);
617
618 DEBUG(2,("Doing kerberos session setup\n"));
619
620 /* generate the encapsulated kerberos5 ticket */
621 rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5, 0, NULL);
622
623 if (rc) {
624 DEBUG(1, ("cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: %s\n",
625 error_message(rc)));
626 return ADS_ERROR_KRB5(rc);
627 }
628
629 #if 0
630 file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
631 #endif
632
633 if (!cli_session_setup_blob(cli, negTokenTarg)) {
634 nt_status = cli_nt_error(cli);
635 goto nt_error;
636 }
637
638 if (cli_is_error(cli)) {
639 nt_status = cli_nt_error(cli);
640 if (NT_STATUS_IS_OK(nt_status)) {
641 nt_status = NT_STATUS_UNSUCCESSFUL;
642 }
643 goto nt_error;
644 }
645
646 cli_set_session_key(cli, session_key_krb5);
647
648 if (cli_simple_set_signing(
649 cli, session_key_krb5, data_blob_null)) {
650
651 /* 'resign' the last message, so we get the right sequence numbers
652 for checking the first reply from the server */
653 cli_calculate_sign_mac(cli, cli->outbuf);
654
655 if (!cli_check_sign_mac(cli, cli->inbuf)) {
656 nt_status = NT_STATUS_ACCESS_DENIED;
657 goto nt_error;
658 }
659 }
660
661 data_blob_free(&negTokenTarg);
662 data_blob_free(&session_key_krb5);
663
664 return ADS_ERROR_NT(NT_STATUS_OK);
665
666 nt_error:
667 data_blob_free(&negTokenTarg);
668 data_blob_free(&session_key_krb5);
669 cli->vuid = 0;
670 return ADS_ERROR_NT(nt_status);
671 }
672 #endif /* HAVE_KRB5 */
673
674
675 /****************************************************************************
676 Do a spnego/NTLMSSP encrypted session setup.
677 ****************************************************************************/
678
679 static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
680 const char *pass, const char *domain)
681 {
682 struct ntlmssp_state *ntlmssp_state;
683 NTSTATUS nt_status;
684 int turn = 1;
685 DATA_BLOB msg1;
686 DATA_BLOB blob = data_blob_null;
687 DATA_BLOB blob_in = data_blob_null;
688 DATA_BLOB blob_out = data_blob_null;
689
690 cli_temp_set_signing(cli);
691
692 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
693 return nt_status;
694 }
695 ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
696
697 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
698 return nt_status;
699 }
700 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
701 return nt_status;
702 }
703 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, pass))) {
704 return nt_status;
705 }
706
707 do {
708 nt_status = ntlmssp_update(ntlmssp_state,
709 blob_in, &blob_out);
710 data_blob_free(&blob_in);
711 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(nt_status)) {
712 if (turn == 1) {
713 /* and wrap it in a SPNEGO wrapper */
714 msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
715 } else {
716 /* wrap it in SPNEGO */
717 msg1 = spnego_gen_auth(blob_out);
718 }
719
720 /* now send that blob on its way */
721 if (!cli_session_setup_blob_send(cli, msg1)) {
722 DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n"));
723 nt_status = NT_STATUS_UNSUCCESSFUL;
724 } else {
725 blob = cli_session_setup_blob_receive(cli);
726
727 nt_status = cli_nt_error(cli);
728 if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) {
729 if (cli->smb_rw_error == SMB_READ_BAD_SIG) {
730 nt_status = NT_STATUS_ACCESS_DENIED;
731 } else {
732 nt_status = NT_STATUS_UNSUCCESSFUL;
733 }
734 }
735 }
736 data_blob_free(&msg1);
737 }
738
739 if (!blob.length) {
740 if (NT_STATUS_IS_OK(nt_status)) {
741 nt_status = NT_STATUS_UNSUCCESSFUL;
742 }
743 } else if ((turn == 1) &&
744 NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
745 DATA_BLOB tmp_blob = data_blob_null;
746 /* the server might give us back two challenges */
747 if (!spnego_parse_challenge(blob, &blob_in,
748 &tmp_blob)) {
749 DEBUG(3,("Failed to parse challenges\n"));
750 nt_status = NT_STATUS_INVALID_PARAMETER;
751 }
752 data_blob_free(&tmp_blob);
753 } else {
754 if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP,
755 &blob_in)) {
756 DEBUG(3,("Failed to parse auth response\n"));
757 if (NT_STATUS_IS_OK(nt_status)
758 || NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED))
759 nt_status = NT_STATUS_INVALID_PARAMETER;
760 }
761 }
762 data_blob_free(&blob);
763 data_blob_free(&blob_out);
764 turn++;
765 } while (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED));
766
767 data_blob_free(&blob_in);
768
769 if (NT_STATUS_IS_OK(nt_status)) {
770
771 DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
772 ntlmssp_state->session_key.length);
773 DATA_BLOB null_blob = data_blob_null;
774 bool res;
775
776 fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
777 cli_set_session_key(cli, ntlmssp_state->session_key);
778
779 res = cli_simple_set_signing(cli, key, null_blob);
780
781 data_blob_free(&key);
782
783 if (res) {
784
785 /* 'resign' the last message, so we get the right sequence numbers
786 for checking the first reply from the server */
787 cli_calculate_sign_mac(cli, cli->outbuf);
788
789 if (!cli_check_sign_mac(cli, cli->inbuf)) {
790 nt_status = NT_STATUS_ACCESS_DENIED;
791 }
792 }
793 }
794
795 /* we have a reference conter on ntlmssp_state, if we are signing
796 then the state will be kept by the signing engine */
797
798 ntlmssp_end(&ntlmssp_state);
799
800 if (!NT_STATUS_IS_OK(nt_status)) {
801 cli->vuid = 0;
802 }
803 return nt_status;
804 }
805
806 /****************************************************************************
807 Do a spnego encrypted session setup.
808
809 user_domain: The shortname of the domain the user/machine is a member of.
810 dest_realm: The realm we're connecting to, if NULL we use our default realm.
811 ****************************************************************************/
812
813 ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
814 const char *pass, const char *user_domain,
815 const char * dest_realm)
816 {
817 char *principal = NULL;
818 char *OIDs[ASN1_MAX_OIDS];
819 int i;
820 DATA_BLOB blob;
821 const char *p = NULL;
822 char *account = NULL;
823
824 DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
825
826 /* the server might not even do spnego */
827 if (cli->secblob.length <= 16) {
828 DEBUG(3,("server didn't supply a full spnego negprot\n"));
829 goto ntlmssp;
830 }
831
832 #if 0
833 file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
834 #endif
835
836 /* there is 16 bytes of GUID before the real spnego packet starts */
837 blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
838
839 /* The server sent us the first part of the SPNEGO exchange in the
840 * negprot reply. It is WRONG to depend on the principal sent in the
841 * negprot reply, but right now we do it. If we don't receive one,
842 * we try to best guess, then fall back to NTLM. */
843 if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
844 data_blob_free(&blob);
845 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
846 }
847 data_blob_free(&blob);
848
849 /* make sure the server understands kerberos */
850 for (i=0;OIDs[i];i++) {
851 DEBUG(3,("got OID=%s\n", OIDs[i]));
852 if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
853 strcmp(OIDs[i], OID_KERBEROS5) == 0) {
854 cli->got_kerberos_mechanism = True;
855 }
856 free(OIDs[i]);
857 }
858
859 DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
860
861 fstrcpy(cli->user_name, user);
862
863 #ifdef HAVE_KRB5
864 /* If password is set we reauthenticate to kerberos server
865 * and do not store results */
866
867 if (cli->got_kerberos_mechanism && cli->use_kerberos) {
868 ADS_STATUS rc;
869
870 if (pass && *pass) {
871 int ret;
872
873 use_in_memory_ccache();
874 ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
875
876 if (ret){
877 SAFE_FREE(principal);
878 DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
879 if (cli->fallback_after_kerberos)
880 goto ntlmssp;
881 return ADS_ERROR_KRB5(ret);
882 }
883 }
884
885 /* If we get a bad principal, try to guess it if
886 we have a valid host NetBIOS name.
887 */
888 if (strequal(principal, ADS_IGNORE_PRINCIPAL)) {
889 SAFE_FREE(principal);
890 }
891
892 if (principal == NULL &&
893 !is_ipaddress(cli->desthost) &&
894 !strequal(star_smbserver_name,
895 cli->desthost)) {
896 char *realm = NULL;
897 char *machine = NULL;
898 char *host = NULL;
899 DEBUG(3,("cli_session_setup_spnego: got a "
900 "bad server principal, trying to guess ...\n"));
901
902 host = strchr_m(cli->desthost, '.');
903 if (host) {
904 machine = SMB_STRNDUP(cli->desthost,
905 host - cli->desthost);
906 } else {
907 machine = SMB_STRDUP(cli->desthost);
908 }
909 if (machine == NULL) {
910 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
911 }
912
913 if (dest_realm) {
914 realm = SMB_STRDUP(dest_realm);
915 strupper_m(realm);
916 } else {
917 realm = kerberos_get_default_realm_from_ccache();
918 }
919 if (realm && *realm) {
920 if (asprintf(&principal, "%s$@%s",
921 machine, realm) < 0) {
922 SAFE_FREE(machine);
923 SAFE_FREE(realm);
924 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
925 }
926 DEBUG(3,("cli_session_setup_spnego: guessed "
927 "server principal=%s\n",
928 principal ? principal : "<null>"));
929 }
930 SAFE_FREE(machine);
931 SAFE_FREE(realm);
932 }
933
934 if (principal) {
935 rc = cli_session_setup_kerberos(cli, principal,
936 dest_realm);
937 if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
938 SAFE_FREE(principal);
939 return rc;
940 }
941 }
942 }
943 #endif
944
945 SAFE_FREE(principal);
946
947 ntlmssp:
948
949 account = talloc_strdup(talloc_tos(), user);
950 if (!account) {
951 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
952 }
953
954 /* when falling back to ntlmssp while authenticating with a machine
955 * account strip off the realm - gd */
956
957 if ((p = strchr_m(user, '@')) != NULL) {
958 account[PTR_DIFF(p,user)] = '\0';
959 }
960
961 return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, user_domain));
962 }
963
964 /****************************************************************************
965 Send a session setup. The username and workgroup is in UNIX character
966 format and must be converted to DOS codepage format before sending. If the
967 password is in plaintext, the same should be done.
968 ****************************************************************************/
969
970 NTSTATUS cli_session_setup(struct cli_state *cli,
971 const char *user,
972 const char *pass, int passlen,
973 const char *ntpass, int ntpasslen,
974 const char *workgroup)
975 {
976 char *p;
977 fstring user2;
978
979 if (user) {
980 fstrcpy(user2, user);
981 } else {
982 user2[0] ='\0';
983 }
984
985 if (!workgroup) {
986 workgroup = "";
987 }
988
989 /* allow for workgroups as part of the username */
990 if ((p=strchr_m(user2,'\\')) || (p=strchr_m(user2,'/')) ||
991 (p=strchr_m(user2,*lp_winbind_separator()))) {
992 *p = 0;
993 user = p+1;
994 workgroup = user2;
995 }
996
997 if (cli->protocol < PROTOCOL_LANMAN1) {
998 return NT_STATUS_OK;
999 }
1000
1001 /* now work out what sort of session setup we are going to
1002 do. I have split this into separate functions to make the
1003 flow a bit easier to understand (tridge) */
1004
1005 /* if its an older server then we have to use the older request format */
1006
1007 if (cli->protocol < PROTOCOL_NT1) {
1008 if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
1009 DEBUG(1, ("Server requested LM password but 'client lanman auth'"
1010 " is disabled\n"));
1011 return NT_STATUS_ACCESS_DENIED;
1012 }
1013
1014 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
1015 !lp_client_plaintext_auth() && (*pass)) {
1016 DEBUG(1, ("Server requested plaintext password but "
1017 "'client plaintext auth' is disabled\n"));
1018 return NT_STATUS_ACCESS_DENIED;
1019 }
1020
1021 return cli_session_setup_lanman2(cli, user, pass, passlen,
1022 workgroup);
1023 }
1024
1025 /* if no user is supplied then we have to do an anonymous connection.
1026 passwords are ignored */
1027
1028 if (!user || !*user)
1029 return cli_session_setup_guest(cli);
1030
1031 /* if the server is share level then send a plaintext null
1032 password at this point. The password is sent in the tree
1033 connect */
1034
1035 if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
1036 return cli_session_setup_plaintext(cli, user, "", workgroup);
1037
1038 /* if the server doesn't support encryption then we have to use
1039 plaintext. The second password is ignored */
1040
1041 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
1042 if (!lp_client_plaintext_auth() && (*pass)) {
1043 DEBUG(1, ("Server requested plaintext password but "
1044 "'client plaintext auth' is disabled\n"));
1045 return NT_STATUS_ACCESS_DENIED;
1046 }
1047 return cli_session_setup_plaintext(cli, user, pass, workgroup);
1048 }
1049
1050 /* if the server supports extended security then use SPNEGO */
1051
1052 if (cli->capabilities & CAP_EXTENDED_SECURITY) {
1053 ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
1054 workgroup, NULL);
1055 if (!ADS_ERR_OK(status)) {
1056 DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
1057 return ads_ntstatus(status);
1058 }
1059 } else {
1060 NTSTATUS status;
1061
1062 /* otherwise do a NT1 style session setup */
1063 status = cli_session_setup_nt1(cli, user, pass, passlen,
1064 ntpass, ntpasslen, workgroup);
1065 if (!NT_STATUS_IS_OK(status)) {
1066 DEBUG(3,("cli_session_setup: NT1 session setup "
1067 "failed: %s\n", nt_errstr(status)));
1068 return status;
1069 }
1070 }
1071
1072 if (strstr(cli->server_type, "Samba")) {
1073 cli->is_samba = True;
1074 }
1075
1076 return NT_STATUS_OK;
1077 }
1078
1079 /****************************************************************************
1080 Send a uloggoff.
1081 *****************************************************************************/
1082
1083 bool cli_ulogoff(struct cli_state *cli)
1084 {
1085 memset(cli->outbuf,'\0',smb_size);
1086 cli_set_message(cli->outbuf,2,0,True);
1087 SCVAL(cli->outbuf,smb_com,SMBulogoffX);
1088 cli_setup_packet(cli);
1089 SSVAL(cli->outbuf,smb_vwv0,0xFF);
1090 SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */
1091
1092 cli_send_smb(cli);
1093 if (!cli_receive_smb(cli))
1094 return False;
1095
1096 if (cli_is_error(cli)) {
1097 return False;
1098 }
1099
1100 cli->vuid = -1;
1101 return True;
1102 }
1103
1104 /****************************************************************************
1105 Send a tconX.
1106 ****************************************************************************/
1107
1108 bool cli_send_tconX(struct cli_state *cli,
1109 const char *share, const char *dev, const char *pass, int passlen)
1110 {
1111 fstring fullshare, pword;
1112 char *p;
1113 memset(cli->outbuf,'\0',smb_size);
1114 memset(cli->inbuf,'\0',smb_size);
1115
1116 fstrcpy(cli->share, share);
1117
1118 /* in user level security don't send a password now */
1119 if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
1120 passlen = 1;
1121 pass = "";
1122 } else if (!pass) {
1123 DEBUG(1, ("Server not using user level security and no password supplied.\n"));
1124 return False;
1125 }
1126
1127 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
1128 *pass && passlen != 24) {
1129 if (!lp_client_lanman_auth()) {
1130 DEBUG(1, ("Server requested LANMAN password "
1131 "(share-level security) but "
1132 "'client lanman auth' is disabled\n"));
1133 return False;
1134 }
1135
1136 /*
1137 * Non-encrypted passwords - convert to DOS codepage before encryption.
1138 */
1139 passlen = 24;
1140 SMBencrypt(pass,cli->secblob.data,(uchar *)pword);
1141 } else {
1142 if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL|NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)) == 0) {
1143 if (!lp_client_plaintext_auth() && (*pass)) {
1144 DEBUG(1, ("Server requested plaintext "
1145 "password but 'client plaintext "
1146 "auth' is disabled\n"));
1147 return False;
1148 }
1149
1150 /*
1151 * Non-encrypted passwords - convert to DOS codepage before using.
1152 */
1153 passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
1154
1155 } else {
1156 if (passlen) {
1157 memcpy(pword, pass, passlen);
1158 }
1159 }
1160 }
1161
1162 slprintf(fullshare, sizeof(fullshare)-1,
1163 "\\\\%s\\%s", cli->desthost, share);
1164
1165 cli_set_message(cli->outbuf,4, 0, True);
1166 SCVAL(cli->outbuf,smb_com,SMBtconX);
1167 cli_setup_packet(cli);
1168
1169 SSVAL(cli->outbuf,smb_vwv0,0xFF);
1170 SSVAL(cli->outbuf,smb_vwv2,TCONX_FLAG_EXTENDED_RESPONSE);
1171 SSVAL(cli->outbuf,smb_vwv3,passlen);
1172
1173 p = smb_buf(cli->outbuf);
1174 if (passlen) {
1175 memcpy(p,pword,passlen);
1176 }
1177 p += passlen;
1178 p += clistr_push(cli, p, fullshare, -1, STR_TERMINATE |STR_UPPER);
1179 p += clistr_push(cli, p, dev, -1, STR_TERMINATE |STR_UPPER | STR_ASCII);
1180
1181 cli_setup_bcc(cli, p);
1182
1183 cli_send_smb(cli);
1184 if (!cli_receive_smb(cli))
1185 return False;
1186
1187 if (cli_is_error(cli))
1188 return False;
1189
1190 clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII);
1191
1192 if (cli->protocol >= PROTOCOL_NT1 &&
1193 smb_buflen(cli->inbuf) == 3) {
1194 /* almost certainly win95 - enable bug fixes */
1195 cli->win95 = True;
1196 }
1197
1198 /* Make sure that we have the optional support 16-bit field. WCT > 2 */
1199 /* Avoids issues when connecting to Win9x boxes sharing files */
1200
1201 cli->dfsroot = False;
1202 if ( (CVAL(cli->inbuf, smb_wct))>2 && cli->protocol >= PROTOCOL_LANMAN2 )
1203 cli->dfsroot = (SVAL( cli->inbuf, smb_vwv2 ) & SMB_SHARE_IN_DFS) ? True : False;
1204
1205 cli->cnum = SVAL(cli->inbuf,smb_tid);
1206 return True;
1207 }
1208
1209 /****************************************************************************
1210 Send a tree disconnect.
1211 ****************************************************************************/
1212
1213 bool cli_tdis(struct cli_state *cli)
1214 {
1215 memset(cli->outbuf,'\0',smb_size);
1216 cli_set_message(cli->outbuf,0,0,True);
1217 SCVAL(cli->outbuf,smb_com,SMBtdis);
1218 SSVAL(cli->outbuf,smb_tid,cli->cnum);
1219 cli_setup_packet(cli);
1220
1221 cli_send_smb(cli);
1222 if (!cli_receive_smb(cli))
1223 return False;
1224
1225 if (cli_is_error(cli)) {
1226 return False;
1227 }
1228
1229 cli->cnum = -1;
1230 return True;
1231 }
1232
1233 /****************************************************************************
1234 Send a negprot command.
1235 ****************************************************************************/
1236
1237 void cli_negprot_send(struct cli_state *cli)
1238 {
1239 char *p;
1240 int numprots;
1241
1242 if (cli->protocol < PROTOCOL_NT1)
1243 cli->use_spnego = False;
1244
1245 memset(cli->outbuf,'\0',smb_size);
1246
1247 /* setup the protocol strings */
1248 cli_set_message(cli->outbuf,0,0,True);
1249
1250 p = smb_buf(cli->outbuf);
1251 for (numprots=0;
1252 prots[numprots].name && prots[numprots].prot<=cli->protocol;
1253 numprots++) {
1254 *p++ = 2;
1255 p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1256 }
1257
1258 SCVAL(cli->outbuf,smb_com,SMBnegprot);
1259 cli_setup_bcc(cli, p);
1260 cli_setup_packet(cli);
1261
1262 SCVAL(smb_buf(cli->outbuf),0,2);
1263
1264 cli_send_smb(cli);
1265 }
1266
1267 /****************************************************************************
1268 Send a negprot command.
1269 ****************************************************************************/
1270
1271 bool cli_negprot(struct cli_state *cli)
1272 {
1273 char *p;
1274 int numprots;
1275 int plength;
1276
1277 if (cli->protocol < PROTOCOL_NT1)
1278 cli->use_spnego = False;
1279
1280 memset(cli->outbuf,'\0',smb_size);
1281
1282 /* setup the protocol strings */
1283 for (plength=0,numprots=0;
1284 prots[numprots].name && prots[numprots].prot<=cli->protocol;
1285 numprots++)
1286 plength += strlen(prots[numprots].name)+2;
1287
1288 cli_set_message(cli->outbuf,0,plength,True);
1289
1290 p = smb_buf(cli->outbuf);
1291 for (numprots=0;
1292 prots[numprots].name && prots[numprots].prot<=cli->protocol;
1293 numprots++) {
1294 *p++ = 2;
1295 p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1296 }
1297
1298 SCVAL(cli->outbuf,smb_com,SMBnegprot);
1299 cli_setup_packet(cli);
1300
1301 SCVAL(smb_buf(cli->outbuf),0,2);
1302
1303 cli_send_smb(cli);
1304 if (!cli_receive_smb(cli))
1305 return False;
1306
1307 show_msg(cli->inbuf);
1308
1309 if (cli_is_error(cli) ||
1310 ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) {
1311 return(False);
1312 }
1313
1314 cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot;
1315
1316 if ((cli->protocol < PROTOCOL_NT1) && cli->sign_info.mandatory_signing) {
1317 DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
1318 return False;
1319 }
1320
1321 if (cli->protocol >= PROTOCOL_NT1) {
1322 struct timespec ts;
1323 /* NT protocol */
1324 cli->sec_mode = CVAL(cli->inbuf,smb_vwv1);
1325 cli->max_mux = SVAL(cli->inbuf, smb_vwv1+1);
1326 cli->max_xmit = IVAL(cli->inbuf,smb_vwv3+1);
1327 cli->sesskey = IVAL(cli->inbuf,smb_vwv7+1);
1328 cli->serverzone = SVALS(cli->inbuf,smb_vwv15+1);
1329 cli->serverzone *= 60;
1330 /* this time arrives in real GMT */
1331 ts = interpret_long_date(cli->inbuf+smb_vwv11+1);
1332 cli->servertime = ts.tv_sec;
1333 cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
1334 cli->capabilities = IVAL(cli->inbuf,smb_vwv9+1);
1335 if (cli->capabilities & CAP_RAW_MODE) {
1336 cli->readbraw_supported = True;
1337 cli->writebraw_supported = True;
1338 }
1339 /* work out if they sent us a workgroup */
1340 if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
1341 smb_buflen(cli->inbuf) > 8) {
1342 clistr_pull(cli, cli->server_domain,
1343 smb_buf(cli->inbuf)+8, sizeof(cli->server_domain),
1344 smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN);
1345 }
1346
1347 /*
1348 * As signing is slow we only turn it on if either the client or
1349 * the server require it. JRA.
1350 */
1351
1352 if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
1353 /* Fail if server says signing is mandatory and we don't want to support it. */
1354 if (!cli->sign_info.allow_smb_signing) {
1355 DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
1356 return False;
1357 }
1358 cli->sign_info.negotiated_smb_signing = True;
1359 cli->sign_info.mandatory_signing = True;
1360 } else if (cli->sign_info.mandatory_signing && cli->sign_info.allow_smb_signing) {
1361 /* Fail if client says signing is mandatory and the server doesn't support it. */
1362 if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
1363 DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
1364 return False;
1365 }
1366 cli->sign_info.negotiated_smb_signing = True;
1367 cli->sign_info.mandatory_signing = True;
1368 } else if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
1369 cli->sign_info.negotiated_smb_signing = True;
1370 }
1371
1372 if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
1373 SAFE_FREE(cli->outbuf);
1374 SAFE_FREE(cli->inbuf);
1375 cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
1376 cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
1377 cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
1378 }
1379
1380 } else if (cli->protocol >= PROTOCOL_LANMAN1) {
1381 cli->use_spnego = False;
1382 cli->sec_mode = SVAL(cli->inbuf,smb_vwv1);
1383 cli->max_xmit = SVAL(cli->inbuf,smb_vwv2);
1384 cli->max_mux = SVAL(cli->inbuf, smb_vwv3);
1385 cli->sesskey = IVAL(cli->inbuf,smb_vwv6);
1386 cli->serverzone = SVALS(cli->inbuf,smb_vwv10);
1387 cli->serverzone *= 60;
1388 /* this time is converted to GMT by make_unix_date */
1389 cli->servertime = cli_make_unix_date(cli,cli->inbuf+smb_vwv8);
1390 cli->readbraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x1) != 0);
1391 cli->writebraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x2) != 0);
1392 cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
1393 } else {
1394 /* the old core protocol */
1395 cli->use_spnego = False;
1396 cli->sec_mode = 0;
1397 cli->serverzone = get_time_zone(time(NULL));
1398 }
1399
1400 cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
1401
1402 /* a way to force ascii SMB */
1403 if (getenv("CLI_FORCE_ASCII"))
1404 cli->capabilities &= ~CAP_UNICODE;
1405
1406 return True;
1407 }
1408
1409 /****************************************************************************
1410 Send a session request. See rfc1002.txt 4.3 and 4.3.2.
1411 ****************************************************************************/
1412
1413 bool cli_session_request(struct cli_state *cli,
1414 struct nmb_name *calling, struct nmb_name *called)
1415 {
1416 char *p;
1417 int len = 4;
1418
1419 memcpy(&(cli->calling), calling, sizeof(*calling));
1420 memcpy(&(cli->called ), called , sizeof(*called ));
1421
1422 /* put in the destination name */
1423 p = cli->outbuf+len;
1424 name_mangle(cli->called .name, p, cli->called .name_type);
1425 len += name_len(p);
1426
1427 /* and my name */
1428 p = cli->outbuf+len;
1429 name_mangle(cli->calling.name, p, cli->calling.name_type);
1430 len += name_len(p);
1431
1432 /* 445 doesn't have session request */
1433 if (cli->port == 445)
1434 return True;
1435
1436 /* send a session request (RFC 1002) */
1437 /* setup the packet length
1438 * Remove four bytes from the length count, since the length
1439 * field in the NBT Session Service header counts the number
1440 * of bytes which follow. The cli_send_smb() function knows
1441 * about this and accounts for those four bytes.
1442 * CRH.
1443 */
1444 len -= 4;
1445 _smb_setlen(cli->outbuf,len);
1446 SCVAL(cli->outbuf,0,0x81);
1447
1448 cli_send_smb(cli);
1449 DEBUG(5,("Sent session request\n"));
1450
1451 if (!cli_receive_smb(cli))
1452 return False;
1453
1454 if (CVAL(cli->inbuf,0) == 0x84) {
1455 /* C. Hoch 9/14/95 Start */
1456 /* For information, here is the response structure.
1457 * We do the byte-twiddling to for portability.
1458 struct RetargetResponse{
1459 unsigned char type;
1460 unsigned char flags;
1461 int16 length;
1462 int32 ip_addr;
1463 int16 port;
1464 };
1465 */
1466 uint16_t port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
1467 struct in_addr dest_ip;
1468
1469 /* SESSION RETARGET */
1470 putip((char *)&dest_ip,cli->inbuf+4);
1471 in_addr_to_sockaddr_storage(&cli->dest_ss, dest_ip);
1472
1473 cli->fd = open_socket_out(SOCK_STREAM,
1474 &cli->dest_ss,
1475 port,
1476 LONG_CONNECT_TIMEOUT);
1477 if (cli->fd == -1)
1478 return False;
1479
1480 DEBUG(3,("Retargeted\n"));
1481
1482 set_socket_options(cli->fd, lp_socket_options());
1483
1484 /* Try again */
1485 {
1486 static int depth;
1487 bool ret;
1488 if (depth > 4) {
1489 DEBUG(0,("Retarget recursion - failing\n"));
1490 return False;
1491 }
1492 depth++;
1493 ret = cli_session_request(cli, calling, called);
1494 depth--;
1495 return ret;
1496 }
1497 } /* C. Hoch 9/14/95 End */
1498
1499 if (CVAL(cli->inbuf,0) != 0x82) {
1500 /* This is the wrong place to put the error... JRA. */
1501 cli->rap_error = CVAL(cli->inbuf,4);
1502 return False;
1503 }
1504 return(True);
1505 }
1506
1507 /****************************************************************************
1508 Open the client sockets.
1509 ****************************************************************************/
1510
1511 NTSTATUS cli_connect(struct cli_state *cli,
1512 const char *host,
1513 struct sockaddr_storage *dest_ss)
1514
1515 {
1516 int name_type = 0x20;
1517 TALLOC_CTX *frame = talloc_stackframe();
1518 unsigned int num_addrs = 0;
1519 unsigned int i = 0;
1520 struct sockaddr_storage *ss_arr = NULL;
1521 char *p = NULL;
1522
1523 /* reasonable default hostname */
1524 if (!host) {
1525 host = star_smbserver_name;
1526 }
1527
1528 fstrcpy(cli->desthost, host);
1529
1530 /* allow hostnames of the form NAME#xx and do a netbios lookup */
1531 if ((p = strchr(cli->desthost, '#'))) {
1532 name_type = strtol(p+1, NULL, 16);
1533 *p = 0;
1534 }
1535
1536 if (!dest_ss || is_zero_addr(dest_ss)) {
1537 NTSTATUS status =resolve_name_list(frame,
1538 cli->desthost,
1539 name_type,
1540 &ss_arr,
1541 &num_addrs);
1542 if (!NT_STATUS_IS_OK(status)) {
1543 TALLOC_FREE(frame);
1544 return NT_STATUS_BAD_NETWORK_NAME;
1545 }
1546 } else {
1547 num_addrs = 1;
1548 ss_arr = TALLOC_P(frame, struct sockaddr_storage);
1549 if (!ss_arr) {
1550 TALLOC_FREE(frame);
1551 return NT_STATUS_NO_MEMORY;
1552 }
1553 *ss_arr = *dest_ss;
1554 }
1555
1556 for (i = 0; i < num_addrs; i++) {
1557 cli->dest_ss = ss_arr[i];
1558 if (getenv("LIBSMB_PROG")) {
1559 cli->fd = sock_exec(getenv("LIBSMB_PROG"));
1560 } else {
1561 /* try 445 first, then 139 */
1562 uint16_t port = cli->port?cli->port:445;
1563 cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ss,
1564 port, cli->timeout);
1565 if (cli->fd == -1 && cli->port == 0) {
1566 port = 139;
1567 cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ss,
1568 port, cli->timeout);
1569 }
1570 if (cli->fd != -1) {
1571 cli->port = port;
1572 }
1573 }
1574 if (cli->fd == -1) {
1575 char addr[INET6_ADDRSTRLEN];
1576 print_sockaddr(addr, sizeof(addr), &ss_arr[i]);
1577 DEBUG(2,("Error connecting to %s (%s)\n",
1578 dest_ss?addr:host,strerror(errno)));
1579 } else {
1580 /* Exit from loop on first connection. */
1581 break;
1582 }
1583 }
1584
1585 if (cli->fd == -1) {
1586 TALLOC_FREE(frame);
1587 return map_nt_error_from_unix(errno);
1588 }
1589
1590 if (dest_ss) {
1591 *dest_ss = cli->dest_ss;
1592 }
1593
1594 set_socket_options(cli->fd, lp_socket_options());
1595
1596 TALLOC_FREE(frame);
1597 return NT_STATUS_OK;
1598 }
1599
1600 /**
1601 establishes a connection to after the negprot.
1602 @param output_cli A fully initialised cli structure, non-null only on success
1603 @param dest_host The netbios name of the remote host
1604 @param dest_ss (optional) The the destination IP, NULL for name based lookup
1605 @param port (optional) The destination port (0 for default)
1606 @param retry bool. Did this connection fail with a retryable error ?
1607
1608 */
1609 NTSTATUS cli_start_connection(struct cli_state **output_cli,
1610 const char *my_name,
1611 const char *dest_host,
1612 struct sockaddr_storage *dest_ss, int port,
1613 int signing_state, int flags,
1614 bool *retry)
1615 {
1616 NTSTATUS nt_status;
1617 struct nmb_name calling;
1618 struct nmb_name called;
1619 struct cli_state *cli;
1620 struct sockaddr_storage ss;
1621
1622 if (retry)
1623 *retry = False;
1624
1625 if (!my_name)
1626 my_name = global_myname();
1627
1628 if (!(cli = cli_initialise())) {
1629 return NT_STATUS_NO_MEMORY;
1630 }
1631
1632 make_nmb_name(&calling, my_name, 0x0);
1633 make_nmb_name(&called , dest_host, 0x20);
1634
1635 if (cli_set_port(cli, port) != port) {
1636 cli_shutdown(cli);
1637 return NT_STATUS_UNSUCCESSFUL;
1638 }
1639
1640 cli_set_timeout(cli, 10000); /* 10 seconds. */
1641
1642 if (dest_ss) {
1643 ss = *dest_ss;
1644 } else {
1645 zero_sockaddr(&ss);
1646 }
1647
1648 again:
1649
1650 DEBUG(3,("Connecting to host=%s\n", dest_host));
1651
1652 nt_status = cli_connect(cli, dest_host, &ss);
1653 if (!NT_STATUS_IS_OK(nt_status)) {
1654 char addr[INET6_ADDRSTRLEN];
1655 print_sockaddr(addr, sizeof(addr), &ss);
1656 DEBUG(1,("cli_start_connection: failed to connect to %s (%s). Error %s\n",
1657 nmb_namestr(&called), addr, nt_errstr(nt_status) ));
1658 cli_shutdown(cli);
1659 return nt_status;
1660 }
1661
1662 if (retry)
1663 *retry = True;
1664
1665 if (!cli_session_request(cli, &calling, &called)) {
1666 char *p;
1667 DEBUG(1,("session request to %s failed (%s)\n",
1668 called.name, cli_errstr(cli)));
1669 if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
1670 *p = 0;
1671 goto again;
1672 }
1673 if (strcmp(called.name, star_smbserver_name)) {
1674 make_nmb_name(&called , star_smbserver_name, 0x20);
1675 goto again;
1676 }
1677 return NT_STATUS_BAD_NETWORK_NAME;
1678 }
1679
1680 cli_setup_signing_state(cli, signing_state);
1681
1682 if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
1683 cli->use_spnego = False;
1684 else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
1685 cli->use_kerberos = True;
1686
1687 if ((flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) &&
1688 cli->use_kerberos) {
1689 cli->fallback_after_kerberos = true;
1690 }
1691
1692 if (!cli_negprot(cli)) {
1693 DEBUG(1,("failed negprot\n"));
1694 nt_status = cli_nt_error(cli);
1695 if (NT_STATUS_IS_OK(nt_status)) {
1696 nt_status = NT_STATUS_UNSUCCESSFUL;
1697 }
1698 cli_shutdown(cli);
1699 return nt_status;
1700 }
1701
1702 *output_cli = cli;
1703 return NT_STATUS_OK;
1704 }
1705
1706
1707 /**
1708 establishes a connection right up to doing tconX, password specified.
1709 @param output_cli A fully initialised cli structure, non-null only on success
1710 @param dest_host The netbios name of the remote host
1711 @param dest_ip (optional) The the destination IP, NULL for name based lookup
1712 @param port (optional) The destination port (0 for default)
1713 @param service (optional) The share to make the connection to. Should be 'unqualified' in any way.
1714 @param service_type The 'type' of serivice.
1715 @param user Username, unix string
1716 @param domain User's domain
1717 @param password User's password, unencrypted unix string.
1718 @param retry bool. Did this connection fail with a retryable error ?
1719 */
1720
1721 NTSTATUS cli_full_connection(struct cli_state **output_cli,
1722 const char *my_name,
1723 const char *dest_host,
1724 struct sockaddr_storage *dest_ss, int port,
1725 const char *service, const char *service_type,
1726 const char *user, const char *domain,
1727 const char *password, int flags,
1728 int signing_state,
1729 bool *retry)
1730 {
1731 NTSTATUS nt_status;
1732 struct cli_state *cli = NULL;
1733 int pw_len = password ? strlen(password)+1 : 0;
1734
1735 *output_cli = NULL;
1736
1737 if (password == NULL) {
1738 password = "";
1739 }
1740
1741 nt_status = cli_start_connection(&cli, my_name, dest_host,
1742 dest_ss, port, signing_state,
1743 flags, retry);
1744
1745 if (!NT_STATUS_IS_OK(nt_status)) {
1746 return nt_status;
1747 }
1748
1749 nt_status = cli_session_setup(cli, user, password, pw_len, password,
1750 pw_len, domain);
1751 if (!NT_STATUS_IS_OK(nt_status)) {
1752
1753 if (!(flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
1754 DEBUG(1,("failed session setup with %s\n",
1755 nt_errstr(nt_status)));
1756 cli_shutdown(cli);
1757 return nt_status;
1758 }
1759
1760 nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
1761 if (!NT_STATUS_IS_OK(nt_status)) {
1762 DEBUG(1,("anonymous failed session setup with %s\n",
1763 nt_errstr(nt_status)));
1764 cli_shutdown(cli);
1765 return nt_status;
1766 }
1767 }
1768
1769 if (service) {
1770 if (!cli_send_tconX(cli, service, service_type, password, pw_len)) {
1771 nt_status = cli_nt_error(cli);
1772 DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
1773 cli_shutdown(cli);
1774 if (NT_STATUS_IS_OK(nt_status)) {
1775 nt_status = NT_STATUS_UNSUCCESSFUL;
1776 }
1777 return nt_status;
1778 }
1779 }
1780
1781 cli_init_creds(cli, user, domain, password);
1782
1783 *output_cli = cli;
1784 return NT_STATUS_OK;
1785 }
1786
1787 /****************************************************************************
1788 Attempt a NetBIOS session request, falling back to *SMBSERVER if needed.
1789 ****************************************************************************/
1790
1791 bool attempt_netbios_session_request(struct cli_state **ppcli, const char *srchost, const char *desthost,
1792 struct sockaddr_storage *pdest_ss)
1793 {
1794 struct nmb_name calling, called;
1795
1796 make_nmb_name(&calling, srchost, 0x0);
1797
1798 /*
1799 * If the called name is an IP address
1800 * then use *SMBSERVER immediately.
1801 */
1802
1803 if(is_ipaddress(desthost)) {
1804 make_nmb_name(&called, star_smbserver_name, 0x20);
1805 } else {
1806 make_nmb_name(&called, desthost, 0x20);
1807 }
1808
1809 if (!cli_session_request(*ppcli, &calling, &called)) {
1810 NTSTATUS status;
1811 struct nmb_name smbservername;
1812
1813 make_nmb_name(&smbservername, star_smbserver_name, 0x20);
1814
1815 /*
1816 * If the name wasn't *SMBSERVER then
1817 * try with *SMBSERVER if the first name fails.
1818 */
1819
1820 if (nmb_name_equal(&called, &smbservername)) {
1821
1822 /*
1823 * The name used was *SMBSERVER, don't bother with another name.
1824 */
1825
1826 DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
1827 with error %s.\n", desthost, cli_errstr(*ppcli) ));
1828 return False;
1829 }
1830
1831 /* Try again... */
1832 cli_shutdown(*ppcli);
1833
1834 *ppcli = cli_initialise();
1835 if (!*ppcli) {
1836 /* Out of memory... */
1837 return False;
1838 }
1839
1840 status = cli_connect(*ppcli, desthost, pdest_ss);
1841 if (!NT_STATUS_IS_OK(status) ||
1842 !cli_session_request(*ppcli, &calling, &smbservername)) {
1843 DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
1844 name *SMBSERVER with error %s\n", desthost, cli_errstr(*ppcli) ));
1845 return False;
1846 }
1847 }
1848
1849 return True;
1850 }
1851
1852 /****************************************************************************
1853 Send an old style tcon.
1854 ****************************************************************************/
1855 NTSTATUS cli_raw_tcon(struct cli_state *cli,
1856 const char *service, const char *pass, const char *dev,
1857 uint16 *max_xmit, uint16 *tid)
1858 {
1859 char *p;
1860
1861 if (!lp_client_plaintext_auth() && (*pass)) {
1862 DEBUG(1, ("Server requested plaintext password but 'client "
1863 "plaintext auth' is disabled\n"));
1864 return NT_STATUS_ACCESS_DENIED;
1865 }
1866
1867 memset(cli->outbuf,'\0',smb_size);
1868 memset(cli->inbuf,'\0',smb_size);
1869
1870 cli_set_message(cli->outbuf, 0, 0, True);
1871 SCVAL(cli->outbuf,smb_com,SMBtcon);
1872 cli_setup_packet(cli);
1873
1874 p = smb_buf(cli->outbuf);
1875 *p++ = 4; p += clistr_push(cli, p, service, -1, STR_TERMINATE | STR_NOALIGN);
1876 *p++ = 4; p += clistr_push(cli, p, pass, -1, STR_TERMINATE | STR_NOALIGN);
1877 *p++ = 4; p += clistr_push(cli, p, dev, -1, STR_TERMINATE | STR_NOALIGN);
1878
1879 cli_setup_bcc(cli, p);
1880
1881 cli_send_smb(cli);
1882 if (!cli_receive_smb(cli)) {
1883 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
1884 }
1885
1886 if (cli_is_error(cli)) {
1887 return cli_nt_error(cli);
1888 }
1889
1890 *max_xmit = SVAL(cli->inbuf, smb_vwv0);
1891 *tid = SVAL(cli->inbuf, smb_vwv1);
1892
1893 return NT_STATUS_OK;
1894 }
1895
1896 /* Return a cli_state pointing at the IPC$ share for the given server */
1897
1898 struct cli_state *get_ipc_connect(char *server,
1899 struct sockaddr_storage *server_ss,
1900 const struct user_auth_info *user_info)
1901 {
1902 struct cli_state *cli;
1903 NTSTATUS nt_status;
1904 uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
1905
1906 if (user_info->use_kerberos) {
1907 flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
1908 }
1909
1910 nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
1911 user_info->username ? user_info->username : "",
1912 lp_workgroup(),
1913 user_info->password ? user_info->password : "",
1914 flags,
1915 Undefined, NULL);
1916
1917 if (NT_STATUS_IS_OK(nt_status)) {
1918 return cli;
1919 } else if (is_ipaddress(server)) {
1920 /* windows 9* needs a correct NMB name for connections */
1921 fstring remote_name;
1922
1923 if (name_status_find("*", 0, 0, server_ss, remote_name)) {
1924 cli = get_ipc_connect(remote_name, server_ss, user_info);
1925 if (cli)
1926 return cli;
1927 }
1928 }
1929 return NULL;
1930 }
1931
1932 /*
1933 * Given the IP address of a master browser on the network, return its
1934 * workgroup and connect to it.
1935 *
1936 * This function is provided to allow additional processing beyond what
1937 * get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
1938 * browsers and obtain each master browsers' list of domains (in case the
1939 * first master browser is recently on the network and has not yet
1940 * synchronized with other master browsers and therefore does not yet have the
1941 * entire network browse list)
1942 */
1943
1944 struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
1945 struct ip_service *mb_ip,
1946 const struct user_auth_info *user_info,
1947 char **pp_workgroup_out)
1948 {
1949 char addr[INET6_ADDRSTRLEN];
1950 fstring name;
1951 struct cli_state *cli;
1952 struct sockaddr_storage server_ss;
1953
1954 *pp_workgroup_out = NULL;
1955
1956 print_sockaddr(addr, sizeof(addr), &mb_ip->ss);
1957 DEBUG(99, ("Looking up name of master browser %s\n",
1958 addr));
1959
1960 /*
1961 * Do a name status query to find out the name of the master browser.
1962 * We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
1963 * master browser will not respond to a wildcard query (or, at least,
1964 * an NT4 server acting as the domain master browser will not).
1965 *
1966 * We might be able to use ONLY the query on MSBROWSE, but that's not
1967 * yet been tested with all Windows versions, so until it is, leave
1968 * the original wildcard query as the first choice and fall back to
1969 * MSBROWSE if the wildcard query fails.
1970 */
1971 if (!name_status_find("*", 0, 0x1d, &mb_ip->ss, name) &&
1972 !name_status_find(MSBROWSE, 1, 0x1d, &mb_ip->ss, name)) {
1973
1974 DEBUG(99, ("Could not retrieve name status for %s\n",
1975 addr));
1976 return NULL;
1977 }
1978
1979 if (!find_master_ip(name, &server_ss)) {
1980 DEBUG(99, ("Could not find master ip for %s\n", name));
1981 return NULL;
1982 }
1983
1984 *pp_workgroup_out = talloc_strdup(ctx, name);
1985
1986 DEBUG(4, ("found master browser %s, %s\n", name, addr));
1987
1988 print_sockaddr(addr, sizeof(addr), &server_ss);
1989 cli = get_ipc_connect(addr, &server_ss, user_info);
1990
1991 return cli;
1992 }
1993
1994 /*
1995 * Return the IP address and workgroup of a master browser on the network, and
1996 * connect to it.
1997 */
1998
1999 struct cli_state *get_ipc_connect_master_ip_bcast(TALLOC_CTX *ctx,
2000 const struct user_auth_info *user_info,
2001 char **pp_workgroup_out)
2002 {
2003 struct ip_service *ip_list;
2004 struct cli_state *cli;
2005 int i, count;
2006
2007 *pp_workgroup_out = NULL;
2008
2009 DEBUG(99, ("Do broadcast lookup for workgroups on local network\n"));
2010
2011 /* Go looking for workgroups by broadcasting on the local network */
2012
2013 if (!NT_STATUS_IS_OK(name_resolve_bcast(MSBROWSE, 1, &ip_list,
2014 &count))) {
2015 DEBUG(99, ("No master browsers responded\n"));
2016 return False;
2017 }
2018
2019 for (i = 0; i < count; i++) {
2020 char addr[INET6_ADDRSTRLEN];
2021 print_sockaddr(addr, sizeof(addr), &ip_list[i].ss);
2022 DEBUG(99, ("Found master browser %s\n", addr));
2023
2024 cli = get_ipc_connect_master_ip(ctx, &ip_list[i],
2025 user_info, pp_workgroup_out);
2026 if (cli)
2027 return(cli);
2028 }
2029
2030 return NULL;
2031 }
Samba GIT mirror