search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lib: talloc: Fix memlimit on pool realloc.
[Samba.git] / source3 / libsmb / libsmb_server.c
blob5a1055ba773c4e693ea79aebbbc56a6753fc3dd1
1 /*
2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
10 Copyright (C) SATOH Fumiyasu <fumiyas@osstech.co.jp> 2009.
11
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
16
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
21
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 #include "includes.h"
27 #include "libsmb/libsmb.h"
28 #include "libsmbclient.h"
29 #include "libsmb_internal.h"
30 #include "../librpc/gen_ndr/ndr_lsa.h"
31 #include "rpc_client/cli_pipe.h"
32 #include "rpc_client/cli_lsarpc.h"
33 #include "libcli/security/security.h"
34 #include "libsmb/nmblib.h"
35 #include "../libcli/smb/smbXcli_base.h"
36
37 /*
38 * Check a server for being alive and well.
39 * returns 0 if the server is in shape. Returns 1 on error
40 *
41 * Also useable outside libsmbclient to enable external cache
42 * to do some checks too.
43 */
44 int
45 SMBC_check_server(SMBCCTX * context,
46 SMBCSRV * server)
47 {
48 time_t now;
49
50 if (!cli_state_is_connected(server->cli)) {
51 return 1;
52 }
53
54 now = time_mono(NULL);
55
56 if (server->last_echo_time == (time_t)0 ||
57 now > server->last_echo_time +
58 (server->cli->timeout/1000)) {
59 unsigned char data[16] = {0};
60 NTSTATUS status = cli_echo(server->cli,
61 1,
62 data_blob_const(data, sizeof(data)));
63 if (!NT_STATUS_IS_OK(status)) {
64 /*
65 * Some NetApp servers return
66 * NT_STATUS_INVALID_PARAMETER.That's OK, they still
67 * replied.
68 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007
69 */
70 if (!NT_STATUS_EQUAL(status,
71 NT_STATUS_INVALID_PARAMETER)) {
72 return 1;
73 }
74 }
75 server->last_echo_time = now;
76 }
77 return 0;
78 }
79
80 /*
81 * Remove a server from the cached server list it's unused.
82 * On success, 0 is returned. 1 is returned if the server could not be removed.
83 *
84 * Also useable outside libsmbclient
85 */
86 int
87 SMBC_remove_unused_server(SMBCCTX * context,
88 SMBCSRV * srv)
89 {
90 SMBCFILE * file;
91
92 /* are we being fooled ? */
93 if (!context || !context->internal->initialized || !srv) {
94 return 1;
95 }
96
97 /* Check all open files/directories for a relation with this server */
98 for (file = context->internal->files; file; file = file->next) {
99 if (file->srv == srv) {
100 /* Still used */
101 DEBUG(3, ("smbc_remove_usused_server: "
102 "%p still used by %p.\n",
103 srv, file));
104 return 1;
105 }
106 }
107
108 DLIST_REMOVE(context->internal->servers, srv);
109
110 cli_shutdown(srv->cli);
111 srv->cli = NULL;
112
113 DEBUG(3, ("smbc_remove_usused_server: %p removed.\n", srv));
114
115 smbc_getFunctionRemoveCachedServer(context)(context, srv);
116
117 SAFE_FREE(srv);
118 return 0;
119 }
120
121 /****************************************************************
122 * Call the auth_fn with fixed size (fstring) buffers.
123 ***************************************************************/
124 static void
125 SMBC_call_auth_fn(TALLOC_CTX *ctx,
126 SMBCCTX *context,
127 const char *server,
128 const char *share,
129 char **pp_workgroup,
130 char **pp_username,
131 char **pp_password)
132 {
133 fstring workgroup = { 0 };
134 fstring username = { 0 };
135 fstring password = { 0 };
136 smbc_get_auth_data_with_context_fn auth_with_context_fn;
137
138 if (*pp_workgroup != NULL) {
139 strlcpy(workgroup, *pp_workgroup, sizeof(workgroup));
140 }
141 if (*pp_username != NULL) {
142 strlcpy(username, *pp_username, sizeof(username));
143 }
144 if (*pp_password != NULL) {
145 strlcpy(password, *pp_password, sizeof(password));
146 }
147
148 /* See if there's an authentication with context function provided */
149 auth_with_context_fn = smbc_getFunctionAuthDataWithContext(context);
150 if (auth_with_context_fn)
151 {
152 (* auth_with_context_fn)(context,
153 server, share,
154 workgroup, sizeof(workgroup),
155 username, sizeof(username),
156 password, sizeof(password));
157 }
158 else
159 {
160 smbc_getFunctionAuthData(context)(server, share,
161 workgroup, sizeof(workgroup),
162 username, sizeof(username),
163 password, sizeof(password));
164 }
165
166 TALLOC_FREE(*pp_workgroup);
167 TALLOC_FREE(*pp_username);
168 TALLOC_FREE(*pp_password);
169
170 *pp_workgroup = talloc_strdup(ctx, workgroup);
171 *pp_username = talloc_strdup(ctx, username);
172 *pp_password = talloc_strdup(ctx, password);
173 }
174
175
176 void
177 SMBC_get_auth_data(const char *server, const char *share,
178 char *workgroup_buf, int workgroup_buf_len,
179 char *username_buf, int username_buf_len,
180 char *password_buf, int password_buf_len)
181 {
182 /* Default function just uses provided data. Nothing to do. */
183 }
184
185
186
187 SMBCSRV *
188 SMBC_find_server(TALLOC_CTX *ctx,
189 SMBCCTX *context,
190 const char *server,
191 const char *share,
192 char **pp_workgroup,
193 char **pp_username,
194 char **pp_password)
195 {
196 SMBCSRV *srv;
197 int auth_called = 0;
198
199 if (!pp_workgroup || !pp_username || !pp_password) {
200 return NULL;
201 }
202
203 check_server_cache:
204
205 srv = smbc_getFunctionGetCachedServer(context)(context,
206 server, share,
207 *pp_workgroup,
208 *pp_username);
209
210 if (!auth_called && !srv && (!*pp_username || !(*pp_username)[0] ||
211 !*pp_password || !(*pp_password)[0])) {
212 SMBC_call_auth_fn(ctx, context, server, share,
213 pp_workgroup, pp_username, pp_password);
214
215 /*
216 * However, smbc_auth_fn may have picked up info relating to
217 * an existing connection, so try for an existing connection
218 * again ...
219 */
220 auth_called = 1;
221 goto check_server_cache;
222
223 }
224
225 if (srv) {
226 if (smbc_getFunctionCheckServer(context)(context, srv)) {
227 /*
228 * This server is no good anymore
229 * Try to remove it and check for more possible
230 * servers in the cache
231 */
232 if (smbc_getFunctionRemoveUnusedServer(context)(context,
233 srv)) {
234 /*
235 * We could not remove the server completely,
236 * remove it from the cache so we will not get
237 * it again. It will be removed when the last
238 * file/dir is closed.
239 */
240 smbc_getFunctionRemoveCachedServer(context)(context,
241 srv);
242 }
243
244 /*
245 * Maybe there are more cached connections to this
246 * server
247 */
248 goto check_server_cache;
249 }
250
251 return srv;
252 }
253
254 return NULL;
255 }
256
257 static struct cli_credentials *SMBC_auth_credentials(TALLOC_CTX *mem_ctx,
258 SMBCCTX *context,
259 const char *domain,
260 const char *username,
261 const char *password)
262 {
263 struct cli_credentials *creds = NULL;
264 bool use_kerberos = false;
265 bool fallback_after_kerberos = false;
266 bool use_ccache = false;
267 bool pw_nt_hash = false;
268
269 use_kerberos = smbc_getOptionUseKerberos(context);
270 fallback_after_kerberos = smbc_getOptionFallbackAfterKerberos(context);
271 use_ccache = smbc_getOptionUseCCache(context);
272 pw_nt_hash = smbc_getOptionUseNTHash(context);
273
274 creds = cli_session_creds_init(mem_ctx,
275 username,
276 domain,
277 NULL, /* realm */
278 password,
279 use_kerberos,
280 fallback_after_kerberos,
281 use_ccache,
282 pw_nt_hash);
283 if (creds == NULL) {
284 return NULL;
285 }
286
287 switch (context->internal->smb_encryption_level) {
288 case SMBC_ENCRYPTLEVEL_DEFAULT:
289 /* Use the config option */
290 break;
291 case SMBC_ENCRYPTLEVEL_NONE:
292 cli_credentials_set_smb_encryption(creds,
293 SMB_ENCRYPTION_OFF,
294 CRED_SPECIFIED);
295 break;
296 case SMBC_ENCRYPTLEVEL_REQUEST:
297 cli_credentials_set_smb_encryption(creds,
298 SMB_ENCRYPTION_DESIRED,
299 CRED_SPECIFIED);
300 break;
301 case SMBC_ENCRYPTLEVEL_REQUIRE:
302 default:
303 cli_credentials_set_smb_encryption(creds,
304 SMB_ENCRYPTION_REQUIRED,
305 CRED_SPECIFIED);
306 break;
307 }
308
309
310 return creds;
311 }
312
313 /*
314 * Connect to a server, possibly on an existing connection
315 *
316 * Here, what we want to do is: If the server and username
317 * match an existing connection, reuse that, otherwise, establish a
318 * new connection.
319 *
320 * If we have to create a new connection, call the auth_fn to get the
321 * info we need, unless the username and password were passed in.
322 */
323
324 static SMBCSRV *
325 SMBC_server_internal(TALLOC_CTX *ctx,
326 SMBCCTX *context,
327 bool connect_if_not_found,
328 const char *server,
329 uint16_t port,
330 const char *share,
331 char **pp_workgroup,
332 char **pp_username,
333 char **pp_password,
334 bool *in_cache)
335 {
336 SMBCSRV *srv=NULL;
337 char *workgroup = NULL;
338 struct cli_state *c = NULL;
339 const char *server_n = server;
340 int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
341 uint32_t fs_attrs = 0;
342 const char *username_used = NULL;
343 const char *password_used = NULL;
344 NTSTATUS status;
345 char *newserver, *newshare;
346 int flags = 0;
347 struct smbXcli_tcon *tcon = NULL;
348 int signing_state = SMB_SIGNING_DEFAULT;
349 struct cli_credentials *creds = NULL;
350
351 *in_cache = false;
352
353 if (server[0] == 0) {
354 errno = EPERM;
355 return NULL;
356 }
357
358 /* Look for a cached connection */
359 srv = SMBC_find_server(ctx, context, server, share,
360 pp_workgroup, pp_username, pp_password);
361
362 /*
363 * If we found a connection and we're only allowed one share per
364 * server...
365 */
366 if (srv &&
367 share != NULL && *share != '\0' &&
368 smbc_getOptionOneSharePerServer(context)) {
369
370 /*
371 * ... then if there's no current connection to the share,
372 * connect to it. SMBC_find_server(), or rather the function
373 * pointed to by context->get_cached_srv_fn which
374 * was called by SMBC_find_server(), will have issued a tree
375 * disconnect if the requested share is not the same as the
376 * one that was already connected.
377 */
378
379 /*
380 * Use srv->cli->desthost and srv->cli->share instead of
381 * server and share below to connect to the actual share,
382 * i.e., a normal share or a referred share from
383 * 'msdfs proxy' share.
384 */
385 if (!cli_state_has_tcon(srv->cli)) {
386 /* Ensure we have accurate auth info */
387 SMBC_call_auth_fn(ctx, context,
388 smbXcli_conn_remote_name(srv->cli->conn),
389 srv->cli->share,
390 pp_workgroup,
391 pp_username,
392 pp_password);
393
394 if (!*pp_workgroup || !*pp_username || !*pp_password) {
395 errno = ENOMEM;
396 cli_shutdown(srv->cli);
397 srv->cli = NULL;
398 smbc_getFunctionRemoveCachedServer(context)(context,
399 srv);
400 return NULL;
401 }
402
403 /*
404 * We don't need to renegotiate encryption
405 * here as the encryption context is not per
406 * tid.
407 */
408
409 status = cli_tree_connect(srv->cli,
410 srv->cli->share,
411 "?????",
412 *pp_password);
413 if (!NT_STATUS_IS_OK(status)) {
414 cli_shutdown(srv->cli);
415 errno = map_errno_from_nt_status(status);
416 srv->cli = NULL;
417 smbc_getFunctionRemoveCachedServer(context)(context,
418 srv);
419 srv = NULL;
420 goto not_found;
421 }
422
423 /* Determine if this share supports case sensitivity */
424 if (is_ipc) {
425 DEBUG(4,
426 ("IPC$ so ignore case sensitivity\n"));
427 status = NT_STATUS_OK;
428 } else {
429 status = cli_get_fs_attr_info(srv->cli, &fs_attrs);
430 }
431
432 if (!NT_STATUS_IS_OK(status)) {
433 DEBUG(4, ("Could not retrieve "
434 "case sensitivity flag: %s.\n",
435 nt_errstr(status)));
436
437 /*
438 * We can't determine the case sensitivity of
439 * the share. We have no choice but to use the
440 * user-specified case sensitivity setting.
441 */
442 if (smbc_getOptionCaseSensitive(context)) {
443 cli_set_case_sensitive(srv->cli, true);
444 } else {
445 cli_set_case_sensitive(srv->cli, false);
446 }
447 } else if (!is_ipc) {
448 DEBUG(4,
449 ("Case sensitive: %s\n",
450 (fs_attrs & FILE_CASE_SENSITIVE_SEARCH
451 ? "True"
452 : "False")));
453 cli_set_case_sensitive(
454 srv->cli,
455 (fs_attrs & FILE_CASE_SENSITIVE_SEARCH
456 ? True
457 : False));
458 }
459
460 /*
461 * Regenerate the dev value since it's based on both
462 * server and share
463 */
464 if (srv) {
465 const char *remote_name =
466 smbXcli_conn_remote_name(srv->cli->conn);
467
468 srv->dev = (dev_t)(str_checksum(remote_name) ^
469 str_checksum(srv->cli->share));
470 }
471 }
472 }
473
474 not_found:
475
476 /* If we have a connection... */
477 if (srv) {
478
479 /* ... then we're done here. Give 'em what they came for. */
480 *in_cache = true;
481 goto done;
482 }
483
484 /* If we're not asked to connect when a connection doesn't exist... */
485 if (! connect_if_not_found) {
486 /* ... then we're done here. */
487 return NULL;
488 }
489
490 if (!*pp_workgroup || !*pp_username || !*pp_password) {
491 errno = ENOMEM;
492 return NULL;
493 }
494
495 DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
496
497 DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
498
499 status = NT_STATUS_UNSUCCESSFUL;
500
501 if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
502 signing_state = SMB_SIGNING_REQUIRED;
503 }
504
505 if (port == 0) {
506 if (share == NULL || *share == '\0' || is_ipc) {
507 /*
508 * Try 139 first for IPC$
509 */
510 status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20,
511 smbc_getNetbiosName(context),
512 signing_state, flags, &c);
513 }
514 }
515
516 if (!NT_STATUS_IS_OK(status)) {
517 /*
518 * No IPC$ or 139 did not work
519 */
520 status = cli_connect_nb(server_n, NULL, port, 0x20,
521 smbc_getNetbiosName(context),
522 signing_state, flags, &c);
523 }
524
525 if (!NT_STATUS_IS_OK(status)) {
526 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
527 DBG_ERR("NetBIOS support disabled, unable to connect");
528 }
529
530 errno = map_errno_from_nt_status(status);
531 return NULL;
532 }
533
534 cli_set_timeout(c, smbc_getTimeout(context));
535
536 status = smbXcli_negprot(c->conn, c->timeout,
537 lp_client_min_protocol(),
538 lp_client_max_protocol());
539 if (!NT_STATUS_IS_OK(status)) {
540 cli_shutdown(c);
541 errno = map_errno_from_nt_status(status);
542 return NULL;
543 }
544
545 if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
546 /* Ensure we ask for some initial credits. */
547 smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
548 }
549
550 username_used = *pp_username;
551 password_used = *pp_password;
552
553 creds = SMBC_auth_credentials(c,
554 context,
555 *pp_workgroup,
556 username_used,
557 password_used);
558 if (creds == NULL) {
559 cli_shutdown(c);
560 errno = ENOMEM;
561 return NULL;
562 }
563
564 status = cli_session_setup_creds(c, creds);
565 if (!NT_STATUS_IS_OK(status)) {
566
567 /* Failed. Try an anonymous login, if allowed by flags. */
568 username_used = "";
569 password_used = "";
570
571 if (smbc_getOptionNoAutoAnonymousLogin(context) ||
572 !NT_STATUS_IS_OK(cli_session_setup_anon(c))) {
573
574 cli_shutdown(c);
575 errno = EPERM;
576 return NULL;
577 }
578 }
579
580 DEBUG(4,(" session setup ok\n"));
581
582 /* here's the fun part....to support 'msdfs proxy' shares
583 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
584 here before trying to connect to the original share.
585 cli_check_msdfs_proxy() will fail if it is a normal share. */
586
587 if (smbXcli_conn_dfs_supported(c->conn) &&
588 cli_check_msdfs_proxy(ctx, c, share,
589 &newserver, &newshare,
590 creds)) {
591 cli_shutdown(c);
592 srv = SMBC_server_internal(ctx, context, connect_if_not_found,
593 newserver, port, newshare, pp_workgroup,
594 pp_username, pp_password, in_cache);
595 TALLOC_FREE(newserver);
596 TALLOC_FREE(newshare);
597 return srv;
598 }
599
600 /* must be a normal share */
601
602 status = cli_tree_connect_creds(c, share, "?????", creds);
603 if (!NT_STATUS_IS_OK(status)) {
604 cli_shutdown(c);
605 errno = map_errno_from_nt_status(status);
606 return NULL;
607 }
608
609 DEBUG(4,(" tconx ok\n"));
610
611 if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
612 tcon = c->smb2.tcon;
613 } else {
614 tcon = c->smb1.tcon;
615 }
616
617 /* Determine if this share supports case sensitivity */
618 if (is_ipc) {
619 DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
620 status = NT_STATUS_OK;
621 } else {
622 status = cli_get_fs_attr_info(c, &fs_attrs);
623 }
624
625 if (!NT_STATUS_IS_OK(status)) {
626 DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
627 nt_errstr(status)));
628
629 /*
630 * We can't determine the case sensitivity of the share. We
631 * have no choice but to use the user-specified case
632 * sensitivity setting.
633 */
634 if (smbc_getOptionCaseSensitive(context)) {
635 cli_set_case_sensitive(c, True);
636 } else {
637 cli_set_case_sensitive(c, False);
638 }
639 } else if (!is_ipc) {
640 DEBUG(4, ("Case sensitive: %s\n",
641 (fs_attrs & FILE_CASE_SENSITIVE_SEARCH
642 ? "True"
643 : "False")));
644 smbXcli_tcon_set_fs_attributes(tcon, fs_attrs);
645 }
646
647 /*
648 * Ok, we have got a nice connection
649 * Let's allocate a server structure.
650 */
651
652 srv = SMB_MALLOC_P(SMBCSRV);
653 if (!srv) {
654 cli_shutdown(c);
655 errno = ENOMEM;
656 return NULL;
657 }
658
659 ZERO_STRUCTP(srv);
660 DLIST_ADD(srv->cli, c);
661 srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
662 srv->no_pathinfo = False;
663 srv->no_pathinfo2 = False;
664 srv->no_pathinfo3 = False;
665 srv->no_nt_session = False;
666
667 done:
668 if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) {
669 workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
670 } else {
671 workgroup = *pp_workgroup;
672 }
673 if(!workgroup) {
674 if (c != NULL) {
675 cli_shutdown(c);
676 }
677 SAFE_FREE(srv);
678 return NULL;
679 }
680
681 /* set the credentials to make DFS work */
682 smbc_set_credentials_with_fallback(context,
683 workgroup,
684 *pp_username,
685 *pp_password);
686
687 return srv;
688 }
689
690 SMBCSRV *
691 SMBC_server(TALLOC_CTX *ctx,
692 SMBCCTX *context,
693 bool connect_if_not_found,
694 const char *server,
695 uint16_t port,
696 const char *share,
697 char **pp_workgroup,
698 char **pp_username,
699 char **pp_password)
700 {
701 SMBCSRV *srv=NULL;
702 bool in_cache = false;
703
704 srv = SMBC_server_internal(ctx, context, connect_if_not_found,
705 server, port, share, pp_workgroup,
706 pp_username, pp_password, &in_cache);
707
708 if (!srv) {
709 return NULL;
710 }
711 if (in_cache) {
712 return srv;
713 }
714
715 /* Now add it to the cache (internal or external) */
716 /* Let the cache function set errno if it wants to */
717 errno = 0;
718 if (smbc_getFunctionAddCachedServer(context)(context, srv,
719 server, share,
720 *pp_workgroup,
721 *pp_username)) {
722 int saved_errno = errno;
723 DEBUG(3, (" Failed to add server to cache\n"));
724 errno = saved_errno;
725 if (errno == 0) {
726 errno = ENOMEM;
727 }
728 SAFE_FREE(srv);
729 return NULL;
730 }
731
732 DEBUG(2, ("Server connect ok: //%s/%s: %p\n",
733 server, share, srv));
734
735 DLIST_ADD(context->internal->servers, srv);
736 return srv;
737 }
738
739 /*
740 * Connect to a server for getting/setting attributes, possibly on an existing
741 * connection. This works similarly to SMBC_server().
742 */
743 SMBCSRV *
744 SMBC_attr_server(TALLOC_CTX *ctx,
745 SMBCCTX *context,
746 const char *server,
747 uint16_t port,
748 const char *share,
749 char **pp_workgroup,
750 char **pp_username,
751 char **pp_password)
752 {
753 int flags;
754 struct cli_state *ipc_cli = NULL;
755 struct rpc_pipe_client *pipe_hnd = NULL;
756 NTSTATUS nt_status;
757 SMBCSRV *srv=NULL;
758 SMBCSRV *ipc_srv=NULL;
759
760 /*
761 * Use srv->cli->desthost and srv->cli->share instead of
762 * server and share below to connect to the actual share,
763 * i.e., a normal share or a referred share from
764 * 'msdfs proxy' share.
765 */
766 srv = SMBC_server(ctx, context, true, server, port, share,
767 pp_workgroup, pp_username, pp_password);
768 if (!srv) {
769 return NULL;
770 }
771 server = smbXcli_conn_remote_name(srv->cli->conn);
772 share = srv->cli->share;
773
774 /*
775 * See if we've already created this special connection. Reference
776 * our "special" share name '*IPC$', which is an impossible real share
777 * name due to the leading asterisk.
778 */
779 ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
780 pp_workgroup, pp_username, pp_password);
781 if (!ipc_srv) {
782 struct cli_credentials *creds = NULL;
783
784 /* We didn't find a cached connection. Get the password */
785 if (!*pp_password || (*pp_password)[0] == '\0') {
786 /* ... then retrieve it now. */
787 SMBC_call_auth_fn(ctx, context, server, share,
788 pp_workgroup,
789 pp_username,
790 pp_password);
791 if (!*pp_workgroup || !*pp_username || !*pp_password) {
792 errno = ENOMEM;
793 return NULL;
794 }
795 }
796
797 flags = 0;
798
799 creds = SMBC_auth_credentials(NULL,
800 context,
801 *pp_workgroup,
802 *pp_username,
803 *pp_password);
804 if (creds == NULL) {
805 errno = ENOMEM;
806 return NULL;
807 }
808
809 nt_status = cli_full_connection_creds(&ipc_cli,
810 lp_netbios_name(), server,
811 NULL, 0, "IPC$", "?????",
812 creds,
813 flags);
814 if (! NT_STATUS_IS_OK(nt_status)) {
815 TALLOC_FREE(creds);
816 DEBUG(1,("cli_full_connection failed! (%s)\n",
817 nt_errstr(nt_status)));
818 errno = ENOTSUP;
819 return NULL;
820 }
821 talloc_steal(ipc_cli, creds);
822
823 ipc_srv = SMB_MALLOC_P(SMBCSRV);
824 if (!ipc_srv) {
825 errno = ENOMEM;
826 cli_shutdown(ipc_cli);
827 return NULL;
828 }
829
830 ZERO_STRUCTP(ipc_srv);
831 DLIST_ADD(ipc_srv->cli, ipc_cli);
832
833 nt_status = cli_rpc_pipe_open_noauth(
834 ipc_srv->cli, &ndr_table_lsarpc, &pipe_hnd);
835 if (!NT_STATUS_IS_OK(nt_status)) {
836 DEBUG(1, ("cli_nt_session_open fail!\n"));
837 errno = ENOTSUP;
838 cli_shutdown(ipc_srv->cli);
839 free(ipc_srv);
840 return NULL;
841 }
842
843 /*
844 * Some systems don't support
845 * SEC_FLAG_MAXIMUM_ALLOWED, but NT sends 0x2000000
846 * so we might as well do it too.
847 */
848
849 nt_status = rpccli_lsa_open_policy(
850 pipe_hnd,
851 talloc_tos(),
852 True,
853 GENERIC_EXECUTE_ACCESS,
854 &ipc_srv->pol);
855
856 if (!NT_STATUS_IS_OK(nt_status)) {
857 errno = SMBC_errno(context, ipc_srv->cli);
858 cli_shutdown(ipc_srv->cli);
859 free(ipc_srv);
860 return NULL;
861 }
862
863 /* now add it to the cache (internal or external) */
864
865 errno = 0; /* let cache function set errno if it likes */
866 if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv,
867 server,
868 "*IPC$",
869 *pp_workgroup,
870 *pp_username)) {
871 DEBUG(3, (" Failed to add server to cache\n"));
872 if (errno == 0) {
873 errno = ENOMEM;
874 }
875 cli_shutdown(ipc_srv->cli);
876 free(ipc_srv);
877 return NULL;
878 }
879
880 DLIST_ADD(context->internal->servers, ipc_srv);
881 }
882
883 return ipc_srv;
884 }
Samba GIT mirror