{PROTOCOL_NT1, "NT LM 0.12"},
};
-static const char *star_smbserver_name = "*SMBSERVER";
+#define STAR_SMBSERVER "*SMBSERVER"
/**
* Set the user session key for a connection
cli->vuid = SVAL(cli->inbuf,smb_uid);
p = smb_buf(cli->inbuf);
- p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
+ -1, STR_TERMINATE);
if (strstr(cli->server_type, "Samba")) {
cli->is_samba = True;
char *p;
fstring lanman;
- fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);
+ fstr_sprintf( lanman, "Samba %s", samba_version_string());
memset(cli->outbuf, '\0', smb_size);
cli_set_message(cli->outbuf,13,0,True);
cli->vuid = SVAL(cli->inbuf,smb_uid);
p = smb_buf(cli->inbuf);
- p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
+ -1, STR_TERMINATE);
fstrcpy(cli->user_name, user);
if (strstr(cli->server_type, "Samba")) {
cli->vuid = SVAL(cli->inbuf,smb_uid);
p = smb_buf(cli->inbuf);
- p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
+ -1, STR_TERMINATE);
if (strstr(cli->server_type, "Samba")) {
cli->is_samba = True;
blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
p += blob2.length;
- p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+ -1, STR_TERMINATE);
/* w2k with kerberos doesn't properly null terminate this field */
len = smb_bufrem(cli->inbuf, p);
- p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0);
+ p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+ len, 0);
return blob2;
}
#define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
-static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob, DATA_BLOB session_key_krb5)
+static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
{
int32 remaining = blob.length;
int32 cur = 0;
send_blob.length = max_blob_size;
remaining -= max_blob_size;
} else {
- DATA_BLOB null_blob = data_blob_null;
-
send_blob.length = remaining;
remaining = 0;
-
- /* This is the last packet in the sequence - turn signing on. */
- cli_simple_set_signing(cli, session_key_krb5, null_blob);
}
send_blob.data = &blob.data[cur];
{
DATA_BLOB negTokenTarg;
DATA_BLOB session_key_krb5;
+ NTSTATUS nt_status;
int rc;
+ cli_temp_set_signing(cli);
+
DEBUG(2,("Doing kerberos session setup\n"));
/* generate the encapsulated kerberos5 ticket */
file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
#endif
- if (!cli_session_setup_blob(cli, negTokenTarg, session_key_krb5)) {
- data_blob_free(&negTokenTarg);
- data_blob_free(&session_key_krb5);
- return ADS_ERROR_NT(cli_nt_error(cli));
+ if (!cli_session_setup_blob(cli, negTokenTarg)) {
+ nt_status = cli_nt_error(cli);
+ goto nt_error;
+ }
+
+ if (cli_is_error(cli)) {
+ nt_status = cli_nt_error(cli);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ nt_status = NT_STATUS_UNSUCCESSFUL;
+ }
+ goto nt_error;
}
cli_set_session_key(cli, session_key_krb5);
+ if (cli_simple_set_signing(
+ cli, session_key_krb5, data_blob_null)) {
+
+ /* 'resign' the last message, so we get the right sequence numbers
+ for checking the first reply from the server */
+ cli_calculate_sign_mac(cli, cli->outbuf);
+
+ if (!cli_check_sign_mac(cli, cli->inbuf)) {
+ nt_status = NT_STATUS_ACCESS_DENIED;
+ goto nt_error;
+ }
+ }
+
data_blob_free(&negTokenTarg);
data_blob_free(&session_key_krb5);
- if (cli_is_error(cli)) {
- if (NT_STATUS_IS_OK(cli_nt_error(cli))) {
- return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- }
- }
- return ADS_ERROR_NT(cli_nt_error(cli));
+ return ADS_ERROR_NT(NT_STATUS_OK);
+
+nt_error:
+ data_blob_free(&negTokenTarg);
+ data_blob_free(&session_key_krb5);
+ cli->vuid = 0;
+ return ADS_ERROR_NT(nt_status);
}
#endif /* HAVE_KRB5 */
if (principal == NULL &&
!is_ipaddress(cli->desthost) &&
- !strequal(star_smbserver_name,
+ !strequal(STAR_SMBSERVER,
cli->desthost)) {
char *realm = NULL;
char *machine = NULL;
if (cli_is_error(cli))
return False;
- clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII);
+ clistr_pull(cli->inbuf, cli->dev, smb_buf(cli->inbuf), sizeof(fstring),
+ -1, STR_TERMINATE|STR_ASCII);
if (cli->protocol >= PROTOCOL_NT1 &&
smb_buflen(cli->inbuf) == 3) {
Send a negprot command.
****************************************************************************/
-void cli_negprot_send(struct cli_state *cli)
+void cli_negprot_sendsync(struct cli_state *cli)
{
char *p;
int numprots;
Send a negprot command.
****************************************************************************/
-bool cli_negprot(struct cli_state *cli)
+struct async_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct cli_state *cli)
{
- char *p;
+ struct async_req *result;
+ uint8_t *bytes = NULL;
int numprots;
- int plength;
if (cli->protocol < PROTOCOL_NT1)
cli->use_spnego = False;
- memset(cli->outbuf,'\0',smb_size);
-
- plength = 0;
-
/* setup the protocol strings */
for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
+ uint8_t c = 2;
if (prots[numprots].prot > cli->protocol) {
break;
}
- plength += strlen(prots[numprots].name)+2;
- }
-
- cli_set_message(cli->outbuf,0,plength,True);
-
- p = smb_buf(cli->outbuf);
- for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
- if (prots[numprots].prot > cli->protocol) {
- break;
+ bytes = (uint8_t *)talloc_append_blob(
+ talloc_tos(), bytes, data_blob_const(&c, sizeof(c)));
+ if (bytes == NULL) {
+ return NULL;
+ }
+ bytes = smb_bytes_push_str(bytes, false,
+ prots[numprots].name,
+ strlen(prots[numprots].name)+1,
+ NULL);
+ if (bytes == NULL) {
+ return NULL;
}
- *p++ = 2;
- p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
}
- SCVAL(cli->outbuf,smb_com,SMBnegprot);
- cli_setup_packet(cli);
+ result = cli_request_send(mem_ctx, ev, cli, SMBnegprot, 0, 0, NULL, 0,
+ talloc_get_size(bytes), bytes);
+ TALLOC_FREE(bytes);
+ return result;
+}
- SCVAL(smb_buf(cli->outbuf),0,2);
+NTSTATUS cli_negprot_recv(struct async_req *req)
+{
+ struct cli_request *cli_req = talloc_get_type_abort(
+ req->private_data, struct cli_request);
+ struct cli_state *cli = cli_req->cli;
+ uint8_t wct;
+ uint16_t *vwv;
+ uint16_t num_bytes;
+ uint8_t *bytes;
+ NTSTATUS status;
+ uint16_t protnum;
- cli_send_smb(cli);
- if (!cli_receive_smb(cli))
- return False;
+ if (async_req_is_error(req, &status)) {
+ return status;
+ }
- show_msg(cli->inbuf);
+ status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- if (cli_is_error(cli) ||
- ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) {
- return(False);
+ protnum = SVAL(vwv, 0);
+
+ if ((protnum >= ARRAY_SIZE(prots))
+ || (prots[protnum].prot > cli_req->cli->protocol)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
- cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot;
+ cli->protocol = prots[protnum].prot;
if ((cli->protocol < PROTOCOL_NT1) && cli->sign_info.mandatory_signing) {
DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
if (cli->protocol >= PROTOCOL_NT1) {
struct timespec ts;
/* NT protocol */
- cli->sec_mode = CVAL(cli->inbuf,smb_vwv1);
- cli->max_mux = SVAL(cli->inbuf, smb_vwv1+1);
- cli->max_xmit = IVAL(cli->inbuf,smb_vwv3+1);
- cli->sesskey = IVAL(cli->inbuf,smb_vwv7+1);
- cli->serverzone = SVALS(cli->inbuf,smb_vwv15+1);
+ cli->sec_mode = CVAL(vwv + 1, 0);
+ cli->max_mux = SVAL(vwv + 1, 1);
+ cli->max_xmit = IVAL(vwv + 3, 1);
+ cli->sesskey = IVAL(vwv + 7, 1);
+ cli->serverzone = SVALS(vwv + 15, 1);
cli->serverzone *= 60;
/* this time arrives in real GMT */
- ts = interpret_long_date(cli->inbuf+smb_vwv11+1);
+ ts = interpret_long_date(((char *)(vwv+11))+1);
cli->servertime = ts.tv_sec;
- cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
- cli->capabilities = IVAL(cli->inbuf,smb_vwv9+1);
+ cli->secblob = data_blob(bytes, num_bytes);
+ cli->capabilities = IVAL(vwv + 9, 1);
if (cli->capabilities & CAP_RAW_MODE) {
cli->readbraw_supported = True;
cli->writebraw_supported = True;
/* work out if they sent us a workgroup */
if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
smb_buflen(cli->inbuf) > 8) {
- clistr_pull(cli, cli->server_domain,
- smb_buf(cli->inbuf)+8, sizeof(cli->server_domain),
- smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN);
+ clistr_pull(cli->inbuf, cli->server_domain,
+ bytes+8, sizeof(cli->server_domain),
+ num_bytes-8,
+ STR_UNICODE|STR_NOALIGN);
}
/*
/* Fail if server says signing is mandatory and we don't want to support it. */
if (!cli->sign_info.allow_smb_signing) {
DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
cli->sign_info.negotiated_smb_signing = True;
cli->sign_info.mandatory_signing = True;
/* Fail if client says signing is mandatory and the server doesn't support it. */
if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
cli->sign_info.negotiated_smb_signing = True;
cli->sign_info.mandatory_signing = True;
} else if (cli->protocol >= PROTOCOL_LANMAN1) {
cli->use_spnego = False;
- cli->sec_mode = SVAL(cli->inbuf,smb_vwv1);
- cli->max_xmit = SVAL(cli->inbuf,smb_vwv2);
- cli->max_mux = SVAL(cli->inbuf, smb_vwv3);
- cli->sesskey = IVAL(cli->inbuf,smb_vwv6);
- cli->serverzone = SVALS(cli->inbuf,smb_vwv10);
+ cli->sec_mode = SVAL(vwv + 1, 0);
+ cli->max_xmit = SVAL(vwv + 2, 0);
+ cli->max_mux = SVAL(vwv + 3, 0);
+ cli->sesskey = IVAL(vwv + 6, 0);
+ cli->serverzone = SVALS(vwv + 10, 0);
cli->serverzone *= 60;
/* this time is converted to GMT by make_unix_date */
- cli->servertime = cli_make_unix_date(cli,cli->inbuf+smb_vwv8);
- cli->readbraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x1) != 0);
- cli->writebraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x2) != 0);
- cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
+ cli->servertime = cli_make_unix_date(
+ cli, (char *)(vwv + 8));
+ cli->readbraw_supported = ((SVAL(vwv + 5, 0) & 0x1) != 0);
+ cli->writebraw_supported = ((SVAL(vwv + 5, 0) & 0x2) != 0);
+ cli->secblob = data_blob(bytes, num_bytes);
} else {
/* the old core protocol */
cli->use_spnego = False;
if (getenv("CLI_FORCE_ASCII"))
cli->capabilities &= ~CAP_UNICODE;
- return True;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_negprot(struct cli_state *cli)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct event_context *ev;
+ struct async_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (cli->fd_event != NULL) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ cli_set_error(cli, NT_STATUS_INVALID_PARAMETER);
+ goto fail;
+ }
+
+ ev = event_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+
+ req = cli_negprot_send(frame, ev, cli);
+ if (req == NULL) {
+ goto fail;
+ }
+
+ while (req->state < ASYNC_REQ_DONE) {
+ event_loop_once(ev);
+ }
+
+ status = cli_negprot_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
}
/****************************************************************************
*/
uint16_t port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
struct in_addr dest_ip;
+ NTSTATUS status;
/* SESSION RETARGET */
putip((char *)&dest_ip,cli->inbuf+4);
in_addr_to_sockaddr_storage(&cli->dest_ss, dest_ip);
- cli->fd = open_socket_out(SOCK_STREAM,
- &cli->dest_ss,
- port,
- LONG_CONNECT_TIMEOUT);
- if (cli->fd == -1)
+ status = open_socket_out(&cli->dest_ss, port,
+ LONG_CONNECT_TIMEOUT, &cli->fd);
+ if (!NT_STATUS_IS_OK(status)) {
return False;
+ }
DEBUG(3,("Retargeted\n"));
return(True);
}
+static void smb_sock_connected(struct async_req *req)
+{
+ int *pfd = (int *)req->async.priv;
+ int fd;
+ NTSTATUS status;
+
+ status = open_socket_out_defer_recv(req, &fd);
+ if (NT_STATUS_IS_OK(status)) {
+ *pfd = fd;
+ }
+}
+
+static NTSTATUS open_smb_socket(const struct sockaddr_storage *pss,
+ uint16_t *port, int timeout, int *pfd)
+{
+ struct event_context *ev;
+ struct async_req *r139, *r445;
+ int fd139 = -1;
+ int fd445 = -1;
+ NTSTATUS status;
+
+ if (*port != 0) {
+ return open_socket_out(pss, *port, timeout, pfd);
+ }
+
+ ev = event_context_init(talloc_tos());
+ if (ev == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ r445 = open_socket_out_defer_send(ev, ev, timeval_set(0, 0),
+ pss, 445, timeout);
+ r139 = open_socket_out_defer_send(ev, ev, timeval_set(0, 3000),
+ pss, 139, timeout);
+ if ((r445 == NULL) || (r139 == NULL)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ r445->async.fn = smb_sock_connected;
+ r445->async.priv = &fd445;
+ r139->async.fn = smb_sock_connected;
+ r139->async.priv = &fd139;
+
+ while ((fd139 == -1) && (r139->state < ASYNC_REQ_DONE)
+ && (fd445 == -1) && (r445->state < ASYNC_REQ_DONE)) {
+ event_loop_once(ev);
+ }
+
+ if ((fd139 != -1) && (fd445 != -1)) {
+ close(fd139);
+ fd139 = -1;
+ }
+
+ if (fd445 != -1) {
+ *port = 445;
+ *pfd = fd445;
+ status = NT_STATUS_OK;
+ goto done;
+ }
+ if (fd139 != -1) {
+ *port = 139;
+ *pfd = fd139;
+ status = NT_STATUS_OK;
+ goto done;
+ }
+
+ status = open_socket_out_defer_recv(r445, &fd445);
+ done:
+ TALLOC_FREE(ev);
+ return status;
+}
+
/****************************************************************************
Open the client sockets.
****************************************************************************/
/* reasonable default hostname */
if (!host) {
- host = star_smbserver_name;
+ host = STAR_SMBSERVER;
}
fstrcpy(cli->desthost, host);
if (getenv("LIBSMB_PROG")) {
cli->fd = sock_exec(getenv("LIBSMB_PROG"));
} else {
- /* try 445 first, then 139 */
- uint16_t port = cli->port?cli->port:445;
- cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ss,
- port, cli->timeout);
- if (cli->fd == -1 && cli->port == 0) {
- port = 139;
- cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ss,
- port, cli->timeout);
- }
- if (cli->fd != -1) {
+ uint16_t port = cli->port;
+ NTSTATUS status;
+ status = open_smb_socket(&cli->dest_ss, &port,
+ cli->timeout, &cli->fd);
+ if (NT_STATUS_IS_OK(status)) {
cli->port = port;
}
}
make_nmb_name(&calling, my_name, 0x0);
make_nmb_name(&called , dest_host, 0x20);
- if (cli_set_port(cli, port) != port) {
- cli_shutdown(cli);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
+ cli_set_port(cli, port);
cli_set_timeout(cli, 10000); /* 10 seconds. */
if (dest_ss) {
*p = 0;
goto again;
}
- if (strcmp(called.name, star_smbserver_name)) {
- make_nmb_name(&called , star_smbserver_name, 0x20);
+ if (strcmp(called.name, STAR_SMBSERVER)) {
+ make_nmb_name(&called , STAR_SMBSERVER, 0x20);
goto again;
}
return NT_STATUS_BAD_NETWORK_NAME;
cli->fallback_after_kerberos = true;
}
- if (!cli_negprot(cli)) {
- DEBUG(1,("failed negprot\n"));
- nt_status = cli_nt_error(cli);
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = NT_STATUS_UNSUCCESSFUL;
- }
+ nt_status = cli_negprot(cli);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status)));
cli_shutdown(cli);
return nt_status;
}
*/
if(is_ipaddress(desthost)) {
- make_nmb_name(&called, star_smbserver_name, 0x20);
+ make_nmb_name(&called, STAR_SMBSERVER, 0x20);
} else {
make_nmb_name(&called, desthost, 0x20);
}
NTSTATUS status;
struct nmb_name smbservername;
- make_nmb_name(&smbservername, star_smbserver_name, 0x20);
+ make_nmb_name(&smbservername, STAR_SMBSERVER, 0x20);
/*
* If the name wasn't *SMBSERVER then