s3: Remove unused "retry" from cli_full_connection
[nivanova/samba-autobuild/.git] / source3 / libsmb / cliconnect.c
index 169bf4f03764d395b12f9ab3d78b1b097cc06365..68a953c196af1a5b8ad5db902f36af79ed500fe9 100644 (file)
@@ -26,6 +26,7 @@
 #include "../libcli/auth/ntlmssp.h"
 #include "libads/kerberos_proto.h"
 #include "krb5_env.h"
+#include "async_smb.h"
 
 static const struct {
        int prot;
@@ -1228,7 +1229,8 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
         * negprot reply. It is WRONG to depend on the principal sent in the
         * negprot reply, but right now we do it. If we don't receive one,
         * we try to best guess, then fall back to NTLM.  */
-       if (!spnego_parse_negTokenInit(talloc_tos(), blob, OIDs, &principal, NULL)) {
+       if (!spnego_parse_negTokenInit(talloc_tos(), blob, OIDs, &principal, NULL) ||
+                       OIDs[0] == NULL) {
                data_blob_free(&blob);
                return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
        }
@@ -1277,10 +1279,9 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                        }
                }
 
-               /* If we get a bad principal, try to guess it if
-                  we have a valid host NetBIOS name.
+               /* We may not be allowed to use the server-supplied SPNEGO principal, or it may not have been supplied to us
                 */
-               if (strequal(principal, ADS_IGNORE_PRINCIPAL)) {
+               if (!lp_client_use_spnego_principal() || strequal(principal, ADS_IGNORE_PRINCIPAL)) {
                        TALLOC_FREE(principal);
                }
 
@@ -1289,24 +1290,11 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                        !strequal(STAR_SMBSERVER,
                                cli->desthost)) {
                        char *realm = NULL;
-                       char *machine = NULL;
                        char *host = NULL;
-                       DEBUG(3,("cli_session_setup_spnego: got a "
-                               "bad server principal, trying to guess ...\n"));
+                       DEBUG(3,("cli_session_setup_spnego: using target "
+                                "hostname not SPNEGO principal\n"));
 
                        host = strchr_m(cli->desthost, '.');
-                       if (host) {
-                               /* We had a '.' in the name. */
-                               machine = SMB_STRNDUP(cli->desthost,
-                                       host - cli->desthost);
-                       } else {
-                               machine = SMB_STRDUP(cli->desthost);
-                       }
-                       if (machine == NULL) {
-                               TALLOC_FREE(principal);
-                               return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
-                       }
-
                        if (dest_realm) {
                                realm = SMB_STRDUP(dest_realm);
                                strupper_m(realm);
@@ -1321,21 +1309,11 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                        }
 
                        if (realm && *realm) {
-                               if (host) {
-                                       /* DNS name. */
-                                       principal = talloc_asprintf(talloc_tos(),
-                                                       "cifs/%s@%s",
-                                                       cli->desthost,
-                                                       realm);
-                               } else {
-                                       /* NetBIOS name, use machine account. */
-                                       principal = talloc_asprintf(talloc_tos(),
-                                                       "%s$@%s",
-                                                       machine,
-                                                       realm);
-                               }
+                               principal = talloc_asprintf(talloc_tos(),
+                                                           "cifs/%s@%s",
+                                                           cli->desthost,
+                                                           realm);
                                if (!principal) {
-                                       SAFE_FREE(machine);
                                        SAFE_FREE(realm);
                                        return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
                                }
@@ -1343,7 +1321,6 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                                        "server principal=%s\n",
                                        principal ? principal : "<null>"));
                        }
-                       SAFE_FREE(machine);
                        SAFE_FREE(realm);
                }
 
@@ -1422,15 +1399,15 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
 
        if (cli->protocol < PROTOCOL_NT1) {
                if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
-                       DEBUG(1, ("Server requested LM password but 'client lanman auth'"
-                                 " is disabled\n"));
+                       DEBUG(1, ("Server requested LM password but 'client lanman auth = no'"
+                                 " or 'client ntlmv2 auth = yes'\n"));
                        return NT_STATUS_ACCESS_DENIED;
                }
 
                if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
                    !lp_client_plaintext_auth() && (*pass)) {
-                       DEBUG(1, ("Server requested plaintext password but "
-                                 "'client plaintext auth' is disabled\n"));
+                       DEBUG(1, ("Server requested LM password but 'client plaintext auth = no'"
+                                 " or 'client ntlmv2 auth = yes'\n"));
                        return NT_STATUS_ACCESS_DENIED;
                }
 
@@ -1456,8 +1433,8 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
 
        if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
                if (!lp_client_plaintext_auth() && (*pass)) {
-                       DEBUG(1, ("Server requested plaintext password but "
-                                 "'client plaintext auth' is disabled\n"));
+                       DEBUG(1, ("Server requested LM password but 'client plaintext auth = no'"
+                                 " or 'client ntlmv2 auth = yes'\n"));
                        return NT_STATUS_ACCESS_DENIED;
                }
                return cli_session_setup_plaintext(cli, user, pass, workgroup);
@@ -1498,7 +1475,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
 
 struct cli_ulogoff_state {
        struct cli_state *cli;
-       uint16_t vwv[2];
+       uint16_t vwv[3];
 };
 
 static void cli_ulogoff_done(struct tevent_req *subreq);
@@ -1632,7 +1609,7 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
                if (!lp_client_lanman_auth()) {
                        DEBUG(1, ("Server requested LANMAN password "
                                  "(share-level security) but "
-                                 "'client lanman auth' is disabled\n"));
+                                 "'client lanman auth = no' or 'client ntlmv2 auth = yes'\n"));
                        goto access_denied;
                }
 
@@ -1648,8 +1625,8 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
                   == 0) {
                        if (!lp_client_plaintext_auth() && (*pass)) {
                                DEBUG(1, ("Server requested plaintext "
-                                         "password but 'client plaintext "
-                                         "auth' is disabled\n"));
+                                         "password but "
+                                         "'client lanman auth = no' or 'client ntlmv2 auth = yes'\n"));
                                goto access_denied;
                        }
 
@@ -2228,6 +2205,7 @@ bool cli_session_request(struct cli_state *cli,
 {
        char *p;
        int len = 4;
+       int namelen = 0;
        char *tmp;
 
        /* 445 doesn't have session request */
@@ -2246,8 +2224,11 @@ bool cli_session_request(struct cli_state *cli,
        }
 
        p = cli->outbuf+len;
-       memcpy(p, tmp, name_len(tmp));
-       len += name_len(tmp);
+       namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp));
+       if (namelen > 0) {
+               memcpy(p, tmp, namelen);
+               len += namelen;
+       }
        TALLOC_FREE(tmp);
 
        /* and my name */
@@ -2259,8 +2240,11 @@ bool cli_session_request(struct cli_state *cli,
        }
 
        p = cli->outbuf+len;
-       memcpy(p, tmp, name_len(tmp));
-       len += name_len(tmp);
+       namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp));
+       if (namelen > 0) {
+               memcpy(p, tmp, namelen);
+               len += namelen;
+       }
        TALLOC_FREE(tmp);
 
        /* send a session request (RFC 1002) */
@@ -2620,7 +2604,6 @@ again:
    @param user Username, unix string
    @param domain User's domain
    @param password User's password, unencrypted unix string.
-   @param retry bool. Did this connection fail with a retryable error ?
 */
 
 NTSTATUS cli_full_connection(struct cli_state **output_cli, 
@@ -2630,8 +2613,7 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
                             const char *service, const char *service_type,
                             const char *user, const char *domain, 
                             const char *password, int flags,
-                            int signing_state,
-                            bool *retry) 
+                            int signing_state)
 {
        NTSTATUS nt_status;
        struct cli_state *cli = NULL;
@@ -2645,7 +2627,7 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
 
        nt_status = cli_start_connection(&cli, my_name, dest_host,
                                         dest_ss, port, signing_state,
-                                        flags, retry);
+                                        flags, NULL);
 
        if (!NT_STATUS_IS_OK(nt_status)) {
                return nt_status;
@@ -2826,7 +2808,7 @@ struct cli_state *get_ipc_connect(char *server,
                                        lp_workgroup(),
                                        user_info->password ? user_info->password : "",
                                        flags,
-                                       Undefined, NULL);
+                                       Undefined);
 
        if (NT_STATUS_IS_OK(nt_status)) {
                return cli;