search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-docs: Unify capitalization.
[Samba/gebeck_regimport.git] / source3 / libsmb / cliconnect.c
blob22be999a15f6b54f79593783c3685a5036e0721a
1 /*
2 Unix SMB/CIFS implementation.
3 client connect/disconnect routines
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Andrew Bartlett 2001-2003
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "../libcli/auth/libcli_auth.h"
23 #include "../libcli/auth/spnego.h"
24 #include "smb_krb5.h"
25
26 static const struct {
27 int prot;
28 const char name[24];
29 } prots[10] = {
30 {PROTOCOL_CORE, "PC NETWORK PROGRAM 1.0"},
31 {PROTOCOL_COREPLUS, "MICROSOFT NETWORKS 1.03"},
32 {PROTOCOL_LANMAN1, "MICROSOFT NETWORKS 3.0"},
33 {PROTOCOL_LANMAN1, "LANMAN1.0"},
34 {PROTOCOL_LANMAN2, "LM1.2X002"},
35 {PROTOCOL_LANMAN2, "DOS LANMAN2.1"},
36 {PROTOCOL_LANMAN2, "LANMAN2.1"},
37 {PROTOCOL_LANMAN2, "Samba"},
38 {PROTOCOL_NT1, "NT LANMAN 1.0"},
39 {PROTOCOL_NT1, "NT LM 0.12"},
40 };
41
42 #define STAR_SMBSERVER "*SMBSERVER"
43
44 /**
45 * Set the user session key for a connection
46 * @param cli The cli structure to add it too
47 * @param session_key The session key used. (A copy of this is taken for the cli struct)
48 *
49 */
50
51 static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB session_key)
52 {
53 cli->user_session_key = data_blob(session_key.data, session_key.length);
54 }
55
56 /****************************************************************************
57 Do an old lanman2 style session setup.
58 ****************************************************************************/
59
60 static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
61 const char *user,
62 const char *pass, size_t passlen,
63 const char *workgroup)
64 {
65 DATA_BLOB session_key = data_blob_null;
66 DATA_BLOB lm_response = data_blob_null;
67 NTSTATUS status;
68 fstring pword;
69 char *p;
70
71 if (passlen > sizeof(pword)-1) {
72 return NT_STATUS_INVALID_PARAMETER;
73 }
74
75 /* LANMAN servers predate NT status codes and Unicode and ignore those
76 smb flags so we must disable the corresponding default capabilities
77 that would otherwise cause the Unicode and NT Status flags to be
78 set (and even returned by the server) */
79
80 cli->capabilities &= ~(CAP_UNICODE | CAP_STATUS32);
81
82 /* if in share level security then don't send a password now */
83 if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
84 passlen = 0;
85
86 if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) {
87 /* Encrypted mode needed, and non encrypted password supplied. */
88 lm_response = data_blob(NULL, 24);
89 if (!SMBencrypt(pass, cli->secblob.data,(uchar *)lm_response.data)) {
90 DEBUG(1, ("Password is > 14 chars in length, and is therefore incompatible with Lanman authentication\n"));
91 return NT_STATUS_ACCESS_DENIED;
92 }
93 } else if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen == 24) {
94 /* Encrypted mode needed, and encrypted password supplied. */
95 lm_response = data_blob(pass, passlen);
96 } else if (passlen > 0) {
97 /* Plaintext mode needed, assume plaintext supplied. */
98 passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
99 lm_response = data_blob(pass, passlen);
100 }
101
102 /* send a session setup command */
103 memset(cli->outbuf,'\0',smb_size);
104 cli_set_message(cli->outbuf,10, 0, True);
105 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
106 cli_setup_packet(cli);
107
108 SCVAL(cli->outbuf,smb_vwv0,0xFF);
109 SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
110 SSVAL(cli->outbuf,smb_vwv3,2);
111 SSVAL(cli->outbuf,smb_vwv4,1);
112 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
113 SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
114
115 p = smb_buf(cli->outbuf);
116 memcpy(p,lm_response.data,lm_response.length);
117 p += lm_response.length;
118 p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER);
119 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
120 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
121 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
122 cli_setup_bcc(cli, p);
123
124 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
125 return cli_nt_error(cli);
126 }
127
128 show_msg(cli->inbuf);
129
130 if (cli_is_error(cli)) {
131 return cli_nt_error(cli);
132 }
133
134 /* use the returned vuid from now on */
135 cli->vuid = SVAL(cli->inbuf,smb_uid);
136 status = cli_set_username(cli, user);
137 if (!NT_STATUS_IS_OK(status)) {
138 return status;
139 }
140
141 if (session_key.data) {
142 /* Have plaintext orginal */
143 cli_set_session_key(cli, session_key);
144 }
145
146 return NT_STATUS_OK;
147 }
148
149 /****************************************************************************
150 Work out suitable capabilities to offer the server.
151 ****************************************************************************/
152
153 static uint32 cli_session_setup_capabilities(struct cli_state *cli)
154 {
155 uint32 capabilities = CAP_NT_SMBS;
156
157 if (!cli->force_dos_errors)
158 capabilities |= CAP_STATUS32;
159
160 if (cli->use_level_II_oplocks)
161 capabilities |= CAP_LEVEL_II_OPLOCKS;
162
163 capabilities |= (cli->capabilities & (CAP_UNICODE|CAP_LARGE_FILES|CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_DFS));
164 return capabilities;
165 }
166
167 /****************************************************************************
168 Do a NT1 guest session setup.
169 ****************************************************************************/
170
171 struct cli_session_setup_guest_state {
172 struct cli_state *cli;
173 uint16_t vwv[16];
174 struct iovec bytes;
175 };
176
177 static void cli_session_setup_guest_done(struct tevent_req *subreq);
178
179 struct tevent_req *cli_session_setup_guest_create(TALLOC_CTX *mem_ctx,
180 struct event_context *ev,
181 struct cli_state *cli,
182 struct tevent_req **psmbreq)
183 {
184 struct tevent_req *req, *subreq;
185 struct cli_session_setup_guest_state *state;
186 uint16_t *vwv;
187 uint8_t *bytes;
188
189 req = tevent_req_create(mem_ctx, &state,
190 struct cli_session_setup_guest_state);
191 if (req == NULL) {
192 return NULL;
193 }
194 state->cli = cli;
195 vwv = state->vwv;
196
197 SCVAL(vwv+0, 0, 0xFF);
198 SCVAL(vwv+0, 1, 0);
199 SSVAL(vwv+1, 0, 0);
200 SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
201 SSVAL(vwv+3, 0, 2);
202 SSVAL(vwv+4, 0, cli->pid);
203 SIVAL(vwv+5, 0, cli->sesskey);
204 SSVAL(vwv+7, 0, 0);
205 SSVAL(vwv+8, 0, 0);
206 SSVAL(vwv+9, 0, 0);
207 SSVAL(vwv+10, 0, 0);
208 SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
209
210 bytes = talloc_array(state, uint8_t, 0);
211
212 bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* username */
213 NULL);
214 bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* workgroup */
215 NULL);
216 bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", 5, NULL);
217 bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", 6, NULL);
218
219 if (bytes == NULL) {
220 TALLOC_FREE(req);
221 return NULL;
222 }
223
224 state->bytes.iov_base = (void *)bytes;
225 state->bytes.iov_len = talloc_get_size(bytes);
226
227 subreq = cli_smb_req_create(state, ev, cli, SMBsesssetupX, 0, 13, vwv,
228 1, &state->bytes);
229 if (subreq == NULL) {
230 TALLOC_FREE(req);
231 return NULL;
232 }
233 tevent_req_set_callback(subreq, cli_session_setup_guest_done, req);
234 *psmbreq = subreq;
235 return req;
236 }
237
238 struct tevent_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
239 struct event_context *ev,
240 struct cli_state *cli)
241 {
242 struct tevent_req *req, *subreq;
243 NTSTATUS status;
244
245 req = cli_session_setup_guest_create(mem_ctx, ev, cli, &subreq);
246 if (req == NULL) {
247 return NULL;
248 }
249
250 status = cli_smb_req_send(subreq);
251 if (NT_STATUS_IS_OK(status)) {
252 tevent_req_nterror(req, status);
253 return tevent_req_post(req, ev);
254 }
255 return req;
256 }
257
258 static void cli_session_setup_guest_done(struct tevent_req *subreq)
259 {
260 struct tevent_req *req = tevent_req_callback_data(
261 subreq, struct tevent_req);
262 struct cli_session_setup_guest_state *state = tevent_req_data(
263 req, struct cli_session_setup_guest_state);
264 struct cli_state *cli = state->cli;
265 uint32_t num_bytes;
266 char *inbuf;
267 uint8_t *bytes;
268 uint8_t *p;
269 NTSTATUS status;
270
271 status = cli_smb_recv(subreq, 0, NULL, NULL, &num_bytes, &bytes);
272 if (!NT_STATUS_IS_OK(status)) {
273 TALLOC_FREE(subreq);
274 tevent_req_nterror(req, status);
275 return;
276 }
277
278 inbuf = (char *)cli_smb_inbuf(subreq);
279 p = bytes;
280
281 cli->vuid = SVAL(inbuf, smb_uid);
282
283 p += clistr_pull(inbuf, cli->server_os, (char *)p, sizeof(fstring),
284 bytes+num_bytes-p, STR_TERMINATE);
285 p += clistr_pull(inbuf, cli->server_type, (char *)p, sizeof(fstring),
286 bytes+num_bytes-p, STR_TERMINATE);
287 p += clistr_pull(inbuf, cli->server_domain, (char *)p, sizeof(fstring),
288 bytes+num_bytes-p, STR_TERMINATE);
289
290 if (strstr(cli->server_type, "Samba")) {
291 cli->is_samba = True;
292 }
293
294 TALLOC_FREE(subreq);
295
296 status = cli_set_username(cli, "");
297 if (!NT_STATUS_IS_OK(status)) {
298 tevent_req_nterror(req, status);
299 return;
300 }
301 tevent_req_done(req);
302 }
303
304 NTSTATUS cli_session_setup_guest_recv(struct tevent_req *req)
305 {
306 return tevent_req_simple_recv_ntstatus(req);
307 }
308
309 static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
310 {
311 TALLOC_CTX *frame = talloc_stackframe();
312 struct event_context *ev;
313 struct tevent_req *req;
314 NTSTATUS status = NT_STATUS_OK;
315
316 if (cli_has_async_calls(cli)) {
317 /*
318 * Can't use sync call while an async call is in flight
319 */
320 status = NT_STATUS_INVALID_PARAMETER;
321 goto fail;
322 }
323
324 ev = event_context_init(frame);
325 if (ev == NULL) {
326 status = NT_STATUS_NO_MEMORY;
327 goto fail;
328 }
329
330 req = cli_session_setup_guest_send(frame, ev, cli);
331 if (req == NULL) {
332 status = NT_STATUS_NO_MEMORY;
333 goto fail;
334 }
335
336 if (!tevent_req_poll(req, ev)) {
337 status = map_nt_error_from_unix(errno);
338 goto fail;
339 }
340
341 status = cli_session_setup_guest_recv(req);
342 fail:
343 TALLOC_FREE(frame);
344 if (!NT_STATUS_IS_OK(status)) {
345 cli_set_error(cli, status);
346 }
347 return status;
348 }
349
350 /****************************************************************************
351 Do a NT1 plaintext session setup.
352 ****************************************************************************/
353
354 static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
355 const char *user, const char *pass,
356 const char *workgroup)
357 {
358 uint32 capabilities = cli_session_setup_capabilities(cli);
359 char *p;
360 NTSTATUS status;
361 fstring lanman;
362
363 fstr_sprintf( lanman, "Samba %s", samba_version_string());
364
365 memset(cli->outbuf, '\0', smb_size);
366 cli_set_message(cli->outbuf,13,0,True);
367 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
368 cli_setup_packet(cli);
369
370 SCVAL(cli->outbuf,smb_vwv0,0xFF);
371 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
372 SSVAL(cli->outbuf,smb_vwv3,2);
373 SSVAL(cli->outbuf,smb_vwv4,cli->pid);
374 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
375 SSVAL(cli->outbuf,smb_vwv8,0);
376 SIVAL(cli->outbuf,smb_vwv11,capabilities);
377 p = smb_buf(cli->outbuf);
378
379 /* check wether to send the ASCII or UNICODE version of the password */
380
381 if ( (capabilities & CAP_UNICODE) == 0 ) {
382 p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
383 SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
384 }
385 else {
386 /* For ucs2 passwords clistr_push calls ucs2_align, which causes
387 * the space taken by the unicode password to be one byte too
388 * long (as we're on an odd byte boundary here). Reduce the
389 * count by 1 to cope with this. Fixes smbclient against NetApp
390 * servers which can't cope. Fix from
391 * bryan.kolodziej@allenlund.com in bug #3840.
392 */
393 p += clistr_push(cli, p, pass, -1, STR_UNICODE|STR_TERMINATE); /* unicode password */
394 SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf))-1);
395 }
396
397 p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
398 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
399 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
400 p += clistr_push(cli, p, lanman, -1, STR_TERMINATE);
401 cli_setup_bcc(cli, p);
402
403 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
404 return cli_nt_error(cli);
405 }
406
407 show_msg(cli->inbuf);
408
409 if (cli_is_error(cli)) {
410 return cli_nt_error(cli);
411 }
412
413 cli->vuid = SVAL(cli->inbuf,smb_uid);
414 p = smb_buf(cli->inbuf);
415 p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
416 -1, STR_TERMINATE);
417 p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
418 -1, STR_TERMINATE);
419 p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
420 -1, STR_TERMINATE);
421 status = cli_set_username(cli, user);
422 if (!NT_STATUS_IS_OK(status)) {
423 return status;
424 }
425 if (strstr(cli->server_type, "Samba")) {
426 cli->is_samba = True;
427 }
428
429 return NT_STATUS_OK;
430 }
431
432 /****************************************************************************
433 do a NT1 NTLM/LM encrypted session setup - for when extended security
434 is not negotiated.
435 @param cli client state to create do session setup on
436 @param user username
437 @param pass *either* cleartext password (passlen !=24) or LM response.
438 @param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
439 @param workgroup The user's domain.
440 ****************************************************************************/
441
442 static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
443 const char *pass, size_t passlen,
444 const char *ntpass, size_t ntpasslen,
445 const char *workgroup)
446 {
447 uint32 capabilities = cli_session_setup_capabilities(cli);
448 DATA_BLOB lm_response = data_blob_null;
449 DATA_BLOB nt_response = data_blob_null;
450 DATA_BLOB session_key = data_blob_null;
451 NTSTATUS result;
452 char *p;
453 bool ok;
454
455 if (passlen == 0) {
456 /* do nothing - guest login */
457 } else if (passlen != 24) {
458 if (lp_client_ntlmv2_auth()) {
459 DATA_BLOB server_chal;
460 DATA_BLOB names_blob;
461 server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8));
462
463 /* note that the 'workgroup' here is a best guess - we don't know
464 the server's domain at this point. The 'server name' is also
465 dodgy...
466 */
467 names_blob = NTLMv2_generate_names_blob(NULL, cli->called.name, workgroup);
468
469 if (!SMBNTLMv2encrypt(NULL, user, workgroup, pass, &server_chal,
470 &names_blob,
471 &lm_response, &nt_response, NULL, &session_key)) {
472 data_blob_free(&names_blob);
473 data_blob_free(&server_chal);
474 return NT_STATUS_ACCESS_DENIED;
475 }
476 data_blob_free(&names_blob);
477 data_blob_free(&server_chal);
478
479 } else {
480 uchar nt_hash[16];
481 E_md4hash(pass, nt_hash);
482
483 #ifdef LANMAN_ONLY
484 nt_response = data_blob_null;
485 #else
486 nt_response = data_blob(NULL, 24);
487 SMBNTencrypt(pass,cli->secblob.data,nt_response.data);
488 #endif
489 /* non encrypted password supplied. Ignore ntpass. */
490 if (lp_client_lanman_auth()) {
491 lm_response = data_blob(NULL, 24);
492 if (!SMBencrypt(pass,cli->secblob.data, lm_response.data)) {
493 /* Oops, the LM response is invalid, just put
494 the NT response there instead */
495 data_blob_free(&lm_response);
496 lm_response = data_blob(nt_response.data, nt_response.length);
497 }
498 } else {
499 /* LM disabled, place NT# in LM field instead */
500 lm_response = data_blob(nt_response.data, nt_response.length);
501 }
502
503 session_key = data_blob(NULL, 16);
504 #ifdef LANMAN_ONLY
505 E_deshash(pass, session_key.data);
506 memset(&session_key.data[8], '\0', 8);
507 #else
508 SMBsesskeygen_ntv1(nt_hash, session_key.data);
509 #endif
510 }
511 cli_temp_set_signing(cli);
512 } else {
513 /* pre-encrypted password supplied. Only used for
514 security=server, can't do
515 signing because we don't have original key */
516
517 lm_response = data_blob(pass, passlen);
518 nt_response = data_blob(ntpass, ntpasslen);
519 }
520
521 /* send a session setup command */
522 memset(cli->outbuf,'\0',smb_size);
523
524 cli_set_message(cli->outbuf,13,0,True);
525 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
526 cli_setup_packet(cli);
527
528 SCVAL(cli->outbuf,smb_vwv0,0xFF);
529 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
530 SSVAL(cli->outbuf,smb_vwv3,2);
531 SSVAL(cli->outbuf,smb_vwv4,cli->pid);
532 SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
533 SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
534 SSVAL(cli->outbuf,smb_vwv8,nt_response.length);
535 SIVAL(cli->outbuf,smb_vwv11,capabilities);
536 p = smb_buf(cli->outbuf);
537 if (lm_response.length) {
538 memcpy(p,lm_response.data, lm_response.length); p += lm_response.length;
539 }
540 if (nt_response.length) {
541 memcpy(p,nt_response.data, nt_response.length); p += nt_response.length;
542 }
543 p += clistr_push(cli, p, user, -1, STR_TERMINATE);
544
545 /* Upper case here might help some NTLMv2 implementations */
546 p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
547 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
548 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
549 cli_setup_bcc(cli, p);
550
551 if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
552 result = cli_nt_error(cli);
553 goto end;
554 }
555
556 /* show_msg(cli->inbuf); */
557
558 if (cli_is_error(cli)) {
559 result = cli_nt_error(cli);
560 goto end;
561 }
562
563 #ifdef LANMAN_ONLY
564 ok = cli_simple_set_signing(cli, session_key, lm_response);
565 #else
566 ok = cli_simple_set_signing(cli, session_key, nt_response);
567 #endif
568 if (ok) {
569 if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
570 result = NT_STATUS_ACCESS_DENIED;
571 goto end;
572 }
573 }
574
575 /* use the returned vuid from now on */
576 cli->vuid = SVAL(cli->inbuf,smb_uid);
577
578 p = smb_buf(cli->inbuf);
579 p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
580 -1, STR_TERMINATE);
581 p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
582 -1, STR_TERMINATE);
583 p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
584 -1, STR_TERMINATE);
585
586 if (strstr(cli->server_type, "Samba")) {
587 cli->is_samba = True;
588 }
589
590 result = cli_set_username(cli, user);
591 if (!NT_STATUS_IS_OK(result)) {
592 goto end;
593 }
594
595 if (session_key.data) {
596 /* Have plaintext orginal */
597 cli_set_session_key(cli, session_key);
598 }
599
600 result = NT_STATUS_OK;
601 end:
602 data_blob_free(&lm_response);
603 data_blob_free(&nt_response);
604 data_blob_free(&session_key);
605 return result;
606 }
607
608 /****************************************************************************
609 Send a extended security session setup blob
610 ****************************************************************************/
611
612 static bool cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
613 {
614 uint32 capabilities = cli_session_setup_capabilities(cli);
615 char *p;
616
617 capabilities |= CAP_EXTENDED_SECURITY;
618
619 /* send a session setup command */
620 memset(cli->outbuf,'\0',smb_size);
621
622 cli_set_message(cli->outbuf,12,0,True);
623 SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
624
625 cli_setup_packet(cli);
626
627 SCVAL(cli->outbuf,smb_vwv0,0xFF);
628 SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
629 SSVAL(cli->outbuf,smb_vwv3,2);
630 SSVAL(cli->outbuf,smb_vwv4,1);
631 SIVAL(cli->outbuf,smb_vwv5,0);
632 SSVAL(cli->outbuf,smb_vwv7,blob.length);
633 SIVAL(cli->outbuf,smb_vwv10,capabilities);
634 p = smb_buf(cli->outbuf);
635 memcpy(p, blob.data, blob.length);
636 p += blob.length;
637 p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
638 p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
639 cli_setup_bcc(cli, p);
640 return cli_send_smb(cli);
641 }
642
643 /****************************************************************************
644 Send a extended security session setup blob, returning a reply blob.
645 ****************************************************************************/
646
647 static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
648 {
649 DATA_BLOB blob2 = data_blob_null;
650 char *p;
651 size_t len;
652
653 if (!cli_receive_smb(cli))
654 return blob2;
655
656 show_msg(cli->inbuf);
657
658 if (cli_is_error(cli) && !NT_STATUS_EQUAL(cli_nt_error(cli),
659 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
660 return blob2;
661 }
662
663 /* use the returned vuid from now on */
664 cli->vuid = SVAL(cli->inbuf,smb_uid);
665
666 p = smb_buf(cli->inbuf);
667
668 blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
669
670 p += blob2.length;
671 p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
672 -1, STR_TERMINATE);
673
674 /* w2k with kerberos doesn't properly null terminate this field */
675 len = smb_bufrem(cli->inbuf, p);
676 if (p + len < cli->inbuf + cli->bufsize+SAFETY_MARGIN - 2) {
677 char *end_of_buf = p + len;
678
679 SSVAL(p, len, 0);
680 /* Now it's null terminated. */
681 p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
682 -1, STR_TERMINATE);
683 /*
684 * See if there's another string. If so it's the
685 * server domain (part of the 'standard' Samba
686 * server signature).
687 */
688 if (p < end_of_buf) {
689 p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
690 -1, STR_TERMINATE);
691 }
692 } else {
693 /*
694 * No room to null terminate so we can't see if there
695 * is another string (server_domain) afterwards.
696 */
697 p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
698 len, 0);
699 }
700 return blob2;
701 }
702
703 #ifdef HAVE_KRB5
704 /****************************************************************************
705 Send a extended security session setup blob, returning a reply blob.
706 ****************************************************************************/
707
708 /* The following is calculated from :
709 * (smb_size-4) = 35
710 * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
711 * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
712 * end of packet.
713 */
714
715 #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
716
717 static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
718 {
719 int32 remaining = blob.length;
720 int32 cur = 0;
721 DATA_BLOB send_blob = data_blob_null;
722 int32 max_blob_size = 0;
723 DATA_BLOB receive_blob = data_blob_null;
724
725 if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
726 DEBUG(0,("cli_session_setup_blob: cli->max_xmit too small "
727 "(was %u, need minimum %u)\n",
728 (unsigned int)cli->max_xmit,
729 BASE_SESSSETUP_BLOB_PACKET_SIZE));
730 cli_set_nt_error(cli, NT_STATUS_INVALID_PARAMETER);
731 return False;
732 }
733
734 max_blob_size = cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE;
735
736 while ( remaining > 0) {
737 if (remaining >= max_blob_size) {
738 send_blob.length = max_blob_size;
739 remaining -= max_blob_size;
740 } else {
741 send_blob.length = remaining;
742 remaining = 0;
743 }
744
745 send_blob.data = &blob.data[cur];
746 cur += send_blob.length;
747
748 DEBUG(10, ("cli_session_setup_blob: Remaining (%u) sending (%u) current (%u)\n",
749 (unsigned int)remaining,
750 (unsigned int)send_blob.length,
751 (unsigned int)cur ));
752
753 if (!cli_session_setup_blob_send(cli, send_blob)) {
754 DEBUG(0, ("cli_session_setup_blob: send failed\n"));
755 return False;
756 }
757
758 receive_blob = cli_session_setup_blob_receive(cli);
759 data_blob_free(&receive_blob);
760
761 if (cli_is_error(cli) &&
762 !NT_STATUS_EQUAL( cli_get_nt_error(cli),
763 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
764 DEBUG(0, ("cli_session_setup_blob: receive failed "
765 "(%s)\n", nt_errstr(cli_get_nt_error(cli))));
766 cli->vuid = 0;
767 return False;
768 }
769 }
770
771 return True;
772 }
773
774 /****************************************************************************
775 Use in-memory credentials cache
776 ****************************************************************************/
777
778 static void use_in_memory_ccache(void) {
779 setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
780 }
781
782 /****************************************************************************
783 Do a spnego/kerberos encrypted session setup.
784 ****************************************************************************/
785
786 static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *principal, const char *workgroup)
787 {
788 DATA_BLOB negTokenTarg;
789 DATA_BLOB session_key_krb5;
790 NTSTATUS nt_status;
791 int rc;
792
793 cli_temp_set_signing(cli);
794
795 DEBUG(2,("Doing kerberos session setup\n"));
796
797 /* generate the encapsulated kerberos5 ticket */
798 rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5, 0, NULL);
799
800 if (rc) {
801 DEBUG(1, ("cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: %s\n",
802 error_message(rc)));
803 return ADS_ERROR_KRB5(rc);
804 }
805
806 #if 0
807 file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
808 #endif
809
810 if (!cli_session_setup_blob(cli, negTokenTarg)) {
811 nt_status = cli_nt_error(cli);
812 goto nt_error;
813 }
814
815 if (cli_is_error(cli)) {
816 nt_status = cli_nt_error(cli);
817 if (NT_STATUS_IS_OK(nt_status)) {
818 nt_status = NT_STATUS_UNSUCCESSFUL;
819 }
820 goto nt_error;
821 }
822
823 cli_set_session_key(cli, session_key_krb5);
824
825 if (cli_simple_set_signing(
826 cli, session_key_krb5, data_blob_null)) {
827
828 if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
829 nt_status = NT_STATUS_ACCESS_DENIED;
830 goto nt_error;
831 }
832 }
833
834 data_blob_free(&negTokenTarg);
835 data_blob_free(&session_key_krb5);
836
837 return ADS_ERROR_NT(NT_STATUS_OK);
838
839 nt_error:
840 data_blob_free(&negTokenTarg);
841 data_blob_free(&session_key_krb5);
842 cli->vuid = 0;
843 return ADS_ERROR_NT(nt_status);
844 }
845 #endif /* HAVE_KRB5 */
846
847
848 /****************************************************************************
849 Do a spnego/NTLMSSP encrypted session setup.
850 ****************************************************************************/
851
852 static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
853 const char *pass, const char *domain)
854 {
855 struct ntlmssp_state *ntlmssp_state;
856 NTSTATUS nt_status;
857 int turn = 1;
858 DATA_BLOB msg1;
859 DATA_BLOB blob = data_blob_null;
860 DATA_BLOB blob_in = data_blob_null;
861 DATA_BLOB blob_out = data_blob_null;
862
863 cli_temp_set_signing(cli);
864
865 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
866 return nt_status;
867 }
868 ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
869 if (cli->use_ccache) {
870 ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_CCACHE);
871 }
872
873 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
874 return nt_status;
875 }
876 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
877 return nt_status;
878 }
879 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, pass))) {
880 return nt_status;
881 }
882
883 do {
884 nt_status = ntlmssp_update(ntlmssp_state,
885 blob_in, &blob_out);
886 data_blob_free(&blob_in);
887 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(nt_status)) {
888 if (turn == 1) {
889 /* and wrap it in a SPNEGO wrapper */
890 msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
891 } else {
892 /* wrap it in SPNEGO */
893 msg1 = spnego_gen_auth(blob_out);
894 }
895
896 /* now send that blob on its way */
897 if (!cli_session_setup_blob_send(cli, msg1)) {
898 DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n"));
899 nt_status = NT_STATUS_UNSUCCESSFUL;
900 } else {
901 blob = cli_session_setup_blob_receive(cli);
902
903 nt_status = cli_nt_error(cli);
904 if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) {
905 if (cli->smb_rw_error == SMB_READ_BAD_SIG) {
906 nt_status = NT_STATUS_ACCESS_DENIED;
907 } else {
908 nt_status = NT_STATUS_UNSUCCESSFUL;
909 }
910 }
911 }
912 data_blob_free(&msg1);
913 }
914
915 if (!blob.length) {
916 if (NT_STATUS_IS_OK(nt_status)) {
917 nt_status = NT_STATUS_UNSUCCESSFUL;
918 }
919 } else if ((turn == 1) &&
920 NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
921 DATA_BLOB tmp_blob = data_blob_null;
922 /* the server might give us back two challenges */
923 if (!spnego_parse_challenge(blob, &blob_in,
924 &tmp_blob)) {
925 DEBUG(3,("Failed to parse challenges\n"));
926 nt_status = NT_STATUS_INVALID_PARAMETER;
927 }
928 data_blob_free(&tmp_blob);
929 } else {
930 if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP,
931 &blob_in)) {
932 DEBUG(3,("Failed to parse auth response\n"));
933 if (NT_STATUS_IS_OK(nt_status)
934 || NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED))
935 nt_status = NT_STATUS_INVALID_PARAMETER;
936 }
937 }
938 data_blob_free(&blob);
939 data_blob_free(&blob_out);
940 turn++;
941 } while (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED));
942
943 data_blob_free(&blob_in);
944
945 if (NT_STATUS_IS_OK(nt_status)) {
946
947 if (cli->server_domain[0] == '\0') {
948 fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
949 }
950 cli_set_session_key(cli, ntlmssp_state->session_key);
951
952 if (cli_simple_set_signing(
953 cli, ntlmssp_state->session_key, data_blob_null)) {
954
955 if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
956 nt_status = NT_STATUS_ACCESS_DENIED;
957 }
958 }
959 }
960
961 /* we have a reference conter on ntlmssp_state, if we are signing
962 then the state will be kept by the signing engine */
963
964 ntlmssp_end(&ntlmssp_state);
965
966 if (!NT_STATUS_IS_OK(nt_status)) {
967 cli->vuid = 0;
968 }
969 return nt_status;
970 }
971
972 /****************************************************************************
973 Do a spnego encrypted session setup.
974
975 user_domain: The shortname of the domain the user/machine is a member of.
976 dest_realm: The realm we're connecting to, if NULL we use our default realm.
977 ****************************************************************************/
978
979 ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
980 const char *pass, const char *user_domain,
981 const char * dest_realm)
982 {
983 char *principal = NULL;
984 char *OIDs[ASN1_MAX_OIDS];
985 int i;
986 DATA_BLOB blob;
987 const char *p = NULL;
988 char *account = NULL;
989 NTSTATUS status;
990
991 DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
992
993 /* the server might not even do spnego */
994 if (cli->secblob.length <= 16) {
995 DEBUG(3,("server didn't supply a full spnego negprot\n"));
996 goto ntlmssp;
997 }
998
999 #if 0
1000 file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
1001 #endif
1002
1003 /* there is 16 bytes of GUID before the real spnego packet starts */
1004 blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
1005
1006 /* The server sent us the first part of the SPNEGO exchange in the
1007 * negprot reply. It is WRONG to depend on the principal sent in the
1008 * negprot reply, but right now we do it. If we don't receive one,
1009 * we try to best guess, then fall back to NTLM. */
1010 if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
1011 data_blob_free(&blob);
1012 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
1013 }
1014 data_blob_free(&blob);
1015
1016 /* make sure the server understands kerberos */
1017 for (i=0;OIDs[i];i++) {
1018 if (i == 0)
1019 DEBUG(3,("got OID=%s\n", OIDs[i]));
1020 else
1021 DEBUGADD(3,("got OID=%s\n", OIDs[i]));
1022 if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
1023 strcmp(OIDs[i], OID_KERBEROS5) == 0) {
1024 cli->got_kerberos_mechanism = True;
1025 }
1026 talloc_free(OIDs[i]);
1027 }
1028
1029 DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
1030
1031 status = cli_set_username(cli, user);
1032 if (!NT_STATUS_IS_OK(status)) {
1033 return ADS_ERROR_NT(status);
1034 }
1035
1036 #ifdef HAVE_KRB5
1037 /* If password is set we reauthenticate to kerberos server
1038 * and do not store results */
1039
1040 if (cli->got_kerberos_mechanism && cli->use_kerberos) {
1041 ADS_STATUS rc;
1042
1043 if (pass && *pass) {
1044 int ret;
1045
1046 use_in_memory_ccache();
1047 ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
1048
1049 if (ret){
1050 TALLOC_FREE(principal);
1051 DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
1052 if (cli->fallback_after_kerberos)
1053 goto ntlmssp;
1054 return ADS_ERROR_KRB5(ret);
1055 }
1056 }
1057
1058 /* If we get a bad principal, try to guess it if
1059 we have a valid host NetBIOS name.
1060 */
1061 if (strequal(principal, ADS_IGNORE_PRINCIPAL)) {
1062 TALLOC_FREE(principal);
1063 }
1064
1065 if (principal == NULL &&
1066 !is_ipaddress(cli->desthost) &&
1067 !strequal(STAR_SMBSERVER,
1068 cli->desthost)) {
1069 char *realm = NULL;
1070 char *machine = NULL;
1071 char *host = NULL;
1072 DEBUG(3,("cli_session_setup_spnego: got a "
1073 "bad server principal, trying to guess ...\n"));
1074
1075 host = strchr_m(cli->desthost, '.');
1076 if (host) {
1077 /* We had a '.' in the name. */
1078 machine = SMB_STRNDUP(cli->desthost,
1079 host - cli->desthost);
1080 } else {
1081 machine = SMB_STRDUP(cli->desthost);
1082 }
1083 if (machine == NULL) {
1084 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1085 }
1086
1087 if (dest_realm) {
1088 realm = SMB_STRDUP(dest_realm);
1089 strupper_m(realm);
1090 } else {
1091 if (host) {
1092 /* DNS name. */
1093 realm = kerberos_get_realm_from_hostname(cli->desthost);
1094 } else {
1095 /* NetBIOS name - use our realm. */
1096 realm = kerberos_get_default_realm_from_ccache();
1097 }
1098 }
1099
1100 if (realm && *realm) {
1101 if (host) {
1102 /* DNS name. */
1103 principal = talloc_asprintf(talloc_tos(),
1104 "cifs/%s@%s",
1105 cli->desthost,
1106 realm);
1107 } else {
1108 /* NetBIOS name, use machine account. */
1109 principal = talloc_asprintf(talloc_tos(),
1110 "%s$@%s",
1111 machine,
1112 realm);
1113 }
1114 if (!principal) {
1115 SAFE_FREE(machine);
1116 SAFE_FREE(realm);
1117 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1118 }
1119 DEBUG(3,("cli_session_setup_spnego: guessed "
1120 "server principal=%s\n",
1121 principal ? principal : "<null>"));
1122 }
1123 SAFE_FREE(machine);
1124 SAFE_FREE(realm);
1125 }
1126
1127 if (principal) {
1128 rc = cli_session_setup_kerberos(cli, principal,
1129 dest_realm);
1130 if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
1131 TALLOC_FREE(principal);
1132 return rc;
1133 }
1134 }
1135 }
1136 #endif
1137
1138 TALLOC_FREE(principal);
1139
1140 ntlmssp:
1141
1142 account = talloc_strdup(talloc_tos(), user);
1143 if (!account) {
1144 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1145 }
1146
1147 /* when falling back to ntlmssp while authenticating with a machine
1148 * account strip off the realm - gd */
1149
1150 if ((p = strchr_m(user, '@')) != NULL) {
1151 account[PTR_DIFF(p,user)] = '\0';
1152 }
1153
1154 return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, user_domain));
1155 }
1156
1157 /****************************************************************************
1158 Send a session setup. The username and workgroup is in UNIX character
1159 format and must be converted to DOS codepage format before sending. If the
1160 password is in plaintext, the same should be done.
1161 ****************************************************************************/
1162
1163 NTSTATUS cli_session_setup(struct cli_state *cli,
1164 const char *user,
1165 const char *pass, int passlen,
1166 const char *ntpass, int ntpasslen,
1167 const char *workgroup)
1168 {
1169 char *p;
1170 fstring user2;
1171
1172 if (user) {
1173 fstrcpy(user2, user);
1174 } else {
1175 user2[0] ='\0';
1176 }
1177
1178 if (!workgroup) {
1179 workgroup = "";
1180 }
1181
1182 /* allow for workgroups as part of the username */
1183 if ((p=strchr_m(user2,'\\')) || (p=strchr_m(user2,'/')) ||
1184 (p=strchr_m(user2,*lp_winbind_separator()))) {
1185 *p = 0;
1186 user = p+1;
1187 workgroup = user2;
1188 }
1189
1190 if (cli->protocol < PROTOCOL_LANMAN1) {
1191 return NT_STATUS_OK;
1192 }
1193
1194 /* now work out what sort of session setup we are going to
1195 do. I have split this into separate functions to make the
1196 flow a bit easier to understand (tridge) */
1197
1198 /* if its an older server then we have to use the older request format */
1199
1200 if (cli->protocol < PROTOCOL_NT1) {
1201 if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
1202 DEBUG(1, ("Server requested LM password but 'client lanman auth'"
1203 " is disabled\n"));
1204 return NT_STATUS_ACCESS_DENIED;
1205 }
1206
1207 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
1208 !lp_client_plaintext_auth() && (*pass)) {
1209 DEBUG(1, ("Server requested plaintext password but "
1210 "'client plaintext auth' is disabled\n"));
1211 return NT_STATUS_ACCESS_DENIED;
1212 }
1213
1214 return cli_session_setup_lanman2(cli, user, pass, passlen,
1215 workgroup);
1216 }
1217
1218 /* if no user is supplied then we have to do an anonymous connection.
1219 passwords are ignored */
1220
1221 if (!user || !*user)
1222 return cli_session_setup_guest(cli);
1223
1224 /* if the server is share level then send a plaintext null
1225 password at this point. The password is sent in the tree
1226 connect */
1227
1228 if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
1229 return cli_session_setup_plaintext(cli, user, "", workgroup);
1230
1231 /* if the server doesn't support encryption then we have to use
1232 plaintext. The second password is ignored */
1233
1234 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
1235 if (!lp_client_plaintext_auth() && (*pass)) {
1236 DEBUG(1, ("Server requested plaintext password but "
1237 "'client plaintext auth' is disabled\n"));
1238 return NT_STATUS_ACCESS_DENIED;
1239 }
1240 return cli_session_setup_plaintext(cli, user, pass, workgroup);
1241 }
1242
1243 /* if the server supports extended security then use SPNEGO */
1244
1245 if (cli->capabilities & CAP_EXTENDED_SECURITY) {
1246 ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
1247 workgroup, NULL);
1248 if (!ADS_ERR_OK(status)) {
1249 DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
1250 return ads_ntstatus(status);
1251 }
1252 } else {
1253 NTSTATUS status;
1254
1255 /* otherwise do a NT1 style session setup */
1256 status = cli_session_setup_nt1(cli, user, pass, passlen,
1257 ntpass, ntpasslen, workgroup);
1258 if (!NT_STATUS_IS_OK(status)) {
1259 DEBUG(3,("cli_session_setup: NT1 session setup "
1260 "failed: %s\n", nt_errstr(status)));
1261 return status;
1262 }
1263 }
1264
1265 if (strstr(cli->server_type, "Samba")) {
1266 cli->is_samba = True;
1267 }
1268
1269 return NT_STATUS_OK;
1270 }
1271
1272 /****************************************************************************
1273 Send a uloggoff.
1274 *****************************************************************************/
1275
1276 bool cli_ulogoff(struct cli_state *cli)
1277 {
1278 memset(cli->outbuf,'\0',smb_size);
1279 cli_set_message(cli->outbuf,2,0,True);
1280 SCVAL(cli->outbuf,smb_com,SMBulogoffX);
1281 cli_setup_packet(cli);
1282 SSVAL(cli->outbuf,smb_vwv0,0xFF);
1283 SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */
1284
1285 cli_send_smb(cli);
1286 if (!cli_receive_smb(cli))
1287 return False;
1288
1289 if (cli_is_error(cli)) {
1290 return False;
1291 }
1292
1293 cli->vuid = -1;
1294 return True;
1295 }
1296
1297 /****************************************************************************
1298 Send a tconX.
1299 ****************************************************************************/
1300
1301 struct cli_tcon_andx_state {
1302 struct cli_state *cli;
1303 uint16_t vwv[4];
1304 struct iovec bytes;
1305 };
1306
1307 static void cli_tcon_andx_done(struct tevent_req *subreq);
1308
1309 struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
1310 struct event_context *ev,
1311 struct cli_state *cli,
1312 const char *share, const char *dev,
1313 const char *pass, int passlen,
1314 struct tevent_req **psmbreq)
1315 {
1316 struct tevent_req *req, *subreq;
1317 struct cli_tcon_andx_state *state;
1318 fstring pword;
1319 uint16_t *vwv;
1320 char *tmp = NULL;
1321 uint8_t *bytes;
1322
1323 *psmbreq = NULL;
1324
1325 req = tevent_req_create(mem_ctx, &state, struct cli_tcon_andx_state);
1326 if (req == NULL) {
1327 return NULL;
1328 }
1329 state->cli = cli;
1330 vwv = state->vwv;
1331
1332 fstrcpy(cli->share, share);
1333
1334 /* in user level security don't send a password now */
1335 if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
1336 passlen = 1;
1337 pass = "";
1338 } else if (pass == NULL) {
1339 DEBUG(1, ("Server not using user level security and no "
1340 "password supplied.\n"));
1341 goto access_denied;
1342 }
1343
1344 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
1345 *pass && passlen != 24) {
1346 if (!lp_client_lanman_auth()) {
1347 DEBUG(1, ("Server requested LANMAN password "
1348 "(share-level security) but "
1349 "'client lanman auth' is disabled\n"));
1350 goto access_denied;
1351 }
1352
1353 /*
1354 * Non-encrypted passwords - convert to DOS codepage before
1355 * encryption.
1356 */
1357 passlen = 24;
1358 SMBencrypt(pass, cli->secblob.data, (uchar *)pword);
1359 } else {
1360 if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL
1361 |NEGOTIATE_SECURITY_CHALLENGE_RESPONSE))
1362 == 0) {
1363 if (!lp_client_plaintext_auth() && (*pass)) {
1364 DEBUG(1, ("Server requested plaintext "
1365 "password but 'client plaintext "
1366 "auth' is disabled\n"));
1367 goto access_denied;
1368 }
1369
1370 /*
1371 * Non-encrypted passwords - convert to DOS codepage
1372 * before using.
1373 */
1374 passlen = clistr_push(cli, pword, pass, sizeof(pword),
1375 STR_TERMINATE);
1376 if (passlen == -1) {
1377 DEBUG(1, ("clistr_push(pword) failed\n"));
1378 goto access_denied;
1379 }
1380 } else {
1381 if (passlen) {
1382 memcpy(pword, pass, passlen);
1383 }
1384 }
1385 }
1386
1387 SCVAL(vwv+0, 0, 0xFF);
1388 SCVAL(vwv+0, 1, 0);
1389 SSVAL(vwv+1, 0, 0);
1390 SSVAL(vwv+2, 0, TCONX_FLAG_EXTENDED_RESPONSE);
1391 SSVAL(vwv+3, 0, passlen);
1392
1393 if (passlen) {
1394 bytes = (uint8_t *)talloc_memdup(state, pword, passlen);
1395 } else {
1396 bytes = talloc_array(state, uint8_t, 0);
1397 }
1398
1399 /*
1400 * Add the sharename
1401 */
1402 tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s",
1403 cli->desthost, share);
1404 if (tmp == NULL) {
1405 TALLOC_FREE(req);
1406 return NULL;
1407 }
1408 bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), tmp, strlen(tmp)+1,
1409 NULL);
1410 TALLOC_FREE(tmp);
1411
1412 /*
1413 * Add the devicetype
1414 */
1415 tmp = talloc_strdup_upper(talloc_tos(), dev);
1416 if (tmp == NULL) {
1417 TALLOC_FREE(req);
1418 return NULL;
1419 }
1420 bytes = smb_bytes_push_str(bytes, false, tmp, strlen(tmp)+1, NULL);
1421 TALLOC_FREE(tmp);
1422
1423 if (bytes == NULL) {
1424 TALLOC_FREE(req);
1425 return NULL;
1426 }
1427
1428 state->bytes.iov_base = (void *)bytes;
1429 state->bytes.iov_len = talloc_get_size(bytes);
1430
1431 subreq = cli_smb_req_create(state, ev, cli, SMBtconX, 0, 4, vwv,
1432 1, &state->bytes);
1433 if (subreq == NULL) {
1434 TALLOC_FREE(req);
1435 return NULL;
1436 }
1437 tevent_req_set_callback(subreq, cli_tcon_andx_done, req);
1438 *psmbreq = subreq;
1439 return req;
1440
1441 access_denied:
1442 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
1443 return tevent_req_post(req, ev);
1444 }
1445
1446 struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
1447 struct event_context *ev,
1448 struct cli_state *cli,
1449 const char *share, const char *dev,
1450 const char *pass, int passlen)
1451 {
1452 struct tevent_req *req, *subreq;
1453 NTSTATUS status;
1454
1455 req = cli_tcon_andx_create(mem_ctx, ev, cli, share, dev, pass, passlen,
1456 &subreq);
1457 if (req == NULL) {
1458 return NULL;
1459 }
1460 if (subreq == NULL) {
1461 return req;
1462 }
1463 status = cli_smb_req_send(subreq);
1464 if (!NT_STATUS_IS_OK(status)) {
1465 tevent_req_nterror(req, status);
1466 return tevent_req_post(req, ev);
1467 }
1468 return req;
1469 }
1470
1471 static void cli_tcon_andx_done(struct tevent_req *subreq)
1472 {
1473 struct tevent_req *req = tevent_req_callback_data(
1474 subreq, struct tevent_req);
1475 struct cli_tcon_andx_state *state = tevent_req_data(
1476 req, struct cli_tcon_andx_state);
1477 struct cli_state *cli = state->cli;
1478 char *inbuf = (char *)cli_smb_inbuf(subreq);
1479 uint8_t wct;
1480 uint16_t *vwv;
1481 uint32_t num_bytes;
1482 uint8_t *bytes;
1483 NTSTATUS status;
1484
1485 status = cli_smb_recv(subreq, 0, &wct, &vwv, &num_bytes, &bytes);
1486 if (!NT_STATUS_IS_OK(status)) {
1487 TALLOC_FREE(subreq);
1488 tevent_req_nterror(req, status);
1489 return;
1490 }
1491
1492 clistr_pull(inbuf, cli->dev, bytes, sizeof(fstring), num_bytes,
1493 STR_TERMINATE|STR_ASCII);
1494
1495 if ((cli->protocol >= PROTOCOL_NT1) && (num_bytes == 3)) {
1496 /* almost certainly win95 - enable bug fixes */
1497 cli->win95 = True;
1498 }
1499
1500 /*
1501 * Make sure that we have the optional support 16-bit field. WCT > 2.
1502 * Avoids issues when connecting to Win9x boxes sharing files
1503 */
1504
1505 cli->dfsroot = false;
1506
1507 if ((wct > 2) && (cli->protocol >= PROTOCOL_LANMAN2)) {
1508 cli->dfsroot = ((SVAL(vwv+2, 0) & SMB_SHARE_IN_DFS) != 0);
1509 }
1510
1511 cli->cnum = SVAL(inbuf,smb_tid);
1512 tevent_req_done(req);
1513 }
1514
1515 NTSTATUS cli_tcon_andx_recv(struct tevent_req *req)
1516 {
1517 return tevent_req_simple_recv_ntstatus(req);
1518 }
1519
1520 NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
1521 const char *dev, const char *pass, int passlen)
1522 {
1523 TALLOC_CTX *frame = talloc_stackframe();
1524 struct event_context *ev;
1525 struct tevent_req *req;
1526 NTSTATUS status = NT_STATUS_OK;
1527
1528 if (cli_has_async_calls(cli)) {
1529 /*
1530 * Can't use sync call while an async call is in flight
1531 */
1532 status = NT_STATUS_INVALID_PARAMETER;
1533 goto fail;
1534 }
1535
1536 ev = event_context_init(frame);
1537 if (ev == NULL) {
1538 status = NT_STATUS_NO_MEMORY;
1539 goto fail;
1540 }
1541
1542 req = cli_tcon_andx_send(frame, ev, cli, share, dev, pass, passlen);
1543 if (req == NULL) {
1544 status = NT_STATUS_NO_MEMORY;
1545 goto fail;
1546 }
1547
1548 if (!tevent_req_poll(req, ev)) {
1549 status = map_nt_error_from_unix(errno);
1550 goto fail;
1551 }
1552
1553 status = cli_tcon_andx_recv(req);
1554 fail:
1555 TALLOC_FREE(frame);
1556 if (!NT_STATUS_IS_OK(status)) {
1557 cli_set_error(cli, status);
1558 }
1559 return status;
1560 }
1561
1562 /****************************************************************************
1563 Send a tree disconnect.
1564 ****************************************************************************/
1565
1566 bool cli_tdis(struct cli_state *cli)
1567 {
1568 memset(cli->outbuf,'\0',smb_size);
1569 cli_set_message(cli->outbuf,0,0,True);
1570 SCVAL(cli->outbuf,smb_com,SMBtdis);
1571 SSVAL(cli->outbuf,smb_tid,cli->cnum);
1572 cli_setup_packet(cli);
1573
1574 cli_send_smb(cli);
1575 if (!cli_receive_smb(cli))
1576 return False;
1577
1578 if (cli_is_error(cli)) {
1579 return False;
1580 }
1581
1582 cli->cnum = -1;
1583 return True;
1584 }
1585
1586 /****************************************************************************
1587 Send a negprot command.
1588 ****************************************************************************/
1589
1590 void cli_negprot_sendsync(struct cli_state *cli)
1591 {
1592 char *p;
1593 int numprots;
1594
1595 if (cli->protocol < PROTOCOL_NT1)
1596 cli->use_spnego = False;
1597
1598 memset(cli->outbuf,'\0',smb_size);
1599
1600 /* setup the protocol strings */
1601 cli_set_message(cli->outbuf,0,0,True);
1602
1603 p = smb_buf(cli->outbuf);
1604 for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
1605 if (prots[numprots].prot > cli->protocol) {
1606 break;
1607 }
1608 *p++ = 2;
1609 p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1610 }
1611
1612 SCVAL(cli->outbuf,smb_com,SMBnegprot);
1613 cli_setup_bcc(cli, p);
1614 cli_setup_packet(cli);
1615
1616 SCVAL(smb_buf(cli->outbuf),0,2);
1617
1618 cli_send_smb(cli);
1619 }
1620
1621 /****************************************************************************
1622 Send a negprot command.
1623 ****************************************************************************/
1624
1625 struct cli_negprot_state {
1626 struct cli_state *cli;
1627 };
1628
1629 static void cli_negprot_done(struct tevent_req *subreq);
1630
1631 struct tevent_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
1632 struct event_context *ev,
1633 struct cli_state *cli)
1634 {
1635 struct tevent_req *req, *subreq;
1636 struct cli_negprot_state *state;
1637 uint8_t *bytes = NULL;
1638 int numprots;
1639 uint16_t cnum;
1640
1641 req = tevent_req_create(mem_ctx, &state, struct cli_negprot_state);
1642 if (req == NULL) {
1643 return NULL;
1644 }
1645 state->cli = cli;
1646
1647 if (cli->protocol < PROTOCOL_NT1)
1648 cli->use_spnego = False;
1649
1650 /* setup the protocol strings */
1651 for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
1652 uint8_t c = 2;
1653 if (prots[numprots].prot > cli->protocol) {
1654 break;
1655 }
1656 bytes = (uint8_t *)talloc_append_blob(
1657 state, bytes, data_blob_const(&c, sizeof(c)));
1658 if (tevent_req_nomem(bytes, req)) {
1659 return tevent_req_post(req, ev);
1660 }
1661 bytes = smb_bytes_push_str(bytes, false,
1662 prots[numprots].name,
1663 strlen(prots[numprots].name)+1,
1664 NULL);
1665 if (tevent_req_nomem(bytes, req)) {
1666 return tevent_req_post(req, ev);
1667 }
1668 }
1669
1670 cnum = cli->cnum;
1671
1672 cli->cnum = 0;
1673 subreq = cli_smb_send(state, ev, cli, SMBnegprot, 0, 0, NULL,
1674 talloc_get_size(bytes), bytes);
1675 cli->cnum = cnum;
1676
1677 if (tevent_req_nomem(subreq, req)) {
1678 return tevent_req_post(req, ev);
1679 }
1680 tevent_req_set_callback(subreq, cli_negprot_done, req);
1681 return req;
1682 }
1683
1684 static void cli_negprot_done(struct tevent_req *subreq)
1685 {
1686 struct tevent_req *req = tevent_req_callback_data(
1687 subreq, struct tevent_req);
1688 struct cli_negprot_state *state = tevent_req_data(
1689 req, struct cli_negprot_state);
1690 struct cli_state *cli = state->cli;
1691 uint8_t wct;
1692 uint16_t *vwv;
1693 uint32_t num_bytes;
1694 uint8_t *bytes;
1695 NTSTATUS status;
1696 uint16_t protnum;
1697
1698 status = cli_smb_recv(subreq, 1, &wct, &vwv, &num_bytes, &bytes);
1699 if (!NT_STATUS_IS_OK(status)) {
1700 TALLOC_FREE(subreq);
1701 tevent_req_nterror(req, status);
1702 return;
1703 }
1704
1705 protnum = SVAL(vwv, 0);
1706
1707 if ((protnum >= ARRAY_SIZE(prots))
1708 || (prots[protnum].prot > cli->protocol)) {
1709 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
1710 return;
1711 }
1712
1713 cli->protocol = prots[protnum].prot;
1714
1715 if ((cli->protocol < PROTOCOL_NT1) &&
1716 client_is_signing_mandatory(cli)) {
1717 DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
1718 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
1719 return;
1720 }
1721
1722 if (cli->protocol >= PROTOCOL_NT1) {
1723 struct timespec ts;
1724 bool negotiated_smb_signing = false;
1725
1726 /* NT protocol */
1727 cli->sec_mode = CVAL(vwv + 1, 0);
1728 cli->max_mux = SVAL(vwv + 1, 1);
1729 cli->max_xmit = IVAL(vwv + 3, 1);
1730 cli->sesskey = IVAL(vwv + 7, 1);
1731 cli->serverzone = SVALS(vwv + 15, 1);
1732 cli->serverzone *= 60;
1733 /* this time arrives in real GMT */
1734 ts = interpret_long_date(((char *)(vwv+11))+1);
1735 cli->servertime = ts.tv_sec;
1736 cli->secblob = data_blob(bytes, num_bytes);
1737 cli->capabilities = IVAL(vwv + 9, 1);
1738 if (cli->capabilities & CAP_RAW_MODE) {
1739 cli->readbraw_supported = True;
1740 cli->writebraw_supported = True;
1741 }
1742 /* work out if they sent us a workgroup */
1743 if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
1744 smb_buflen(cli->inbuf) > 8) {
1745 clistr_pull(cli->inbuf, cli->server_domain,
1746 bytes+8, sizeof(cli->server_domain),
1747 num_bytes-8,
1748 STR_UNICODE|STR_NOALIGN);
1749 }
1750
1751 /*
1752 * As signing is slow we only turn it on if either the client or
1753 * the server require it. JRA.
1754 */
1755
1756 if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
1757 /* Fail if server says signing is mandatory and we don't want to support it. */
1758 if (!client_is_signing_allowed(cli)) {
1759 DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
1760 tevent_req_nterror(req,
1761 NT_STATUS_ACCESS_DENIED);
1762 return;
1763 }
1764 negotiated_smb_signing = true;
1765 } else if (client_is_signing_mandatory(cli) && client_is_signing_allowed(cli)) {
1766 /* Fail if client says signing is mandatory and the server doesn't support it. */
1767 if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
1768 DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
1769 tevent_req_nterror(req,
1770 NT_STATUS_ACCESS_DENIED);
1771 return;
1772 }
1773 negotiated_smb_signing = true;
1774 } else if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
1775 negotiated_smb_signing = true;
1776 }
1777
1778 if (negotiated_smb_signing) {
1779 cli_set_signing_negotiated(cli);
1780 }
1781
1782 if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
1783 SAFE_FREE(cli->outbuf);
1784 SAFE_FREE(cli->inbuf);
1785 cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
1786 cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
1787 cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
1788 }
1789
1790 } else if (cli->protocol >= PROTOCOL_LANMAN1) {
1791 cli->use_spnego = False;
1792 cli->sec_mode = SVAL(vwv + 1, 0);
1793 cli->max_xmit = SVAL(vwv + 2, 0);
1794 cli->max_mux = SVAL(vwv + 3, 0);
1795 cli->sesskey = IVAL(vwv + 6, 0);
1796 cli->serverzone = SVALS(vwv + 10, 0);
1797 cli->serverzone *= 60;
1798 /* this time is converted to GMT by make_unix_date */
1799 cli->servertime = cli_make_unix_date(
1800 cli, (char *)(vwv + 8));
1801 cli->readbraw_supported = ((SVAL(vwv + 5, 0) & 0x1) != 0);
1802 cli->writebraw_supported = ((SVAL(vwv + 5, 0) & 0x2) != 0);
1803 cli->secblob = data_blob(bytes, num_bytes);
1804 } else {
1805 /* the old core protocol */
1806 cli->use_spnego = False;
1807 cli->sec_mode = 0;
1808 cli->serverzone = get_time_zone(time(NULL));
1809 }
1810
1811 cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
1812
1813 /* a way to force ascii SMB */
1814 if (getenv("CLI_FORCE_ASCII"))
1815 cli->capabilities &= ~CAP_UNICODE;
1816
1817 tevent_req_done(req);
1818 }
1819
1820 NTSTATUS cli_negprot_recv(struct tevent_req *req)
1821 {
1822 return tevent_req_simple_recv_ntstatus(req);
1823 }
1824
1825 NTSTATUS cli_negprot(struct cli_state *cli)
1826 {
1827 TALLOC_CTX *frame = talloc_stackframe();
1828 struct event_context *ev;
1829 struct tevent_req *req;
1830 NTSTATUS status = NT_STATUS_OK;
1831
1832 if (cli_has_async_calls(cli)) {
1833 /*
1834 * Can't use sync call while an async call is in flight
1835 */
1836 status = NT_STATUS_INVALID_PARAMETER;
1837 goto fail;
1838 }
1839
1840 ev = event_context_init(frame);
1841 if (ev == NULL) {
1842 status = NT_STATUS_NO_MEMORY;
1843 goto fail;
1844 }
1845
1846 req = cli_negprot_send(frame, ev, cli);
1847 if (req == NULL) {
1848 status = NT_STATUS_NO_MEMORY;
1849 goto fail;
1850 }
1851
1852 if (!tevent_req_poll(req, ev)) {
1853 status = map_nt_error_from_unix(errno);
1854 goto fail;
1855 }
1856
1857 status = cli_negprot_recv(req);
1858 fail:
1859 TALLOC_FREE(frame);
1860 if (!NT_STATUS_IS_OK(status)) {
1861 cli_set_error(cli, status);
1862 }
1863 return status;
1864 }
1865
1866 /****************************************************************************
1867 Send a session request. See rfc1002.txt 4.3 and 4.3.2.
1868 ****************************************************************************/
1869
1870 bool cli_session_request(struct cli_state *cli,
1871 struct nmb_name *calling, struct nmb_name *called)
1872 {
1873 char *p;
1874 int len = 4;
1875 char *tmp;
1876
1877 /* 445 doesn't have session request */
1878 if (cli->port == 445)
1879 return True;
1880
1881 memcpy(&(cli->calling), calling, sizeof(*calling));
1882 memcpy(&(cli->called ), called , sizeof(*called ));
1883
1884 /* put in the destination name */
1885
1886 tmp = name_mangle(talloc_tos(), cli->called.name,
1887 cli->called.name_type);
1888 if (tmp == NULL) {
1889 return false;
1890 }
1891
1892 p = cli->outbuf+len;
1893 memcpy(p, tmp, name_len(tmp));
1894 len += name_len(tmp);
1895 TALLOC_FREE(tmp);
1896
1897 /* and my name */
1898
1899 tmp = name_mangle(talloc_tos(), cli->calling.name,
1900 cli->calling.name_type);
1901 if (tmp == NULL) {
1902 return false;
1903 }
1904
1905 p = cli->outbuf+len;
1906 memcpy(p, tmp, name_len(tmp));
1907 len += name_len(tmp);
1908 TALLOC_FREE(tmp);
1909
1910 /* send a session request (RFC 1002) */
1911 /* setup the packet length
1912 * Remove four bytes from the length count, since the length
1913 * field in the NBT Session Service header counts the number
1914 * of bytes which follow. The cli_send_smb() function knows
1915 * about this and accounts for those four bytes.
1916 * CRH.
1917 */
1918 len -= 4;
1919 _smb_setlen(cli->outbuf,len);
1920 SCVAL(cli->outbuf,0,0x81);
1921
1922 cli_send_smb(cli);
1923 DEBUG(5,("Sent session request\n"));
1924
1925 if (!cli_receive_smb(cli))
1926 return False;
1927
1928 if (CVAL(cli->inbuf,0) == 0x84) {
1929 /* C. Hoch 9/14/95 Start */
1930 /* For information, here is the response structure.
1931 * We do the byte-twiddling to for portability.
1932 struct RetargetResponse{
1933 unsigned char type;
1934 unsigned char flags;
1935 int16 length;
1936 int32 ip_addr;
1937 int16 port;
1938 };
1939 */
1940 uint16_t port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
1941 struct in_addr dest_ip;
1942 NTSTATUS status;
1943
1944 /* SESSION RETARGET */
1945 putip((char *)&dest_ip,cli->inbuf+4);
1946 in_addr_to_sockaddr_storage(&cli->dest_ss, dest_ip);
1947
1948 status = open_socket_out(&cli->dest_ss, port,
1949 LONG_CONNECT_TIMEOUT, &cli->fd);
1950 if (!NT_STATUS_IS_OK(status)) {
1951 return False;
1952 }
1953
1954 DEBUG(3,("Retargeted\n"));
1955
1956 set_socket_options(cli->fd, lp_socket_options());
1957
1958 /* Try again */
1959 {
1960 static int depth;
1961 bool ret;
1962 if (depth > 4) {
1963 DEBUG(0,("Retarget recursion - failing\n"));
1964 return False;
1965 }
1966 depth++;
1967 ret = cli_session_request(cli, calling, called);
1968 depth--;
1969 return ret;
1970 }
1971 } /* C. Hoch 9/14/95 End */
1972
1973 if (CVAL(cli->inbuf,0) != 0x82) {
1974 /* This is the wrong place to put the error... JRA. */
1975 cli->rap_error = CVAL(cli->inbuf,4);
1976 return False;
1977 }
1978 return(True);
1979 }
1980
1981 struct fd_struct {
1982 int fd;
1983 };
1984
1985 static void smb_sock_connected(struct tevent_req *req)
1986 {
1987 struct fd_struct *pfd = tevent_req_callback_data(
1988 req, struct fd_struct);
1989 int fd;
1990 NTSTATUS status;
1991
1992 status = open_socket_out_defer_recv(req, &fd);
1993 if (NT_STATUS_IS_OK(status)) {
1994 pfd->fd = fd;
1995 }
1996 }
1997
1998 static NTSTATUS open_smb_socket(const struct sockaddr_storage *pss,
1999 uint16_t *port, int timeout, int *pfd)
2000 {
2001 struct event_context *ev;
2002 struct tevent_req *r139, *r445;
2003 struct fd_struct *fd139, *fd445;
2004 NTSTATUS status = NT_STATUS_NO_MEMORY;
2005
2006 if (*port != 0) {
2007 return open_socket_out(pss, *port, timeout, pfd);
2008 }
2009
2010 ev = event_context_init(talloc_tos());
2011 if (ev == NULL) {
2012 return NT_STATUS_NO_MEMORY;
2013 }
2014
2015 fd139 = talloc(ev, struct fd_struct);
2016 if (fd139 == NULL) {
2017 goto done;
2018 }
2019 fd139->fd = -1;
2020
2021 fd445 = talloc(ev, struct fd_struct);
2022 if (fd445 == NULL) {
2023 goto done;
2024 }
2025 fd445->fd = -1;
2026
2027 r445 = open_socket_out_defer_send(ev, ev, timeval_set(0, 0),
2028 pss, 445, timeout);
2029 r139 = open_socket_out_defer_send(ev, ev, timeval_set(0, 3000),
2030 pss, 139, timeout);
2031 if ((r445 == NULL) || (r139 == NULL)) {
2032 goto done;
2033 }
2034 tevent_req_set_callback(r445, smb_sock_connected, fd445);
2035 tevent_req_set_callback(r139, smb_sock_connected, fd139);
2036
2037 while ((fd445->fd == -1) && (fd139->fd == -1)
2038 && (tevent_req_is_in_progress(r139)
2039 || tevent_req_is_in_progress(r445))) {
2040 event_loop_once(ev);
2041 }
2042
2043 if ((fd139->fd != -1) && (fd445->fd != -1)) {
2044 close(fd139->fd);
2045 fd139->fd = -1;
2046 }
2047
2048 if (fd445->fd != -1) {
2049 *port = 445;
2050 *pfd = fd445->fd;
2051 status = NT_STATUS_OK;
2052 goto done;
2053 }
2054 if (fd139->fd != -1) {
2055 *port = 139;
2056 *pfd = fd139->fd;
2057 status = NT_STATUS_OK;
2058 goto done;
2059 }
2060
2061 status = open_socket_out_defer_recv(r445, &fd445->fd);
2062 done:
2063 TALLOC_FREE(ev);
2064 return status;
2065 }
2066
2067 /****************************************************************************
2068 Open the client sockets.
2069 ****************************************************************************/
2070
2071 NTSTATUS cli_connect(struct cli_state *cli,
2072 const char *host,
2073 struct sockaddr_storage *dest_ss)
2074
2075 {
2076 int name_type = 0x20;
2077 TALLOC_CTX *frame = talloc_stackframe();
2078 unsigned int num_addrs = 0;
2079 unsigned int i = 0;
2080 struct sockaddr_storage *ss_arr = NULL;
2081 char *p = NULL;
2082
2083 /* reasonable default hostname */
2084 if (!host) {
2085 host = STAR_SMBSERVER;
2086 }
2087
2088 fstrcpy(cli->desthost, host);
2089
2090 /* allow hostnames of the form NAME#xx and do a netbios lookup */
2091 if ((p = strchr(cli->desthost, '#'))) {
2092 name_type = strtol(p+1, NULL, 16);
2093 *p = 0;
2094 }
2095
2096 if (!dest_ss || is_zero_addr((struct sockaddr *)dest_ss)) {
2097 NTSTATUS status =resolve_name_list(frame,
2098 cli->desthost,
2099 name_type,
2100 &ss_arr,
2101 &num_addrs);
2102 if (!NT_STATUS_IS_OK(status)) {
2103 TALLOC_FREE(frame);
2104 return NT_STATUS_BAD_NETWORK_NAME;
2105 }
2106 } else {
2107 num_addrs = 1;
2108 ss_arr = TALLOC_P(frame, struct sockaddr_storage);
2109 if (!ss_arr) {
2110 TALLOC_FREE(frame);
2111 return NT_STATUS_NO_MEMORY;
2112 }
2113 *ss_arr = *dest_ss;
2114 }
2115
2116 for (i = 0; i < num_addrs; i++) {
2117 cli->dest_ss = ss_arr[i];
2118 if (getenv("LIBSMB_PROG")) {
2119 cli->fd = sock_exec(getenv("LIBSMB_PROG"));
2120 } else {
2121 uint16_t port = cli->port;
2122 NTSTATUS status;
2123 status = open_smb_socket(&cli->dest_ss, &port,
2124 cli->timeout, &cli->fd);
2125 if (NT_STATUS_IS_OK(status)) {
2126 cli->port = port;
2127 }
2128 }
2129 if (cli->fd == -1) {
2130 char addr[INET6_ADDRSTRLEN];
2131 print_sockaddr(addr, sizeof(addr), &ss_arr[i]);
2132 DEBUG(2,("Error connecting to %s (%s)\n",
2133 dest_ss?addr:host,strerror(errno)));
2134 } else {
2135 /* Exit from loop on first connection. */
2136 break;
2137 }
2138 }
2139
2140 if (cli->fd == -1) {
2141 TALLOC_FREE(frame);
2142 return map_nt_error_from_unix(errno);
2143 }
2144
2145 if (dest_ss) {
2146 *dest_ss = cli->dest_ss;
2147 }
2148
2149 set_socket_options(cli->fd, lp_socket_options());
2150
2151 TALLOC_FREE(frame);
2152 return NT_STATUS_OK;
2153 }
2154
2155 /**
2156 establishes a connection to after the negprot.
2157 @param output_cli A fully initialised cli structure, non-null only on success
2158 @param dest_host The netbios name of the remote host
2159 @param dest_ss (optional) The the destination IP, NULL for name based lookup
2160 @param port (optional) The destination port (0 for default)
2161 @param retry bool. Did this connection fail with a retryable error ?
2162
2163 */
2164 NTSTATUS cli_start_connection(struct cli_state **output_cli,
2165 const char *my_name,
2166 const char *dest_host,
2167 struct sockaddr_storage *dest_ss, int port,
2168 int signing_state, int flags,
2169 bool *retry)
2170 {
2171 NTSTATUS nt_status;
2172 struct nmb_name calling;
2173 struct nmb_name called;
2174 struct cli_state *cli;
2175 struct sockaddr_storage ss;
2176
2177 if (retry)
2178 *retry = False;
2179
2180 if (!my_name)
2181 my_name = global_myname();
2182
2183 if (!(cli = cli_initialise_ex(signing_state))) {
2184 return NT_STATUS_NO_MEMORY;
2185 }
2186
2187 make_nmb_name(&calling, my_name, 0x0);
2188 make_nmb_name(&called , dest_host, 0x20);
2189
2190 cli_set_port(cli, port);
2191 cli_set_timeout(cli, 10000); /* 10 seconds. */
2192
2193 if (dest_ss) {
2194 ss = *dest_ss;
2195 } else {
2196 zero_sockaddr(&ss);
2197 }
2198
2199 again:
2200
2201 DEBUG(3,("Connecting to host=%s\n", dest_host));
2202
2203 nt_status = cli_connect(cli, dest_host, &ss);
2204 if (!NT_STATUS_IS_OK(nt_status)) {
2205 char addr[INET6_ADDRSTRLEN];
2206 print_sockaddr(addr, sizeof(addr), &ss);
2207 DEBUG(1,("cli_start_connection: failed to connect to %s (%s). Error %s\n",
2208 nmb_namestr(&called), addr, nt_errstr(nt_status) ));
2209 cli_shutdown(cli);
2210 return nt_status;
2211 }
2212
2213 if (retry)
2214 *retry = True;
2215
2216 if (!cli_session_request(cli, &calling, &called)) {
2217 char *p;
2218 DEBUG(1,("session request to %s failed (%s)\n",
2219 called.name, cli_errstr(cli)));
2220 if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
2221 *p = 0;
2222 goto again;
2223 }
2224 if (strcmp(called.name, STAR_SMBSERVER)) {
2225 make_nmb_name(&called , STAR_SMBSERVER, 0x20);
2226 goto again;
2227 }
2228 return NT_STATUS_BAD_NETWORK_NAME;
2229 }
2230
2231 if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
2232 cli->use_spnego = False;
2233 else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
2234 cli->use_kerberos = True;
2235
2236 if ((flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) &&
2237 cli->use_kerberos) {
2238 cli->fallback_after_kerberos = true;
2239 }
2240 if (flags & CLI_FULL_CONNECTION_USE_CCACHE) {
2241 cli->use_ccache = true;
2242 }
2243
2244 nt_status = cli_negprot(cli);
2245 if (!NT_STATUS_IS_OK(nt_status)) {
2246 DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status)));
2247 cli_shutdown(cli);
2248 return nt_status;
2249 }
2250
2251 *output_cli = cli;
2252 return NT_STATUS_OK;
2253 }
2254
2255
2256 /**
2257 establishes a connection right up to doing tconX, password specified.
2258 @param output_cli A fully initialised cli structure, non-null only on success
2259 @param dest_host The netbios name of the remote host
2260 @param dest_ip (optional) The the destination IP, NULL for name based lookup
2261 @param port (optional) The destination port (0 for default)
2262 @param service (optional) The share to make the connection to. Should be 'unqualified' in any way.
2263 @param service_type The 'type' of serivice.
2264 @param user Username, unix string
2265 @param domain User's domain
2266 @param password User's password, unencrypted unix string.
2267 @param retry bool. Did this connection fail with a retryable error ?
2268 */
2269
2270 NTSTATUS cli_full_connection(struct cli_state **output_cli,
2271 const char *my_name,
2272 const char *dest_host,
2273 struct sockaddr_storage *dest_ss, int port,
2274 const char *service, const char *service_type,
2275 const char *user, const char *domain,
2276 const char *password, int flags,
2277 int signing_state,
2278 bool *retry)
2279 {
2280 NTSTATUS nt_status;
2281 struct cli_state *cli = NULL;
2282 int pw_len = password ? strlen(password)+1 : 0;
2283
2284 *output_cli = NULL;
2285
2286 if (password == NULL) {
2287 password = "";
2288 }
2289
2290 nt_status = cli_start_connection(&cli, my_name, dest_host,
2291 dest_ss, port, signing_state,
2292 flags, retry);
2293
2294 if (!NT_STATUS_IS_OK(nt_status)) {
2295 return nt_status;
2296 }
2297
2298 cli->use_oplocks = ((flags & CLI_FULL_CONNECTION_OPLOCKS) != 0);
2299 cli->use_level_II_oplocks =
2300 ((flags & CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS) != 0);
2301
2302 nt_status = cli_session_setup(cli, user, password, pw_len, password,
2303 pw_len, domain);
2304 if (!NT_STATUS_IS_OK(nt_status)) {
2305
2306 if (!(flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
2307 DEBUG(1,("failed session setup with %s\n",
2308 nt_errstr(nt_status)));
2309 cli_shutdown(cli);
2310 return nt_status;
2311 }
2312
2313 nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
2314 if (!NT_STATUS_IS_OK(nt_status)) {
2315 DEBUG(1,("anonymous failed session setup with %s\n",
2316 nt_errstr(nt_status)));
2317 cli_shutdown(cli);
2318 return nt_status;
2319 }
2320 }
2321
2322 if (service) {
2323 nt_status = cli_tcon_andx(cli, service, service_type, password,
2324 pw_len);
2325 if (!NT_STATUS_IS_OK(nt_status)) {
2326 DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
2327 cli_shutdown(cli);
2328 if (NT_STATUS_IS_OK(nt_status)) {
2329 nt_status = NT_STATUS_UNSUCCESSFUL;
2330 }
2331 return nt_status;
2332 }
2333 }
2334
2335 nt_status = cli_init_creds(cli, user, domain, password);
2336 if (!NT_STATUS_IS_OK(nt_status)) {
2337 cli_shutdown(cli);
2338 return nt_status;
2339 }
2340
2341 *output_cli = cli;
2342 return NT_STATUS_OK;
2343 }
2344
2345 /****************************************************************************
2346 Attempt a NetBIOS session request, falling back to *SMBSERVER if needed.
2347 ****************************************************************************/
2348
2349 bool attempt_netbios_session_request(struct cli_state **ppcli, const char *srchost, const char *desthost,
2350 struct sockaddr_storage *pdest_ss)
2351 {
2352 struct nmb_name calling, called;
2353
2354 make_nmb_name(&calling, srchost, 0x0);
2355
2356 /*
2357 * If the called name is an IP address
2358 * then use *SMBSERVER immediately.
2359 */
2360
2361 if(is_ipaddress(desthost)) {
2362 make_nmb_name(&called, STAR_SMBSERVER, 0x20);
2363 } else {
2364 make_nmb_name(&called, desthost, 0x20);
2365 }
2366
2367 if (!cli_session_request(*ppcli, &calling, &called)) {
2368 NTSTATUS status;
2369 struct nmb_name smbservername;
2370
2371 make_nmb_name(&smbservername, STAR_SMBSERVER, 0x20);
2372
2373 /*
2374 * If the name wasn't *SMBSERVER then
2375 * try with *SMBSERVER if the first name fails.
2376 */
2377
2378 if (nmb_name_equal(&called, &smbservername)) {
2379
2380 /*
2381 * The name used was *SMBSERVER, don't bother with another name.
2382 */
2383
2384 DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
2385 with error %s.\n", desthost, cli_errstr(*ppcli) ));
2386 return False;
2387 }
2388
2389 /* Try again... */
2390 cli_shutdown(*ppcli);
2391
2392 *ppcli = cli_initialise();
2393 if (!*ppcli) {
2394 /* Out of memory... */
2395 return False;
2396 }
2397
2398 status = cli_connect(*ppcli, desthost, pdest_ss);
2399 if (!NT_STATUS_IS_OK(status) ||
2400 !cli_session_request(*ppcli, &calling, &smbservername)) {
2401 DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
2402 name *SMBSERVER with error %s\n", desthost, cli_errstr(*ppcli) ));
2403 return False;
2404 }
2405 }
2406
2407 return True;
2408 }
2409
2410 /****************************************************************************
2411 Send an old style tcon.
2412 ****************************************************************************/
2413 NTSTATUS cli_raw_tcon(struct cli_state *cli,
2414 const char *service, const char *pass, const char *dev,
2415 uint16 *max_xmit, uint16 *tid)
2416 {
2417 char *p;
2418
2419 if (!lp_client_plaintext_auth() && (*pass)) {
2420 DEBUG(1, ("Server requested plaintext password but 'client "
2421 "plaintext auth' is disabled\n"));
2422 return NT_STATUS_ACCESS_DENIED;
2423 }
2424
2425 memset(cli->outbuf,'\0',smb_size);
2426 memset(cli->inbuf,'\0',smb_size);
2427
2428 cli_set_message(cli->outbuf, 0, 0, True);
2429 SCVAL(cli->outbuf,smb_com,SMBtcon);
2430 cli_setup_packet(cli);
2431
2432 p = smb_buf(cli->outbuf);
2433 *p++ = 4; p += clistr_push(cli, p, service, -1, STR_TERMINATE | STR_NOALIGN);
2434 *p++ = 4; p += clistr_push(cli, p, pass, -1, STR_TERMINATE | STR_NOALIGN);
2435 *p++ = 4; p += clistr_push(cli, p, dev, -1, STR_TERMINATE | STR_NOALIGN);
2436
2437 cli_setup_bcc(cli, p);
2438
2439 cli_send_smb(cli);
2440 if (!cli_receive_smb(cli)) {
2441 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
2442 }
2443
2444 if (cli_is_error(cli)) {
2445 return cli_nt_error(cli);
2446 }
2447
2448 *max_xmit = SVAL(cli->inbuf, smb_vwv0);
2449 *tid = SVAL(cli->inbuf, smb_vwv1);
2450
2451 return NT_STATUS_OK;
2452 }
2453
2454 /* Return a cli_state pointing at the IPC$ share for the given server */
2455
2456 struct cli_state *get_ipc_connect(char *server,
2457 struct sockaddr_storage *server_ss,
2458 const struct user_auth_info *user_info)
2459 {
2460 struct cli_state *cli;
2461 NTSTATUS nt_status;
2462 uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
2463
2464 if (user_info->use_kerberos) {
2465 flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
2466 }
2467
2468 nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
2469 user_info->username ? user_info->username : "",
2470 lp_workgroup(),
2471 user_info->password ? user_info->password : "",
2472 flags,
2473 Undefined, NULL);
2474
2475 if (NT_STATUS_IS_OK(nt_status)) {
2476 return cli;
2477 } else if (is_ipaddress(server)) {
2478 /* windows 9* needs a correct NMB name for connections */
2479 fstring remote_name;
2480
2481 if (name_status_find("*", 0, 0, server_ss, remote_name)) {
2482 cli = get_ipc_connect(remote_name, server_ss, user_info);
2483 if (cli)
2484 return cli;
2485 }
2486 }
2487 return NULL;
2488 }
2489
2490 /*
2491 * Given the IP address of a master browser on the network, return its
2492 * workgroup and connect to it.
2493 *
2494 * This function is provided to allow additional processing beyond what
2495 * get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
2496 * browsers and obtain each master browsers' list of domains (in case the
2497 * first master browser is recently on the network and has not yet
2498 * synchronized with other master browsers and therefore does not yet have the
2499 * entire network browse list)
2500 */
2501
2502 struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
2503 struct ip_service *mb_ip,
2504 const struct user_auth_info *user_info,
2505 char **pp_workgroup_out)
2506 {
2507 char addr[INET6_ADDRSTRLEN];
2508 fstring name;
2509 struct cli_state *cli;
2510 struct sockaddr_storage server_ss;
2511
2512 *pp_workgroup_out = NULL;
2513
2514 print_sockaddr(addr, sizeof(addr), &mb_ip->ss);
2515 DEBUG(99, ("Looking up name of master browser %s\n",
2516 addr));
2517
2518 /*
2519 * Do a name status query to find out the name of the master browser.
2520 * We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
2521 * master browser will not respond to a wildcard query (or, at least,
2522 * an NT4 server acting as the domain master browser will not).
2523 *
2524 * We might be able to use ONLY the query on MSBROWSE, but that's not
2525 * yet been tested with all Windows versions, so until it is, leave
2526 * the original wildcard query as the first choice and fall back to
2527 * MSBROWSE if the wildcard query fails.
2528 */
2529 if (!name_status_find("*", 0, 0x1d, &mb_ip->ss, name) &&
2530 !name_status_find(MSBROWSE, 1, 0x1d, &mb_ip->ss, name)) {
2531
2532 DEBUG(99, ("Could not retrieve name status for %s\n",
2533 addr));
2534 return NULL;
2535 }
2536
2537 if (!find_master_ip(name, &server_ss)) {
2538 DEBUG(99, ("Could not find master ip for %s\n", name));
2539 return NULL;
2540 }
2541
2542 *pp_workgroup_out = talloc_strdup(ctx, name);
2543
2544 DEBUG(4, ("found master browser %s, %s\n", name, addr));
2545
2546 print_sockaddr(addr, sizeof(addr), &server_ss);
2547 cli = get_ipc_connect(addr, &server_ss, user_info);
2548
2549 return cli;
2550 }
2551
2552 /*
2553 * Return the IP address and workgroup of a master browser on the network, and
2554 * connect to it.
2555 */
2556
2557 struct cli_state *get_ipc_connect_master_ip_bcast(TALLOC_CTX *ctx,
2558 const struct user_auth_info *user_info,
2559 char **pp_workgroup_out)
2560 {
2561 struct ip_service *ip_list;
2562 struct cli_state *cli;
2563 int i, count;
2564
2565 *pp_workgroup_out = NULL;
2566
2567 DEBUG(99, ("Do broadcast lookup for workgroups on local network\n"));
2568
2569 /* Go looking for workgroups by broadcasting on the local network */
2570
2571 if (!NT_STATUS_IS_OK(name_resolve_bcast(MSBROWSE, 1, &ip_list,
2572 &count))) {
2573 DEBUG(99, ("No master browsers responded\n"));
2574 return False;
2575 }
2576
2577 for (i = 0; i < count; i++) {
2578 char addr[INET6_ADDRSTRLEN];
2579 print_sockaddr(addr, sizeof(addr), &ip_list[i].ss);
2580 DEBUG(99, ("Found master browser %s\n", addr));
2581
2582 cli = get_ipc_connect_master_ip(ctx, &ip_list[i],
2583 user_info, pp_workgroup_out);
2584 if (cli)
2585 return(cli);
2586 }
2587
2588 return NULL;
2589 }
reg import