search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix connect to port 139 only -- thanks gd for bugging me :-)
[Samba/gebeck_regimport.git] / source3 / libsmb / cliconnect.c
blob525c361bebfa3334882bbbfada05f637a7c5361b
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Andrew Bartlett 2001-2003
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22
23 static const struct {
24 int prot;
25 const char name[24];
26 } prots[10] = {
27 {PROTOCOL_CORE, "PC NETWORK PROGRAM 1.0"},
28 {PROTOCOL_COREPLUS, "MICROSOFT NETWORKS 1.03"},
29 {PROTOCOL_LANMAN1, "MICROSOFT NETWORKS 3.0"},
30 {PROTOCOL_LANMAN1, "LANMAN1.0"},
31 {PROTOCOL_LANMAN2, "LM1.2X002"},
32 {PROTOCOL_LANMAN2, "DOS LANMAN2.1"},
33 {PROTOCOL_LANMAN2, "LANMAN2.1"},
34 {PROTOCOL_LANMAN2, "Samba"},
35 {PROTOCOL_NT1, "NT LANMAN 1.0"},
36 {PROTOCOL_NT1, "NT LM 0.12"},
37 };
38
39 #define STAR_SMBSERVER "*SMBSERVER"
40
41 /**
42 * Set the user session key for a connection
43 * @param cli The cli structure to add it too
44 * @param session_key The session key used. (A copy of this is taken for the cli struct)
45 *
46 */
47
48 static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB session_key)
49 {
50 cli->user_session_key = data_blob(session_key.data, session_key.length);
51 }
52
53 /****************************************************************************
54 Do an old lanman2 style session setup.
55 ****************************************************************************/
56
57 static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
58 const char *user,
59 const char *pass, size_t passlen,
60 const char *workgroup)
61 {
62 DATA_BLOB session_key = data_blob_null;
63 DATA_BLOB lm_response = data_blob_null;
64 NTSTATUS status;
65 fstring pword;
66 char *p;
67
68 if (passlen > sizeof(pword)-1) {
69 return NT_STATUS_INVALID_PARAMETER;
70 }
71
72 /* LANMAN servers predate NT status codes and Unicode and ignore those
73 smb flags so we must disable the corresponding default capabilities
74 that would otherwise cause the Unicode and NT Status flags to be
75 set (and even returned by the server) */
76
77 cli->capabilities &= ~(CAP_UNICODE | CAP_STATUS32);
78
79 /* if in share level security then don't send a password now */
80 if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
81 passlen = 0;
82
83 if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) {
84 /* Encrypted mode needed, and non encrypted password supplied. */
85 lm_response = data_blob(NULL, 24);
86 if (!SMBencrypt(pass, cli->secblob.data,(uchar *)lm_response.data)) {
87 DEBUG(1, ("Password is > 14 chars in length, and is therefore incompatible with Lanman authentication\n"));
88 return NT_STATUS_ACCESS_DENIED;
89 }
90 } else if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen == 24) {
91 /* Encrypted mode needed, and encrypted password supplied. */
92 lm_response = data_blob(pass, passlen);
93 } else if (passlen > 0) {
94 /* Plaintext mode needed, assume plaintext supplied. */
95 passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
96 lm_response = data_blob(pass, passlen);
97 }
98
99 /* send a session setup command */
100 memset(cli->outbuf,'\0',smb_size);
101 cli_set_message(cli->outbuf,10, 0, True);
102 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
103 cli_setup_packet(cli);
104
105 SCVAL(cli->outbuf,smb_vwv0,0xFF);
106 SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
107 SSVAL(cli->outbuf,smb_vwv3,2);
108 SSVAL(cli->outbuf,smb_vwv4,1);
109 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
110 SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
111
112 p = smb_buf(cli->outbuf);
113 memcpy(p,lm_response.data,lm_response.length);
114 p += lm_response.length;
115 p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER);
116 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
117 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
118 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
119 cli_setup_bcc(cli, p);
120
121 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
122 return cli_nt_error(cli);
123 }
124
125 show_msg(cli->inbuf);
126
127 if (cli_is_error(cli)) {
128 return cli_nt_error(cli);
129 }
130
131 /* use the returned vuid from now on */
132 cli->vuid = SVAL(cli->inbuf,smb_uid);
133 status = cli_set_username(cli, user);
134 if (!NT_STATUS_IS_OK(status)) {
135 return status;
136 }
137
138 if (session_key.data) {
139 /* Have plaintext orginal */
140 cli_set_session_key(cli, session_key);
141 }
142
143 return NT_STATUS_OK;
144 }
145
146 /****************************************************************************
147 Work out suitable capabilities to offer the server.
148 ****************************************************************************/
149
150 static uint32 cli_session_setup_capabilities(struct cli_state *cli)
151 {
152 uint32 capabilities = CAP_NT_SMBS;
153
154 if (!cli->force_dos_errors)
155 capabilities |= CAP_STATUS32;
156
157 if (cli->use_level_II_oplocks)
158 capabilities |= CAP_LEVEL_II_OPLOCKS;
159
160 capabilities |= (cli->capabilities & (CAP_UNICODE|CAP_LARGE_FILES|CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_DFS));
161 return capabilities;
162 }
163
164 /****************************************************************************
165 Do a NT1 guest session setup.
166 ****************************************************************************/
167
168 struct async_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
169 struct event_context *ev,
170 struct cli_state *cli)
171 {
172 struct async_req *result;
173 uint16_t vwv[13];
174 uint8_t *bytes;
175
176 SCVAL(vwv+0, 0, 0xFF);
177 SCVAL(vwv+0, 1, 0);
178 SSVAL(vwv+1, 0, 0);
179 SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
180 SSVAL(vwv+3, 0, 2);
181 SSVAL(vwv+4, 0, cli->pid);
182 SIVAL(vwv+5, 0, cli->sesskey);
183 SSVAL(vwv+7, 0, 0);
184 SSVAL(vwv+8, 0, 0);
185 SSVAL(vwv+9, 0, 0);
186 SSVAL(vwv+10, 0, 0);
187 SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
188
189 bytes = talloc_array(talloc_tos(), uint8_t, 0);
190
191 bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* username */
192 NULL);
193 bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* workgroup */
194 NULL);
195 bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", 5, NULL);
196 bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", 6, NULL);
197
198 if (bytes == NULL) {
199 return NULL;
200 }
201
202 result = cli_request_send(mem_ctx, ev, cli, SMBsesssetupX, 0,
203 13, vwv, 0, talloc_get_size(bytes), bytes);
204 TALLOC_FREE(bytes);
205 return result;
206 }
207
208 NTSTATUS cli_session_setup_guest_recv(struct async_req *req)
209 {
210 struct cli_request *cli_req = talloc_get_type_abort(
211 req->private_data, struct cli_request);
212 struct cli_state *cli = cli_req->cli;
213 uint8_t wct;
214 uint16_t *vwv;
215 uint16_t num_bytes;
216 uint8_t *bytes;
217 uint8_t *p;
218 NTSTATUS status;
219
220 if (async_req_is_nterror(req, &status)) {
221 return status;
222 }
223
224 status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes);
225 if (!NT_STATUS_IS_OK(status)) {
226 return status;
227 }
228
229 p = bytes;
230
231 cli->vuid = SVAL(cli_req->inbuf, smb_uid);
232
233 p += clistr_pull(cli_req->inbuf, cli->server_os, (char *)p,
234 sizeof(fstring), bytes+num_bytes-p, STR_TERMINATE);
235 p += clistr_pull(cli_req->inbuf, cli->server_type, (char *)p,
236 sizeof(fstring), bytes+num_bytes-p, STR_TERMINATE);
237 p += clistr_pull(cli_req->inbuf, cli->server_domain, (char *)p,
238 sizeof(fstring), bytes+num_bytes-p, STR_TERMINATE);
239
240 if (strstr(cli->server_type, "Samba")) {
241 cli->is_samba = True;
242 }
243
244 status = cli_set_username(cli, "");
245 if (!NT_STATUS_IS_OK(status)) {
246 return status;
247 }
248
249 return NT_STATUS_OK;
250 }
251
252 static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
253 {
254 TALLOC_CTX *frame = talloc_stackframe();
255 struct event_context *ev;
256 struct async_req *req;
257 NTSTATUS status;
258
259 if (cli->fd_event != NULL) {
260 /*
261 * Can't use sync call while an async call is in flight
262 */
263 status = NT_STATUS_INVALID_PARAMETER;
264 goto fail;
265 }
266
267 ev = event_context_init(frame);
268 if (ev == NULL) {
269 status = NT_STATUS_NO_MEMORY;
270 goto fail;
271 }
272
273 req = cli_session_setup_guest_send(frame, ev, cli);
274 if (req == NULL) {
275 status = NT_STATUS_NO_MEMORY;
276 goto fail;
277 }
278
279 while (req->state < ASYNC_REQ_DONE) {
280 event_loop_once(ev);
281 }
282
283 status = cli_session_setup_guest_recv(req);
284 fail:
285 TALLOC_FREE(frame);
286 return status;
287 }
288
289 /****************************************************************************
290 Do a NT1 plaintext session setup.
291 ****************************************************************************/
292
293 static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
294 const char *user, const char *pass,
295 const char *workgroup)
296 {
297 uint32 capabilities = cli_session_setup_capabilities(cli);
298 char *p;
299 NTSTATUS status;
300 fstring lanman;
301
302 fstr_sprintf( lanman, "Samba %s", samba_version_string());
303
304 memset(cli->outbuf, '\0', smb_size);
305 cli_set_message(cli->outbuf,13,0,True);
306 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
307 cli_setup_packet(cli);
308
309 SCVAL(cli->outbuf,smb_vwv0,0xFF);
310 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
311 SSVAL(cli->outbuf,smb_vwv3,2);
312 SSVAL(cli->outbuf,smb_vwv4,cli->pid);
313 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
314 SSVAL(cli->outbuf,smb_vwv8,0);
315 SIVAL(cli->outbuf,smb_vwv11,capabilities);
316 p = smb_buf(cli->outbuf);
317
318 /* check wether to send the ASCII or UNICODE version of the password */
319
320 if ( (capabilities & CAP_UNICODE) == 0 ) {
321 p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
322 SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
323 }
324 else {
325 /* For ucs2 passwords clistr_push calls ucs2_align, which causes
326 * the space taken by the unicode password to be one byte too
327 * long (as we're on an odd byte boundary here). Reduce the
328 * count by 1 to cope with this. Fixes smbclient against NetApp
329 * servers which can't cope. Fix from
330 * bryan.kolodziej@allenlund.com in bug #3840.
331 */
332 p += clistr_push(cli, p, pass, -1, STR_UNICODE|STR_TERMINATE); /* unicode password */
333 SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf))-1);
334 }
335
336 p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
337 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
338 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
339 p += clistr_push(cli, p, lanman, -1, STR_TERMINATE);
340 cli_setup_bcc(cli, p);
341
342 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
343 return cli_nt_error(cli);
344 }
345
346 show_msg(cli->inbuf);
347
348 if (cli_is_error(cli)) {
349 return cli_nt_error(cli);
350 }
351
352 cli->vuid = SVAL(cli->inbuf,smb_uid);
353 p = smb_buf(cli->inbuf);
354 p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
355 -1, STR_TERMINATE);
356 p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
357 -1, STR_TERMINATE);
358 p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
359 -1, STR_TERMINATE);
360 status = cli_set_username(cli, user);
361 if (!NT_STATUS_IS_OK(status)) {
362 return status;
363 }
364 if (strstr(cli->server_type, "Samba")) {
365 cli->is_samba = True;
366 }
367
368 return NT_STATUS_OK;
369 }
370
371 /****************************************************************************
372 do a NT1 NTLM/LM encrypted session setup - for when extended security
373 is not negotiated.
374 @param cli client state to create do session setup on
375 @param user username
376 @param pass *either* cleartext password (passlen !=24) or LM response.
377 @param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
378 @param workgroup The user's domain.
379 ****************************************************************************/
380
381 static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
382 const char *pass, size_t passlen,
383 const char *ntpass, size_t ntpasslen,
384 const char *workgroup)
385 {
386 uint32 capabilities = cli_session_setup_capabilities(cli);
387 DATA_BLOB lm_response = data_blob_null;
388 DATA_BLOB nt_response = data_blob_null;
389 DATA_BLOB session_key = data_blob_null;
390 NTSTATUS result;
391 char *p;
392 bool ok;
393
394 if (passlen == 0) {
395 /* do nothing - guest login */
396 } else if (passlen != 24) {
397 if (lp_client_ntlmv2_auth()) {
398 DATA_BLOB server_chal;
399 DATA_BLOB names_blob;
400 server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8));
401
402 /* note that the 'workgroup' here is a best guess - we don't know
403 the server's domain at this point. The 'server name' is also
404 dodgy...
405 */
406 names_blob = NTLMv2_generate_names_blob(cli->called.name, workgroup);
407
408 if (!SMBNTLMv2encrypt(user, workgroup, pass, &server_chal,
409 &names_blob,
410 &lm_response, &nt_response, &session_key)) {
411 data_blob_free(&names_blob);
412 data_blob_free(&server_chal);
413 return NT_STATUS_ACCESS_DENIED;
414 }
415 data_blob_free(&names_blob);
416 data_blob_free(&server_chal);
417
418 } else {
419 uchar nt_hash[16];
420 E_md4hash(pass, nt_hash);
421
422 #ifdef LANMAN_ONLY
423 nt_response = data_blob_null;
424 #else
425 nt_response = data_blob(NULL, 24);
426 SMBNTencrypt(pass,cli->secblob.data,nt_response.data);
427 #endif
428 /* non encrypted password supplied. Ignore ntpass. */
429 if (lp_client_lanman_auth()) {
430 lm_response = data_blob(NULL, 24);
431 if (!SMBencrypt(pass,cli->secblob.data, lm_response.data)) {
432 /* Oops, the LM response is invalid, just put
433 the NT response there instead */
434 data_blob_free(&lm_response);
435 lm_response = data_blob(nt_response.data, nt_response.length);
436 }
437 } else {
438 /* LM disabled, place NT# in LM field instead */
439 lm_response = data_blob(nt_response.data, nt_response.length);
440 }
441
442 session_key = data_blob(NULL, 16);
443 #ifdef LANMAN_ONLY
444 E_deshash(pass, session_key.data);
445 memset(&session_key.data[8], '\0', 8);
446 #else
447 SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
448 #endif
449 }
450 cli_temp_set_signing(cli);
451 } else {
452 /* pre-encrypted password supplied. Only used for
453 security=server, can't do
454 signing because we don't have original key */
455
456 lm_response = data_blob(pass, passlen);
457 nt_response = data_blob(ntpass, ntpasslen);
458 }
459
460 /* send a session setup command */
461 memset(cli->outbuf,'\0',smb_size);
462
463 cli_set_message(cli->outbuf,13,0,True);
464 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
465 cli_setup_packet(cli);
466
467 SCVAL(cli->outbuf,smb_vwv0,0xFF);
468 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
469 SSVAL(cli->outbuf,smb_vwv3,2);
470 SSVAL(cli->outbuf,smb_vwv4,cli->pid);
471 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
472 SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
473 SSVAL(cli->outbuf,smb_vwv8,nt_response.length);
474 SIVAL(cli->outbuf,smb_vwv11,capabilities);
475 p = smb_buf(cli->outbuf);
476 if (lm_response.length) {
477 memcpy(p,lm_response.data, lm_response.length); p += lm_response.length;
478 }
479 if (nt_response.length) {
480 memcpy(p,nt_response.data, nt_response.length); p += nt_response.length;
481 }
482 p += clistr_push(cli, p, user, -1, STR_TERMINATE);
483
484 /* Upper case here might help some NTLMv2 implementations */
485 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
486 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
487 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
488 cli_setup_bcc(cli, p);
489
490 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
491 result = cli_nt_error(cli);
492 goto end;
493 }
494
495 /* show_msg(cli->inbuf); */
496
497 if (cli_is_error(cli)) {
498 result = cli_nt_error(cli);
499 goto end;
500 }
501
502 #ifdef LANMAN_ONLY
503 ok = cli_simple_set_signing(cli, session_key, lm_response);
504 #else
505 ok = cli_simple_set_signing(cli, session_key, nt_response);
506 #endif
507 if (ok) {
508 /* 'resign' the last message, so we get the right sequence numbers
509 for checking the first reply from the server */
510 cli_calculate_sign_mac(cli, cli->outbuf);
511
512 if (!cli_check_sign_mac(cli, cli->inbuf)) {
513 result = NT_STATUS_ACCESS_DENIED;
514 goto end;
515 }
516 }
517
518 /* use the returned vuid from now on */
519 cli->vuid = SVAL(cli->inbuf,smb_uid);
520
521 p = smb_buf(cli->inbuf);
522 p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
523 -1, STR_TERMINATE);
524 p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
525 -1, STR_TERMINATE);
526 p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
527 -1, STR_TERMINATE);
528
529 if (strstr(cli->server_type, "Samba")) {
530 cli->is_samba = True;
531 }
532
533 result = cli_set_username(cli, user);
534 if (!NT_STATUS_IS_OK(result)) {
535 goto end;
536 }
537
538 if (session_key.data) {
539 /* Have plaintext orginal */
540 cli_set_session_key(cli, session_key);
541 }
542
543 result = NT_STATUS_OK;
544 end:
545 data_blob_free(&lm_response);
546 data_blob_free(&nt_response);
547 data_blob_free(&session_key);
548 return result;
549 }
550
551 /****************************************************************************
552 Send a extended security session setup blob
553 ****************************************************************************/
554
555 static bool cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
556 {
557 uint32 capabilities = cli_session_setup_capabilities(cli);
558 char *p;
559
560 capabilities |= CAP_EXTENDED_SECURITY;
561
562 /* send a session setup command */
563 memset(cli->outbuf,'\0',smb_size);
564
565 cli_set_message(cli->outbuf,12,0,True);
566 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
567
568 cli_setup_packet(cli);
569
570 SCVAL(cli->outbuf,smb_vwv0,0xFF);
571 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
572 SSVAL(cli->outbuf,smb_vwv3,2);
573 SSVAL(cli->outbuf,smb_vwv4,1);
574 SIVAL(cli->outbuf,smb_vwv5,0);
575 SSVAL(cli->outbuf,smb_vwv7,blob.length);
576 SIVAL(cli->outbuf,smb_vwv10,capabilities);
577 p = smb_buf(cli->outbuf);
578 memcpy(p, blob.data, blob.length);
579 p += blob.length;
580 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
581 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
582 cli_setup_bcc(cli, p);
583 return cli_send_smb(cli);
584 }
585
586 /****************************************************************************
587 Send a extended security session setup blob, returning a reply blob.
588 ****************************************************************************/
589
590 static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
591 {
592 DATA_BLOB blob2 = data_blob_null;
593 char *p;
594 size_t len;
595
596 if (!cli_receive_smb(cli))
597 return blob2;
598
599 show_msg(cli->inbuf);
600
601 if (cli_is_error(cli) && !NT_STATUS_EQUAL(cli_nt_error(cli),
602 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
603 return blob2;
604 }
605
606 /* use the returned vuid from now on */
607 cli->vuid = SVAL(cli->inbuf,smb_uid);
608
609 p = smb_buf(cli->inbuf);
610
611 blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
612
613 p += blob2.length;
614 p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
615 -1, STR_TERMINATE);
616
617 /* w2k with kerberos doesn't properly null terminate this field */
618 len = smb_bufrem(cli->inbuf, p);
619 p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
620 len, 0);
621
622 return blob2;
623 }
624
625 #ifdef HAVE_KRB5
626 /****************************************************************************
627 Send a extended security session setup blob, returning a reply blob.
628 ****************************************************************************/
629
630 /* The following is calculated from :
631 * (smb_size-4) = 35
632 * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
633 * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
634 * end of packet.
635 */
636
637 #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
638
639 static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
640 {
641 int32 remaining = blob.length;
642 int32 cur = 0;
643 DATA_BLOB send_blob = data_blob_null;
644 int32 max_blob_size = 0;
645 DATA_BLOB receive_blob = data_blob_null;
646
647 if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
648 DEBUG(0,("cli_session_setup_blob: cli->max_xmit too small "
649 "(was %u, need minimum %u)\n",
650 (unsigned int)cli->max_xmit,
651 BASE_SESSSETUP_BLOB_PACKET_SIZE));
652 cli_set_nt_error(cli, NT_STATUS_INVALID_PARAMETER);
653 return False;
654 }
655
656 max_blob_size = cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE;
657
658 while ( remaining > 0) {
659 if (remaining >= max_blob_size) {
660 send_blob.length = max_blob_size;
661 remaining -= max_blob_size;
662 } else {
663 send_blob.length = remaining;
664 remaining = 0;
665 }
666
667 send_blob.data = &blob.data[cur];
668 cur += send_blob.length;
669
670 DEBUG(10, ("cli_session_setup_blob: Remaining (%u) sending (%u) current (%u)\n",
671 (unsigned int)remaining,
672 (unsigned int)send_blob.length,
673 (unsigned int)cur ));
674
675 if (!cli_session_setup_blob_send(cli, send_blob)) {
676 DEBUG(0, ("cli_session_setup_blob: send failed\n"));
677 return False;
678 }
679
680 receive_blob = cli_session_setup_blob_receive(cli);
681 data_blob_free(&receive_blob);
682
683 if (cli_is_error(cli) &&
684 !NT_STATUS_EQUAL( cli_get_nt_error(cli),
685 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
686 DEBUG(0, ("cli_session_setup_blob: receive failed "
687 "(%s)\n", nt_errstr(cli_get_nt_error(cli))));
688 cli->vuid = 0;
689 return False;
690 }
691 }
692
693 return True;
694 }
695
696 /****************************************************************************
697 Use in-memory credentials cache
698 ****************************************************************************/
699
700 static void use_in_memory_ccache(void) {
701 setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
702 }
703
704 /****************************************************************************
705 Do a spnego/kerberos encrypted session setup.
706 ****************************************************************************/
707
708 static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *principal, const char *workgroup)
709 {
710 DATA_BLOB negTokenTarg;
711 DATA_BLOB session_key_krb5;
712 NTSTATUS nt_status;
713 int rc;
714
715 cli_temp_set_signing(cli);
716
717 DEBUG(2,("Doing kerberos session setup\n"));
718
719 /* generate the encapsulated kerberos5 ticket */
720 rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5, 0, NULL);
721
722 if (rc) {
723 DEBUG(1, ("cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: %s\n",
724 error_message(rc)));
725 return ADS_ERROR_KRB5(rc);
726 }
727
728 #if 0
729 file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
730 #endif
731
732 if (!cli_session_setup_blob(cli, negTokenTarg)) {
733 nt_status = cli_nt_error(cli);
734 goto nt_error;
735 }
736
737 if (cli_is_error(cli)) {
738 nt_status = cli_nt_error(cli);
739 if (NT_STATUS_IS_OK(nt_status)) {
740 nt_status = NT_STATUS_UNSUCCESSFUL;
741 }
742 goto nt_error;
743 }
744
745 cli_set_session_key(cli, session_key_krb5);
746
747 if (cli_simple_set_signing(
748 cli, session_key_krb5, data_blob_null)) {
749
750 /* 'resign' the last message, so we get the right sequence numbers
751 for checking the first reply from the server */
752 cli_calculate_sign_mac(cli, cli->outbuf);
753
754 if (!cli_check_sign_mac(cli, cli->inbuf)) {
755 nt_status = NT_STATUS_ACCESS_DENIED;
756 goto nt_error;
757 }
758 }
759
760 data_blob_free(&negTokenTarg);
761 data_blob_free(&session_key_krb5);
762
763 return ADS_ERROR_NT(NT_STATUS_OK);
764
765 nt_error:
766 data_blob_free(&negTokenTarg);
767 data_blob_free(&session_key_krb5);
768 cli->vuid = 0;
769 return ADS_ERROR_NT(nt_status);
770 }
771 #endif /* HAVE_KRB5 */
772
773
774 /****************************************************************************
775 Do a spnego/NTLMSSP encrypted session setup.
776 ****************************************************************************/
777
778 static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
779 const char *pass, const char *domain)
780 {
781 struct ntlmssp_state *ntlmssp_state;
782 NTSTATUS nt_status;
783 int turn = 1;
784 DATA_BLOB msg1;
785 DATA_BLOB blob = data_blob_null;
786 DATA_BLOB blob_in = data_blob_null;
787 DATA_BLOB blob_out = data_blob_null;
788
789 cli_temp_set_signing(cli);
790
791 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
792 return nt_status;
793 }
794 ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
795
796 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
797 return nt_status;
798 }
799 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
800 return nt_status;
801 }
802 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, pass))) {
803 return nt_status;
804 }
805
806 do {
807 nt_status = ntlmssp_update(ntlmssp_state,
808 blob_in, &blob_out);
809 data_blob_free(&blob_in);
810 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(nt_status)) {
811 if (turn == 1) {
812 /* and wrap it in a SPNEGO wrapper */
813 msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
814 } else {
815 /* wrap it in SPNEGO */
816 msg1 = spnego_gen_auth(blob_out);
817 }
818
819 /* now send that blob on its way */
820 if (!cli_session_setup_blob_send(cli, msg1)) {
821 DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n"));
822 nt_status = NT_STATUS_UNSUCCESSFUL;
823 } else {
824 blob = cli_session_setup_blob_receive(cli);
825
826 nt_status = cli_nt_error(cli);
827 if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) {
828 if (cli->smb_rw_error == SMB_READ_BAD_SIG) {
829 nt_status = NT_STATUS_ACCESS_DENIED;
830 } else {
831 nt_status = NT_STATUS_UNSUCCESSFUL;
832 }
833 }
834 }
835 data_blob_free(&msg1);
836 }
837
838 if (!blob.length) {
839 if (NT_STATUS_IS_OK(nt_status)) {
840 nt_status = NT_STATUS_UNSUCCESSFUL;
841 }
842 } else if ((turn == 1) &&
843 NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
844 DATA_BLOB tmp_blob = data_blob_null;
845 /* the server might give us back two challenges */
846 if (!spnego_parse_challenge(blob, &blob_in,
847 &tmp_blob)) {
848 DEBUG(3,("Failed to parse challenges\n"));
849 nt_status = NT_STATUS_INVALID_PARAMETER;
850 }
851 data_blob_free(&tmp_blob);
852 } else {
853 if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP,
854 &blob_in)) {
855 DEBUG(3,("Failed to parse auth response\n"));
856 if (NT_STATUS_IS_OK(nt_status)
857 || NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED))
858 nt_status = NT_STATUS_INVALID_PARAMETER;
859 }
860 }
861 data_blob_free(&blob);
862 data_blob_free(&blob_out);
863 turn++;
864 } while (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED));
865
866 data_blob_free(&blob_in);
867
868 if (NT_STATUS_IS_OK(nt_status)) {
869
870 fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
871 cli_set_session_key(cli, ntlmssp_state->session_key);
872
873 if (cli_simple_set_signing(
874 cli, ntlmssp_state->session_key, data_blob_null)) {
875
876 /* 'resign' the last message, so we get the right sequence numbers
877 for checking the first reply from the server */
878 cli_calculate_sign_mac(cli, cli->outbuf);
879
880 if (!cli_check_sign_mac(cli, cli->inbuf)) {
881 nt_status = NT_STATUS_ACCESS_DENIED;
882 }
883 }
884 }
885
886 /* we have a reference conter on ntlmssp_state, if we are signing
887 then the state will be kept by the signing engine */
888
889 ntlmssp_end(&ntlmssp_state);
890
891 if (!NT_STATUS_IS_OK(nt_status)) {
892 cli->vuid = 0;
893 }
894 return nt_status;
895 }
896
897 /****************************************************************************
898 Do a spnego encrypted session setup.
899
900 user_domain: The shortname of the domain the user/machine is a member of.
901 dest_realm: The realm we're connecting to, if NULL we use our default realm.
902 ****************************************************************************/
903
904 ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
905 const char *pass, const char *user_domain,
906 const char * dest_realm)
907 {
908 char *principal = NULL;
909 char *OIDs[ASN1_MAX_OIDS];
910 int i;
911 DATA_BLOB blob;
912 const char *p = NULL;
913 char *account = NULL;
914 NTSTATUS status;
915
916 DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
917
918 /* the server might not even do spnego */
919 if (cli->secblob.length <= 16) {
920 DEBUG(3,("server didn't supply a full spnego negprot\n"));
921 goto ntlmssp;
922 }
923
924 #if 0
925 file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
926 #endif
927
928 /* there is 16 bytes of GUID before the real spnego packet starts */
929 blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
930
931 /* The server sent us the first part of the SPNEGO exchange in the
932 * negprot reply. It is WRONG to depend on the principal sent in the
933 * negprot reply, but right now we do it. If we don't receive one,
934 * we try to best guess, then fall back to NTLM. */
935 if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
936 data_blob_free(&blob);
937 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
938 }
939 data_blob_free(&blob);
940
941 /* make sure the server understands kerberos */
942 for (i=0;OIDs[i];i++) {
943 DEBUG(3,("got OID=%s\n", OIDs[i]));
944 if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
945 strcmp(OIDs[i], OID_KERBEROS5) == 0) {
946 cli->got_kerberos_mechanism = True;
947 }
948 talloc_free(OIDs[i]);
949 }
950
951 DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
952
953 status = cli_set_username(cli, user);
954 if (!NT_STATUS_IS_OK(status)) {
955 return ADS_ERROR_NT(status);
956 }
957
958 #ifdef HAVE_KRB5
959 /* If password is set we reauthenticate to kerberos server
960 * and do not store results */
961
962 if (cli->got_kerberos_mechanism && cli->use_kerberos) {
963 ADS_STATUS rc;
964
965 if (pass && *pass) {
966 int ret;
967
968 use_in_memory_ccache();
969 ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
970
971 if (ret){
972 TALLOC_FREE(principal);
973 DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
974 if (cli->fallback_after_kerberos)
975 goto ntlmssp;
976 return ADS_ERROR_KRB5(ret);
977 }
978 }
979
980 /* If we get a bad principal, try to guess it if
981 we have a valid host NetBIOS name.
982 */
983 if (strequal(principal, ADS_IGNORE_PRINCIPAL)) {
984 TALLOC_FREE(principal);
985 }
986
987 if (principal == NULL &&
988 !is_ipaddress(cli->desthost) &&
989 !strequal(STAR_SMBSERVER,
990 cli->desthost)) {
991 char *realm = NULL;
992 char *machine = NULL;
993 char *host = NULL;
994 DEBUG(3,("cli_session_setup_spnego: got a "
995 "bad server principal, trying to guess ...\n"));
996
997 host = strchr_m(cli->desthost, '.');
998 if (host) {
999 machine = SMB_STRNDUP(cli->desthost,
1000 host - cli->desthost);
1001 } else {
1002 machine = SMB_STRDUP(cli->desthost);
1003 }
1004 if (machine == NULL) {
1005 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1006 }
1007
1008 if (dest_realm) {
1009 realm = SMB_STRDUP(dest_realm);
1010 strupper_m(realm);
1011 } else {
1012 realm = kerberos_get_default_realm_from_ccache();
1013 }
1014 if (realm && *realm) {
1015 principal = talloc_asprintf(NULL, "%s$@%s",
1016 machine, realm);
1017 if (!principal) {
1018 SAFE_FREE(machine);
1019 SAFE_FREE(realm);
1020 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1021 }
1022 DEBUG(3,("cli_session_setup_spnego: guessed "
1023 "server principal=%s\n",
1024 principal ? principal : "<null>"));
1025 }
1026 SAFE_FREE(machine);
1027 SAFE_FREE(realm);
1028 }
1029
1030 if (principal) {
1031 rc = cli_session_setup_kerberos(cli, principal,
1032 dest_realm);
1033 if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
1034 TALLOC_FREE(principal);
1035 return rc;
1036 }
1037 }
1038 }
1039 #endif
1040
1041 TALLOC_FREE(principal);
1042
1043 ntlmssp:
1044
1045 account = talloc_strdup(talloc_tos(), user);
1046 if (!account) {
1047 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1048 }
1049
1050 /* when falling back to ntlmssp while authenticating with a machine
1051 * account strip off the realm - gd */
1052
1053 if ((p = strchr_m(user, '@')) != NULL) {
1054 account[PTR_DIFF(p,user)] = '\0';
1055 }
1056
1057 return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, user_domain));
1058 }
1059
1060 /****************************************************************************
1061 Send a session setup. The username and workgroup is in UNIX character
1062 format and must be converted to DOS codepage format before sending. If the
1063 password is in plaintext, the same should be done.
1064 ****************************************************************************/
1065
1066 NTSTATUS cli_session_setup(struct cli_state *cli,
1067 const char *user,
1068 const char *pass, int passlen,
1069 const char *ntpass, int ntpasslen,
1070 const char *workgroup)
1071 {
1072 char *p;
1073 fstring user2;
1074
1075 if (user) {
1076 fstrcpy(user2, user);
1077 } else {
1078 user2[0] ='\0';
1079 }
1080
1081 if (!workgroup) {
1082 workgroup = "";
1083 }
1084
1085 /* allow for workgroups as part of the username */
1086 if ((p=strchr_m(user2,'\\')) || (p=strchr_m(user2,'/')) ||
1087 (p=strchr_m(user2,*lp_winbind_separator()))) {
1088 *p = 0;
1089 user = p+1;
1090 workgroup = user2;
1091 }
1092
1093 if (cli->protocol < PROTOCOL_LANMAN1) {
1094 return NT_STATUS_OK;
1095 }
1096
1097 /* now work out what sort of session setup we are going to
1098 do. I have split this into separate functions to make the
1099 flow a bit easier to understand (tridge) */
1100
1101 /* if its an older server then we have to use the older request format */
1102
1103 if (cli->protocol < PROTOCOL_NT1) {
1104 if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
1105 DEBUG(1, ("Server requested LM password but 'client lanman auth'"
1106 " is disabled\n"));
1107 return NT_STATUS_ACCESS_DENIED;
1108 }
1109
1110 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
1111 !lp_client_plaintext_auth() && (*pass)) {
1112 DEBUG(1, ("Server requested plaintext password but "
1113 "'client plaintext auth' is disabled\n"));
1114 return NT_STATUS_ACCESS_DENIED;
1115 }
1116
1117 return cli_session_setup_lanman2(cli, user, pass, passlen,
1118 workgroup);
1119 }
1120
1121 /* if no user is supplied then we have to do an anonymous connection.
1122 passwords are ignored */
1123
1124 if (!user || !*user)
1125 return cli_session_setup_guest(cli);
1126
1127 /* if the server is share level then send a plaintext null
1128 password at this point. The password is sent in the tree
1129 connect */
1130
1131 if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
1132 return cli_session_setup_plaintext(cli, user, "", workgroup);
1133
1134 /* if the server doesn't support encryption then we have to use
1135 plaintext. The second password is ignored */
1136
1137 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
1138 if (!lp_client_plaintext_auth() && (*pass)) {
1139 DEBUG(1, ("Server requested plaintext password but "
1140 "'client plaintext auth' is disabled\n"));
1141 return NT_STATUS_ACCESS_DENIED;
1142 }
1143 return cli_session_setup_plaintext(cli, user, pass, workgroup);
1144 }
1145
1146 /* if the server supports extended security then use SPNEGO */
1147
1148 if (cli->capabilities & CAP_EXTENDED_SECURITY) {
1149 ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
1150 workgroup, NULL);
1151 if (!ADS_ERR_OK(status)) {
1152 DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
1153 return ads_ntstatus(status);
1154 }
1155 } else {
1156 NTSTATUS status;
1157
1158 /* otherwise do a NT1 style session setup */
1159 status = cli_session_setup_nt1(cli, user, pass, passlen,
1160 ntpass, ntpasslen, workgroup);
1161 if (!NT_STATUS_IS_OK(status)) {
1162 DEBUG(3,("cli_session_setup: NT1 session setup "
1163 "failed: %s\n", nt_errstr(status)));
1164 return status;
1165 }
1166 }
1167
1168 if (strstr(cli->server_type, "Samba")) {
1169 cli->is_samba = True;
1170 }
1171
1172 return NT_STATUS_OK;
1173 }
1174
1175 /****************************************************************************
1176 Send a uloggoff.
1177 *****************************************************************************/
1178
1179 bool cli_ulogoff(struct cli_state *cli)
1180 {
1181 memset(cli->outbuf,'\0',smb_size);
1182 cli_set_message(cli->outbuf,2,0,True);
1183 SCVAL(cli->outbuf,smb_com,SMBulogoffX);
1184 cli_setup_packet(cli);
1185 SSVAL(cli->outbuf,smb_vwv0,0xFF);
1186 SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */
1187
1188 cli_send_smb(cli);
1189 if (!cli_receive_smb(cli))
1190 return False;
1191
1192 if (cli_is_error(cli)) {
1193 return False;
1194 }
1195
1196 cli->cnum = -1;
1197 return True;
1198 }
1199
1200 /****************************************************************************
1201 Send a tconX.
1202 ****************************************************************************/
1203
1204 struct async_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
1205 struct event_context *ev,
1206 struct cli_state *cli,
1207 const char *share, const char *dev,
1208 const char *pass, int passlen)
1209 {
1210 fstring pword;
1211 char *tmp = NULL;
1212 struct async_req *result;
1213 uint16_t vwv[4];
1214 uint8_t *bytes;
1215
1216 fstrcpy(cli->share, share);
1217
1218 /* in user level security don't send a password now */
1219 if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
1220 passlen = 1;
1221 pass = "";
1222 } else if (pass == NULL) {
1223 DEBUG(1, ("Server not using user level security and no "
1224 "password supplied.\n"));
1225 goto access_denied;
1226 }
1227
1228 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
1229 *pass && passlen != 24) {
1230 if (!lp_client_lanman_auth()) {
1231 DEBUG(1, ("Server requested LANMAN password "
1232 "(share-level security) but "
1233 "'client lanman auth' is disabled\n"));
1234 goto access_denied;
1235 }
1236
1237 /*
1238 * Non-encrypted passwords - convert to DOS codepage before
1239 * encryption.
1240 */
1241 passlen = 24;
1242 SMBencrypt(pass, cli->secblob.data, (uchar *)pword);
1243 } else {
1244 if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL
1245 |NEGOTIATE_SECURITY_CHALLENGE_RESPONSE))
1246 == 0) {
1247 if (!lp_client_plaintext_auth() && (*pass)) {
1248 DEBUG(1, ("Server requested plaintext "
1249 "password but 'client plaintext "
1250 "auth' is disabled\n"));
1251 goto access_denied;
1252 }
1253
1254 /*
1255 * Non-encrypted passwords - convert to DOS codepage
1256 * before using.
1257 */
1258 passlen = clistr_push(cli, pword, pass, sizeof(pword),
1259 STR_TERMINATE);
1260 if (passlen == -1) {
1261 DEBUG(1, ("clistr_push(pword) failed\n"));
1262 goto access_denied;
1263 }
1264 } else {
1265 if (passlen) {
1266 memcpy(pword, pass, passlen);
1267 }
1268 }
1269 }
1270
1271 SCVAL(vwv+0, 0, 0xFF);
1272 SCVAL(vwv+0, 1, 0);
1273 SSVAL(vwv+1, 0, 0);
1274 SSVAL(vwv+2, 0, TCONX_FLAG_EXTENDED_RESPONSE);
1275 SSVAL(vwv+3, 0, passlen);
1276
1277 if (passlen) {
1278 bytes = (uint8_t *)talloc_memdup(talloc_tos(), pword, passlen);
1279 } else {
1280 bytes = talloc_array(talloc_tos(), uint8_t, 0);
1281 }
1282
1283 /*
1284 * Add the sharename
1285 */
1286 tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s",
1287 cli->desthost, share);
1288 if (tmp == NULL) {
1289 TALLOC_FREE(bytes);
1290 return NULL;
1291 }
1292 bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), tmp, strlen(tmp)+1,
1293 NULL);
1294 TALLOC_FREE(tmp);
1295
1296 /*
1297 * Add the devicetype
1298 */
1299 tmp = talloc_strdup_upper(talloc_tos(), dev);
1300 if (tmp == NULL) {
1301 TALLOC_FREE(bytes);
1302 return NULL;
1303 }
1304 bytes = smb_bytes_push_str(bytes, false, tmp, strlen(tmp)+1, NULL);
1305 TALLOC_FREE(tmp);
1306
1307 if (bytes == NULL) {
1308 return NULL;
1309 }
1310
1311 result = cli_request_send(mem_ctx, ev, cli, SMBtconX, 0,
1312 4, vwv, 0, talloc_get_size(bytes), bytes);
1313 TALLOC_FREE(bytes);
1314 return result;
1315
1316 access_denied:
1317 {
1318 struct cli_request *state;
1319 if (!async_req_setup(mem_ctx, &result, &state,
1320 struct cli_request)) {
1321 goto fail;
1322 }
1323 if (async_post_ntstatus(result, ev, NT_STATUS_ACCESS_DENIED)) {
1324 return result;
1325 }
1326 }
1327 fail:
1328 TALLOC_FREE(result);
1329 return NULL;
1330 }
1331
1332 NTSTATUS cli_tcon_andx_recv(struct async_req *req)
1333 {
1334 struct cli_request *cli_req = talloc_get_type_abort(
1335 req->private_data, struct cli_request);
1336 struct cli_state *cli = cli_req->cli;
1337 uint8_t wct;
1338 uint16_t *vwv;
1339 uint16_t num_bytes;
1340 uint8_t *bytes;
1341 NTSTATUS status;
1342
1343 if (async_req_is_nterror(req, &status)) {
1344 return status;
1345 }
1346
1347 status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes);
1348 if (!NT_STATUS_IS_OK(status)) {
1349 return status;
1350 }
1351
1352 clistr_pull(cli_req->inbuf, cli->dev, bytes, sizeof(fstring),
1353 num_bytes, STR_TERMINATE|STR_ASCII);
1354
1355 if ((cli->protocol >= PROTOCOL_NT1) && (num_bytes == 3)) {
1356 /* almost certainly win95 - enable bug fixes */
1357 cli->win95 = True;
1358 }
1359
1360 /*
1361 * Make sure that we have the optional support 16-bit field. WCT > 2.
1362 * Avoids issues when connecting to Win9x boxes sharing files
1363 */
1364
1365 cli->dfsroot = false;
1366
1367 if ((wct > 2) && (cli->protocol >= PROTOCOL_LANMAN2)) {
1368 cli->dfsroot = ((SVAL(vwv+2, 0) & SMB_SHARE_IN_DFS) != 0);
1369 }
1370
1371 cli->cnum = SVAL(cli_req->inbuf,smb_tid);
1372 return NT_STATUS_OK;
1373 }
1374
1375 NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
1376 const char *dev, const char *pass, int passlen)
1377 {
1378 TALLOC_CTX *frame = talloc_stackframe();
1379 struct event_context *ev;
1380 struct async_req *req;
1381 NTSTATUS status;
1382
1383 if (cli->fd_event != NULL) {
1384 /*
1385 * Can't use sync call while an async call is in flight
1386 */
1387 status = NT_STATUS_INVALID_PARAMETER;
1388 goto fail;
1389 }
1390
1391 ev = event_context_init(frame);
1392 if (ev == NULL) {
1393 status = NT_STATUS_NO_MEMORY;
1394 goto fail;
1395 }
1396
1397 req = cli_tcon_andx_send(frame, ev, cli, share, dev, pass, passlen);
1398 if (req == NULL) {
1399 status = NT_STATUS_NO_MEMORY;
1400 goto fail;
1401 }
1402
1403 while (req->state < ASYNC_REQ_DONE) {
1404 event_loop_once(ev);
1405 }
1406
1407 status = cli_tcon_andx_recv(req);
1408 fail:
1409 TALLOC_FREE(frame);
1410 return status;
1411 }
1412
1413 /****************************************************************************
1414 Send a tree disconnect.
1415 ****************************************************************************/
1416
1417 bool cli_tdis(struct cli_state *cli)
1418 {
1419 memset(cli->outbuf,'\0',smb_size);
1420 cli_set_message(cli->outbuf,0,0,True);
1421 SCVAL(cli->outbuf,smb_com,SMBtdis);
1422 SSVAL(cli->outbuf,smb_tid,cli->cnum);
1423 cli_setup_packet(cli);
1424
1425 cli_send_smb(cli);
1426 if (!cli_receive_smb(cli))
1427 return False;
1428
1429 if (cli_is_error(cli)) {
1430 return False;
1431 }
1432
1433 cli->cnum = -1;
1434 return True;
1435 }
1436
1437 /****************************************************************************
1438 Send a negprot command.
1439 ****************************************************************************/
1440
1441 void cli_negprot_sendsync(struct cli_state *cli)
1442 {
1443 char *p;
1444 int numprots;
1445
1446 if (cli->protocol < PROTOCOL_NT1)
1447 cli->use_spnego = False;
1448
1449 memset(cli->outbuf,'\0',smb_size);
1450
1451 /* setup the protocol strings */
1452 cli_set_message(cli->outbuf,0,0,True);
1453
1454 p = smb_buf(cli->outbuf);
1455 for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
1456 if (prots[numprots].prot > cli->protocol) {
1457 break;
1458 }
1459 *p++ = 2;
1460 p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1461 }
1462
1463 SCVAL(cli->outbuf,smb_com,SMBnegprot);
1464 cli_setup_bcc(cli, p);
1465 cli_setup_packet(cli);
1466
1467 SCVAL(smb_buf(cli->outbuf),0,2);
1468
1469 cli_send_smb(cli);
1470 }
1471
1472 /****************************************************************************
1473 Send a negprot command.
1474 ****************************************************************************/
1475
1476 struct async_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
1477 struct event_context *ev,
1478 struct cli_state *cli)
1479 {
1480 struct async_req *result;
1481 uint8_t *bytes = NULL;
1482 int numprots;
1483
1484 if (cli->protocol < PROTOCOL_NT1)
1485 cli->use_spnego = False;
1486
1487 /* setup the protocol strings */
1488 for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
1489 uint8_t c = 2;
1490 if (prots[numprots].prot > cli->protocol) {
1491 break;
1492 }
1493 bytes = (uint8_t *)talloc_append_blob(
1494 talloc_tos(), bytes, data_blob_const(&c, sizeof(c)));
1495 if (bytes == NULL) {
1496 return NULL;
1497 }
1498 bytes = smb_bytes_push_str(bytes, false,
1499 prots[numprots].name,
1500 strlen(prots[numprots].name)+1,
1501 NULL);
1502 if (bytes == NULL) {
1503 return NULL;
1504 }
1505 }
1506
1507 result = cli_request_send(mem_ctx, ev, cli, SMBnegprot, 0, 0, NULL, 0,
1508 talloc_get_size(bytes), bytes);
1509 TALLOC_FREE(bytes);
1510 return result;
1511 }
1512
1513 NTSTATUS cli_negprot_recv(struct async_req *req)
1514 {
1515 struct cli_request *cli_req = talloc_get_type_abort(
1516 req->private_data, struct cli_request);
1517 struct cli_state *cli = cli_req->cli;
1518 uint8_t wct;
1519 uint16_t *vwv;
1520 uint16_t num_bytes;
1521 uint8_t *bytes;
1522 NTSTATUS status;
1523 uint16_t protnum;
1524
1525 if (async_req_is_nterror(req, &status)) {
1526 return status;
1527 }
1528
1529 status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes);
1530 if (!NT_STATUS_IS_OK(status)) {
1531 return status;
1532 }
1533
1534 protnum = SVAL(vwv, 0);
1535
1536 if ((protnum >= ARRAY_SIZE(prots))
1537 || (prots[protnum].prot > cli_req->cli->protocol)) {
1538 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1539 }
1540
1541 cli->protocol = prots[protnum].prot;
1542
1543 if ((cli->protocol < PROTOCOL_NT1) && cli->sign_info.mandatory_signing) {
1544 DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
1545 return NT_STATUS_ACCESS_DENIED;
1546 }
1547
1548 if (cli->protocol >= PROTOCOL_NT1) {
1549 struct timespec ts;
1550 /* NT protocol */
1551 cli->sec_mode = CVAL(vwv + 1, 0);
1552 cli->max_mux = SVAL(vwv + 1, 1);
1553 cli->max_xmit = IVAL(vwv + 3, 1);
1554 cli->sesskey = IVAL(vwv + 7, 1);
1555 cli->serverzone = SVALS(vwv + 15, 1);
1556 cli->serverzone *= 60;
1557 /* this time arrives in real GMT */
1558 ts = interpret_long_date(((char *)(vwv+11))+1);
1559 cli->servertime = ts.tv_sec;
1560 cli->secblob = data_blob(bytes, num_bytes);
1561 cli->capabilities = IVAL(vwv + 9, 1);
1562 if (cli->capabilities & CAP_RAW_MODE) {
1563 cli->readbraw_supported = True;
1564 cli->writebraw_supported = True;
1565 }
1566 /* work out if they sent us a workgroup */
1567 if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
1568 smb_buflen(cli->inbuf) > 8) {
1569 clistr_pull(cli->inbuf, cli->server_domain,
1570 bytes+8, sizeof(cli->server_domain),
1571 num_bytes-8,
1572 STR_UNICODE|STR_NOALIGN);
1573 }
1574
1575 /*
1576 * As signing is slow we only turn it on if either the client or
1577 * the server require it. JRA.
1578 */
1579
1580 if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
1581 /* Fail if server says signing is mandatory and we don't want to support it. */
1582 if (!cli->sign_info.allow_smb_signing) {
1583 DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
1584 return NT_STATUS_ACCESS_DENIED;
1585 }
1586 cli->sign_info.negotiated_smb_signing = True;
1587 cli->sign_info.mandatory_signing = True;
1588 } else if (cli->sign_info.mandatory_signing && cli->sign_info.allow_smb_signing) {
1589 /* Fail if client says signing is mandatory and the server doesn't support it. */
1590 if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
1591 DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
1592 return NT_STATUS_ACCESS_DENIED;
1593 }
1594 cli->sign_info.negotiated_smb_signing = True;
1595 cli->sign_info.mandatory_signing = True;
1596 } else if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
1597 cli->sign_info.negotiated_smb_signing = True;
1598 }
1599
1600 if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
1601 SAFE_FREE(cli->outbuf);
1602 SAFE_FREE(cli->inbuf);
1603 cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
1604 cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
1605 cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
1606 }
1607
1608 } else if (cli->protocol >= PROTOCOL_LANMAN1) {
1609 cli->use_spnego = False;
1610 cli->sec_mode = SVAL(vwv + 1, 0);
1611 cli->max_xmit = SVAL(vwv + 2, 0);
1612 cli->max_mux = SVAL(vwv + 3, 0);
1613 cli->sesskey = IVAL(vwv + 6, 0);
1614 cli->serverzone = SVALS(vwv + 10, 0);
1615 cli->serverzone *= 60;
1616 /* this time is converted to GMT by make_unix_date */
1617 cli->servertime = cli_make_unix_date(
1618 cli, (char *)(vwv + 8));
1619 cli->readbraw_supported = ((SVAL(vwv + 5, 0) & 0x1) != 0);
1620 cli->writebraw_supported = ((SVAL(vwv + 5, 0) & 0x2) != 0);
1621 cli->secblob = data_blob(bytes, num_bytes);
1622 } else {
1623 /* the old core protocol */
1624 cli->use_spnego = False;
1625 cli->sec_mode = 0;
1626 cli->serverzone = get_time_zone(time(NULL));
1627 }
1628
1629 cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
1630
1631 /* a way to force ascii SMB */
1632 if (getenv("CLI_FORCE_ASCII"))
1633 cli->capabilities &= ~CAP_UNICODE;
1634
1635 return NT_STATUS_OK;
1636 }
1637
1638 NTSTATUS cli_negprot(struct cli_state *cli)
1639 {
1640 TALLOC_CTX *frame = talloc_stackframe();
1641 struct event_context *ev;
1642 struct async_req *req;
1643 NTSTATUS status = NT_STATUS_NO_MEMORY;
1644
1645 if (cli->fd_event != NULL) {
1646 /*
1647 * Can't use sync call while an async call is in flight
1648 */
1649 cli_set_error(cli, NT_STATUS_INVALID_PARAMETER);
1650 goto fail;
1651 }
1652
1653 ev = event_context_init(frame);
1654 if (ev == NULL) {
1655 goto fail;
1656 }
1657
1658 req = cli_negprot_send(frame, ev, cli);
1659 if (req == NULL) {
1660 goto fail;
1661 }
1662
1663 while (req->state < ASYNC_REQ_DONE) {
1664 event_loop_once(ev);
1665 }
1666
1667 status = cli_negprot_recv(req);
1668 fail:
1669 TALLOC_FREE(frame);
1670 return status;
1671 }
1672
1673 /****************************************************************************
1674 Send a session request. See rfc1002.txt 4.3 and 4.3.2.
1675 ****************************************************************************/
1676
1677 bool cli_session_request(struct cli_state *cli,
1678 struct nmb_name *calling, struct nmb_name *called)
1679 {
1680 char *p;
1681 int len = 4;
1682 char *tmp;
1683
1684 /* 445 doesn't have session request */
1685 if (cli->port == 445)
1686 return True;
1687
1688 memcpy(&(cli->calling), calling, sizeof(*calling));
1689 memcpy(&(cli->called ), called , sizeof(*called ));
1690
1691 /* put in the destination name */
1692
1693 tmp = name_mangle(talloc_tos(), cli->called.name,
1694 cli->called.name_type);
1695 if (tmp == NULL) {
1696 return false;
1697 }
1698
1699 p = cli->outbuf+len;
1700 memcpy(p, tmp, name_len(tmp));
1701 len += name_len(tmp);
1702 TALLOC_FREE(tmp);
1703
1704 /* and my name */
1705
1706 tmp = name_mangle(talloc_tos(), cli->calling.name,
1707 cli->calling.name_type);
1708 if (tmp == NULL) {
1709 return false;
1710 }
1711
1712 p = cli->outbuf+len;
1713 memcpy(p, tmp, name_len(tmp));
1714 len += name_len(tmp);
1715 TALLOC_FREE(tmp);
1716
1717 /* send a session request (RFC 1002) */
1718 /* setup the packet length
1719 * Remove four bytes from the length count, since the length
1720 * field in the NBT Session Service header counts the number
1721 * of bytes which follow. The cli_send_smb() function knows
1722 * about this and accounts for those four bytes.
1723 * CRH.
1724 */
1725 len -= 4;
1726 _smb_setlen(cli->outbuf,len);
1727 SCVAL(cli->outbuf,0,0x81);
1728
1729 cli_send_smb(cli);
1730 DEBUG(5,("Sent session request\n"));
1731
1732 if (!cli_receive_smb(cli))
1733 return False;
1734
1735 if (CVAL(cli->inbuf,0) == 0x84) {
1736 /* C. Hoch 9/14/95 Start */
1737 /* For information, here is the response structure.
1738 * We do the byte-twiddling to for portability.
1739 struct RetargetResponse{
1740 unsigned char type;
1741 unsigned char flags;
1742 int16 length;
1743 int32 ip_addr;
1744 int16 port;
1745 };
1746 */
1747 uint16_t port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
1748 struct in_addr dest_ip;
1749 NTSTATUS status;
1750
1751 /* SESSION RETARGET */
1752 putip((char *)&dest_ip,cli->inbuf+4);
1753 in_addr_to_sockaddr_storage(&cli->dest_ss, dest_ip);
1754
1755 status = open_socket_out(&cli->dest_ss, port,
1756 LONG_CONNECT_TIMEOUT, &cli->fd);
1757 if (!NT_STATUS_IS_OK(status)) {
1758 return False;
1759 }
1760
1761 DEBUG(3,("Retargeted\n"));
1762
1763 set_socket_options(cli->fd, lp_socket_options());
1764
1765 /* Try again */
1766 {
1767 static int depth;
1768 bool ret;
1769 if (depth > 4) {
1770 DEBUG(0,("Retarget recursion - failing\n"));
1771 return False;
1772 }
1773 depth++;
1774 ret = cli_session_request(cli, calling, called);
1775 depth--;
1776 return ret;
1777 }
1778 } /* C. Hoch 9/14/95 End */
1779
1780 if (CVAL(cli->inbuf,0) != 0x82) {
1781 /* This is the wrong place to put the error... JRA. */
1782 cli->rap_error = CVAL(cli->inbuf,4);
1783 return False;
1784 }
1785 return(True);
1786 }
1787
1788 struct fd_struct {
1789 int fd;
1790 };
1791
1792 static void smb_sock_connected(struct tevent_req *req)
1793 {
1794 struct fd_struct *pfd = tevent_req_callback_data(
1795 req, struct fd_struct);
1796 int fd;
1797 NTSTATUS status;
1798
1799 status = open_socket_out_defer_recv(req, &fd);
1800 if (NT_STATUS_IS_OK(status)) {
1801 pfd->fd = fd;
1802 }
1803 }
1804
1805 static NTSTATUS open_smb_socket(const struct sockaddr_storage *pss,
1806 uint16_t *port, int timeout, int *pfd)
1807 {
1808 struct event_context *ev;
1809 struct tevent_req *r139, *r445;
1810 struct fd_struct *fd139, *fd445;
1811 NTSTATUS status = NT_STATUS_NO_MEMORY;
1812
1813 if (*port != 0) {
1814 return open_socket_out(pss, *port, timeout, pfd);
1815 }
1816
1817 ev = event_context_init(talloc_tos());
1818 if (ev == NULL) {
1819 return NT_STATUS_NO_MEMORY;
1820 }
1821
1822 fd139 = talloc(ev, struct fd_struct);
1823 if (fd139 == NULL) {
1824 goto done;
1825 }
1826 fd139->fd = -1;
1827
1828 fd445 = talloc(ev, struct fd_struct);
1829 if (fd445 == NULL) {
1830 goto done;
1831 }
1832 fd445->fd = -1;
1833
1834 r445 = open_socket_out_defer_send(ev, ev, timeval_set(0, 0),
1835 pss, 445, timeout);
1836 r139 = open_socket_out_defer_send(ev, ev, timeval_set(0, 3000),
1837 pss, 139, timeout);
1838 if ((r445 == NULL) || (r139 == NULL)) {
1839 goto done;
1840 }
1841 tevent_req_set_callback(r445, smb_sock_connected, fd445);
1842 tevent_req_set_callback(r139, smb_sock_connected, fd139);
1843
1844 while ((fd445->fd == -1) && (fd139->fd == -1)
1845 && (tevent_req_is_in_progress(r139)
1846 || tevent_req_is_in_progress(r445))) {
1847 event_loop_once(ev);
1848 }
1849
1850 if ((fd139->fd != -1) && (fd445->fd != -1)) {
1851 close(fd139->fd);
1852 fd139->fd = -1;
1853 }
1854
1855 if (fd445->fd != -1) {
1856 *port = 445;
1857 *pfd = fd445->fd;
1858 status = NT_STATUS_OK;
1859 goto done;
1860 }
1861 if (fd139->fd != -1) {
1862 *port = 139;
1863 *pfd = fd139->fd;
1864 status = NT_STATUS_OK;
1865 goto done;
1866 }
1867
1868 status = open_socket_out_defer_recv(r445, &fd445->fd);
1869 done:
1870 TALLOC_FREE(ev);
1871 return status;
1872 }
1873
1874 /****************************************************************************
1875 Open the client sockets.
1876 ****************************************************************************/
1877
1878 NTSTATUS cli_connect(struct cli_state *cli,
1879 const char *host,
1880 struct sockaddr_storage *dest_ss)
1881
1882 {
1883 int name_type = 0x20;
1884 TALLOC_CTX *frame = talloc_stackframe();
1885 unsigned int num_addrs = 0;
1886 unsigned int i = 0;
1887 struct sockaddr_storage *ss_arr = NULL;
1888 char *p = NULL;
1889
1890 /* reasonable default hostname */
1891 if (!host) {
1892 host = STAR_SMBSERVER;
1893 }
1894
1895 fstrcpy(cli->desthost, host);
1896
1897 /* allow hostnames of the form NAME#xx and do a netbios lookup */
1898 if ((p = strchr(cli->desthost, '#'))) {
1899 name_type = strtol(p+1, NULL, 16);
1900 *p = 0;
1901 }
1902
1903 if (!dest_ss || is_zero_addr((struct sockaddr *)dest_ss)) {
1904 NTSTATUS status =resolve_name_list(frame,
1905 cli->desthost,
1906 name_type,
1907 &ss_arr,
1908 &num_addrs);
1909 if (!NT_STATUS_IS_OK(status)) {
1910 TALLOC_FREE(frame);
1911 return NT_STATUS_BAD_NETWORK_NAME;
1912 }
1913 } else {
1914 num_addrs = 1;
1915 ss_arr = TALLOC_P(frame, struct sockaddr_storage);
1916 if (!ss_arr) {
1917 TALLOC_FREE(frame);
1918 return NT_STATUS_NO_MEMORY;
1919 }
1920 *ss_arr = *dest_ss;
1921 }
1922
1923 for (i = 0; i < num_addrs; i++) {
1924 cli->dest_ss = ss_arr[i];
1925 if (getenv("LIBSMB_PROG")) {
1926 cli->fd = sock_exec(getenv("LIBSMB_PROG"));
1927 } else {
1928 uint16_t port = cli->port;
1929 NTSTATUS status;
1930 status = open_smb_socket(&cli->dest_ss, &port,
1931 cli->timeout, &cli->fd);
1932 if (NT_STATUS_IS_OK(status)) {
1933 cli->port = port;
1934 }
1935 }
1936 if (cli->fd == -1) {
1937 char addr[INET6_ADDRSTRLEN];
1938 print_sockaddr(addr, sizeof(addr), &ss_arr[i]);
1939 DEBUG(2,("Error connecting to %s (%s)\n",
1940 dest_ss?addr:host,strerror(errno)));
1941 } else {
1942 /* Exit from loop on first connection. */
1943 break;
1944 }
1945 }
1946
1947 if (cli->fd == -1) {
1948 TALLOC_FREE(frame);
1949 return map_nt_error_from_unix(errno);
1950 }
1951
1952 if (dest_ss) {
1953 *dest_ss = cli->dest_ss;
1954 }
1955
1956 set_socket_options(cli->fd, lp_socket_options());
1957
1958 TALLOC_FREE(frame);
1959 return NT_STATUS_OK;
1960 }
1961
1962 /**
1963 establishes a connection to after the negprot.
1964 @param output_cli A fully initialised cli structure, non-null only on success
1965 @param dest_host The netbios name of the remote host
1966 @param dest_ss (optional) The the destination IP, NULL for name based lookup
1967 @param port (optional) The destination port (0 for default)
1968 @param retry bool. Did this connection fail with a retryable error ?
1969
1970 */
1971 NTSTATUS cli_start_connection(struct cli_state **output_cli,
1972 const char *my_name,
1973 const char *dest_host,
1974 struct sockaddr_storage *dest_ss, int port,
1975 int signing_state, int flags,
1976 bool *retry)
1977 {
1978 NTSTATUS nt_status;
1979 struct nmb_name calling;
1980 struct nmb_name called;
1981 struct cli_state *cli;
1982 struct sockaddr_storage ss;
1983
1984 if (retry)
1985 *retry = False;
1986
1987 if (!my_name)
1988 my_name = global_myname();
1989
1990 if (!(cli = cli_initialise_ex(signing_state))) {
1991 return NT_STATUS_NO_MEMORY;
1992 }
1993
1994 make_nmb_name(&calling, my_name, 0x0);
1995 make_nmb_name(&called , dest_host, 0x20);
1996
1997 cli_set_port(cli, port);
1998 cli_set_timeout(cli, 10000); /* 10 seconds. */
1999
2000 if (dest_ss) {
2001 ss = *dest_ss;
2002 } else {
2003 zero_sockaddr(&ss);
2004 }
2005
2006 again:
2007
2008 DEBUG(3,("Connecting to host=%s\n", dest_host));
2009
2010 nt_status = cli_connect(cli, dest_host, &ss);
2011 if (!NT_STATUS_IS_OK(nt_status)) {
2012 char addr[INET6_ADDRSTRLEN];
2013 print_sockaddr(addr, sizeof(addr), &ss);
2014 DEBUG(1,("cli_start_connection: failed to connect to %s (%s). Error %s\n",
2015 nmb_namestr(&called), addr, nt_errstr(nt_status) ));
2016 cli_shutdown(cli);
2017 return nt_status;
2018 }
2019
2020 if (retry)
2021 *retry = True;
2022
2023 if (!cli_session_request(cli, &calling, &called)) {
2024 char *p;
2025 DEBUG(1,("session request to %s failed (%s)\n",
2026 called.name, cli_errstr(cli)));
2027 if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
2028 *p = 0;
2029 goto again;
2030 }
2031 if (strcmp(called.name, STAR_SMBSERVER)) {
2032 make_nmb_name(&called , STAR_SMBSERVER, 0x20);
2033 goto again;
2034 }
2035 return NT_STATUS_BAD_NETWORK_NAME;
2036 }
2037
2038 if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
2039 cli->use_spnego = False;
2040 else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
2041 cli->use_kerberos = True;
2042
2043 if ((flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) &&
2044 cli->use_kerberos) {
2045 cli->fallback_after_kerberos = true;
2046 }
2047
2048 nt_status = cli_negprot(cli);
2049 if (!NT_STATUS_IS_OK(nt_status)) {
2050 DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status)));
2051 cli_shutdown(cli);
2052 return nt_status;
2053 }
2054
2055 *output_cli = cli;
2056 return NT_STATUS_OK;
2057 }
2058
2059
2060 /**
2061 establishes a connection right up to doing tconX, password specified.
2062 @param output_cli A fully initialised cli structure, non-null only on success
2063 @param dest_host The netbios name of the remote host
2064 @param dest_ip (optional) The the destination IP, NULL for name based lookup
2065 @param port (optional) The destination port (0 for default)
2066 @param service (optional) The share to make the connection to. Should be 'unqualified' in any way.
2067 @param service_type The 'type' of serivice.
2068 @param user Username, unix string
2069 @param domain User's domain
2070 @param password User's password, unencrypted unix string.
2071 @param retry bool. Did this connection fail with a retryable error ?
2072 */
2073
2074 NTSTATUS cli_full_connection(struct cli_state **output_cli,
2075 const char *my_name,
2076 const char *dest_host,
2077 struct sockaddr_storage *dest_ss, int port,
2078 const char *service, const char *service_type,
2079 const char *user, const char *domain,
2080 const char *password, int flags,
2081 int signing_state,
2082 bool *retry)
2083 {
2084 NTSTATUS nt_status;
2085 struct cli_state *cli = NULL;
2086 int pw_len = password ? strlen(password)+1 : 0;
2087
2088 *output_cli = NULL;
2089
2090 if (password == NULL) {
2091 password = "";
2092 }
2093
2094 nt_status = cli_start_connection(&cli, my_name, dest_host,
2095 dest_ss, port, signing_state,
2096 flags, retry);
2097
2098 if (!NT_STATUS_IS_OK(nt_status)) {
2099 return nt_status;
2100 }
2101
2102 nt_status = cli_session_setup(cli, user, password, pw_len, password,
2103 pw_len, domain);
2104 if (!NT_STATUS_IS_OK(nt_status)) {
2105
2106 if (!(flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
2107 DEBUG(1,("failed session setup with %s\n",
2108 nt_errstr(nt_status)));
2109 cli_shutdown(cli);
2110 return nt_status;
2111 }
2112
2113 nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
2114 if (!NT_STATUS_IS_OK(nt_status)) {
2115 DEBUG(1,("anonymous failed session setup with %s\n",
2116 nt_errstr(nt_status)));
2117 cli_shutdown(cli);
2118 return nt_status;
2119 }
2120 }
2121
2122 if (service) {
2123 nt_status = cli_tcon_andx(cli, service, service_type, password,
2124 pw_len);
2125 if (!NT_STATUS_IS_OK(nt_status)) {
2126 DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
2127 cli_shutdown(cli);
2128 if (NT_STATUS_IS_OK(nt_status)) {
2129 nt_status = NT_STATUS_UNSUCCESSFUL;
2130 }
2131 return nt_status;
2132 }
2133 }
2134
2135 nt_status = cli_init_creds(cli, user, domain, password);
2136 if (!NT_STATUS_IS_OK(nt_status)) {
2137 cli_shutdown(cli);
2138 return nt_status;
2139 }
2140
2141 *output_cli = cli;
2142 return NT_STATUS_OK;
2143 }
2144
2145 /****************************************************************************
2146 Attempt a NetBIOS session request, falling back to *SMBSERVER if needed.
2147 ****************************************************************************/
2148
2149 bool attempt_netbios_session_request(struct cli_state **ppcli, const char *srchost, const char *desthost,
2150 struct sockaddr_storage *pdest_ss)
2151 {
2152 struct nmb_name calling, called;
2153
2154 make_nmb_name(&calling, srchost, 0x0);
2155
2156 /*
2157 * If the called name is an IP address
2158 * then use *SMBSERVER immediately.
2159 */
2160
2161 if(is_ipaddress(desthost)) {
2162 make_nmb_name(&called, STAR_SMBSERVER, 0x20);
2163 } else {
2164 make_nmb_name(&called, desthost, 0x20);
2165 }
2166
2167 if (!cli_session_request(*ppcli, &calling, &called)) {
2168 NTSTATUS status;
2169 struct nmb_name smbservername;
2170
2171 make_nmb_name(&smbservername, STAR_SMBSERVER, 0x20);
2172
2173 /*
2174 * If the name wasn't *SMBSERVER then
2175 * try with *SMBSERVER if the first name fails.
2176 */
2177
2178 if (nmb_name_equal(&called, &smbservername)) {
2179
2180 /*
2181 * The name used was *SMBSERVER, don't bother with another name.
2182 */
2183
2184 DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
2185 with error %s.\n", desthost, cli_errstr(*ppcli) ));
2186 return False;
2187 }
2188
2189 /* Try again... */
2190 cli_shutdown(*ppcli);
2191
2192 *ppcli = cli_initialise();
2193 if (!*ppcli) {
2194 /* Out of memory... */
2195 return False;
2196 }
2197
2198 status = cli_connect(*ppcli, desthost, pdest_ss);
2199 if (!NT_STATUS_IS_OK(status) ||
2200 !cli_session_request(*ppcli, &calling, &smbservername)) {
2201 DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
2202 name *SMBSERVER with error %s\n", desthost, cli_errstr(*ppcli) ));
2203 return False;
2204 }
2205 }
2206
2207 return True;
2208 }
2209
2210 /****************************************************************************
2211 Send an old style tcon.
2212 ****************************************************************************/
2213 NTSTATUS cli_raw_tcon(struct cli_state *cli,
2214 const char *service, const char *pass, const char *dev,
2215 uint16 *max_xmit, uint16 *tid)
2216 {
2217 char *p;
2218
2219 if (!lp_client_plaintext_auth() && (*pass)) {
2220 DEBUG(1, ("Server requested plaintext password but 'client "
2221 "plaintext auth' is disabled\n"));
2222 return NT_STATUS_ACCESS_DENIED;
2223 }
2224
2225 memset(cli->outbuf,'\0',smb_size);
2226 memset(cli->inbuf,'\0',smb_size);
2227
2228 cli_set_message(cli->outbuf, 0, 0, True);
2229 SCVAL(cli->outbuf,smb_com,SMBtcon);
2230 cli_setup_packet(cli);
2231
2232 p = smb_buf(cli->outbuf);
2233 *p++ = 4; p += clistr_push(cli, p, service, -1, STR_TERMINATE | STR_NOALIGN);
2234 *p++ = 4; p += clistr_push(cli, p, pass, -1, STR_TERMINATE | STR_NOALIGN);
2235 *p++ = 4; p += clistr_push(cli, p, dev, -1, STR_TERMINATE | STR_NOALIGN);
2236
2237 cli_setup_bcc(cli, p);
2238
2239 cli_send_smb(cli);
2240 if (!cli_receive_smb(cli)) {
2241 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
2242 }
2243
2244 if (cli_is_error(cli)) {
2245 return cli_nt_error(cli);
2246 }
2247
2248 *max_xmit = SVAL(cli->inbuf, smb_vwv0);
2249 *tid = SVAL(cli->inbuf, smb_vwv1);
2250
2251 return NT_STATUS_OK;
2252 }
2253
2254 /* Return a cli_state pointing at the IPC$ share for the given server */
2255
2256 struct cli_state *get_ipc_connect(char *server,
2257 struct sockaddr_storage *server_ss,
2258 const struct user_auth_info *user_info)
2259 {
2260 struct cli_state *cli;
2261 NTSTATUS nt_status;
2262 uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
2263
2264 if (user_info->use_kerberos) {
2265 flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
2266 }
2267
2268 nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
2269 user_info->username ? user_info->username : "",
2270 lp_workgroup(),
2271 user_info->password ? user_info->password : "",
2272 flags,
2273 Undefined, NULL);
2274
2275 if (NT_STATUS_IS_OK(nt_status)) {
2276 return cli;
2277 } else if (is_ipaddress(server)) {
2278 /* windows 9* needs a correct NMB name for connections */
2279 fstring remote_name;
2280
2281 if (name_status_find("*", 0, 0, server_ss, remote_name)) {
2282 cli = get_ipc_connect(remote_name, server_ss, user_info);
2283 if (cli)
2284 return cli;
2285 }
2286 }
2287 return NULL;
2288 }
2289
2290 /*
2291 * Given the IP address of a master browser on the network, return its
2292 * workgroup and connect to it.
2293 *
2294 * This function is provided to allow additional processing beyond what
2295 * get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
2296 * browsers and obtain each master browsers' list of domains (in case the
2297 * first master browser is recently on the network and has not yet
2298 * synchronized with other master browsers and therefore does not yet have the
2299 * entire network browse list)
2300 */
2301
2302 struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
2303 struct ip_service *mb_ip,
2304 const struct user_auth_info *user_info,
2305 char **pp_workgroup_out)
2306 {
2307 char addr[INET6_ADDRSTRLEN];
2308 fstring name;
2309 struct cli_state *cli;
2310 struct sockaddr_storage server_ss;
2311
2312 *pp_workgroup_out = NULL;
2313
2314 print_sockaddr(addr, sizeof(addr), &mb_ip->ss);
2315 DEBUG(99, ("Looking up name of master browser %s\n",
2316 addr));
2317
2318 /*
2319 * Do a name status query to find out the name of the master browser.
2320 * We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
2321 * master browser will not respond to a wildcard query (or, at least,
2322 * an NT4 server acting as the domain master browser will not).
2323 *
2324 * We might be able to use ONLY the query on MSBROWSE, but that's not
2325 * yet been tested with all Windows versions, so until it is, leave
2326 * the original wildcard query as the first choice and fall back to
2327 * MSBROWSE if the wildcard query fails.
2328 */
2329 if (!name_status_find("*", 0, 0x1d, &mb_ip->ss, name) &&
2330 !name_status_find(MSBROWSE, 1, 0x1d, &mb_ip->ss, name)) {
2331
2332 DEBUG(99, ("Could not retrieve name status for %s\n",
2333 addr));
2334 return NULL;
2335 }
2336
2337 if (!find_master_ip(name, &server_ss)) {
2338 DEBUG(99, ("Could not find master ip for %s\n", name));
2339 return NULL;
2340 }
2341
2342 *pp_workgroup_out = talloc_strdup(ctx, name);
2343
2344 DEBUG(4, ("found master browser %s, %s\n", name, addr));
2345
2346 print_sockaddr(addr, sizeof(addr), &server_ss);
2347 cli = get_ipc_connect(addr, &server_ss, user_info);
2348
2349 return cli;
2350 }
2351
2352 /*
2353 * Return the IP address and workgroup of a master browser on the network, and
2354 * connect to it.
2355 */
2356
2357 struct cli_state *get_ipc_connect_master_ip_bcast(TALLOC_CTX *ctx,
2358 const struct user_auth_info *user_info,
2359 char **pp_workgroup_out)
2360 {
2361 struct ip_service *ip_list;
2362 struct cli_state *cli;
2363 int i, count;
2364
2365 *pp_workgroup_out = NULL;
2366
2367 DEBUG(99, ("Do broadcast lookup for workgroups on local network\n"));
2368
2369 /* Go looking for workgroups by broadcasting on the local network */
2370
2371 if (!NT_STATUS_IS_OK(name_resolve_bcast(MSBROWSE, 1, &ip_list,
2372 &count))) {
2373 DEBUG(99, ("No master browsers responded\n"));
2374 return False;
2375 }
2376
2377 for (i = 0; i < count; i++) {
2378 char addr[INET6_ADDRSTRLEN];
2379 print_sockaddr(addr, sizeof(addr), &ip_list[i].ss);
2380 DEBUG(99, ("Found master browser %s\n", addr));
2381
2382 cli = get_ipc_connect_master_ip(ctx, &ip_list[i],
2383 user_info, pp_workgroup_out);
2384 if (cli)
2385 return(cli);
2386 }
2387
2388 return NULL;
2389 }
reg import