#include "includes.h"
#include "libsmb/libsmb.h"
-#include "popt_common.h"
+#include "auth_info.h"
#include "../libcli/auth/libcli_auth.h"
#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
*******************************************************/
static NTSTATUS smb_bytes_talloc_string(TALLOC_CTX *mem_ctx,
- char *inbuf,
+ const uint8_t *hdr,
char **dest,
uint8_t *src,
size_t srclen,
ssize_t *destlen)
{
*destlen = clistr_pull_talloc(mem_ctx,
- inbuf,
- SVAL(inbuf, smb_flg2),
+ (const char *)hdr,
+ SVAL(hdr, HDR_FLG2),
dest,
(char *)src,
srclen,
return NT_STATUS_OK;
}
-/**
- * Set the user session key for a connection
- * @param cli The cli structure to add it too
- * @param session_key The session key used. (A copy of this is taken for the cli struct)
- *
- */
-
-static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB session_key)
-{
- cli->user_session_key = data_blob(session_key.data, session_key.length);
-}
-
/****************************************************************************
Do an old lanman2 style session setup.
****************************************************************************/
uint16_t *vwv;
uint8_t *bytes;
char *tmp;
- uint16_t sec_mode = cli_state_security_mode(cli);
+ uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
req = tevent_req_create(mem_ctx, &state,
struct cli_session_setup_lanman2_state);
return tevent_req_post(req, ev);
}
- if (!SMBencrypt(pass, cli_state_server_challenge(cli),
+ if (!SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn),
(uint8_t *)lm_response.data)) {
DEBUG(1, ("Password is > 14 chars in length, and is "
"therefore incompatible with Lanman "
* Plaintext mode needed, assume plaintext supplied.
*/
buf = talloc_array(talloc_tos(), uint8_t, 0);
- buf = smb_bytes_push_str(buf, cli_ucs2(cli), pass, passlen+1,
+ buf = smb_bytes_push_str(buf, smbXcli_conn_use_unicode(cli->conn), pass, passlen+1,
&converted_size);
if (tevent_req_nomem(buf, req)) {
return tevent_req_post(req, ev);
SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
SSVAL(vwv+3, 0, 2);
SSVAL(vwv+4, 0, 1);
- SIVAL(vwv+5, 0, cli_state_server_session_key(cli));
+ SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
SSVAL(vwv+7, 0, lm_response.length);
bytes = talloc_array(state, uint8_t, lm_response.length);
if (tevent_req_nomem(tmp, req)) {
return tevent_req_post(req, ev);
}
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), tmp, strlen(tmp)+1,
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), tmp, strlen(tmp)+1,
NULL);
TALLOC_FREE(tmp);
if (tevent_req_nomem(tmp, req)) {
return tevent_req_post(req, ev);
}
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), tmp, strlen(tmp)+1,
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), tmp, strlen(tmp)+1,
NULL);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", 5, NULL);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", 6, NULL);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Unix", 5, NULL);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Samba", 6, NULL);
if (tevent_req_nomem(bytes, req)) {
return tevent_req_post(req, ev);
struct cli_state *cli = state->cli;
uint32_t num_bytes;
uint8_t *in;
- char *inbuf;
+ uint8_t *inhdr;
uint8_t *bytes;
uint8_t *p;
NTSTATUS status;
return;
}
- inbuf = (char *)in;
+ inhdr = in + NBT_HDR_SIZE;
p = bytes;
- cli_state_set_uid(state->cli, SVAL(inbuf, smb_uid));
+ cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_os,
p,
bytes+num_bytes-p,
p += ret;
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_type,
p,
bytes+num_bytes-p,
p += ret;
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_domain,
p,
bytes+num_bytes-p,
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
* Can't use sync call while an async call is in flight
*/
static uint32_t cli_session_setup_capabilities(struct cli_state *cli,
uint32_t sesssetup_capabilities)
{
- uint32_t client_capabilities = cli_state_capabilities(cli);
+ uint32_t client_capabilities = smb1cli_conn_capabilities(cli->conn);
/*
* We only send capabilities based on the mask for:
SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
SSVAL(vwv+3, 0, 2);
SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
- SIVAL(vwv+5, 0, cli_state_server_session_key(cli));
+ SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
SSVAL(vwv+7, 0, 0);
SSVAL(vwv+8, 0, 0);
SSVAL(vwv+9, 0, 0);
bytes = talloc_array(state, uint8_t, 0);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* username */
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "", 1, /* username */
NULL);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "", 1, /* workgroup */
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "", 1, /* workgroup */
NULL);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", 5, NULL);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", 6, NULL);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Unix", 5, NULL);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Samba", 6, NULL);
if (bytes == NULL) {
TALLOC_FREE(req);
return NULL;
}
- status = cli_smb_req_send(subreq);
+ status = smb1cli_req_chain_submit(&subreq, 1);
if (NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
return tevent_req_post(req, ev);
struct cli_state *cli = state->cli;
uint32_t num_bytes;
uint8_t *in;
- char *inbuf;
+ uint8_t *inhdr;
uint8_t *bytes;
uint8_t *p;
NTSTATUS status;
return;
}
- inbuf = (char *)in;
+ inhdr = in + NBT_HDR_SIZE;
p = bytes;
- cli_state_set_uid(state->cli, SVAL(inbuf, smb_uid));
+ cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_os,
p,
bytes+num_bytes-p,
p += ret;
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_type,
p,
bytes+num_bytes-p,
p += ret;
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_domain,
p,
bytes+num_bytes-p,
struct tevent_req *req;
NTSTATUS status = NT_STATUS_OK;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
* Can't use sync call while an async call is in flight
*/
SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
SSVAL(vwv+3, 0, 2);
SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
- SIVAL(vwv+5, 0, cli_state_server_session_key(cli));
+ SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
SSVAL(vwv+7, 0, 0);
SSVAL(vwv+8, 0, 0);
SSVAL(vwv+9, 0, 0);
SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
bytes = talloc_array(state, uint8_t, 0);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), pass, strlen(pass)+1,
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), pass, strlen(pass)+1,
&passlen);
if (tevent_req_nomem(bytes, req)) {
return tevent_req_post(req, ev);
}
- SSVAL(vwv + (cli_ucs2(cli) ? 8 : 7), 0, passlen);
+ SSVAL(vwv + (smbXcli_conn_use_unicode(cli->conn) ? 8 : 7), 0, passlen);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli),
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
user, strlen(user)+1, NULL);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli),
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
workgroup, strlen(workgroup)+1, NULL);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli),
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
"Unix", 5, NULL);
version = talloc_asprintf(talloc_tos(), "Samba %s",
if (tevent_req_nomem(version, req)){
return tevent_req_post(req, ev);
}
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli),
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
version, strlen(version)+1, NULL);
TALLOC_FREE(version);
struct cli_state *cli = state->cli;
uint32_t num_bytes;
uint8_t *in;
- char *inbuf;
+ uint8_t *inhdr;
uint8_t *bytes;
uint8_t *p;
NTSTATUS status;
return;
}
- inbuf = (char *)in;
+ inhdr = in + NBT_HDR_SIZE;
p = bytes;
- cli_state_set_uid(state->cli, SVAL(inbuf, smb_uid));
+ cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_os,
p,
bytes+num_bytes-p,
p += ret;
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_type,
p,
bytes+num_bytes-p,
p += ret;
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_domain,
p,
bytes+num_bytes-p,
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
* Can't use sync call while an async call is in flight
*/
DATA_BLOB names_blob;
server_chal =
- data_blob_const(cli_state_server_challenge(cli),
+ data_blob_const(smb1cli_conn_server_challenge(cli->conn),
8);
/*
return tevent_req_post(req, ev);
}
- SMBNTencrypt(pass, cli_state_server_challenge(cli),
+ SMBNTencrypt(pass, smb1cli_conn_server_challenge(cli->conn),
nt_response.data);
#endif
/* non encrypted password supplied. Ignore ntpass. */
}
if (!SMBencrypt(pass,
- cli_state_server_challenge(cli),
+ smb1cli_conn_server_challenge(cli->conn),
lm_response.data)) {
/*
* Oops, the LM response is
SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
SSVAL(vwv+3, 0, 2);
SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
- SIVAL(vwv+5, 0, cli_state_server_session_key(cli));
+ SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
SSVAL(vwv+7, 0, lm_response.length);
SSVAL(vwv+8, 0, nt_response.length);
SSVAL(vwv+9, 0, 0);
data_blob_free(&lm_response);
data_blob_free(&nt_response);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli),
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
user, strlen(user)+1, NULL);
/*
if (tevent_req_nomem(workgroup_upper, req)) {
return tevent_req_post(req, ev);
}
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli),
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
workgroup_upper, strlen(workgroup_upper)+1,
NULL);
TALLOC_FREE(workgroup_upper);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Unix", 5, NULL);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), "Samba", 6, NULL);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Unix", 5, NULL);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Samba", 6, NULL);
if (tevent_req_nomem(bytes, req)) {
return tevent_req_post(req, ev);
}
struct cli_state *cli = state->cli;
uint32_t num_bytes;
uint8_t *in;
- char *inbuf;
+ uint8_t *inhdr;
uint8_t *bytes;
uint8_t *p;
NTSTATUS status;
return;
}
- inbuf = (char *)in;
+ inhdr = in + NBT_HDR_SIZE;
p = bytes;
- cli_state_set_uid(state->cli, SVAL(inbuf, smb_uid));
+ cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_os,
p,
bytes+num_bytes-p,
p += ret;
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_type,
p,
bytes+num_bytes-p,
p += ret;
status = smb_bytes_talloc_string(cli,
- inbuf,
+ inhdr,
&cli->server_domain,
p,
bytes+num_bytes-p,
if (tevent_req_nterror(req, status)) {
return;
}
- if (cli_simple_set_signing(cli, state->session_key, state->response)
- && !cli_check_sign_mac(cli, (char *)in, 1)) {
+ if (smb1cli_conn_activate_signing(cli->conn, state->session_key, state->response)
+ && !smb1cli_conn_check_signing(cli->conn, (uint8_t *)in, 1)) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
if (state->session_key.data) {
- /* Have plaintext orginal */
- cli_set_session_key(cli, state->session_key);
+ struct smbXcli_session *session = state->cli->smb1.session;
+
+ status = smb1cli_session_set_session_key(session,
+ state->session_key);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
}
tevent_req_done(req);
}
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
* Can't use sync call while an async call is in flight
*/
struct iovec *recv_iov;
NTSTATUS status;
- char *inbuf;
+ uint8_t *inbuf;
DATA_BLOB ret_blob;
};
state->blob = blob;
state->cli = cli;
- if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
usable_space = UINT16_MAX;
} else {
usable_space = cli_state_available_size(cli,
thistime = MIN(state->blob.length, state->max_blob_size);
- if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
state->smb2_blob.data = state->blob.data;
state->smb2_blob.length = thistime;
0, /* in_flags */
SMB2_CAP_DFS, /* in_capabilities */
0, /* in_channel */
- NULL, /* in_previous_session */
+ 0, /* in_previous_session_id */
&state->smb2_blob);
if (subreq == NULL) {
return false;
state->blob.data += thistime;
state->blob.length -= thistime;
- state->buf = smb_bytes_push_str(state->buf, cli_ucs2(state->cli),
+ state->buf = smb_bytes_push_str(state->buf, smbXcli_conn_use_unicode(state->cli->conn),
"Unix", 5, NULL);
- state->buf = smb_bytes_push_str(state->buf, cli_ucs2(state->cli),
+ state->buf = smb_bytes_push_str(state->buf, smbXcli_conn_use_unicode(state->cli->conn),
"Samba", 6, NULL);
if (state->buf == NULL) {
return false;
NTSTATUS status;
uint8_t *p;
uint16_t blob_length;
- uint8_t *inbuf;
+ uint8_t *in;
+ uint8_t *inhdr;
ssize_t ret;
- if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
status = smb2cli_session_setup_recv(subreq, state,
&state->recv_iov,
&state->ret_blob);
} else {
- status = cli_smb_recv(subreq, state, &inbuf, 4, &wct, &vwv,
+ status = cli_smb_recv(subreq, state, &in, 4, &wct, &vwv,
&num_bytes, &bytes);
TALLOC_FREE(state->buf);
}
state->status = status;
- if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
goto next;
}
- state->inbuf = (char *)inbuf;
- cli_state_set_uid(state->cli, SVAL(inbuf, smb_uid));
+ state->inbuf = in;
+ inhdr = in + NBT_HDR_SIZE;
+ cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
blob_length = SVAL(vwv+3, 0);
p = bytes + blob_length;
status = smb_bytes_talloc_string(cli,
- (char *)inbuf,
+ inhdr,
&cli->server_os,
p,
bytes+num_bytes-p,
p += ret;
status = smb_bytes_talloc_string(cli,
- (char *)inbuf,
+ inhdr,
&cli->server_type,
p,
bytes+num_bytes-p,
p += ret;
status = smb_bytes_talloc_string(cli,
- (char *)inbuf,
+ inhdr,
&cli->server_domain,
p,
bytes+num_bytes-p,
static NTSTATUS cli_sesssetup_blob_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
DATA_BLOB *pblob,
- char **pinbuf,
+ uint8_t **pinbuf,
struct iovec **precv_iov)
{
struct cli_sesssetup_blob_state *state = tevent_req_data(
req, struct cli_sesssetup_blob_state);
NTSTATUS status;
- char *inbuf;
+ uint8_t *inbuf;
struct iovec *recv_iov;
if (tevent_req_is_nterror(req, &status)) {
* we have to acquire a ticket. To be fixed later :-)
*/
rc = spnego_gen_krb5_negTokenInit(state, principal, 0, &state->negTokenTarg,
- &state->session_key_krb5, 0, NULL);
+ &state->session_key_krb5, 0, NULL, NULL);
if (rc) {
DEBUG(1, ("cli_session_setup_kerberos: "
"spnego_gen_krb5_negTokenInit failed: %s\n",
state->negTokenTarg.length);
#endif
- if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
state->cli->smb2.session = smbXcli_session_create(cli,
cli->conn);
if (tevent_req_nomem(state->cli->smb2.session, req)) {
subreq, struct tevent_req);
struct cli_session_setup_kerberos_state *state = tevent_req_data(
req, struct cli_session_setup_kerberos_state);
- char *inbuf = NULL;
+ uint8_t *inbuf = NULL;
struct iovec *recv_iov = NULL;
NTSTATUS status;
return;
}
- cli_set_session_key(state->cli, state->session_key_krb5);
-
- if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
struct smbXcli_session *session = state->cli->smb2.session;
- status = smb2cli_session_update_session_key(session,
+ status = smb2cli_session_set_session_key(session,
state->session_key_krb5,
recv_iov);
if (tevent_req_nterror(req, status)) {
return;
}
} else {
- if (cli_simple_set_signing(state->cli, state->session_key_krb5,
+ struct smbXcli_session *session = state->cli->smb1.session;
+
+ status = smb1cli_session_set_session_key(session,
+ state->session_key_krb5);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (smb1cli_conn_activate_signing(state->cli->conn, state->session_key_krb5,
data_blob_null)
- && !cli_check_sign_mac(state->cli, inbuf, 1)) {
+ && !smb1cli_conn_check_signing(state->cli->conn, inbuf, 1)) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
struct tevent_req *req;
ADS_STATUS status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
ev = tevent_context_init(talloc_tos());
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
- status = ntlmssp_set_password(state->ntlmssp_state, pass);
+ if (cli->pw_nt_hash) {
+ status = ntlmssp_set_password_hash(state->ntlmssp_state, pass);
+ } else {
+ status = ntlmssp_set_password(state->ntlmssp_state, pass);
+ }
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
state->blob_out = spnego_gen_negTokenInit(state, OIDs_ntlm, &blob_out, NULL);
data_blob_free(&blob_out);
- if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
state->cli->smb2.session = smbXcli_session_create(cli,
cli->conn);
if (tevent_req_nomem(state->cli->smb2.session, req)) {
struct cli_session_setup_ntlmssp_state *state = tevent_req_data(
req, struct cli_session_setup_ntlmssp_state);
DATA_BLOB blob_in, msg_in, blob_out;
- char *inbuf = NULL;
+ uint8_t *inbuf = NULL;
struct iovec *recv_iov = NULL;
bool parse_ret;
NTSTATUS status;
return;
}
}
- cli_set_session_key(
- state->cli, state->ntlmssp_state->session_key);
- if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
struct smbXcli_session *session = state->cli->smb2.session;
- status = smb2cli_session_update_session_key(session,
+
+ if (ntlmssp_is_anonymous(state->ntlmssp_state)) {
+ /*
+ * Windows server does not set the
+ * SMB2_SESSION_FLAG_IS_GUEST nor
+ * SMB2_SESSION_FLAG_IS_NULL flag.
+ *
+ * This fix makes sure we do not try
+ * to verify a signature on the final
+ * session setup response.
+ */
+ TALLOC_FREE(state->ntlmssp_state);
+ tevent_req_done(req);
+ return;
+ }
+
+ status = smb2cli_session_set_session_key(session,
state->ntlmssp_state->session_key,
recv_iov);
if (tevent_req_nterror(req, status)) {
return;
}
} else {
- if (cli_simple_set_signing(
- state->cli, state->ntlmssp_state->session_key,
+ struct smbXcli_session *session = state->cli->smb1.session;
+
+ status = smb1cli_session_set_session_key(session,
+ state->ntlmssp_state->session_key);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (smb1cli_conn_activate_signing(
+ state->cli->conn, state->ntlmssp_state->session_key,
data_blob_null)
- && !cli_check_sign_mac(state->cli, inbuf, 1)) {
+ && !smb1cli_conn_check_signing(state->cli->conn, inbuf, 1)) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
return NT_STATUS_INVALID_PARAMETER;
}
ev = tevent_context_init(talloc_tos());
char *account = NULL;
NTSTATUS status;
- server_blob = cli_state_server_gss_blob(cli);
+ server_blob = smbXcli_conn_server_gss_blob(cli->conn);
if (server_blob) {
blob = data_blob(server_blob->data, server_blob->length);
}
if (user && *user && cli->got_kerberos_mechanism && cli->use_kerberos) {
ADS_STATUS rc;
- const char *remote_name = cli_state_remote_name(cli);
+ const char *remote_name = smbXcli_conn_remote_name(cli->conn);
if (pass && *pass) {
int ret;
!is_ipaddress(remote_name) &&
!strequal(STAR_SMBSERVER,
remote_name)) {
- char *realm = NULL;
- char *host = NULL;
DEBUG(3,("cli_session_setup_spnego: using target "
"hostname not SPNEGO principal\n"));
- host = strchr_m(remote_name, '.');
if (dest_realm) {
- realm = SMB_STRDUP(dest_realm);
- if (!realm) {
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ char *realm = strupper_talloc(talloc_tos(), dest_realm);
+ if (realm) {
+ principal = talloc_asprintf(talloc_tos(),
+ "cifs/%s@%s",
+ remote_name,
+ realm);
+ TALLOC_FREE(realm);
}
- strupper_m(realm);
} else {
- if (host) {
- /* DNS name. */
- realm = kerberos_get_realm_from_hostname(remote_name);
- } else {
- /* NetBIOS name - use our realm. */
- realm = kerberos_get_default_realm_from_ccache();
- }
- }
-
- if (realm == NULL || *realm == '\0') {
- realm = SMB_STRDUP(lp_realm());
- if (!realm) {
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
- strupper_m(realm);
- DEBUG(3,("cli_session_setup_spnego: cannot "
- "get realm from dest_realm %s, "
- "desthost %s. Using default "
- "smb.conf realm %s\n",
- dest_realm ? dest_realm : "<null>",
- remote_name,
- realm));
+ principal = kerberos_get_principal_from_service_hostname(talloc_tos(),
+ "cifs",
+ remote_name,
+ lp_realm());
}
- principal = talloc_asprintf(talloc_tos(),
- "cifs/%s@%s",
- remote_name,
- realm);
if (!principal) {
- SAFE_FREE(realm);
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
DEBUG(3,("cli_session_setup_spnego: guessed "
"server principal=%s\n",
principal ? principal : "<null>"));
-
- SAFE_FREE(realm);
}
if (principal) {
{
char *p;
char *user2;
- uint16_t sec_mode = cli_state_security_mode(cli);
+ uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
if (user) {
user2 = talloc_strdup(talloc_tos(), user);
(p=strchr_m(user2,*lp_winbind_separator()))) {
*p = 0;
user = p+1;
- strupper_m(user2);
+ if (!strupper_m(user2)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
workgroup = user2;
}
- if (cli_state_protocol(cli) < PROTOCOL_LANMAN1) {
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_LANMAN1) {
return NT_STATUS_OK;
}
/* if its an older server then we have to use the older request format */
- if (cli_state_protocol(cli) < PROTOCOL_NT1) {
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1) {
if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
DEBUG(1, ("Server requested LM password but 'client lanman auth = no'"
" or 'client ntlmv2 auth = yes'\n"));
if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
!lp_client_plaintext_auth() && (*pass)) {
- DEBUG(1, ("Server requested LM password but 'client plaintext auth = no'"
+ DEBUG(1, ("Server requested PLAINTEXT password but 'client plaintext auth = no'"
" or 'client ntlmv2 auth = yes'\n"));
return NT_STATUS_ACCESS_DENIED;
}
workgroup);
}
- if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
const char *remote_realm = cli_state_remote_realm(cli);
ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
workgroup,
if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
if (!lp_client_plaintext_auth() && (*pass)) {
- DEBUG(1, ("Server requested LM password but 'client plaintext auth = no'"
+ DEBUG(1, ("Server requested PLAINTEXT password but 'client plaintext auth = no'"
" or 'client ntlmv2 auth = yes'\n"));
return NT_STATUS_ACCESS_DENIED;
}
/* if the server supports extended security then use SPNEGO */
- if (cli_state_capabilities(cli) & CAP_EXTENDED_SECURITY) {
+ if (smb1cli_conn_capabilities(cli->conn) & CAP_EXTENDED_SECURITY) {
const char *remote_realm = cli_state_remote_realm(cli);
ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
workgroup,
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
return NT_STATUS_INVALID_PARAMETER;
}
ev = tevent_context_init(talloc_tos());
uint16_t *vwv;
char *tmp = NULL;
uint8_t *bytes;
- uint16_t sec_mode = cli_state_security_mode(cli);
+ uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
+ uint16_t tcon_flags = 0;
*psmbreq = NULL;
* Non-encrypted passwords - convert to DOS codepage before
* encryption.
*/
- SMBencrypt(pass, cli_state_server_challenge(cli), p24);
+ SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn), p24);
passlen = 24;
pass = (const char *)p24;
} else {
uint8_t *tmp_pass;
if (!lp_client_plaintext_auth() && (*pass)) {
- DEBUG(1, ("Server requested plaintext "
+ DEBUG(1, ("Server requested PLAINTEXT "
"password but "
- "'client lanman auth = no' or 'client ntlmv2 auth = yes'\n"));
+ "'client plaintext auth = no' or 'client ntlmv2 auth = yes'\n"));
goto access_denied;
}
}
}
+ tcon_flags |= TCONX_FLAG_EXTENDED_RESPONSE;
+ tcon_flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
+
SCVAL(vwv+0, 0, 0xFF);
SCVAL(vwv+0, 1, 0);
SSVAL(vwv+1, 0, 0);
- SSVAL(vwv+2, 0, TCONX_FLAG_EXTENDED_RESPONSE);
+ SSVAL(vwv+2, 0, tcon_flags);
SSVAL(vwv+3, 0, passlen);
if (passlen && pass) {
* Add the sharename
*/
tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s",
- cli_state_remote_name(cli), share);
+ smbXcli_conn_remote_name(cli->conn), share);
if (tmp == NULL) {
TALLOC_FREE(req);
return NULL;
}
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), tmp, strlen(tmp)+1,
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), tmp, strlen(tmp)+1,
NULL);
TALLOC_FREE(tmp);
if (subreq == NULL) {
return req;
}
- status = cli_smb_req_send(subreq);
+ status = smb1cli_req_chain_submit(&subreq, 1);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
return tevent_req_post(req, ev);
req, struct cli_tcon_andx_state);
struct cli_state *cli = state->cli;
uint8_t *in;
- char *inbuf;
+ uint8_t *inhdr;
uint8_t wct;
uint16_t *vwv;
uint32_t num_bytes;
uint8_t *bytes;
NTSTATUS status;
+ uint16_t optional_support = 0;
status = cli_smb_recv(subreq, state, &in, 0, &wct, &vwv,
&num_bytes, &bytes);
return;
}
- inbuf = (char *)in;
+ inhdr = in + NBT_HDR_SIZE;
if (num_bytes) {
if (clistr_pull_talloc(cli,
- inbuf,
- SVAL(inbuf, smb_flg2),
+ (const char *)inhdr,
+ SVAL(inhdr, HDR_FLG2),
&cli->dev,
bytes,
num_bytes,
}
}
- if ((cli_state_protocol(cli) >= PROTOCOL_NT1) && (num_bytes == 3)) {
+ if ((smbXcli_conn_protocol(cli->conn) >= PROTOCOL_NT1) && (num_bytes == 3)) {
/* almost certainly win95 - enable bug fixes */
cli->win95 = True;
}
cli->dfsroot = false;
- if ((wct > 2) && (cli_state_protocol(cli) >= PROTOCOL_LANMAN2)) {
- cli->dfsroot = ((SVAL(vwv+2, 0) & SMB_SHARE_IN_DFS) != 0);
+ if ((wct > 2) && (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_LANMAN2)) {
+ optional_support = SVAL(vwv+2, 0);
+ }
+
+ if (optional_support & SMB_SHARE_IN_DFS) {
+ cli->dfsroot = true;
+ }
+
+ if (optional_support & SMB_EXTENDED_SIGNATURES) {
+ smb1cli_session_protect_session_key(cli->smb1.session);
}
- cli->smb1.tid = SVAL(inbuf,smb_tid);
+ cli_state_set_tid(cli, SVAL(inhdr, HDR_TID));
tevent_req_done(req);
}
struct tevent_req *req;
NTSTATUS status = NT_STATUS_OK;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
* Can't use sync call while an async call is in flight
*/
NTSTATUS cli_tree_connect(struct cli_state *cli, const char *share,
const char *dev, const char *pass, int passlen)
{
+ NTSTATUS status;
+ uint16_t max_xmit = 0;
+ uint16_t tid = 0;
+
cli->share = talloc_strdup(cli, share);
if (!cli->share) {
return NT_STATUS_NO_MEMORY;
}
- if (cli_state_protocol(cli) >= PROTOCOL_SMB2_02) {
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
return smb2cli_tcon(cli, share);
}
- return cli_tcon_andx(cli, share, dev, pass, passlen);
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_LANMAN1) {
+ return cli_tcon_andx(cli, share, dev, pass, passlen);
+ }
+
+ status = cli_raw_tcon(cli, share, pass, dev, &max_xmit, &tid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ cli_state_set_tid(cli, tid);
+
+ return NT_STATUS_OK;
}
/****************************************************************************
tevent_req_nterror(req, status);
return;
}
- state->cli->smb1.tid = UINT16_MAX;
+ cli_state_set_tid(state->cli, UINT16_MAX);
tevent_req_done(req);
}
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (cli_has_async_calls(cli)) {
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
return NT_STATUS_INVALID_PARAMETER;
}
ev = tevent_context_init(talloc_tos());
return status;
}
-struct tevent_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct cli_state *cli,
- enum protocol_types max_protocol)
-{
- return smbXcli_negprot_send(mem_ctx, ev,
- cli->conn, cli->timeout,
- PROTOCOL_CORE, max_protocol);
-}
-
-NTSTATUS cli_negprot_recv(struct tevent_req *req)
-{
- return smbXcli_negprot_recv(req);
-}
-
-NTSTATUS cli_negprot(struct cli_state *cli, enum protocol_types max_protocol)
-{
- return smbXcli_negprot(cli->conn, cli->timeout,
- PROTOCOL_CORE, max_protocol);
-}
-
static NTSTATUS cli_connect_sock(const char *host, int name_type,
const struct sockaddr_storage *pss,
const char *myname, uint16_t port,
return nt_status;
}
- nt_status = cli_negprot(cli, PROTOCOL_NT1);
+ nt_status = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE,
+ PROTOCOL_NT1);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status)));
cli_shutdown(cli);
}
if (service) {
- nt_status = cli_tcon_andx(cli, service, service_type, password,
- pw_len);
+ nt_status = cli_tree_connect(cli, service, service_type,
+ password, pw_len);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
cli_shutdown(cli);
NTSTATUS status;
if (!lp_client_plaintext_auth() && (*pass)) {
- DEBUG(1, ("Server requested plaintext password but 'client "
- "plaintext auth' is disabled\n"));
+ DEBUG(1, ("Server requested PLAINTEXT password but 'client plaintext auth = no'"
+ " or 'client ntlmv2 auth = yes'\n"));
return NT_STATUS_ACCESS_DENIED;
}
bytes = talloc_array(talloc_tos(), uint8_t, 0);
bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli),
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
service, strlen(service)+1, NULL);
bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli),
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
pass, strlen(pass)+1, NULL);
bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
- bytes = smb_bytes_push_str(bytes, cli_ucs2(cli),
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
dev, strlen(dev)+1, NULL);
status = cli_smb(talloc_tos(), cli, SMBtcon, 0, 0, NULL,