search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:libsmb: let cli_read_andx_create() accept any length
[Samba/gebeck_regimport.git] / source3 / libsmb / cliconnect.c
blob872900c6f3a1eb257e6b3235963e28626927854d
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Andrew Bartlett 2001-2003
6 Copyright (C) Volker Lendecke 2011
7 Copyright (C) Jeremy Allison 2011
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "libsmb/libsmb.h"
25 #include "auth_info.h"
26 #include "../libcli/auth/libcli_auth.h"
27 #include "../libcli/auth/spnego.h"
28 #include "smb_krb5.h"
29 #include "../auth/ntlmssp/ntlmssp.h"
30 #include "libads/kerberos_proto.h"
31 #include "krb5_env.h"
32 #include "../lib/util/tevent_ntstatus.h"
33 #include "async_smb.h"
34 #include "libsmb/nmblib.h"
35 #include "librpc/ndr/libndr.h"
36 #include "../libcli/smb/smbXcli_base.h"
37 #include "smb2cli.h"
38
39 #define STAR_SMBSERVER "*SMBSERVER"
40
41 /********************************************************
42 Utility function to ensure we always return at least
43 a valid char * pointer to an empty string for the
44 cli->server_os, cli->server_type and cli->server_domain
45 strings.
46 *******************************************************/
47
48 static NTSTATUS smb_bytes_talloc_string(TALLOC_CTX *mem_ctx,
49 const uint8_t *hdr,
50 char **dest,
51 uint8_t *src,
52 size_t srclen,
53 ssize_t *destlen)
54 {
55 *destlen = clistr_pull_talloc(mem_ctx,
56 (const char *)hdr,
57 SVAL(hdr, HDR_FLG2),
58 dest,
59 (char *)src,
60 srclen,
61 STR_TERMINATE);
62 if (*destlen == -1) {
63 return NT_STATUS_NO_MEMORY;
64 }
65
66 if (*dest == NULL) {
67 *dest = talloc_strdup(mem_ctx, "");
68 if (*dest == NULL) {
69 return NT_STATUS_NO_MEMORY;
70 }
71 }
72 return NT_STATUS_OK;
73 }
74
75 /****************************************************************************
76 Do an old lanman2 style session setup.
77 ****************************************************************************/
78
79 struct cli_session_setup_lanman2_state {
80 struct cli_state *cli;
81 uint16_t vwv[10];
82 const char *user;
83 };
84
85 static void cli_session_setup_lanman2_done(struct tevent_req *subreq);
86
87 static struct tevent_req *cli_session_setup_lanman2_send(
88 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
89 struct cli_state *cli, const char *user,
90 const char *pass, size_t passlen,
91 const char *workgroup)
92 {
93 struct tevent_req *req, *subreq;
94 struct cli_session_setup_lanman2_state *state;
95 DATA_BLOB lm_response = data_blob_null;
96 uint16_t *vwv;
97 uint8_t *bytes;
98 char *tmp;
99 uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
100
101 req = tevent_req_create(mem_ctx, &state,
102 struct cli_session_setup_lanman2_state);
103 if (req == NULL) {
104 return NULL;
105 }
106 state->cli = cli;
107 state->user = user;
108 vwv = state->vwv;
109
110 /*
111 * if in share level security then don't send a password now
112 */
113 if (!(sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
114 passlen = 0;
115 }
116
117 if (passlen > 0
118 && (sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)
119 && passlen != 24) {
120 /*
121 * Encrypted mode needed, and non encrypted password
122 * supplied.
123 */
124 lm_response = data_blob(NULL, 24);
125 if (tevent_req_nomem(lm_response.data, req)) {
126 return tevent_req_post(req, ev);
127 }
128
129 if (!SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn),
130 (uint8_t *)lm_response.data)) {
131 DEBUG(1, ("Password is > 14 chars in length, and is "
132 "therefore incompatible with Lanman "
133 "authentication\n"));
134 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
135 return tevent_req_post(req, ev);
136 }
137 } else if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)
138 && passlen == 24) {
139 /*
140 * Encrypted mode needed, and encrypted password
141 * supplied.
142 */
143 lm_response = data_blob(pass, passlen);
144 if (tevent_req_nomem(lm_response.data, req)) {
145 return tevent_req_post(req, ev);
146 }
147 } else if (passlen > 0) {
148 uint8_t *buf;
149 size_t converted_size;
150 /*
151 * Plaintext mode needed, assume plaintext supplied.
152 */
153 buf = talloc_array(talloc_tos(), uint8_t, 0);
154 buf = smb_bytes_push_str(buf, smbXcli_conn_use_unicode(cli->conn), pass, passlen+1,
155 &converted_size);
156 if (tevent_req_nomem(buf, req)) {
157 return tevent_req_post(req, ev);
158 }
159 lm_response = data_blob(pass, passlen);
160 TALLOC_FREE(buf);
161 if (tevent_req_nomem(lm_response.data, req)) {
162 return tevent_req_post(req, ev);
163 }
164 }
165
166 SCVAL(vwv+0, 0, 0xff);
167 SCVAL(vwv+0, 1, 0);
168 SSVAL(vwv+1, 0, 0);
169 SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
170 SSVAL(vwv+3, 0, 2);
171 SSVAL(vwv+4, 0, 1);
172 SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
173 SSVAL(vwv+7, 0, lm_response.length);
174
175 bytes = talloc_array(state, uint8_t, lm_response.length);
176 if (tevent_req_nomem(bytes, req)) {
177 return tevent_req_post(req, ev);
178 }
179 if (lm_response.length != 0) {
180 memcpy(bytes, lm_response.data, lm_response.length);
181 }
182 data_blob_free(&lm_response);
183
184 tmp = talloc_strdup_upper(talloc_tos(), user);
185 if (tevent_req_nomem(tmp, req)) {
186 return tevent_req_post(req, ev);
187 }
188 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), tmp, strlen(tmp)+1,
189 NULL);
190 TALLOC_FREE(tmp);
191
192 tmp = talloc_strdup_upper(talloc_tos(), workgroup);
193 if (tevent_req_nomem(tmp, req)) {
194 return tevent_req_post(req, ev);
195 }
196 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), tmp, strlen(tmp)+1,
197 NULL);
198 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Unix", 5, NULL);
199 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Samba", 6, NULL);
200
201 if (tevent_req_nomem(bytes, req)) {
202 return tevent_req_post(req, ev);
203 }
204
205 subreq = cli_smb_send(state, ev, cli, SMBsesssetupX, 0, 10, vwv,
206 talloc_get_size(bytes), bytes);
207 if (tevent_req_nomem(subreq, req)) {
208 return tevent_req_post(req, ev);
209 }
210 tevent_req_set_callback(subreq, cli_session_setup_lanman2_done, req);
211 return req;
212 }
213
214 static void cli_session_setup_lanman2_done(struct tevent_req *subreq)
215 {
216 struct tevent_req *req = tevent_req_callback_data(
217 subreq, struct tevent_req);
218 struct cli_session_setup_lanman2_state *state = tevent_req_data(
219 req, struct cli_session_setup_lanman2_state);
220 struct cli_state *cli = state->cli;
221 uint32_t num_bytes;
222 uint8_t *in;
223 uint8_t *inhdr;
224 uint8_t *bytes;
225 uint8_t *p;
226 NTSTATUS status;
227 ssize_t ret;
228 uint8_t wct;
229 uint16_t *vwv;
230
231 status = cli_smb_recv(subreq, state, &in, 3, &wct, &vwv,
232 &num_bytes, &bytes);
233 TALLOC_FREE(subreq);
234 if (!NT_STATUS_IS_OK(status)) {
235 tevent_req_nterror(req, status);
236 return;
237 }
238
239 inhdr = in + NBT_HDR_SIZE;
240 p = bytes;
241
242 cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
243 cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
244
245 status = smb_bytes_talloc_string(cli,
246 inhdr,
247 &cli->server_os,
248 p,
249 bytes+num_bytes-p,
250 &ret);
251
252 if (!NT_STATUS_IS_OK(status)) {
253 tevent_req_nterror(req, status);
254 return;
255 }
256 p += ret;
257
258 status = smb_bytes_talloc_string(cli,
259 inhdr,
260 &cli->server_type,
261 p,
262 bytes+num_bytes-p,
263 &ret);
264
265 if (!NT_STATUS_IS_OK(status)) {
266 tevent_req_nterror(req, status);
267 return;
268 }
269 p += ret;
270
271 status = smb_bytes_talloc_string(cli,
272 inhdr,
273 &cli->server_domain,
274 p,
275 bytes+num_bytes-p,
276 &ret);
277
278 if (!NT_STATUS_IS_OK(status)) {
279 tevent_req_nterror(req, status);
280 return;
281 }
282 p += ret;
283
284 status = cli_set_username(cli, state->user);
285 if (tevent_req_nterror(req, status)) {
286 return;
287 }
288 tevent_req_done(req);
289 }
290
291 static NTSTATUS cli_session_setup_lanman2_recv(struct tevent_req *req)
292 {
293 return tevent_req_simple_recv_ntstatus(req);
294 }
295
296 static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli, const char *user,
297 const char *pass, size_t passlen,
298 const char *workgroup)
299 {
300 TALLOC_CTX *frame = talloc_stackframe();
301 struct tevent_context *ev;
302 struct tevent_req *req;
303 NTSTATUS status = NT_STATUS_NO_MEMORY;
304
305 if (smbXcli_conn_has_async_calls(cli->conn)) {
306 /*
307 * Can't use sync call while an async call is in flight
308 */
309 status = NT_STATUS_INVALID_PARAMETER;
310 goto fail;
311 }
312 ev = samba_tevent_context_init(frame);
313 if (ev == NULL) {
314 goto fail;
315 }
316 req = cli_session_setup_lanman2_send(frame, ev, cli, user, pass, passlen,
317 workgroup);
318 if (req == NULL) {
319 goto fail;
320 }
321 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
322 goto fail;
323 }
324 status = cli_session_setup_lanman2_recv(req);
325 fail:
326 TALLOC_FREE(frame);
327 return status;
328 }
329
330 /****************************************************************************
331 Work out suitable capabilities to offer the server.
332 ****************************************************************************/
333
334 static uint32_t cli_session_setup_capabilities(struct cli_state *cli,
335 uint32_t sesssetup_capabilities)
336 {
337 uint32_t client_capabilities = smb1cli_conn_capabilities(cli->conn);
338
339 /*
340 * We only send capabilities based on the mask for:
341 * - client only flags
342 * - flags used in both directions
343 *
344 * We do not echo the server only flags, except some legacy flags.
345 *
346 * SMB_CAP_LEGACY_CLIENT_MASK contains CAP_LARGE_READX and
347 * CAP_LARGE_WRITEX in order to allow us to do large reads
348 * against old Samba releases (<= 3.6.x).
349 */
350 client_capabilities &= (SMB_CAP_BOTH_MASK | SMB_CAP_LEGACY_CLIENT_MASK);
351
352 /*
353 * Session Setup specific flags CAP_DYNAMIC_REAUTH
354 * and CAP_EXTENDED_SECURITY are passed by the caller.
355 * We need that in order to do guest logins even if
356 * CAP_EXTENDED_SECURITY is negotiated.
357 */
358 client_capabilities &= ~(CAP_DYNAMIC_REAUTH|CAP_EXTENDED_SECURITY);
359 sesssetup_capabilities &= (CAP_DYNAMIC_REAUTH|CAP_EXTENDED_SECURITY);
360 client_capabilities |= sesssetup_capabilities;
361
362 return client_capabilities;
363 }
364
365 /****************************************************************************
366 Do a NT1 guest session setup.
367 ****************************************************************************/
368
369 struct cli_session_setup_guest_state {
370 struct cli_state *cli;
371 uint16_t vwv[13];
372 struct iovec bytes;
373 };
374
375 static void cli_session_setup_guest_done(struct tevent_req *subreq);
376
377 struct tevent_req *cli_session_setup_guest_create(TALLOC_CTX *mem_ctx,
378 struct tevent_context *ev,
379 struct cli_state *cli,
380 struct tevent_req **psmbreq)
381 {
382 struct tevent_req *req, *subreq;
383 struct cli_session_setup_guest_state *state;
384 uint16_t *vwv;
385 uint8_t *bytes;
386
387 req = tevent_req_create(mem_ctx, &state,
388 struct cli_session_setup_guest_state);
389 if (req == NULL) {
390 return NULL;
391 }
392 state->cli = cli;
393 vwv = state->vwv;
394
395 SCVAL(vwv+0, 0, 0xFF);
396 SCVAL(vwv+0, 1, 0);
397 SSVAL(vwv+1, 0, 0);
398 SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
399 SSVAL(vwv+3, 0, 2);
400 SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
401 SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
402 SSVAL(vwv+7, 0, 0);
403 SSVAL(vwv+8, 0, 0);
404 SSVAL(vwv+9, 0, 0);
405 SSVAL(vwv+10, 0, 0);
406 SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
407
408 bytes = talloc_array(state, uint8_t, 0);
409
410 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "", 1, /* username */
411 NULL);
412 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "", 1, /* workgroup */
413 NULL);
414 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Unix", 5, NULL);
415 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Samba", 6, NULL);
416
417 if (bytes == NULL) {
418 TALLOC_FREE(req);
419 return NULL;
420 }
421
422 state->bytes.iov_base = (void *)bytes;
423 state->bytes.iov_len = talloc_get_size(bytes);
424
425 subreq = cli_smb_req_create(state, ev, cli, SMBsesssetupX, 0, 13, vwv,
426 1, &state->bytes);
427 if (subreq == NULL) {
428 TALLOC_FREE(req);
429 return NULL;
430 }
431 tevent_req_set_callback(subreq, cli_session_setup_guest_done, req);
432 *psmbreq = subreq;
433 return req;
434 }
435
436 struct tevent_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
437 struct tevent_context *ev,
438 struct cli_state *cli)
439 {
440 struct tevent_req *req, *subreq;
441 NTSTATUS status;
442
443 req = cli_session_setup_guest_create(mem_ctx, ev, cli, &subreq);
444 if (req == NULL) {
445 return NULL;
446 }
447
448 status = smb1cli_req_chain_submit(&subreq, 1);
449 if (NT_STATUS_IS_OK(status)) {
450 tevent_req_nterror(req, status);
451 return tevent_req_post(req, ev);
452 }
453 return req;
454 }
455
456 static void cli_session_setup_guest_done(struct tevent_req *subreq)
457 {
458 struct tevent_req *req = tevent_req_callback_data(
459 subreq, struct tevent_req);
460 struct cli_session_setup_guest_state *state = tevent_req_data(
461 req, struct cli_session_setup_guest_state);
462 struct cli_state *cli = state->cli;
463 uint32_t num_bytes;
464 uint8_t *in;
465 uint8_t *inhdr;
466 uint8_t *bytes;
467 uint8_t *p;
468 NTSTATUS status;
469 ssize_t ret;
470 uint8_t wct;
471 uint16_t *vwv;
472
473 status = cli_smb_recv(subreq, state, &in, 3, &wct, &vwv,
474 &num_bytes, &bytes);
475 TALLOC_FREE(subreq);
476 if (!NT_STATUS_IS_OK(status)) {
477 tevent_req_nterror(req, status);
478 return;
479 }
480
481 inhdr = in + NBT_HDR_SIZE;
482 p = bytes;
483
484 cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
485 cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
486
487 status = smb_bytes_talloc_string(cli,
488 inhdr,
489 &cli->server_os,
490 p,
491 bytes+num_bytes-p,
492 &ret);
493
494 if (!NT_STATUS_IS_OK(status)) {
495 tevent_req_nterror(req, status);
496 return;
497 }
498 p += ret;
499
500 status = smb_bytes_talloc_string(cli,
501 inhdr,
502 &cli->server_type,
503 p,
504 bytes+num_bytes-p,
505 &ret);
506
507 if (!NT_STATUS_IS_OK(status)) {
508 tevent_req_nterror(req, status);
509 return;
510 }
511 p += ret;
512
513 status = smb_bytes_talloc_string(cli,
514 inhdr,
515 &cli->server_domain,
516 p,
517 bytes+num_bytes-p,
518 &ret);
519
520 if (!NT_STATUS_IS_OK(status)) {
521 tevent_req_nterror(req, status);
522 return;
523 }
524 p += ret;
525
526 status = cli_set_username(cli, "");
527 if (!NT_STATUS_IS_OK(status)) {
528 tevent_req_nterror(req, status);
529 return;
530 }
531 tevent_req_done(req);
532 }
533
534 NTSTATUS cli_session_setup_guest_recv(struct tevent_req *req)
535 {
536 return tevent_req_simple_recv_ntstatus(req);
537 }
538
539 static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
540 {
541 TALLOC_CTX *frame = talloc_stackframe();
542 struct tevent_context *ev;
543 struct tevent_req *req;
544 NTSTATUS status = NT_STATUS_OK;
545
546 if (smbXcli_conn_has_async_calls(cli->conn)) {
547 /*
548 * Can't use sync call while an async call is in flight
549 */
550 status = NT_STATUS_INVALID_PARAMETER;
551 goto fail;
552 }
553
554 ev = samba_tevent_context_init(frame);
555 if (ev == NULL) {
556 status = NT_STATUS_NO_MEMORY;
557 goto fail;
558 }
559
560 req = cli_session_setup_guest_send(frame, ev, cli);
561 if (req == NULL) {
562 status = NT_STATUS_NO_MEMORY;
563 goto fail;
564 }
565
566 if (!tevent_req_poll(req, ev)) {
567 status = map_nt_error_from_unix(errno);
568 goto fail;
569 }
570
571 status = cli_session_setup_guest_recv(req);
572 fail:
573 TALLOC_FREE(frame);
574 return status;
575 }
576
577 /****************************************************************************
578 Do a NT1 plaintext session setup.
579 ****************************************************************************/
580
581 struct cli_session_setup_plain_state {
582 struct cli_state *cli;
583 uint16_t vwv[13];
584 const char *user;
585 };
586
587 static void cli_session_setup_plain_done(struct tevent_req *subreq);
588
589 static struct tevent_req *cli_session_setup_plain_send(
590 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
591 struct cli_state *cli,
592 const char *user, const char *pass, const char *workgroup)
593 {
594 struct tevent_req *req, *subreq;
595 struct cli_session_setup_plain_state *state;
596 uint16_t *vwv;
597 uint8_t *bytes;
598 size_t passlen;
599 char *version;
600
601 req = tevent_req_create(mem_ctx, &state,
602 struct cli_session_setup_plain_state);
603 if (req == NULL) {
604 return NULL;
605 }
606 state->cli = cli;
607 state->user = user;
608 vwv = state->vwv;
609
610 SCVAL(vwv+0, 0, 0xff);
611 SCVAL(vwv+0, 1, 0);
612 SSVAL(vwv+1, 0, 0);
613 SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
614 SSVAL(vwv+3, 0, 2);
615 SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
616 SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
617 SSVAL(vwv+7, 0, 0);
618 SSVAL(vwv+8, 0, 0);
619 SSVAL(vwv+9, 0, 0);
620 SSVAL(vwv+10, 0, 0);
621 SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
622
623 bytes = talloc_array(state, uint8_t, 0);
624 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), pass, strlen(pass)+1,
625 &passlen);
626 if (tevent_req_nomem(bytes, req)) {
627 return tevent_req_post(req, ev);
628 }
629 SSVAL(vwv + (smbXcli_conn_use_unicode(cli->conn) ? 8 : 7), 0, passlen);
630
631 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
632 user, strlen(user)+1, NULL);
633 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
634 workgroup, strlen(workgroup)+1, NULL);
635 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
636 "Unix", 5, NULL);
637
638 version = talloc_asprintf(talloc_tos(), "Samba %s",
639 samba_version_string());
640 if (tevent_req_nomem(version, req)){
641 return tevent_req_post(req, ev);
642 }
643 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
644 version, strlen(version)+1, NULL);
645 TALLOC_FREE(version);
646
647 if (tevent_req_nomem(bytes, req)) {
648 return tevent_req_post(req, ev);
649 }
650
651 subreq = cli_smb_send(state, ev, cli, SMBsesssetupX, 0, 13, vwv,
652 talloc_get_size(bytes), bytes);
653 if (tevent_req_nomem(subreq, req)) {
654 return tevent_req_post(req, ev);
655 }
656 tevent_req_set_callback(subreq, cli_session_setup_plain_done, req);
657 return req;
658 }
659
660 static void cli_session_setup_plain_done(struct tevent_req *subreq)
661 {
662 struct tevent_req *req = tevent_req_callback_data(
663 subreq, struct tevent_req);
664 struct cli_session_setup_plain_state *state = tevent_req_data(
665 req, struct cli_session_setup_plain_state);
666 struct cli_state *cli = state->cli;
667 uint32_t num_bytes;
668 uint8_t *in;
669 uint8_t *inhdr;
670 uint8_t *bytes;
671 uint8_t *p;
672 NTSTATUS status;
673 ssize_t ret;
674 uint8_t wct;
675 uint16_t *vwv;
676
677 status = cli_smb_recv(subreq, state, &in, 3, &wct, &vwv,
678 &num_bytes, &bytes);
679 TALLOC_FREE(subreq);
680 if (tevent_req_nterror(req, status)) {
681 return;
682 }
683
684 inhdr = in + NBT_HDR_SIZE;
685 p = bytes;
686
687 cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
688 cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
689
690 status = smb_bytes_talloc_string(cli,
691 inhdr,
692 &cli->server_os,
693 p,
694 bytes+num_bytes-p,
695 &ret);
696
697 if (!NT_STATUS_IS_OK(status)) {
698 tevent_req_nterror(req, status);
699 return;
700 }
701 p += ret;
702
703 status = smb_bytes_talloc_string(cli,
704 inhdr,
705 &cli->server_type,
706 p,
707 bytes+num_bytes-p,
708 &ret);
709
710 if (!NT_STATUS_IS_OK(status)) {
711 tevent_req_nterror(req, status);
712 return;
713 }
714 p += ret;
715
716 status = smb_bytes_talloc_string(cli,
717 inhdr,
718 &cli->server_domain,
719 p,
720 bytes+num_bytes-p,
721 &ret);
722
723 if (!NT_STATUS_IS_OK(status)) {
724 tevent_req_nterror(req, status);
725 return;
726 }
727 p += ret;
728
729 status = cli_set_username(cli, state->user);
730 if (tevent_req_nterror(req, status)) {
731 return;
732 }
733
734 tevent_req_done(req);
735 }
736
737 static NTSTATUS cli_session_setup_plain_recv(struct tevent_req *req)
738 {
739 return tevent_req_simple_recv_ntstatus(req);
740 }
741
742 static NTSTATUS cli_session_setup_plain(struct cli_state *cli,
743 const char *user, const char *pass,
744 const char *workgroup)
745 {
746 TALLOC_CTX *frame = talloc_stackframe();
747 struct tevent_context *ev;
748 struct tevent_req *req;
749 NTSTATUS status = NT_STATUS_NO_MEMORY;
750
751 if (smbXcli_conn_has_async_calls(cli->conn)) {
752 /*
753 * Can't use sync call while an async call is in flight
754 */
755 status = NT_STATUS_INVALID_PARAMETER;
756 goto fail;
757 }
758 ev = samba_tevent_context_init(frame);
759 if (ev == NULL) {
760 goto fail;
761 }
762 req = cli_session_setup_plain_send(frame, ev, cli, user, pass,
763 workgroup);
764 if (req == NULL) {
765 goto fail;
766 }
767 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
768 goto fail;
769 }
770 status = cli_session_setup_plain_recv(req);
771 fail:
772 TALLOC_FREE(frame);
773 return status;
774 }
775
776 /****************************************************************************
777 do a NT1 NTLM/LM encrypted session setup - for when extended security
778 is not negotiated.
779 @param cli client state to create do session setup on
780 @param user username
781 @param pass *either* cleartext password (passlen !=24) or LM response.
782 @param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
783 @param workgroup The user's domain.
784 ****************************************************************************/
785
786 struct cli_session_setup_nt1_state {
787 struct cli_state *cli;
788 uint16_t vwv[13];
789 DATA_BLOB response;
790 DATA_BLOB session_key;
791 const char *user;
792 };
793
794 static void cli_session_setup_nt1_done(struct tevent_req *subreq);
795
796 static struct tevent_req *cli_session_setup_nt1_send(
797 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
798 struct cli_state *cli, const char *user,
799 const char *pass, size_t passlen,
800 const char *ntpass, size_t ntpasslen,
801 const char *workgroup)
802 {
803 struct tevent_req *req, *subreq;
804 struct cli_session_setup_nt1_state *state;
805 DATA_BLOB lm_response = data_blob_null;
806 DATA_BLOB nt_response = data_blob_null;
807 DATA_BLOB session_key = data_blob_null;
808 uint16_t *vwv;
809 uint8_t *bytes;
810 char *workgroup_upper;
811
812 req = tevent_req_create(mem_ctx, &state,
813 struct cli_session_setup_nt1_state);
814 if (req == NULL) {
815 return NULL;
816 }
817 state->cli = cli;
818 state->user = user;
819 vwv = state->vwv;
820
821 if (passlen == 0) {
822 /* do nothing - guest login */
823 } else if (passlen != 24) {
824 if (lp_client_ntlmv2_auth()) {
825 DATA_BLOB server_chal;
826 DATA_BLOB names_blob;
827
828 server_chal =
829 data_blob_const(smb1cli_conn_server_challenge(cli->conn),
830 8);
831
832 /*
833 * note that the 'workgroup' here is a best
834 * guess - we don't know the server's domain
835 * at this point. Windows clients also don't
836 * use hostname...
837 */
838 names_blob = NTLMv2_generate_names_blob(
839 NULL, NULL, workgroup);
840
841 if (tevent_req_nomem(names_blob.data, req)) {
842 return tevent_req_post(req, ev);
843 }
844
845 if (!SMBNTLMv2encrypt(NULL, user, workgroup, pass,
846 &server_chal, &names_blob,
847 &lm_response, &nt_response,
848 NULL, &session_key)) {
849 data_blob_free(&names_blob);
850 tevent_req_nterror(
851 req, NT_STATUS_ACCESS_DENIED);
852 return tevent_req_post(req, ev);
853 }
854 data_blob_free(&names_blob);
855
856 } else {
857 uchar nt_hash[16];
858 E_md4hash(pass, nt_hash);
859
860 #ifdef LANMAN_ONLY
861 nt_response = data_blob_null;
862 #else
863 nt_response = data_blob(NULL, 24);
864 if (tevent_req_nomem(nt_response.data, req)) {
865 return tevent_req_post(req, ev);
866 }
867
868 SMBNTencrypt(pass, smb1cli_conn_server_challenge(cli->conn),
869 nt_response.data);
870 #endif
871 /* non encrypted password supplied. Ignore ntpass. */
872 if (lp_client_lanman_auth()) {
873
874 lm_response = data_blob(NULL, 24);
875 if (tevent_req_nomem(lm_response.data, req)) {
876 return tevent_req_post(req, ev);
877 }
878
879 if (!SMBencrypt(pass,
880 smb1cli_conn_server_challenge(cli->conn),
881 lm_response.data)) {
882 /*
883 * Oops, the LM response is
884 * invalid, just put the NT
885 * response there instead
886 */
887 data_blob_free(&lm_response);
888 lm_response = data_blob(
889 nt_response.data,
890 nt_response.length);
891 }
892 } else {
893 /*
894 * LM disabled, place NT# in LM field
895 * instead
896 */
897 lm_response = data_blob(
898 nt_response.data, nt_response.length);
899 }
900
901 if (tevent_req_nomem(lm_response.data, req)) {
902 return tevent_req_post(req, ev);
903 }
904
905 session_key = data_blob(NULL, 16);
906 if (tevent_req_nomem(session_key.data, req)) {
907 return tevent_req_post(req, ev);
908 }
909 #ifdef LANMAN_ONLY
910 E_deshash(pass, session_key.data);
911 memset(&session_key.data[8], '\0', 8);
912 #else
913 SMBsesskeygen_ntv1(nt_hash, session_key.data);
914 #endif
915 }
916 } else {
917 /* pre-encrypted password supplied. Only used for
918 security=server, can't do
919 signing because we don't have original key */
920
921 lm_response = data_blob(pass, passlen);
922 if (tevent_req_nomem(lm_response.data, req)) {
923 return tevent_req_post(req, ev);
924 }
925
926 nt_response = data_blob(ntpass, ntpasslen);
927 if (tevent_req_nomem(nt_response.data, req)) {
928 return tevent_req_post(req, ev);
929 }
930 }
931
932 #ifdef LANMAN_ONLY
933 state->response = data_blob_talloc(
934 state, lm_response.data, lm_response.length);
935 #else
936 state->response = data_blob_talloc(
937 state, nt_response.data, nt_response.length);
938 #endif
939 if (tevent_req_nomem(state->response.data, req)) {
940 return tevent_req_post(req, ev);
941 }
942
943 if (session_key.data) {
944 state->session_key = data_blob_talloc(
945 state, session_key.data, session_key.length);
946 if (tevent_req_nomem(state->session_key.data, req)) {
947 return tevent_req_post(req, ev);
948 }
949 }
950 data_blob_free(&session_key);
951
952 SCVAL(vwv+0, 0, 0xff);
953 SCVAL(vwv+0, 1, 0);
954 SSVAL(vwv+1, 0, 0);
955 SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
956 SSVAL(vwv+3, 0, 2);
957 SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
958 SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
959 SSVAL(vwv+7, 0, lm_response.length);
960 SSVAL(vwv+8, 0, nt_response.length);
961 SSVAL(vwv+9, 0, 0);
962 SSVAL(vwv+10, 0, 0);
963 SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
964
965 bytes = talloc_array(state, uint8_t,
966 lm_response.length + nt_response.length);
967 if (tevent_req_nomem(bytes, req)) {
968 return tevent_req_post(req, ev);
969 }
970 if (lm_response.length != 0) {
971 memcpy(bytes, lm_response.data, lm_response.length);
972 }
973 if (nt_response.length != 0) {
974 memcpy(bytes + lm_response.length,
975 nt_response.data, nt_response.length);
976 }
977 data_blob_free(&lm_response);
978 data_blob_free(&nt_response);
979
980 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
981 user, strlen(user)+1, NULL);
982
983 /*
984 * Upper case here might help some NTLMv2 implementations
985 */
986 workgroup_upper = talloc_strdup_upper(talloc_tos(), workgroup);
987 if (tevent_req_nomem(workgroup_upper, req)) {
988 return tevent_req_post(req, ev);
989 }
990 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
991 workgroup_upper, strlen(workgroup_upper)+1,
992 NULL);
993 TALLOC_FREE(workgroup_upper);
994
995 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Unix", 5, NULL);
996 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Samba", 6, NULL);
997 if (tevent_req_nomem(bytes, req)) {
998 return tevent_req_post(req, ev);
999 }
1000
1001 subreq = cli_smb_send(state, ev, cli, SMBsesssetupX, 0, 13, vwv,
1002 talloc_get_size(bytes), bytes);
1003 if (tevent_req_nomem(subreq, req)) {
1004 return tevent_req_post(req, ev);
1005 }
1006 tevent_req_set_callback(subreq, cli_session_setup_nt1_done, req);
1007 return req;
1008 }
1009
1010 static void cli_session_setup_nt1_done(struct tevent_req *subreq)
1011 {
1012 struct tevent_req *req = tevent_req_callback_data(
1013 subreq, struct tevent_req);
1014 struct cli_session_setup_nt1_state *state = tevent_req_data(
1015 req, struct cli_session_setup_nt1_state);
1016 struct cli_state *cli = state->cli;
1017 uint32_t num_bytes;
1018 uint8_t *in;
1019 uint8_t *inhdr;
1020 uint8_t *bytes;
1021 uint8_t *p;
1022 NTSTATUS status;
1023 ssize_t ret;
1024 uint8_t wct;
1025 uint16_t *vwv;
1026
1027 status = cli_smb_recv(subreq, state, &in, 3, &wct, &vwv,
1028 &num_bytes, &bytes);
1029 TALLOC_FREE(subreq);
1030 if (!NT_STATUS_IS_OK(status)) {
1031 tevent_req_nterror(req, status);
1032 return;
1033 }
1034
1035 inhdr = in + NBT_HDR_SIZE;
1036 p = bytes;
1037
1038 cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
1039 cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
1040
1041 status = smb_bytes_talloc_string(cli,
1042 inhdr,
1043 &cli->server_os,
1044 p,
1045 bytes+num_bytes-p,
1046 &ret);
1047 if (!NT_STATUS_IS_OK(status)) {
1048 tevent_req_nterror(req, status);
1049 return;
1050 }
1051 p += ret;
1052
1053 status = smb_bytes_talloc_string(cli,
1054 inhdr,
1055 &cli->server_type,
1056 p,
1057 bytes+num_bytes-p,
1058 &ret);
1059 if (!NT_STATUS_IS_OK(status)) {
1060 tevent_req_nterror(req, status);
1061 return;
1062 }
1063 p += ret;
1064
1065 status = smb_bytes_talloc_string(cli,
1066 inhdr,
1067 &cli->server_domain,
1068 p,
1069 bytes+num_bytes-p,
1070 &ret);
1071 if (!NT_STATUS_IS_OK(status)) {
1072 tevent_req_nterror(req, status);
1073 return;
1074 }
1075 p += ret;
1076
1077 status = cli_set_username(cli, state->user);
1078 if (tevent_req_nterror(req, status)) {
1079 return;
1080 }
1081 if (smb1cli_conn_activate_signing(cli->conn, state->session_key, state->response)
1082 && !smb1cli_conn_check_signing(cli->conn, (uint8_t *)in, 1)) {
1083 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
1084 return;
1085 }
1086 if (state->session_key.data) {
1087 struct smbXcli_session *session = state->cli->smb1.session;
1088
1089 status = smb1cli_session_set_session_key(session,
1090 state->session_key);
1091 if (tevent_req_nterror(req, status)) {
1092 return;
1093 }
1094 }
1095 tevent_req_done(req);
1096 }
1097
1098 static NTSTATUS cli_session_setup_nt1_recv(struct tevent_req *req)
1099 {
1100 return tevent_req_simple_recv_ntstatus(req);
1101 }
1102
1103 static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
1104 const char *pass, size_t passlen,
1105 const char *ntpass, size_t ntpasslen,
1106 const char *workgroup)
1107 {
1108 TALLOC_CTX *frame = talloc_stackframe();
1109 struct tevent_context *ev;
1110 struct tevent_req *req;
1111 NTSTATUS status = NT_STATUS_NO_MEMORY;
1112
1113 if (smbXcli_conn_has_async_calls(cli->conn)) {
1114 /*
1115 * Can't use sync call while an async call is in flight
1116 */
1117 status = NT_STATUS_INVALID_PARAMETER;
1118 goto fail;
1119 }
1120 ev = samba_tevent_context_init(frame);
1121 if (ev == NULL) {
1122 goto fail;
1123 }
1124 req = cli_session_setup_nt1_send(frame, ev, cli, user, pass, passlen,
1125 ntpass, ntpasslen, workgroup);
1126 if (req == NULL) {
1127 goto fail;
1128 }
1129 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
1130 goto fail;
1131 }
1132 status = cli_session_setup_nt1_recv(req);
1133 fail:
1134 TALLOC_FREE(frame);
1135 return status;
1136 }
1137
1138 /* The following is calculated from :
1139 * (smb_size-4) = 35
1140 * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
1141 * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
1142 * end of packet.
1143 */
1144
1145 #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
1146
1147 struct cli_sesssetup_blob_state {
1148 struct tevent_context *ev;
1149 struct cli_state *cli;
1150 DATA_BLOB blob;
1151 uint16_t max_blob_size;
1152 uint16_t vwv[12];
1153 uint8_t *buf;
1154
1155 DATA_BLOB smb2_blob;
1156 struct iovec *recv_iov;
1157
1158 NTSTATUS status;
1159 uint8_t *inbuf;
1160 DATA_BLOB ret_blob;
1161 };
1162
1163 static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
1164 struct tevent_req **psubreq);
1165 static void cli_sesssetup_blob_done(struct tevent_req *subreq);
1166
1167 static struct tevent_req *cli_sesssetup_blob_send(TALLOC_CTX *mem_ctx,
1168 struct tevent_context *ev,
1169 struct cli_state *cli,
1170 DATA_BLOB blob)
1171 {
1172 struct tevent_req *req, *subreq;
1173 struct cli_sesssetup_blob_state *state;
1174 uint32_t usable_space;
1175
1176 req = tevent_req_create(mem_ctx, &state,
1177 struct cli_sesssetup_blob_state);
1178 if (req == NULL) {
1179 return NULL;
1180 }
1181 state->ev = ev;
1182 state->blob = blob;
1183 state->cli = cli;
1184
1185 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
1186 usable_space = UINT16_MAX;
1187 } else {
1188 usable_space = cli_state_available_size(cli,
1189 BASE_SESSSETUP_BLOB_PACKET_SIZE);
1190 }
1191
1192 if (usable_space == 0) {
1193 DEBUG(1, ("cli_session_setup_blob: cli->max_xmit too small "
1194 "(not possible to send %u bytes)\n",
1195 BASE_SESSSETUP_BLOB_PACKET_SIZE + 1));
1196 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
1197 return tevent_req_post(req, ev);
1198 }
1199 state->max_blob_size = MIN(usable_space, 0xFFFF);
1200
1201 if (!cli_sesssetup_blob_next(state, &subreq)) {
1202 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1203 return tevent_req_post(req, ev);
1204 }
1205 tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
1206 return req;
1207 }
1208
1209 static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
1210 struct tevent_req **psubreq)
1211 {
1212 struct tevent_req *subreq;
1213 uint16_t thistime;
1214
1215 thistime = MIN(state->blob.length, state->max_blob_size);
1216
1217 if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
1218
1219 state->smb2_blob.data = state->blob.data;
1220 state->smb2_blob.length = thistime;
1221
1222 state->blob.data += thistime;
1223 state->blob.length -= thistime;
1224
1225 subreq = smb2cli_session_setup_send(state, state->ev,
1226 state->cli->conn,
1227 state->cli->timeout,
1228 state->cli->smb2.session,
1229 0, /* in_flags */
1230 SMB2_CAP_DFS, /* in_capabilities */
1231 0, /* in_channel */
1232 0, /* in_previous_session_id */
1233 &state->smb2_blob);
1234 if (subreq == NULL) {
1235 return false;
1236 }
1237 *psubreq = subreq;
1238 return true;
1239 }
1240
1241 SCVAL(state->vwv+0, 0, 0xFF);
1242 SCVAL(state->vwv+0, 1, 0);
1243 SSVAL(state->vwv+1, 0, 0);
1244 SSVAL(state->vwv+2, 0, CLI_BUFFER_SIZE);
1245 SSVAL(state->vwv+3, 0, 2);
1246 SSVAL(state->vwv+4, 0, 1);
1247 SIVAL(state->vwv+5, 0, 0);
1248
1249 SSVAL(state->vwv+7, 0, thistime);
1250
1251 SSVAL(state->vwv+8, 0, 0);
1252 SSVAL(state->vwv+9, 0, 0);
1253 SIVAL(state->vwv+10, 0,
1254 cli_session_setup_capabilities(state->cli, CAP_EXTENDED_SECURITY));
1255
1256 state->buf = (uint8_t *)talloc_memdup(state, state->blob.data,
1257 thistime);
1258 if (state->buf == NULL) {
1259 return false;
1260 }
1261 state->blob.data += thistime;
1262 state->blob.length -= thistime;
1263
1264 state->buf = smb_bytes_push_str(state->buf, smbXcli_conn_use_unicode(state->cli->conn),
1265 "Unix", 5, NULL);
1266 state->buf = smb_bytes_push_str(state->buf, smbXcli_conn_use_unicode(state->cli->conn),
1267 "Samba", 6, NULL);
1268 if (state->buf == NULL) {
1269 return false;
1270 }
1271 subreq = cli_smb_send(state, state->ev, state->cli, SMBsesssetupX, 0,
1272 12, state->vwv,
1273 talloc_get_size(state->buf), state->buf);
1274 if (subreq == NULL) {
1275 return false;
1276 }
1277 *psubreq = subreq;
1278 return true;
1279 }
1280
1281 static void cli_sesssetup_blob_done(struct tevent_req *subreq)
1282 {
1283 struct tevent_req *req = tevent_req_callback_data(
1284 subreq, struct tevent_req);
1285 struct cli_sesssetup_blob_state *state = tevent_req_data(
1286 req, struct cli_sesssetup_blob_state);
1287 struct cli_state *cli = state->cli;
1288 uint8_t wct;
1289 uint16_t *vwv;
1290 uint32_t num_bytes;
1291 uint8_t *bytes;
1292 NTSTATUS status;
1293 uint8_t *p;
1294 uint16_t blob_length;
1295 uint8_t *in;
1296 uint8_t *inhdr;
1297 ssize_t ret;
1298
1299 if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
1300 status = smb2cli_session_setup_recv(subreq, state,
1301 &state->recv_iov,
1302 &state->ret_blob);
1303 } else {
1304 status = cli_smb_recv(subreq, state, &in, 4, &wct, &vwv,
1305 &num_bytes, &bytes);
1306 TALLOC_FREE(state->buf);
1307 }
1308 TALLOC_FREE(subreq);
1309 if (!NT_STATUS_IS_OK(status)
1310 && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1311 tevent_req_nterror(req, status);
1312 return;
1313 }
1314
1315 state->status = status;
1316
1317 if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
1318 goto next;
1319 }
1320
1321 state->inbuf = in;
1322 inhdr = in + NBT_HDR_SIZE;
1323 cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
1324 cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
1325
1326 blob_length = SVAL(vwv+3, 0);
1327 if (blob_length > num_bytes) {
1328 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
1329 return;
1330 }
1331 state->ret_blob = data_blob_const(bytes, blob_length);
1332
1333 p = bytes + blob_length;
1334
1335 status = smb_bytes_talloc_string(cli,
1336 inhdr,
1337 &cli->server_os,
1338 p,
1339 bytes+num_bytes-p,
1340 &ret);
1341
1342 if (!NT_STATUS_IS_OK(status)) {
1343 tevent_req_nterror(req, status);
1344 return;
1345 }
1346 p += ret;
1347
1348 status = smb_bytes_talloc_string(cli,
1349 inhdr,
1350 &cli->server_type,
1351 p,
1352 bytes+num_bytes-p,
1353 &ret);
1354
1355 if (!NT_STATUS_IS_OK(status)) {
1356 tevent_req_nterror(req, status);
1357 return;
1358 }
1359 p += ret;
1360
1361 status = smb_bytes_talloc_string(cli,
1362 inhdr,
1363 &cli->server_domain,
1364 p,
1365 bytes+num_bytes-p,
1366 &ret);
1367
1368 if (!NT_STATUS_IS_OK(status)) {
1369 tevent_req_nterror(req, status);
1370 return;
1371 }
1372 p += ret;
1373
1374 next:
1375 if (state->blob.length != 0) {
1376 /*
1377 * More to send
1378 */
1379 if (!cli_sesssetup_blob_next(state, &subreq)) {
1380 tevent_req_oom(req);
1381 return;
1382 }
1383 tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
1384 return;
1385 }
1386 tevent_req_done(req);
1387 }
1388
1389 static NTSTATUS cli_sesssetup_blob_recv(struct tevent_req *req,
1390 TALLOC_CTX *mem_ctx,
1391 DATA_BLOB *pblob,
1392 uint8_t **pinbuf,
1393 struct iovec **precv_iov)
1394 {
1395 struct cli_sesssetup_blob_state *state = tevent_req_data(
1396 req, struct cli_sesssetup_blob_state);
1397 NTSTATUS status;
1398 uint8_t *inbuf;
1399 struct iovec *recv_iov;
1400
1401 if (tevent_req_is_nterror(req, &status)) {
1402 TALLOC_FREE(state->cli->smb2.session);
1403 cli_state_set_uid(state->cli, UID_FIELD_INVALID);
1404 return status;
1405 }
1406
1407 inbuf = talloc_move(mem_ctx, &state->inbuf);
1408 recv_iov = talloc_move(mem_ctx, &state->recv_iov);
1409 if (pblob != NULL) {
1410 *pblob = state->ret_blob;
1411 }
1412 if (pinbuf != NULL) {
1413 *pinbuf = inbuf;
1414 }
1415 if (precv_iov != NULL) {
1416 *precv_iov = recv_iov;
1417 }
1418 /* could be NT_STATUS_MORE_PROCESSING_REQUIRED */
1419 return state->status;
1420 }
1421
1422 #ifdef HAVE_KRB5
1423
1424 /****************************************************************************
1425 Use in-memory credentials cache
1426 ****************************************************************************/
1427
1428 static void use_in_memory_ccache(void) {
1429 setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
1430 }
1431
1432 /****************************************************************************
1433 Do a spnego/kerberos encrypted session setup.
1434 ****************************************************************************/
1435
1436 struct cli_session_setup_kerberos_state {
1437 struct cli_state *cli;
1438 DATA_BLOB negTokenTarg;
1439 DATA_BLOB session_key_krb5;
1440 ADS_STATUS ads_status;
1441 };
1442
1443 static void cli_session_setup_kerberos_done(struct tevent_req *subreq);
1444
1445 static struct tevent_req *cli_session_setup_kerberos_send(
1446 TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
1447 const char *principal)
1448 {
1449 struct tevent_req *req, *subreq;
1450 struct cli_session_setup_kerberos_state *state;
1451 int rc;
1452
1453 DEBUG(2,("Doing kerberos session setup\n"));
1454
1455 req = tevent_req_create(mem_ctx, &state,
1456 struct cli_session_setup_kerberos_state);
1457 if (req == NULL) {
1458 return NULL;
1459 }
1460 state->cli = cli;
1461 state->ads_status = ADS_SUCCESS;
1462
1463 /*
1464 * Ok, this is cheating: spnego_gen_krb5_negTokenInit can block if
1465 * we have to acquire a ticket. To be fixed later :-)
1466 */
1467 rc = spnego_gen_krb5_negTokenInit(state, principal, 0, &state->negTokenTarg,
1468 &state->session_key_krb5, 0, NULL, NULL);
1469 if (rc) {
1470 DEBUG(1, ("cli_session_setup_kerberos: "
1471 "spnego_gen_krb5_negTokenInit failed: %s\n",
1472 error_message(rc)));
1473 state->ads_status = ADS_ERROR_KRB5(rc);
1474 tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
1475 return tevent_req_post(req, ev);
1476 }
1477
1478 #if 0
1479 file_save("negTokenTarg.dat", state->negTokenTarg.data,
1480 state->negTokenTarg.length);
1481 #endif
1482
1483 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
1484 state->cli->smb2.session = smbXcli_session_create(cli,
1485 cli->conn);
1486 if (tevent_req_nomem(state->cli->smb2.session, req)) {
1487 return tevent_req_post(req, ev);
1488 }
1489 }
1490
1491 subreq = cli_sesssetup_blob_send(state, ev, cli, state->negTokenTarg);
1492 if (tevent_req_nomem(subreq, req)) {
1493 return tevent_req_post(req, ev);
1494 }
1495 tevent_req_set_callback(subreq, cli_session_setup_kerberos_done, req);
1496 return req;
1497 }
1498
1499 static void cli_session_setup_kerberos_done(struct tevent_req *subreq)
1500 {
1501 struct tevent_req *req = tevent_req_callback_data(
1502 subreq, struct tevent_req);
1503 struct cli_session_setup_kerberos_state *state = tevent_req_data(
1504 req, struct cli_session_setup_kerberos_state);
1505 uint8_t *inbuf = NULL;
1506 struct iovec *recv_iov = NULL;
1507 NTSTATUS status;
1508
1509 status = cli_sesssetup_blob_recv(subreq, state,
1510 NULL, &inbuf, &recv_iov);
1511 TALLOC_FREE(subreq);
1512 if (!NT_STATUS_IS_OK(status)) {
1513 tevent_req_nterror(req, status);
1514 return;
1515 }
1516
1517 if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
1518 struct smbXcli_session *session = state->cli->smb2.session;
1519 status = smb2cli_session_set_session_key(session,
1520 state->session_key_krb5,
1521 recv_iov);
1522 if (tevent_req_nterror(req, status)) {
1523 return;
1524 }
1525 } else {
1526 struct smbXcli_session *session = state->cli->smb1.session;
1527
1528 status = smb1cli_session_set_session_key(session,
1529 state->session_key_krb5);
1530 if (tevent_req_nterror(req, status)) {
1531 return;
1532 }
1533
1534 if (smb1cli_conn_activate_signing(state->cli->conn, state->session_key_krb5,
1535 data_blob_null)
1536 && !smb1cli_conn_check_signing(state->cli->conn, inbuf, 1)) {
1537 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
1538 return;
1539 }
1540 }
1541
1542 tevent_req_done(req);
1543 }
1544
1545 static ADS_STATUS cli_session_setup_kerberos_recv(struct tevent_req *req)
1546 {
1547 struct cli_session_setup_kerberos_state *state = tevent_req_data(
1548 req, struct cli_session_setup_kerberos_state);
1549 NTSTATUS status;
1550
1551 if (tevent_req_is_nterror(req, &status)) {
1552 return ADS_ERROR_NT(status);
1553 }
1554 return state->ads_status;
1555 }
1556
1557 static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli,
1558 const char *principal)
1559 {
1560 struct tevent_context *ev;
1561 struct tevent_req *req;
1562 ADS_STATUS status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1563
1564 if (smbXcli_conn_has_async_calls(cli->conn)) {
1565 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
1566 }
1567 ev = samba_tevent_context_init(talloc_tos());
1568 if (ev == NULL) {
1569 goto fail;
1570 }
1571 req = cli_session_setup_kerberos_send(ev, ev, cli, principal);
1572 if (req == NULL) {
1573 goto fail;
1574 }
1575 if (!tevent_req_poll(req, ev)) {
1576 status = ADS_ERROR_SYSTEM(errno);
1577 goto fail;
1578 }
1579 status = cli_session_setup_kerberos_recv(req);
1580 fail:
1581 TALLOC_FREE(ev);
1582 return status;
1583 }
1584 #endif /* HAVE_KRB5 */
1585
1586 /****************************************************************************
1587 Do a spnego/NTLMSSP encrypted session setup.
1588 ****************************************************************************/
1589
1590 struct cli_session_setup_ntlmssp_state {
1591 struct tevent_context *ev;
1592 struct cli_state *cli;
1593 struct ntlmssp_state *ntlmssp_state;
1594 int turn;
1595 DATA_BLOB blob_out;
1596 };
1597
1598 static int cli_session_setup_ntlmssp_state_destructor(
1599 struct cli_session_setup_ntlmssp_state *state)
1600 {
1601 if (state->ntlmssp_state != NULL) {
1602 TALLOC_FREE(state->ntlmssp_state);
1603 }
1604 return 0;
1605 }
1606
1607 static void cli_session_setup_ntlmssp_done(struct tevent_req *req);
1608
1609 static struct tevent_req *cli_session_setup_ntlmssp_send(
1610 TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
1611 const char *user, const char *pass, const char *domain)
1612 {
1613 struct tevent_req *req, *subreq;
1614 struct cli_session_setup_ntlmssp_state *state;
1615 NTSTATUS status;
1616 DATA_BLOB blob_out;
1617 const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
1618
1619 req = tevent_req_create(mem_ctx, &state,
1620 struct cli_session_setup_ntlmssp_state);
1621 if (req == NULL) {
1622 return NULL;
1623 }
1624 state->ev = ev;
1625 state->cli = cli;
1626 state->turn = 1;
1627
1628 state->ntlmssp_state = NULL;
1629 talloc_set_destructor(
1630 state, cli_session_setup_ntlmssp_state_destructor);
1631
1632 status = ntlmssp_client_start(state,
1633 lp_netbios_name(),
1634 lp_workgroup(),
1635 lp_client_ntlmv2_auth(),
1636 &state->ntlmssp_state);
1637 if (!NT_STATUS_IS_OK(status)) {
1638 goto fail;
1639 }
1640 ntlmssp_want_feature(state->ntlmssp_state,
1641 NTLMSSP_FEATURE_SESSION_KEY);
1642 if (cli->use_ccache) {
1643 ntlmssp_want_feature(state->ntlmssp_state,
1644 NTLMSSP_FEATURE_CCACHE);
1645 }
1646 status = ntlmssp_set_username(state->ntlmssp_state, user);
1647 if (!NT_STATUS_IS_OK(status)) {
1648 goto fail;
1649 }
1650 status = ntlmssp_set_domain(state->ntlmssp_state, domain);
1651 if (!NT_STATUS_IS_OK(status)) {
1652 goto fail;
1653 }
1654 if (cli->pw_nt_hash) {
1655 status = ntlmssp_set_password_hash(state->ntlmssp_state, pass);
1656 } else {
1657 status = ntlmssp_set_password(state->ntlmssp_state, pass);
1658 }
1659 if (!NT_STATUS_IS_OK(status)) {
1660 goto fail;
1661 }
1662 status = ntlmssp_update(state->ntlmssp_state, data_blob_null,
1663 &blob_out);
1664 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1665 goto fail;
1666 }
1667
1668 state->blob_out = spnego_gen_negTokenInit(state, OIDs_ntlm, &blob_out, NULL);
1669 data_blob_free(&blob_out);
1670
1671 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
1672 state->cli->smb2.session = smbXcli_session_create(cli,
1673 cli->conn);
1674 if (tevent_req_nomem(state->cli->smb2.session, req)) {
1675 return tevent_req_post(req, ev);
1676 }
1677 }
1678
1679 subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);
1680 if (tevent_req_nomem(subreq, req)) {
1681 return tevent_req_post(req, ev);
1682 }
1683 tevent_req_set_callback(subreq, cli_session_setup_ntlmssp_done, req);
1684 return req;
1685 fail:
1686 tevent_req_nterror(req, status);
1687 return tevent_req_post(req, ev);
1688 }
1689
1690 static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
1691 {
1692 struct tevent_req *req = tevent_req_callback_data(
1693 subreq, struct tevent_req);
1694 struct cli_session_setup_ntlmssp_state *state = tevent_req_data(
1695 req, struct cli_session_setup_ntlmssp_state);
1696 DATA_BLOB blob_in, msg_in, blob_out;
1697 uint8_t *inbuf = NULL;
1698 struct iovec *recv_iov = NULL;
1699 bool parse_ret;
1700 NTSTATUS status;
1701
1702 status = cli_sesssetup_blob_recv(subreq, talloc_tos(), &blob_in,
1703 &inbuf, &recv_iov);
1704 TALLOC_FREE(subreq);
1705 data_blob_free(&state->blob_out);
1706
1707 if (NT_STATUS_IS_OK(status)) {
1708 if (state->cli->server_domain[0] == '\0') {
1709 TALLOC_FREE(state->cli->server_domain);
1710 state->cli->server_domain = talloc_strdup(state->cli,
1711 state->ntlmssp_state->server.netbios_domain);
1712 if (state->cli->server_domain == NULL) {
1713 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
1714 return;
1715 }
1716 }
1717
1718 if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
1719 struct smbXcli_session *session = state->cli->smb2.session;
1720
1721 if (ntlmssp_is_anonymous(state->ntlmssp_state)) {
1722 /*
1723 * Windows server does not set the
1724 * SMB2_SESSION_FLAG_IS_GUEST nor
1725 * SMB2_SESSION_FLAG_IS_NULL flag.
1726 *
1727 * This fix makes sure we do not try
1728 * to verify a signature on the final
1729 * session setup response.
1730 */
1731 TALLOC_FREE(state->ntlmssp_state);
1732 tevent_req_done(req);
1733 return;
1734 }
1735
1736 status = smb2cli_session_set_session_key(session,
1737 state->ntlmssp_state->session_key,
1738 recv_iov);
1739 if (tevent_req_nterror(req, status)) {
1740 return;
1741 }
1742 } else {
1743 struct smbXcli_session *session = state->cli->smb1.session;
1744
1745 status = smb1cli_session_set_session_key(session,
1746 state->ntlmssp_state->session_key);
1747 if (tevent_req_nterror(req, status)) {
1748 return;
1749 }
1750
1751 if (smb1cli_conn_activate_signing(
1752 state->cli->conn, state->ntlmssp_state->session_key,
1753 data_blob_null)
1754 && !smb1cli_conn_check_signing(state->cli->conn, inbuf, 1)) {
1755 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
1756 return;
1757 }
1758 }
1759 TALLOC_FREE(state->ntlmssp_state);
1760 tevent_req_done(req);
1761 return;
1762 }
1763 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1764 tevent_req_nterror(req, status);
1765 return;
1766 }
1767
1768 if (blob_in.length == 0) {
1769 tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
1770 return;
1771 }
1772
1773 if ((state->turn == 1)
1774 && NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1775 DATA_BLOB tmp_blob = data_blob_null;
1776 /* the server might give us back two challenges */
1777 parse_ret = spnego_parse_challenge(state, blob_in, &msg_in,
1778 &tmp_blob);
1779 data_blob_free(&tmp_blob);
1780 } else {
1781 parse_ret = spnego_parse_auth_response(state, blob_in, status,
1782 OID_NTLMSSP, &msg_in);
1783 }
1784 state->turn += 1;
1785
1786 if (!parse_ret) {
1787 DEBUG(3,("Failed to parse auth response\n"));
1788 if (NT_STATUS_IS_OK(status)
1789 || NT_STATUS_EQUAL(status,
1790 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1791 tevent_req_nterror(
1792 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
1793 return;
1794 }
1795 }
1796
1797 status = ntlmssp_update(state->ntlmssp_state, msg_in, &blob_out);
1798
1799 if (!NT_STATUS_IS_OK(status)
1800 && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1801 TALLOC_FREE(state->ntlmssp_state);
1802 tevent_req_nterror(req, status);
1803 return;
1804 }
1805
1806 state->blob_out = spnego_gen_auth(state, blob_out);
1807 if (tevent_req_nomem(state->blob_out.data, req)) {
1808 return;
1809 }
1810
1811 subreq = cli_sesssetup_blob_send(state, state->ev, state->cli,
1812 state->blob_out);
1813 if (tevent_req_nomem(subreq, req)) {
1814 return;
1815 }
1816 tevent_req_set_callback(subreq, cli_session_setup_ntlmssp_done, req);
1817 }
1818
1819 static NTSTATUS cli_session_setup_ntlmssp_recv(struct tevent_req *req)
1820 {
1821 struct cli_session_setup_ntlmssp_state *state = tevent_req_data(
1822 req, struct cli_session_setup_ntlmssp_state);
1823 NTSTATUS status;
1824
1825 if (tevent_req_is_nterror(req, &status)) {
1826 cli_state_set_uid(state->cli, UID_FIELD_INVALID);
1827 return status;
1828 }
1829 return NT_STATUS_OK;
1830 }
1831
1832 static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli,
1833 const char *user,
1834 const char *pass,
1835 const char *domain)
1836 {
1837 struct tevent_context *ev;
1838 struct tevent_req *req;
1839 NTSTATUS status = NT_STATUS_NO_MEMORY;
1840
1841 if (smbXcli_conn_has_async_calls(cli->conn)) {
1842 return NT_STATUS_INVALID_PARAMETER;
1843 }
1844 ev = samba_tevent_context_init(talloc_tos());
1845 if (ev == NULL) {
1846 goto fail;
1847 }
1848 req = cli_session_setup_ntlmssp_send(ev, ev, cli, user, pass, domain);
1849 if (req == NULL) {
1850 goto fail;
1851 }
1852 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
1853 goto fail;
1854 }
1855 status = cli_session_setup_ntlmssp_recv(req);
1856 fail:
1857 TALLOC_FREE(ev);
1858 return status;
1859 }
1860
1861 /****************************************************************************
1862 Do a spnego encrypted session setup.
1863
1864 user_domain: The shortname of the domain the user/machine is a member of.
1865 dest_realm: The realm we're connecting to, if NULL we use our default realm.
1866 ****************************************************************************/
1867
1868 static ADS_STATUS cli_session_setup_spnego(struct cli_state *cli,
1869 const char *user,
1870 const char *pass,
1871 const char *user_domain,
1872 const char * dest_realm)
1873 {
1874 char *principal = NULL;
1875 char *OIDs[ASN1_MAX_OIDS];
1876 int i;
1877 const DATA_BLOB *server_blob;
1878 DATA_BLOB blob = data_blob_null;
1879 const char *p = NULL;
1880 char *account = NULL;
1881 NTSTATUS status;
1882
1883 server_blob = smbXcli_conn_server_gss_blob(cli->conn);
1884 if (server_blob) {
1885 blob = data_blob(server_blob->data, server_blob->length);
1886 }
1887
1888 DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)blob.length));
1889
1890 /* the server might not even do spnego */
1891 if (blob.length == 0) {
1892 DEBUG(3,("server didn't supply a full spnego negprot\n"));
1893 goto ntlmssp;
1894 }
1895
1896 #if 0
1897 file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
1898 #endif
1899
1900 /* The server sent us the first part of the SPNEGO exchange in the
1901 * negprot reply. It is WRONG to depend on the principal sent in the
1902 * negprot reply, but right now we do it. If we don't receive one,
1903 * we try to best guess, then fall back to NTLM. */
1904 if (!spnego_parse_negTokenInit(talloc_tos(), blob, OIDs, &principal, NULL) ||
1905 OIDs[0] == NULL) {
1906 data_blob_free(&blob);
1907 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
1908 }
1909 data_blob_free(&blob);
1910
1911 /* make sure the server understands kerberos */
1912 for (i=0;OIDs[i];i++) {
1913 if (i == 0)
1914 DEBUG(3,("got OID=%s\n", OIDs[i]));
1915 else
1916 DEBUGADD(3,("got OID=%s\n", OIDs[i]));
1917 if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
1918 strcmp(OIDs[i], OID_KERBEROS5) == 0) {
1919 cli->got_kerberos_mechanism = True;
1920 }
1921 talloc_free(OIDs[i]);
1922 }
1923
1924 DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
1925
1926 status = cli_set_username(cli, user);
1927 if (!NT_STATUS_IS_OK(status)) {
1928 TALLOC_FREE(principal);
1929 return ADS_ERROR_NT(status);
1930 }
1931
1932 #ifdef HAVE_KRB5
1933 /* If password is set we reauthenticate to kerberos server
1934 * and do not store results */
1935
1936 if (user && *user && cli->got_kerberos_mechanism && cli->use_kerberos) {
1937 ADS_STATUS rc;
1938 const char *remote_name = smbXcli_conn_remote_name(cli->conn);
1939
1940 if (pass && *pass) {
1941 int ret;
1942
1943 use_in_memory_ccache();
1944 ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
1945
1946 if (ret){
1947 TALLOC_FREE(principal);
1948 DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
1949 if (cli->fallback_after_kerberos)
1950 goto ntlmssp;
1951 return ADS_ERROR_KRB5(ret);
1952 }
1953 }
1954
1955 /* We may not be allowed to use the server-supplied SPNEGO principal, or it may not have been supplied to us
1956 */
1957 if (!lp_client_use_spnego_principal() || strequal(principal, ADS_IGNORE_PRINCIPAL)) {
1958 TALLOC_FREE(principal);
1959 }
1960
1961 if (principal == NULL &&
1962 !is_ipaddress(remote_name) &&
1963 !strequal(STAR_SMBSERVER,
1964 remote_name)) {
1965 DEBUG(3,("cli_session_setup_spnego: using target "
1966 "hostname not SPNEGO principal\n"));
1967
1968 if (dest_realm) {
1969 char *realm = strupper_talloc(talloc_tos(), dest_realm);
1970 if (realm) {
1971 principal = talloc_asprintf(talloc_tos(),
1972 "cifs/%s@%s",
1973 remote_name,
1974 realm);
1975 TALLOC_FREE(realm);
1976 }
1977 } else {
1978 principal = kerberos_get_principal_from_service_hostname(talloc_tos(),
1979 "cifs",
1980 remote_name,
1981 lp_realm());
1982 }
1983
1984 if (!principal) {
1985 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1986 }
1987 DEBUG(3,("cli_session_setup_spnego: guessed "
1988 "server principal=%s\n",
1989 principal ? principal : "<null>"));
1990 }
1991
1992 if (principal) {
1993 rc = cli_session_setup_kerberos(cli, principal);
1994 if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
1995 TALLOC_FREE(principal);
1996 return rc;
1997 }
1998 }
1999 }
2000 #endif
2001
2002 TALLOC_FREE(principal);
2003
2004 ntlmssp:
2005
2006 account = talloc_strdup(talloc_tos(), user);
2007 if (!account) {
2008 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
2009 }
2010
2011 /* when falling back to ntlmssp while authenticating with a machine
2012 * account strip off the realm - gd */
2013
2014 if ((p = strchr_m(user, '@')) != NULL) {
2015 account[PTR_DIFF(p,user)] = '\0';
2016 }
2017
2018 return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, user_domain));
2019 }
2020
2021 /****************************************************************************
2022 Send a session setup. The username and workgroup is in UNIX character
2023 format and must be converted to DOS codepage format before sending. If the
2024 password is in plaintext, the same should be done.
2025 ****************************************************************************/
2026
2027 NTSTATUS cli_session_setup(struct cli_state *cli,
2028 const char *user,
2029 const char *pass, int passlen,
2030 const char *ntpass, int ntpasslen,
2031 const char *workgroup)
2032 {
2033 char *p;
2034 char *user2;
2035 uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
2036
2037 if (user) {
2038 user2 = talloc_strdup(talloc_tos(), user);
2039 } else {
2040 user2 = talloc_strdup(talloc_tos(), "");
2041 }
2042 if (user2 == NULL) {
2043 return NT_STATUS_NO_MEMORY;
2044 }
2045
2046 if (!workgroup) {
2047 workgroup = "";
2048 }
2049
2050 /* allow for workgroups as part of the username */
2051 if ((p=strchr_m(user2,'\\')) || (p=strchr_m(user2,'/')) ||
2052 (p=strchr_m(user2,*lp_winbind_separator()))) {
2053 *p = 0;
2054 user = p+1;
2055 if (!strupper_m(user2)) {
2056 return NT_STATUS_INVALID_PARAMETER;
2057 }
2058 workgroup = user2;
2059 }
2060
2061 if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_LANMAN1) {
2062 return NT_STATUS_OK;
2063 }
2064
2065 /* now work out what sort of session setup we are going to
2066 do. I have split this into separate functions to make the
2067 flow a bit easier to understand (tridge) */
2068
2069 /* if its an older server then we have to use the older request format */
2070
2071 if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1) {
2072 if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
2073 DEBUG(1, ("Server requested LM password but 'client lanman auth = no'"
2074 " or 'client ntlmv2 auth = yes'\n"));
2075 return NT_STATUS_ACCESS_DENIED;
2076 }
2077
2078 if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
2079 !lp_client_plaintext_auth() && (*pass)) {
2080 DEBUG(1, ("Server requested PLAINTEXT password but 'client plaintext auth = no'"
2081 " or 'client ntlmv2 auth = yes'\n"));
2082 return NT_STATUS_ACCESS_DENIED;
2083 }
2084
2085 return cli_session_setup_lanman2(cli, user, pass, passlen,
2086 workgroup);
2087 }
2088
2089 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
2090 const char *remote_realm = cli_state_remote_realm(cli);
2091 ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
2092 workgroup,
2093 remote_realm);
2094 if (!ADS_ERR_OK(status)) {
2095 DEBUG(3, ("SMB2-SPNEGO login failed: %s\n", ads_errstr(status)));
2096 return ads_ntstatus(status);
2097 }
2098 return NT_STATUS_OK;
2099 }
2100
2101 /* if no user is supplied then we have to do an anonymous connection.
2102 passwords are ignored */
2103
2104 if (!user || !*user)
2105 return cli_session_setup_guest(cli);
2106
2107 /* if the server is share level then send a plaintext null
2108 password at this point. The password is sent in the tree
2109 connect */
2110
2111 if ((sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
2112 return cli_session_setup_plain(cli, user, "", workgroup);
2113
2114 /* if the server doesn't support encryption then we have to use
2115 plaintext. The second password is ignored */
2116
2117 if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
2118 if (!lp_client_plaintext_auth() && (*pass)) {
2119 DEBUG(1, ("Server requested PLAINTEXT password but 'client plaintext auth = no'"
2120 " or 'client ntlmv2 auth = yes'\n"));
2121 return NT_STATUS_ACCESS_DENIED;
2122 }
2123 return cli_session_setup_plain(cli, user, pass, workgroup);
2124 }
2125
2126 /* if the server supports extended security then use SPNEGO */
2127
2128 if (smb1cli_conn_capabilities(cli->conn) & CAP_EXTENDED_SECURITY) {
2129 const char *remote_realm = cli_state_remote_realm(cli);
2130 ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
2131 workgroup,
2132 remote_realm);
2133 if (!ADS_ERR_OK(status)) {
2134 DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
2135 return ads_ntstatus(status);
2136 }
2137 } else {
2138 NTSTATUS status;
2139
2140 /* otherwise do a NT1 style session setup */
2141 status = cli_session_setup_nt1(cli, user, pass, passlen,
2142 ntpass, ntpasslen, workgroup);
2143 if (!NT_STATUS_IS_OK(status)) {
2144 DEBUG(3,("cli_session_setup: NT1 session setup "
2145 "failed: %s\n", nt_errstr(status)));
2146 return status;
2147 }
2148 }
2149
2150 return NT_STATUS_OK;
2151 }
2152
2153 /****************************************************************************
2154 Send a uloggoff.
2155 *****************************************************************************/
2156
2157 struct cli_ulogoff_state {
2158 struct cli_state *cli;
2159 uint16_t vwv[3];
2160 };
2161
2162 static void cli_ulogoff_done(struct tevent_req *subreq);
2163
2164 struct tevent_req *cli_ulogoff_send(TALLOC_CTX *mem_ctx,
2165 struct tevent_context *ev,
2166 struct cli_state *cli)
2167 {
2168 struct tevent_req *req, *subreq;
2169 struct cli_ulogoff_state *state;
2170
2171 req = tevent_req_create(mem_ctx, &state, struct cli_ulogoff_state);
2172 if (req == NULL) {
2173 return NULL;
2174 }
2175 state->cli = cli;
2176
2177 SCVAL(state->vwv+0, 0, 0xFF);
2178 SCVAL(state->vwv+1, 0, 0);
2179 SSVAL(state->vwv+2, 0, 0);
2180
2181 subreq = cli_smb_send(state, ev, cli, SMBulogoffX, 0, 2, state->vwv,
2182 0, NULL);
2183 if (tevent_req_nomem(subreq, req)) {
2184 return tevent_req_post(req, ev);
2185 }
2186 tevent_req_set_callback(subreq, cli_ulogoff_done, req);
2187 return req;
2188 }
2189
2190 static void cli_ulogoff_done(struct tevent_req *subreq)
2191 {
2192 struct tevent_req *req = tevent_req_callback_data(
2193 subreq, struct tevent_req);
2194 struct cli_ulogoff_state *state = tevent_req_data(
2195 req, struct cli_ulogoff_state);
2196 NTSTATUS status;
2197
2198 status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
2199 if (!NT_STATUS_IS_OK(status)) {
2200 tevent_req_nterror(req, status);
2201 return;
2202 }
2203 cli_state_set_uid(state->cli, UID_FIELD_INVALID);
2204 tevent_req_done(req);
2205 }
2206
2207 NTSTATUS cli_ulogoff_recv(struct tevent_req *req)
2208 {
2209 return tevent_req_simple_recv_ntstatus(req);
2210 }
2211
2212 NTSTATUS cli_ulogoff(struct cli_state *cli)
2213 {
2214 struct tevent_context *ev;
2215 struct tevent_req *req;
2216 NTSTATUS status = NT_STATUS_NO_MEMORY;
2217
2218 if (smbXcli_conn_has_async_calls(cli->conn)) {
2219 return NT_STATUS_INVALID_PARAMETER;
2220 }
2221 ev = samba_tevent_context_init(talloc_tos());
2222 if (ev == NULL) {
2223 goto fail;
2224 }
2225 req = cli_ulogoff_send(ev, ev, cli);
2226 if (req == NULL) {
2227 goto fail;
2228 }
2229 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
2230 goto fail;
2231 }
2232 status = cli_ulogoff_recv(req);
2233 fail:
2234 TALLOC_FREE(ev);
2235 return status;
2236 }
2237
2238 /****************************************************************************
2239 Send a tconX.
2240 ****************************************************************************/
2241
2242 struct cli_tcon_andx_state {
2243 struct cli_state *cli;
2244 uint16_t vwv[4];
2245 struct iovec bytes;
2246 };
2247
2248 static void cli_tcon_andx_done(struct tevent_req *subreq);
2249
2250 struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
2251 struct tevent_context *ev,
2252 struct cli_state *cli,
2253 const char *share, const char *dev,
2254 const char *pass, int passlen,
2255 struct tevent_req **psmbreq)
2256 {
2257 struct tevent_req *req, *subreq;
2258 struct cli_tcon_andx_state *state;
2259 uint8_t p24[24];
2260 uint16_t *vwv;
2261 char *tmp = NULL;
2262 uint8_t *bytes;
2263 uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
2264 uint16_t tcon_flags = 0;
2265
2266 *psmbreq = NULL;
2267
2268 req = tevent_req_create(mem_ctx, &state, struct cli_tcon_andx_state);
2269 if (req == NULL) {
2270 return NULL;
2271 }
2272 state->cli = cli;
2273 vwv = state->vwv;
2274
2275 cli->share = talloc_strdup(cli, share);
2276 if (!cli->share) {
2277 return NULL;
2278 }
2279
2280 /* in user level security don't send a password now */
2281 if (sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
2282 passlen = 1;
2283 pass = "";
2284 } else if (pass == NULL) {
2285 DEBUG(1, ("Server not using user level security and no "
2286 "password supplied.\n"));
2287 goto access_denied;
2288 }
2289
2290 if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
2291 *pass && passlen != 24) {
2292 if (!lp_client_lanman_auth()) {
2293 DEBUG(1, ("Server requested LANMAN password "
2294 "(share-level security) but "
2295 "'client lanman auth = no' or 'client ntlmv2 auth = yes'\n"));
2296 goto access_denied;
2297 }
2298
2299 /*
2300 * Non-encrypted passwords - convert to DOS codepage before
2301 * encryption.
2302 */
2303 SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn), p24);
2304 passlen = 24;
2305 pass = (const char *)p24;
2306 } else {
2307 if((sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL
2308 |NEGOTIATE_SECURITY_CHALLENGE_RESPONSE))
2309 == 0) {
2310 uint8_t *tmp_pass;
2311
2312 if (!lp_client_plaintext_auth() && (*pass)) {
2313 DEBUG(1, ("Server requested PLAINTEXT "
2314 "password but "
2315 "'client plaintext auth = no' or 'client ntlmv2 auth = yes'\n"));
2316 goto access_denied;
2317 }
2318
2319 /*
2320 * Non-encrypted passwords - convert to DOS codepage
2321 * before using.
2322 */
2323 tmp_pass = talloc_array(talloc_tos(), uint8, 0);
2324 if (tevent_req_nomem(tmp_pass, req)) {
2325 return tevent_req_post(req, ev);
2326 }
2327 tmp_pass = trans2_bytes_push_str(tmp_pass,
2328 false, /* always DOS */
2329 pass,
2330 passlen,
2331 NULL);
2332 if (tevent_req_nomem(tmp_pass, req)) {
2333 return tevent_req_post(req, ev);
2334 }
2335 pass = (const char *)tmp_pass;
2336 passlen = talloc_get_size(tmp_pass);
2337 }
2338 }
2339
2340 tcon_flags |= TCONX_FLAG_EXTENDED_RESPONSE;
2341 tcon_flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
2342
2343 SCVAL(vwv+0, 0, 0xFF);
2344 SCVAL(vwv+0, 1, 0);
2345 SSVAL(vwv+1, 0, 0);
2346 SSVAL(vwv+2, 0, tcon_flags);
2347 SSVAL(vwv+3, 0, passlen);
2348
2349 if (passlen && pass) {
2350 bytes = (uint8_t *)talloc_memdup(state, pass, passlen);
2351 } else {
2352 bytes = talloc_array(state, uint8_t, 0);
2353 }
2354
2355 /*
2356 * Add the sharename
2357 */
2358 tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s",
2359 smbXcli_conn_remote_name(cli->conn), share);
2360 if (tmp == NULL) {
2361 TALLOC_FREE(req);
2362 return NULL;
2363 }
2364 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), tmp, strlen(tmp)+1,
2365 NULL);
2366 TALLOC_FREE(tmp);
2367
2368 /*
2369 * Add the devicetype
2370 */
2371 tmp = talloc_strdup_upper(talloc_tos(), dev);
2372 if (tmp == NULL) {
2373 TALLOC_FREE(req);
2374 return NULL;
2375 }
2376 bytes = smb_bytes_push_str(bytes, false, tmp, strlen(tmp)+1, NULL);
2377 TALLOC_FREE(tmp);
2378
2379 if (bytes == NULL) {
2380 TALLOC_FREE(req);
2381 return NULL;
2382 }
2383
2384 state->bytes.iov_base = (void *)bytes;
2385 state->bytes.iov_len = talloc_get_size(bytes);
2386
2387 subreq = cli_smb_req_create(state, ev, cli, SMBtconX, 0, 4, vwv,
2388 1, &state->bytes);
2389 if (subreq == NULL) {
2390 TALLOC_FREE(req);
2391 return NULL;
2392 }
2393 tevent_req_set_callback(subreq, cli_tcon_andx_done, req);
2394 *psmbreq = subreq;
2395 return req;
2396
2397 access_denied:
2398 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
2399 return tevent_req_post(req, ev);
2400 }
2401
2402 struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
2403 struct tevent_context *ev,
2404 struct cli_state *cli,
2405 const char *share, const char *dev,
2406 const char *pass, int passlen)
2407 {
2408 struct tevent_req *req, *subreq;
2409 NTSTATUS status;
2410
2411 req = cli_tcon_andx_create(mem_ctx, ev, cli, share, dev, pass, passlen,
2412 &subreq);
2413 if (req == NULL) {
2414 return NULL;
2415 }
2416 if (subreq == NULL) {
2417 return req;
2418 }
2419 status = smb1cli_req_chain_submit(&subreq, 1);
2420 if (!NT_STATUS_IS_OK(status)) {
2421 tevent_req_nterror(req, status);
2422 return tevent_req_post(req, ev);
2423 }
2424 return req;
2425 }
2426
2427 static void cli_tcon_andx_done(struct tevent_req *subreq)
2428 {
2429 struct tevent_req *req = tevent_req_callback_data(
2430 subreq, struct tevent_req);
2431 struct cli_tcon_andx_state *state = tevent_req_data(
2432 req, struct cli_tcon_andx_state);
2433 struct cli_state *cli = state->cli;
2434 uint8_t *in;
2435 uint8_t *inhdr;
2436 uint8_t wct;
2437 uint16_t *vwv;
2438 uint32_t num_bytes;
2439 uint8_t *bytes;
2440 NTSTATUS status;
2441 uint16_t optional_support = 0;
2442
2443 status = cli_smb_recv(subreq, state, &in, 0, &wct, &vwv,
2444 &num_bytes, &bytes);
2445 TALLOC_FREE(subreq);
2446 if (!NT_STATUS_IS_OK(status)) {
2447 tevent_req_nterror(req, status);
2448 return;
2449 }
2450
2451 inhdr = in + NBT_HDR_SIZE;
2452
2453 if (num_bytes) {
2454 if (clistr_pull_talloc(cli,
2455 (const char *)inhdr,
2456 SVAL(inhdr, HDR_FLG2),
2457 &cli->dev,
2458 bytes,
2459 num_bytes,
2460 STR_TERMINATE|STR_ASCII) == -1) {
2461 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
2462 return;
2463 }
2464 } else {
2465 cli->dev = talloc_strdup(cli, "");
2466 if (cli->dev == NULL) {
2467 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
2468 return;
2469 }
2470 }
2471
2472 if ((smbXcli_conn_protocol(cli->conn) >= PROTOCOL_NT1) && (num_bytes == 3)) {
2473 /* almost certainly win95 - enable bug fixes */
2474 cli->win95 = True;
2475 }
2476
2477 /*
2478 * Make sure that we have the optional support 16-bit field. WCT > 2.
2479 * Avoids issues when connecting to Win9x boxes sharing files
2480 */
2481
2482 cli->dfsroot = false;
2483
2484 if ((wct > 2) && (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_LANMAN2)) {
2485 optional_support = SVAL(vwv+2, 0);
2486 }
2487
2488 if (optional_support & SMB_SHARE_IN_DFS) {
2489 cli->dfsroot = true;
2490 }
2491
2492 if (optional_support & SMB_EXTENDED_SIGNATURES) {
2493 smb1cli_session_protect_session_key(cli->smb1.session);
2494 }
2495
2496 cli_state_set_tid(cli, SVAL(inhdr, HDR_TID));
2497 tevent_req_done(req);
2498 }
2499
2500 NTSTATUS cli_tcon_andx_recv(struct tevent_req *req)
2501 {
2502 return tevent_req_simple_recv_ntstatus(req);
2503 }
2504
2505 NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
2506 const char *dev, const char *pass, int passlen)
2507 {
2508 TALLOC_CTX *frame = talloc_stackframe();
2509 struct tevent_context *ev;
2510 struct tevent_req *req;
2511 NTSTATUS status = NT_STATUS_OK;
2512
2513 if (smbXcli_conn_has_async_calls(cli->conn)) {
2514 /*
2515 * Can't use sync call while an async call is in flight
2516 */
2517 status = NT_STATUS_INVALID_PARAMETER;
2518 goto fail;
2519 }
2520
2521 ev = samba_tevent_context_init(frame);
2522 if (ev == NULL) {
2523 status = NT_STATUS_NO_MEMORY;
2524 goto fail;
2525 }
2526
2527 req = cli_tcon_andx_send(frame, ev, cli, share, dev, pass, passlen);
2528 if (req == NULL) {
2529 status = NT_STATUS_NO_MEMORY;
2530 goto fail;
2531 }
2532
2533 if (!tevent_req_poll(req, ev)) {
2534 status = map_nt_error_from_unix(errno);
2535 goto fail;
2536 }
2537
2538 status = cli_tcon_andx_recv(req);
2539 fail:
2540 TALLOC_FREE(frame);
2541 return status;
2542 }
2543
2544 NTSTATUS cli_tree_connect(struct cli_state *cli, const char *share,
2545 const char *dev, const char *pass, int passlen)
2546 {
2547 NTSTATUS status;
2548 uint16_t max_xmit = 0;
2549 uint16_t tid = 0;
2550
2551 cli->share = talloc_strdup(cli, share);
2552 if (!cli->share) {
2553 return NT_STATUS_NO_MEMORY;
2554 }
2555
2556 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
2557 return smb2cli_tcon(cli, share);
2558 }
2559
2560 if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_LANMAN1) {
2561 return cli_tcon_andx(cli, share, dev, pass, passlen);
2562 }
2563
2564 status = cli_raw_tcon(cli, share, pass, dev, &max_xmit, &tid);
2565 if (!NT_STATUS_IS_OK(status)) {
2566 return status;
2567 }
2568
2569 cli_state_set_tid(cli, tid);
2570
2571 return NT_STATUS_OK;
2572 }
2573
2574 /****************************************************************************
2575 Send a tree disconnect.
2576 ****************************************************************************/
2577
2578 struct cli_tdis_state {
2579 struct cli_state *cli;
2580 };
2581
2582 static void cli_tdis_done(struct tevent_req *subreq);
2583
2584 struct tevent_req *cli_tdis_send(TALLOC_CTX *mem_ctx,
2585 struct tevent_context *ev,
2586 struct cli_state *cli)
2587 {
2588 struct tevent_req *req, *subreq;
2589 struct cli_tdis_state *state;
2590
2591 req = tevent_req_create(mem_ctx, &state, struct cli_tdis_state);
2592 if (req == NULL) {
2593 return NULL;
2594 }
2595 state->cli = cli;
2596
2597 subreq = cli_smb_send(state, ev, cli, SMBtdis, 0, 0, NULL, 0, NULL);
2598 if (tevent_req_nomem(subreq, req)) {
2599 return tevent_req_post(req, ev);
2600 }
2601 tevent_req_set_callback(subreq, cli_tdis_done, req);
2602 return req;
2603 }
2604
2605 static void cli_tdis_done(struct tevent_req *subreq)
2606 {
2607 struct tevent_req *req = tevent_req_callback_data(
2608 subreq, struct tevent_req);
2609 struct cli_tdis_state *state = tevent_req_data(
2610 req, struct cli_tdis_state);
2611 NTSTATUS status;
2612
2613 status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
2614 TALLOC_FREE(subreq);
2615 if (!NT_STATUS_IS_OK(status)) {
2616 tevent_req_nterror(req, status);
2617 return;
2618 }
2619 cli_state_set_tid(state->cli, UINT16_MAX);
2620 tevent_req_done(req);
2621 }
2622
2623 NTSTATUS cli_tdis_recv(struct tevent_req *req)
2624 {
2625 return tevent_req_simple_recv_ntstatus(req);
2626 }
2627
2628 NTSTATUS cli_tdis(struct cli_state *cli)
2629 {
2630 struct tevent_context *ev;
2631 struct tevent_req *req;
2632 NTSTATUS status = NT_STATUS_NO_MEMORY;
2633
2634 if (smbXcli_conn_has_async_calls(cli->conn)) {
2635 return NT_STATUS_INVALID_PARAMETER;
2636 }
2637 ev = samba_tevent_context_init(talloc_tos());
2638 if (ev == NULL) {
2639 goto fail;
2640 }
2641 req = cli_tdis_send(ev, ev, cli);
2642 if (req == NULL) {
2643 goto fail;
2644 }
2645 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
2646 goto fail;
2647 }
2648 status = cli_tdis_recv(req);
2649 fail:
2650 TALLOC_FREE(ev);
2651 return status;
2652 }
2653
2654 static NTSTATUS cli_connect_sock(const char *host, int name_type,
2655 const struct sockaddr_storage *pss,
2656 const char *myname, uint16_t port,
2657 int sec_timeout, int *pfd, uint16_t *pport)
2658 {
2659 TALLOC_CTX *frame = talloc_stackframe();
2660 const char *prog;
2661 unsigned int i, num_addrs;
2662 const char **called_names;
2663 const char **calling_names;
2664 int *called_types;
2665 NTSTATUS status;
2666 int fd;
2667
2668 prog = getenv("LIBSMB_PROG");
2669 if (prog != NULL) {
2670 fd = sock_exec(prog);
2671 if (fd == -1) {
2672 return map_nt_error_from_unix(errno);
2673 }
2674 port = 0;
2675 goto done;
2676 }
2677
2678 if ((pss == NULL) || is_zero_addr(pss)) {
2679 struct sockaddr_storage *addrs;
2680 status = resolve_name_list(talloc_tos(), host, name_type,
2681 &addrs, &num_addrs);
2682 if (!NT_STATUS_IS_OK(status)) {
2683 goto fail;
2684 }
2685 pss = addrs;
2686 } else {
2687 num_addrs = 1;
2688 }
2689
2690 called_names = talloc_array(talloc_tos(), const char *, num_addrs);
2691 if (called_names == NULL) {
2692 status = NT_STATUS_NO_MEMORY;
2693 goto fail;
2694 }
2695 called_types = talloc_array(talloc_tos(), int, num_addrs);
2696 if (called_types == NULL) {
2697 status = NT_STATUS_NO_MEMORY;
2698 goto fail;
2699 }
2700 calling_names = talloc_array(talloc_tos(), const char *, num_addrs);
2701 if (calling_names == NULL) {
2702 status = NT_STATUS_NO_MEMORY;
2703 goto fail;
2704 }
2705 for (i=0; i<num_addrs; i++) {
2706 called_names[i] = host;
2707 called_types[i] = name_type;
2708 calling_names[i] = myname;
2709 }
2710 status = smbsock_any_connect(pss, called_names, called_types,
2711 calling_names, NULL, num_addrs, port,
2712 sec_timeout, &fd, NULL, &port);
2713 if (!NT_STATUS_IS_OK(status)) {
2714 goto fail;
2715 }
2716 set_socket_options(fd, lp_socket_options());
2717 done:
2718 *pfd = fd;
2719 *pport = port;
2720 status = NT_STATUS_OK;
2721 fail:
2722 TALLOC_FREE(frame);
2723 return status;
2724 }
2725
2726 NTSTATUS cli_connect_nb(const char *host, const struct sockaddr_storage *dest_ss,
2727 uint16_t port, int name_type, const char *myname,
2728 int signing_state, int flags, struct cli_state **pcli)
2729 {
2730 TALLOC_CTX *frame = talloc_stackframe();
2731 struct cli_state *cli;
2732 NTSTATUS status = NT_STATUS_NO_MEMORY;
2733 int fd = -1;
2734 char *desthost;
2735 char *p;
2736
2737 desthost = talloc_strdup(talloc_tos(), host);
2738 if (desthost == NULL) {
2739 goto fail;
2740 }
2741
2742 p = strchr(host, '#');
2743 if (p != NULL) {
2744 name_type = strtol(p+1, NULL, 16);
2745 host = talloc_strndup(talloc_tos(), host, p - host);
2746 if (host == NULL) {
2747 goto fail;
2748 }
2749 }
2750
2751 status = cli_connect_sock(host, name_type, dest_ss, myname, port,
2752 20, &fd, &port);
2753 if (!NT_STATUS_IS_OK(status)) {
2754 goto fail;
2755 }
2756
2757 cli = cli_state_create(NULL, fd, desthost, NULL, signing_state, flags);
2758 if (cli == NULL) {
2759 close(fd);
2760 fd = -1;
2761 goto fail;
2762 }
2763
2764 *pcli = cli;
2765 status = NT_STATUS_OK;
2766 fail:
2767 TALLOC_FREE(frame);
2768 return status;
2769 }
2770
2771 /**
2772 establishes a connection to after the negprot.
2773 @param output_cli A fully initialised cli structure, non-null only on success
2774 @param dest_host The netbios name of the remote host
2775 @param dest_ss (optional) The the destination IP, NULL for name based lookup
2776 @param port (optional) The destination port (0 for default)
2777 */
2778 NTSTATUS cli_start_connection(struct cli_state **output_cli,
2779 const char *my_name,
2780 const char *dest_host,
2781 const struct sockaddr_storage *dest_ss, int port,
2782 int signing_state, int flags)
2783 {
2784 NTSTATUS nt_status;
2785 struct cli_state *cli;
2786
2787 nt_status = cli_connect_nb(dest_host, dest_ss, port, 0x20, my_name,
2788 signing_state, flags, &cli);
2789 if (!NT_STATUS_IS_OK(nt_status)) {
2790 DEBUG(10, ("cli_connect_nb failed: %s\n",
2791 nt_errstr(nt_status)));
2792 return nt_status;
2793 }
2794
2795 nt_status = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE,
2796 PROTOCOL_NT1);
2797 if (!NT_STATUS_IS_OK(nt_status)) {
2798 DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status)));
2799 cli_shutdown(cli);
2800 return nt_status;
2801 }
2802
2803 *output_cli = cli;
2804 return NT_STATUS_OK;
2805 }
2806
2807
2808 /**
2809 establishes a connection right up to doing tconX, password specified.
2810 @param output_cli A fully initialised cli structure, non-null only on success
2811 @param dest_host The netbios name of the remote host
2812 @param dest_ip (optional) The the destination IP, NULL for name based lookup
2813 @param port (optional) The destination port (0 for default)
2814 @param service (optional) The share to make the connection to. Should be 'unqualified' in any way.
2815 @param service_type The 'type' of serivice.
2816 @param user Username, unix string
2817 @param domain User's domain
2818 @param password User's password, unencrypted unix string.
2819 */
2820
2821 NTSTATUS cli_full_connection(struct cli_state **output_cli,
2822 const char *my_name,
2823 const char *dest_host,
2824 const struct sockaddr_storage *dest_ss, int port,
2825 const char *service, const char *service_type,
2826 const char *user, const char *domain,
2827 const char *password, int flags,
2828 int signing_state)
2829 {
2830 NTSTATUS nt_status;
2831 struct cli_state *cli = NULL;
2832 int pw_len = password ? strlen(password)+1 : 0;
2833
2834 *output_cli = NULL;
2835
2836 if (password == NULL) {
2837 password = "";
2838 }
2839
2840 nt_status = cli_start_connection(&cli, my_name, dest_host,
2841 dest_ss, port, signing_state,
2842 flags);
2843
2844 if (!NT_STATUS_IS_OK(nt_status)) {
2845 return nt_status;
2846 }
2847
2848 nt_status = cli_session_setup(cli, user, password, pw_len, password,
2849 pw_len, domain);
2850 if (!NT_STATUS_IS_OK(nt_status)) {
2851
2852 if (!(flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
2853 DEBUG(1,("failed session setup with %s\n",
2854 nt_errstr(nt_status)));
2855 cli_shutdown(cli);
2856 return nt_status;
2857 }
2858
2859 nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
2860 if (!NT_STATUS_IS_OK(nt_status)) {
2861 DEBUG(1,("anonymous failed session setup with %s\n",
2862 nt_errstr(nt_status)));
2863 cli_shutdown(cli);
2864 return nt_status;
2865 }
2866 }
2867
2868 if (service) {
2869 nt_status = cli_tree_connect(cli, service, service_type,
2870 password, pw_len);
2871 if (!NT_STATUS_IS_OK(nt_status)) {
2872 DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
2873 cli_shutdown(cli);
2874 if (NT_STATUS_IS_OK(nt_status)) {
2875 nt_status = NT_STATUS_UNSUCCESSFUL;
2876 }
2877 return nt_status;
2878 }
2879 }
2880
2881 nt_status = cli_init_creds(cli, user, domain, password);
2882 if (!NT_STATUS_IS_OK(nt_status)) {
2883 cli_shutdown(cli);
2884 return nt_status;
2885 }
2886
2887 *output_cli = cli;
2888 return NT_STATUS_OK;
2889 }
2890
2891 /****************************************************************************
2892 Send an old style tcon.
2893 ****************************************************************************/
2894 NTSTATUS cli_raw_tcon(struct cli_state *cli,
2895 const char *service, const char *pass, const char *dev,
2896 uint16 *max_xmit, uint16 *tid)
2897 {
2898 struct tevent_req *req;
2899 uint16_t *ret_vwv;
2900 uint8_t *bytes;
2901 NTSTATUS status;
2902
2903 if (!lp_client_plaintext_auth() && (*pass)) {
2904 DEBUG(1, ("Server requested PLAINTEXT password but 'client plaintext auth = no'"
2905 " or 'client ntlmv2 auth = yes'\n"));
2906 return NT_STATUS_ACCESS_DENIED;
2907 }
2908
2909 bytes = talloc_array(talloc_tos(), uint8_t, 0);
2910 bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
2911 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
2912 service, strlen(service)+1, NULL);
2913 bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
2914 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
2915 pass, strlen(pass)+1, NULL);
2916 bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
2917 bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
2918 dev, strlen(dev)+1, NULL);
2919
2920 status = cli_smb(talloc_tos(), cli, SMBtcon, 0, 0, NULL,
2921 talloc_get_size(bytes), bytes, &req,
2922 2, NULL, &ret_vwv, NULL, NULL);
2923 if (!NT_STATUS_IS_OK(status)) {
2924 return status;
2925 }
2926
2927 *max_xmit = SVAL(ret_vwv + 0, 0);
2928 *tid = SVAL(ret_vwv + 1, 0);
2929
2930 return NT_STATUS_OK;
2931 }
2932
2933 /* Return a cli_state pointing at the IPC$ share for the given server */
2934
2935 struct cli_state *get_ipc_connect(char *server,
2936 struct sockaddr_storage *server_ss,
2937 const struct user_auth_info *user_info)
2938 {
2939 struct cli_state *cli;
2940 NTSTATUS nt_status;
2941 uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
2942
2943 if (user_info->use_kerberos) {
2944 flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
2945 }
2946
2947 nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
2948 user_info->username ? user_info->username : "",
2949 lp_workgroup(),
2950 user_info->password ? user_info->password : "",
2951 flags,
2952 SMB_SIGNING_DEFAULT);
2953
2954 if (NT_STATUS_IS_OK(nt_status)) {
2955 return cli;
2956 } else if (is_ipaddress(server)) {
2957 /* windows 9* needs a correct NMB name for connections */
2958 fstring remote_name;
2959
2960 if (name_status_find("*", 0, 0, server_ss, remote_name)) {
2961 cli = get_ipc_connect(remote_name, server_ss, user_info);
2962 if (cli)
2963 return cli;
2964 }
2965 }
2966 return NULL;
2967 }
2968
2969 /*
2970 * Given the IP address of a master browser on the network, return its
2971 * workgroup and connect to it.
2972 *
2973 * This function is provided to allow additional processing beyond what
2974 * get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
2975 * browsers and obtain each master browsers' list of domains (in case the
2976 * first master browser is recently on the network and has not yet
2977 * synchronized with other master browsers and therefore does not yet have the
2978 * entire network browse list)
2979 */
2980
2981 struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
2982 struct sockaddr_storage *mb_ip,
2983 const struct user_auth_info *user_info,
2984 char **pp_workgroup_out)
2985 {
2986 char addr[INET6_ADDRSTRLEN];
2987 fstring name;
2988 struct cli_state *cli;
2989 struct sockaddr_storage server_ss;
2990
2991 *pp_workgroup_out = NULL;
2992
2993 print_sockaddr(addr, sizeof(addr), mb_ip);
2994 DEBUG(99, ("Looking up name of master browser %s\n",
2995 addr));
2996
2997 /*
2998 * Do a name status query to find out the name of the master browser.
2999 * We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
3000 * master browser will not respond to a wildcard query (or, at least,
3001 * an NT4 server acting as the domain master browser will not).
3002 *
3003 * We might be able to use ONLY the query on MSBROWSE, but that's not
3004 * yet been tested with all Windows versions, so until it is, leave
3005 * the original wildcard query as the first choice and fall back to
3006 * MSBROWSE if the wildcard query fails.
3007 */
3008 if (!name_status_find("*", 0, 0x1d, mb_ip, name) &&
3009 !name_status_find(MSBROWSE, 1, 0x1d, mb_ip, name)) {
3010
3011 DEBUG(99, ("Could not retrieve name status for %s\n",
3012 addr));
3013 return NULL;
3014 }
3015
3016 if (!find_master_ip(name, &server_ss)) {
3017 DEBUG(99, ("Could not find master ip for %s\n", name));
3018 return NULL;
3019 }
3020
3021 *pp_workgroup_out = talloc_strdup(ctx, name);
3022
3023 DEBUG(4, ("found master browser %s, %s\n", name, addr));
3024
3025 print_sockaddr(addr, sizeof(addr), &server_ss);
3026 cli = get_ipc_connect(addr, &server_ss, user_info);
3027
3028 return cli;
3029 }
3030
3031 /*
3032 * Return the IP address and workgroup of a master browser on the network, and
3033 * connect to it.
3034 */
3035
3036 struct cli_state *get_ipc_connect_master_ip_bcast(TALLOC_CTX *ctx,
3037 const struct user_auth_info *user_info,
3038 char **pp_workgroup_out)
3039 {
3040 struct sockaddr_storage *ip_list;
3041 struct cli_state *cli;
3042 int i, count;
3043 NTSTATUS status;
3044
3045 *pp_workgroup_out = NULL;
3046
3047 DEBUG(99, ("Do broadcast lookup for workgroups on local network\n"));
3048
3049 /* Go looking for workgroups by broadcasting on the local network */
3050
3051 status = name_resolve_bcast(MSBROWSE, 1, talloc_tos(),
3052 &ip_list, &count);
3053 if (!NT_STATUS_IS_OK(status)) {
3054 DEBUG(99, ("No master browsers responded: %s\n",
3055 nt_errstr(status)));
3056 return NULL;
3057 }
3058
3059 for (i = 0; i < count; i++) {
3060 char addr[INET6_ADDRSTRLEN];
3061 print_sockaddr(addr, sizeof(addr), &ip_list[i]);
3062 DEBUG(99, ("Found master browser %s\n", addr));
3063
3064 cli = get_ipc_connect_master_ip(ctx, &ip_list[i],
3065 user_info, pp_workgroup_out);
3066 if (cli)
3067 return(cli);
3068 }
3069
3070 return NULL;
3071 }
reg import