X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=source3%2Flibsmb%2Fcliconnect.c;h=6e4003789272ad3f1974fd65de64a4b32c6a3c85;hb=93ed99d6ffb948e9ddde9ddc7280b33fc86adc75;hp=4f98f5c5e92c305b57d0bfd1cf4f1346621e848b;hpb=75d3b9ce08c964b9425a1b8a43ccaaa7a3f0aa26;p=mat%2Fsamba.git diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 4f98f5c5e9..6e40037892 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -22,7 +22,7 @@ #include "includes.h" #include "libsmb/libsmb.h" -#include "popt_common.h" +#include "auth_info.h" #include "../libcli/auth/libcli_auth.h" #include "../libcli/auth/spnego.h" #include "smb_krb5.h" @@ -108,7 +108,7 @@ static struct tevent_req *cli_session_setup_lanman2_send( uint16_t *vwv; uint8_t *bytes; char *tmp; - uint16_t sec_mode = cli_state_security_mode(cli); + uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn); req = tevent_req_create(mem_ctx, &state, struct cli_session_setup_lanman2_state); @@ -138,7 +138,7 @@ static struct tevent_req *cli_session_setup_lanman2_send( return tevent_req_post(req, ev); } - if (!SMBencrypt(pass, cli_state_server_challenge(cli), + if (!SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn), (uint8_t *)lm_response.data)) { DEBUG(1, ("Password is > 14 chars in length, and is " "therefore incompatible with Lanman " @@ -181,7 +181,7 @@ static struct tevent_req *cli_session_setup_lanman2_send( SSVAL(vwv+2, 0, CLI_BUFFER_SIZE); SSVAL(vwv+3, 0, 2); SSVAL(vwv+4, 0, 1); - SIVAL(vwv+5, 0, cli_state_server_session_key(cli)); + SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn)); SSVAL(vwv+7, 0, lm_response.length); bytes = talloc_array(state, uint8_t, lm_response.length); @@ -314,7 +314,7 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli, const char *use struct tevent_req *req; NTSTATUS status = NT_STATUS_NO_MEMORY; - if (cli_has_async_calls(cli)) { + if (smbXcli_conn_has_async_calls(cli->conn)) { /* * Can't use sync call while an async call is in flight */ @@ -346,7 +346,7 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli, const char *use static uint32_t cli_session_setup_capabilities(struct cli_state *cli, uint32_t sesssetup_capabilities) { - uint32_t client_capabilities = cli_state_capabilities(cli); + uint32_t client_capabilities = smb1cli_conn_capabilities(cli->conn); /* * We only send capabilities based on the mask for: @@ -406,7 +406,7 @@ struct tevent_req *cli_session_setup_guest_create(TALLOC_CTX *mem_ctx, SSVAL(vwv+2, 0, CLI_BUFFER_SIZE); SSVAL(vwv+3, 0, 2); SSVAL(vwv+4, 0, cli_state_get_vc_num(cli)); - SIVAL(vwv+5, 0, cli_state_server_session_key(cli)); + SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn)); SSVAL(vwv+7, 0, 0); SSVAL(vwv+8, 0, 0); SSVAL(vwv+9, 0, 0); @@ -551,7 +551,7 @@ static NTSTATUS cli_session_setup_guest(struct cli_state *cli) struct tevent_req *req; NTSTATUS status = NT_STATUS_OK; - if (cli_has_async_calls(cli)) { + if (smbXcli_conn_has_async_calls(cli->conn)) { /* * Can't use sync call while an async call is in flight */ @@ -621,7 +621,7 @@ static struct tevent_req *cli_session_setup_plain_send( SSVAL(vwv+2, 0, CLI_BUFFER_SIZE); SSVAL(vwv+3, 0, 2); SSVAL(vwv+4, 0, cli_state_get_vc_num(cli)); - SIVAL(vwv+5, 0, cli_state_server_session_key(cli)); + SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn)); SSVAL(vwv+7, 0, 0); SSVAL(vwv+8, 0, 0); SSVAL(vwv+9, 0, 0); @@ -756,7 +756,7 @@ static NTSTATUS cli_session_setup_plain(struct cli_state *cli, struct tevent_req *req; NTSTATUS status = NT_STATUS_NO_MEMORY; - if (cli_has_async_calls(cli)) { + if (smbXcli_conn_has_async_calls(cli->conn)) { /* * Can't use sync call while an async call is in flight */ @@ -834,7 +834,7 @@ static struct tevent_req *cli_session_setup_nt1_send( DATA_BLOB names_blob; server_chal = - data_blob_const(cli_state_server_challenge(cli), + data_blob_const(smb1cli_conn_server_challenge(cli->conn), 8); /* @@ -873,7 +873,7 @@ static struct tevent_req *cli_session_setup_nt1_send( return tevent_req_post(req, ev); } - SMBNTencrypt(pass, cli_state_server_challenge(cli), + SMBNTencrypt(pass, smb1cli_conn_server_challenge(cli->conn), nt_response.data); #endif /* non encrypted password supplied. Ignore ntpass. */ @@ -885,7 +885,7 @@ static struct tevent_req *cli_session_setup_nt1_send( } if (!SMBencrypt(pass, - cli_state_server_challenge(cli), + smb1cli_conn_server_challenge(cli->conn), lm_response.data)) { /* * Oops, the LM response is @@ -963,7 +963,7 @@ static struct tevent_req *cli_session_setup_nt1_send( SSVAL(vwv+2, 0, CLI_BUFFER_SIZE); SSVAL(vwv+3, 0, 2); SSVAL(vwv+4, 0, cli_state_get_vc_num(cli)); - SIVAL(vwv+5, 0, cli_state_server_session_key(cli)); + SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn)); SSVAL(vwv+7, 0, lm_response.length); SSVAL(vwv+8, 0, nt_response.length); SSVAL(vwv+9, 0, 0); @@ -1086,8 +1086,8 @@ static void cli_session_setup_nt1_done(struct tevent_req *subreq) if (tevent_req_nterror(req, status)) { return; } - if (cli_simple_set_signing(cli, state->session_key, state->response) - && !cli_check_sign_mac(cli, (char *)in, 1)) { + if (smb1cli_conn_activate_signing(cli->conn, state->session_key, state->response) + && !smb1cli_conn_check_signing(cli->conn, (uint8_t *)in, 1)) { tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); return; } @@ -1113,7 +1113,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, struct tevent_req *req; NTSTATUS status = NT_STATUS_NO_MEMORY; - if (cli_has_async_calls(cli)) { + if (smbXcli_conn_has_async_calls(cli->conn)) { /* * Can't use sync call while an async call is in flight */ @@ -1185,7 +1185,7 @@ static struct tevent_req *cli_sesssetup_blob_send(TALLOC_CTX *mem_ctx, state->blob = blob; state->cli = cli; - if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) { + if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) { usable_space = UINT16_MAX; } else { usable_space = cli_state_available_size(cli, @@ -1217,7 +1217,7 @@ static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state, thistime = MIN(state->blob.length, state->max_blob_size); - if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) { + if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) { state->smb2_blob.data = state->blob.data; state->smb2_blob.length = thistime; @@ -1232,7 +1232,7 @@ static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state, 0, /* in_flags */ SMB2_CAP_DFS, /* in_capabilities */ 0, /* in_channel */ - NULL, /* in_previous_session */ + 0, /* in_previous_session_id */ &state->smb2_blob); if (subreq == NULL) { return false; @@ -1298,7 +1298,7 @@ static void cli_sesssetup_blob_done(struct tevent_req *subreq) uint8_t *inbuf; ssize_t ret; - if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) { + if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) { status = smb2cli_session_setup_recv(subreq, state, &state->recv_iov, &state->ret_blob); @@ -1316,7 +1316,7 @@ static void cli_sesssetup_blob_done(struct tevent_req *subreq) state->status = status; - if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) { + if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) { goto next; } @@ -1481,7 +1481,7 @@ static struct tevent_req *cli_session_setup_kerberos_send( state->negTokenTarg.length); #endif - if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) { + if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) { state->cli->smb2.session = smbXcli_session_create(cli, cli->conn); if (tevent_req_nomem(state->cli->smb2.session, req)) { @@ -1517,18 +1517,18 @@ static void cli_session_setup_kerberos_done(struct tevent_req *subreq) cli_set_session_key(state->cli, state->session_key_krb5); - if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) { + if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) { struct smbXcli_session *session = state->cli->smb2.session; - status = smb2cli_session_update_session_key(session, + status = smb2cli_session_set_session_key(session, state->session_key_krb5, recv_iov); if (tevent_req_nterror(req, status)) { return; } } else { - if (cli_simple_set_signing(state->cli, state->session_key_krb5, + if (smb1cli_conn_activate_signing(state->cli->conn, state->session_key_krb5, data_blob_null) - && !cli_check_sign_mac(state->cli, inbuf, 1)) { + && !smb1cli_conn_check_signing(state->cli->conn, (uint8_t *)inbuf, 1)) { tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); return; } @@ -1556,7 +1556,7 @@ static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, struct tevent_req *req; ADS_STATUS status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - if (cli_has_async_calls(cli)) { + if (smbXcli_conn_has_async_calls(cli->conn)) { return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } ev = tevent_context_init(talloc_tos()); @@ -1659,7 +1659,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send( state->blob_out = spnego_gen_negTokenInit(state, OIDs_ntlm, &blob_out, NULL); data_blob_free(&blob_out); - if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) { + if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) { state->cli->smb2.session = smbXcli_session_create(cli, cli->conn); if (tevent_req_nomem(state->cli->smb2.session, req)) { @@ -1708,19 +1708,35 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq) cli_set_session_key( state->cli, state->ntlmssp_state->session_key); - if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) { + if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) { struct smbXcli_session *session = state->cli->smb2.session; - status = smb2cli_session_update_session_key(session, + + if (ntlmssp_is_anonymous(state->ntlmssp_state)) { + /* + * Windows server does not set the + * SMB2_SESSION_FLAG_IS_GUEST nor + * SMB2_SESSION_FLAG_IS_NULL flag. + * + * This fix makes sure we do not try + * to verify a signature on the final + * session setup response. + */ + TALLOC_FREE(state->ntlmssp_state); + tevent_req_done(req); + return; + } + + status = smb2cli_session_set_session_key(session, state->ntlmssp_state->session_key, recv_iov); if (tevent_req_nterror(req, status)) { return; } } else { - if (cli_simple_set_signing( - state->cli, state->ntlmssp_state->session_key, + if (smb1cli_conn_activate_signing( + state->cli->conn, state->ntlmssp_state->session_key, data_blob_null) - && !cli_check_sign_mac(state->cli, inbuf, 1)) { + && !smb1cli_conn_check_signing(state->cli->conn, (uint8_t *)inbuf, 1)) { tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); return; } @@ -1807,7 +1823,7 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, struct tevent_req *req; NTSTATUS status = NT_STATUS_NO_MEMORY; - if (cli_has_async_calls(cli)) { + if (smbXcli_conn_has_async_calls(cli->conn)) { return NT_STATUS_INVALID_PARAMETER; } ev = tevent_context_init(talloc_tos()); @@ -1849,7 +1865,7 @@ static ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, char *account = NULL; NTSTATUS status; - server_blob = cli_state_server_gss_blob(cli); + server_blob = smbXcli_conn_server_gss_blob(cli->conn); if (server_blob) { blob = data_blob(server_blob->data, server_blob->length); } @@ -1904,7 +1920,7 @@ static ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, if (user && *user && cli->got_kerberos_mechanism && cli->use_kerberos) { ADS_STATUS rc; - const char *remote_name = cli_state_remote_name(cli); + const char *remote_name = smbXcli_conn_remote_name(cli->conn); if (pass && *pass) { int ret; @@ -1931,56 +1947,31 @@ static ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, !is_ipaddress(remote_name) && !strequal(STAR_SMBSERVER, remote_name)) { - char *realm = NULL; - char *host = NULL; DEBUG(3,("cli_session_setup_spnego: using target " "hostname not SPNEGO principal\n")); - host = strchr_m(remote_name, '.'); if (dest_realm) { - realm = SMB_STRDUP(dest_realm); - if (!realm) { - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + char *realm = strupper_talloc(talloc_tos(), dest_realm); + if (realm) { + principal = talloc_asprintf(talloc_tos(), + "cifs/%s@%s", + remote_name, + realm); + TALLOC_FREE(realm); } - strupper_m(realm); } else { - if (host) { - /* DNS name. */ - realm = kerberos_get_realm_from_hostname(remote_name); - } else { - /* NetBIOS name - use our realm. */ - realm = kerberos_get_default_realm_from_ccache(); - } - } - - if (realm == NULL || *realm == '\0') { - realm = SMB_STRDUP(lp_realm()); - if (!realm) { - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - strupper_m(realm); - DEBUG(3,("cli_session_setup_spnego: cannot " - "get realm from dest_realm %s, " - "desthost %s. Using default " - "smb.conf realm %s\n", - dest_realm ? dest_realm : "", - remote_name, - realm)); + principal = kerberos_get_principal_from_service_hostname(talloc_tos(), + "cifs", + remote_name, + lp_realm()); } - principal = talloc_asprintf(talloc_tos(), - "cifs/%s@%s", - remote_name, - realm); if (!principal) { - SAFE_FREE(realm); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } DEBUG(3,("cli_session_setup_spnego: guessed " "server principal=%s\n", principal ? principal : "")); - - SAFE_FREE(realm); } if (principal) { @@ -2026,7 +2017,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli, { char *p; char *user2; - uint16_t sec_mode = cli_state_security_mode(cli); + uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn); if (user) { user2 = talloc_strdup(talloc_tos(), user); @@ -2050,7 +2041,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli, workgroup = user2; } - if (cli_state_protocol(cli) < PROTOCOL_LANMAN1) { + if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_LANMAN1) { return NT_STATUS_OK; } @@ -2060,7 +2051,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli, /* if its an older server then we have to use the older request format */ - if (cli_state_protocol(cli) < PROTOCOL_NT1) { + if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1) { if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) { DEBUG(1, ("Server requested LM password but 'client lanman auth = no'" " or 'client ntlmv2 auth = yes'\n")); @@ -2078,7 +2069,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli, workgroup); } - if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) { + if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) { const char *remote_realm = cli_state_remote_realm(cli); ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup, @@ -2117,7 +2108,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli, /* if the server supports extended security then use SPNEGO */ - if (cli_state_capabilities(cli) & CAP_EXTENDED_SECURITY) { + if (smb1cli_conn_capabilities(cli->conn) & CAP_EXTENDED_SECURITY) { const char *remote_realm = cli_state_remote_realm(cli); ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup, @@ -2207,7 +2198,7 @@ NTSTATUS cli_ulogoff(struct cli_state *cli) struct tevent_req *req; NTSTATUS status = NT_STATUS_NO_MEMORY; - if (cli_has_async_calls(cli)) { + if (smbXcli_conn_has_async_calls(cli->conn)) { return NT_STATUS_INVALID_PARAMETER; } ev = tevent_context_init(talloc_tos()); @@ -2252,7 +2243,7 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx, uint16_t *vwv; char *tmp = NULL; uint8_t *bytes; - uint16_t sec_mode = cli_state_security_mode(cli); + uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn); *psmbreq = NULL; @@ -2291,7 +2282,7 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx, * Non-encrypted passwords - convert to DOS codepage before * encryption. */ - SMBencrypt(pass, cli_state_server_challenge(cli), p24); + SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn), p24); passlen = 24; pass = (const char *)p24; } else { @@ -2344,7 +2335,7 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx, * Add the sharename */ tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s", - cli_state_remote_name(cli), share); + smbXcli_conn_remote_name(cli->conn), share); if (tmp == NULL) { TALLOC_FREE(req); return NULL; @@ -2456,7 +2447,7 @@ static void cli_tcon_andx_done(struct tevent_req *subreq) } } - if ((cli_state_protocol(cli) >= PROTOCOL_NT1) && (num_bytes == 3)) { + if ((smbXcli_conn_protocol(cli->conn) >= PROTOCOL_NT1) && (num_bytes == 3)) { /* almost certainly win95 - enable bug fixes */ cli->win95 = True; } @@ -2468,7 +2459,7 @@ static void cli_tcon_andx_done(struct tevent_req *subreq) cli->dfsroot = false; - if ((wct > 2) && (cli_state_protocol(cli) >= PROTOCOL_LANMAN2)) { + if ((wct > 2) && (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_LANMAN2)) { cli->dfsroot = ((SVAL(vwv+2, 0) & SMB_SHARE_IN_DFS) != 0); } @@ -2489,7 +2480,7 @@ NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share, struct tevent_req *req; NTSTATUS status = NT_STATUS_OK; - if (cli_has_async_calls(cli)) { + if (smbXcli_conn_has_async_calls(cli->conn)) { /* * Can't use sync call while an async call is in flight */ @@ -2528,7 +2519,7 @@ NTSTATUS cli_tree_connect(struct cli_state *cli, const char *share, return NT_STATUS_NO_MEMORY; } - if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) { + if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) { return smb2cli_tcon(cli, share); } @@ -2595,7 +2586,7 @@ NTSTATUS cli_tdis(struct cli_state *cli) struct tevent_req *req; NTSTATUS status = NT_STATUS_NO_MEMORY; - if (cli_has_async_calls(cli)) { + if (smbXcli_conn_has_async_calls(cli->conn)) { return NT_STATUS_INVALID_PARAMETER; } ev = tevent_context_init(talloc_tos()); @@ -2615,27 +2606,6 @@ fail: return status; } -struct tevent_req *cli_negprot_send(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct cli_state *cli, - enum protocol_types max_protocol) -{ - return smbXcli_negprot_send(mem_ctx, ev, - cli->conn, cli->timeout, - PROTOCOL_CORE, max_protocol); -} - -NTSTATUS cli_negprot_recv(struct tevent_req *req) -{ - return smbXcli_negprot_recv(req); -} - -NTSTATUS cli_negprot(struct cli_state *cli, enum protocol_types max_protocol) -{ - return smbXcli_negprot(cli->conn, cli->timeout, - PROTOCOL_CORE, max_protocol); -} - static NTSTATUS cli_connect_sock(const char *host, int name_type, const struct sockaddr_storage *pss, const char *myname, uint16_t port, @@ -2777,7 +2747,8 @@ NTSTATUS cli_start_connection(struct cli_state **output_cli, return nt_status; } - nt_status = cli_negprot(cli, PROTOCOL_NT1); + nt_status = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE, + PROTOCOL_NT1); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status))); cli_shutdown(cli);