summaryrefslogtreecommitdiff
path: root/source3/libsmb/cliconnect.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb/cliconnect.c')
-rw-r--r--source3/libsmb/cliconnect.c46
1 files changed, 28 insertions, 18 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 28de7fc9f3..707a33881d 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -53,6 +53,13 @@ static BOOL cli_session_setup_lanman2(struct cli_state *cli, const char *user,
if (passlen > sizeof(pword)-1)
return False;
+ /* LANMAN servers predate NT status codes and Unicode and ignore those
+ smb flags so we must disable the corresponding default capabilities
+ that would otherwise cause the Unicode and NT Status flags to be
+ set (and even returned by the server) */
+
+ cli->capabilities &= ~(CAP_UNICODE | CAP_STATUS32);
+
/* if in share level security then don't send a password now */
if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL))
passlen = 0;
@@ -493,19 +500,22 @@ static void use_in_memory_ccache(void) {
Do a spnego/kerberos encrypted session setup.
****************************************************************************/
-static NTSTATUS cli_session_setup_kerberos(struct cli_state *cli, const char *principal, const char *workgroup)
+static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *principal, const char *workgroup)
{
DATA_BLOB blob2, negTokenTarg;
DATA_BLOB session_key_krb5;
DATA_BLOB null_blob = data_blob(NULL, 0);
-
+ int rc;
+
DEBUG(2,("Doing kerberos session setup\n"));
/* generate the encapsulated kerberos5 ticket */
- negTokenTarg = spnego_gen_negTokenTarg(principal, 0, &session_key_krb5);
+ rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5);
- if (!negTokenTarg.data)
- return NT_STATUS_UNSUCCESSFUL;
+ if (rc) {
+ DEBUG(1, ("spnego_gen_negTokenTarg failed: %s\n", error_message(rc)));
+ return ADS_ERROR_KRB5(rc);
+ }
#if 0
file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
@@ -524,10 +534,10 @@ static NTSTATUS cli_session_setup_kerberos(struct cli_state *cli, const char *pr
if (cli_is_error(cli)) {
if (NT_STATUS_IS_OK(cli_nt_error(cli))) {
- return NT_STATUS_UNSUCCESSFUL;
+ return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
}
}
- return NT_STATUS_OK;
+ return ADS_ERROR_NT(cli_nt_error(cli));
}
#endif /* HAVE_KRB5 */
@@ -537,7 +547,7 @@ static NTSTATUS cli_session_setup_kerberos(struct cli_state *cli, const char *pr
****************************************************************************/
static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
- const char *pass, const char *workgroup)
+ const char *pass, const char *domain)
{
struct ntlmssp_state *ntlmssp_state;
NTSTATUS nt_status;
@@ -556,7 +566,7 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
return nt_status;
}
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, workgroup))) {
+ if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
return nt_status;
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, pass))) {
@@ -654,8 +664,8 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
Do a spnego encrypted session setup.
****************************************************************************/
-NTSTATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
- const char *pass, const char *workgroup)
+ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
+ const char *pass, const char *domain)
{
char *principal;
char *OIDs[ASN1_MAX_OIDS];
@@ -682,7 +692,7 @@ NTSTATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
reply */
if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
data_blob_free(&blob);
- return NT_STATUS_INVALID_PARAMETER;
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
data_blob_free(&blob);
@@ -712,11 +722,11 @@ NTSTATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
if (ret){
DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
- return NT_STATUS_LOGON_FAILURE;
+ return ADS_ERROR_KRB5(ret);
}
}
- return cli_session_setup_kerberos(cli, principal, workgroup);
+ return cli_session_setup_kerberos(cli, principal, domain);
}
#endif
@@ -724,7 +734,7 @@ NTSTATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
ntlmssp:
- return cli_session_setup_ntlmssp(cli, user, pass, workgroup);
+ return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass, domain));
}
/****************************************************************************
@@ -805,9 +815,9 @@ BOOL cli_session_setup(struct cli_state *cli,
/* if the server supports extended security then use SPNEGO */
if (cli->capabilities & CAP_EXTENDED_SECURITY) {
- NTSTATUS nt_status;
- if (!NT_STATUS_IS_OK(nt_status = cli_session_setup_spnego(cli, user, pass, workgroup))) {
- DEBUG(3, ("SPENGO login failed: %s\n", get_friendly_nt_error_msg(nt_status)));
+ ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(3, ("SPENGO login failed: %s\n", ads_errstr(status)));
return False;
}
return True;