Update cli_full_connection() to take a 'flags' paramater, and try to get a

few more places to use it.

Andrew Bartlett
(This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)

12 files changed, 67 insertions, 158 deletions

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index ee486d3f30..9997507757 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -102,7 +102,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
 	
 	/* Attempt connection */
 	result = cli_full_connection(cli, global_myname, server,
-				     &dest_ip, 0, "IPC$", "IPC", "", "", "");
+				     &dest_ip, 0, "IPC$", "IPC", "", "", "", 0);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		release_server_mutex();
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index 2a2d5cbaf5..b78d9d22a8 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -3,6 +3,7 @@
    SMB backend for the Common UNIX Printing System ("CUPS")
    Copyright 1999 by Easy Software Products
    Copyright Andrew Tridgell 1994-1998
+   Copyright Andrew Bartlett 2002
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -271,72 +272,25 @@ smb_connect(char *workgroup,		/* I - Workgroup */
             char *password)		/* I - Password */
 {
   struct cli_state	*c;		/* New connection */
-  struct nmb_name	called,		/* NMB name of server */
-			calling;	/* NMB name of client */
-  struct in_addr	ip;		/* IP address of server */
   pstring		myname;		/* Client name */
-
+  NTSTATUS nt_status;
 
  /*
   * Get the names and addresses of the client and server...
   */
 
   get_myname(myname);  
-
-  zero_ip(&ip);
-
-  make_nmb_name(&calling, myname, 0x0);
-  make_nmb_name(&called, server, 0x20);
-
- /*
-  * Open a new connection to the SMB server...
-  */
-
-  if ((c = cli_initialise(NULL)) == NULL)
-  {
-    fputs("ERROR: cli_initialize() failed...\n", stderr);
-    return (NULL);
-  }
-
-  if (!cli_connect(c, server, &ip))
-  {
-    fputs("ERROR: cli_connect() failed...\n", stderr);
-    return (NULL);
+  	
+  nt_status = cli_full_connection(&c, myname, server, NULL, 0, share, "?????", 
+				  username, lp_workgroup(), password, 0);
+  
+  if (NT_STATUS_IS_OK(nt_status)) {
+	  return c;
+  } else {
+	  fprintf(stderr, "ERROR:  Connection failed with error %s\n", nt_errstr(nt_status));
+	  return NULL;
   }
 
-  if (!cli_session_request(c, &calling, &called))
-  {
-    fputs("ERROR: cli_session_request() failed...\n", stderr);
-    return (NULL);
-  }
-
-  if (!cli_negprot(c))
-  {
-    fputs("ERROR: SMB protocol negotiation failed\n", stderr);
-    cli_shutdown(c);
-    return (NULL);
-  }
-
- /*
-  * Do password stuff...
-  */
-
-  if (!cli_session_setup(c, username, 
-			 password, strlen(password),
-			 password, strlen(password),
-			 workgroup))
-  {
-    fprintf(stderr, "ERROR: SMB session setup failed: %s\n", cli_errstr(c));
-    return (NULL);
-  }
-
-  if (!cli_send_tconX(c, share, "?????",
-		      password, strlen(password)+1))
-  {
-    fprintf(stderr, "ERROR: SMB tree connect failed: %s\n", cli_errstr(c));
-    cli_shutdown(c);
-    return (NULL);
-  }
 
  /*
   * Return the new connection...
diff --git a/source3/include/client.h b/source3/include/client.h
index 69c74200c1..711ae1fd19 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -155,4 +155,8 @@ struct cli_state {
 	fstring pipe_name;
 };
 
+#define CLI_FULL_CONNECTION_DONT_SPNEGO 0x0001
+#define CLI_FULL_CONNECTION_USE_KERBEROS 0x0002
+#define CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK 0x0004
+
 #endif /* _CLIENT_H */
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index cc9821dc29..c621d9a34e 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2,6 +2,7 @@
    Unix SMB/CIFS implementation.
    client connect/disconnect routines
    Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Andrew Barteltt 2001-2002
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1096,7 +1097,7 @@ static void init_creds(struct ntuser_creds *creds, char* username,
    @param dest_host The netbios name of the remote host
    @param dest_ip (optional) The the destination IP, NULL for name based lookup
    @param port (optional) The destination port (0 for default)
-   @param service The share to make the connection to.  Should be 'unqualified' in any way.
+   @param service (optional) The share to make the connection to.  Should be 'unqualified' in any way.
    @param service_type The 'type' of serivice. 
    @param user Username, unix string
    @param domain User's domain
@@ -1104,11 +1105,12 @@ static void init_creds(struct ntuser_creds *creds, char* username,
 */
 
 NTSTATUS cli_full_connection(struct cli_state **output_cli, 
-			     const char *my_name, const char *dest_host, 
+			     const char *my_name, 
+			     const char *dest_host, 
 			     struct in_addr *dest_ip, int port,
 			     char *service, char *service_type,
 			     char *user, char *domain, 
-			     char *password) 
+			     char *password, int flags) 
 {
 	struct ntuser_creds creds;
 	NTSTATUS nt_status;
@@ -1123,17 +1125,15 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
 		SMB_ASSERT("output_cli for cli_full_connection was NULL.\n");
 	}
 
-	*output_cli = NULL;
-
 	if (!my_name) 
 		my_name = global_myname;
 	
-	make_nmb_name(&calling, my_name, 0x0);
-	make_nmb_name(&called , dest_host, 0x20);
-
 	if (!(cli = cli_initialise(NULL)))
 		return NT_STATUS_NO_MEMORY;
 	
+	make_nmb_name(&calling, my_name, 0x0);
+	make_nmb_name(&called , dest_host, 0x20);
+
 	if (cli_set_port(cli, port) != port) {
 		cli_shutdown(cli);
 		return NT_STATUS_UNSUCCESSFUL;
@@ -1172,6 +1172,12 @@ again:
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
+	if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) {
+		cli->use_spnego = False;
+	} else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
+		cli->use_kerberos = True;
+	}
+
 	if (!cli_negprot(cli)) {
 		DEBUG(1,("failed negprot\n"));
 		nt_status = NT_STATUS_UNSUCCESSFUL;
@@ -1182,18 +1188,23 @@ again:
 	if (!cli_session_setup(cli, user, password, strlen(password)+1, 
 			       password, strlen(password)+1, 
 			       domain)) {
-		DEBUG(1,("failed session setup\n"));
-		nt_status = cli_nt_error(cli);
-		cli_shutdown(cli);
-		if (NT_STATUS_IS_OK(nt_status)) 
-			nt_status = NT_STATUS_UNSUCCESSFUL;
-		return nt_status;
+		if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK) 
+		    || cli_session_setup(cli, "", "", 0, 
+					 "", 0, domain)) {
+		} else {
+			nt_status = cli_nt_error(cli);
+			DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status)));
+			cli_shutdown(cli);
+			if (NT_STATUS_IS_OK(nt_status)) 
+				nt_status = NT_STATUS_UNSUCCESSFUL;
+			return nt_status;
+		}
 	} 
 
 	if (service) {
 		if (!cli_send_tconX(cli, service, service_type,
 				    (char*)password, strlen(password)+1)) {
-			DEBUG(1,("failed tcon_X\n"));
+			DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
 			nt_status = cli_nt_error(cli);
 			cli_shutdown(cli);
 			if (NT_STATUS_IS_OK(nt_status)) {
diff --git a/source3/libsmb/trust_passwd.c b/source3/libsmb/trust_passwd.c
index fd98e8dca9..7491f15f52 100644
--- a/source3/libsmb/trust_passwd.c
+++ b/source3/libsmb/trust_passwd.c
@@ -77,7 +77,8 @@ NTSTATUS trust_pw_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx
 					     new_trust_passwd_hash);
 	
 	if (NT_STATUS_IS_OK(nt_status)) {
-		DEBUG(3,("%s : change_trust_account_password: Changed password.\n", timestring(False)));
+		DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n", 
+			 timestring(False)));
 		/*
 		 * Return the result of trying to write the new password
 		 * back into the trust account file.
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index bffa169ab1..0f36d3613c 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -351,7 +351,7 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name,
 	result = cli_full_connection(&(new_conn->cli), global_myname, new_conn->controller, 
 				     &dc_ip, 0, "IPC$", 
 				     "IPC", ipc_username, ipc_domain, 
-				     ipc_password);
+				     ipc_password, 0);
 
 	SAFE_FREE(ipc_username);
 	SAFE_FREE(ipc_domain);
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 1e2b42233f..42fb71abee 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -757,7 +757,7 @@ static void usage(void)
 					&server_ip, 0,
 					"IPC$", "IPC",  
 					username, domain,
-					password);
+					password, 0);
 	
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(1,("Cannot connect to server.  Error was %s\n", nt_errstr(nt_status)));
diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c
index be5bc874be..5b64cbc47d 100644
--- a/source3/rpcclient/samsync.c
+++ b/source3/rpcclient/samsync.c
@@ -428,7 +428,7 @@ static struct cli_state *init_connection(struct cli_state **cli,
 						dest_ip, 0,
 						"IPC$", "IPC",  
 						username, domain,
-						password))) {
+						password, 0))) {
 		return *cli;
 	} else {
 		return NULL;
diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c
index 182995d7f4..0c468699b4 100644
--- a/source3/smbd/change_trust_pw.c
+++ b/source3/smbd/change_trust_pw.c
@@ -35,7 +35,6 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine,
 {
   struct cli_state *cli;
   DOM_SID domain_sid;
-  struct in_addr dest_ip;
   NTSTATUS nt_status;
 
   /*
@@ -47,16 +46,11 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine,
     return NT_STATUS_UNSUCCESSFUL;
   }
 
-  if(!resolve_name( remote_machine, &dest_ip, 0x20)) {
-	  DEBUG(0,("modify_trust_password: Can't resolve address for %s\n", remote_machine));
-	  return NT_STATUS_UNSUCCESSFUL;
-  }
-  
   if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname, remote_machine, 
-					   &dest_ip, 0,
+					   NULL, 0,
 					   "IPC$", "IPC",  
 					   "", "",
-					   ""))) {
+					   "", 0))) {
 	  DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine));
 	  return NT_STATUS_UNSUCCESSFUL;
   }
diff --git a/source3/utils/net.c b/source3/utils/net.c
index 6e5202a400..a3610d0907 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -120,7 +120,7 @@ NTSTATUS connect_to_ipc(struct cli_state **c, struct in_addr *server_ip,
 					server_ip, opt_port,
 					"IPC$", "IPC",  
 					opt_user_name, opt_workgroup,
-					opt_password);
+					opt_password, 0);
 	
 	if (NT_STATUS_IS_OK(nt_status)) {
 		return nt_status;
@@ -150,7 +150,7 @@ NTSTATUS connect_to_ipc_anonymous(struct cli_state **c,
 					server_ip, opt_port,
 					"IPC$", "IPC",  
 					"", "",
-					"");
+					"", 0);
 	
 	if (NT_STATUS_IS_OK(nt_status)) {
 		return nt_status;
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 7d0dd579fb..aa00eab42c 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -722,7 +722,7 @@ static struct cli_state *connect_one(char *share)
 						&ip, 0,
 						share, "?????",  
 						username, global_myworkgroup,
-						password))) {
+						password, 0))) {
 		return c;
 	} else {
 		return NULL;
diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c
index b80a27eb37..bcb460ee0b 100644
--- a/source3/utils/smbtree.c
+++ b/source3/utils/smbtree.c
@@ -87,81 +87,26 @@ static void add_name(const char *machine_name, uint32 server_type,
         DLIST_ADD(*name_list, new_name);
 }
 
-/* Return a cli_state pointing at the IPC$ share for the given workgroup */
+/* Return a cli_state pointing at the IPC$ share for the given server */
 
-static struct cli_state *get_ipc_connect(char *server,
+static struct cli_state *get_ipc_connect(char *server, struct in_addr *server_ip,
                                          struct user_auth_info *user_info)
 {
-        struct nmb_name calling, called;
-        struct in_addr server_ip;
         struct cli_state *cli;
         pstring myname;
-
-        zero_ip(&server_ip);
+	NTSTATUS nt_status;
 
         get_myname(myname);
-
-        make_nmb_name(&called, myname, 0x0);
-        make_nmb_name(&calling, server, 0x20);
-
-        if (is_ipaddress(server))
-                if (!resolve_name(server, &server_ip, 0x20))
-                        return False;
-                
- again:
-	if (!(cli = cli_initialise(NULL))) {
-                DEBUG(4, ("Unable to initialise cli structure\n"));
-                goto error;
-        }
-
-        if (!cli_connect(cli, server, &server_ip)) {
-                DEBUG(4, ("Unable to connect to %s\n", server));
-                goto error;
-        }
-
-        if (!cli_session_request(cli, &calling, &called)) {
-                cli_shutdown(cli);
-                if (!strequal(called.name, "*SMBSERVER")) {
-                        make_nmb_name(&called , "*SMBSERVER", 0x20);
-                        goto again;
-                }
-                DEBUG(4, ("Session request failed to %s\n", called.name));
-                goto error;
-	}
-
-        if (!cli_negprot(cli)) {
-                DEBUG(4, ("Negprot failed\n"));
-                goto error;
-	}
-
-	if (!cli_session_setup(cli, user_info->username, user_info->password, 
-                               strlen(user_info->password),
-			       user_info->password, 
-                               strlen(user_info->password), server) &&
-	    /* try an anonymous login if it failed */
-	    !cli_session_setup(cli, "", "", 1,"", 0, server)) {
-                DEBUG(4, ("Session setup failed\n"));
-                goto error;
-	}
-
-	DEBUG(4,(" session setup ok\n"));
-
-	if (!cli_send_tconX(cli, "IPC$", "?????",
-			    user_info->password, 
-                            strlen(user_info->password)+1)) {
-                DEBUG(4, ("Tconx failed\n"));
-                goto error;
+	
+	nt_status = cli_full_connection(&cli, myname, server, server_ip, 0, "IPC$", "IPC", 
+					user_info->username, lp_workgroup(), user_info->password, 
+					CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK);
+
+	if (NT_STATUS_IS_OK(nt_status)) {
+		return cli;
+	} else {
+		return NULL;
 	}
-
-        return cli;
-
-        /* Clean up after error */
-
- error:
-        if (cli && cli->initialised)
-                cli_shutdown(cli);
-
-        return NULL;
 }
 
 /* Return the IP address and workgroup of a master browser on the 
@@ -223,7 +168,7 @@ static BOOL get_workgroups(struct user_auth_info *user_info)
 		}
         }
 
-        if (!(cli = get_ipc_connect(inet_ntoa(server_ip), user_info)))
+        if (!(cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info)))
                 return False;
 
         if (!cli_NetServerEnum(cli, master_workgroup, 
@@ -248,7 +193,7 @@ static BOOL get_servers(char *workgroup, struct user_auth_info *user_info)
                 return False;
         }
 
-        if (!(cli = get_ipc_connect(inet_ntoa(server_ip), user_info)))
+        if (!(cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info)))
                 return False;
 
         if (!cli_NetServerEnum(cli, workgroup, SV_TYPE_ALL, add_name, 
@@ -262,7 +207,7 @@ static BOOL get_shares(char *server_name, struct user_auth_info *user_info)
 {
         struct cli_state *cli;
 
-        if (!(cli = get_ipc_connect(server_name, user_info)))
+        if (!(cli = get_ipc_connect(server_name, NULL, user_info)))
                 return False;
 
         if (!cli_RNetShareEnum(cli, add_name, &shares))