From c4219fd8030494986c5fa418c46defb1a9c05c7e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 25 Apr 2008 15:08:52 +0100
Subject: Make the composite 'connect to server' code useful for
 security=server

The ability to short-circuit the connection code to only do a negprot
allows us to do the rest once we have the user's password.  We return
the 8 byte challenge so we can pass it to the client.

Andrew Bartlett
(This used to be commit 40fe386b0374df8b390b995c332d048dbbc08f1b)
---
 source4/libcli/smb_composite/connect.c | 42 +++++++++++++++++++++++++---------
 1 file changed, 31 insertions(+), 11 deletions(-)

(limited to 'source4/libcli/smb_composite/connect.c')

diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c
index c4abfa5e37..4400c61a81 100644
--- a/source4/libcli/smb_composite/connect.c
+++ b/source4/libcli/smb_composite/connect.c
@@ -38,7 +38,9 @@ enum connect_stage {CONNECT_RESOLVE,
 		    CONNECT_NEGPROT,
 		    CONNECT_SESSION_SETUP,
 		    CONNECT_SESSION_SETUP_ANON,
-		    CONNECT_TCON};
+		    CONNECT_TCON,
+		    CONNECT_DONE
+};
 
 struct connect_state {
 	enum connect_stage stage;
@@ -97,8 +99,7 @@ static NTSTATUS connect_tcon(struct composite_context *c,
 						      state->io_tcon->tconx.out.fs_type);
 	}
 
-	/* all done! */
-	c->state = COMPOSITE_STATE_DONE;
+	state->stage = CONNECT_DONE;
 
 	return NT_STATUS_OK;
 }
@@ -203,6 +204,13 @@ static NTSTATUS connect_session_setup(struct composite_context *c,
 	
 	state->session->vuid = state->io_setup->out.vuid;
 	
+	/* If we don't have a remote share name then this indicates that
+	 * we don't want to do a tree connect */
+	if (!io->in.service) {
+		state->stage = CONNECT_DONE;
+		return NT_STATUS_OK;
+	}
+
 	/* setup for a tconx */
 	io->out.tree = smbcli_tree_init(state->session, state, true);
 	NT_STATUS_HAVE_NO_MEMORY(io->out.tree);
@@ -251,10 +259,23 @@ static NTSTATUS connect_negprot(struct composite_context *c,
 	status = smb_raw_negotiate_recv(state->req);
 	NT_STATUS_NOT_OK_RETURN(status);
 
+	if (!(state->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY)) {
+		io->out.negprot_challenge = state->transport->negotiate.secblob;
+	} else {
+		io->out.negprot_challenge = data_blob(NULL, 0);
+	}
+
+	/* If we don't have any credentials then this indicates that
+	 * we don't want to do a session setup */
+	if (!io->in.credentials) {
+		state->stage = CONNECT_DONE;
+		return NT_STATUS_OK;
+	}
+
 	/* next step is a session setup */
 	state->session = smbcli_session_init(state->transport, state, true);
 	NT_STATUS_HAVE_NO_MEMORY(state->session);
-
+	
 	state->io_setup = talloc(c, struct smb_composite_sesssetup);
 	NT_STATUS_HAVE_NO_MEMORY(state->io_setup);
 
@@ -272,6 +293,7 @@ static NTSTATUS connect_negprot(struct composite_context *c,
 
 	state->creq->async.fn = composite_handler;
 	state->creq->async.private_data = c;
+
 	state->stage = CONNECT_SESSION_SETUP;
 	
 	return NT_STATUS_OK;
@@ -405,13 +427,11 @@ static void state_handler(struct composite_context *c)
 		break;
 	}
 
-	if (!NT_STATUS_IS_OK(c->status)) {
-		c->state = COMPOSITE_STATE_ERROR;
-	}
-
-	if (c->state >= COMPOSITE_STATE_DONE &&
-	    c->async.fn) {
-		c->async.fn(c);
+	if (state->stage == CONNECT_DONE) {
+		/* all done! */
+		composite_done(c);
+	} else {
+		composite_is_ok(c);
 	}
 }
 
-- 
cgit 


From 35e45534c64930a0f22c5975c64be41d96265a00 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 25 Apr 2008 15:59:22 +0100
Subject: Revert to using the old CIFS connection API.

Rather than add a new 'out' member to the API, simply fill in the
'tree' early enough that we can access the server challenge there.

Andrew Bartlett
(This used to be commit 6dbbcf8aaf9b93af970d1701dfb185460d4dc788)
---
 source4/libcli/smb_composite/connect.c | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

(limited to 'source4/libcli/smb_composite/connect.c')

diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c
index 4400c61a81..39c614f042 100644
--- a/source4/libcli/smb_composite/connect.c
+++ b/source4/libcli/smb_composite/connect.c
@@ -122,9 +122,6 @@ static NTSTATUS connect_session_setup_anon(struct composite_context *c,
 	state->session->vuid = state->io_setup->out.vuid;
 	
 	/* setup for a tconx */
-	io->out.tree = smbcli_tree_init(state->session, state, true);
-	NT_STATUS_HAVE_NO_MEMORY(io->out.tree);
-
 	state->io_tcon = talloc(c, union smb_tcon);
 	NT_STATUS_HAVE_NO_MEMORY(state->io_tcon);
 
@@ -211,10 +208,6 @@ static NTSTATUS connect_session_setup(struct composite_context *c,
 		return NT_STATUS_OK;
 	}
 
-	/* setup for a tconx */
-	io->out.tree = smbcli_tree_init(state->session, state, true);
-	NT_STATUS_HAVE_NO_MEMORY(io->out.tree);
-
 	state->io_tcon = talloc(c, union smb_tcon);
 	NT_STATUS_HAVE_NO_MEMORY(state->io_tcon);
 
@@ -259,11 +252,14 @@ static NTSTATUS connect_negprot(struct composite_context *c,
 	status = smb_raw_negotiate_recv(state->req);
 	NT_STATUS_NOT_OK_RETURN(status);
 
-	if (!(state->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY)) {
-		io->out.negprot_challenge = state->transport->negotiate.secblob;
-	} else {
-		io->out.negprot_challenge = data_blob(NULL, 0);
-	}
+	/* next step is a session setup */
+	state->session = smbcli_session_init(state->transport, state, true);
+	NT_STATUS_HAVE_NO_MEMORY(state->session);
+	
+	/* setup for a tconx (or at least have the structure ready to
+	 * return, if we won't go that far) */
+	io->out.tree = smbcli_tree_init(state->session, state, true);
+	NT_STATUS_HAVE_NO_MEMORY(io->out.tree);
 
 	/* If we don't have any credentials then this indicates that
 	 * we don't want to do a session setup */
@@ -272,10 +268,6 @@ static NTSTATUS connect_negprot(struct composite_context *c,
 		return NT_STATUS_OK;
 	}
 
-	/* next step is a session setup */
-	state->session = smbcli_session_init(state->transport, state, true);
-	NT_STATUS_HAVE_NO_MEMORY(state->session);
-	
 	state->io_setup = talloc(c, struct smb_composite_sesssetup);
 	NT_STATUS_HAVE_NO_MEMORY(state->io_setup);
 
-- 
cgit 


From f8fb5d8c4da11cdb8ac79649fd74047d4cc42c68 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 5 May 2008 12:57:23 +1000
Subject: Reorder this function in the file, so it reads bottom-up.

The rest of this file reads bottom-up, but this function
(connect_send_negprot()) was out of place.

Andrew Bartlett
(This used to be commit f0c95cd74fb6fea57cef89b59e5d2f10ea25c138)
---
 source4/libcli/smb_composite/connect.c | 37 +++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 19 deletions(-)

(limited to 'source4/libcli/smb_composite/connect.c')

diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c
index 39c614f042..e56339f96b 100644
--- a/source4/libcli/smb_composite/connect.c
+++ b/source4/libcli/smb_composite/connect.c
@@ -58,25 +58,6 @@ struct connect_state {
 static void request_handler(struct smbcli_request *);
 static void composite_handler(struct composite_context *);
 
-/*
-  setup a negprot send 
-*/
-static NTSTATUS connect_send_negprot(struct composite_context *c, 
-				     struct smb_composite_connect *io)
-{
-	struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
-
-	state->req = smb_raw_negotiate_send(state->transport, io->in.options.unicode, io->in.options.max_protocol);
-	NT_STATUS_HAVE_NO_MEMORY(state->req);
-
-	state->req->async.fn = request_handler;
-	state->req->async.private = c;
-	state->stage = CONNECT_NEGPROT;
-	
-	return NT_STATUS_OK;
-}
-
-
 /*
   a tree connect request has completed
 */
@@ -291,6 +272,24 @@ static NTSTATUS connect_negprot(struct composite_context *c,
 	return NT_STATUS_OK;
 }
 
+/*
+  setup a negprot send 
+*/
+static NTSTATUS connect_send_negprot(struct composite_context *c, 
+				     struct smb_composite_connect *io)
+{
+	struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
+
+	state->req = smb_raw_negotiate_send(state->transport, io->in.options.unicode, io->in.options.max_protocol);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	state->req->async.fn = request_handler;
+	state->req->async.private = c;
+	state->stage = CONNECT_NEGPROT;
+	
+	return NT_STATUS_OK;
+}
+
 
 /*
   a session request operation has completed
-- 
cgit