Make cli_session_setup_guest chainable
[ira/wip.git] / source3 / libsmb / cliconnect.c
1 /* 
2    Unix SMB/CIFS implementation.
3    client connect/disconnect routines
4    Copyright (C) Andrew Tridgell 1994-1998
5    Copyright (C) Andrew Bartlett 2001-2003
6    
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11    
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16    
17    You should have received a copy of the GNU General Public License
18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "../libcli/auth/libcli_auth.h"
23
24 static const struct {
25         int prot;
26         const char name[24];
27 } prots[10] = {
28         {PROTOCOL_CORE,         "PC NETWORK PROGRAM 1.0"},
29         {PROTOCOL_COREPLUS,     "MICROSOFT NETWORKS 1.03"},
30         {PROTOCOL_LANMAN1,      "MICROSOFT NETWORKS 3.0"},
31         {PROTOCOL_LANMAN1,      "LANMAN1.0"},
32         {PROTOCOL_LANMAN2,      "LM1.2X002"},
33         {PROTOCOL_LANMAN2,      "DOS LANMAN2.1"},
34         {PROTOCOL_LANMAN2,      "LANMAN2.1"},
35         {PROTOCOL_LANMAN2,      "Samba"},
36         {PROTOCOL_NT1,          "NT LANMAN 1.0"},
37         {PROTOCOL_NT1,          "NT LM 0.12"},
38 };
39
40 #define STAR_SMBSERVER "*SMBSERVER"
41
42 /**
43  * Set the user session key for a connection
44  * @param cli The cli structure to add it too
45  * @param session_key The session key used.  (A copy of this is taken for the cli struct)
46  *
47  */
48
49 static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB session_key) 
50 {
51         cli->user_session_key = data_blob(session_key.data, session_key.length);
52 }
53
54 /****************************************************************************
55  Do an old lanman2 style session setup.
56 ****************************************************************************/
57
58 static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
59                                           const char *user, 
60                                           const char *pass, size_t passlen,
61                                           const char *workgroup)
62 {
63         DATA_BLOB session_key = data_blob_null;
64         DATA_BLOB lm_response = data_blob_null;
65         NTSTATUS status;
66         fstring pword;
67         char *p;
68
69         if (passlen > sizeof(pword)-1) {
70                 return NT_STATUS_INVALID_PARAMETER;
71         }
72
73         /* LANMAN servers predate NT status codes and Unicode and ignore those 
74            smb flags so we must disable the corresponding default capabilities  
75            that would otherwise cause the Unicode and NT Status flags to be
76            set (and even returned by the server) */
77
78         cli->capabilities &= ~(CAP_UNICODE | CAP_STATUS32);
79
80         /* if in share level security then don't send a password now */
81         if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
82                 passlen = 0;
83
84         if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) {
85                 /* Encrypted mode needed, and non encrypted password supplied. */
86                 lm_response = data_blob(NULL, 24);
87                 if (!SMBencrypt(pass, cli->secblob.data,(uchar *)lm_response.data)) {
88                         DEBUG(1, ("Password is > 14 chars in length, and is therefore incompatible with Lanman authentication\n"));
89                         return NT_STATUS_ACCESS_DENIED;
90                 }
91         } else if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen == 24) {
92                 /* Encrypted mode needed, and encrypted password supplied. */
93                 lm_response = data_blob(pass, passlen);
94         } else if (passlen > 0) {
95                 /* Plaintext mode needed, assume plaintext supplied. */
96                 passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
97                 lm_response = data_blob(pass, passlen);
98         }
99
100         /* send a session setup command */
101         memset(cli->outbuf,'\0',smb_size);
102         cli_set_message(cli->outbuf,10, 0, True);
103         SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
104         cli_setup_packet(cli);
105         
106         SCVAL(cli->outbuf,smb_vwv0,0xFF);
107         SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
108         SSVAL(cli->outbuf,smb_vwv3,2);
109         SSVAL(cli->outbuf,smb_vwv4,1);
110         SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
111         SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
112
113         p = smb_buf(cli->outbuf);
114         memcpy(p,lm_response.data,lm_response.length);
115         p += lm_response.length;
116         p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER);
117         p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
118         p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
119         p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
120         cli_setup_bcc(cli, p);
121
122         if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
123                 return cli_nt_error(cli);
124         }
125
126         show_msg(cli->inbuf);
127
128         if (cli_is_error(cli)) {
129                 return cli_nt_error(cli);
130         }
131         
132         /* use the returned vuid from now on */
133         cli->vuid = SVAL(cli->inbuf,smb_uid);   
134         status = cli_set_username(cli, user);
135         if (!NT_STATUS_IS_OK(status)) {
136                 return status;
137         }
138
139         if (session_key.data) {
140                 /* Have plaintext orginal */
141                 cli_set_session_key(cli, session_key);
142         }
143
144         return NT_STATUS_OK;
145 }
146
147 /****************************************************************************
148  Work out suitable capabilities to offer the server.
149 ****************************************************************************/
150
151 static uint32 cli_session_setup_capabilities(struct cli_state *cli)
152 {
153         uint32 capabilities = CAP_NT_SMBS;
154
155         if (!cli->force_dos_errors)
156                 capabilities |= CAP_STATUS32;
157
158         if (cli->use_level_II_oplocks)
159                 capabilities |= CAP_LEVEL_II_OPLOCKS;
160
161         capabilities |= (cli->capabilities & (CAP_UNICODE|CAP_LARGE_FILES|CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_DFS));
162         return capabilities;
163 }
164
165 /****************************************************************************
166  Do a NT1 guest session setup.
167 ****************************************************************************/
168
169 struct cli_session_setup_guest_state {
170         struct cli_state *cli;
171         uint16_t vwv[16];
172         struct iovec bytes;
173 };
174
175 static void cli_session_setup_guest_done(struct tevent_req *subreq);
176
177 struct tevent_req *cli_session_setup_guest_create(TALLOC_CTX *mem_ctx,
178                                                   struct event_context *ev,
179                                                   struct cli_state *cli,
180                                                   struct tevent_req **psmbreq)
181 {
182         struct tevent_req *req, *subreq;
183         struct cli_session_setup_guest_state *state;
184         uint16_t *vwv;
185         uint8_t *bytes;
186
187         req = tevent_req_create(mem_ctx, &state,
188                                 struct cli_session_setup_guest_state);
189         if (req == NULL) {
190                 return NULL;
191         }
192         state->cli = cli;
193         vwv = state->vwv;
194
195         SCVAL(vwv+0, 0, 0xFF);
196         SCVAL(vwv+0, 1, 0);
197         SSVAL(vwv+1, 0, 0);
198         SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
199         SSVAL(vwv+3, 0, 2);
200         SSVAL(vwv+4, 0, cli->pid);
201         SIVAL(vwv+5, 0, cli->sesskey);
202         SSVAL(vwv+7, 0, 0);
203         SSVAL(vwv+8, 0, 0);
204         SSVAL(vwv+9, 0, 0);
205         SSVAL(vwv+10, 0, 0);
206         SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
207
208         bytes = talloc_array(state, uint8_t, 0);
209
210         bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "",  1, /* username */
211                                    NULL);
212         bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* workgroup */
213                                    NULL);
214         bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", 5, NULL);
215         bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", 6, NULL);
216
217         if (bytes == NULL) {
218                 TALLOC_FREE(req);
219                 return NULL;
220         }
221
222         state->bytes.iov_base = bytes;
223         state->bytes.iov_len = talloc_get_size(bytes);
224
225         subreq = cli_smb_req_create(state, ev, cli, SMBsesssetupX, 0, 13, vwv,
226                                     1, &state->bytes);
227         if (subreq == NULL) {
228                 TALLOC_FREE(req);
229                 return NULL;
230         }
231         tevent_req_set_callback(subreq, cli_session_setup_guest_done, req);
232         *psmbreq = subreq;
233         return req;
234 }
235
236 struct tevent_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
237                                                 struct event_context *ev,
238                                                 struct cli_state *cli)
239 {
240         struct tevent_req *req, *subreq;
241
242         req = cli_session_setup_guest_create(mem_ctx, ev, cli, &subreq);
243         if ((req == NULL) || !cli_smb_req_send(subreq)) {
244                 TALLOC_FREE(req);
245                 return NULL;
246         }
247         return req;
248 }
249
250 static void cli_session_setup_guest_done(struct tevent_req *subreq)
251 {
252         struct tevent_req *req = tevent_req_callback_data(
253                 subreq, struct tevent_req);
254         struct cli_session_setup_guest_state *state = tevent_req_data(
255                 req, struct cli_session_setup_guest_state);
256         struct cli_state *cli = state->cli;
257         uint32_t num_bytes;
258         char *inbuf;
259         uint8_t *bytes;
260         uint8_t *p;
261         NTSTATUS status;
262
263         status = cli_smb_recv(subreq, 0, NULL, NULL, &num_bytes, &bytes);
264         if (!NT_STATUS_IS_OK(status)) {
265                 TALLOC_FREE(subreq);
266                 tevent_req_nterror(req, status);
267                 return;
268         }
269
270         inbuf = (char *)cli_smb_inbuf(subreq);
271         p = bytes;
272
273         cli->vuid = SVAL(inbuf, smb_uid);
274
275         p += clistr_pull(inbuf, cli->server_os, (char *)p, sizeof(fstring),
276                          bytes+num_bytes-p, STR_TERMINATE);
277         p += clistr_pull(inbuf, cli->server_type, (char *)p, sizeof(fstring),
278                          bytes+num_bytes-p, STR_TERMINATE);
279         p += clistr_pull(inbuf, cli->server_domain, (char *)p, sizeof(fstring),
280                          bytes+num_bytes-p, STR_TERMINATE);
281
282         if (strstr(cli->server_type, "Samba")) {
283                 cli->is_samba = True;
284         }
285
286         TALLOC_FREE(subreq);
287
288         status = cli_set_username(cli, "");
289         if (!NT_STATUS_IS_OK(status)) {
290                 tevent_req_nterror(req, status);
291                 return;
292         }
293         tevent_req_done(req);
294 }
295
296 NTSTATUS cli_session_setup_guest_recv(struct tevent_req *req)
297 {
298         return tevent_req_simple_recv_ntstatus(req);
299 }
300
301 static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
302 {
303         TALLOC_CTX *frame = talloc_stackframe();
304         struct event_context *ev;
305         struct tevent_req *req;
306         NTSTATUS status = NT_STATUS_OK;
307
308         if (cli_has_async_calls(cli)) {
309                 /*
310                  * Can't use sync call while an async call is in flight
311                  */
312                 status = NT_STATUS_INVALID_PARAMETER;
313                 goto fail;
314         }
315
316         ev = event_context_init(frame);
317         if (ev == NULL) {
318                 status = NT_STATUS_NO_MEMORY;
319                 goto fail;
320         }
321
322         req = cli_session_setup_guest_send(frame, ev, cli);
323         if (req == NULL) {
324                 status = NT_STATUS_NO_MEMORY;
325                 goto fail;
326         }
327
328         if (!tevent_req_poll(req, ev)) {
329                 status = map_nt_error_from_unix(errno);
330                 goto fail;
331         }
332
333         status = cli_session_setup_guest_recv(req);
334  fail:
335         TALLOC_FREE(frame);
336         if (!NT_STATUS_IS_OK(status)) {
337                 cli_set_error(cli, status);
338         }
339         return status;
340 }
341
342 /****************************************************************************
343  Do a NT1 plaintext session setup.
344 ****************************************************************************/
345
346 static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
347                                             const char *user, const char *pass,
348                                             const char *workgroup)
349 {
350         uint32 capabilities = cli_session_setup_capabilities(cli);
351         char *p;
352         NTSTATUS status;
353         fstring lanman;
354         
355         fstr_sprintf( lanman, "Samba %s", samba_version_string());
356
357         memset(cli->outbuf, '\0', smb_size);
358         cli_set_message(cli->outbuf,13,0,True);
359         SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
360         cli_setup_packet(cli);
361                         
362         SCVAL(cli->outbuf,smb_vwv0,0xFF);
363         SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
364         SSVAL(cli->outbuf,smb_vwv3,2);
365         SSVAL(cli->outbuf,smb_vwv4,cli->pid);
366         SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
367         SSVAL(cli->outbuf,smb_vwv8,0);
368         SIVAL(cli->outbuf,smb_vwv11,capabilities); 
369         p = smb_buf(cli->outbuf);
370         
371         /* check wether to send the ASCII or UNICODE version of the password */
372         
373         if ( (capabilities & CAP_UNICODE) == 0 ) {
374                 p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
375                 SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
376         }
377         else {
378                 /* For ucs2 passwords clistr_push calls ucs2_align, which causes
379                  * the space taken by the unicode password to be one byte too
380                  * long (as we're on an odd byte boundary here). Reduce the
381                  * count by 1 to cope with this. Fixes smbclient against NetApp
382                  * servers which can't cope. Fix from
383                  * bryan.kolodziej@allenlund.com in bug #3840.
384                  */
385                 p += clistr_push(cli, p, pass, -1, STR_UNICODE|STR_TERMINATE); /* unicode password */
386                 SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf))-1);        
387         }
388         
389         p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
390         p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
391         p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
392         p += clistr_push(cli, p, lanman, -1, STR_TERMINATE);
393         cli_setup_bcc(cli, p);
394
395         if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
396                 return cli_nt_error(cli);
397         }
398         
399         show_msg(cli->inbuf);
400         
401         if (cli_is_error(cli)) {
402                 return cli_nt_error(cli);
403         }
404
405         cli->vuid = SVAL(cli->inbuf,smb_uid);
406         p = smb_buf(cli->inbuf);
407         p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
408                          -1, STR_TERMINATE);
409         p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
410                          -1, STR_TERMINATE);
411         p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
412                          -1, STR_TERMINATE);
413         status = cli_set_username(cli, user);
414         if (!NT_STATUS_IS_OK(status)) {
415                 return status;
416         }
417         if (strstr(cli->server_type, "Samba")) {
418                 cli->is_samba = True;
419         }
420
421         return NT_STATUS_OK;
422 }
423
424 /****************************************************************************
425    do a NT1 NTLM/LM encrypted session setup - for when extended security
426    is not negotiated.
427    @param cli client state to create do session setup on
428    @param user username
429    @param pass *either* cleartext password (passlen !=24) or LM response.
430    @param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
431    @param workgroup The user's domain.
432 ****************************************************************************/
433
434 static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, 
435                                       const char *pass, size_t passlen,
436                                       const char *ntpass, size_t ntpasslen,
437                                       const char *workgroup)
438 {
439         uint32 capabilities = cli_session_setup_capabilities(cli);
440         DATA_BLOB lm_response = data_blob_null;
441         DATA_BLOB nt_response = data_blob_null;
442         DATA_BLOB session_key = data_blob_null;
443         NTSTATUS result;
444         char *p;
445         bool ok;
446
447         if (passlen == 0) {
448                 /* do nothing - guest login */
449         } else if (passlen != 24) {
450                 if (lp_client_ntlmv2_auth()) {
451                         DATA_BLOB server_chal;
452                         DATA_BLOB names_blob;
453                         server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8)); 
454
455                         /* note that the 'workgroup' here is a best guess - we don't know
456                            the server's domain at this point.  The 'server name' is also
457                            dodgy... 
458                         */
459                         names_blob = NTLMv2_generate_names_blob(NULL, cli->called.name, workgroup);
460
461                         if (!SMBNTLMv2encrypt(NULL, user, workgroup, pass, &server_chal, 
462                                               &names_blob,
463                                               &lm_response, &nt_response, NULL, &session_key)) {
464                                 data_blob_free(&names_blob);
465                                 data_blob_free(&server_chal);
466                                 return NT_STATUS_ACCESS_DENIED;
467                         }
468                         data_blob_free(&names_blob);
469                         data_blob_free(&server_chal);
470
471                 } else {
472                         uchar nt_hash[16];
473                         E_md4hash(pass, nt_hash);
474
475 #ifdef LANMAN_ONLY
476                         nt_response = data_blob_null;
477 #else
478                         nt_response = data_blob(NULL, 24);
479                         SMBNTencrypt(pass,cli->secblob.data,nt_response.data);
480 #endif
481                         /* non encrypted password supplied. Ignore ntpass. */
482                         if (lp_client_lanman_auth()) {
483                                 lm_response = data_blob(NULL, 24);
484                                 if (!SMBencrypt(pass,cli->secblob.data, lm_response.data)) {
485                                         /* Oops, the LM response is invalid, just put 
486                                            the NT response there instead */
487                                         data_blob_free(&lm_response);
488                                         lm_response = data_blob(nt_response.data, nt_response.length);
489                                 }
490                         } else {
491                                 /* LM disabled, place NT# in LM field instead */
492                                 lm_response = data_blob(nt_response.data, nt_response.length);
493                         }
494
495                         session_key = data_blob(NULL, 16);
496 #ifdef LANMAN_ONLY
497                         E_deshash(pass, session_key.data);
498                         memset(&session_key.data[8], '\0', 8);
499 #else
500                         SMBsesskeygen_ntv1(nt_hash, session_key.data);
501 #endif
502                 }
503                 cli_temp_set_signing(cli);
504         } else {
505                 /* pre-encrypted password supplied.  Only used for 
506                    security=server, can't do
507                    signing because we don't have original key */
508
509                 lm_response = data_blob(pass, passlen);
510                 nt_response = data_blob(ntpass, ntpasslen);
511         }
512
513         /* send a session setup command */
514         memset(cli->outbuf,'\0',smb_size);
515
516         cli_set_message(cli->outbuf,13,0,True);
517         SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
518         cli_setup_packet(cli);
519                         
520         SCVAL(cli->outbuf,smb_vwv0,0xFF);
521         SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
522         SSVAL(cli->outbuf,smb_vwv3,2);
523         SSVAL(cli->outbuf,smb_vwv4,cli->pid);
524         SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
525         SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
526         SSVAL(cli->outbuf,smb_vwv8,nt_response.length);
527         SIVAL(cli->outbuf,smb_vwv11,capabilities); 
528         p = smb_buf(cli->outbuf);
529         if (lm_response.length) {
530                 memcpy(p,lm_response.data, lm_response.length); p += lm_response.length;
531         }
532         if (nt_response.length) {
533                 memcpy(p,nt_response.data, nt_response.length); p += nt_response.length;
534         }
535         p += clistr_push(cli, p, user, -1, STR_TERMINATE);
536
537         /* Upper case here might help some NTLMv2 implementations */
538         p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
539         p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
540         p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
541         cli_setup_bcc(cli, p);
542
543         if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
544                 result = cli_nt_error(cli);
545                 goto end;
546         }
547
548         /* show_msg(cli->inbuf); */
549
550         if (cli_is_error(cli)) {
551                 result = cli_nt_error(cli);
552                 goto end;
553         }
554
555 #ifdef LANMAN_ONLY
556         ok = cli_simple_set_signing(cli, session_key, lm_response);
557 #else
558         ok = cli_simple_set_signing(cli, session_key, nt_response);
559 #endif
560         if (ok) {
561                 if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
562                         result = NT_STATUS_ACCESS_DENIED;
563                         goto end;
564                 }
565         }
566
567         /* use the returned vuid from now on */
568         cli->vuid = SVAL(cli->inbuf,smb_uid);
569         
570         p = smb_buf(cli->inbuf);
571         p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
572                          -1, STR_TERMINATE);
573         p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
574                          -1, STR_TERMINATE);
575         p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
576                          -1, STR_TERMINATE);
577
578         if (strstr(cli->server_type, "Samba")) {
579                 cli->is_samba = True;
580         }
581
582         result = cli_set_username(cli, user);
583         if (!NT_STATUS_IS_OK(result)) {
584                 goto end;
585         }
586
587         if (session_key.data) {
588                 /* Have plaintext orginal */
589                 cli_set_session_key(cli, session_key);
590         }
591
592         result = NT_STATUS_OK;
593 end:    
594         data_blob_free(&lm_response);
595         data_blob_free(&nt_response);
596         data_blob_free(&session_key);
597         return result;
598 }
599
600 /****************************************************************************
601  Send a extended security session setup blob
602 ****************************************************************************/
603
604 static bool cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
605 {
606         uint32 capabilities = cli_session_setup_capabilities(cli);
607         char *p;
608
609         capabilities |= CAP_EXTENDED_SECURITY;
610
611         /* send a session setup command */
612         memset(cli->outbuf,'\0',smb_size);
613
614         cli_set_message(cli->outbuf,12,0,True);
615         SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
616
617         cli_setup_packet(cli);
618
619         SCVAL(cli->outbuf,smb_vwv0,0xFF);
620         SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
621         SSVAL(cli->outbuf,smb_vwv3,2);
622         SSVAL(cli->outbuf,smb_vwv4,1);
623         SIVAL(cli->outbuf,smb_vwv5,0);
624         SSVAL(cli->outbuf,smb_vwv7,blob.length);
625         SIVAL(cli->outbuf,smb_vwv10,capabilities); 
626         p = smb_buf(cli->outbuf);
627         memcpy(p, blob.data, blob.length);
628         p += blob.length;
629         p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
630         p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
631         cli_setup_bcc(cli, p);
632         return cli_send_smb(cli);
633 }
634
635 /****************************************************************************
636  Send a extended security session setup blob, returning a reply blob.
637 ****************************************************************************/
638
639 static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
640 {
641         DATA_BLOB blob2 = data_blob_null;
642         char *p;
643         size_t len;
644
645         if (!cli_receive_smb(cli))
646                 return blob2;
647
648         show_msg(cli->inbuf);
649
650         if (cli_is_error(cli) && !NT_STATUS_EQUAL(cli_nt_error(cli),
651                                                   NT_STATUS_MORE_PROCESSING_REQUIRED)) {
652                 return blob2;
653         }
654
655         /* use the returned vuid from now on */
656         cli->vuid = SVAL(cli->inbuf,smb_uid);
657
658         p = smb_buf(cli->inbuf);
659
660         blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
661
662         p += blob2.length;
663         p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
664                          -1, STR_TERMINATE);
665
666         /* w2k with kerberos doesn't properly null terminate this field */
667         len = smb_bufrem(cli->inbuf, p);
668         p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
669                          len, 0);
670
671         return blob2;
672 }
673
674 #ifdef HAVE_KRB5
675 /****************************************************************************
676  Send a extended security session setup blob, returning a reply blob.
677 ****************************************************************************/
678
679 /* The following is calculated from :
680  * (smb_size-4) = 35
681  * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
682  * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
683  * end of packet.
684  */
685
686 #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
687
688 static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
689 {
690         int32 remaining = blob.length;
691         int32 cur = 0;
692         DATA_BLOB send_blob = data_blob_null;
693         int32 max_blob_size = 0;
694         DATA_BLOB receive_blob = data_blob_null;
695
696         if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
697                 DEBUG(0,("cli_session_setup_blob: cli->max_xmit too small "
698                         "(was %u, need minimum %u)\n",
699                         (unsigned int)cli->max_xmit,
700                         BASE_SESSSETUP_BLOB_PACKET_SIZE));
701                 cli_set_nt_error(cli, NT_STATUS_INVALID_PARAMETER);
702                 return False;
703         }
704
705         max_blob_size = cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE;
706
707         while ( remaining > 0) {
708                 if (remaining >= max_blob_size) {
709                         send_blob.length = max_blob_size;
710                         remaining -= max_blob_size;
711                 } else {
712                         send_blob.length = remaining; 
713                         remaining = 0;
714                 }
715
716                 send_blob.data =  &blob.data[cur];
717                 cur += send_blob.length;
718
719                 DEBUG(10, ("cli_session_setup_blob: Remaining (%u) sending (%u) current (%u)\n", 
720                         (unsigned int)remaining,
721                         (unsigned int)send_blob.length,
722                         (unsigned int)cur ));
723
724                 if (!cli_session_setup_blob_send(cli, send_blob)) {
725                         DEBUG(0, ("cli_session_setup_blob: send failed\n"));
726                         return False;
727                 }
728
729                 receive_blob = cli_session_setup_blob_receive(cli);
730                 data_blob_free(&receive_blob);
731
732                 if (cli_is_error(cli) &&
733                                 !NT_STATUS_EQUAL( cli_get_nt_error(cli), 
734                                         NT_STATUS_MORE_PROCESSING_REQUIRED)) {
735                         DEBUG(0, ("cli_session_setup_blob: receive failed "
736                                   "(%s)\n", nt_errstr(cli_get_nt_error(cli))));
737                         cli->vuid = 0;
738                         return False;
739                 }
740         }
741
742         return True;
743 }
744
745 /****************************************************************************
746  Use in-memory credentials cache
747 ****************************************************************************/
748
749 static void use_in_memory_ccache(void) {
750         setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
751 }
752
753 /****************************************************************************
754  Do a spnego/kerberos encrypted session setup.
755 ****************************************************************************/
756
757 static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *principal, const char *workgroup)
758 {
759         DATA_BLOB negTokenTarg;
760         DATA_BLOB session_key_krb5;
761         NTSTATUS nt_status;
762         int rc;
763
764         cli_temp_set_signing(cli);
765
766         DEBUG(2,("Doing kerberos session setup\n"));
767
768         /* generate the encapsulated kerberos5 ticket */
769         rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5, 0, NULL);
770
771         if (rc) {
772                 DEBUG(1, ("cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: %s\n",
773                         error_message(rc)));
774                 return ADS_ERROR_KRB5(rc);
775         }
776
777 #if 0
778         file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
779 #endif
780
781         if (!cli_session_setup_blob(cli, negTokenTarg)) {
782                 nt_status = cli_nt_error(cli);
783                 goto nt_error;
784         }
785
786         if (cli_is_error(cli)) {
787                 nt_status = cli_nt_error(cli);
788                 if (NT_STATUS_IS_OK(nt_status)) {
789                         nt_status = NT_STATUS_UNSUCCESSFUL;
790                 }
791                 goto nt_error;
792         }
793
794         cli_set_session_key(cli, session_key_krb5);
795
796         if (cli_simple_set_signing(
797                     cli, session_key_krb5, data_blob_null)) {
798
799                 if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
800                         nt_status = NT_STATUS_ACCESS_DENIED;
801                         goto nt_error;
802                 }
803         }
804
805         data_blob_free(&negTokenTarg);
806         data_blob_free(&session_key_krb5);
807
808         return ADS_ERROR_NT(NT_STATUS_OK);
809
810 nt_error:
811         data_blob_free(&negTokenTarg);
812         data_blob_free(&session_key_krb5);
813         cli->vuid = 0;
814         return ADS_ERROR_NT(nt_status);
815 }
816 #endif  /* HAVE_KRB5 */
817
818
819 /****************************************************************************
820  Do a spnego/NTLMSSP encrypted session setup.
821 ****************************************************************************/
822
823 static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *user, 
824                                           const char *pass, const char *domain)
825 {
826         struct ntlmssp_state *ntlmssp_state;
827         NTSTATUS nt_status;
828         int turn = 1;
829         DATA_BLOB msg1;
830         DATA_BLOB blob = data_blob_null;
831         DATA_BLOB blob_in = data_blob_null;
832         DATA_BLOB blob_out = data_blob_null;
833
834         cli_temp_set_signing(cli);
835
836         if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
837                 return nt_status;
838         }
839         ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
840
841         if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
842                 return nt_status;
843         }
844         if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
845                 return nt_status;
846         }
847         if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, pass))) {
848                 return nt_status;
849         }
850
851         do {
852                 nt_status = ntlmssp_update(ntlmssp_state, 
853                                                   blob_in, &blob_out);
854                 data_blob_free(&blob_in);
855                 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(nt_status)) {
856                         if (turn == 1) {
857                                 /* and wrap it in a SPNEGO wrapper */
858                                 msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
859                         } else {
860                                 /* wrap it in SPNEGO */
861                                 msg1 = spnego_gen_auth(blob_out);
862                         }
863
864                         /* now send that blob on its way */
865                         if (!cli_session_setup_blob_send(cli, msg1)) {
866                                 DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n"));
867                                 nt_status = NT_STATUS_UNSUCCESSFUL;
868                         } else {
869                                 blob = cli_session_setup_blob_receive(cli);
870
871                                 nt_status = cli_nt_error(cli);
872                                 if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) {
873                                         if (cli->smb_rw_error == SMB_READ_BAD_SIG) {
874                                                 nt_status = NT_STATUS_ACCESS_DENIED;
875                                         } else {
876                                                 nt_status = NT_STATUS_UNSUCCESSFUL;
877                                         }
878                                 }
879                         }
880                         data_blob_free(&msg1);
881                 }
882
883                 if (!blob.length) {
884                         if (NT_STATUS_IS_OK(nt_status)) {
885                                 nt_status = NT_STATUS_UNSUCCESSFUL;
886                         }
887                 } else if ((turn == 1) && 
888                            NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
889                         DATA_BLOB tmp_blob = data_blob_null;
890                         /* the server might give us back two challenges */
891                         if (!spnego_parse_challenge(blob, &blob_in, 
892                                                     &tmp_blob)) {
893                                 DEBUG(3,("Failed to parse challenges\n"));
894                                 nt_status = NT_STATUS_INVALID_PARAMETER;
895                         }
896                         data_blob_free(&tmp_blob);
897                 } else {
898                         if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP, 
899                                                         &blob_in)) {
900                                 DEBUG(3,("Failed to parse auth response\n"));
901                                 if (NT_STATUS_IS_OK(nt_status) 
902                                     || NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) 
903                                         nt_status = NT_STATUS_INVALID_PARAMETER;
904                         }
905                 }
906                 data_blob_free(&blob);
907                 data_blob_free(&blob_out);
908                 turn++;
909         } while (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED));
910
911         data_blob_free(&blob_in);
912
913         if (NT_STATUS_IS_OK(nt_status)) {
914
915                 fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
916                 cli_set_session_key(cli, ntlmssp_state->session_key);
917
918                 if (cli_simple_set_signing(
919                             cli, ntlmssp_state->session_key, data_blob_null)) {
920
921                         if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
922                                 nt_status = NT_STATUS_ACCESS_DENIED;
923                         }
924                 }
925         }
926
927         /* we have a reference conter on ntlmssp_state, if we are signing
928            then the state will be kept by the signing engine */
929
930         ntlmssp_end(&ntlmssp_state);
931
932         if (!NT_STATUS_IS_OK(nt_status)) {
933                 cli->vuid = 0;
934         }
935         return nt_status;
936 }
937
938 /****************************************************************************
939  Do a spnego encrypted session setup.
940
941  user_domain: The shortname of the domain the user/machine is a member of.
942  dest_realm: The realm we're connecting to, if NULL we use our default realm.
943 ****************************************************************************/
944
945 ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, 
946                               const char *pass, const char *user_domain,
947                               const char * dest_realm)
948 {
949         char *principal = NULL;
950         char *OIDs[ASN1_MAX_OIDS];
951         int i;
952         DATA_BLOB blob;
953         const char *p = NULL;
954         char *account = NULL;
955         NTSTATUS status;
956
957         DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
958
959         /* the server might not even do spnego */
960         if (cli->secblob.length <= 16) {
961                 DEBUG(3,("server didn't supply a full spnego negprot\n"));
962                 goto ntlmssp;
963         }
964
965 #if 0
966         file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
967 #endif
968
969         /* there is 16 bytes of GUID before the real spnego packet starts */
970         blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
971
972         /* The server sent us the first part of the SPNEGO exchange in the
973          * negprot reply. It is WRONG to depend on the principal sent in the
974          * negprot reply, but right now we do it. If we don't receive one,
975          * we try to best guess, then fall back to NTLM.  */
976         if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
977                 data_blob_free(&blob);
978                 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
979         }
980         data_blob_free(&blob);
981
982         /* make sure the server understands kerberos */
983         for (i=0;OIDs[i];i++) {
984                 DEBUG(3,("got OID=%s\n", OIDs[i]));
985                 if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
986                     strcmp(OIDs[i], OID_KERBEROS5) == 0) {
987                         cli->got_kerberos_mechanism = True;
988                 }
989                 talloc_free(OIDs[i]);
990         }
991
992         DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
993
994         status = cli_set_username(cli, user);
995         if (!NT_STATUS_IS_OK(status)) {
996                 return ADS_ERROR_NT(status);
997         }
998
999 #ifdef HAVE_KRB5
1000         /* If password is set we reauthenticate to kerberos server
1001          * and do not store results */
1002
1003         if (cli->got_kerberos_mechanism && cli->use_kerberos) {
1004                 ADS_STATUS rc;
1005
1006                 if (pass && *pass) {
1007                         int ret;
1008
1009                         use_in_memory_ccache();
1010                         ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
1011
1012                         if (ret){
1013                                 TALLOC_FREE(principal);
1014                                 DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
1015                                 if (cli->fallback_after_kerberos)
1016                                         goto ntlmssp;
1017                                 return ADS_ERROR_KRB5(ret);
1018                         }
1019                 }
1020
1021                 /* If we get a bad principal, try to guess it if
1022                    we have a valid host NetBIOS name.
1023                  */
1024                 if (strequal(principal, ADS_IGNORE_PRINCIPAL)) {
1025                         TALLOC_FREE(principal);
1026                 }
1027
1028                 if (principal == NULL &&
1029                         !is_ipaddress(cli->desthost) &&
1030                         !strequal(STAR_SMBSERVER,
1031                                 cli->desthost)) {
1032                         char *realm = NULL;
1033                         char *machine = NULL;
1034                         char *host = NULL;
1035                         DEBUG(3,("cli_session_setup_spnego: got a "
1036                                 "bad server principal, trying to guess ...\n"));
1037
1038                         host = strchr_m(cli->desthost, '.');
1039                         if (host) {
1040                                 machine = SMB_STRNDUP(cli->desthost,
1041                                         host - cli->desthost);
1042                         } else {
1043                                 machine = SMB_STRDUP(cli->desthost);
1044                         }
1045                         if (machine == NULL) {
1046                                 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1047                         }
1048
1049                         if (dest_realm) {
1050                                 realm = SMB_STRDUP(dest_realm);
1051                                 strupper_m(realm);
1052                         } else {
1053                                 realm = kerberos_get_default_realm_from_ccache();
1054                         }
1055                         if (realm && *realm) {
1056                                 principal = talloc_asprintf(NULL, "%s$@%s",
1057                                                         machine, realm);
1058                                 if (!principal) {
1059                                         SAFE_FREE(machine);
1060                                         SAFE_FREE(realm);
1061                                         return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1062                                 }
1063                                 DEBUG(3,("cli_session_setup_spnego: guessed "
1064                                         "server principal=%s\n",
1065                                         principal ? principal : "<null>"));
1066                         }
1067                         SAFE_FREE(machine);
1068                         SAFE_FREE(realm);
1069                 }
1070
1071                 if (principal) {
1072                         rc = cli_session_setup_kerberos(cli, principal,
1073                                 dest_realm);
1074                         if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
1075                                 TALLOC_FREE(principal);
1076                                 return rc;
1077                         }
1078                 }
1079         }
1080 #endif
1081
1082         TALLOC_FREE(principal);
1083
1084 ntlmssp:
1085
1086         account = talloc_strdup(talloc_tos(), user);
1087         if (!account) {
1088                 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1089         }
1090
1091         /* when falling back to ntlmssp while authenticating with a machine
1092          * account strip off the realm - gd */
1093
1094         if ((p = strchr_m(user, '@')) != NULL) {
1095                 account[PTR_DIFF(p,user)] = '\0';
1096         }
1097
1098         return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, user_domain));
1099 }
1100
1101 /****************************************************************************
1102  Send a session setup. The username and workgroup is in UNIX character
1103  format and must be converted to DOS codepage format before sending. If the
1104  password is in plaintext, the same should be done.
1105 ****************************************************************************/
1106
1107 NTSTATUS cli_session_setup(struct cli_state *cli,
1108                            const char *user,
1109                            const char *pass, int passlen,
1110                            const char *ntpass, int ntpasslen,
1111                            const char *workgroup)
1112 {
1113         char *p;
1114         fstring user2;
1115
1116         if (user) {
1117                 fstrcpy(user2, user);
1118         } else {
1119                 user2[0] ='\0';
1120         }
1121
1122         if (!workgroup) {
1123                 workgroup = "";
1124         }
1125
1126         /* allow for workgroups as part of the username */
1127         if ((p=strchr_m(user2,'\\')) || (p=strchr_m(user2,'/')) ||
1128             (p=strchr_m(user2,*lp_winbind_separator()))) {
1129                 *p = 0;
1130                 user = p+1;
1131                 workgroup = user2;
1132         }
1133
1134         if (cli->protocol < PROTOCOL_LANMAN1) {
1135                 return NT_STATUS_OK;
1136         }
1137
1138         /* now work out what sort of session setup we are going to
1139            do. I have split this into separate functions to make the
1140            flow a bit easier to understand (tridge) */
1141
1142         /* if its an older server then we have to use the older request format */
1143
1144         if (cli->protocol < PROTOCOL_NT1) {
1145                 if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
1146                         DEBUG(1, ("Server requested LM password but 'client lanman auth'"
1147                                   " is disabled\n"));
1148                         return NT_STATUS_ACCESS_DENIED;
1149                 }
1150
1151                 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
1152                     !lp_client_plaintext_auth() && (*pass)) {
1153                         DEBUG(1, ("Server requested plaintext password but "
1154                                   "'client plaintext auth' is disabled\n"));
1155                         return NT_STATUS_ACCESS_DENIED;
1156                 }
1157
1158                 return cli_session_setup_lanman2(cli, user, pass, passlen,
1159                                                  workgroup);
1160         }
1161
1162         /* if no user is supplied then we have to do an anonymous connection.
1163            passwords are ignored */
1164
1165         if (!user || !*user)
1166                 return cli_session_setup_guest(cli);
1167
1168         /* if the server is share level then send a plaintext null
1169            password at this point. The password is sent in the tree
1170            connect */
1171
1172         if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0) 
1173                 return cli_session_setup_plaintext(cli, user, "", workgroup);
1174
1175         /* if the server doesn't support encryption then we have to use 
1176            plaintext. The second password is ignored */
1177
1178         if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
1179                 if (!lp_client_plaintext_auth() && (*pass)) {
1180                         DEBUG(1, ("Server requested plaintext password but "
1181                                   "'client plaintext auth' is disabled\n"));
1182                         return NT_STATUS_ACCESS_DENIED;
1183                 }
1184                 return cli_session_setup_plaintext(cli, user, pass, workgroup);
1185         }
1186
1187         /* if the server supports extended security then use SPNEGO */
1188
1189         if (cli->capabilities & CAP_EXTENDED_SECURITY) {
1190                 ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
1191                                                              workgroup, NULL);
1192                 if (!ADS_ERR_OK(status)) {
1193                         DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
1194                         return ads_ntstatus(status);
1195                 }
1196         } else {
1197                 NTSTATUS status;
1198
1199                 /* otherwise do a NT1 style session setup */
1200                 status = cli_session_setup_nt1(cli, user, pass, passlen,
1201                                                ntpass, ntpasslen, workgroup);
1202                 if (!NT_STATUS_IS_OK(status)) {
1203                         DEBUG(3,("cli_session_setup: NT1 session setup "
1204                                  "failed: %s\n", nt_errstr(status)));
1205                         return status;
1206                 }
1207         }
1208
1209         if (strstr(cli->server_type, "Samba")) {
1210                 cli->is_samba = True;
1211         }
1212
1213         return NT_STATUS_OK;
1214 }
1215
1216 /****************************************************************************
1217  Send a uloggoff.
1218 *****************************************************************************/
1219
1220 bool cli_ulogoff(struct cli_state *cli)
1221 {
1222         memset(cli->outbuf,'\0',smb_size);
1223         cli_set_message(cli->outbuf,2,0,True);
1224         SCVAL(cli->outbuf,smb_com,SMBulogoffX);
1225         cli_setup_packet(cli);
1226         SSVAL(cli->outbuf,smb_vwv0,0xFF);
1227         SSVAL(cli->outbuf,smb_vwv2,0);  /* no additional info */
1228
1229         cli_send_smb(cli);
1230         if (!cli_receive_smb(cli))
1231                 return False;
1232
1233         if (cli_is_error(cli)) {
1234                 return False;
1235         }
1236
1237         cli->vuid = -1;
1238         return True;
1239 }
1240
1241 /****************************************************************************
1242  Send a tconX.
1243 ****************************************************************************/
1244
1245 struct cli_tcon_andx_state {
1246         struct cli_state *cli;
1247         uint16_t vwv[4];
1248 };
1249
1250 static void cli_tcon_andx_done(struct tevent_req *subreq);
1251
1252 struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
1253                                       struct event_context *ev,
1254                                       struct cli_state *cli,
1255                                       const char *share, const char *dev,
1256                                       const char *pass, int passlen)
1257 {
1258         struct tevent_req *req, *subreq;
1259         struct cli_tcon_andx_state *state;
1260         fstring pword;
1261         uint16_t *vwv;
1262         char *tmp = NULL;
1263         uint8_t *bytes;
1264
1265         req = tevent_req_create(mem_ctx, &state, struct cli_tcon_andx_state);
1266         if (req == NULL) {
1267                 return NULL;
1268         }
1269         state->cli = cli;
1270         vwv = state->vwv;
1271
1272         fstrcpy(cli->share, share);
1273
1274         /* in user level security don't send a password now */
1275         if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
1276                 passlen = 1;
1277                 pass = "";
1278         } else if (pass == NULL) {
1279                 DEBUG(1, ("Server not using user level security and no "
1280                           "password supplied.\n"));
1281                 goto access_denied;
1282         }
1283
1284         if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
1285             *pass && passlen != 24) {
1286                 if (!lp_client_lanman_auth()) {
1287                         DEBUG(1, ("Server requested LANMAN password "
1288                                   "(share-level security) but "
1289                                   "'client lanman auth' is disabled\n"));
1290                         goto access_denied;
1291                 }
1292
1293                 /*
1294                  * Non-encrypted passwords - convert to DOS codepage before
1295                  * encryption.
1296                  */
1297                 passlen = 24;
1298                 SMBencrypt(pass, cli->secblob.data, (uchar *)pword);
1299         } else {
1300                 if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL
1301                                      |NEGOTIATE_SECURITY_CHALLENGE_RESPONSE))
1302                    == 0) {
1303                         if (!lp_client_plaintext_auth() && (*pass)) {
1304                                 DEBUG(1, ("Server requested plaintext "
1305                                           "password but 'client plaintext "
1306                                           "auth' is disabled\n"));
1307                                 goto access_denied;
1308                         }
1309
1310                         /*
1311                          * Non-encrypted passwords - convert to DOS codepage
1312                          * before using.
1313                          */
1314                         passlen = clistr_push(cli, pword, pass, sizeof(pword),
1315                                               STR_TERMINATE);
1316                         if (passlen == -1) {
1317                                 DEBUG(1, ("clistr_push(pword) failed\n"));
1318                                 goto access_denied;
1319                         }
1320                 } else {
1321                         if (passlen) {
1322                                 memcpy(pword, pass, passlen);
1323                         }
1324                 }
1325         }
1326
1327         SCVAL(vwv+0, 0, 0xFF);
1328         SCVAL(vwv+0, 1, 0);
1329         SSVAL(vwv+1, 0, 0);
1330         SSVAL(vwv+2, 0, TCONX_FLAG_EXTENDED_RESPONSE);
1331         SSVAL(vwv+3, 0, passlen);
1332
1333         if (passlen) {
1334                 bytes = (uint8_t *)talloc_memdup(state, pword, passlen);
1335         } else {
1336                 bytes = talloc_array(state, uint8_t, 0);
1337         }
1338
1339         /*
1340          * Add the sharename
1341          */
1342         tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s",
1343                                          cli->desthost, share);
1344         if (tevent_req_nomem(tmp, req)) {
1345                 return tevent_req_post(req, ev);
1346         }
1347         bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), tmp, strlen(tmp)+1,
1348                                    NULL);
1349         TALLOC_FREE(tmp);
1350
1351         /*
1352          * Add the devicetype
1353          */
1354         tmp = talloc_strdup_upper(talloc_tos(), dev);
1355         if (tevent_req_nomem(tmp, req)) {
1356                 return tevent_req_post(req, ev);
1357         }
1358         bytes = smb_bytes_push_str(bytes, false, tmp, strlen(tmp)+1, NULL);
1359         TALLOC_FREE(tmp);
1360
1361         if (tevent_req_nomem(bytes, req)) {
1362                 return tevent_req_post(req, ev);
1363         }
1364
1365         subreq = cli_smb_send(state, ev, cli, SMBtconX, 0, 4, vwv,
1366                               talloc_get_size(bytes), bytes);
1367         if (tevent_req_nomem(subreq, req)) {
1368                 return tevent_req_post(req, ev);
1369         }
1370         tevent_req_set_callback(subreq, cli_tcon_andx_done, req);
1371         return req;
1372
1373  access_denied:
1374         tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
1375         return tevent_req_post(req, ev);
1376 }
1377
1378 static void cli_tcon_andx_done(struct tevent_req *subreq)
1379 {
1380         struct tevent_req *req = tevent_req_callback_data(
1381                 subreq, struct tevent_req);
1382         struct cli_tcon_andx_state *state = tevent_req_data(
1383                 req, struct cli_tcon_andx_state);
1384         struct cli_state *cli = state->cli;
1385         char *inbuf = (char *)cli_smb_inbuf(subreq);
1386         uint8_t wct;
1387         uint16_t *vwv;
1388         uint32_t num_bytes;
1389         uint8_t *bytes;
1390         NTSTATUS status;
1391
1392         status = cli_smb_recv(subreq, 0, &wct, &vwv, &num_bytes, &bytes);
1393         if (!NT_STATUS_IS_OK(status)) {
1394                 TALLOC_FREE(subreq);
1395                 tevent_req_nterror(req, status);
1396                 return;
1397         }
1398
1399         clistr_pull(inbuf, cli->dev, bytes, sizeof(fstring), num_bytes,
1400                     STR_TERMINATE|STR_ASCII);
1401
1402         if ((cli->protocol >= PROTOCOL_NT1) && (num_bytes == 3)) {
1403                 /* almost certainly win95 - enable bug fixes */
1404                 cli->win95 = True;
1405         }
1406
1407         /*
1408          * Make sure that we have the optional support 16-bit field. WCT > 2.
1409          * Avoids issues when connecting to Win9x boxes sharing files
1410          */
1411
1412         cli->dfsroot = false;
1413
1414         if ((wct > 2) && (cli->protocol >= PROTOCOL_LANMAN2)) {
1415                 cli->dfsroot = ((SVAL(vwv+2, 0) & SMB_SHARE_IN_DFS) != 0);
1416         }
1417
1418         cli->cnum = SVAL(inbuf,smb_tid);
1419         tevent_req_done(req);
1420 }
1421
1422 NTSTATUS cli_tcon_andx_recv(struct tevent_req *req)
1423 {
1424         return tevent_req_simple_recv_ntstatus(req);
1425 }
1426
1427 NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
1428                        const char *dev, const char *pass, int passlen)
1429 {
1430         TALLOC_CTX *frame = talloc_stackframe();
1431         struct event_context *ev;
1432         struct tevent_req *req;
1433         NTSTATUS status = NT_STATUS_OK;
1434
1435         if (cli_has_async_calls(cli)) {
1436                 /*
1437                  * Can't use sync call while an async call is in flight
1438                  */
1439                 status = NT_STATUS_INVALID_PARAMETER;
1440                 goto fail;
1441         }
1442
1443         ev = event_context_init(frame);
1444         if (ev == NULL) {
1445                 status = NT_STATUS_NO_MEMORY;
1446                 goto fail;
1447         }
1448
1449         req = cli_tcon_andx_send(frame, ev, cli, share, dev, pass, passlen);
1450         if (req == NULL) {
1451                 status = NT_STATUS_NO_MEMORY;
1452                 goto fail;
1453         }
1454
1455         if (!tevent_req_poll(req, ev)) {
1456                 status = map_nt_error_from_unix(errno);
1457                 goto fail;
1458         }
1459
1460         status = cli_tcon_andx_recv(req);
1461  fail:
1462         TALLOC_FREE(frame);
1463         if (!NT_STATUS_IS_OK(status)) {
1464                 cli_set_error(cli, status);
1465         }
1466         return status;
1467 }
1468
1469 /****************************************************************************
1470  Send a tree disconnect.
1471 ****************************************************************************/
1472
1473 bool cli_tdis(struct cli_state *cli)
1474 {
1475         memset(cli->outbuf,'\0',smb_size);
1476         cli_set_message(cli->outbuf,0,0,True);
1477         SCVAL(cli->outbuf,smb_com,SMBtdis);
1478         SSVAL(cli->outbuf,smb_tid,cli->cnum);
1479         cli_setup_packet(cli);
1480
1481         cli_send_smb(cli);
1482         if (!cli_receive_smb(cli))
1483                 return False;
1484
1485         if (cli_is_error(cli)) {
1486                 return False;
1487         }
1488
1489         cli->cnum = -1;
1490         return True;
1491 }
1492
1493 /****************************************************************************
1494  Send a negprot command.
1495 ****************************************************************************/
1496
1497 void cli_negprot_sendsync(struct cli_state *cli)
1498 {
1499         char *p;
1500         int numprots;
1501
1502         if (cli->protocol < PROTOCOL_NT1)
1503                 cli->use_spnego = False;
1504
1505         memset(cli->outbuf,'\0',smb_size);
1506
1507         /* setup the protocol strings */
1508         cli_set_message(cli->outbuf,0,0,True);
1509
1510         p = smb_buf(cli->outbuf);
1511         for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
1512                 if (prots[numprots].prot > cli->protocol) {
1513                         break;
1514                 }
1515                 *p++ = 2;
1516                 p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1517         }
1518
1519         SCVAL(cli->outbuf,smb_com,SMBnegprot);
1520         cli_setup_bcc(cli, p);
1521         cli_setup_packet(cli);
1522
1523         SCVAL(smb_buf(cli->outbuf),0,2);
1524
1525         cli_send_smb(cli);
1526 }
1527
1528 /****************************************************************************
1529  Send a negprot command.
1530 ****************************************************************************/
1531
1532 struct cli_negprot_state {
1533         struct cli_state *cli;
1534 };
1535
1536 static void cli_negprot_done(struct tevent_req *subreq);
1537
1538 struct tevent_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
1539                                     struct event_context *ev,
1540                                     struct cli_state *cli)
1541 {
1542         struct tevent_req *req, *subreq;
1543         struct cli_negprot_state *state;
1544         uint8_t *bytes = NULL;
1545         int numprots;
1546
1547         req = tevent_req_create(mem_ctx, &state, struct cli_negprot_state);
1548         if (req == NULL) {
1549                 return NULL;
1550         }
1551         state->cli = cli;
1552
1553         if (cli->protocol < PROTOCOL_NT1)
1554                 cli->use_spnego = False;
1555
1556         /* setup the protocol strings */
1557         for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
1558                 uint8_t c = 2;
1559                 if (prots[numprots].prot > cli->protocol) {
1560                         break;
1561                 }
1562                 bytes = (uint8_t *)talloc_append_blob(
1563                         state, bytes, data_blob_const(&c, sizeof(c)));
1564                 if (tevent_req_nomem(bytes, req)) {
1565                         return tevent_req_post(req, ev);
1566                 }
1567                 bytes = smb_bytes_push_str(bytes, false,
1568                                            prots[numprots].name,
1569                                            strlen(prots[numprots].name)+1,
1570                                            NULL);
1571                 if (tevent_req_nomem(bytes, req)) {
1572                         return tevent_req_post(req, ev);
1573                 }
1574         }
1575
1576         subreq = cli_smb_send(state, ev, cli, SMBnegprot, 0, 0, NULL,
1577                               talloc_get_size(bytes), bytes);
1578         if (tevent_req_nomem(subreq, req)) {
1579                 return tevent_req_post(req, ev);
1580         }
1581         tevent_req_set_callback(subreq, cli_negprot_done, req);
1582         return req;
1583 }
1584
1585 static void cli_negprot_done(struct tevent_req *subreq)
1586 {
1587         struct tevent_req *req = tevent_req_callback_data(
1588                 subreq, struct tevent_req);
1589         struct cli_negprot_state *state = tevent_req_data(
1590                 req, struct cli_negprot_state);
1591         struct cli_state *cli = state->cli;
1592         uint8_t wct;
1593         uint16_t *vwv;
1594         uint32_t num_bytes;
1595         uint8_t *bytes;
1596         NTSTATUS status;
1597         uint16_t protnum;
1598
1599         status = cli_smb_recv(subreq, 1, &wct, &vwv, &num_bytes, &bytes);
1600         if (!NT_STATUS_IS_OK(status)) {
1601                 TALLOC_FREE(subreq);
1602                 return;
1603         }
1604
1605         protnum = SVAL(vwv, 0);
1606
1607         if ((protnum >= ARRAY_SIZE(prots))
1608             || (prots[protnum].prot > cli->protocol)) {
1609                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
1610                 return;
1611         }
1612
1613         cli->protocol = prots[protnum].prot;
1614
1615         if ((cli->protocol < PROTOCOL_NT1) &&
1616             client_is_signing_mandatory(cli)) {
1617                 DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
1618                 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
1619                 return;
1620         }
1621
1622         if (cli->protocol >= PROTOCOL_NT1) {    
1623                 struct timespec ts;
1624                 bool negotiated_smb_signing = false;
1625
1626                 /* NT protocol */
1627                 cli->sec_mode = CVAL(vwv + 1, 0);
1628                 cli->max_mux = SVAL(vwv + 1, 1);
1629                 cli->max_xmit = IVAL(vwv + 3, 1);
1630                 cli->sesskey = IVAL(vwv + 7, 1);
1631                 cli->serverzone = SVALS(vwv + 15, 1);
1632                 cli->serverzone *= 60;
1633                 /* this time arrives in real GMT */
1634                 ts = interpret_long_date(((char *)(vwv+11))+1);
1635                 cli->servertime = ts.tv_sec;
1636                 cli->secblob = data_blob(bytes, num_bytes);
1637                 cli->capabilities = IVAL(vwv + 9, 1);
1638                 if (cli->capabilities & CAP_RAW_MODE) {
1639                         cli->readbraw_supported = True;
1640                         cli->writebraw_supported = True;      
1641                 }
1642                 /* work out if they sent us a workgroup */
1643                 if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
1644                     smb_buflen(cli->inbuf) > 8) {
1645                         clistr_pull(cli->inbuf, cli->server_domain,
1646                                     bytes+8, sizeof(cli->server_domain),
1647                                     num_bytes-8,
1648                                     STR_UNICODE|STR_NOALIGN);
1649                 }
1650
1651                 /*
1652                  * As signing is slow we only turn it on if either the client or
1653                  * the server require it. JRA.
1654                  */
1655
1656                 if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
1657                         /* Fail if server says signing is mandatory and we don't want to support it. */
1658                         if (!client_is_signing_allowed(cli)) {
1659                                 DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
1660                                 tevent_req_nterror(req,
1661                                                    NT_STATUS_ACCESS_DENIED);
1662                                 return;
1663                         }
1664                         negotiated_smb_signing = true;
1665                 } else if (client_is_signing_mandatory(cli) && client_is_signing_allowed(cli)) {
1666                         /* Fail if client says signing is mandatory and the server doesn't support it. */
1667                         if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
1668                                 DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
1669                                 tevent_req_nterror(req,
1670                                                    NT_STATUS_ACCESS_DENIED);
1671                                 return;
1672                         }
1673                         negotiated_smb_signing = true;
1674                 } else if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
1675                         negotiated_smb_signing = true;
1676                 }
1677
1678                 if (negotiated_smb_signing) {
1679                         cli_set_signing_negotiated(cli);
1680                 }
1681
1682                 if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
1683                         SAFE_FREE(cli->outbuf);
1684                         SAFE_FREE(cli->inbuf);
1685                         cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
1686                         cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
1687                         cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
1688                 }
1689
1690         } else if (cli->protocol >= PROTOCOL_LANMAN1) {
1691                 cli->use_spnego = False;
1692                 cli->sec_mode = SVAL(vwv + 1, 0);
1693                 cli->max_xmit = SVAL(vwv + 2, 0);
1694                 cli->max_mux = SVAL(vwv + 3, 0);
1695                 cli->sesskey = IVAL(vwv + 6, 0);
1696                 cli->serverzone = SVALS(vwv + 10, 0);
1697                 cli->serverzone *= 60;
1698                 /* this time is converted to GMT by make_unix_date */
1699                 cli->servertime = cli_make_unix_date(
1700                         cli, (char *)(vwv + 8));
1701                 cli->readbraw_supported = ((SVAL(vwv + 5, 0) & 0x1) != 0);
1702                 cli->writebraw_supported = ((SVAL(vwv + 5, 0) & 0x2) != 0);
1703                 cli->secblob = data_blob(bytes, num_bytes);
1704         } else {
1705                 /* the old core protocol */
1706                 cli->use_spnego = False;
1707                 cli->sec_mode = 0;
1708                 cli->serverzone = get_time_zone(time(NULL));
1709         }
1710
1711         cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
1712
1713         /* a way to force ascii SMB */
1714         if (getenv("CLI_FORCE_ASCII"))
1715                 cli->capabilities &= ~CAP_UNICODE;
1716
1717         tevent_req_done(req);
1718 }
1719
1720 NTSTATUS cli_negprot_recv(struct tevent_req *req)
1721 {
1722         return tevent_req_simple_recv_ntstatus(req);
1723 }
1724
1725 NTSTATUS cli_negprot(struct cli_state *cli)
1726 {
1727         TALLOC_CTX *frame = talloc_stackframe();
1728         struct event_context *ev;
1729         struct tevent_req *req;
1730         NTSTATUS status = NT_STATUS_OK;
1731
1732         if (cli_has_async_calls(cli)) {
1733                 /*
1734                  * Can't use sync call while an async call is in flight
1735                  */
1736                 status = NT_STATUS_INVALID_PARAMETER;
1737                 goto fail;
1738         }
1739
1740         ev = event_context_init(frame);
1741         if (ev == NULL) {
1742                 status = NT_STATUS_NO_MEMORY;
1743                 goto fail;
1744         }
1745
1746         req = cli_negprot_send(frame, ev, cli);
1747         if (req == NULL) {
1748                 status = NT_STATUS_NO_MEMORY;
1749                 goto fail;
1750         }
1751
1752         if (!tevent_req_poll(req, ev)) {
1753                 status = map_nt_error_from_unix(errno);
1754                 goto fail;
1755         }
1756
1757         status = cli_negprot_recv(req);
1758  fail:
1759         TALLOC_FREE(frame);
1760         if (!NT_STATUS_IS_OK(status)) {
1761                 cli_set_error(cli, status);
1762         }
1763         return status;
1764 }
1765
1766 /****************************************************************************
1767  Send a session request. See rfc1002.txt 4.3 and 4.3.2.
1768 ****************************************************************************/
1769
1770 bool cli_session_request(struct cli_state *cli,
1771                          struct nmb_name *calling, struct nmb_name *called)
1772 {
1773         char *p;
1774         int len = 4;
1775         char *tmp;
1776
1777         /* 445 doesn't have session request */
1778         if (cli->port == 445)
1779                 return True;
1780
1781         memcpy(&(cli->calling), calling, sizeof(*calling));
1782         memcpy(&(cli->called ), called , sizeof(*called ));
1783
1784         /* put in the destination name */
1785
1786         tmp = name_mangle(talloc_tos(), cli->called.name,
1787                           cli->called.name_type);
1788         if (tmp == NULL) {
1789                 return false;
1790         }
1791
1792         p = cli->outbuf+len;
1793         memcpy(p, tmp, name_len(tmp));
1794         len += name_len(tmp);
1795         TALLOC_FREE(tmp);
1796
1797         /* and my name */
1798
1799         tmp = name_mangle(talloc_tos(), cli->calling.name,
1800                           cli->calling.name_type);
1801         if (tmp == NULL) {
1802                 return false;
1803         }
1804
1805         p = cli->outbuf+len;
1806         memcpy(p, tmp, name_len(tmp));
1807         len += name_len(tmp);
1808         TALLOC_FREE(tmp);
1809
1810         /* send a session request (RFC 1002) */
1811         /* setup the packet length
1812          * Remove four bytes from the length count, since the length
1813          * field in the NBT Session Service header counts the number
1814          * of bytes which follow.  The cli_send_smb() function knows
1815          * about this and accounts for those four bytes.
1816          * CRH.
1817          */
1818         len -= 4;
1819         _smb_setlen(cli->outbuf,len);
1820         SCVAL(cli->outbuf,0,0x81);
1821
1822         cli_send_smb(cli);
1823         DEBUG(5,("Sent session request\n"));
1824
1825         if (!cli_receive_smb(cli))
1826                 return False;
1827
1828         if (CVAL(cli->inbuf,0) == 0x84) {
1829                 /* C. Hoch  9/14/95 Start */
1830                 /* For information, here is the response structure.
1831                  * We do the byte-twiddling to for portability.
1832                 struct RetargetResponse{
1833                 unsigned char type;
1834                 unsigned char flags;
1835                 int16 length;
1836                 int32 ip_addr;
1837                 int16 port;
1838                 };
1839                 */
1840                 uint16_t port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
1841                 struct in_addr dest_ip;
1842                 NTSTATUS status;
1843
1844                 /* SESSION RETARGET */
1845                 putip((char *)&dest_ip,cli->inbuf+4);
1846                 in_addr_to_sockaddr_storage(&cli->dest_ss, dest_ip);
1847
1848                 status = open_socket_out(&cli->dest_ss, port,
1849                                          LONG_CONNECT_TIMEOUT, &cli->fd);
1850                 if (!NT_STATUS_IS_OK(status)) {
1851                         return False;
1852                 }
1853
1854                 DEBUG(3,("Retargeted\n"));
1855
1856                 set_socket_options(cli->fd, lp_socket_options());
1857
1858                 /* Try again */
1859                 {
1860                         static int depth;
1861                         bool ret;
1862                         if (depth > 4) {
1863                                 DEBUG(0,("Retarget recursion - failing\n"));
1864                                 return False;
1865                         }
1866                         depth++;
1867                         ret = cli_session_request(cli, calling, called);
1868                         depth--;
1869                         return ret;
1870                 }
1871         } /* C. Hoch 9/14/95 End */
1872
1873         if (CVAL(cli->inbuf,0) != 0x82) {
1874                 /* This is the wrong place to put the error... JRA. */
1875                 cli->rap_error = CVAL(cli->inbuf,4);
1876                 return False;
1877         }
1878         return(True);
1879 }
1880
1881 struct fd_struct {
1882         int fd;
1883 };
1884
1885 static void smb_sock_connected(struct tevent_req *req)
1886 {
1887         struct fd_struct *pfd = tevent_req_callback_data(
1888                 req, struct fd_struct);
1889         int fd;
1890         NTSTATUS status;
1891
1892         status = open_socket_out_defer_recv(req, &fd);
1893         if (NT_STATUS_IS_OK(status)) {
1894                 pfd->fd = fd;
1895         }
1896 }
1897
1898 static NTSTATUS open_smb_socket(const struct sockaddr_storage *pss,
1899                                 uint16_t *port, int timeout, int *pfd)
1900 {
1901         struct event_context *ev;
1902         struct tevent_req *r139, *r445;
1903         struct fd_struct *fd139, *fd445;
1904         NTSTATUS status = NT_STATUS_NO_MEMORY;
1905
1906         if (*port != 0) {
1907                 return open_socket_out(pss, *port, timeout, pfd);
1908         }
1909
1910         ev = event_context_init(talloc_tos());
1911         if (ev == NULL) {
1912                 return NT_STATUS_NO_MEMORY;
1913         }
1914
1915         fd139 = talloc(ev, struct fd_struct);
1916         if (fd139 == NULL) {
1917                 goto done;
1918         }
1919         fd139->fd = -1;
1920
1921         fd445 = talloc(ev, struct fd_struct);
1922         if (fd445 == NULL) {
1923                 goto done;
1924         }
1925         fd445->fd = -1;
1926
1927         r445 = open_socket_out_defer_send(ev, ev, timeval_set(0, 0),
1928                                           pss, 445, timeout);
1929         r139 = open_socket_out_defer_send(ev, ev, timeval_set(0, 3000),
1930                                           pss, 139, timeout);
1931         if ((r445 == NULL) || (r139 == NULL)) {
1932                 goto done;
1933         }
1934         tevent_req_set_callback(r445, smb_sock_connected, fd445);
1935         tevent_req_set_callback(r139, smb_sock_connected, fd139);
1936
1937         while ((fd445->fd == -1) && (fd139->fd == -1)
1938                && (tevent_req_is_in_progress(r139)
1939                    || tevent_req_is_in_progress(r445))) {
1940                 event_loop_once(ev);
1941         }
1942
1943         if ((fd139->fd != -1) && (fd445->fd != -1)) {
1944                 close(fd139->fd);
1945                 fd139->fd = -1;
1946         }
1947
1948         if (fd445->fd != -1) {
1949                 *port = 445;
1950                 *pfd = fd445->fd;
1951                 status = NT_STATUS_OK;
1952                 goto done;
1953         }
1954         if (fd139->fd != -1) {
1955                 *port = 139;
1956                 *pfd = fd139->fd;
1957                 status = NT_STATUS_OK;
1958                 goto done;
1959         }
1960
1961         status = open_socket_out_defer_recv(r445, &fd445->fd);
1962  done:
1963         TALLOC_FREE(ev);
1964         return status;
1965 }
1966
1967 /****************************************************************************
1968  Open the client sockets.
1969 ****************************************************************************/
1970
1971 NTSTATUS cli_connect(struct cli_state *cli,
1972                 const char *host,
1973                 struct sockaddr_storage *dest_ss)
1974
1975 {
1976         int name_type = 0x20;
1977         TALLOC_CTX *frame = talloc_stackframe();
1978         unsigned int num_addrs = 0;
1979         unsigned int i = 0;
1980         struct sockaddr_storage *ss_arr = NULL;
1981         char *p = NULL;
1982
1983         /* reasonable default hostname */
1984         if (!host) {
1985                 host = STAR_SMBSERVER;
1986         }
1987
1988         fstrcpy(cli->desthost, host);
1989
1990         /* allow hostnames of the form NAME#xx and do a netbios lookup */
1991         if ((p = strchr(cli->desthost, '#'))) {
1992                 name_type = strtol(p+1, NULL, 16);
1993                 *p = 0;
1994         }
1995
1996         if (!dest_ss || is_zero_addr((struct sockaddr *)dest_ss)) {
1997                 NTSTATUS status =resolve_name_list(frame,
1998                                         cli->desthost,
1999                                         name_type,
2000                                         &ss_arr,
2001                                         &num_addrs);
2002                 if (!NT_STATUS_IS_OK(status)) {
2003                         TALLOC_FREE(frame);
2004                         return NT_STATUS_BAD_NETWORK_NAME;
2005                 }
2006         } else {
2007                 num_addrs = 1;
2008                 ss_arr = TALLOC_P(frame, struct sockaddr_storage);
2009                 if (!ss_arr) {
2010                         TALLOC_FREE(frame);
2011                         return NT_STATUS_NO_MEMORY;
2012                 }
2013                 *ss_arr = *dest_ss;
2014         }
2015
2016         for (i = 0; i < num_addrs; i++) {
2017                 cli->dest_ss = ss_arr[i];
2018                 if (getenv("LIBSMB_PROG")) {
2019                         cli->fd = sock_exec(getenv("LIBSMB_PROG"));
2020                 } else {
2021                         uint16_t port = cli->port;
2022                         NTSTATUS status;
2023                         status = open_smb_socket(&cli->dest_ss, &port,
2024                                                  cli->timeout, &cli->fd);
2025                         if (NT_STATUS_IS_OK(status)) {
2026                                 cli->port = port;
2027                         }
2028                 }
2029                 if (cli->fd == -1) {
2030                         char addr[INET6_ADDRSTRLEN];
2031                         print_sockaddr(addr, sizeof(addr), &ss_arr[i]);
2032                         DEBUG(2,("Error connecting to %s (%s)\n",
2033                                  dest_ss?addr:host,strerror(errno)));
2034                 } else {
2035                         /* Exit from loop on first connection. */
2036                         break;
2037                 }
2038         }
2039
2040         if (cli->fd == -1) {
2041                 TALLOC_FREE(frame);
2042                 return map_nt_error_from_unix(errno);
2043         }
2044
2045         if (dest_ss) {
2046                 *dest_ss = cli->dest_ss;
2047         }
2048
2049         set_socket_options(cli->fd, lp_socket_options());
2050
2051         TALLOC_FREE(frame);
2052         return NT_STATUS_OK;
2053 }
2054
2055 /**
2056    establishes a connection to after the negprot. 
2057    @param output_cli A fully initialised cli structure, non-null only on success
2058    @param dest_host The netbios name of the remote host
2059    @param dest_ss (optional) The the destination IP, NULL for name based lookup
2060    @param port (optional) The destination port (0 for default)
2061    @param retry bool. Did this connection fail with a retryable error ?
2062
2063 */
2064 NTSTATUS cli_start_connection(struct cli_state **output_cli, 
2065                               const char *my_name, 
2066                               const char *dest_host, 
2067                               struct sockaddr_storage *dest_ss, int port,
2068                               int signing_state, int flags,
2069                               bool *retry) 
2070 {
2071         NTSTATUS nt_status;
2072         struct nmb_name calling;
2073         struct nmb_name called;
2074         struct cli_state *cli;
2075         struct sockaddr_storage ss;
2076
2077         if (retry)
2078                 *retry = False;
2079
2080         if (!my_name) 
2081                 my_name = global_myname();
2082
2083         if (!(cli = cli_initialise_ex(signing_state))) {
2084                 return NT_STATUS_NO_MEMORY;
2085         }
2086
2087         make_nmb_name(&calling, my_name, 0x0);
2088         make_nmb_name(&called , dest_host, 0x20);
2089
2090         cli_set_port(cli, port);
2091         cli_set_timeout(cli, 10000); /* 10 seconds. */
2092
2093         if (dest_ss) {
2094                 ss = *dest_ss;
2095         } else {
2096                 zero_sockaddr(&ss);
2097         }
2098
2099 again:
2100
2101         DEBUG(3,("Connecting to host=%s\n", dest_host));
2102
2103         nt_status = cli_connect(cli, dest_host, &ss);
2104         if (!NT_STATUS_IS_OK(nt_status)) {
2105                 char addr[INET6_ADDRSTRLEN];
2106                 print_sockaddr(addr, sizeof(addr), &ss);
2107                 DEBUG(1,("cli_start_connection: failed to connect to %s (%s). Error %s\n",
2108                          nmb_namestr(&called), addr, nt_errstr(nt_status) ));
2109                 cli_shutdown(cli);
2110                 return nt_status;
2111         }
2112
2113         if (retry)
2114                 *retry = True;
2115
2116         if (!cli_session_request(cli, &calling, &called)) {
2117                 char *p;
2118                 DEBUG(1,("session request to %s failed (%s)\n",
2119                          called.name, cli_errstr(cli)));
2120                 if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
2121                         *p = 0;
2122                         goto again;
2123                 }
2124                 if (strcmp(called.name, STAR_SMBSERVER)) {
2125                         make_nmb_name(&called , STAR_SMBSERVER, 0x20);
2126                         goto again;
2127                 }
2128                 return NT_STATUS_BAD_NETWORK_NAME;
2129         }
2130
2131         if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
2132                 cli->use_spnego = False;
2133         else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
2134                 cli->use_kerberos = True;
2135
2136         if ((flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) &&
2137              cli->use_kerberos) {
2138                 cli->fallback_after_kerberos = true;
2139         }
2140
2141         nt_status = cli_negprot(cli);
2142         if (!NT_STATUS_IS_OK(nt_status)) {
2143                 DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status)));
2144                 cli_shutdown(cli);
2145                 return nt_status;
2146         }
2147
2148         *output_cli = cli;
2149         return NT_STATUS_OK;
2150 }
2151
2152
2153 /**
2154    establishes a connection right up to doing tconX, password specified.
2155    @param output_cli A fully initialised cli structure, non-null only on success
2156    @param dest_host The netbios name of the remote host
2157    @param dest_ip (optional) The the destination IP, NULL for name based lookup
2158    @param port (optional) The destination port (0 for default)
2159    @param service (optional) The share to make the connection to.  Should be 'unqualified' in any way.
2160    @param service_type The 'type' of serivice. 
2161    @param user Username, unix string
2162    @param domain User's domain
2163    @param password User's password, unencrypted unix string.
2164    @param retry bool. Did this connection fail with a retryable error ?
2165 */
2166
2167 NTSTATUS cli_full_connection(struct cli_state **output_cli, 
2168                              const char *my_name, 
2169                              const char *dest_host, 
2170                              struct sockaddr_storage *dest_ss, int port,
2171                              const char *service, const char *service_type,
2172                              const char *user, const char *domain, 
2173                              const char *password, int flags,
2174                              int signing_state,
2175                              bool *retry) 
2176 {
2177         NTSTATUS nt_status;
2178         struct cli_state *cli = NULL;
2179         int pw_len = password ? strlen(password)+1 : 0;
2180
2181         *output_cli = NULL;
2182
2183         if (password == NULL) {
2184                 password = "";
2185         }
2186
2187         nt_status = cli_start_connection(&cli, my_name, dest_host,
2188                                          dest_ss, port, signing_state,
2189                                          flags, retry);
2190
2191         if (!NT_STATUS_IS_OK(nt_status)) {
2192                 return nt_status;
2193         }
2194
2195         cli->use_oplocks = ((flags & CLI_FULL_CONNECTION_OPLOCKS) != 0);
2196         cli->use_level_II_oplocks =
2197                 ((flags & CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS) != 0);
2198
2199         nt_status = cli_session_setup(cli, user, password, pw_len, password,
2200                                       pw_len, domain);
2201         if (!NT_STATUS_IS_OK(nt_status)) {
2202
2203                 if (!(flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
2204                         DEBUG(1,("failed session setup with %s\n",
2205                                  nt_errstr(nt_status)));
2206                         cli_shutdown(cli);
2207                         return nt_status;
2208                 }
2209
2210                 nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
2211                 if (!NT_STATUS_IS_OK(nt_status)) {
2212                         DEBUG(1,("anonymous failed session setup with %s\n",
2213                                  nt_errstr(nt_status)));
2214                         cli_shutdown(cli);
2215                         return nt_status;
2216                 }
2217         }
2218
2219         if (service) {
2220                 nt_status = cli_tcon_andx(cli, service, service_type, password,
2221                                           pw_len);
2222                 if (!NT_STATUS_IS_OK(nt_status)) {
2223                         DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
2224                         cli_shutdown(cli);
2225                         if (NT_STATUS_IS_OK(nt_status)) {
2226                                 nt_status = NT_STATUS_UNSUCCESSFUL;
2227                         }
2228                         return nt_status;
2229                 }
2230         }
2231
2232         nt_status = cli_init_creds(cli, user, domain, password);
2233         if (!NT_STATUS_IS_OK(nt_status)) {
2234                 cli_shutdown(cli);
2235                 return nt_status;
2236         }
2237
2238         *output_cli = cli;
2239         return NT_STATUS_OK;
2240 }
2241
2242 /****************************************************************************
2243  Attempt a NetBIOS session request, falling back to *SMBSERVER if needed.
2244 ****************************************************************************/
2245
2246 bool attempt_netbios_session_request(struct cli_state **ppcli, const char *srchost, const char *desthost,
2247                                      struct sockaddr_storage *pdest_ss)
2248 {
2249         struct nmb_name calling, called;
2250
2251         make_nmb_name(&calling, srchost, 0x0);
2252
2253         /*
2254          * If the called name is an IP address
2255          * then use *SMBSERVER immediately.
2256          */
2257
2258         if(is_ipaddress(desthost)) {
2259                 make_nmb_name(&called, STAR_SMBSERVER, 0x20);
2260         } else {
2261                 make_nmb_name(&called, desthost, 0x20);
2262         }
2263
2264         if (!cli_session_request(*ppcli, &calling, &called)) {
2265                 NTSTATUS status;
2266                 struct nmb_name smbservername;
2267
2268                 make_nmb_name(&smbservername, STAR_SMBSERVER, 0x20);
2269
2270                 /*
2271                  * If the name wasn't *SMBSERVER then
2272                  * try with *SMBSERVER if the first name fails.
2273                  */
2274
2275                 if (nmb_name_equal(&called, &smbservername)) {
2276
2277                         /*
2278                          * The name used was *SMBSERVER, don't bother with another name.
2279                          */
2280
2281                         DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
2282 with error %s.\n", desthost, cli_errstr(*ppcli) ));
2283                         return False;
2284                 }
2285
2286                 /* Try again... */
2287                 cli_shutdown(*ppcli);
2288
2289                 *ppcli = cli_initialise();
2290                 if (!*ppcli) {
2291                         /* Out of memory... */
2292                         return False;
2293                 }
2294
2295                 status = cli_connect(*ppcli, desthost, pdest_ss);
2296                 if (!NT_STATUS_IS_OK(status) ||
2297                                 !cli_session_request(*ppcli, &calling, &smbservername)) {
2298                         DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
2299 name *SMBSERVER with error %s\n", desthost, cli_errstr(*ppcli) ));
2300                         return False;
2301                 }
2302         }
2303
2304         return True;
2305 }
2306
2307 /****************************************************************************
2308  Send an old style tcon.
2309 ****************************************************************************/
2310 NTSTATUS cli_raw_tcon(struct cli_state *cli, 
2311                       const char *service, const char *pass, const char *dev,
2312                       uint16 *max_xmit, uint16 *tid)
2313 {
2314         char *p;
2315
2316         if (!lp_client_plaintext_auth() && (*pass)) {
2317                 DEBUG(1, ("Server requested plaintext password but 'client "
2318                           "plaintext auth' is disabled\n"));
2319                 return NT_STATUS_ACCESS_DENIED;
2320         }
2321
2322         memset(cli->outbuf,'\0',smb_size);
2323         memset(cli->inbuf,'\0',smb_size);
2324
2325         cli_set_message(cli->outbuf, 0, 0, True);
2326         SCVAL(cli->outbuf,smb_com,SMBtcon);
2327         cli_setup_packet(cli);
2328
2329         p = smb_buf(cli->outbuf);
2330         *p++ = 4; p += clistr_push(cli, p, service, -1, STR_TERMINATE | STR_NOALIGN);
2331         *p++ = 4; p += clistr_push(cli, p, pass, -1, STR_TERMINATE | STR_NOALIGN);
2332         *p++ = 4; p += clistr_push(cli, p, dev, -1, STR_TERMINATE | STR_NOALIGN);
2333
2334         cli_setup_bcc(cli, p);
2335
2336         cli_send_smb(cli);
2337         if (!cli_receive_smb(cli)) {
2338                 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
2339         }
2340
2341         if (cli_is_error(cli)) {
2342                 return cli_nt_error(cli);
2343         }
2344
2345         *max_xmit = SVAL(cli->inbuf, smb_vwv0);
2346         *tid = SVAL(cli->inbuf, smb_vwv1);
2347
2348         return NT_STATUS_OK;
2349 }
2350
2351 /* Return a cli_state pointing at the IPC$ share for the given server */
2352
2353 struct cli_state *get_ipc_connect(char *server,
2354                                 struct sockaddr_storage *server_ss,
2355                                 const struct user_auth_info *user_info)
2356 {
2357         struct cli_state *cli;
2358         NTSTATUS nt_status;
2359         uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
2360
2361         if (user_info->use_kerberos) {
2362                 flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
2363         }
2364
2365         nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC", 
2366                                         user_info->username ? user_info->username : "",
2367                                         lp_workgroup(),
2368                                         user_info->password ? user_info->password : "",
2369                                         flags,
2370                                         Undefined, NULL);
2371
2372         if (NT_STATUS_IS_OK(nt_status)) {
2373                 return cli;
2374         } else if (is_ipaddress(server)) {
2375             /* windows 9* needs a correct NMB name for connections */
2376             fstring remote_name;
2377
2378             if (name_status_find("*", 0, 0, server_ss, remote_name)) {
2379                 cli = get_ipc_connect(remote_name, server_ss, user_info);
2380                 if (cli)
2381                     return cli;
2382             }
2383         }
2384         return NULL;
2385 }
2386
2387 /*
2388  * Given the IP address of a master browser on the network, return its
2389  * workgroup and connect to it.
2390  *
2391  * This function is provided to allow additional processing beyond what
2392  * get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
2393  * browsers and obtain each master browsers' list of domains (in case the
2394  * first master browser is recently on the network and has not yet
2395  * synchronized with other master browsers and therefore does not yet have the
2396  * entire network browse list)
2397  */
2398
2399 struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
2400                                 struct ip_service *mb_ip,
2401                                 const struct user_auth_info *user_info,
2402                                 char **pp_workgroup_out)
2403 {
2404         char addr[INET6_ADDRSTRLEN];
2405         fstring name;
2406         struct cli_state *cli;
2407         struct sockaddr_storage server_ss;
2408
2409         *pp_workgroup_out = NULL;
2410
2411         print_sockaddr(addr, sizeof(addr), &mb_ip->ss);
2412         DEBUG(99, ("Looking up name of master browser %s\n",
2413                    addr));
2414
2415         /*
2416          * Do a name status query to find out the name of the master browser.
2417          * We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
2418          * master browser will not respond to a wildcard query (or, at least,
2419          * an NT4 server acting as the domain master browser will not).
2420          *
2421          * We might be able to use ONLY the query on MSBROWSE, but that's not
2422          * yet been tested with all Windows versions, so until it is, leave
2423          * the original wildcard query as the first choice and fall back to
2424          * MSBROWSE if the wildcard query fails.
2425          */
2426         if (!name_status_find("*", 0, 0x1d, &mb_ip->ss, name) &&
2427             !name_status_find(MSBROWSE, 1, 0x1d, &mb_ip->ss, name)) {
2428
2429                 DEBUG(99, ("Could not retrieve name status for %s\n",
2430                            addr));
2431                 return NULL;
2432         }
2433
2434         if (!find_master_ip(name, &server_ss)) {
2435                 DEBUG(99, ("Could not find master ip for %s\n", name));
2436                 return NULL;
2437         }
2438
2439         *pp_workgroup_out = talloc_strdup(ctx, name);
2440
2441         DEBUG(4, ("found master browser %s, %s\n", name, addr));
2442
2443         print_sockaddr(addr, sizeof(addr), &server_ss);
2444         cli = get_ipc_connect(addr, &server_ss, user_info);
2445
2446         return cli;
2447 }
2448
2449 /*
2450  * Return the IP address and workgroup of a master browser on the network, and
2451  * connect to it.
2452  */
2453
2454 struct cli_state *get_ipc_connect_master_ip_bcast(TALLOC_CTX *ctx,
2455                                         const struct user_auth_info *user_info,
2456                                         char **pp_workgroup_out)
2457 {
2458         struct ip_service *ip_list;
2459         struct cli_state *cli;
2460         int i, count;
2461
2462         *pp_workgroup_out = NULL;
2463
2464         DEBUG(99, ("Do broadcast lookup for workgroups on local network\n"));
2465
2466         /* Go looking for workgroups by broadcasting on the local network */
2467
2468         if (!NT_STATUS_IS_OK(name_resolve_bcast(MSBROWSE, 1, &ip_list,
2469                                                 &count))) {
2470                 DEBUG(99, ("No master browsers responded\n"));
2471                 return False;
2472         }
2473
2474         for (i = 0; i < count; i++) {
2475                 char addr[INET6_ADDRSTRLEN];
2476                 print_sockaddr(addr, sizeof(addr), &ip_list[i].ss);
2477                 DEBUG(99, ("Found master browser %s\n", addr));
2478
2479                 cli = get_ipc_connect_master_ip(ctx, &ip_list[i],
2480                                 user_info, pp_workgroup_out);
2481                 if (cli)
2482                         return(cli);
2483         }
2484
2485         return NULL;
2486 }