X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=source3%2Flibsmb%2Fclidfs.c;h=2e4a3b8ef126c9e0d92be72d4b23c5ab90b087ef;hb=37f0e3722cea3ff433d2c95d697e38693c676ae0;hp=a445649aeda5cd9cf814c40f281c3f71b742386c;hpb=b7d5cd90d5eed90023b0266db386515ece911652;p=mat%2Fsamba.git

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index a445649aed..2e4a3b8ef1 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -25,6 +25,7 @@
 #include "msdfs.h"
 #include "trans2.h"
 #include "libsmb/nmblib.h"
+#include "../libcli/smb/smbXcli_base.h"
 
 /********************************************************************
  Important point.
@@ -47,7 +48,23 @@ NTSTATUS cli_cm_force_encryption(struct cli_state *c,
 			const char *domain,
 			const char *sharename)
 {
-	NTSTATUS status = cli_force_encryption(c,
+	NTSTATUS status;
+
+	if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
+		status = smb2cli_session_encryption_on(c->smb2.session);
+		if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
+			d_printf("Encryption required and "
+				"server doesn't support "
+				"SMB3 encryption - failing connect\n");
+		} else if (!NT_STATUS_IS_OK(status)) {
+			d_printf("Encryption required and "
+				"setup failed with error %s.\n",
+				nt_errstr(status));
+		}
+		return status;
+	}
+
+	status = cli_force_encryption(c,
 					username,
 					password,
 					domain);
@@ -95,6 +112,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 	const char *username;
 	const char *password;
 	NTSTATUS status;
+	int flags = 0;
 
 	/* make a copy so we don't modify the global string 'service' */
 	servicename = talloc_strdup(ctx,share);
@@ -118,9 +136,23 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	if (get_cmdline_auth_info_use_kerberos(auth_info)) {
+		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+	}
+	if (get_cmdline_auth_info_fallback_after_kerberos(auth_info)) {
+		flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+	}
+	if (get_cmdline_auth_info_use_ccache(auth_info)) {
+		flags |= CLI_FULL_CONNECTION_USE_CCACHE;
+	}
+	if (get_cmdline_auth_info_use_pw_nt_hash(auth_info)) {
+		flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
+	}
+
 	status = cli_connect_nb(
 		server, NULL, port, name_type, NULL,
-		get_cmdline_auth_info_signing_state(auth_info), &c);
+		get_cmdline_auth_info_signing_state(auth_info),
+		flags, &c);
 
 	if (!NT_STATUS_IS_OK(status)) {
 		d_printf("Connection to %s failed (Error %s)\n",
@@ -132,15 +164,11 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 	if (max_protocol == 0) {
 		max_protocol = PROTOCOL_NT1;
 	}
-	c->protocol = max_protocol;
-	c->use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info);
-	c->fallback_after_kerberos =
-		get_cmdline_auth_info_fallback_after_kerberos(auth_info);
-	c->use_ccache = get_cmdline_auth_info_use_ccache(auth_info);
-
 	DEBUG(4,(" session request ok\n"));
 
-	status = cli_negprot(c);
+	status = smbXcli_negprot(c->conn, c->timeout,
+				 lp_cli_minprotocol(),
+				 max_protocol);
 
 	if (!NT_STATUS_IS_OK(status)) {
 		d_printf("protocol negotiation failed: %s\n",
@@ -149,6 +177,11 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 		return status;
 	}
 
+	if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
+		/* Ensure we ask for some initial credits. */
+		smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
+	}
+
 	username = get_cmdline_auth_info_username(auth_info);
 	password = get_cmdline_auth_info_password(auth_info);
 
@@ -167,8 +200,8 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 					       lp_workgroup()))) {
 			d_printf("session setup failed: %s\n",
 				 nt_errstr(status));
-			if (NT_STATUS_V(cli_nt_error(c)) ==
-			    NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
+			if (NT_STATUS_EQUAL(status,
+					    NT_STATUS_MORE_PROCESSING_REQUIRED))
 				d_printf("did you forget to run kinit?\n");
 			cli_shutdown(c);
 			return status;
@@ -201,7 +234,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 	   here before trying to connect to the original share.
 	   cli_check_msdfs_proxy() will fail if it is a normal share. */
 
-	if ((cli_state_capabilities(c) & CAP_DFS) &&
+	if (smbXcli_conn_dfs_supported(c->conn) &&
 			cli_check_msdfs_proxy(ctx, c, sharename,
 				&newserver, &newshare,
 				force_encrypt,
@@ -217,8 +250,8 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 
 	/* must be a normal share */
 
-	status = cli_tcon_andx(c, sharename, "?????",
-			       password, strlen(password)+1);
+	status = cli_tree_connect(c, sharename, "?????",
+				  password, strlen(password)+1);
 	if (!NT_STATUS_IS_OK(status)) {
 		d_printf("tree connect failed: %s\n", nt_errstr(status));
 		cli_shutdown(c);
@@ -323,7 +356,7 @@ static struct cli_state *cli_cm_find(struct cli_state *cli,
 	/* Search to the start of the list. */
 	for (p = cli; p; p = DLIST_PREV(p)) {
 		const char *remote_name =
-			cli_state_remote_name(p);
+			smbXcli_conn_remote_name(p->conn);
 
 		if (strequal(server, remote_name) &&
 				strequal(share,p->share)) {
@@ -334,7 +367,7 @@ static struct cli_state *cli_cm_find(struct cli_state *cli,
 	/* Search to the end of the list. */
 	for (p = cli->next; p; p = p->next) {
 		const char *remote_name =
-			cli_state_remote_name(p);
+			smbXcli_conn_remote_name(p->conn);
 
 		if (strequal(server, remote_name) &&
 				strequal(share,p->share)) {
@@ -406,7 +439,7 @@ void cli_cm_display(struct cli_state *cli)
 
 	for (i=0; cli; cli = cli->next,i++ ) {
 		d_printf("%d:\tserver=%s, share=%s\n",
-			i, cli_state_remote_name(cli), cli->share);
+			i, smbXcli_conn_remote_name(cli->conn), cli->share);
 	}
 }
 
@@ -573,7 +606,7 @@ static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
 	}
 	return talloc_asprintf(ctx, "%c%s%c%s%c%s",
 			path_sep,
-			cli_state_remote_name(cli),
+			smbXcli_conn_remote_name(cli->conn),
 			path_sep,
 			cli->share,
 			path_sep,
@@ -589,10 +622,10 @@ static bool cli_dfs_check_error(struct cli_state *cli, NTSTATUS expected,
 {
 	/* only deal with DS when we negotiated NT_STATUS codes and UNICODE */
 
-	if (!(cli_state_capabilities(cli) & CAP_UNICODE)) {
+	if (!(smbXcli_conn_use_unicode(cli->conn))) {
 		return false;
 	}
-	if (!(cli_state_capabilities(cli) & CAP_STATUS32)) {
+	if (!(smb1cli_conn_capabilities(cli->conn) & CAP_STATUS32)) {
 		return false;
 	}
 	if (NT_STATUS_EQUAL(status, expected)) {
@@ -640,7 +673,7 @@ NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
 	}
 	SSVAL(param, 0, 0x03);	/* max referral level */
 
-	param = trans2_bytes_push_str(param, cli_ucs2(cli),
+	param = trans2_bytes_push_str(param, smbXcli_conn_use_unicode(cli->conn),
 				      path, strlen(path)+1,
 				      NULL);
 	if (!param) {
@@ -654,7 +687,7 @@ NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
 			   NULL, 0xffff, 0, 0,
 			   setup, 1, 0,
 			   param, param_len, 2,
-			   NULL, 0, cli->max_xmit,
+			   NULL, 0, CLI_BUFFER_SIZE,
 			   &recv_flags2,
 			   NULL, 0, NULL, /* rsetup */
 			   NULL, 0, NULL,
@@ -789,6 +822,8 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
 	SMB_STRUCT_STAT sbuf;
 	uint32 attributes;
 	NTSTATUS status;
+	struct smbXcli_tcon *root_tcon = NULL;
+	struct smbXcli_tcon *target_tcon = NULL;
 
 	if ( !rootcli || !path || !targetcli ) {
 		return NT_STATUS_INVALID_PARAMETER;
@@ -796,7 +831,13 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
 
 	/* Don't do anything if this is not a DFS root. */
 
-	if ( !rootcli->dfsroot) {
+	if (smbXcli_conn_protocol(rootcli->conn) >= PROTOCOL_SMB2_02) {
+		root_tcon = rootcli->smb2.tcon;
+	} else {
+		root_tcon = rootcli->smb1.tcon;
+	}
+
+	if (!smbXcli_tcon_is_dfs_share(root_tcon)) {
 		*targetcli = rootcli;
 		*pp_targetpath = talloc_strdup(ctx, path);
 		if (!*pp_targetpath) {
@@ -853,12 +894,12 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
 
 	status = cli_cm_open(ctx,
 			     rootcli,
-			     cli_state_remote_name(rootcli),
+			     smbXcli_conn_remote_name(rootcli->conn),
 			     "IPC$",
 			     dfs_auth_info,
 			     false,
-			     cli_state_encryption_on(rootcli),
-			     cli_state_protocol(rootcli),
+			     smb1cli_conn_encryption_on(rootcli->conn),
+			     smbXcli_conn_protocol(rootcli->conn),
 			     0,
 			     0x20,
 			     &cli_ipc);
@@ -908,8 +949,8 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
 			     share,
 			     dfs_auth_info,
 			     false,
-			     cli_state_encryption_on(rootcli),
-			     cli_state_protocol(rootcli),
+			     smb1cli_conn_encryption_on(rootcli->conn),
+			     smbXcli_conn_protocol(rootcli->conn),
 			     0,
 			     0x20,
 			     targetcli);
@@ -996,8 +1037,14 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
 
   done:
 
+	if (smbXcli_conn_protocol((*targetcli)->conn) >= PROTOCOL_SMB2_02) {
+		target_tcon = (*targetcli)->smb2.tcon;
+	} else {
+		target_tcon = (*targetcli)->smb1.tcon;
+	}
+
 	/* If returning true ensure we return a dfs root full path. */
-	if ((*targetcli)->dfsroot) {
+	if (smbXcli_tcon_is_dfs_share(target_tcon)) {
 		dfs_path = talloc_strdup(ctx, *pp_targetpath);
 		if (!dfs_path) {
 			return NT_STATUS_NO_MEMORY;
@@ -1038,7 +1085,7 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
 		return false;
 	}
 
-	remote_name = cli_state_remote_name(cli);
+	remote_name = smbXcli_conn_remote_name(cli->conn);
 	cnum = cli_state_get_tid(cli);
 
 	/* special case.  never check for a referral on the IPC$ share */
@@ -1056,7 +1103,7 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
 
 	/* check for the referral */
 
-	if (!NT_STATUS_IS_OK(cli_tcon_andx(cli, "IPC$", "IPC", NULL, 0))) {
+	if (!NT_STATUS_IS_OK(cli_tree_connect(cli, "IPC$", "IPC", NULL, 0))) {
 		return false;
 	}