#include "includes.h"
#include "libsmb/libsmb.h"
-#include "popt_common.h"
+#include "auth_info.h"
#include "../libcli/auth/libcli_auth.h"
#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
uint16_t *vwv;
uint8_t *bytes;
char *tmp;
- uint16_t sec_mode = cli_state_security_mode(cli);
+ uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
req = tevent_req_create(mem_ctx, &state,
struct cli_session_setup_lanman2_state);
return tevent_req_post(req, ev);
}
- if (!SMBencrypt(pass, cli_state_server_challenge(cli),
+ if (!SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn),
(uint8_t *)lm_response.data)) {
DEBUG(1, ("Password is > 14 chars in length, and is "
"therefore incompatible with Lanman "
SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
SSVAL(vwv+3, 0, 2);
SSVAL(vwv+4, 0, 1);
- SIVAL(vwv+5, 0, cli_state_server_session_key(cli));
+ SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
SSVAL(vwv+7, 0, lm_response.length);
bytes = talloc_array(state, uint8_t, lm_response.length);
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
* Can't use sync call while an async call is in flight
*/
static uint32_t cli_session_setup_capabilities(struct cli_state *cli,
uint32_t sesssetup_capabilities)
{
- uint32_t client_capabilities = cli_state_capabilities(cli);
+ uint32_t client_capabilities = smb1cli_conn_capabilities(cli->conn);
/*
* We only send capabilities based on the mask for:
SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
SSVAL(vwv+3, 0, 2);
SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
- SIVAL(vwv+5, 0, cli_state_server_session_key(cli));
+ SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
SSVAL(vwv+7, 0, 0);
SSVAL(vwv+8, 0, 0);
SSVAL(vwv+9, 0, 0);
struct tevent_req *req;
NTSTATUS status = NT_STATUS_OK;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
* Can't use sync call while an async call is in flight
*/
SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
SSVAL(vwv+3, 0, 2);
SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
- SIVAL(vwv+5, 0, cli_state_server_session_key(cli));
+ SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
SSVAL(vwv+7, 0, 0);
SSVAL(vwv+8, 0, 0);
SSVAL(vwv+9, 0, 0);
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
* Can't use sync call while an async call is in flight
*/
DATA_BLOB names_blob;
server_chal =
- data_blob_const(cli_state_server_challenge(cli),
+ data_blob_const(smb1cli_conn_server_challenge(cli->conn),
8);
/*
return tevent_req_post(req, ev);
}
- SMBNTencrypt(pass, cli_state_server_challenge(cli),
+ SMBNTencrypt(pass, smb1cli_conn_server_challenge(cli->conn),
nt_response.data);
#endif
/* non encrypted password supplied. Ignore ntpass. */
}
if (!SMBencrypt(pass,
- cli_state_server_challenge(cli),
+ smb1cli_conn_server_challenge(cli->conn),
lm_response.data)) {
/*
* Oops, the LM response is
SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
SSVAL(vwv+3, 0, 2);
SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
- SIVAL(vwv+5, 0, cli_state_server_session_key(cli));
+ SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
SSVAL(vwv+7, 0, lm_response.length);
SSVAL(vwv+8, 0, nt_response.length);
SSVAL(vwv+9, 0, 0);
if (tevent_req_nterror(req, status)) {
return;
}
- if (cli_simple_set_signing(cli, state->session_key, state->response)
- && !cli_check_sign_mac(cli, (char *)in, 1)) {
+ if (smb1cli_conn_activate_signing(cli->conn, state->session_key, state->response)
+ && !smb1cli_conn_check_signing(cli->conn, (uint8_t *)in, 1)) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
* Can't use sync call while an async call is in flight
*/
state->blob = blob;
state->cli = cli;
- if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
usable_space = UINT16_MAX;
} else {
usable_space = cli_state_available_size(cli,
thistime = MIN(state->blob.length, state->max_blob_size);
- if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
state->smb2_blob.data = state->blob.data;
state->smb2_blob.length = thistime;
0, /* in_flags */
SMB2_CAP_DFS, /* in_capabilities */
0, /* in_channel */
- NULL, /* in_previous_session */
+ 0, /* in_previous_session_id */
&state->smb2_blob);
if (subreq == NULL) {
return false;
uint8_t *inbuf;
ssize_t ret;
- if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
status = smb2cli_session_setup_recv(subreq, state,
&state->recv_iov,
&state->ret_blob);
state->status = status;
- if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
goto next;
}
state->negTokenTarg.length);
#endif
- if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
state->cli->smb2.session = smbXcli_session_create(cli,
cli->conn);
if (tevent_req_nomem(state->cli->smb2.session, req)) {
cli_set_session_key(state->cli, state->session_key_krb5);
- if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
struct smbXcli_session *session = state->cli->smb2.session;
- status = smb2cli_session_update_session_key(session,
+ status = smb2cli_session_set_session_key(session,
state->session_key_krb5,
recv_iov);
if (tevent_req_nterror(req, status)) {
return;
}
} else {
- if (cli_simple_set_signing(state->cli, state->session_key_krb5,
+ if (smb1cli_conn_activate_signing(state->cli->conn, state->session_key_krb5,
data_blob_null)
- && !cli_check_sign_mac(state->cli, inbuf, 1)) {
+ && !smb1cli_conn_check_signing(state->cli->conn, (uint8_t *)inbuf, 1)) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
struct tevent_req *req;
ADS_STATUS status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
ev = tevent_context_init(talloc_tos());
state->blob_out = spnego_gen_negTokenInit(state, OIDs_ntlm, &blob_out, NULL);
data_blob_free(&blob_out);
- if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
state->cli->smb2.session = smbXcli_session_create(cli,
cli->conn);
if (tevent_req_nomem(state->cli->smb2.session, req)) {
cli_set_session_key(
state->cli, state->ntlmssp_state->session_key);
- if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
struct smbXcli_session *session = state->cli->smb2.session;
- status = smb2cli_session_update_session_key(session,
+
+ if (ntlmssp_is_anonymous(state->ntlmssp_state)) {
+ /*
+ * Windows server does not set the
+ * SMB2_SESSION_FLAG_IS_GUEST nor
+ * SMB2_SESSION_FLAG_IS_NULL flag.
+ *
+ * This fix makes sure we do not try
+ * to verify a signature on the final
+ * session setup response.
+ */
+ TALLOC_FREE(state->ntlmssp_state);
+ tevent_req_done(req);
+ return;
+ }
+
+ status = smb2cli_session_set_session_key(session,
state->ntlmssp_state->session_key,
recv_iov);
if (tevent_req_nterror(req, status)) {
return;
}
} else {
- if (cli_simple_set_signing(
- state->cli, state->ntlmssp_state->session_key,
+ if (smb1cli_conn_activate_signing(
+ state->cli->conn, state->ntlmssp_state->session_key,
data_blob_null)
- && !cli_check_sign_mac(state->cli, inbuf, 1)) {
+ && !smb1cli_conn_check_signing(state->cli->conn, (uint8_t *)inbuf, 1)) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
return NT_STATUS_INVALID_PARAMETER;
}
ev = tevent_context_init(talloc_tos());
char *account = NULL;
NTSTATUS status;
- server_blob = cli_state_server_gss_blob(cli);
+ server_blob = smbXcli_conn_server_gss_blob(cli->conn);
if (server_blob) {
blob = data_blob(server_blob->data, server_blob->length);
}
if (user && *user && cli->got_kerberos_mechanism && cli->use_kerberos) {
ADS_STATUS rc;
- const char *remote_name = cli_state_remote_name(cli);
+ const char *remote_name = smbXcli_conn_remote_name(cli->conn);
if (pass && *pass) {
int ret;
} else {
principal = kerberos_get_principal_from_service_hostname(talloc_tos(),
"cifs",
- remote_name);
+ remote_name,
+ lp_realm());
}
if (!principal) {
{
char *p;
char *user2;
- uint16_t sec_mode = cli_state_security_mode(cli);
+ uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
if (user) {
user2 = talloc_strdup(talloc_tos(), user);
workgroup = user2;
}
- if (cli_state_protocol(cli) < PROTOCOL_LANMAN1) {
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_LANMAN1) {
return NT_STATUS_OK;
}
/* if its an older server then we have to use the older request format */
- if (cli_state_protocol(cli) < PROTOCOL_NT1) {
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1) {
if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
DEBUG(1, ("Server requested LM password but 'client lanman auth = no'"
" or 'client ntlmv2 auth = yes'\n"));
workgroup);
}
- if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
const char *remote_realm = cli_state_remote_realm(cli);
ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
workgroup,
/* if the server supports extended security then use SPNEGO */
- if (cli_state_capabilities(cli) & CAP_EXTENDED_SECURITY) {
+ if (smb1cli_conn_capabilities(cli->conn) & CAP_EXTENDED_SECURITY) {
const char *remote_realm = cli_state_remote_realm(cli);
ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
workgroup,
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
return NT_STATUS_INVALID_PARAMETER;
}
ev = tevent_context_init(talloc_tos());
uint16_t *vwv;
char *tmp = NULL;
uint8_t *bytes;
- uint16_t sec_mode = cli_state_security_mode(cli);
+ uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
*psmbreq = NULL;
* Non-encrypted passwords - convert to DOS codepage before
* encryption.
*/
- SMBencrypt(pass, cli_state_server_challenge(cli), p24);
+ SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn), p24);
passlen = 24;
pass = (const char *)p24;
} else {
* Add the sharename
*/
tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s",
- cli_state_remote_name(cli), share);
+ smbXcli_conn_remote_name(cli->conn), share);
if (tmp == NULL) {
TALLOC_FREE(req);
return NULL;
}
}
- if ((cli_state_protocol(cli) >= PROTOCOL_NT1) && (num_bytes == 3)) {
+ if ((smbXcli_conn_protocol(cli->conn) >= PROTOCOL_NT1) && (num_bytes == 3)) {
/* almost certainly win95 - enable bug fixes */
cli->win95 = True;
}
cli->dfsroot = false;
- if ((wct > 2) && (cli_state_protocol(cli) >= PROTOCOL_LANMAN2)) {
+ if ((wct > 2) && (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_LANMAN2)) {
cli->dfsroot = ((SVAL(vwv+2, 0) & SMB_SHARE_IN_DFS) != 0);
}
struct tevent_req *req;
NTSTATUS status = NT_STATUS_OK;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
* Can't use sync call while an async call is in flight
*/
return NT_STATUS_NO_MEMORY;
}
- if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
return smb2cli_tcon(cli, share);
}
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
return NT_STATUS_INVALID_PARAMETER;
}
ev = tevent_context_init(talloc_tos());
return status;
}
-struct tevent_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct cli_state *cli,
- enum protocol_types max_protocol)
-{
- return smbXcli_negprot_send(mem_ctx, ev,
- cli->conn, cli->timeout,
- PROTOCOL_CORE, max_protocol);
-}
-
-NTSTATUS cli_negprot_recv(struct tevent_req *req)
-{
- return smbXcli_negprot_recv(req);
-}
-
-NTSTATUS cli_negprot(struct cli_state *cli, enum protocol_types max_protocol)
-{
- return smbXcli_negprot(cli->conn, cli->timeout,
- PROTOCOL_CORE, max_protocol);
-}
-
static NTSTATUS cli_connect_sock(const char *host, int name_type,
const struct sockaddr_storage *pss,
const char *myname, uint16_t port,
return nt_status;
}
- nt_status = cli_negprot(cli, PROTOCOL_NT1);
+ nt_status = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE,
+ PROTOCOL_NT1);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status)));
cli_shutdown(cli);