s3:libsmb: remove cli_setup_signing_state() and add struct cli_state *cli_initialise_ex()

[ira/wip.git] / source3 / libsmb / cliconnect.c

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 44899e3b1a37776cf67605e03d6f58721dd44f95..e3d1b65be0d209f201e88edb968db45274bc06cc 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -161,47 +161,77 @@ static uint32 cli_session_setup_capabilities(struct cli_state *cli)
  Do a NT1 guest session setup.
 ****************************************************************************/
 
-static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
+struct async_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
+                                              struct event_context *ev,
+                                              struct cli_state *cli)
 {
-       char *p;
-       uint32 capabilities = cli_session_setup_capabilities(cli);
+       struct async_req *result;
+       uint16_t vwv[13];
+       uint8_t *bytes;
 
-       memset(cli->outbuf, '\0', smb_size);
-       cli_set_message(cli->outbuf,13,0,True);
-       SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
-       cli_setup_packet(cli);
-                       
-       SCVAL(cli->outbuf,smb_vwv0,0xFF);
-       SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
-       SSVAL(cli->outbuf,smb_vwv3,2);
-       SSVAL(cli->outbuf,smb_vwv4,cli->pid);
-       SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
-       SSVAL(cli->outbuf,smb_vwv7,0);
-       SSVAL(cli->outbuf,smb_vwv8,0);
-       SIVAL(cli->outbuf,smb_vwv11,capabilities); 
-       p = smb_buf(cli->outbuf);
-       p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* username */
-       p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* workgroup */
-       p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
-       p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
-       cli_setup_bcc(cli, p);
+       SCVAL(vwv+0, 0, 0xFF);
+       SCVAL(vwv+0, 1, 0);
+       SSVAL(vwv+1, 0, 0);
+       SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
+       SSVAL(vwv+3, 0, 2);
+       SSVAL(vwv+4, 0, cli->pid);
+       SIVAL(vwv+5, 0, cli->sesskey);
+       SSVAL(vwv+7, 0, 0);
+       SSVAL(vwv+8, 0, 0);
+       SSVAL(vwv+9, 0, 0);
+       SSVAL(vwv+10, 0, 0);
+       SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
+
+       bytes = talloc_array(talloc_tos(), uint8_t, 0);
+
+       bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "",  1, /* username */
+                                  NULL);
+       bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* workgroup */
+                                  NULL);
+       bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", 5, NULL);
+       bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", 6, NULL);
+
+       if (bytes == NULL) {
+               return NULL;
+       }
+
+       result = cli_request_send(mem_ctx, ev, cli, SMBsesssetupX, 0,
+                                 13, vwv, 0, talloc_get_size(bytes), bytes);
+       TALLOC_FREE(bytes);
+       return result;
+}
 
-       if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
-               return cli_nt_error(cli);
+NTSTATUS cli_session_setup_guest_recv(struct async_req *req)
+{
+       struct cli_request *cli_req = talloc_get_type_abort(
+               req->private_data, struct cli_request);
+       struct cli_state *cli = cli_req->cli;
+       uint8_t wct;
+       uint16_t *vwv;
+       uint16_t num_bytes;
+       uint8_t *bytes;
+       uint8_t *p;
+       NTSTATUS status;
+
+       if (async_req_is_nterror(req, &status)) {
+               return status;
        }
-       
-       show_msg(cli->inbuf);
-       
-       if (cli_is_error(cli)) {
-               return cli_nt_error(cli);
+
+       status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
        }
 
-       cli->vuid = SVAL(cli->inbuf,smb_uid);
+       p = bytes;
 
-       p = smb_buf(cli->inbuf);
-       p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
-       p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
-       p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+       cli->vuid = SVAL(cli_req->inbuf, smb_uid);
+
+       p += clistr_pull(cli_req->inbuf, cli->server_os, (char *)p,
+                        sizeof(fstring), bytes+num_bytes-p, STR_TERMINATE);
+       p += clistr_pull(cli_req->inbuf, cli->server_type, (char *)p,
+                        sizeof(fstring), bytes+num_bytes-p, STR_TERMINATE);
+       p += clistr_pull(cli_req->inbuf, cli->server_domain, (char *)p,
+                        sizeof(fstring), bytes+num_bytes-p, STR_TERMINATE);
 
        if (strstr(cli->server_type, "Samba")) {
                cli->is_samba = True;
@@ -212,6 +242,43 @@ static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
        return NT_STATUS_OK;
 }
 
+static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
+{
+       TALLOC_CTX *frame = talloc_stackframe();
+       struct event_context *ev;
+       struct async_req *req;
+       NTSTATUS status;
+
+       if (cli->fd_event != NULL) {
+               /*
+                * Can't use sync call while an async call is in flight
+                */
+               status = NT_STATUS_INVALID_PARAMETER;
+               goto fail;
+       }
+
+       ev = event_context_init(frame);
+       if (ev == NULL) {
+               status = NT_STATUS_NO_MEMORY;
+               goto fail;
+       }
+
+       req = cli_session_setup_guest_send(frame, ev, cli);
+       if (req == NULL) {
+               status = NT_STATUS_NO_MEMORY;
+               goto fail;
+       }
+
+       while (req->state < ASYNC_REQ_DONE) {
+               event_loop_once(ev);
+       }
+
+       status = cli_session_setup_guest_recv(req);
+ fail:
+       TALLOC_FREE(frame);
+       return status;
+}
+
 /****************************************************************************
  Do a NT1 plaintext session setup.
 ****************************************************************************/
@@ -224,7 +291,7 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
        char *p;
        fstring lanman;
        
-       fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);
+       fstr_sprintf( lanman, "Samba %s", samba_version_string());
 
        memset(cli->outbuf, '\0', smb_size);
        cli_set_message(cli->outbuf,13,0,True);
@@ -276,9 +343,12 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
 
        cli->vuid = SVAL(cli->inbuf,smb_uid);
        p = smb_buf(cli->inbuf);
-       p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
-       p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
-       p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+       p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+                        -1, STR_TERMINATE);
+       p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+                        -1, STR_TERMINATE);
+       p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
+                        -1, STR_TERMINATE);
        fstrcpy(cli->user_name, user);
 
        if (strstr(cli->server_type, "Samba")) {
@@ -309,6 +379,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
        DATA_BLOB session_key = data_blob_null;
        NTSTATUS result;
        char *p;
+       bool ok;
 
        if (passlen == 0) {
                /* do nothing - guest login */
@@ -366,11 +437,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
                        SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
 #endif
                }
-#ifdef LANMAN_ONLY
-               cli_simple_set_signing(cli, session_key, lm_response); 
-#else
-               cli_simple_set_signing(cli, session_key, nt_response); 
-#endif
+               cli_temp_set_signing(cli);
        } else {
                /* pre-encrypted password supplied.  Only used for 
                   security=server, can't do
@@ -422,13 +489,32 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
                goto end;
        }
 
+#ifdef LANMAN_ONLY
+       ok = cli_simple_set_signing(cli, session_key, lm_response);
+#else
+       ok = cli_simple_set_signing(cli, session_key, nt_response);
+#endif
+       if (ok) {
+               /* 'resign' the last message, so we get the right sequence numbers
+                  for checking the first reply from the server */
+               cli_calculate_sign_mac(cli, cli->outbuf);
+
+               if (!cli_check_sign_mac(cli, cli->inbuf)) {
+                       result = NT_STATUS_ACCESS_DENIED;
+                       goto end;
+               }
+       }
+
        /* use the returned vuid from now on */
        cli->vuid = SVAL(cli->inbuf,smb_uid);
        
        p = smb_buf(cli->inbuf);
-       p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
-       p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
-       p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+       p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+                        -1, STR_TERMINATE);
+       p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+                        -1, STR_TERMINATE);
+       p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
+                        -1, STR_TERMINATE);
 
        if (strstr(cli->server_type, "Samba")) {
                cli->is_samba = True;
@@ -512,11 +598,13 @@ static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
        blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
 
        p += blob2.length;
-       p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
+       p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+                        -1, STR_TERMINATE);
 
        /* w2k with kerberos doesn't properly null terminate this field */
        len = smb_bufrem(cli->inbuf, p);
-       p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0);
+       p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+                        len, 0);
 
        return blob2;
 }
@@ -535,7 +623,7 @@ static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
 
 #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
 
-static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob, DATA_BLOB session_key_krb5)
+static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
 {
        int32 remaining = blob.length;
        int32 cur = 0;
@@ -559,13 +647,8 @@ static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob, DATA_B
                        send_blob.length = max_blob_size;
                        remaining -= max_blob_size;
                } else {
-                       DATA_BLOB null_blob = data_blob_null;
-
                        send_blob.length = remaining; 
                         remaining = 0;
-
-                       /* This is the last packet in the sequence - turn signing on. */
-                       cli_simple_set_signing(cli, session_key_krb5, null_blob); 
                }
 
                send_blob.data =  &blob.data[cur];
@@ -613,8 +696,11 @@ static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *
 {
        DATA_BLOB negTokenTarg;
        DATA_BLOB session_key_krb5;
+       NTSTATUS nt_status;
        int rc;
 
+       cli_temp_set_signing(cli);
+
        DEBUG(2,("Doing kerberos session setup\n"));
 
        /* generate the encapsulated kerberos5 ticket */
@@ -630,23 +716,44 @@ static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *
        file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
 #endif
 
-       if (!cli_session_setup_blob(cli, negTokenTarg, session_key_krb5)) {
-               data_blob_free(&negTokenTarg);
-               data_blob_free(&session_key_krb5);
-               return ADS_ERROR_NT(cli_nt_error(cli));
+       if (!cli_session_setup_blob(cli, negTokenTarg)) {
+               nt_status = cli_nt_error(cli);
+               goto nt_error;
+       }
+
+       if (cli_is_error(cli)) {
+               nt_status = cli_nt_error(cli);
+               if (NT_STATUS_IS_OK(nt_status)) {
+                       nt_status = NT_STATUS_UNSUCCESSFUL;
+               }
+               goto nt_error;
        }
 
        cli_set_session_key(cli, session_key_krb5);
 
+       if (cli_simple_set_signing(
+                   cli, session_key_krb5, data_blob_null)) {
+
+               /* 'resign' the last message, so we get the right sequence numbers
+                  for checking the first reply from the server */
+               cli_calculate_sign_mac(cli, cli->outbuf);
+
+               if (!cli_check_sign_mac(cli, cli->inbuf)) {
+                       nt_status = NT_STATUS_ACCESS_DENIED;
+                       goto nt_error;
+               }
+       }
+
        data_blob_free(&negTokenTarg);
        data_blob_free(&session_key_krb5);
 
-       if (cli_is_error(cli)) {
-               if (NT_STATUS_IS_OK(cli_nt_error(cli))) {
-                       return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
-               }
-       } 
-       return ADS_ERROR_NT(cli_nt_error(cli));
+       return ADS_ERROR_NT(NT_STATUS_OK);
+
+nt_error:
+       data_blob_free(&negTokenTarg);
+       data_blob_free(&session_key_krb5);
+       cli->vuid = 0;
+       return ADS_ERROR_NT(nt_status);
 }
 #endif /* HAVE_KRB5 */
 
@@ -1077,13 +1184,17 @@ bool cli_ulogoff(struct cli_state *cli)
  Send a tconX.
 ****************************************************************************/
 
-bool cli_send_tconX(struct cli_state *cli, 
-                   const char *share, const char *dev, const char *pass, int passlen)
+struct async_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
+                                    struct event_context *ev,
+                                    struct cli_state *cli,
+                                    const char *share, const char *dev,
+                                    const char *pass, int passlen)
 {
-       fstring fullshare, pword;
-       char *p;
-       memset(cli->outbuf,'\0',smb_size);
-       memset(cli->inbuf,'\0',smb_size);
+       fstring pword;
+       char *tmp = NULL;
+       struct async_req *result;
+       uint16_t vwv[4];
+       uint8_t *bytes;
 
        fstrcpy(cli->share, share);
 
@@ -1091,9 +1202,10 @@ bool cli_send_tconX(struct cli_state *cli,
        if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
                passlen = 1;
                pass = "";
-       } else if (!pass) {
-               DEBUG(1, ("Server not using user level security and no password supplied.\n"));
-               return False;
+       } else if (pass == NULL) {
+               DEBUG(1, ("Server not using user level security and no "
+                         "password supplied.\n"));
+               goto access_denied;
        }
 
        if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
@@ -1102,28 +1214,36 @@ bool cli_send_tconX(struct cli_state *cli,
                        DEBUG(1, ("Server requested LANMAN password "
                                  "(share-level security) but "
                                  "'client lanman auth' is disabled\n"));
-                       return False;
+                       goto access_denied;
                }
 
                /*
-                * Non-encrypted passwords - convert to DOS codepage before encryption.
+                * Non-encrypted passwords - convert to DOS codepage before
+                * encryption.
                 */
                passlen = 24;
-               SMBencrypt(pass,cli->secblob.data,(uchar *)pword);
+               SMBencrypt(pass, cli->secblob.data, (uchar *)pword);
        } else {
-               if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL|NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)) == 0) {
+               if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL
+                                    |NEGOTIATE_SECURITY_CHALLENGE_RESPONSE))
+                  == 0) {
                        if (!lp_client_plaintext_auth() && (*pass)) {
                                DEBUG(1, ("Server requested plaintext "
                                          "password but 'client plaintext "
                                          "auth' is disabled\n"));
-                               return False;
+                               goto access_denied;
                        }
 
                        /*
-                        * Non-encrypted passwords - convert to DOS codepage before using.
+                        * Non-encrypted passwords - convert to DOS codepage
+                        * before using.
                         */
-                       passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
-
+                       passlen = clistr_push(cli, pword, pass, sizeof(pword),
+                                             STR_TERMINATE);
+                       if (passlen == -1) {
+                               DEBUG(1, ("clistr_push(pword) failed\n"));
+                               goto access_denied;
+                       }
                } else {
                        if (passlen) {
                                memcpy(pword, pass, passlen);
@@ -1131,51 +1251,139 @@ bool cli_send_tconX(struct cli_state *cli,
                }
        }
 
-       slprintf(fullshare, sizeof(fullshare)-1,
-                "\\\\%s\\%s", cli->desthost, share);
+       SCVAL(vwv+0, 0, 0xFF);
+       SCVAL(vwv+0, 1, 0);
+       SSVAL(vwv+1, 0, 0);
+       SSVAL(vwv+2, 0, TCONX_FLAG_EXTENDED_RESPONSE);
+       SSVAL(vwv+3, 0, passlen);
 
-       cli_set_message(cli->outbuf,4, 0, True);
-       SCVAL(cli->outbuf,smb_com,SMBtconX);
-       cli_setup_packet(cli);
+       if (passlen) {
+               bytes = (uint8_t *)talloc_memdup(talloc_tos(), pword, passlen);
+       } else {
+               bytes = talloc_array(talloc_tos(), uint8_t, 0);
+       }
 
-       SSVAL(cli->outbuf,smb_vwv0,0xFF);
-       SSVAL(cli->outbuf,smb_vwv2,TCONX_FLAG_EXTENDED_RESPONSE);
-       SSVAL(cli->outbuf,smb_vwv3,passlen);
+       /*
+        * Add the sharename
+        */
+       tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s",
+                                        cli->desthost, share);
+       if (tmp == NULL) {
+               TALLOC_FREE(bytes);
+               return NULL;
+       }
+       bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), tmp, strlen(tmp)+1,
+                                  NULL);
+       TALLOC_FREE(tmp);
 
-       p = smb_buf(cli->outbuf);
-       if (passlen) {
-               memcpy(p,pword,passlen);
+       /*
+        * Add the devicetype
+        */
+       tmp = talloc_strdup_upper(talloc_tos(), dev);
+       if (tmp == NULL) {
+               TALLOC_FREE(bytes);
+               return NULL;
        }
-       p += passlen;
-       p += clistr_push(cli, p, fullshare, -1, STR_TERMINATE |STR_UPPER);
-       p += clistr_push(cli, p, dev, -1, STR_TERMINATE |STR_UPPER | STR_ASCII);
+       bytes = smb_bytes_push_str(bytes, false, tmp, strlen(tmp)+1, NULL);
+       TALLOC_FREE(tmp);
 
-       cli_setup_bcc(cli, p);
+       if (bytes == NULL) {
+               return NULL;
+       }
 
-       cli_send_smb(cli);
-       if (!cli_receive_smb(cli))
-               return False;
+       result = cli_request_send(mem_ctx, ev, cli, SMBtconX, 0,
+                                 4, vwv, 0, talloc_get_size(bytes), bytes);
+       TALLOC_FREE(bytes);
+       return result;
 
-       if (cli_is_error(cli))
-               return False;
+ access_denied:
+       result = async_req_new(mem_ctx);
+       if (async_post_ntstatus(result, ev, NT_STATUS_ACCESS_DENIED)) {
+               return result;
+       }
+       TALLOC_FREE(result);
+       return NULL;
+}
 
-       clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII);
+NTSTATUS cli_tcon_andx_recv(struct async_req *req)
+{
+       struct cli_request *cli_req = talloc_get_type_abort(
+               req->private_data, struct cli_request);
+       struct cli_state *cli = cli_req->cli;
+       uint8_t wct;
+       uint16_t *vwv;
+       uint16_t num_bytes;
+       uint8_t *bytes;
+       NTSTATUS status;
 
-       if (cli->protocol >= PROTOCOL_NT1 &&
-           smb_buflen(cli->inbuf) == 3) {
+       if (async_req_is_nterror(req, &status)) {
+               return status;
+       }
+
+       status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
+       clistr_pull(cli_req->inbuf, cli->dev, bytes, sizeof(fstring),
+                   num_bytes, STR_TERMINATE|STR_ASCII);
+
+       if ((cli->protocol >= PROTOCOL_NT1) && (num_bytes == 3)) {
                /* almost certainly win95 - enable bug fixes */
                cli->win95 = True;
        }
 
-       /* Make sure that we have the optional support 16-bit field.  WCT > 2 */
-       /* Avoids issues when connecting to Win9x boxes sharing files */
+       /*
+        * Make sure that we have the optional support 16-bit field. WCT > 2.
+        * Avoids issues when connecting to Win9x boxes sharing files
+        */
 
-       cli->dfsroot = False;
-       if ( (CVAL(cli->inbuf, smb_wct))>2 && cli->protocol >= PROTOCOL_LANMAN2 )
-               cli->dfsroot = (SVAL( cli->inbuf, smb_vwv2 ) & SMB_SHARE_IN_DFS) ? True : False;
+       cli->dfsroot = false;
 
-       cli->cnum = SVAL(cli->inbuf,smb_tid);
-       return True;
+       if ((wct > 2) && (cli->protocol >= PROTOCOL_LANMAN2)) {
+               cli->dfsroot = ((SVAL(vwv+2, 0) & SMB_SHARE_IN_DFS) != 0);
+       }
+
+       cli->cnum = SVAL(cli_req->inbuf,smb_tid);
+       return NT_STATUS_OK;
+}
+
+NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
+                      const char *dev, const char *pass, int passlen)
+{
+       TALLOC_CTX *frame = talloc_stackframe();
+       struct event_context *ev;
+       struct async_req *req;
+       NTSTATUS status;
+
+       if (cli->fd_event != NULL) {
+               /*
+                * Can't use sync call while an async call is in flight
+                */
+               status = NT_STATUS_INVALID_PARAMETER;
+               goto fail;
+       }
+
+       ev = event_context_init(frame);
+       if (ev == NULL) {
+               status = NT_STATUS_NO_MEMORY;
+               goto fail;
+       }
+
+       req = cli_tcon_andx_send(frame, ev, cli, share, dev, pass, passlen);
+       if (req == NULL) {
+               status = NT_STATUS_NO_MEMORY;
+               goto fail;
+       }
+
+       while (req->state < ASYNC_REQ_DONE) {
+               event_loop_once(ev);
+       }
+
+       status = cli_tcon_andx_recv(req);
+ fail:
+       TALLOC_FREE(frame);
+       return status;
 }
 
 /****************************************************************************
@@ -1263,7 +1471,10 @@ struct async_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
                if (bytes == NULL) {
                        return NULL;
                }
-               bytes = smb_bytes_push_str(bytes, false, prots[numprots].name);
+               bytes = smb_bytes_push_str(bytes, false,
+                                          prots[numprots].name,
+                                          strlen(prots[numprots].name)+1,
+                                          NULL);
                if (bytes == NULL) {
                        return NULL;
                }
@@ -1287,7 +1498,7 @@ NTSTATUS cli_negprot_recv(struct async_req *req)
        NTSTATUS status;
        uint16_t protnum;
 
-       if (async_req_is_error(req, &status)) {
+       if (async_req_is_nterror(req, &status)) {
                return status;
        }
 
@@ -1331,7 +1542,7 @@ NTSTATUS cli_negprot_recv(struct async_req *req)
                /* work out if they sent us a workgroup */
                if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
                    smb_buflen(cli->inbuf) > 8) {
-                       clistr_pull(cli, cli->server_domain,
+                       clistr_pull(cli->inbuf, cli->server_domain,
                                    bytes+8, sizeof(cli->server_domain),
                                    num_bytes-8,
                                    STR_UNICODE|STR_NOALIGN);
@@ -1444,6 +1655,7 @@ bool cli_session_request(struct cli_state *cli,
 {
        char *p;
        int len = 4;
+       char *tmp;
 
        /* 445 doesn't have session request */
        if (cli->port == 445)
@@ -1453,14 +1665,30 @@ bool cli_session_request(struct cli_state *cli,
        memcpy(&(cli->called ), called , sizeof(*called ));
 
        /* put in the destination name */
+
+       tmp = name_mangle(talloc_tos(), cli->called.name,
+                         cli->called.name_type);
+       if (tmp == NULL) {
+               return false;
+       }
+
        p = cli->outbuf+len;
-       name_mangle(cli->called .name, p, cli->called .name_type);
-       len += name_len(p);
+       memcpy(p, tmp, name_len(tmp));
+       len += name_len(tmp);
+       TALLOC_FREE(tmp);
 
        /* and my name */
+
+       tmp = name_mangle(talloc_tos(), cli->calling.name,
+                         cli->calling.name_type);
+       if (tmp == NULL) {
+               return false;
+       }
+
        p = cli->outbuf+len;
-       name_mangle(cli->calling.name, p, cli->calling.name_type);
-       len += name_len(p);
+       memcpy(p, tmp, name_len(tmp));
+       len += name_len(tmp);
+       TALLOC_FREE(tmp);
 
        /* send a session request (RFC 1002) */
        /* setup the packet length
@@ -1494,15 +1722,17 @@ bool cli_session_request(struct cli_state *cli,
                */
                uint16_t port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
                struct in_addr dest_ip;
+               NTSTATUS status;
 
                /* SESSION RETARGET */
                putip((char *)&dest_ip,cli->inbuf+4);
                in_addr_to_sockaddr_storage(&cli->dest_ss, dest_ip);
 
-               cli->fd = open_socket_out(&cli->dest_ss, port,
-                                         LONG_CONNECT_TIMEOUT);
-               if (cli->fd == -1)
+               status = open_socket_out(&cli->dest_ss, port,
+                                        LONG_CONNECT_TIMEOUT, &cli->fd);
+               if (!NT_STATUS_IS_OK(status)) {
                        return False;
+               }
 
                DEBUG(3,("Retargeted\n"));
 
@@ -1531,6 +1761,78 @@ bool cli_session_request(struct cli_state *cli,
        return(True);
 }
 
+static void smb_sock_connected(struct async_req *req)
+{
+       int *pfd = (int *)req->async.priv;
+       int fd;
+       NTSTATUS status;
+
+       status = open_socket_out_defer_recv(req, &fd);
+       if (NT_STATUS_IS_OK(status)) {
+               *pfd = fd;
+       }
+}
+
+static NTSTATUS open_smb_socket(const struct sockaddr_storage *pss,
+                               uint16_t *port, int timeout, int *pfd)
+{
+       struct event_context *ev;
+       struct async_req *r139, *r445;
+       int fd139 = -1;
+       int fd445 = -1;
+       NTSTATUS status;
+
+       if (*port != 0) {
+               return open_socket_out(pss, *port, timeout, pfd);
+       }
+
+       ev = event_context_init(talloc_tos());
+       if (ev == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       r445 = open_socket_out_defer_send(ev, ev, timeval_set(0, 0),
+                                         pss, 445, timeout);
+       r139 = open_socket_out_defer_send(ev, ev, timeval_set(0, 3000),
+                                         pss, 139, timeout);
+       if ((r445 == NULL) || (r139 == NULL)) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+       r445->async.fn = smb_sock_connected;
+       r445->async.priv = &fd445;
+       r139->async.fn = smb_sock_connected;
+       r139->async.priv = &fd139;
+
+       while ((fd139 == -1) && (r139->state < ASYNC_REQ_DONE)
+              && (fd445 == -1) && (r445->state < ASYNC_REQ_DONE)) {
+               event_loop_once(ev);
+       }
+
+       if ((fd139 != -1) && (fd445 != -1)) {
+               close(fd139);
+               fd139 = -1;
+       }
+
+       if (fd445 != -1) {
+               *port = 445;
+               *pfd = fd445;
+               status = NT_STATUS_OK;
+               goto done;
+       }
+       if (fd139 != -1) {
+               *port = 139;
+               *pfd = fd139;
+               status = NT_STATUS_OK;
+               goto done;
+       }
+
+       status = open_socket_out_defer_recv(r445, &fd445);
+ done:
+       TALLOC_FREE(ev);
+       return status;
+}
+
 /****************************************************************************
  Open the client sockets.
 ****************************************************************************/
@@ -1585,16 +1887,11 @@ NTSTATUS cli_connect(struct cli_state *cli,
                if (getenv("LIBSMB_PROG")) {
                        cli->fd = sock_exec(getenv("LIBSMB_PROG"));
                } else {
-                       /* try 445 first, then 139 */
-                       uint16_t port = cli->port?cli->port:445;
-                       cli->fd = open_socket_out(&cli->dest_ss, port,
-                                                 cli->timeout);
-                       if (cli->fd == -1 && cli->port == 0) {
-                               port = 139;
-                               cli->fd = open_socket_out(&cli->dest_ss,
-                                                         port, cli->timeout);
-                       }
-                       if (cli->fd != -1) {
+                       uint16_t port = cli->port;
+                       NTSTATUS status;
+                       status = open_smb_socket(&cli->dest_ss, &port,
+                                                cli->timeout, &cli->fd);
+                       if (NT_STATUS_IS_OK(status)) {
                                cli->port = port;
                        }
                }
@@ -1652,18 +1949,14 @@ NTSTATUS cli_start_connection(struct cli_state **output_cli,
        if (!my_name) 
                my_name = global_myname();
 
-       if (!(cli = cli_initialise())) {
+       if (!(cli = cli_initialise_ex(signing_state))) {
                return NT_STATUS_NO_MEMORY;
        }
 
        make_nmb_name(&calling, my_name, 0x0);
        make_nmb_name(&called , dest_host, 0x20);
 
-       if (cli_set_port(cli, port) != port) {
-               cli_shutdown(cli);
-               return NT_STATUS_UNSUCCESSFUL;
-       }
-
+       cli_set_port(cli, port);
        cli_set_timeout(cli, 10000); /* 10 seconds. */
 
        if (dest_ss) {
@@ -1704,8 +1997,6 @@ again:
                return NT_STATUS_BAD_NETWORK_NAME;
        }
 
-       cli_setup_signing_state(cli, signing_state);
-
        if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
                cli->use_spnego = False;
        else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
@@ -1791,8 +2082,9 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
        }
 
        if (service) {
-               if (!cli_send_tconX(cli, service, service_type, password, pw_len)) {
-                       nt_status = cli_nt_error(cli);
+               nt_status = cli_tcon_andx(cli, service, service_type, password,
+                                         pw_len);
+               if (!NT_STATUS_IS_OK(nt_status)) {
                        DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
                        cli_shutdown(cli);
                        if (NT_STATUS_IS_OK(nt_status)) {