s3: Remove unused "retry" from cli_full_connection
[nivanova/samba-autobuild/.git] / source3 / libsmb / cliconnect.c
index c856b410175ffcec5fab397773990c41896ff198..68a953c196af1a5b8ad5db902f36af79ed500fe9 100644 (file)
@@ -3,26 +3,30 @@
    client connect/disconnect routines
    Copyright (C) Andrew Tridgell 1994-1998
    Copyright (C) Andrew Bartlett 2001-2003
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "includes.h"
+#include "popt_common.h"
 #include "../libcli/auth/libcli_auth.h"
 #include "../libcli/auth/spnego.h"
 #include "smb_krb5.h"
-#include "ntlmssp.h"
+#include "../libcli/auth/ntlmssp.h"
+#include "libads/kerberos_proto.h"
+#include "krb5_env.h"
+#include "async_smb.h"
 
 static const struct {
        int prot;
@@ -105,7 +109,7 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
        cli_set_message(cli->outbuf,10, 0, True);
        SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
        cli_setup_packet(cli);
-       
+
        SCVAL(cli->outbuf,smb_vwv0,0xFF);
        SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
        SSVAL(cli->outbuf,smb_vwv3,2);
@@ -131,7 +135,7 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
        if (cli_is_error(cli)) {
                return cli_nt_error(cli);
        }
-       
+
        /* use the returned vuid from now on */
        cli->vuid = SVAL(cli->inbuf,smb_uid);   
        status = cli_set_username(cli, user);
@@ -264,19 +268,21 @@ static void cli_session_setup_guest_done(struct tevent_req *subreq)
                req, struct cli_session_setup_guest_state);
        struct cli_state *cli = state->cli;
        uint32_t num_bytes;
+       uint8_t *in;
        char *inbuf;
        uint8_t *bytes;
        uint8_t *p;
        NTSTATUS status;
 
-       status = cli_smb_recv(subreq, 0, NULL, NULL, &num_bytes, &bytes);
+       status = cli_smb_recv(subreq, state, &in, 0, NULL, NULL,
+                             &num_bytes, &bytes);
+       TALLOC_FREE(subreq);
        if (!NT_STATUS_IS_OK(status)) {
-               TALLOC_FREE(subreq);
                tevent_req_nterror(req, status);
                return;
        }
 
-       inbuf = (char *)cli_smb_inbuf(subreq);
+       inbuf = (char *)in;
        p = bytes;
 
        cli->vuid = SVAL(inbuf, smb_uid);
@@ -292,8 +298,6 @@ static void cli_session_setup_guest_done(struct tevent_req *subreq)
                cli->is_samba = True;
        }
 
-       TALLOC_FREE(subreq);
-
        status = cli_set_username(cli, "");
        if (!NT_STATUS_IS_OK(status)) {
                tevent_req_nterror(req, status);
@@ -360,14 +364,14 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
        char *p;
        NTSTATUS status;
        fstring lanman;
-       
+
        fstr_sprintf( lanman, "Samba %s", samba_version_string());
 
        memset(cli->outbuf, '\0', smb_size);
        cli_set_message(cli->outbuf,13,0,True);
        SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
        cli_setup_packet(cli);
-                       
+
        SCVAL(cli->outbuf,smb_vwv0,0xFF);
        SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
        SSVAL(cli->outbuf,smb_vwv3,2);
@@ -376,9 +380,9 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
        SSVAL(cli->outbuf,smb_vwv8,0);
        SIVAL(cli->outbuf,smb_vwv11,capabilities); 
        p = smb_buf(cli->outbuf);
-       
+
        /* check wether to send the ASCII or UNICODE version of the password */
-       
+
        if ( (capabilities & CAP_UNICODE) == 0 ) {
                p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
                SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
@@ -394,7 +398,7 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
                p += clistr_push(cli, p, pass, -1, STR_UNICODE|STR_TERMINATE); /* unicode password */
                SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf))-1);        
        }
-       
+
        p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
        p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
        p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
@@ -404,9 +408,9 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
        if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
                return cli_nt_error(cli);
        }
-       
+
        show_msg(cli->inbuf);
-       
+
        if (cli_is_error(cli)) {
                return cli_nt_error(cli);
        }
@@ -525,7 +529,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
        cli_set_message(cli->outbuf,13,0,True);
        SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
        cli_setup_packet(cli);
-                       
+
        SCVAL(cli->outbuf,smb_vwv0,0xFF);
        SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
        SSVAL(cli->outbuf,smb_vwv3,2);
@@ -575,7 +579,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
 
        /* use the returned vuid from now on */
        cli->vuid = SVAL(cli->inbuf,smb_uid);
-       
+
        p = smb_buf(cli->inbuf);
        p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
                         -1, STR_TERMINATE);
@@ -730,11 +734,13 @@ static void cli_sesssetup_blob_done(struct tevent_req *subreq)
        NTSTATUS status;
        uint8_t *p;
        uint16_t blob_length;
+       uint8_t *inbuf;
 
-       status = cli_smb_recv(subreq, 1, &wct, &vwv, &num_bytes, &bytes);
+       status = cli_smb_recv(subreq, state, &inbuf, 1, &wct, &vwv,
+                             &num_bytes, &bytes);
+       TALLOC_FREE(subreq);
        if (!NT_STATUS_IS_OK(status)
            && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-               TALLOC_FREE(subreq);
                tevent_req_nterror(req, status);
                return;
        }
@@ -742,12 +748,11 @@ static void cli_sesssetup_blob_done(struct tevent_req *subreq)
        state->status = status;
        TALLOC_FREE(state->buf);
 
-       state->inbuf = (char *)cli_smb_inbuf(subreq);
+       state->inbuf = (char *)inbuf;
        cli->vuid = SVAL(state->inbuf, smb_uid);
 
        blob_length = SVAL(vwv+3, 0);
        if (blob_length > num_bytes) {
-               TALLOC_FREE(subreq);
                tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
                return;
        }
@@ -770,7 +775,6 @@ static void cli_sesssetup_blob_done(struct tevent_req *subreq)
        }
 
        if (state->blob.length != 0) {
-               TALLOC_FREE(subreq);
                /*
                 * More to send
                 */
@@ -854,14 +858,14 @@ static struct tevent_req *cli_session_setup_kerberos_send(
        cli_temp_set_signing(cli);
 
        /*
-        * Ok, this is cheated: spnego_gen_negTokenTarg can block if
+        * Ok, this is cheating: spnego_gen_krb5_negTokenInit can block if
         * we have to acquire a ticket. To be fixed later :-)
         */
-       rc = spnego_gen_negTokenTarg(principal, 0, &state->negTokenTarg,
+       rc = spnego_gen_krb5_negTokenInit(state, principal, 0, &state->negTokenTarg,
                                     &state->session_key_krb5, 0, NULL);
        if (rc) {
                DEBUG(1, ("cli_session_setup_kerberos: "
-                         "spnego_gen_negTokenTarg failed: %s\n",
+                         "spnego_gen_krb5_negTokenInit failed: %s\n",
                          error_message(rc)));
                state->ads_status = ADS_ERROR_KRB5(rc);
                tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
@@ -969,7 +973,7 @@ static int cli_session_setup_ntlmssp_state_destructor(
        struct cli_session_setup_ntlmssp_state *state)
 {
        if (state->ntlmssp_state != NULL) {
-               ntlmssp_end(&state->ntlmssp_state);
+               TALLOC_FREE(state->ntlmssp_state);
        }
        return 0;
 }
@@ -984,6 +988,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
        struct cli_session_setup_ntlmssp_state *state;
        NTSTATUS status;
        DATA_BLOB blob_out;
+       const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
 
        req = tevent_req_create(mem_ctx, &state,
                                struct cli_session_setup_ntlmssp_state);
@@ -1000,12 +1005,20 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
 
        cli_temp_set_signing(cli);
 
-       status = ntlmssp_client_start(&state->ntlmssp_state);
+       status = ntlmssp_client_start(state,
+                                     global_myname(),
+                                     lp_workgroup(),
+                                     lp_client_ntlmv2_auth(),
+                                     &state->ntlmssp_state);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
        ntlmssp_want_feature(state->ntlmssp_state,
                             NTLMSSP_FEATURE_SESSION_KEY);
+       if (cli->use_ccache) {
+               ntlmssp_want_feature(state->ntlmssp_state,
+                                    NTLMSSP_FEATURE_CCACHE);
+       }
        status = ntlmssp_set_username(state->ntlmssp_state, user);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
@@ -1024,7 +1037,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
                goto fail;
        }
 
-       state->blob_out = gen_negTokenInit(OID_NTLMSSP, blob_out);
+       state->blob_out = spnego_gen_negTokenInit(state, OIDs_ntlm, &blob_out, NULL);
        data_blob_free(&blob_out);
 
        subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);
@@ -1057,7 +1070,7 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
        if (NT_STATUS_IS_OK(status)) {
                if (state->cli->server_domain[0] == '\0') {
                        fstrcpy(state->cli->server_domain,
-                               state->ntlmssp_state->server_domain);
+                               state->ntlmssp_state->server.netbios_domain);
                }
                cli_set_session_key(
                        state->cli, state->ntlmssp_state->session_key);
@@ -1071,7 +1084,7 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
                        return;
                }
                TALLOC_FREE(subreq);
-               ntlmssp_end(&state->ntlmssp_state);
+               TALLOC_FREE(state->ntlmssp_state);
                tevent_req_done(req);
                return;
        }
@@ -1089,11 +1102,11 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
            && NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                DATA_BLOB tmp_blob = data_blob_null;
                /* the server might give us back two challenges */
-               parse_ret = spnego_parse_challenge(blob_in, &msg_in,
+               parse_ret = spnego_parse_challenge(state, blob_in, &msg_in,
                                                   &tmp_blob);
                data_blob_free(&tmp_blob);
        } else {
-               parse_ret = spnego_parse_auth_response(blob_in, status,
+               parse_ret = spnego_parse_auth_response(state, blob_in, status,
                                                       OID_NTLMSSP, &msg_in);
        }
        state->turn += 1;
@@ -1114,12 +1127,12 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
        if (!NT_STATUS_IS_OK(status)
            && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                TALLOC_FREE(subreq);
-               ntlmssp_end(&state->ntlmssp_state);
+               TALLOC_FREE(state->ntlmssp_state);
                tevent_req_nterror(req, status);
                return;
        }
 
-       state->blob_out = spnego_gen_auth(blob_out);
+       state->blob_out = spnego_gen_auth(state, blob_out);
        TALLOC_FREE(subreq);
        if (tevent_req_nomem(state->blob_out.data, req)) {
                return;
@@ -1216,7 +1229,8 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
         * negprot reply. It is WRONG to depend on the principal sent in the
         * negprot reply, but right now we do it. If we don't receive one,
         * we try to best guess, then fall back to NTLM.  */
-       if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
+       if (!spnego_parse_negTokenInit(talloc_tos(), blob, OIDs, &principal, NULL) ||
+                       OIDs[0] == NULL) {
                data_blob_free(&blob);
                return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
        }
@@ -1239,6 +1253,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
 
        status = cli_set_username(cli, user);
        if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(principal);
                return ADS_ERROR_NT(status);
        }
 
@@ -1264,10 +1279,9 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                        }
                }
 
-               /* If we get a bad principal, try to guess it if
-                  we have a valid host NetBIOS name.
+               /* We may not be allowed to use the server-supplied SPNEGO principal, or it may not have been supplied to us
                 */
-               if (strequal(principal, ADS_IGNORE_PRINCIPAL)) {
+               if (!lp_client_use_spnego_principal() || strequal(principal, ADS_IGNORE_PRINCIPAL)) {
                        TALLOC_FREE(principal);
                }
 
@@ -1276,33 +1290,30 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                        !strequal(STAR_SMBSERVER,
                                cli->desthost)) {
                        char *realm = NULL;
-                       char *machine = NULL;
                        char *host = NULL;
-                       DEBUG(3,("cli_session_setup_spnego: got a "
-                               "bad server principal, trying to guess ...\n"));
+                       DEBUG(3,("cli_session_setup_spnego: using target "
+                                "hostname not SPNEGO principal\n"));
 
                        host = strchr_m(cli->desthost, '.');
-                       if (host) {
-                               machine = SMB_STRNDUP(cli->desthost,
-                                       host - cli->desthost);
-                       } else {
-                               machine = SMB_STRDUP(cli->desthost);
-                       }
-                       if (machine == NULL) {
-                               return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
-                       }
-
                        if (dest_realm) {
                                realm = SMB_STRDUP(dest_realm);
                                strupper_m(realm);
                        } else {
-                               realm = kerberos_get_default_realm_from_ccache();
+                               if (host) {
+                                       /* DNS name. */
+                                       realm = kerberos_get_realm_from_hostname(cli->desthost);
+                               } else {
+                                       /* NetBIOS name - use our realm. */
+                                       realm = kerberos_get_default_realm_from_ccache();
+                               }
                        }
+
                        if (realm && *realm) {
-                               principal = talloc_asprintf(NULL, "%s$@%s",
-                                                       machine, realm);
+                               principal = talloc_asprintf(talloc_tos(),
+                                                           "cifs/%s@%s",
+                                                           cli->desthost,
+                                                           realm);
                                if (!principal) {
-                                       SAFE_FREE(machine);
                                        SAFE_FREE(realm);
                                        return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
                                }
@@ -1310,7 +1321,6 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                                        "server principal=%s\n",
                                        principal ? principal : "<null>"));
                        }
-                       SAFE_FREE(machine);
                        SAFE_FREE(realm);
                }
 
@@ -1389,15 +1399,15 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
 
        if (cli->protocol < PROTOCOL_NT1) {
                if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
-                       DEBUG(1, ("Server requested LM password but 'client lanman auth'"
-                                 " is disabled\n"));
+                       DEBUG(1, ("Server requested LM password but 'client lanman auth = no'"
+                                 " or 'client ntlmv2 auth = yes'\n"));
                        return NT_STATUS_ACCESS_DENIED;
                }
 
                if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
                    !lp_client_plaintext_auth() && (*pass)) {
-                       DEBUG(1, ("Server requested plaintext password but "
-                                 "'client plaintext auth' is disabled\n"));
+                       DEBUG(1, ("Server requested LM password but 'client plaintext auth = no'"
+                                 " or 'client ntlmv2 auth = yes'\n"));
                        return NT_STATUS_ACCESS_DENIED;
                }
 
@@ -1423,8 +1433,8 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
 
        if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
                if (!lp_client_plaintext_auth() && (*pass)) {
-                       DEBUG(1, ("Server requested plaintext password but "
-                                 "'client plaintext auth' is disabled\n"));
+                       DEBUG(1, ("Server requested LM password but 'client plaintext auth = no'"
+                                 " or 'client ntlmv2 auth = yes'\n"));
                        return NT_STATUS_ACCESS_DENIED;
                }
                return cli_session_setup_plaintext(cli, user, pass, workgroup);
@@ -1463,25 +1473,88 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
  Send a uloggoff.
 *****************************************************************************/
 
-bool cli_ulogoff(struct cli_state *cli)
+struct cli_ulogoff_state {
+       struct cli_state *cli;
+       uint16_t vwv[3];
+};
+
+static void cli_ulogoff_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_ulogoff_send(TALLOC_CTX *mem_ctx,
+                                   struct tevent_context *ev,
+                                   struct cli_state *cli)
 {
-       memset(cli->outbuf,'\0',smb_size);
-       cli_set_message(cli->outbuf,2,0,True);
-       SCVAL(cli->outbuf,smb_com,SMBulogoffX);
-       cli_setup_packet(cli);
-       SSVAL(cli->outbuf,smb_vwv0,0xFF);
-       SSVAL(cli->outbuf,smb_vwv2,0);  /* no additional info */
+       struct tevent_req *req, *subreq;
+       struct cli_ulogoff_state *state;
 
-       cli_send_smb(cli);
-       if (!cli_receive_smb(cli))
-               return False;
+       req = tevent_req_create(mem_ctx, &state, struct cli_ulogoff_state);
+       if (req == NULL) {
+               return NULL;
+       }
+       state->cli = cli;
 
-       if (cli_is_error(cli)) {
-               return False;
+       SCVAL(state->vwv+0, 0, 0xFF);
+       SCVAL(state->vwv+1, 0, 0);
+       SSVAL(state->vwv+2, 0, 0);
+
+       subreq = cli_smb_send(state, ev, cli, SMBulogoffX, 0, 2, state->vwv,
+                             0, NULL);
+       if (tevent_req_nomem(subreq, req)) {
+               return tevent_req_post(req, ev);
        }
+       tevent_req_set_callback(subreq, cli_ulogoff_done, req);
+       return req;
+}
+
+static void cli_ulogoff_done(struct tevent_req *subreq)
+{
+       struct tevent_req *req = tevent_req_callback_data(
+               subreq, struct tevent_req);
+       struct cli_ulogoff_state *state = tevent_req_data(
+               req, struct cli_ulogoff_state);
+       NTSTATUS status;
 
-        cli->vuid = -1;
-        return True;
+       status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+       if (!NT_STATUS_IS_OK(status)) {
+               tevent_req_nterror(req, status);
+               return;
+       }
+       state->cli->vuid = -1;
+       tevent_req_done(req);
+}
+
+NTSTATUS cli_ulogoff_recv(struct tevent_req *req)
+{
+       return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_ulogoff(struct cli_state *cli)
+{
+       struct tevent_context *ev;
+       struct tevent_req *req;
+       NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+       if (cli_has_async_calls(cli)) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+       ev = tevent_context_init(talloc_tos());
+       if (ev == NULL) {
+               goto fail;
+       }
+       req = cli_ulogoff_send(ev, ev, cli);
+       if (req == NULL) {
+               goto fail;
+       }
+       if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+               goto fail;
+       }
+       status = cli_ulogoff_recv(req);
+fail:
+       TALLOC_FREE(ev);
+       if (!NT_STATUS_IS_OK(status)) {
+               cli_set_error(cli, status);
+       }
+       return status;
 }
 
 /****************************************************************************
@@ -1510,6 +1583,8 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
        char *tmp = NULL;
        uint8_t *bytes;
 
+       *psmbreq = NULL;
+
        req = tevent_req_create(mem_ctx, &state, struct cli_tcon_andx_state);
        if (req == NULL) {
                return NULL;
@@ -1534,7 +1609,7 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
                if (!lp_client_lanman_auth()) {
                        DEBUG(1, ("Server requested LANMAN password "
                                  "(share-level security) but "
-                                 "'client lanman auth' is disabled\n"));
+                                 "'client lanman auth = no' or 'client ntlmv2 auth = yes'\n"));
                        goto access_denied;
                }
 
@@ -1550,8 +1625,8 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
                   == 0) {
                        if (!lp_client_plaintext_auth() && (*pass)) {
                                DEBUG(1, ("Server requested plaintext "
-                                         "password but 'client plaintext "
-                                         "auth' is disabled\n"));
+                                         "password but "
+                                         "'client lanman auth = no' or 'client ntlmv2 auth = yes'\n"));
                                goto access_denied;
                        }
 
@@ -1645,6 +1720,9 @@ struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
        if (req == NULL) {
                return NULL;
        }
+       if (subreq == NULL) {
+               return req;
+       }
        status = cli_smb_req_send(subreq);
        if (!NT_STATUS_IS_OK(status)) {
                tevent_req_nterror(req, status);
@@ -1660,20 +1738,24 @@ static void cli_tcon_andx_done(struct tevent_req *subreq)
        struct cli_tcon_andx_state *state = tevent_req_data(
                req, struct cli_tcon_andx_state);
        struct cli_state *cli = state->cli;
-       char *inbuf = (char *)cli_smb_inbuf(subreq);
+       uint8_t *in;
+       char *inbuf;
        uint8_t wct;
        uint16_t *vwv;
        uint32_t num_bytes;
        uint8_t *bytes;
        NTSTATUS status;
 
-       status = cli_smb_recv(subreq, 0, &wct, &vwv, &num_bytes, &bytes);
+       status = cli_smb_recv(subreq, state, &in, 0, &wct, &vwv,
+                             &num_bytes, &bytes);
+       TALLOC_FREE(subreq);
        if (!NT_STATUS_IS_OK(status)) {
-               TALLOC_FREE(subreq);
                tevent_req_nterror(req, status);
                return;
        }
 
+       inbuf = (char *)in;
+
        clistr_pull(inbuf, cli->dev, bytes, sizeof(fstring), num_bytes,
                    STR_TERMINATE|STR_ASCII);
 
@@ -1748,24 +1830,83 @@ NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
  Send a tree disconnect.
 ****************************************************************************/
 
-bool cli_tdis(struct cli_state *cli)
+struct cli_tdis_state {
+       struct cli_state *cli;
+};
+
+static void cli_tdis_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_tdis_send(TALLOC_CTX *mem_ctx,
+                                struct tevent_context *ev,
+                                struct cli_state *cli)
 {
-       memset(cli->outbuf,'\0',smb_size);
-       cli_set_message(cli->outbuf,0,0,True);
-       SCVAL(cli->outbuf,smb_com,SMBtdis);
-       SSVAL(cli->outbuf,smb_tid,cli->cnum);
-       cli_setup_packet(cli);
+       struct tevent_req *req, *subreq;
+       struct cli_tdis_state *state;
 
-       cli_send_smb(cli);
-       if (!cli_receive_smb(cli))
-               return False;
+       req = tevent_req_create(mem_ctx, &state, struct cli_tdis_state);
+       if (req == NULL) {
+               return NULL;
+       }
+       state->cli = cli;
 
-       if (cli_is_error(cli)) {
-               return False;
+       subreq = cli_smb_send(state, ev, cli, SMBtdis, 0, 0, NULL, 0, NULL);
+       if (tevent_req_nomem(subreq, req)) {
+               return tevent_req_post(req, ev);
        }
+       tevent_req_set_callback(subreq, cli_tdis_done, req);
+       return req;
+}
 
-       cli->cnum = -1;
-       return True;
+static void cli_tdis_done(struct tevent_req *subreq)
+{
+       struct tevent_req *req = tevent_req_callback_data(
+               subreq, struct tevent_req);
+       struct cli_tdis_state *state = tevent_req_data(
+               req, struct cli_tdis_state);
+       NTSTATUS status;
+
+       status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+       TALLOC_FREE(subreq);
+       if (!NT_STATUS_IS_OK(status)) {
+               tevent_req_nterror(req, status);
+               return;
+       }
+       state->cli->cnum = -1;
+       tevent_req_done(req);
+}
+
+NTSTATUS cli_tdis_recv(struct tevent_req *req)
+{
+       return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_tdis(struct cli_state *cli)
+{
+       struct tevent_context *ev;
+       struct tevent_req *req;
+       NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+       if (cli_has_async_calls(cli)) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+       ev = tevent_context_init(talloc_tos());
+       if (ev == NULL) {
+               goto fail;
+       }
+       req = cli_tdis_send(ev, ev, cli);
+       if (req == NULL) {
+               goto fail;
+       }
+       if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+               goto fail;
+       }
+       status = cli_tdis_recv(req);
+fail:
+       TALLOC_FREE(ev);
+       if (!NT_STATUS_IS_OK(status)) {
+               cli_set_error(cli, status);
+       }
+       return status;
 }
 
 /****************************************************************************
@@ -1879,10 +2020,12 @@ static void cli_negprot_done(struct tevent_req *subreq)
        uint8_t *bytes;
        NTSTATUS status;
        uint16_t protnum;
+       uint8_t *inbuf;
 
-       status = cli_smb_recv(subreq, 1, &wct, &vwv, &num_bytes, &bytes);
+       status = cli_smb_recv(subreq, state, &inbuf, 1, &wct, &vwv,
+                             &num_bytes, &bytes);
+       TALLOC_FREE(subreq);
        if (!NT_STATUS_IS_OK(status)) {
-               TALLOC_FREE(subreq);
                tevent_req_nterror(req, status);
                return;
        }
@@ -1969,6 +2112,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
                        SAFE_FREE(cli->inbuf);
                        cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
                        cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
+                       if (!cli->outbuf || !cli->inbuf) {
+                               tevent_req_nterror(req,
+                                               NT_STATUS_NO_MEMORY);
+                               return;
+                       }
                        cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
                }
 
@@ -1981,8 +2129,8 @@ static void cli_negprot_done(struct tevent_req *subreq)
                cli->serverzone = SVALS(vwv + 10, 0);
                cli->serverzone *= 60;
                /* this time is converted to GMT by make_unix_date */
-               cli->servertime = cli_make_unix_date(
-                       cli, (char *)(vwv + 8));
+               cli->servertime = make_unix_date(
+                       (char *)(vwv + 8), cli->serverzone);
                cli->readbraw_supported = ((SVAL(vwv + 5, 0) & 0x1) != 0);
                cli->writebraw_supported = ((SVAL(vwv + 5, 0) & 0x2) != 0);
                cli->secblob = data_blob(bytes, num_bytes);
@@ -2057,6 +2205,7 @@ bool cli_session_request(struct cli_state *cli,
 {
        char *p;
        int len = 4;
+       int namelen = 0;
        char *tmp;
 
        /* 445 doesn't have session request */
@@ -2075,8 +2224,11 @@ bool cli_session_request(struct cli_state *cli,
        }
 
        p = cli->outbuf+len;
-       memcpy(p, tmp, name_len(tmp));
-       len += name_len(tmp);
+       namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp));
+       if (namelen > 0) {
+               memcpy(p, tmp, namelen);
+               len += namelen;
+       }
        TALLOC_FREE(tmp);
 
        /* and my name */
@@ -2088,8 +2240,11 @@ bool cli_session_request(struct cli_state *cli,
        }
 
        p = cli->outbuf+len;
-       memcpy(p, tmp, name_len(tmp));
-       len += name_len(tmp);
+       namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp));
+       if (namelen > 0) {
+               memcpy(p, tmp, namelen);
+               len += namelen;
+       }
        TALLOC_FREE(tmp);
 
        /* send a session request (RFC 1002) */
@@ -2422,6 +2577,9 @@ again:
             cli->use_kerberos) {
                cli->fallback_after_kerberos = true;
        }
+       if (flags & CLI_FULL_CONNECTION_USE_CCACHE) {
+               cli->use_ccache = true;
+       }
 
        nt_status = cli_negprot(cli);
        if (!NT_STATUS_IS_OK(nt_status)) {
@@ -2446,7 +2604,6 @@ again:
    @param user Username, unix string
    @param domain User's domain
    @param password User's password, unencrypted unix string.
-   @param retry bool. Did this connection fail with a retryable error ?
 */
 
 NTSTATUS cli_full_connection(struct cli_state **output_cli, 
@@ -2456,8 +2613,7 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
                             const char *service, const char *service_type,
                             const char *user, const char *domain, 
                             const char *password, int flags,
-                            int signing_state,
-                            bool *retry) 
+                            int signing_state)
 {
        NTSTATUS nt_status;
        struct cli_state *cli = NULL;
@@ -2471,7 +2627,7 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
 
        nt_status = cli_start_connection(&cli, my_name, dest_host,
                                         dest_ss, port, signing_state,
-                                        flags, retry);
+                                        flags, NULL);
 
        if (!NT_STATUS_IS_OK(nt_status)) {
                return nt_status;
@@ -2652,7 +2808,7 @@ struct cli_state *get_ipc_connect(char *server,
                                        lp_workgroup(),
                                        user_info->password ? user_info->password : "",
                                        flags,
-                                       Undefined, NULL);
+                                       Undefined);
 
        if (NT_STATUS_IS_OK(nt_status)) {
                return cli;