s3-libsmb Don't ever ask for machine$ principals as a target.
[nivanova/samba-autobuild/.git] / source3 / libsmb / cliconnect.c
1 /* 
2    Unix SMB/CIFS implementation.
3    client connect/disconnect routines
4    Copyright (C) Andrew Tridgell 1994-1998
5    Copyright (C) Andrew Bartlett 2001-2003
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16
17    You should have received a copy of the GNU General Public License
18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "popt_common.h"
23 #include "../libcli/auth/libcli_auth.h"
24 #include "../libcli/auth/spnego.h"
25 #include "smb_krb5.h"
26 #include "../libcli/auth/ntlmssp.h"
27 #include "libads/kerberos_proto.h"
28 #include "krb5_env.h"
29 #include "async_smb.h"
30
31 static const struct {
32         int prot;
33         const char name[24];
34 } prots[10] = {
35         {PROTOCOL_CORE,         "PC NETWORK PROGRAM 1.0"},
36         {PROTOCOL_COREPLUS,     "MICROSOFT NETWORKS 1.03"},
37         {PROTOCOL_LANMAN1,      "MICROSOFT NETWORKS 3.0"},
38         {PROTOCOL_LANMAN1,      "LANMAN1.0"},
39         {PROTOCOL_LANMAN2,      "LM1.2X002"},
40         {PROTOCOL_LANMAN2,      "DOS LANMAN2.1"},
41         {PROTOCOL_LANMAN2,      "LANMAN2.1"},
42         {PROTOCOL_LANMAN2,      "Samba"},
43         {PROTOCOL_NT1,          "NT LANMAN 1.0"},
44         {PROTOCOL_NT1,          "NT LM 0.12"},
45 };
46
47 #define STAR_SMBSERVER "*SMBSERVER"
48
49 /**
50  * Set the user session key for a connection
51  * @param cli The cli structure to add it too
52  * @param session_key The session key used.  (A copy of this is taken for the cli struct)
53  *
54  */
55
56 static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB session_key) 
57 {
58         cli->user_session_key = data_blob(session_key.data, session_key.length);
59 }
60
61 /****************************************************************************
62  Do an old lanman2 style session setup.
63 ****************************************************************************/
64
65 static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
66                                           const char *user, 
67                                           const char *pass, size_t passlen,
68                                           const char *workgroup)
69 {
70         DATA_BLOB session_key = data_blob_null;
71         DATA_BLOB lm_response = data_blob_null;
72         NTSTATUS status;
73         fstring pword;
74         char *p;
75
76         if (passlen > sizeof(pword)-1) {
77                 return NT_STATUS_INVALID_PARAMETER;
78         }
79
80         /* LANMAN servers predate NT status codes and Unicode and ignore those 
81            smb flags so we must disable the corresponding default capabilities  
82            that would otherwise cause the Unicode and NT Status flags to be
83            set (and even returned by the server) */
84
85         cli->capabilities &= ~(CAP_UNICODE | CAP_STATUS32);
86
87         /* if in share level security then don't send a password now */
88         if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
89                 passlen = 0;
90
91         if (passlen > 0 && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen != 24) {
92                 /* Encrypted mode needed, and non encrypted password supplied. */
93                 lm_response = data_blob(NULL, 24);
94                 if (!SMBencrypt(pass, cli->secblob.data,(uchar *)lm_response.data)) {
95                         DEBUG(1, ("Password is > 14 chars in length, and is therefore incompatible with Lanman authentication\n"));
96                         return NT_STATUS_ACCESS_DENIED;
97                 }
98         } else if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && passlen == 24) {
99                 /* Encrypted mode needed, and encrypted password supplied. */
100                 lm_response = data_blob(pass, passlen);
101         } else if (passlen > 0) {
102                 /* Plaintext mode needed, assume plaintext supplied. */
103                 passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
104                 lm_response = data_blob(pass, passlen);
105         }
106
107         /* send a session setup command */
108         memset(cli->outbuf,'\0',smb_size);
109         cli_set_message(cli->outbuf,10, 0, True);
110         SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
111         cli_setup_packet(cli);
112
113         SCVAL(cli->outbuf,smb_vwv0,0xFF);
114         SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
115         SSVAL(cli->outbuf,smb_vwv3,2);
116         SSVAL(cli->outbuf,smb_vwv4,1);
117         SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
118         SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
119
120         p = smb_buf(cli->outbuf);
121         memcpy(p,lm_response.data,lm_response.length);
122         p += lm_response.length;
123         p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER);
124         p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
125         p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
126         p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
127         cli_setup_bcc(cli, p);
128
129         if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
130                 return cli_nt_error(cli);
131         }
132
133         show_msg(cli->inbuf);
134
135         if (cli_is_error(cli)) {
136                 return cli_nt_error(cli);
137         }
138
139         /* use the returned vuid from now on */
140         cli->vuid = SVAL(cli->inbuf,smb_uid);   
141         status = cli_set_username(cli, user);
142         if (!NT_STATUS_IS_OK(status)) {
143                 return status;
144         }
145
146         if (session_key.data) {
147                 /* Have plaintext orginal */
148                 cli_set_session_key(cli, session_key);
149         }
150
151         return NT_STATUS_OK;
152 }
153
154 /****************************************************************************
155  Work out suitable capabilities to offer the server.
156 ****************************************************************************/
157
158 static uint32 cli_session_setup_capabilities(struct cli_state *cli)
159 {
160         uint32 capabilities = CAP_NT_SMBS;
161
162         if (!cli->force_dos_errors)
163                 capabilities |= CAP_STATUS32;
164
165         if (cli->use_level_II_oplocks)
166                 capabilities |= CAP_LEVEL_II_OPLOCKS;
167
168         capabilities |= (cli->capabilities & (CAP_UNICODE|CAP_LARGE_FILES|CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_DFS));
169         return capabilities;
170 }
171
172 /****************************************************************************
173  Do a NT1 guest session setup.
174 ****************************************************************************/
175
176 struct cli_session_setup_guest_state {
177         struct cli_state *cli;
178         uint16_t vwv[16];
179         struct iovec bytes;
180 };
181
182 static void cli_session_setup_guest_done(struct tevent_req *subreq);
183
184 struct tevent_req *cli_session_setup_guest_create(TALLOC_CTX *mem_ctx,
185                                                   struct event_context *ev,
186                                                   struct cli_state *cli,
187                                                   struct tevent_req **psmbreq)
188 {
189         struct tevent_req *req, *subreq;
190         struct cli_session_setup_guest_state *state;
191         uint16_t *vwv;
192         uint8_t *bytes;
193
194         req = tevent_req_create(mem_ctx, &state,
195                                 struct cli_session_setup_guest_state);
196         if (req == NULL) {
197                 return NULL;
198         }
199         state->cli = cli;
200         vwv = state->vwv;
201
202         SCVAL(vwv+0, 0, 0xFF);
203         SCVAL(vwv+0, 1, 0);
204         SSVAL(vwv+1, 0, 0);
205         SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
206         SSVAL(vwv+3, 0, 2);
207         SSVAL(vwv+4, 0, cli->pid);
208         SIVAL(vwv+5, 0, cli->sesskey);
209         SSVAL(vwv+7, 0, 0);
210         SSVAL(vwv+8, 0, 0);
211         SSVAL(vwv+9, 0, 0);
212         SSVAL(vwv+10, 0, 0);
213         SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
214
215         bytes = talloc_array(state, uint8_t, 0);
216
217         bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "",  1, /* username */
218                                    NULL);
219         bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* workgroup */
220                                    NULL);
221         bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", 5, NULL);
222         bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", 6, NULL);
223
224         if (bytes == NULL) {
225                 TALLOC_FREE(req);
226                 return NULL;
227         }
228
229         state->bytes.iov_base = (void *)bytes;
230         state->bytes.iov_len = talloc_get_size(bytes);
231
232         subreq = cli_smb_req_create(state, ev, cli, SMBsesssetupX, 0, 13, vwv,
233                                     1, &state->bytes);
234         if (subreq == NULL) {
235                 TALLOC_FREE(req);
236                 return NULL;
237         }
238         tevent_req_set_callback(subreq, cli_session_setup_guest_done, req);
239         *psmbreq = subreq;
240         return req;
241 }
242
243 struct tevent_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
244                                                 struct event_context *ev,
245                                                 struct cli_state *cli)
246 {
247         struct tevent_req *req, *subreq;
248         NTSTATUS status;
249
250         req = cli_session_setup_guest_create(mem_ctx, ev, cli, &subreq);
251         if (req == NULL) {
252                 return NULL;
253         }
254
255         status = cli_smb_req_send(subreq);
256         if (NT_STATUS_IS_OK(status)) {
257                 tevent_req_nterror(req, status);
258                 return tevent_req_post(req, ev);
259         }
260         return req;
261 }
262
263 static void cli_session_setup_guest_done(struct tevent_req *subreq)
264 {
265         struct tevent_req *req = tevent_req_callback_data(
266                 subreq, struct tevent_req);
267         struct cli_session_setup_guest_state *state = tevent_req_data(
268                 req, struct cli_session_setup_guest_state);
269         struct cli_state *cli = state->cli;
270         uint32_t num_bytes;
271         uint8_t *in;
272         char *inbuf;
273         uint8_t *bytes;
274         uint8_t *p;
275         NTSTATUS status;
276
277         status = cli_smb_recv(subreq, state, &in, 0, NULL, NULL,
278                               &num_bytes, &bytes);
279         TALLOC_FREE(subreq);
280         if (!NT_STATUS_IS_OK(status)) {
281                 tevent_req_nterror(req, status);
282                 return;
283         }
284
285         inbuf = (char *)in;
286         p = bytes;
287
288         cli->vuid = SVAL(inbuf, smb_uid);
289
290         p += clistr_pull(inbuf, cli->server_os, (char *)p, sizeof(fstring),
291                          bytes+num_bytes-p, STR_TERMINATE);
292         p += clistr_pull(inbuf, cli->server_type, (char *)p, sizeof(fstring),
293                          bytes+num_bytes-p, STR_TERMINATE);
294         p += clistr_pull(inbuf, cli->server_domain, (char *)p, sizeof(fstring),
295                          bytes+num_bytes-p, STR_TERMINATE);
296
297         if (strstr(cli->server_type, "Samba")) {
298                 cli->is_samba = True;
299         }
300
301         status = cli_set_username(cli, "");
302         if (!NT_STATUS_IS_OK(status)) {
303                 tevent_req_nterror(req, status);
304                 return;
305         }
306         tevent_req_done(req);
307 }
308
309 NTSTATUS cli_session_setup_guest_recv(struct tevent_req *req)
310 {
311         return tevent_req_simple_recv_ntstatus(req);
312 }
313
314 static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
315 {
316         TALLOC_CTX *frame = talloc_stackframe();
317         struct event_context *ev;
318         struct tevent_req *req;
319         NTSTATUS status = NT_STATUS_OK;
320
321         if (cli_has_async_calls(cli)) {
322                 /*
323                  * Can't use sync call while an async call is in flight
324                  */
325                 status = NT_STATUS_INVALID_PARAMETER;
326                 goto fail;
327         }
328
329         ev = event_context_init(frame);
330         if (ev == NULL) {
331                 status = NT_STATUS_NO_MEMORY;
332                 goto fail;
333         }
334
335         req = cli_session_setup_guest_send(frame, ev, cli);
336         if (req == NULL) {
337                 status = NT_STATUS_NO_MEMORY;
338                 goto fail;
339         }
340
341         if (!tevent_req_poll(req, ev)) {
342                 status = map_nt_error_from_unix(errno);
343                 goto fail;
344         }
345
346         status = cli_session_setup_guest_recv(req);
347  fail:
348         TALLOC_FREE(frame);
349         if (!NT_STATUS_IS_OK(status)) {
350                 cli_set_error(cli, status);
351         }
352         return status;
353 }
354
355 /****************************************************************************
356  Do a NT1 plaintext session setup.
357 ****************************************************************************/
358
359 static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
360                                             const char *user, const char *pass,
361                                             const char *workgroup)
362 {
363         uint32 capabilities = cli_session_setup_capabilities(cli);
364         char *p;
365         NTSTATUS status;
366         fstring lanman;
367
368         fstr_sprintf( lanman, "Samba %s", samba_version_string());
369
370         memset(cli->outbuf, '\0', smb_size);
371         cli_set_message(cli->outbuf,13,0,True);
372         SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
373         cli_setup_packet(cli);
374
375         SCVAL(cli->outbuf,smb_vwv0,0xFF);
376         SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
377         SSVAL(cli->outbuf,smb_vwv3,2);
378         SSVAL(cli->outbuf,smb_vwv4,cli->pid);
379         SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
380         SSVAL(cli->outbuf,smb_vwv8,0);
381         SIVAL(cli->outbuf,smb_vwv11,capabilities); 
382         p = smb_buf(cli->outbuf);
383
384         /* check wether to send the ASCII or UNICODE version of the password */
385
386         if ( (capabilities & CAP_UNICODE) == 0 ) {
387                 p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
388                 SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
389         }
390         else {
391                 /* For ucs2 passwords clistr_push calls ucs2_align, which causes
392                  * the space taken by the unicode password to be one byte too
393                  * long (as we're on an odd byte boundary here). Reduce the
394                  * count by 1 to cope with this. Fixes smbclient against NetApp
395                  * servers which can't cope. Fix from
396                  * bryan.kolodziej@allenlund.com in bug #3840.
397                  */
398                 p += clistr_push(cli, p, pass, -1, STR_UNICODE|STR_TERMINATE); /* unicode password */
399                 SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf))-1);        
400         }
401
402         p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
403         p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
404         p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
405         p += clistr_push(cli, p, lanman, -1, STR_TERMINATE);
406         cli_setup_bcc(cli, p);
407
408         if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
409                 return cli_nt_error(cli);
410         }
411
412         show_msg(cli->inbuf);
413
414         if (cli_is_error(cli)) {
415                 return cli_nt_error(cli);
416         }
417
418         cli->vuid = SVAL(cli->inbuf,smb_uid);
419         p = smb_buf(cli->inbuf);
420         p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
421                          -1, STR_TERMINATE);
422         p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
423                          -1, STR_TERMINATE);
424         p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
425                          -1, STR_TERMINATE);
426         status = cli_set_username(cli, user);
427         if (!NT_STATUS_IS_OK(status)) {
428                 return status;
429         }
430         if (strstr(cli->server_type, "Samba")) {
431                 cli->is_samba = True;
432         }
433
434         return NT_STATUS_OK;
435 }
436
437 /****************************************************************************
438    do a NT1 NTLM/LM encrypted session setup - for when extended security
439    is not negotiated.
440    @param cli client state to create do session setup on
441    @param user username
442    @param pass *either* cleartext password (passlen !=24) or LM response.
443    @param ntpass NT response, implies ntpasslen >=24, implies pass is not clear
444    @param workgroup The user's domain.
445 ****************************************************************************/
446
447 static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, 
448                                       const char *pass, size_t passlen,
449                                       const char *ntpass, size_t ntpasslen,
450                                       const char *workgroup)
451 {
452         uint32 capabilities = cli_session_setup_capabilities(cli);
453         DATA_BLOB lm_response = data_blob_null;
454         DATA_BLOB nt_response = data_blob_null;
455         DATA_BLOB session_key = data_blob_null;
456         NTSTATUS result;
457         char *p;
458         bool ok;
459
460         if (passlen == 0) {
461                 /* do nothing - guest login */
462         } else if (passlen != 24) {
463                 if (lp_client_ntlmv2_auth()) {
464                         DATA_BLOB server_chal;
465                         DATA_BLOB names_blob;
466                         server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8)); 
467
468                         /* note that the 'workgroup' here is a best guess - we don't know
469                            the server's domain at this point.  The 'server name' is also
470                            dodgy... 
471                         */
472                         names_blob = NTLMv2_generate_names_blob(NULL, cli->called.name, workgroup);
473
474                         if (!SMBNTLMv2encrypt(NULL, user, workgroup, pass, &server_chal, 
475                                               &names_blob,
476                                               &lm_response, &nt_response, NULL, &session_key)) {
477                                 data_blob_free(&names_blob);
478                                 data_blob_free(&server_chal);
479                                 return NT_STATUS_ACCESS_DENIED;
480                         }
481                         data_blob_free(&names_blob);
482                         data_blob_free(&server_chal);
483
484                 } else {
485                         uchar nt_hash[16];
486                         E_md4hash(pass, nt_hash);
487
488 #ifdef LANMAN_ONLY
489                         nt_response = data_blob_null;
490 #else
491                         nt_response = data_blob(NULL, 24);
492                         SMBNTencrypt(pass,cli->secblob.data,nt_response.data);
493 #endif
494                         /* non encrypted password supplied. Ignore ntpass. */
495                         if (lp_client_lanman_auth()) {
496                                 lm_response = data_blob(NULL, 24);
497                                 if (!SMBencrypt(pass,cli->secblob.data, lm_response.data)) {
498                                         /* Oops, the LM response is invalid, just put 
499                                            the NT response there instead */
500                                         data_blob_free(&lm_response);
501                                         lm_response = data_blob(nt_response.data, nt_response.length);
502                                 }
503                         } else {
504                                 /* LM disabled, place NT# in LM field instead */
505                                 lm_response = data_blob(nt_response.data, nt_response.length);
506                         }
507
508                         session_key = data_blob(NULL, 16);
509 #ifdef LANMAN_ONLY
510                         E_deshash(pass, session_key.data);
511                         memset(&session_key.data[8], '\0', 8);
512 #else
513                         SMBsesskeygen_ntv1(nt_hash, session_key.data);
514 #endif
515                 }
516                 cli_temp_set_signing(cli);
517         } else {
518                 /* pre-encrypted password supplied.  Only used for 
519                    security=server, can't do
520                    signing because we don't have original key */
521
522                 lm_response = data_blob(pass, passlen);
523                 nt_response = data_blob(ntpass, ntpasslen);
524         }
525
526         /* send a session setup command */
527         memset(cli->outbuf,'\0',smb_size);
528
529         cli_set_message(cli->outbuf,13,0,True);
530         SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
531         cli_setup_packet(cli);
532
533         SCVAL(cli->outbuf,smb_vwv0,0xFF);
534         SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
535         SSVAL(cli->outbuf,smb_vwv3,2);
536         SSVAL(cli->outbuf,smb_vwv4,cli->pid);
537         SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
538         SSVAL(cli->outbuf,smb_vwv7,lm_response.length);
539         SSVAL(cli->outbuf,smb_vwv8,nt_response.length);
540         SIVAL(cli->outbuf,smb_vwv11,capabilities); 
541         p = smb_buf(cli->outbuf);
542         if (lm_response.length) {
543                 memcpy(p,lm_response.data, lm_response.length); p += lm_response.length;
544         }
545         if (nt_response.length) {
546                 memcpy(p,nt_response.data, nt_response.length); p += nt_response.length;
547         }
548         p += clistr_push(cli, p, user, -1, STR_TERMINATE);
549
550         /* Upper case here might help some NTLMv2 implementations */
551         p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
552         p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
553         p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
554         cli_setup_bcc(cli, p);
555
556         if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
557                 result = cli_nt_error(cli);
558                 goto end;
559         }
560
561         /* show_msg(cli->inbuf); */
562
563         if (cli_is_error(cli)) {
564                 result = cli_nt_error(cli);
565                 goto end;
566         }
567
568 #ifdef LANMAN_ONLY
569         ok = cli_simple_set_signing(cli, session_key, lm_response);
570 #else
571         ok = cli_simple_set_signing(cli, session_key, nt_response);
572 #endif
573         if (ok) {
574                 if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
575                         result = NT_STATUS_ACCESS_DENIED;
576                         goto end;
577                 }
578         }
579
580         /* use the returned vuid from now on */
581         cli->vuid = SVAL(cli->inbuf,smb_uid);
582
583         p = smb_buf(cli->inbuf);
584         p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
585                          -1, STR_TERMINATE);
586         p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
587                          -1, STR_TERMINATE);
588         p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
589                          -1, STR_TERMINATE);
590
591         if (strstr(cli->server_type, "Samba")) {
592                 cli->is_samba = True;
593         }
594
595         result = cli_set_username(cli, user);
596         if (!NT_STATUS_IS_OK(result)) {
597                 goto end;
598         }
599
600         if (session_key.data) {
601                 /* Have plaintext orginal */
602                 cli_set_session_key(cli, session_key);
603         }
604
605         result = NT_STATUS_OK;
606 end:    
607         data_blob_free(&lm_response);
608         data_blob_free(&nt_response);
609         data_blob_free(&session_key);
610         return result;
611 }
612
613 /* The following is calculated from :
614  * (smb_size-4) = 35
615  * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
616  * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
617  * end of packet.
618  */
619
620 #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
621
622 struct cli_sesssetup_blob_state {
623         struct tevent_context *ev;
624         struct cli_state *cli;
625         DATA_BLOB blob;
626         uint16_t max_blob_size;
627         uint16_t vwv[12];
628         uint8_t *buf;
629
630         NTSTATUS status;
631         char *inbuf;
632         DATA_BLOB ret_blob;
633 };
634
635 static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
636                                     struct tevent_req **psubreq);
637 static void cli_sesssetup_blob_done(struct tevent_req *subreq);
638
639 static struct tevent_req *cli_sesssetup_blob_send(TALLOC_CTX *mem_ctx,
640                                                   struct tevent_context *ev,
641                                                   struct cli_state *cli,
642                                                   DATA_BLOB blob)
643 {
644         struct tevent_req *req, *subreq;
645         struct cli_sesssetup_blob_state *state;
646
647         req = tevent_req_create(mem_ctx, &state,
648                                 struct cli_sesssetup_blob_state);
649         if (req == NULL) {
650                 return NULL;
651         }
652         state->ev = ev;
653         state->blob = blob;
654         state->cli = cli;
655
656         if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
657                 DEBUG(1, ("cli_session_setup_blob: cli->max_xmit too small "
658                           "(was %u, need minimum %u)\n",
659                           (unsigned int)cli->max_xmit,
660                           BASE_SESSSETUP_BLOB_PACKET_SIZE));
661                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
662                 return tevent_req_post(req, ev);
663         }
664         state->max_blob_size =
665                 MIN(cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE, 0xFFFF);
666
667         if (!cli_sesssetup_blob_next(state, &subreq)) {
668                 tevent_req_nomem(NULL, req);
669                 return tevent_req_post(req, ev);
670         }
671         tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
672         return req;
673 }
674
675 static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
676                                     struct tevent_req **psubreq)
677 {
678         struct tevent_req *subreq;
679         uint16_t thistime;
680
681         SCVAL(state->vwv+0, 0, 0xFF);
682         SCVAL(state->vwv+0, 1, 0);
683         SSVAL(state->vwv+1, 0, 0);
684         SSVAL(state->vwv+2, 0, CLI_BUFFER_SIZE);
685         SSVAL(state->vwv+3, 0, 2);
686         SSVAL(state->vwv+4, 0, 1);
687         SIVAL(state->vwv+5, 0, 0);
688
689         thistime = MIN(state->blob.length, state->max_blob_size);
690         SSVAL(state->vwv+7, 0, thistime);
691
692         SSVAL(state->vwv+8, 0, 0);
693         SSVAL(state->vwv+9, 0, 0);
694         SIVAL(state->vwv+10, 0,
695               cli_session_setup_capabilities(state->cli)
696               | CAP_EXTENDED_SECURITY);
697
698         state->buf = (uint8_t *)talloc_memdup(state, state->blob.data,
699                                               thistime);
700         if (state->buf == NULL) {
701                 return false;
702         }
703         state->blob.data += thistime;
704         state->blob.length -= thistime;
705
706         state->buf = smb_bytes_push_str(state->buf, cli_ucs2(state->cli),
707                                         "Unix", 5, NULL);
708         state->buf = smb_bytes_push_str(state->buf, cli_ucs2(state->cli),
709                                         "Samba", 6, NULL);
710         if (state->buf == NULL) {
711                 return false;
712         }
713         subreq = cli_smb_send(state, state->ev, state->cli, SMBsesssetupX, 0,
714                               12, state->vwv,
715                               talloc_get_size(state->buf), state->buf);
716         if (subreq == NULL) {
717                 return false;
718         }
719         *psubreq = subreq;
720         return true;
721 }
722
723 static void cli_sesssetup_blob_done(struct tevent_req *subreq)
724 {
725         struct tevent_req *req = tevent_req_callback_data(
726                 subreq, struct tevent_req);
727         struct cli_sesssetup_blob_state *state = tevent_req_data(
728                 req, struct cli_sesssetup_blob_state);
729         struct cli_state *cli = state->cli;
730         uint8_t wct;
731         uint16_t *vwv;
732         uint32_t num_bytes;
733         uint8_t *bytes;
734         NTSTATUS status;
735         uint8_t *p;
736         uint16_t blob_length;
737         uint8_t *inbuf;
738
739         status = cli_smb_recv(subreq, state, &inbuf, 1, &wct, &vwv,
740                               &num_bytes, &bytes);
741         TALLOC_FREE(subreq);
742         if (!NT_STATUS_IS_OK(status)
743             && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
744                 tevent_req_nterror(req, status);
745                 return;
746         }
747
748         state->status = status;
749         TALLOC_FREE(state->buf);
750
751         state->inbuf = (char *)inbuf;
752         cli->vuid = SVAL(state->inbuf, smb_uid);
753
754         blob_length = SVAL(vwv+3, 0);
755         if (blob_length > num_bytes) {
756                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
757                 return;
758         }
759         state->ret_blob = data_blob_const(bytes, blob_length);
760
761         p = bytes + blob_length;
762
763         p += clistr_pull(state->inbuf, cli->server_os,
764                          (char *)p, sizeof(fstring),
765                          bytes+num_bytes-p, STR_TERMINATE);
766         p += clistr_pull(state->inbuf, cli->server_type,
767                          (char *)p, sizeof(fstring),
768                          bytes+num_bytes-p, STR_TERMINATE);
769         p += clistr_pull(state->inbuf, cli->server_domain,
770                          (char *)p, sizeof(fstring),
771                          bytes+num_bytes-p, STR_TERMINATE);
772
773         if (strstr(cli->server_type, "Samba")) {
774                 cli->is_samba = True;
775         }
776
777         if (state->blob.length != 0) {
778                 /*
779                  * More to send
780                  */
781                 if (!cli_sesssetup_blob_next(state, &subreq)) {
782                         tevent_req_nomem(NULL, req);
783                         return;
784                 }
785                 tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
786                 return;
787         }
788         tevent_req_done(req);
789 }
790
791 static NTSTATUS cli_sesssetup_blob_recv(struct tevent_req *req,
792                                         TALLOC_CTX *mem_ctx,
793                                         DATA_BLOB *pblob,
794                                         char **pinbuf)
795 {
796         struct cli_sesssetup_blob_state *state = tevent_req_data(
797                 req, struct cli_sesssetup_blob_state);
798         NTSTATUS status;
799         char *inbuf;
800
801         if (tevent_req_is_nterror(req, &status)) {
802                 state->cli->vuid = 0;
803                 return status;
804         }
805
806         inbuf = talloc_move(mem_ctx, &state->inbuf);
807         if (pblob != NULL) {
808                 *pblob = state->ret_blob;
809         }
810         if (pinbuf != NULL) {
811                 *pinbuf = inbuf;
812         }
813         /* could be NT_STATUS_MORE_PROCESSING_REQUIRED */
814         return state->status;
815 }
816
817 #ifdef HAVE_KRB5
818
819 /****************************************************************************
820  Use in-memory credentials cache
821 ****************************************************************************/
822
823 static void use_in_memory_ccache(void) {
824         setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
825 }
826
827 /****************************************************************************
828  Do a spnego/kerberos encrypted session setup.
829 ****************************************************************************/
830
831 struct cli_session_setup_kerberos_state {
832         struct cli_state *cli;
833         DATA_BLOB negTokenTarg;
834         DATA_BLOB session_key_krb5;
835         ADS_STATUS ads_status;
836 };
837
838 static void cli_session_setup_kerberos_done(struct tevent_req *subreq);
839
840 static struct tevent_req *cli_session_setup_kerberos_send(
841         TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
842         const char *principal, const char *workgroup)
843 {
844         struct tevent_req *req, *subreq;
845         struct cli_session_setup_kerberos_state *state;
846         int rc;
847
848         DEBUG(2,("Doing kerberos session setup\n"));
849
850         req = tevent_req_create(mem_ctx, &state,
851                                 struct cli_session_setup_kerberos_state);
852         if (req == NULL) {
853                 return NULL;
854         }
855         state->cli = cli;
856         state->ads_status = ADS_SUCCESS;
857
858         cli_temp_set_signing(cli);
859
860         /*
861          * Ok, this is cheating: spnego_gen_krb5_negTokenInit can block if
862          * we have to acquire a ticket. To be fixed later :-)
863          */
864         rc = spnego_gen_krb5_negTokenInit(state, principal, 0, &state->negTokenTarg,
865                                      &state->session_key_krb5, 0, NULL);
866         if (rc) {
867                 DEBUG(1, ("cli_session_setup_kerberos: "
868                           "spnego_gen_krb5_negTokenInit failed: %s\n",
869                           error_message(rc)));
870                 state->ads_status = ADS_ERROR_KRB5(rc);
871                 tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
872                 return tevent_req_post(req, ev);
873         }
874
875 #if 0
876         file_save("negTokenTarg.dat", state->negTokenTarg.data,
877                   state->negTokenTarg.length);
878 #endif
879
880         subreq = cli_sesssetup_blob_send(state, ev, cli, state->negTokenTarg);
881         if (tevent_req_nomem(subreq, req)) {
882                 return tevent_req_post(req, ev);
883         }
884         tevent_req_set_callback(subreq, cli_session_setup_kerberos_done, req);
885         return req;
886 }
887
888 static void cli_session_setup_kerberos_done(struct tevent_req *subreq)
889 {
890         struct tevent_req *req = tevent_req_callback_data(
891                 subreq, struct tevent_req);
892         struct cli_session_setup_kerberos_state *state = tevent_req_data(
893                 req, struct cli_session_setup_kerberos_state);
894         char *inbuf = NULL;
895         NTSTATUS status;
896
897         status = cli_sesssetup_blob_recv(subreq, talloc_tos(), NULL, &inbuf);
898         if (!NT_STATUS_IS_OK(status)) {
899                 TALLOC_FREE(subreq);
900                 tevent_req_nterror(req, status);
901                 return;
902         }
903
904         cli_set_session_key(state->cli, state->session_key_krb5);
905
906         if (cli_simple_set_signing(state->cli, state->session_key_krb5,
907                                    data_blob_null)
908             && !cli_check_sign_mac(state->cli, inbuf, 1)) {
909                 TALLOC_FREE(subreq);
910                 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
911                 return;
912         }
913         TALLOC_FREE(subreq);
914         tevent_req_done(req);
915 }
916
917 static ADS_STATUS cli_session_setup_kerberos_recv(struct tevent_req *req)
918 {
919         struct cli_session_setup_kerberos_state *state = tevent_req_data(
920                 req, struct cli_session_setup_kerberos_state);
921         NTSTATUS status;
922
923         if (tevent_req_is_nterror(req, &status)) {
924                 return ADS_ERROR_NT(status);
925         }
926         return state->ads_status;
927 }
928
929 static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli,
930                                              const char *principal,
931                                              const char *workgroup)
932 {
933         struct tevent_context *ev;
934         struct tevent_req *req;
935         ADS_STATUS status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
936
937         if (cli_has_async_calls(cli)) {
938                 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
939         }
940         ev = tevent_context_init(talloc_tos());
941         if (ev == NULL) {
942                 goto fail;
943         }
944         req = cli_session_setup_kerberos_send(ev, ev, cli, principal,
945                                               workgroup);
946         if (req == NULL) {
947                 goto fail;
948         }
949         if (!tevent_req_poll(req, ev)) {
950                 status = ADS_ERROR_SYSTEM(errno);
951                 goto fail;
952         }
953         status = cli_session_setup_kerberos_recv(req);
954 fail:
955         TALLOC_FREE(ev);
956         return status;
957 }
958 #endif  /* HAVE_KRB5 */
959
960 /****************************************************************************
961  Do a spnego/NTLMSSP encrypted session setup.
962 ****************************************************************************/
963
964 struct cli_session_setup_ntlmssp_state {
965         struct tevent_context *ev;
966         struct cli_state *cli;
967         struct ntlmssp_state *ntlmssp_state;
968         int turn;
969         DATA_BLOB blob_out;
970 };
971
972 static int cli_session_setup_ntlmssp_state_destructor(
973         struct cli_session_setup_ntlmssp_state *state)
974 {
975         if (state->ntlmssp_state != NULL) {
976                 TALLOC_FREE(state->ntlmssp_state);
977         }
978         return 0;
979 }
980
981 static void cli_session_setup_ntlmssp_done(struct tevent_req *req);
982
983 static struct tevent_req *cli_session_setup_ntlmssp_send(
984         TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
985         const char *user, const char *pass, const char *domain)
986 {
987         struct tevent_req *req, *subreq;
988         struct cli_session_setup_ntlmssp_state *state;
989         NTSTATUS status;
990         DATA_BLOB blob_out;
991         const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
992
993         req = tevent_req_create(mem_ctx, &state,
994                                 struct cli_session_setup_ntlmssp_state);
995         if (req == NULL) {
996                 return NULL;
997         }
998         state->ev = ev;
999         state->cli = cli;
1000         state->turn = 1;
1001
1002         state->ntlmssp_state = NULL;
1003         talloc_set_destructor(
1004                 state, cli_session_setup_ntlmssp_state_destructor);
1005
1006         cli_temp_set_signing(cli);
1007
1008         status = ntlmssp_client_start(state,
1009                                       global_myname(),
1010                                       lp_workgroup(),
1011                                       lp_client_ntlmv2_auth(),
1012                                       &state->ntlmssp_state);
1013         if (!NT_STATUS_IS_OK(status)) {
1014                 goto fail;
1015         }
1016         ntlmssp_want_feature(state->ntlmssp_state,
1017                              NTLMSSP_FEATURE_SESSION_KEY);
1018         if (cli->use_ccache) {
1019                 ntlmssp_want_feature(state->ntlmssp_state,
1020                                      NTLMSSP_FEATURE_CCACHE);
1021         }
1022         status = ntlmssp_set_username(state->ntlmssp_state, user);
1023         if (!NT_STATUS_IS_OK(status)) {
1024                 goto fail;
1025         }
1026         status = ntlmssp_set_domain(state->ntlmssp_state, domain);
1027         if (!NT_STATUS_IS_OK(status)) {
1028                 goto fail;
1029         }
1030         status = ntlmssp_set_password(state->ntlmssp_state, pass);
1031         if (!NT_STATUS_IS_OK(status)) {
1032                 goto fail;
1033         }
1034         status = ntlmssp_update(state->ntlmssp_state, data_blob_null,
1035                                 &blob_out);
1036         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1037                 goto fail;
1038         }
1039
1040         state->blob_out = spnego_gen_negTokenInit(state, OIDs_ntlm, &blob_out, NULL);
1041         data_blob_free(&blob_out);
1042
1043         subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);
1044         if (tevent_req_nomem(subreq, req)) {
1045                 return tevent_req_post(req, ev);
1046         }
1047         tevent_req_set_callback(subreq, cli_session_setup_ntlmssp_done, req);
1048         return req;
1049 fail:
1050         tevent_req_nterror(req, status);
1051         return tevent_req_post(req, ev);
1052 }
1053
1054 static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
1055 {
1056         struct tevent_req *req = tevent_req_callback_data(
1057                 subreq, struct tevent_req);
1058         struct cli_session_setup_ntlmssp_state *state = tevent_req_data(
1059                 req, struct cli_session_setup_ntlmssp_state);
1060         DATA_BLOB blob_in, msg_in, blob_out;
1061         char *inbuf = NULL;
1062         bool parse_ret;
1063         NTSTATUS status;
1064
1065         status = cli_sesssetup_blob_recv(subreq, talloc_tos(), &blob_in,
1066                                          &inbuf);
1067         TALLOC_FREE(subreq);
1068         data_blob_free(&state->blob_out);
1069
1070         if (NT_STATUS_IS_OK(status)) {
1071                 if (state->cli->server_domain[0] == '\0') {
1072                         fstrcpy(state->cli->server_domain,
1073                                 state->ntlmssp_state->server.netbios_domain);
1074                 }
1075                 cli_set_session_key(
1076                         state->cli, state->ntlmssp_state->session_key);
1077
1078                 if (cli_simple_set_signing(
1079                             state->cli, state->ntlmssp_state->session_key,
1080                             data_blob_null)
1081                     && !cli_check_sign_mac(state->cli, inbuf, 1)) {
1082                         TALLOC_FREE(subreq);
1083                         tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
1084                         return;
1085                 }
1086                 TALLOC_FREE(subreq);
1087                 TALLOC_FREE(state->ntlmssp_state);
1088                 tevent_req_done(req);
1089                 return;
1090         }
1091         if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1092                 tevent_req_nterror(req, status);
1093                 return;
1094         }
1095
1096         if (blob_in.length == 0) {
1097                 tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
1098                 return;
1099         }
1100
1101         if ((state->turn == 1)
1102             && NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1103                 DATA_BLOB tmp_blob = data_blob_null;
1104                 /* the server might give us back two challenges */
1105                 parse_ret = spnego_parse_challenge(state, blob_in, &msg_in,
1106                                                    &tmp_blob);
1107                 data_blob_free(&tmp_blob);
1108         } else {
1109                 parse_ret = spnego_parse_auth_response(state, blob_in, status,
1110                                                        OID_NTLMSSP, &msg_in);
1111         }
1112         state->turn += 1;
1113
1114         if (!parse_ret) {
1115                 DEBUG(3,("Failed to parse auth response\n"));
1116                 if (NT_STATUS_IS_OK(status)
1117                     || NT_STATUS_EQUAL(status,
1118                                        NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1119                         tevent_req_nterror(
1120                                 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
1121                         return;
1122                 }
1123         }
1124
1125         status = ntlmssp_update(state->ntlmssp_state, msg_in, &blob_out);
1126
1127         if (!NT_STATUS_IS_OK(status)
1128             && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1129                 TALLOC_FREE(subreq);
1130                 TALLOC_FREE(state->ntlmssp_state);
1131                 tevent_req_nterror(req, status);
1132                 return;
1133         }
1134
1135         state->blob_out = spnego_gen_auth(state, blob_out);
1136         TALLOC_FREE(subreq);
1137         if (tevent_req_nomem(state->blob_out.data, req)) {
1138                 return;
1139         }
1140
1141         subreq = cli_sesssetup_blob_send(state, state->ev, state->cli,
1142                                          state->blob_out);
1143         if (tevent_req_nomem(subreq, req)) {
1144                 return;
1145         }
1146         tevent_req_set_callback(subreq, cli_session_setup_ntlmssp_done, req);
1147 }
1148
1149 static NTSTATUS cli_session_setup_ntlmssp_recv(struct tevent_req *req)
1150 {
1151         struct cli_session_setup_ntlmssp_state *state = tevent_req_data(
1152                 req, struct cli_session_setup_ntlmssp_state);
1153         NTSTATUS status;
1154
1155         if (tevent_req_is_nterror(req, &status)) {
1156                 state->cli->vuid = 0;
1157                 return status;
1158         }
1159         return NT_STATUS_OK;
1160 }
1161
1162 static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli,
1163                                           const char *user,
1164                                           const char *pass,
1165                                           const char *domain)
1166 {
1167         struct tevent_context *ev;
1168         struct tevent_req *req;
1169         NTSTATUS status = NT_STATUS_NO_MEMORY;
1170
1171         if (cli_has_async_calls(cli)) {
1172                 return NT_STATUS_INVALID_PARAMETER;
1173         }
1174         ev = tevent_context_init(talloc_tos());
1175         if (ev == NULL) {
1176                 goto fail;
1177         }
1178         req = cli_session_setup_ntlmssp_send(ev, ev, cli, user, pass, domain);
1179         if (req == NULL) {
1180                 goto fail;
1181         }
1182         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
1183                 goto fail;
1184         }
1185         status = cli_session_setup_ntlmssp_recv(req);
1186 fail:
1187         TALLOC_FREE(ev);
1188         if (!NT_STATUS_IS_OK(status)) {
1189                 cli_set_error(cli, status);
1190         }
1191         return status;
1192 }
1193
1194 /****************************************************************************
1195  Do a spnego encrypted session setup.
1196
1197  user_domain: The shortname of the domain the user/machine is a member of.
1198  dest_realm: The realm we're connecting to, if NULL we use our default realm.
1199 ****************************************************************************/
1200
1201 ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, 
1202                               const char *pass, const char *user_domain,
1203                               const char * dest_realm)
1204 {
1205         char *principal = NULL;
1206         char *OIDs[ASN1_MAX_OIDS];
1207         int i;
1208         DATA_BLOB blob;
1209         const char *p = NULL;
1210         char *account = NULL;
1211         NTSTATUS status;
1212
1213         DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
1214
1215         /* the server might not even do spnego */
1216         if (cli->secblob.length <= 16) {
1217                 DEBUG(3,("server didn't supply a full spnego negprot\n"));
1218                 goto ntlmssp;
1219         }
1220
1221 #if 0
1222         file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
1223 #endif
1224
1225         /* there is 16 bytes of GUID before the real spnego packet starts */
1226         blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
1227
1228         /* The server sent us the first part of the SPNEGO exchange in the
1229          * negprot reply. It is WRONG to depend on the principal sent in the
1230          * negprot reply, but right now we do it. If we don't receive one,
1231          * we try to best guess, then fall back to NTLM.  */
1232         if (!spnego_parse_negTokenInit(talloc_tos(), blob, OIDs, &principal, NULL) ||
1233                         OIDs[0] == NULL) {
1234                 data_blob_free(&blob);
1235                 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
1236         }
1237         data_blob_free(&blob);
1238
1239         /* make sure the server understands kerberos */
1240         for (i=0;OIDs[i];i++) {
1241                 if (i == 0)
1242                         DEBUG(3,("got OID=%s\n", OIDs[i]));
1243                 else
1244                         DEBUGADD(3,("got OID=%s\n", OIDs[i]));
1245                 if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
1246                     strcmp(OIDs[i], OID_KERBEROS5) == 0) {
1247                         cli->got_kerberos_mechanism = True;
1248                 }
1249                 talloc_free(OIDs[i]);
1250         }
1251
1252         DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
1253
1254         status = cli_set_username(cli, user);
1255         if (!NT_STATUS_IS_OK(status)) {
1256                 TALLOC_FREE(principal);
1257                 return ADS_ERROR_NT(status);
1258         }
1259
1260 #ifdef HAVE_KRB5
1261         /* If password is set we reauthenticate to kerberos server
1262          * and do not store results */
1263
1264         if (cli->got_kerberos_mechanism && cli->use_kerberos) {
1265                 ADS_STATUS rc;
1266
1267                 if (pass && *pass) {
1268                         int ret;
1269
1270                         use_in_memory_ccache();
1271                         ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
1272
1273                         if (ret){
1274                                 TALLOC_FREE(principal);
1275                                 DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
1276                                 if (cli->fallback_after_kerberos)
1277                                         goto ntlmssp;
1278                                 return ADS_ERROR_KRB5(ret);
1279                         }
1280                 }
1281
1282                 /* We may not be allowed to use the server-supplied SPNEGO principal, or it may not have been supplied to us
1283                  */
1284                 if (!lp_client_use_spnego_principal() || strequal(principal, ADS_IGNORE_PRINCIPAL)) {
1285                         TALLOC_FREE(principal);
1286                 }
1287
1288                 if (principal == NULL &&
1289                         !is_ipaddress(cli->desthost) &&
1290                         !strequal(STAR_SMBSERVER,
1291                                 cli->desthost)) {
1292                         char *realm = NULL;
1293                         char *host = NULL;
1294                         DEBUG(3,("cli_session_setup_spnego: using target "
1295                                  "hostname not SPNEGO principal\n"));
1296
1297                         host = strchr_m(cli->desthost, '.');
1298                         if (dest_realm) {
1299                                 realm = SMB_STRDUP(dest_realm);
1300                                 strupper_m(realm);
1301                         } else {
1302                                 if (host) {
1303                                         /* DNS name. */
1304                                         realm = kerberos_get_realm_from_hostname(cli->desthost);
1305                                 } else {
1306                                         /* NetBIOS name - use our realm. */
1307                                         realm = kerberos_get_default_realm_from_ccache();
1308                                 }
1309                         }
1310
1311                         if (realm && *realm) {
1312                                 principal = talloc_asprintf(talloc_tos(),
1313                                                             "cifs/%s@%s",
1314                                                             cli->desthost,
1315                                                             realm);
1316                                 if (!principal) {
1317                                         SAFE_FREE(realm);
1318                                         return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1319                                 }
1320                                 DEBUG(3,("cli_session_setup_spnego: guessed "
1321                                         "server principal=%s\n",
1322                                         principal ? principal : "<null>"));
1323                         }
1324                         SAFE_FREE(realm);
1325                 }
1326
1327                 if (principal) {
1328                         rc = cli_session_setup_kerberos(cli, principal,
1329                                 dest_realm);
1330                         if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
1331                                 TALLOC_FREE(principal);
1332                                 return rc;
1333                         }
1334                 }
1335         }
1336 #endif
1337
1338         TALLOC_FREE(principal);
1339
1340 ntlmssp:
1341
1342         account = talloc_strdup(talloc_tos(), user);
1343         if (!account) {
1344                 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
1345         }
1346
1347         /* when falling back to ntlmssp while authenticating with a machine
1348          * account strip off the realm - gd */
1349
1350         if ((p = strchr_m(user, '@')) != NULL) {
1351                 account[PTR_DIFF(p,user)] = '\0';
1352         }
1353
1354         return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, user_domain));
1355 }
1356
1357 /****************************************************************************
1358  Send a session setup. The username and workgroup is in UNIX character
1359  format and must be converted to DOS codepage format before sending. If the
1360  password is in plaintext, the same should be done.
1361 ****************************************************************************/
1362
1363 NTSTATUS cli_session_setup(struct cli_state *cli,
1364                            const char *user,
1365                            const char *pass, int passlen,
1366                            const char *ntpass, int ntpasslen,
1367                            const char *workgroup)
1368 {
1369         char *p;
1370         fstring user2;
1371
1372         if (user) {
1373                 fstrcpy(user2, user);
1374         } else {
1375                 user2[0] ='\0';
1376         }
1377
1378         if (!workgroup) {
1379                 workgroup = "";
1380         }
1381
1382         /* allow for workgroups as part of the username */
1383         if ((p=strchr_m(user2,'\\')) || (p=strchr_m(user2,'/')) ||
1384             (p=strchr_m(user2,*lp_winbind_separator()))) {
1385                 *p = 0;
1386                 user = p+1;
1387                 workgroup = user2;
1388         }
1389
1390         if (cli->protocol < PROTOCOL_LANMAN1) {
1391                 return NT_STATUS_OK;
1392         }
1393
1394         /* now work out what sort of session setup we are going to
1395            do. I have split this into separate functions to make the
1396            flow a bit easier to understand (tridge) */
1397
1398         /* if its an older server then we have to use the older request format */
1399
1400         if (cli->protocol < PROTOCOL_NT1) {
1401                 if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
1402                         DEBUG(1, ("Server requested LM password but 'client lanman auth'"
1403                                   " is disabled\n"));
1404                         return NT_STATUS_ACCESS_DENIED;
1405                 }
1406
1407                 if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
1408                     !lp_client_plaintext_auth() && (*pass)) {
1409                         DEBUG(1, ("Server requested plaintext password but "
1410                                   "'client plaintext auth' is disabled\n"));
1411                         return NT_STATUS_ACCESS_DENIED;
1412                 }
1413
1414                 return cli_session_setup_lanman2(cli, user, pass, passlen,
1415                                                  workgroup);
1416         }
1417
1418         /* if no user is supplied then we have to do an anonymous connection.
1419            passwords are ignored */
1420
1421         if (!user || !*user)
1422                 return cli_session_setup_guest(cli);
1423
1424         /* if the server is share level then send a plaintext null
1425            password at this point. The password is sent in the tree
1426            connect */
1427
1428         if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0) 
1429                 return cli_session_setup_plaintext(cli, user, "", workgroup);
1430
1431         /* if the server doesn't support encryption then we have to use 
1432            plaintext. The second password is ignored */
1433
1434         if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
1435                 if (!lp_client_plaintext_auth() && (*pass)) {
1436                         DEBUG(1, ("Server requested plaintext password but "
1437                                   "'client plaintext auth' is disabled\n"));
1438                         return NT_STATUS_ACCESS_DENIED;
1439                 }
1440                 return cli_session_setup_plaintext(cli, user, pass, workgroup);
1441         }
1442
1443         /* if the server supports extended security then use SPNEGO */
1444
1445         if (cli->capabilities & CAP_EXTENDED_SECURITY) {
1446                 ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
1447                                                              workgroup, NULL);
1448                 if (!ADS_ERR_OK(status)) {
1449                         DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
1450                         return ads_ntstatus(status);
1451                 }
1452         } else {
1453                 NTSTATUS status;
1454
1455                 /* otherwise do a NT1 style session setup */
1456                 status = cli_session_setup_nt1(cli, user, pass, passlen,
1457                                                ntpass, ntpasslen, workgroup);
1458                 if (!NT_STATUS_IS_OK(status)) {
1459                         DEBUG(3,("cli_session_setup: NT1 session setup "
1460                                  "failed: %s\n", nt_errstr(status)));
1461                         return status;
1462                 }
1463         }
1464
1465         if (strstr(cli->server_type, "Samba")) {
1466                 cli->is_samba = True;
1467         }
1468
1469         return NT_STATUS_OK;
1470 }
1471
1472 /****************************************************************************
1473  Send a uloggoff.
1474 *****************************************************************************/
1475
1476 struct cli_ulogoff_state {
1477         struct cli_state *cli;
1478         uint16_t vwv[3];
1479 };
1480
1481 static void cli_ulogoff_done(struct tevent_req *subreq);
1482
1483 struct tevent_req *cli_ulogoff_send(TALLOC_CTX *mem_ctx,
1484                                     struct tevent_context *ev,
1485                                     struct cli_state *cli)
1486 {
1487         struct tevent_req *req, *subreq;
1488         struct cli_ulogoff_state *state;
1489
1490         req = tevent_req_create(mem_ctx, &state, struct cli_ulogoff_state);
1491         if (req == NULL) {
1492                 return NULL;
1493         }
1494         state->cli = cli;
1495
1496         SCVAL(state->vwv+0, 0, 0xFF);
1497         SCVAL(state->vwv+1, 0, 0);
1498         SSVAL(state->vwv+2, 0, 0);
1499
1500         subreq = cli_smb_send(state, ev, cli, SMBulogoffX, 0, 2, state->vwv,
1501                               0, NULL);
1502         if (tevent_req_nomem(subreq, req)) {
1503                 return tevent_req_post(req, ev);
1504         }
1505         tevent_req_set_callback(subreq, cli_ulogoff_done, req);
1506         return req;
1507 }
1508
1509 static void cli_ulogoff_done(struct tevent_req *subreq)
1510 {
1511         struct tevent_req *req = tevent_req_callback_data(
1512                 subreq, struct tevent_req);
1513         struct cli_ulogoff_state *state = tevent_req_data(
1514                 req, struct cli_ulogoff_state);
1515         NTSTATUS status;
1516
1517         status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
1518         if (!NT_STATUS_IS_OK(status)) {
1519                 tevent_req_nterror(req, status);
1520                 return;
1521         }
1522         state->cli->vuid = -1;
1523         tevent_req_done(req);
1524 }
1525
1526 NTSTATUS cli_ulogoff_recv(struct tevent_req *req)
1527 {
1528         return tevent_req_simple_recv_ntstatus(req);
1529 }
1530
1531 NTSTATUS cli_ulogoff(struct cli_state *cli)
1532 {
1533         struct tevent_context *ev;
1534         struct tevent_req *req;
1535         NTSTATUS status = NT_STATUS_NO_MEMORY;
1536
1537         if (cli_has_async_calls(cli)) {
1538                 return NT_STATUS_INVALID_PARAMETER;
1539         }
1540         ev = tevent_context_init(talloc_tos());
1541         if (ev == NULL) {
1542                 goto fail;
1543         }
1544         req = cli_ulogoff_send(ev, ev, cli);
1545         if (req == NULL) {
1546                 goto fail;
1547         }
1548         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
1549                 goto fail;
1550         }
1551         status = cli_ulogoff_recv(req);
1552 fail:
1553         TALLOC_FREE(ev);
1554         if (!NT_STATUS_IS_OK(status)) {
1555                 cli_set_error(cli, status);
1556         }
1557         return status;
1558 }
1559
1560 /****************************************************************************
1561  Send a tconX.
1562 ****************************************************************************/
1563
1564 struct cli_tcon_andx_state {
1565         struct cli_state *cli;
1566         uint16_t vwv[4];
1567         struct iovec bytes;
1568 };
1569
1570 static void cli_tcon_andx_done(struct tevent_req *subreq);
1571
1572 struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
1573                                         struct event_context *ev,
1574                                         struct cli_state *cli,
1575                                         const char *share, const char *dev,
1576                                         const char *pass, int passlen,
1577                                         struct tevent_req **psmbreq)
1578 {
1579         struct tevent_req *req, *subreq;
1580         struct cli_tcon_andx_state *state;
1581         fstring pword;
1582         uint16_t *vwv;
1583         char *tmp = NULL;
1584         uint8_t *bytes;
1585
1586         *psmbreq = NULL;
1587
1588         req = tevent_req_create(mem_ctx, &state, struct cli_tcon_andx_state);
1589         if (req == NULL) {
1590                 return NULL;
1591         }
1592         state->cli = cli;
1593         vwv = state->vwv;
1594
1595         fstrcpy(cli->share, share);
1596
1597         /* in user level security don't send a password now */
1598         if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
1599                 passlen = 1;
1600                 pass = "";
1601         } else if (pass == NULL) {
1602                 DEBUG(1, ("Server not using user level security and no "
1603                           "password supplied.\n"));
1604                 goto access_denied;
1605         }
1606
1607         if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
1608             *pass && passlen != 24) {
1609                 if (!lp_client_lanman_auth()) {
1610                         DEBUG(1, ("Server requested LANMAN password "
1611                                   "(share-level security) but "
1612                                   "'client lanman auth' is disabled\n"));
1613                         goto access_denied;
1614                 }
1615
1616                 /*
1617                  * Non-encrypted passwords - convert to DOS codepage before
1618                  * encryption.
1619                  */
1620                 passlen = 24;
1621                 SMBencrypt(pass, cli->secblob.data, (uchar *)pword);
1622         } else {
1623                 if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL
1624                                      |NEGOTIATE_SECURITY_CHALLENGE_RESPONSE))
1625                    == 0) {
1626                         if (!lp_client_plaintext_auth() && (*pass)) {
1627                                 DEBUG(1, ("Server requested plaintext "
1628                                           "password but 'client plaintext "
1629                                           "auth' is disabled\n"));
1630                                 goto access_denied;
1631                         }
1632
1633                         /*
1634                          * Non-encrypted passwords - convert to DOS codepage
1635                          * before using.
1636                          */
1637                         passlen = clistr_push(cli, pword, pass, sizeof(pword),
1638                                               STR_TERMINATE);
1639                         if (passlen == -1) {
1640                                 DEBUG(1, ("clistr_push(pword) failed\n"));
1641                                 goto access_denied;
1642                         }
1643                 } else {
1644                         if (passlen) {
1645                                 memcpy(pword, pass, passlen);
1646                         }
1647                 }
1648         }
1649
1650         SCVAL(vwv+0, 0, 0xFF);
1651         SCVAL(vwv+0, 1, 0);
1652         SSVAL(vwv+1, 0, 0);
1653         SSVAL(vwv+2, 0, TCONX_FLAG_EXTENDED_RESPONSE);
1654         SSVAL(vwv+3, 0, passlen);
1655
1656         if (passlen) {
1657                 bytes = (uint8_t *)talloc_memdup(state, pword, passlen);
1658         } else {
1659                 bytes = talloc_array(state, uint8_t, 0);
1660         }
1661
1662         /*
1663          * Add the sharename
1664          */
1665         tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s",
1666                                          cli->desthost, share);
1667         if (tmp == NULL) {
1668                 TALLOC_FREE(req);
1669                 return NULL;
1670         }
1671         bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), tmp, strlen(tmp)+1,
1672                                    NULL);
1673         TALLOC_FREE(tmp);
1674
1675         /*
1676          * Add the devicetype
1677          */
1678         tmp = talloc_strdup_upper(talloc_tos(), dev);
1679         if (tmp == NULL) {
1680                 TALLOC_FREE(req);
1681                 return NULL;
1682         }
1683         bytes = smb_bytes_push_str(bytes, false, tmp, strlen(tmp)+1, NULL);
1684         TALLOC_FREE(tmp);
1685
1686         if (bytes == NULL) {
1687                 TALLOC_FREE(req);
1688                 return NULL;
1689         }
1690
1691         state->bytes.iov_base = (void *)bytes;
1692         state->bytes.iov_len = talloc_get_size(bytes);
1693
1694         subreq = cli_smb_req_create(state, ev, cli, SMBtconX, 0, 4, vwv,
1695                                     1, &state->bytes);
1696         if (subreq == NULL) {
1697                 TALLOC_FREE(req);
1698                 return NULL;
1699         }
1700         tevent_req_set_callback(subreq, cli_tcon_andx_done, req);
1701         *psmbreq = subreq;
1702         return req;
1703
1704  access_denied:
1705         tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
1706         return tevent_req_post(req, ev);
1707 }
1708
1709 struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
1710                                       struct event_context *ev,
1711                                       struct cli_state *cli,
1712                                       const char *share, const char *dev,
1713                                       const char *pass, int passlen)
1714 {
1715         struct tevent_req *req, *subreq;
1716         NTSTATUS status;
1717
1718         req = cli_tcon_andx_create(mem_ctx, ev, cli, share, dev, pass, passlen,
1719                                    &subreq);
1720         if (req == NULL) {
1721                 return NULL;
1722         }
1723         if (subreq == NULL) {
1724                 return req;
1725         }
1726         status = cli_smb_req_send(subreq);
1727         if (!NT_STATUS_IS_OK(status)) {
1728                 tevent_req_nterror(req, status);
1729                 return tevent_req_post(req, ev);
1730         }
1731         return req;
1732 }
1733
1734 static void cli_tcon_andx_done(struct tevent_req *subreq)
1735 {
1736         struct tevent_req *req = tevent_req_callback_data(
1737                 subreq, struct tevent_req);
1738         struct cli_tcon_andx_state *state = tevent_req_data(
1739                 req, struct cli_tcon_andx_state);
1740         struct cli_state *cli = state->cli;
1741         uint8_t *in;
1742         char *inbuf;
1743         uint8_t wct;
1744         uint16_t *vwv;
1745         uint32_t num_bytes;
1746         uint8_t *bytes;
1747         NTSTATUS status;
1748
1749         status = cli_smb_recv(subreq, state, &in, 0, &wct, &vwv,
1750                               &num_bytes, &bytes);
1751         TALLOC_FREE(subreq);
1752         if (!NT_STATUS_IS_OK(status)) {
1753                 tevent_req_nterror(req, status);
1754                 return;
1755         }
1756
1757         inbuf = (char *)in;
1758
1759         clistr_pull(inbuf, cli->dev, bytes, sizeof(fstring), num_bytes,
1760                     STR_TERMINATE|STR_ASCII);
1761
1762         if ((cli->protocol >= PROTOCOL_NT1) && (num_bytes == 3)) {
1763                 /* almost certainly win95 - enable bug fixes */
1764                 cli->win95 = True;
1765         }
1766
1767         /*
1768          * Make sure that we have the optional support 16-bit field. WCT > 2.
1769          * Avoids issues when connecting to Win9x boxes sharing files
1770          */
1771
1772         cli->dfsroot = false;
1773
1774         if ((wct > 2) && (cli->protocol >= PROTOCOL_LANMAN2)) {
1775                 cli->dfsroot = ((SVAL(vwv+2, 0) & SMB_SHARE_IN_DFS) != 0);
1776         }
1777
1778         cli->cnum = SVAL(inbuf,smb_tid);
1779         tevent_req_done(req);
1780 }
1781
1782 NTSTATUS cli_tcon_andx_recv(struct tevent_req *req)
1783 {
1784         return tevent_req_simple_recv_ntstatus(req);
1785 }
1786
1787 NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
1788                        const char *dev, const char *pass, int passlen)
1789 {
1790         TALLOC_CTX *frame = talloc_stackframe();
1791         struct event_context *ev;
1792         struct tevent_req *req;
1793         NTSTATUS status = NT_STATUS_OK;
1794
1795         if (cli_has_async_calls(cli)) {
1796                 /*
1797                  * Can't use sync call while an async call is in flight
1798                  */
1799                 status = NT_STATUS_INVALID_PARAMETER;
1800                 goto fail;
1801         }
1802
1803         ev = event_context_init(frame);
1804         if (ev == NULL) {
1805                 status = NT_STATUS_NO_MEMORY;
1806                 goto fail;
1807         }
1808
1809         req = cli_tcon_andx_send(frame, ev, cli, share, dev, pass, passlen);
1810         if (req == NULL) {
1811                 status = NT_STATUS_NO_MEMORY;
1812                 goto fail;
1813         }
1814
1815         if (!tevent_req_poll(req, ev)) {
1816                 status = map_nt_error_from_unix(errno);
1817                 goto fail;
1818         }
1819
1820         status = cli_tcon_andx_recv(req);
1821  fail:
1822         TALLOC_FREE(frame);
1823         if (!NT_STATUS_IS_OK(status)) {
1824                 cli_set_error(cli, status);
1825         }
1826         return status;
1827 }
1828
1829 /****************************************************************************
1830  Send a tree disconnect.
1831 ****************************************************************************/
1832
1833 struct cli_tdis_state {
1834         struct cli_state *cli;
1835 };
1836
1837 static void cli_tdis_done(struct tevent_req *subreq);
1838
1839 struct tevent_req *cli_tdis_send(TALLOC_CTX *mem_ctx,
1840                                  struct tevent_context *ev,
1841                                  struct cli_state *cli)
1842 {
1843         struct tevent_req *req, *subreq;
1844         struct cli_tdis_state *state;
1845
1846         req = tevent_req_create(mem_ctx, &state, struct cli_tdis_state);
1847         if (req == NULL) {
1848                 return NULL;
1849         }
1850         state->cli = cli;
1851
1852         subreq = cli_smb_send(state, ev, cli, SMBtdis, 0, 0, NULL, 0, NULL);
1853         if (tevent_req_nomem(subreq, req)) {
1854                 return tevent_req_post(req, ev);
1855         }
1856         tevent_req_set_callback(subreq, cli_tdis_done, req);
1857         return req;
1858 }
1859
1860 static void cli_tdis_done(struct tevent_req *subreq)
1861 {
1862         struct tevent_req *req = tevent_req_callback_data(
1863                 subreq, struct tevent_req);
1864         struct cli_tdis_state *state = tevent_req_data(
1865                 req, struct cli_tdis_state);
1866         NTSTATUS status;
1867
1868         status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
1869         TALLOC_FREE(subreq);
1870         if (!NT_STATUS_IS_OK(status)) {
1871                 tevent_req_nterror(req, status);
1872                 return;
1873         }
1874         state->cli->cnum = -1;
1875         tevent_req_done(req);
1876 }
1877
1878 NTSTATUS cli_tdis_recv(struct tevent_req *req)
1879 {
1880         return tevent_req_simple_recv_ntstatus(req);
1881 }
1882
1883 NTSTATUS cli_tdis(struct cli_state *cli)
1884 {
1885         struct tevent_context *ev;
1886         struct tevent_req *req;
1887         NTSTATUS status = NT_STATUS_NO_MEMORY;
1888
1889         if (cli_has_async_calls(cli)) {
1890                 return NT_STATUS_INVALID_PARAMETER;
1891         }
1892         ev = tevent_context_init(talloc_tos());
1893         if (ev == NULL) {
1894                 goto fail;
1895         }
1896         req = cli_tdis_send(ev, ev, cli);
1897         if (req == NULL) {
1898                 goto fail;
1899         }
1900         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
1901                 goto fail;
1902         }
1903         status = cli_tdis_recv(req);
1904 fail:
1905         TALLOC_FREE(ev);
1906         if (!NT_STATUS_IS_OK(status)) {
1907                 cli_set_error(cli, status);
1908         }
1909         return status;
1910 }
1911
1912 /****************************************************************************
1913  Send a negprot command.
1914 ****************************************************************************/
1915
1916 void cli_negprot_sendsync(struct cli_state *cli)
1917 {
1918         char *p;
1919         int numprots;
1920
1921         if (cli->protocol < PROTOCOL_NT1)
1922                 cli->use_spnego = False;
1923
1924         memset(cli->outbuf,'\0',smb_size);
1925
1926         /* setup the protocol strings */
1927         cli_set_message(cli->outbuf,0,0,True);
1928
1929         p = smb_buf(cli->outbuf);
1930         for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
1931                 if (prots[numprots].prot > cli->protocol) {
1932                         break;
1933                 }
1934                 *p++ = 2;
1935                 p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
1936         }
1937
1938         SCVAL(cli->outbuf,smb_com,SMBnegprot);
1939         cli_setup_bcc(cli, p);
1940         cli_setup_packet(cli);
1941
1942         SCVAL(smb_buf(cli->outbuf),0,2);
1943
1944         cli_send_smb(cli);
1945 }
1946
1947 /****************************************************************************
1948  Send a negprot command.
1949 ****************************************************************************/
1950
1951 struct cli_negprot_state {
1952         struct cli_state *cli;
1953 };
1954
1955 static void cli_negprot_done(struct tevent_req *subreq);
1956
1957 struct tevent_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
1958                                     struct event_context *ev,
1959                                     struct cli_state *cli)
1960 {
1961         struct tevent_req *req, *subreq;
1962         struct cli_negprot_state *state;
1963         uint8_t *bytes = NULL;
1964         int numprots;
1965         uint16_t cnum;
1966
1967         req = tevent_req_create(mem_ctx, &state, struct cli_negprot_state);
1968         if (req == NULL) {
1969                 return NULL;
1970         }
1971         state->cli = cli;
1972
1973         if (cli->protocol < PROTOCOL_NT1)
1974                 cli->use_spnego = False;
1975
1976         /* setup the protocol strings */
1977         for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
1978                 uint8_t c = 2;
1979                 if (prots[numprots].prot > cli->protocol) {
1980                         break;
1981                 }
1982                 bytes = (uint8_t *)talloc_append_blob(
1983                         state, bytes, data_blob_const(&c, sizeof(c)));
1984                 if (tevent_req_nomem(bytes, req)) {
1985                         return tevent_req_post(req, ev);
1986                 }
1987                 bytes = smb_bytes_push_str(bytes, false,
1988                                            prots[numprots].name,
1989                                            strlen(prots[numprots].name)+1,
1990                                            NULL);
1991                 if (tevent_req_nomem(bytes, req)) {
1992                         return tevent_req_post(req, ev);
1993                 }
1994         }
1995
1996         cnum = cli->cnum;
1997
1998         cli->cnum = 0;
1999         subreq = cli_smb_send(state, ev, cli, SMBnegprot, 0, 0, NULL,
2000                               talloc_get_size(bytes), bytes);
2001         cli->cnum = cnum;
2002
2003         if (tevent_req_nomem(subreq, req)) {
2004                 return tevent_req_post(req, ev);
2005         }
2006         tevent_req_set_callback(subreq, cli_negprot_done, req);
2007         return req;
2008 }
2009
2010 static void cli_negprot_done(struct tevent_req *subreq)
2011 {
2012         struct tevent_req *req = tevent_req_callback_data(
2013                 subreq, struct tevent_req);
2014         struct cli_negprot_state *state = tevent_req_data(
2015                 req, struct cli_negprot_state);
2016         struct cli_state *cli = state->cli;
2017         uint8_t wct;
2018         uint16_t *vwv;
2019         uint32_t num_bytes;
2020         uint8_t *bytes;
2021         NTSTATUS status;
2022         uint16_t protnum;
2023         uint8_t *inbuf;
2024
2025         status = cli_smb_recv(subreq, state, &inbuf, 1, &wct, &vwv,
2026                               &num_bytes, &bytes);
2027         TALLOC_FREE(subreq);
2028         if (!NT_STATUS_IS_OK(status)) {
2029                 tevent_req_nterror(req, status);
2030                 return;
2031         }
2032
2033         protnum = SVAL(vwv, 0);
2034
2035         if ((protnum >= ARRAY_SIZE(prots))
2036             || (prots[protnum].prot > cli->protocol)) {
2037                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
2038                 return;
2039         }
2040
2041         cli->protocol = prots[protnum].prot;
2042
2043         if ((cli->protocol < PROTOCOL_NT1) &&
2044             client_is_signing_mandatory(cli)) {
2045                 DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
2046                 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
2047                 return;
2048         }
2049
2050         if (cli->protocol >= PROTOCOL_NT1) {    
2051                 struct timespec ts;
2052                 bool negotiated_smb_signing = false;
2053
2054                 /* NT protocol */
2055                 cli->sec_mode = CVAL(vwv + 1, 0);
2056                 cli->max_mux = SVAL(vwv + 1, 1);
2057                 cli->max_xmit = IVAL(vwv + 3, 1);
2058                 cli->sesskey = IVAL(vwv + 7, 1);
2059                 cli->serverzone = SVALS(vwv + 15, 1);
2060                 cli->serverzone *= 60;
2061                 /* this time arrives in real GMT */
2062                 ts = interpret_long_date(((char *)(vwv+11))+1);
2063                 cli->servertime = ts.tv_sec;
2064                 cli->secblob = data_blob(bytes, num_bytes);
2065                 cli->capabilities = IVAL(vwv + 9, 1);
2066                 if (cli->capabilities & CAP_RAW_MODE) {
2067                         cli->readbraw_supported = True;
2068                         cli->writebraw_supported = True;      
2069                 }
2070                 /* work out if they sent us a workgroup */
2071                 if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
2072                     smb_buflen(cli->inbuf) > 8) {
2073                         clistr_pull(cli->inbuf, cli->server_domain,
2074                                     bytes+8, sizeof(cli->server_domain),
2075                                     num_bytes-8,
2076                                     STR_UNICODE|STR_NOALIGN);
2077                 }
2078
2079                 /*
2080                  * As signing is slow we only turn it on if either the client or
2081                  * the server require it. JRA.
2082                  */
2083
2084                 if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
2085                         /* Fail if server says signing is mandatory and we don't want to support it. */
2086                         if (!client_is_signing_allowed(cli)) {
2087                                 DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
2088                                 tevent_req_nterror(req,
2089                                                    NT_STATUS_ACCESS_DENIED);
2090                                 return;
2091                         }
2092                         negotiated_smb_signing = true;
2093                 } else if (client_is_signing_mandatory(cli) && client_is_signing_allowed(cli)) {
2094                         /* Fail if client says signing is mandatory and the server doesn't support it. */
2095                         if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
2096                                 DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
2097                                 tevent_req_nterror(req,
2098                                                    NT_STATUS_ACCESS_DENIED);
2099                                 return;
2100                         }
2101                         negotiated_smb_signing = true;
2102                 } else if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
2103                         negotiated_smb_signing = true;
2104                 }
2105
2106                 if (negotiated_smb_signing) {
2107                         cli_set_signing_negotiated(cli);
2108                 }
2109
2110                 if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
2111                         SAFE_FREE(cli->outbuf);
2112                         SAFE_FREE(cli->inbuf);
2113                         cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
2114                         cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
2115                         if (!cli->outbuf || !cli->inbuf) {
2116                                 tevent_req_nterror(req,
2117                                                 NT_STATUS_NO_MEMORY);
2118                                 return;
2119                         }
2120                         cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
2121                 }
2122
2123         } else if (cli->protocol >= PROTOCOL_LANMAN1) {
2124                 cli->use_spnego = False;
2125                 cli->sec_mode = SVAL(vwv + 1, 0);
2126                 cli->max_xmit = SVAL(vwv + 2, 0);
2127                 cli->max_mux = SVAL(vwv + 3, 0);
2128                 cli->sesskey = IVAL(vwv + 6, 0);
2129                 cli->serverzone = SVALS(vwv + 10, 0);
2130                 cli->serverzone *= 60;
2131                 /* this time is converted to GMT by make_unix_date */
2132                 cli->servertime = make_unix_date(
2133                         (char *)(vwv + 8), cli->serverzone);
2134                 cli->readbraw_supported = ((SVAL(vwv + 5, 0) & 0x1) != 0);
2135                 cli->writebraw_supported = ((SVAL(vwv + 5, 0) & 0x2) != 0);
2136                 cli->secblob = data_blob(bytes, num_bytes);
2137         } else {
2138                 /* the old core protocol */
2139                 cli->use_spnego = False;
2140                 cli->sec_mode = 0;
2141                 cli->serverzone = get_time_zone(time(NULL));
2142         }
2143
2144         cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
2145
2146         /* a way to force ascii SMB */
2147         if (getenv("CLI_FORCE_ASCII"))
2148                 cli->capabilities &= ~CAP_UNICODE;
2149
2150         tevent_req_done(req);
2151 }
2152
2153 NTSTATUS cli_negprot_recv(struct tevent_req *req)
2154 {
2155         return tevent_req_simple_recv_ntstatus(req);
2156 }
2157
2158 NTSTATUS cli_negprot(struct cli_state *cli)
2159 {
2160         TALLOC_CTX *frame = talloc_stackframe();
2161         struct event_context *ev;
2162         struct tevent_req *req;
2163         NTSTATUS status = NT_STATUS_OK;
2164
2165         if (cli_has_async_calls(cli)) {
2166                 /*
2167                  * Can't use sync call while an async call is in flight
2168                  */
2169                 status = NT_STATUS_INVALID_PARAMETER;
2170                 goto fail;
2171         }
2172
2173         ev = event_context_init(frame);
2174         if (ev == NULL) {
2175                 status = NT_STATUS_NO_MEMORY;
2176                 goto fail;
2177         }
2178
2179         req = cli_negprot_send(frame, ev, cli);
2180         if (req == NULL) {
2181                 status = NT_STATUS_NO_MEMORY;
2182                 goto fail;
2183         }
2184
2185         if (!tevent_req_poll(req, ev)) {
2186                 status = map_nt_error_from_unix(errno);
2187                 goto fail;
2188         }
2189
2190         status = cli_negprot_recv(req);
2191  fail:
2192         TALLOC_FREE(frame);
2193         if (!NT_STATUS_IS_OK(status)) {
2194                 cli_set_error(cli, status);
2195         }
2196         return status;
2197 }
2198
2199 /****************************************************************************
2200  Send a session request. See rfc1002.txt 4.3 and 4.3.2.
2201 ****************************************************************************/
2202
2203 bool cli_session_request(struct cli_state *cli,
2204                          struct nmb_name *calling, struct nmb_name *called)
2205 {
2206         char *p;
2207         int len = 4;
2208         int namelen = 0;
2209         char *tmp;
2210
2211         /* 445 doesn't have session request */
2212         if (cli->port == 445)
2213                 return True;
2214
2215         memcpy(&(cli->calling), calling, sizeof(*calling));
2216         memcpy(&(cli->called ), called , sizeof(*called ));
2217
2218         /* put in the destination name */
2219
2220         tmp = name_mangle(talloc_tos(), cli->called.name,
2221                           cli->called.name_type);
2222         if (tmp == NULL) {
2223                 return false;
2224         }
2225
2226         p = cli->outbuf+len;
2227         namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp));
2228         if (namelen > 0) {
2229                 memcpy(p, tmp, namelen);
2230                 len += namelen;
2231         }
2232         TALLOC_FREE(tmp);
2233
2234         /* and my name */
2235
2236         tmp = name_mangle(talloc_tos(), cli->calling.name,
2237                           cli->calling.name_type);
2238         if (tmp == NULL) {
2239                 return false;
2240         }
2241
2242         p = cli->outbuf+len;
2243         namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp));
2244         if (namelen > 0) {
2245                 memcpy(p, tmp, namelen);
2246                 len += namelen;
2247         }
2248         TALLOC_FREE(tmp);
2249
2250         /* send a session request (RFC 1002) */
2251         /* setup the packet length
2252          * Remove four bytes from the length count, since the length
2253          * field in the NBT Session Service header counts the number
2254          * of bytes which follow.  The cli_send_smb() function knows
2255          * about this and accounts for those four bytes.
2256          * CRH.
2257          */
2258         len -= 4;
2259         _smb_setlen(cli->outbuf,len);
2260         SCVAL(cli->outbuf,0,0x81);
2261
2262         cli_send_smb(cli);
2263         DEBUG(5,("Sent session request\n"));
2264
2265         if (!cli_receive_smb(cli))
2266                 return False;
2267
2268         if (CVAL(cli->inbuf,0) == 0x84) {
2269                 /* C. Hoch  9/14/95 Start */
2270                 /* For information, here is the response structure.
2271                  * We do the byte-twiddling to for portability.
2272                 struct RetargetResponse{
2273                 unsigned char type;
2274                 unsigned char flags;
2275                 int16 length;
2276                 int32 ip_addr;
2277                 int16 port;
2278                 };
2279                 */
2280                 uint16_t port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
2281                 struct in_addr dest_ip;
2282                 NTSTATUS status;
2283
2284                 /* SESSION RETARGET */
2285                 putip((char *)&dest_ip,cli->inbuf+4);
2286                 in_addr_to_sockaddr_storage(&cli->dest_ss, dest_ip);
2287
2288                 status = open_socket_out(&cli->dest_ss, port,
2289                                          LONG_CONNECT_TIMEOUT, &cli->fd);
2290                 if (!NT_STATUS_IS_OK(status)) {
2291                         return False;
2292                 }
2293
2294                 DEBUG(3,("Retargeted\n"));
2295
2296                 set_socket_options(cli->fd, lp_socket_options());
2297
2298                 /* Try again */
2299                 {
2300                         static int depth;
2301                         bool ret;
2302                         if (depth > 4) {
2303                                 DEBUG(0,("Retarget recursion - failing\n"));
2304                                 return False;
2305                         }
2306                         depth++;
2307                         ret = cli_session_request(cli, calling, called);
2308                         depth--;
2309                         return ret;
2310                 }
2311         } /* C. Hoch 9/14/95 End */
2312
2313         if (CVAL(cli->inbuf,0) != 0x82) {
2314                 /* This is the wrong place to put the error... JRA. */
2315                 cli->rap_error = CVAL(cli->inbuf,4);
2316                 return False;
2317         }
2318         return(True);
2319 }
2320
2321 struct fd_struct {
2322         int fd;
2323 };
2324
2325 static void smb_sock_connected(struct tevent_req *req)
2326 {
2327         struct fd_struct *pfd = tevent_req_callback_data(
2328                 req, struct fd_struct);
2329         int fd;
2330         NTSTATUS status;
2331
2332         status = open_socket_out_defer_recv(req, &fd);
2333         if (NT_STATUS_IS_OK(status)) {
2334                 pfd->fd = fd;
2335         }
2336 }
2337
2338 static NTSTATUS open_smb_socket(const struct sockaddr_storage *pss,
2339                                 uint16_t *port, int timeout, int *pfd)
2340 {
2341         struct event_context *ev;
2342         struct tevent_req *r139, *r445;
2343         struct fd_struct *fd139, *fd445;
2344         NTSTATUS status = NT_STATUS_NO_MEMORY;
2345
2346         if (*port != 0) {
2347                 return open_socket_out(pss, *port, timeout, pfd);
2348         }
2349
2350         ev = event_context_init(talloc_tos());
2351         if (ev == NULL) {
2352                 return NT_STATUS_NO_MEMORY;
2353         }
2354
2355         fd139 = talloc(ev, struct fd_struct);
2356         if (fd139 == NULL) {
2357                 goto done;
2358         }
2359         fd139->fd = -1;
2360
2361         fd445 = talloc(ev, struct fd_struct);
2362         if (fd445 == NULL) {
2363                 goto done;
2364         }
2365         fd445->fd = -1;
2366
2367         r445 = open_socket_out_defer_send(ev, ev, timeval_set(0, 0),
2368                                           pss, 445, timeout);
2369         r139 = open_socket_out_defer_send(ev, ev, timeval_set(0, 3000),
2370                                           pss, 139, timeout);
2371         if ((r445 == NULL) || (r139 == NULL)) {
2372                 goto done;
2373         }
2374         tevent_req_set_callback(r445, smb_sock_connected, fd445);
2375         tevent_req_set_callback(r139, smb_sock_connected, fd139);
2376
2377         while ((fd445->fd == -1) && (fd139->fd == -1)
2378                && (tevent_req_is_in_progress(r139)
2379                    || tevent_req_is_in_progress(r445))) {
2380                 event_loop_once(ev);
2381         }
2382
2383         if ((fd139->fd != -1) && (fd445->fd != -1)) {
2384                 close(fd139->fd);
2385                 fd139->fd = -1;
2386         }
2387
2388         if (fd445->fd != -1) {
2389                 *port = 445;
2390                 *pfd = fd445->fd;
2391                 status = NT_STATUS_OK;
2392                 goto done;
2393         }
2394         if (fd139->fd != -1) {
2395                 *port = 139;
2396                 *pfd = fd139->fd;
2397                 status = NT_STATUS_OK;
2398                 goto done;
2399         }
2400
2401         status = open_socket_out_defer_recv(r445, &fd445->fd);
2402  done:
2403         TALLOC_FREE(ev);
2404         return status;
2405 }
2406
2407 /****************************************************************************
2408  Open the client sockets.
2409 ****************************************************************************/
2410
2411 NTSTATUS cli_connect(struct cli_state *cli,
2412                 const char *host,
2413                 struct sockaddr_storage *dest_ss)
2414
2415 {
2416         int name_type = 0x20;
2417         TALLOC_CTX *frame = talloc_stackframe();
2418         unsigned int num_addrs = 0;
2419         unsigned int i = 0;
2420         struct sockaddr_storage *ss_arr = NULL;
2421         char *p = NULL;
2422
2423         /* reasonable default hostname */
2424         if (!host) {
2425                 host = STAR_SMBSERVER;
2426         }
2427
2428         fstrcpy(cli->desthost, host);
2429
2430         /* allow hostnames of the form NAME#xx and do a netbios lookup */
2431         if ((p = strchr(cli->desthost, '#'))) {
2432                 name_type = strtol(p+1, NULL, 16);
2433                 *p = 0;
2434         }
2435
2436         if (!dest_ss || is_zero_addr((struct sockaddr *)dest_ss)) {
2437                 NTSTATUS status =resolve_name_list(frame,
2438                                         cli->desthost,
2439                                         name_type,
2440                                         &ss_arr,
2441                                         &num_addrs);
2442                 if (!NT_STATUS_IS_OK(status)) {
2443                         TALLOC_FREE(frame);
2444                         return NT_STATUS_BAD_NETWORK_NAME;
2445                 }
2446         } else {
2447                 num_addrs = 1;
2448                 ss_arr = TALLOC_P(frame, struct sockaddr_storage);
2449                 if (!ss_arr) {
2450                         TALLOC_FREE(frame);
2451                         return NT_STATUS_NO_MEMORY;
2452                 }
2453                 *ss_arr = *dest_ss;
2454         }
2455
2456         for (i = 0; i < num_addrs; i++) {
2457                 cli->dest_ss = ss_arr[i];
2458                 if (getenv("LIBSMB_PROG")) {
2459                         cli->fd = sock_exec(getenv("LIBSMB_PROG"));
2460                 } else {
2461                         uint16_t port = cli->port;
2462                         NTSTATUS status;
2463                         status = open_smb_socket(&cli->dest_ss, &port,
2464                                                  cli->timeout, &cli->fd);
2465                         if (NT_STATUS_IS_OK(status)) {
2466                                 cli->port = port;
2467                         }
2468                 }
2469                 if (cli->fd == -1) {
2470                         char addr[INET6_ADDRSTRLEN];
2471                         print_sockaddr(addr, sizeof(addr), &ss_arr[i]);
2472                         DEBUG(2,("Error connecting to %s (%s)\n",
2473                                  dest_ss?addr:host,strerror(errno)));
2474                 } else {
2475                         /* Exit from loop on first connection. */
2476                         break;
2477                 }
2478         }
2479
2480         if (cli->fd == -1) {
2481                 TALLOC_FREE(frame);
2482                 return map_nt_error_from_unix(errno);
2483         }
2484
2485         if (dest_ss) {
2486                 *dest_ss = cli->dest_ss;
2487         }
2488
2489         set_socket_options(cli->fd, lp_socket_options());
2490
2491         TALLOC_FREE(frame);
2492         return NT_STATUS_OK;
2493 }
2494
2495 /**
2496    establishes a connection to after the negprot. 
2497    @param output_cli A fully initialised cli structure, non-null only on success
2498    @param dest_host The netbios name of the remote host
2499    @param dest_ss (optional) The the destination IP, NULL for name based lookup
2500    @param port (optional) The destination port (0 for default)
2501    @param retry bool. Did this connection fail with a retryable error ?
2502
2503 */
2504 NTSTATUS cli_start_connection(struct cli_state **output_cli, 
2505                               const char *my_name, 
2506                               const char *dest_host, 
2507                               struct sockaddr_storage *dest_ss, int port,
2508                               int signing_state, int flags,
2509                               bool *retry) 
2510 {
2511         NTSTATUS nt_status;
2512         struct nmb_name calling;
2513         struct nmb_name called;
2514         struct cli_state *cli;
2515         struct sockaddr_storage ss;
2516
2517         if (retry)
2518                 *retry = False;
2519
2520         if (!my_name) 
2521                 my_name = global_myname();
2522
2523         if (!(cli = cli_initialise_ex(signing_state))) {
2524                 return NT_STATUS_NO_MEMORY;
2525         }
2526
2527         make_nmb_name(&calling, my_name, 0x0);
2528         make_nmb_name(&called , dest_host, 0x20);
2529
2530         cli_set_port(cli, port);
2531         cli_set_timeout(cli, 10000); /* 10 seconds. */
2532
2533         if (dest_ss) {
2534                 ss = *dest_ss;
2535         } else {
2536                 zero_sockaddr(&ss);
2537         }
2538
2539 again:
2540
2541         DEBUG(3,("Connecting to host=%s\n", dest_host));
2542
2543         nt_status = cli_connect(cli, dest_host, &ss);
2544         if (!NT_STATUS_IS_OK(nt_status)) {
2545                 char addr[INET6_ADDRSTRLEN];
2546                 print_sockaddr(addr, sizeof(addr), &ss);
2547                 DEBUG(1,("cli_start_connection: failed to connect to %s (%s). Error %s\n",
2548                          nmb_namestr(&called), addr, nt_errstr(nt_status) ));
2549                 cli_shutdown(cli);
2550                 return nt_status;
2551         }
2552
2553         if (retry)
2554                 *retry = True;
2555
2556         if (!cli_session_request(cli, &calling, &called)) {
2557                 char *p;
2558                 DEBUG(1,("session request to %s failed (%s)\n",
2559                          called.name, cli_errstr(cli)));
2560                 if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
2561                         *p = 0;
2562                         goto again;
2563                 }
2564                 if (strcmp(called.name, STAR_SMBSERVER)) {
2565                         make_nmb_name(&called , STAR_SMBSERVER, 0x20);
2566                         goto again;
2567                 }
2568                 return NT_STATUS_BAD_NETWORK_NAME;
2569         }
2570
2571         if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO)
2572                 cli->use_spnego = False;
2573         else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
2574                 cli->use_kerberos = True;
2575
2576         if ((flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) &&
2577              cli->use_kerberos) {
2578                 cli->fallback_after_kerberos = true;
2579         }
2580         if (flags & CLI_FULL_CONNECTION_USE_CCACHE) {
2581                 cli->use_ccache = true;
2582         }
2583
2584         nt_status = cli_negprot(cli);
2585         if (!NT_STATUS_IS_OK(nt_status)) {
2586                 DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status)));
2587                 cli_shutdown(cli);
2588                 return nt_status;
2589         }
2590
2591         *output_cli = cli;
2592         return NT_STATUS_OK;
2593 }
2594
2595
2596 /**
2597    establishes a connection right up to doing tconX, password specified.
2598    @param output_cli A fully initialised cli structure, non-null only on success
2599    @param dest_host The netbios name of the remote host
2600    @param dest_ip (optional) The the destination IP, NULL for name based lookup
2601    @param port (optional) The destination port (0 for default)
2602    @param service (optional) The share to make the connection to.  Should be 'unqualified' in any way.
2603    @param service_type The 'type' of serivice. 
2604    @param user Username, unix string
2605    @param domain User's domain
2606    @param password User's password, unencrypted unix string.
2607    @param retry bool. Did this connection fail with a retryable error ?
2608 */
2609
2610 NTSTATUS cli_full_connection(struct cli_state **output_cli, 
2611                              const char *my_name, 
2612                              const char *dest_host, 
2613                              struct sockaddr_storage *dest_ss, int port,
2614                              const char *service, const char *service_type,
2615                              const char *user, const char *domain, 
2616                              const char *password, int flags,
2617                              int signing_state,
2618                              bool *retry) 
2619 {
2620         NTSTATUS nt_status;
2621         struct cli_state *cli = NULL;
2622         int pw_len = password ? strlen(password)+1 : 0;
2623
2624         *output_cli = NULL;
2625
2626         if (password == NULL) {
2627                 password = "";
2628         }
2629
2630         nt_status = cli_start_connection(&cli, my_name, dest_host,
2631                                          dest_ss, port, signing_state,
2632                                          flags, retry);
2633
2634         if (!NT_STATUS_IS_OK(nt_status)) {
2635                 return nt_status;
2636         }
2637
2638         cli->use_oplocks = ((flags & CLI_FULL_CONNECTION_OPLOCKS) != 0);
2639         cli->use_level_II_oplocks =
2640                 ((flags & CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS) != 0);
2641
2642         nt_status = cli_session_setup(cli, user, password, pw_len, password,
2643                                       pw_len, domain);
2644         if (!NT_STATUS_IS_OK(nt_status)) {
2645
2646                 if (!(flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
2647                         DEBUG(1,("failed session setup with %s\n",
2648                                  nt_errstr(nt_status)));
2649                         cli_shutdown(cli);
2650                         return nt_status;
2651                 }
2652
2653                 nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
2654                 if (!NT_STATUS_IS_OK(nt_status)) {
2655                         DEBUG(1,("anonymous failed session setup with %s\n",
2656                                  nt_errstr(nt_status)));
2657                         cli_shutdown(cli);
2658                         return nt_status;
2659                 }
2660         }
2661
2662         if (service) {
2663                 nt_status = cli_tcon_andx(cli, service, service_type, password,
2664                                           pw_len);
2665                 if (!NT_STATUS_IS_OK(nt_status)) {
2666                         DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
2667                         cli_shutdown(cli);
2668                         if (NT_STATUS_IS_OK(nt_status)) {
2669                                 nt_status = NT_STATUS_UNSUCCESSFUL;
2670                         }
2671                         return nt_status;
2672                 }
2673         }
2674
2675         nt_status = cli_init_creds(cli, user, domain, password);
2676         if (!NT_STATUS_IS_OK(nt_status)) {
2677                 cli_shutdown(cli);
2678                 return nt_status;
2679         }
2680
2681         *output_cli = cli;
2682         return NT_STATUS_OK;
2683 }
2684
2685 /****************************************************************************
2686  Attempt a NetBIOS session request, falling back to *SMBSERVER if needed.
2687 ****************************************************************************/
2688
2689 bool attempt_netbios_session_request(struct cli_state **ppcli, const char *srchost, const char *desthost,
2690                                      struct sockaddr_storage *pdest_ss)
2691 {
2692         struct nmb_name calling, called;
2693
2694         make_nmb_name(&calling, srchost, 0x0);
2695
2696         /*
2697          * If the called name is an IP address
2698          * then use *SMBSERVER immediately.
2699          */
2700
2701         if(is_ipaddress(desthost)) {
2702                 make_nmb_name(&called, STAR_SMBSERVER, 0x20);
2703         } else {
2704                 make_nmb_name(&called, desthost, 0x20);
2705         }
2706
2707         if (!cli_session_request(*ppcli, &calling, &called)) {
2708                 NTSTATUS status;
2709                 struct nmb_name smbservername;
2710
2711                 make_nmb_name(&smbservername, STAR_SMBSERVER, 0x20);
2712
2713                 /*
2714                  * If the name wasn't *SMBSERVER then
2715                  * try with *SMBSERVER if the first name fails.
2716                  */
2717
2718                 if (nmb_name_equal(&called, &smbservername)) {
2719
2720                         /*
2721                          * The name used was *SMBSERVER, don't bother with another name.
2722                          */
2723
2724                         DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
2725 with error %s.\n", desthost, cli_errstr(*ppcli) ));
2726                         return False;
2727                 }
2728
2729                 /* Try again... */
2730                 cli_shutdown(*ppcli);
2731
2732                 *ppcli = cli_initialise();
2733                 if (!*ppcli) {
2734                         /* Out of memory... */
2735                         return False;
2736                 }
2737
2738                 status = cli_connect(*ppcli, desthost, pdest_ss);
2739                 if (!NT_STATUS_IS_OK(status) ||
2740                                 !cli_session_request(*ppcli, &calling, &smbservername)) {
2741                         DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
2742 name *SMBSERVER with error %s\n", desthost, cli_errstr(*ppcli) ));
2743                         return False;
2744                 }
2745         }
2746
2747         return True;
2748 }
2749
2750 /****************************************************************************
2751  Send an old style tcon.
2752 ****************************************************************************/
2753 NTSTATUS cli_raw_tcon(struct cli_state *cli, 
2754                       const char *service, const char *pass, const char *dev,
2755                       uint16 *max_xmit, uint16 *tid)
2756 {
2757         char *p;
2758
2759         if (!lp_client_plaintext_auth() && (*pass)) {
2760                 DEBUG(1, ("Server requested plaintext password but 'client "
2761                           "plaintext auth' is disabled\n"));
2762                 return NT_STATUS_ACCESS_DENIED;
2763         }
2764
2765         memset(cli->outbuf,'\0',smb_size);
2766         memset(cli->inbuf,'\0',smb_size);
2767
2768         cli_set_message(cli->outbuf, 0, 0, True);
2769         SCVAL(cli->outbuf,smb_com,SMBtcon);
2770         cli_setup_packet(cli);
2771
2772         p = smb_buf(cli->outbuf);
2773         *p++ = 4; p += clistr_push(cli, p, service, -1, STR_TERMINATE | STR_NOALIGN);
2774         *p++ = 4; p += clistr_push(cli, p, pass, -1, STR_TERMINATE | STR_NOALIGN);
2775         *p++ = 4; p += clistr_push(cli, p, dev, -1, STR_TERMINATE | STR_NOALIGN);
2776
2777         cli_setup_bcc(cli, p);
2778
2779         cli_send_smb(cli);
2780         if (!cli_receive_smb(cli)) {
2781                 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
2782         }
2783
2784         if (cli_is_error(cli)) {
2785                 return cli_nt_error(cli);
2786         }
2787
2788         *max_xmit = SVAL(cli->inbuf, smb_vwv0);
2789         *tid = SVAL(cli->inbuf, smb_vwv1);
2790
2791         return NT_STATUS_OK;
2792 }
2793
2794 /* Return a cli_state pointing at the IPC$ share for the given server */
2795
2796 struct cli_state *get_ipc_connect(char *server,
2797                                 struct sockaddr_storage *server_ss,
2798                                 const struct user_auth_info *user_info)
2799 {
2800         struct cli_state *cli;
2801         NTSTATUS nt_status;
2802         uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
2803
2804         if (user_info->use_kerberos) {
2805                 flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
2806         }
2807
2808         nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC", 
2809                                         user_info->username ? user_info->username : "",
2810                                         lp_workgroup(),
2811                                         user_info->password ? user_info->password : "",
2812                                         flags,
2813                                         Undefined, NULL);
2814
2815         if (NT_STATUS_IS_OK(nt_status)) {
2816                 return cli;
2817         } else if (is_ipaddress(server)) {
2818             /* windows 9* needs a correct NMB name for connections */
2819             fstring remote_name;
2820
2821             if (name_status_find("*", 0, 0, server_ss, remote_name)) {
2822                 cli = get_ipc_connect(remote_name, server_ss, user_info);
2823                 if (cli)
2824                     return cli;
2825             }
2826         }
2827         return NULL;
2828 }
2829
2830 /*
2831  * Given the IP address of a master browser on the network, return its
2832  * workgroup and connect to it.
2833  *
2834  * This function is provided to allow additional processing beyond what
2835  * get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
2836  * browsers and obtain each master browsers' list of domains (in case the
2837  * first master browser is recently on the network and has not yet
2838  * synchronized with other master browsers and therefore does not yet have the
2839  * entire network browse list)
2840  */
2841
2842 struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
2843                                 struct ip_service *mb_ip,
2844                                 const struct user_auth_info *user_info,
2845                                 char **pp_workgroup_out)
2846 {
2847         char addr[INET6_ADDRSTRLEN];
2848         fstring name;
2849         struct cli_state *cli;
2850         struct sockaddr_storage server_ss;
2851
2852         *pp_workgroup_out = NULL;
2853
2854         print_sockaddr(addr, sizeof(addr), &mb_ip->ss);
2855         DEBUG(99, ("Looking up name of master browser %s\n",
2856                    addr));
2857
2858         /*
2859          * Do a name status query to find out the name of the master browser.
2860          * We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
2861          * master browser will not respond to a wildcard query (or, at least,
2862          * an NT4 server acting as the domain master browser will not).
2863          *
2864          * We might be able to use ONLY the query on MSBROWSE, but that's not
2865          * yet been tested with all Windows versions, so until it is, leave
2866          * the original wildcard query as the first choice and fall back to
2867          * MSBROWSE if the wildcard query fails.
2868          */
2869         if (!name_status_find("*", 0, 0x1d, &mb_ip->ss, name) &&
2870             !name_status_find(MSBROWSE, 1, 0x1d, &mb_ip->ss, name)) {
2871
2872                 DEBUG(99, ("Could not retrieve name status for %s\n",
2873                            addr));
2874                 return NULL;
2875         }
2876
2877         if (!find_master_ip(name, &server_ss)) {
2878                 DEBUG(99, ("Could not find master ip for %s\n", name));
2879                 return NULL;
2880         }
2881
2882         *pp_workgroup_out = talloc_strdup(ctx, name);
2883
2884         DEBUG(4, ("found master browser %s, %s\n", name, addr));
2885
2886         print_sockaddr(addr, sizeof(addr), &server_ss);
2887         cli = get_ipc_connect(addr, &server_ss, user_info);
2888
2889         return cli;
2890 }
2891
2892 /*
2893  * Return the IP address and workgroup of a master browser on the network, and
2894  * connect to it.
2895  */
2896
2897 struct cli_state *get_ipc_connect_master_ip_bcast(TALLOC_CTX *ctx,
2898                                         const struct user_auth_info *user_info,
2899                                         char **pp_workgroup_out)
2900 {
2901         struct ip_service *ip_list;
2902         struct cli_state *cli;
2903         int i, count;
2904
2905         *pp_workgroup_out = NULL;
2906
2907         DEBUG(99, ("Do broadcast lookup for workgroups on local network\n"));
2908
2909         /* Go looking for workgroups by broadcasting on the local network */
2910
2911         if (!NT_STATUS_IS_OK(name_resolve_bcast(MSBROWSE, 1, &ip_list,
2912                                                 &count))) {
2913                 DEBUG(99, ("No master browsers responded\n"));
2914                 return False;
2915         }
2916
2917         for (i = 0; i < count; i++) {
2918                 char addr[INET6_ADDRSTRLEN];
2919                 print_sockaddr(addr, sizeof(addr), &ip_list[i].ss);
2920                 DEBUG(99, ("Found master browser %s\n", addr));
2921
2922                 cli = get_ipc_connect_master_ip(ctx, &ip_list[i],
2923                                 user_info, pp_workgroup_out);
2924                 if (cli)
2925                         return(cli);
2926         }
2927
2928         return NULL;
2929 }