From ab4d635b92b116b02b88843b4ec4f5b7517bab1a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 26 Sep 2005 11:47:55 +0000 Subject: r10504: - seperate implementation specific stuff, from the generic composite stuff. - don't use SMBCLI_REQUEST_* state's in the genreic composite stuff - move monitor_fn to libnet. NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR state in the _send() function. I haven't fixed this bugs in this commit! We may need some composite_trigger_*() functions or so. And maybe some other generic helper functions... metze (This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc) --- source4/libcli/smb_composite/sesssetup.c | 459 +++++++++++++++++++++++++++++++ 1 file changed, 459 insertions(+) create mode 100644 source4/libcli/smb_composite/sesssetup.c (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c new file mode 100644 index 0000000000..2ca862fb2f --- /dev/null +++ b/source4/libcli/smb_composite/sesssetup.c @@ -0,0 +1,459 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ +/* + a composite API for making handling a generic async session setup +*/ + +#include "includes.h" +#include "libcli/raw/libcliraw.h" +#include "libcli/composite/composite.h" +#include "libcli/smb_composite/smb_composite.h" +#include "auth/auth.h" +#include "version.h" + +struct sesssetup_state { + union smb_sesssetup setup; + NTSTATUS gensec_status; + struct smb_composite_sesssetup *io; + struct smbcli_request *req; +}; + + +/* + form an encrypted lanman password from a plaintext password + and the server supplied challenge +*/ +static DATA_BLOB lanman_blob(TALLOC_CTX *mem_ctx, const char *pass, DATA_BLOB challenge) +{ + DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24); + SMBencrypt(pass, challenge.data, blob.data); + return blob; +} + +/* + form an encrypted NT password from a plaintext password + and the server supplied challenge +*/ +static DATA_BLOB nt_blob(TALLOC_CTX *mem_ctx, const struct samr_Password *nt_hash, DATA_BLOB challenge) +{ + DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24); + SMBOWFencrypt(nt_hash->hash, challenge.data, blob.data); + return blob; +} + +/* + store the user session key for a transport +*/ +static void set_user_session_key(struct smbcli_session *session, + const DATA_BLOB *session_key) +{ + session->user_session_key = data_blob_talloc(session, + session_key->data, + session_key->length); +} + +/* + handler for completion of a smbcli_request sub-request +*/ +static void request_handler(struct smbcli_request *req) +{ + struct composite_context *c = req->async.private; + struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); + struct smbcli_session *session = req->session; + DATA_BLOB session_key = data_blob(NULL, 0); + DATA_BLOB null_data_blob = data_blob(NULL, 0); + NTSTATUS session_key_err; + + c->status = smb_raw_sesssetup_recv(req, state, &state->setup); + + switch (state->setup.old.level) { + case RAW_SESSSETUP_OLD: + state->io->out.vuid = state->setup.old.out.vuid; + break; + + case RAW_SESSSETUP_NT1: + state->io->out.vuid = state->setup.nt1.out.vuid; + break; + + case RAW_SESSSETUP_SPNEGO: + session->vuid = state->io->out.vuid = state->setup.spnego.out.vuid; + if (!NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED) && + !NT_STATUS_IS_OK(c->status)) { + break; + } + if (NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + + /* The status value here, from the earlier pass at GENSEC is + * vital to the security of the system. Even if the other end + * accepts, if GENSEC claims 'MORE_PROCESSING_REQUIRED' then + * you must keep feeding it blobs, or else the remote + * host/attacker might avoid mutal authentication + * requirements */ + + state->gensec_status = gensec_update(session->gensec, state, + state->setup.spnego.out.secblob, + &state->setup.spnego.in.secblob); + c->status = state->gensec_status; + if (!NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED) && + !NT_STATUS_IS_OK(c->status)) { + break; + } + } else { + state->setup.spnego.in.secblob = data_blob(NULL, 0); + } + + /* we need to do another round of session setup. We keep going until both sides + are happy */ + session_key_err = gensec_session_key(session->gensec, &session_key); + if (NT_STATUS_IS_OK(session_key_err)) { + set_user_session_key(session, &session_key); + smbcli_transport_simple_set_signing(session->transport, session_key, null_data_blob); + } + + if (state->setup.spnego.in.secblob.length) { + state->req = smb_raw_sesssetup_send(session, &state->setup); + state->req->async.fn = request_handler; + state->req->async.private = c; + return; + } + } + + /* enforce the local signing required flag */ + if (NT_STATUS_IS_OK(c->status) && !cli_credentials_is_anonymous(state->io->in.credentials)) { + if (!session->transport->negotiate.sign_info.doing_signing + && session->transport->negotiate.sign_info.mandatory_signing) { + DEBUG(0, ("SMB signing required, but server does not support it\n")); + c->status = NT_STATUS_ACCESS_DENIED; + } + } + + if (NT_STATUS_IS_OK(c->status)) { + c->state = COMPOSITE_STATE_DONE; + } else { + c->state = COMPOSITE_STATE_ERROR; + } + if (c->async.fn) { + c->async.fn(c); + } +} + + +/* + send a nt1 style session setup +*/ +static NTSTATUS session_setup_nt1(struct composite_context *c, + struct smbcli_session *session, + struct smb_composite_sesssetup *io, + struct smbcli_request **req) +{ + struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); + const struct samr_Password *nt_hash = cli_credentials_get_nt_hash(io->in.credentials, state); + const char *password = cli_credentials_get_password(io->in.credentials); + + state->setup.nt1.level = RAW_SESSSETUP_NT1; + state->setup.nt1.in.bufsize = session->transport->options.max_xmit; + state->setup.nt1.in.mpx_max = session->transport->options.max_mux; + state->setup.nt1.in.vc_num = 1; + state->setup.nt1.in.sesskey = io->in.sesskey; + state->setup.nt1.in.capabilities = io->in.capabilities; + state->setup.nt1.in.os = "Unix"; + state->setup.nt1.in.lanman = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING); + cli_credentials_get_ntlm_username_domain(io->in.credentials, state, + &state->setup.nt1.in.user, + &state->setup.nt1.in.domain); + + if (!password) { + state->setup.nt1.in.password1 = data_blob(NULL, 0); + state->setup.nt1.in.password2 = data_blob(NULL, 0); + } else if (session->transport->negotiate.sec_mode & + NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { + DATA_BLOB session_key; + if (lp_client_ntlmv2_auth()) { + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_netbios_name(), lp_workgroup()); + DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key; + + if (!SMBNTLMv2encrypt_hash(state, + state->setup.nt1.in.user, state->setup.nt1.in.domain, + nt_hash->hash, &session->transport->negotiate.secblob, + &names_blob, + &lmv2_response, &ntlmv2_response, + &lmv2_session_key, &session_key)) { + data_blob_free(&names_blob); + return NT_STATUS_NO_MEMORY; + } + data_blob_free(&names_blob); + state->setup.nt1.in.password1 = lmv2_response; + state->setup.nt1.in.password2 = ntlmv2_response; + + smbcli_transport_simple_set_signing(session->transport, session_key, + state->setup.nt1.in.password2); + set_user_session_key(session, &session_key); + + data_blob_free(&lmv2_session_key); + data_blob_free(&session_key); + } else { + + state->setup.nt1.in.password2 = nt_blob(state, nt_hash, + session->transport->negotiate.secblob); + if (lp_client_lanman_auth()) { + state->setup.nt1.in.password1 = lanman_blob(state, password, + session->transport->negotiate.secblob); + } else { + /* if not sending the LM password, send the NT password twice */ + state->setup.nt1.in.password1 = state->setup.nt1.in.password2; + } + + session_key = data_blob_talloc(session, NULL, 16); + SMBsesskeygen_ntv1(nt_hash->hash, session_key.data); + smbcli_transport_simple_set_signing(session->transport, session_key, + state->setup.nt1.in.password2); + set_user_session_key(session, &session_key); + + data_blob_free(&session_key); + } + + } else if (lp_client_plaintext_auth()) { + state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password)); + state->setup.nt1.in.password2 = data_blob(NULL, 0); + } else { + /* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */ + return NT_STATUS_INVALID_PARAMETER; + } + + *req = smb_raw_sesssetup_send(session, &state->setup); + if (!*req) { + return NT_STATUS_NO_MEMORY; + } + return (*req)->status; +} + + +/* + old style session setup (pre NT1 protocol level) +*/ +static NTSTATUS session_setup_old(struct composite_context *c, + struct smbcli_session *session, + struct smb_composite_sesssetup *io, + struct smbcli_request **req) +{ + struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); + const char *password = cli_credentials_get_password(io->in.credentials); + + state->setup.old.level = RAW_SESSSETUP_OLD; + state->setup.old.in.bufsize = session->transport->options.max_xmit; + state->setup.old.in.mpx_max = session->transport->options.max_mux; + state->setup.old.in.vc_num = 1; + state->setup.old.in.sesskey = io->in.sesskey; + state->setup.old.in.os = "Unix"; + state->setup.old.in.lanman = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING); + cli_credentials_get_ntlm_username_domain(io->in.credentials, state, + &state->setup.old.in.user, + &state->setup.old.in.domain); + + if (!password) { + state->setup.old.in.password = data_blob(NULL, 0); + } else if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { + state->setup.old.in.password = lanman_blob(state, password, + session->transport->negotiate.secblob); + } else { + state->setup.old.in.password = data_blob_talloc(state, + password, + strlen(password)); + } + + *req = smb_raw_sesssetup_send(session, &state->setup); + if (!*req) { + return NT_STATUS_NO_MEMORY; + } + return (*req)->status; +} + + +/* + Modern, all singing, all dancing extended security (and possibly SPNEGO) request +*/ +static NTSTATUS session_setup_spnego(struct composite_context *c, + struct smbcli_session *session, + struct smb_composite_sesssetup *io, + struct smbcli_request **req) +{ + struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); + NTSTATUS status, session_key_err; + DATA_BLOB session_key = data_blob(NULL, 0); + DATA_BLOB null_data_blob = data_blob(NULL, 0); + const char *chosen_oid = NULL; + + state->setup.spnego.level = RAW_SESSSETUP_SPNEGO; + state->setup.spnego.in.bufsize = session->transport->options.max_xmit; + state->setup.spnego.in.mpx_max = session->transport->options.max_mux; + state->setup.spnego.in.vc_num = 1; + state->setup.spnego.in.sesskey = io->in.sesskey; + state->setup.spnego.in.capabilities = io->in.capabilities; + state->setup.spnego.in.os = "Unix"; + state->setup.spnego.in.lanman = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING); + state->setup.spnego.in.workgroup = io->in.workgroup; + + state->setup.spnego.out.vuid = session->vuid; + + smbcli_temp_set_signing(session->transport); + + status = gensec_client_start(session, &session->gensec, c->event_ctx); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status))); + return status; + } + + gensec_want_feature(session->gensec, GENSEC_FEATURE_SESSION_KEY); + + status = gensec_set_credentials(session->gensec, io->in.credentials); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start set GENSEC client credentails: %s\n", + nt_errstr(status))); + return status; + } + + status = gensec_set_target_hostname(session->gensec, session->transport->socket->hostname); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start set GENSEC target hostname: %s\n", + nt_errstr(status))); + return status; + } + + status = gensec_set_target_service(session->gensec, "cifs"); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start set GENSEC target service: %s\n", + nt_errstr(status))); + return status; + } + + if (session->transport->negotiate.secblob.length) { + chosen_oid = GENSEC_OID_SPNEGO; + } else { + /* without a sec blob, means raw NTLMSSP */ + chosen_oid = GENSEC_OID_NTLMSSP; + } + + status = gensec_start_mech_by_oid(session->gensec, chosen_oid); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start set GENSEC client SPNEGO mechanism %s: %s\n", + gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + return status; + } + + status = gensec_update(session->gensec, state, + session->transport->negotiate.secblob, + &state->setup.spnego.in.secblob); + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && + !NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n", + gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + return status; + } + state->gensec_status = status; + + session_key_err = gensec_session_key(session->gensec, &session_key); + if (NT_STATUS_IS_OK(session_key_err)) { + smbcli_transport_simple_set_signing(session->transport, session_key, null_data_blob); + } + + *req = smb_raw_sesssetup_send(session, &state->setup); + if (!*req) { + return NT_STATUS_NO_MEMORY; + } + return (*req)->status; +} + + +/* + composite session setup function that hides the details of all the + different session setup varients, including the multi-pass nature of + the spnego varient +*/ +struct composite_context *smb_composite_sesssetup_send(struct smbcli_session *session, + struct smb_composite_sesssetup *io) +{ + struct composite_context *c; + struct sesssetup_state *state; + NTSTATUS status; + + c = talloc_zero(session, struct composite_context); + if (c == NULL) return NULL; + + state = talloc(c, struct sesssetup_state); + if (state == NULL) { + c->state = COMPOSITE_STATE_ERROR; + c->status = NT_STATUS_NO_MEMORY; + } + + state->io = io; + + c->state = COMPOSITE_STATE_IN_PROGRESS; + c->private_data = state; + c->event_ctx = session->transport->socket->event.ctx; + + /* no session setup at all in earliest protocol varients */ + if (session->transport->negotiate.protocol < PROTOCOL_LANMAN1) { + ZERO_STRUCT(io->out); + c->state = COMPOSITE_STATE_DONE; + return c; + } + + /* see what session setup interface we will use */ + if (session->transport->negotiate.protocol < PROTOCOL_NT1) { + status = session_setup_old(c, session, io, &state->req); + } else if (!session->transport->options.use_spnego || + !(io->in.capabilities & CAP_EXTENDED_SECURITY)) { + status = session_setup_nt1(c, session, io, &state->req); + } else { + status = session_setup_spnego(c, session, io, &state->req); + } + + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || + NT_STATUS_IS_OK(status)) { + state->req->async.fn = request_handler; + state->req->async.private = c; + return c; + } + + c->state = COMPOSITE_STATE_ERROR; + c->status = status; + return c; +} + + +/* + receive a composite session setup reply +*/ +NTSTATUS smb_composite_sesssetup_recv(struct composite_context *c) +{ + NTSTATUS status; + status = composite_wait(c); + talloc_free(c); + return status; +} + +/* + sync version of smb_composite_sesssetup +*/ +NTSTATUS smb_composite_sesssetup(struct smbcli_session *session, struct smb_composite_sesssetup *io) +{ + struct composite_context *c = smb_composite_sesssetup_send(session, io); + return smb_composite_sesssetup_recv(c); +} -- cgit From f9fea8ba7786ef0b633d396c6ae56929325f312b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 29 Sep 2005 00:28:46 +0000 Subject: r10598: Factor out common code, in preperation for a move elsewhere. Andrew Bartlett (This used to be commit 0d757b169a3d521a0d228bed51aa96cf199d5c42) --- source4/libcli/smb_composite/sesssetup.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 2ca862fb2f..700e4ef744 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -199,15 +199,10 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, return NT_STATUS_NO_MEMORY; } data_blob_free(&names_blob); + data_blob_free(&lmv2_session_key); state->setup.nt1.in.password1 = lmv2_response; state->setup.nt1.in.password2 = ntlmv2_response; - smbcli_transport_simple_set_signing(session->transport, session_key, - state->setup.nt1.in.password2); - set_user_session_key(session, &session_key); - - data_blob_free(&lmv2_session_key); - data_blob_free(&session_key); } else { state->setup.nt1.in.password2 = nt_blob(state, nt_hash, @@ -222,13 +217,14 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, session_key = data_blob_talloc(session, NULL, 16); SMBsesskeygen_ntv1(nt_hash->hash, session_key.data); - smbcli_transport_simple_set_signing(session->transport, session_key, - state->setup.nt1.in.password2); - set_user_session_key(session, &session_key); - - data_blob_free(&session_key); } + smbcli_transport_simple_set_signing(session->transport, session_key, + state->setup.nt1.in.password2); + set_user_session_key(session, &session_key); + + data_blob_free(&session_key); + } else if (lp_client_plaintext_auth()) { state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password)); state->setup.nt1.in.password2 = data_blob(NULL, 0); -- cgit From f7ff0540d2b2490b2ef502d02b422e74a298b43d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Oct 2005 03:57:35 +0000 Subject: r10981: Pull code to decide between and implement NTLMv2, NTLM and LM authentication out of the various callers and into the kitchen sink.. err, credentials subsystem. This should ensure consistant logic, as well as get us one step closer to security=server operation in future. Andrew Bartlett (This used to be commit 09c95763301c0f7770d56462e8af4169b8c171fb) --- source4/libcli/smb_composite/sesssetup.c | 118 ++++++++++++------------------- 1 file changed, 47 insertions(+), 71 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 700e4ef744..0d0904b969 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -36,28 +36,6 @@ struct sesssetup_state { }; -/* - form an encrypted lanman password from a plaintext password - and the server supplied challenge -*/ -static DATA_BLOB lanman_blob(TALLOC_CTX *mem_ctx, const char *pass, DATA_BLOB challenge) -{ - DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24); - SMBencrypt(pass, challenge.data, blob.data); - return blob; -} - -/* - form an encrypted NT password from a plaintext password - and the server supplied challenge -*/ -static DATA_BLOB nt_blob(TALLOC_CTX *mem_ctx, const struct samr_Password *nt_hash, DATA_BLOB challenge) -{ - DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24); - SMBOWFencrypt(nt_hash->hash, challenge.data, blob.data); - return blob; -} - /* store the user session key for a transport */ @@ -163,9 +141,19 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, struct smb_composite_sesssetup *io, struct smbcli_request **req) { + NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); - const struct samr_Password *nt_hash = cli_credentials_get_nt_hash(io->in.credentials, state); const char *password = cli_credentials_get_password(io->in.credentials); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup()); + DATA_BLOB session_key; + int flags = CLI_CRED_NTLM_AUTH; + if (lp_client_lanman_auth()) { + flags |= CLI_CRED_LANMAN_AUTH; + } + + if (lp_client_ntlmv2_auth()) { + flags |= CLI_CRED_NTLMv2_AUTH; + } state->setup.nt1.level = RAW_SESSSETUP_NT1; state->setup.nt1.in.bufsize = session->transport->options.max_xmit; @@ -175,56 +163,26 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, state->setup.nt1.in.capabilities = io->in.capabilities; state->setup.nt1.in.os = "Unix"; state->setup.nt1.in.lanman = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING); + cli_credentials_get_ntlm_username_domain(io->in.credentials, state, &state->setup.nt1.in.user, &state->setup.nt1.in.domain); + - if (!password) { - state->setup.nt1.in.password1 = data_blob(NULL, 0); - state->setup.nt1.in.password2 = data_blob(NULL, 0); - } else if (session->transport->negotiate.sec_mode & - NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { - DATA_BLOB session_key; - if (lp_client_ntlmv2_auth()) { - DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_netbios_name(), lp_workgroup()); - DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key; - - if (!SMBNTLMv2encrypt_hash(state, - state->setup.nt1.in.user, state->setup.nt1.in.domain, - nt_hash->hash, &session->transport->negotiate.secblob, - &names_blob, - &lmv2_response, &ntlmv2_response, - &lmv2_session_key, &session_key)) { - data_blob_free(&names_blob); - return NT_STATUS_NO_MEMORY; - } - data_blob_free(&names_blob); - data_blob_free(&lmv2_session_key); - state->setup.nt1.in.password1 = lmv2_response; - state->setup.nt1.in.password2 = ntlmv2_response; - - } else { - - state->setup.nt1.in.password2 = nt_blob(state, nt_hash, - session->transport->negotiate.secblob); - if (lp_client_lanman_auth()) { - state->setup.nt1.in.password1 = lanman_blob(state, password, - session->transport->negotiate.secblob); - } else { - /* if not sending the LM password, send the NT password twice */ - state->setup.nt1.in.password1 = state->setup.nt1.in.password2; - } - - session_key = data_blob_talloc(session, NULL, 16); - SMBsesskeygen_ntv1(nt_hash->hash, session_key.data); - } + if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { + nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state, + &flags, + session->transport->negotiate.secblob, + names_blob, + &state->setup.nt1.in.password1, + &state->setup.nt1.in.password2, + NULL, &session_key); smbcli_transport_simple_set_signing(session->transport, session_key, state->setup.nt1.in.password2); set_user_session_key(session, &session_key); data_blob_free(&session_key); - } else if (lp_client_plaintext_auth()) { state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password)); state->setup.nt1.in.password2 = data_blob(NULL, 0); @@ -249,8 +207,19 @@ static NTSTATUS session_setup_old(struct composite_context *c, struct smb_composite_sesssetup *io, struct smbcli_request **req) { + NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); const char *password = cli_credentials_get_password(io->in.credentials); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup()); + DATA_BLOB session_key; + int flags = 0; + if (lp_client_lanman_auth()) { + flags |= CLI_CRED_LANMAN_AUTH; + } + + if (lp_client_ntlmv2_auth()) { + flags |= CLI_CRED_NTLMv2_AUTH; + } state->setup.old.level = RAW_SESSSETUP_OLD; state->setup.old.in.bufsize = session->transport->options.max_xmit; @@ -263,15 +232,22 @@ static NTSTATUS session_setup_old(struct composite_context *c, &state->setup.old.in.user, &state->setup.old.in.domain); - if (!password) { - state->setup.old.in.password = data_blob(NULL, 0); - } else if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { - state->setup.old.in.password = lanman_blob(state, password, - session->transport->negotiate.secblob); + if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { + nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state, + &flags, + session->transport->negotiate.secblob, + names_blob, + &state->setup.old.in.password, + NULL, + NULL, &session_key); + set_user_session_key(session, &session_key); + + data_blob_free(&session_key); + } else if (lp_client_plaintext_auth()) { + state->setup.old.in.password = data_blob_talloc(state, password, strlen(password)); } else { - state->setup.old.in.password = data_blob_talloc(state, - password, - strlen(password)); + /* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */ + return NT_STATUS_INVALID_PARAMETER; } *req = smb_raw_sesssetup_send(session, &state->setup); -- cgit From 2b7ee2ceee0a1b2be596a602997908f72a3af14d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 12 Nov 2005 01:08:43 +0000 Subject: r11692: added a full composite (async) spnego session setup for SMB2. This simplies the torture code a lot. (This used to be commit 7bf1046fbb7fd83fecb2fa645628ba9a17aab037) --- source4/libcli/smb_composite/sesssetup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 0d0904b969..4cdc4c5e6b 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -370,8 +370,8 @@ struct composite_context *smb_composite_sesssetup_send(struct smbcli_session *se state = talloc(c, struct sesssetup_state); if (state == NULL) { - c->state = COMPOSITE_STATE_ERROR; - c->status = NT_STATUS_NO_MEMORY; + talloc_free(c); + return NULL; } state->io = io; -- cgit From fd007e5512d7818d3a8ed8ff504e175dbe24642c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 28 Jan 2006 11:57:33 +0000 Subject: r13203: Make this comment clearer. Andrew Bartlett (This used to be commit 8e2b461669d2d4d5a789da66b5049ecbddd8fd15) --- source4/libcli/smb_composite/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 4cdc4c5e6b..bf027a0425 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -324,7 +324,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, status = gensec_start_mech_by_oid(session->gensec, chosen_oid); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to start set GENSEC client SPNEGO mechanism %s: %s\n", + DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); return status; } -- cgit From debf1c9a926cf91cde577b9f4f31109899757a8e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 9 Feb 2006 03:06:02 +0000 Subject: r13405: Allow a fallback if SPNEGO is somehow disabled in the client, to just NTLMSSP. Andrew Bartlett (This used to be commit 3e96975d910496db87e8e34e310f0f6d283210bf) --- source4/libcli/smb_composite/sesssetup.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index bf027a0425..2edeb76503 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -326,7 +326,13 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); - return status; + chosen_oid = GENSEC_OID_NTLMSSP; + status = gensec_start_mech_by_oid(session->gensec, chosen_oid); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n", + gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + return status; + } } status = gensec_update(session->gensec, state, -- cgit From 77ffddec1911ac5de3a96a36c9476dce6e67f4f4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 5 Mar 2006 23:06:37 +0000 Subject: r13850: Test (and fix) not using SPNEGO at all, but instead using raw NTLMSSP. The switch to turn off SPNEGO in the client is a bit messy, but it works. Andrew Bartlett (This used to be commit 085ba80cc8a954bd84ecf30e5d57a1583f54062f) --- source4/libcli/smb_composite/sesssetup.c | 38 +++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 13 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 2edeb76503..bbe6a7edfb 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -317,27 +317,39 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, if (session->transport->negotiate.secblob.length) { chosen_oid = GENSEC_OID_SPNEGO; + status = gensec_start_mech_by_oid(session->gensec, chosen_oid); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", + gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + chosen_oid = GENSEC_OID_NTLMSSP; + status = gensec_start_mech_by_oid(session->gensec, chosen_oid); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n", + gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + return status; + } + } } else { /* without a sec blob, means raw NTLMSSP */ chosen_oid = GENSEC_OID_NTLMSSP; - } - - status = gensec_start_mech_by_oid(session->gensec, chosen_oid); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", - gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); - chosen_oid = GENSEC_OID_NTLMSSP; status = gensec_start_mech_by_oid(session->gensec, chosen_oid); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n", + DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); - return status; } } - - status = gensec_update(session->gensec, state, - session->transport->negotiate.secblob, - &state->setup.spnego.in.secblob); + + if (chosen_oid == GENSEC_OID_SPNEGO) { + status = gensec_update(session->gensec, state, + session->transport->negotiate.secblob, + &state->setup.spnego.in.secblob); + } else { + status = gensec_update(session->gensec, state, + data_blob(NULL, 0), + &state->setup.spnego.in.secblob); + + } + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n", -- cgit From 4ac2be99588b48b0652a524bf12fb1aa9c3f5fbb Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Mar 2006 11:07:23 +0000 Subject: r13924: Split more prototypes out of include/proto.h + initial work on header file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781) --- source4/libcli/smb_composite/sesssetup.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index bbe6a7edfb..9e345ab4f8 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -25,6 +25,7 @@ #include "libcli/raw/libcliraw.h" #include "libcli/composite/composite.h" #include "libcli/smb_composite/smb_composite.h" +#include "libcli/auth/proto.h" #include "auth/auth.h" #include "version.h" -- cgit From 3f16241a1d3243447d0244ebac05b447aec94df8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 14 Mar 2006 01:29:56 +0000 Subject: r14363: Remove credentials.h from the global includes. (This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563) --- source4/libcli/smb_composite/sesssetup.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 9e345ab4f8..a62386b672 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -25,6 +25,7 @@ #include "libcli/raw/libcliraw.h" #include "libcli/composite/composite.h" #include "libcli/smb_composite/smb_composite.h" +#include "auth/credentials/credentials.h" #include "libcli/auth/proto.h" #include "auth/auth.h" #include "version.h" -- cgit From e3f2414cf9e582a4e4deecc662b64a7bb2679a34 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 14 Mar 2006 15:03:25 +0000 Subject: r14380: Reduce the size of structs.h (This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe) --- source4/libcli/smb_composite/sesssetup.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index a62386b672..318fc9fbed 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -25,8 +25,7 @@ #include "libcli/raw/libcliraw.h" #include "libcli/composite/composite.h" #include "libcli/smb_composite/smb_composite.h" -#include "auth/credentials/credentials.h" -#include "libcli/auth/proto.h" +#include "libcli/auth/libcli_auth.h" #include "auth/auth.h" #include "version.h" -- cgit From 72a7052fa76777390c3cb45e035e7d8c557af84d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 15 Mar 2006 02:42:21 +0000 Subject: r14414: added some error checks (This used to be commit cd9f3adc759f1dc29043c435febfe78e56fece1b) --- source4/libcli/smb_composite/sesssetup.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 318fc9fbed..0f00d5f9c0 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -178,6 +178,7 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, &state->setup.nt1.in.password1, &state->setup.nt1.in.password2, NULL, &session_key); + NT_STATUS_NOT_OK_RETURN(nt_status); smbcli_transport_simple_set_signing(session->transport, session_key, state->setup.nt1.in.password2); @@ -241,6 +242,7 @@ static NTSTATUS session_setup_old(struct composite_context *c, &state->setup.old.in.password, NULL, NULL, &session_key); + NT_STATUS_NOT_OK_RETURN(nt_status); set_user_session_key(session, &session_key); data_blob_free(&session_key); -- cgit From ed752c800425ffd3db39a770ddaee3ad2d73c494 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 May 2006 14:54:57 +0000 Subject: r15415: Use Jelmer's new credentials 'wrong password' code to give the user 3 attempts for the password, when talking to a remote CIFS server. Andrew Bartlett (This used to be commit 3a4ddc8f5978210ab3ad79f0332cee80a0d6e6c9) --- source4/libcli/smb_composite/sesssetup.c | 53 +++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 0f00d5f9c0..f2d1dcd87d 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -36,6 +36,18 @@ struct sesssetup_state { struct smbcli_request *req; }; +static NTSTATUS session_setup_old(struct composite_context *c, + struct smbcli_session *session, + struct smb_composite_sesssetup *io, + struct smbcli_request **req); +static NTSTATUS session_setup_nt1(struct composite_context *c, + struct smbcli_session *session, + struct smb_composite_sesssetup *io, + struct smbcli_request **req); +static NTSTATUS session_setup_spnego(struct composite_context *c, + struct smbcli_session *session, + struct smb_composite_sesssetup *io, + struct smbcli_request **req); /* store the user session key for a transport @@ -58,21 +70,60 @@ static void request_handler(struct smbcli_request *req) struct smbcli_session *session = req->session; DATA_BLOB session_key = data_blob(NULL, 0); DATA_BLOB null_data_blob = data_blob(NULL, 0); - NTSTATUS session_key_err; + NTSTATUS session_key_err, nt_status; c->status = smb_raw_sesssetup_recv(req, state, &state->setup); switch (state->setup.old.level) { case RAW_SESSSETUP_OLD: state->io->out.vuid = state->setup.old.out.vuid; + if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) { + if (cli_credentials_wrong_password(state->io->in.credentials)) { + nt_status = session_setup_old(c, session, + state->io, + &state->req); + if (NT_STATUS_IS_OK(nt_status)) { + c->status = nt_status; + state->req->async.fn = request_handler; + state->req->async.private = c; + return; + } + } + } break; case RAW_SESSSETUP_NT1: state->io->out.vuid = state->setup.nt1.out.vuid; + if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) { + if (cli_credentials_wrong_password(state->io->in.credentials)) { + nt_status = session_setup_nt1(c, session, + state->io, + &state->req); + if (NT_STATUS_IS_OK(nt_status)) { + c->status = nt_status; + state->req->async.fn = request_handler; + state->req->async.private = c; + return; + } + } + } break; case RAW_SESSSETUP_SPNEGO: session->vuid = state->io->out.vuid = state->setup.spnego.out.vuid; + if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) { + if (cli_credentials_wrong_password(state->io->in.credentials)) { + nt_status = session_setup_spnego(c, session, + state->io, + &state->req); + if (NT_STATUS_IS_OK(nt_status)) { + c->status = nt_status; + state->req->async.fn = request_handler; + state->req->async.private = c; + return; + } + } + } if (!NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(c->status)) { break; -- cgit From 5d689a5de2d6ddfbab1753ff219d9d55cb009cac Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 May 2006 14:59:55 +0000 Subject: r15416: Point out that this doesn't work, but for servers this old, I just don't care... Andrew Bartlett (This used to be commit 8abe7ba619a9499229937435b66005e278bcbf38) --- source4/libcli/smb_composite/sesssetup.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index f2d1dcd87d..1b7756a3f4 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -77,6 +77,8 @@ static void request_handler(struct smbcli_request *req) switch (state->setup.old.level) { case RAW_SESSSETUP_OLD: state->io->out.vuid = state->setup.old.out.vuid; + /* This doesn't work, as this only happens on old + * protocols, where this comparison won't match. */ if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) { if (cli_credentials_wrong_password(state->io->in.credentials)) { nt_status = session_setup_old(c, session, -- cgit From e306c5bf129a981693bd251d45597f1e584ee850 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 20 May 2006 10:46:38 +0000 Subject: r15741: move smb2 request structures into the main smb request structs as new levels metze (This used to be commit 91806353174704857dfcc15a730af7232cfde660) --- source4/libcli/smb_composite/sesssetup.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 1b7756a3f4..0bad2ff1ad 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -165,6 +165,11 @@ static void request_handler(struct smbcli_request *req) state->req->async.private = c; return; } + break; + + case RAW_SESSSETUP_SMB2: + c->status = NT_STATUS_INTERNAL_ERROR; + break; } /* enforce the local signing required flag */ -- cgit From 9c8fa196ba31b63e7632df8216ae11c7ce2ce9de Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 27 Jul 2006 16:20:59 +0000 Subject: r17277: we need to trigger an event when we return directly, otherwise the callers callback function will not be called and the caller is hanging forever... metze (This used to be commit e231eba828486e68c9d3a246e1e0c943fdb8301c) --- source4/libcli/smb_composite/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 0bad2ff1ad..022faea1d7 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -462,7 +462,7 @@ struct composite_context *smb_composite_sesssetup_send(struct smbcli_session *se /* no session setup at all in earliest protocol varients */ if (session->transport->negotiate.protocol < PROTOCOL_LANMAN1) { ZERO_STRUCT(io->out); - c->state = COMPOSITE_STATE_DONE; + composite_done(c); return c; } -- cgit From 827d142e9df24f135d36d3981a1a9eaf679ecc8c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 24 Oct 2006 16:16:31 +0000 Subject: r19481: - reset the vuid before trying a new session setup - only touch session->vuid when needed - it make no sense to set an .spnego.out.vuid metze (This used to be commit 1940fbed154c89d29214ddf293128a70a97bf923) --- source4/libcli/smb_composite/sesssetup.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 022faea1d7..d264f588da 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -80,6 +80,8 @@ static void request_handler(struct smbcli_request *req) /* This doesn't work, as this only happens on old * protocols, where this comparison won't match. */ if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) { + /* we neet to reset the vuid for a new try */ + session->vuid = 0; if (cli_credentials_wrong_password(state->io->in.credentials)) { nt_status = session_setup_old(c, session, state->io, @@ -97,6 +99,8 @@ static void request_handler(struct smbcli_request *req) case RAW_SESSSETUP_NT1: state->io->out.vuid = state->setup.nt1.out.vuid; if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) { + /* we neet to reset the vuid for a new try */ + session->vuid = 0; if (cli_credentials_wrong_password(state->io->in.credentials)) { nt_status = session_setup_nt1(c, session, state->io, @@ -112,8 +116,10 @@ static void request_handler(struct smbcli_request *req) break; case RAW_SESSSETUP_SPNEGO: - session->vuid = state->io->out.vuid = state->setup.spnego.out.vuid; + state->io->out.vuid = state->setup.spnego.out.vuid; if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) { + /* we neet to reset the vuid for a new try */ + session->vuid = 0; if (cli_credentials_wrong_password(state->io->in.credentials)) { nt_status = session_setup_spnego(c, session, state->io, @@ -160,7 +166,14 @@ static void request_handler(struct smbcli_request *req) } if (state->setup.spnego.in.secblob.length) { + /* + * set the session->vuid value only for calling + * smb_raw_sesssetup_send() + */ + uint16_t vuid = session->vuid; + session->vuid = state->io->out.vuid; state->req = smb_raw_sesssetup_send(session, &state->setup); + session->vuid = vuid; state->req->async.fn = request_handler; state->req->async.private = c; return; @@ -343,8 +356,6 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, state->setup.spnego.in.lanman = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING); state->setup.spnego.in.workgroup = io->in.workgroup; - state->setup.spnego.out.vuid = session->vuid; - smbcli_temp_set_signing(session->transport); status = gensec_client_start(session, &session->gensec, c->event_ctx); -- cgit From 13dbee3ffea6065a826f010e50c9b4eb2c6ad109 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Nov 2006 00:48:36 +0000 Subject: r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9) --- source4/libcli/smb_composite/sesssetup.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index d264f588da..8528ac2ef7 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -27,6 +27,8 @@ #include "libcli/smb_composite/smb_composite.h" #include "libcli/auth/libcli_auth.h" #include "auth/auth.h" +#include "auth/gensec/gensec.h" +#include "auth/credentials/credentials.h" #include "version.h" struct sesssetup_state { -- cgit From 298f178dcacad6c92e6e1901243d1ca753a12d6c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 1 May 2007 09:06:25 +0000 Subject: r22628: convert to new composite api and free the smbcli_request explicit to fix a crash where the request handler gets called after its private data is already freed metze (This used to be commit 55306c618807f2661090d2189e269cb3e142ee06) --- source4/libcli/smb_composite/sesssetup.c | 57 ++++++++++++++++---------------- 1 file changed, 28 insertions(+), 29 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 8528ac2ef7..9267d1d38b 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -38,6 +38,16 @@ struct sesssetup_state { struct smbcli_request *req; }; +static int sesssetup_state_destructor(struct sesssetup_state *state) +{ + if (state->req) { + talloc_free(state->req); + state->req = NULL; + } + + return 0; +} + static NTSTATUS session_setup_old(struct composite_context *c, struct smbcli_session *session, struct smb_composite_sesssetup *io, @@ -75,6 +85,7 @@ static void request_handler(struct smbcli_request *req) NTSTATUS session_key_err, nt_status; c->status = smb_raw_sesssetup_recv(req, state, &state->setup); + state->req = NULL; switch (state->setup.old.level) { case RAW_SESSSETUP_OLD: @@ -90,8 +101,7 @@ static void request_handler(struct smbcli_request *req) &state->req); if (NT_STATUS_IS_OK(nt_status)) { c->status = nt_status; - state->req->async.fn = request_handler; - state->req->async.private = c; + composite_continue_smb(c, state->req, request_handler, c); return; } } @@ -109,8 +119,7 @@ static void request_handler(struct smbcli_request *req) &state->req); if (NT_STATUS_IS_OK(nt_status)) { c->status = nt_status; - state->req->async.fn = request_handler; - state->req->async.private = c; + composite_continue_smb(c, state->req, request_handler, c); return; } } @@ -128,8 +137,7 @@ static void request_handler(struct smbcli_request *req) &state->req); if (NT_STATUS_IS_OK(nt_status)) { c->status = nt_status; - state->req->async.fn = request_handler; - state->req->async.private = c; + composite_continue_smb(c, state->req, request_handler, c); return; } } @@ -158,7 +166,7 @@ static void request_handler(struct smbcli_request *req) } else { state->setup.spnego.in.secblob = data_blob(NULL, 0); } - + /* we need to do another round of session setup. We keep going until both sides are happy */ session_key_err = gensec_session_key(session->gensec, &session_key); @@ -176,8 +184,7 @@ static void request_handler(struct smbcli_request *req) session->vuid = state->io->out.vuid; state->req = smb_raw_sesssetup_send(session, &state->setup); session->vuid = vuid; - state->req->async.fn = request_handler; - state->req->async.private = c; + composite_continue_smb(c, state->req, request_handler, c); return; } break; @@ -196,14 +203,12 @@ static void request_handler(struct smbcli_request *req) } } - if (NT_STATUS_IS_OK(c->status)) { - c->state = COMPOSITE_STATE_DONE; - } else { - c->state = COMPOSITE_STATE_ERROR; - } - if (c->async.fn) { - c->async.fn(c); + if (!NT_STATUS_IS_OK(c->status)) { + composite_error(c, c->status); + return; } + + composite_done(c); } @@ -457,20 +462,16 @@ struct composite_context *smb_composite_sesssetup_send(struct smbcli_session *se struct sesssetup_state *state; NTSTATUS status; - c = talloc_zero(session, struct composite_context); + c = composite_create(session, session->transport->socket->event.ctx); if (c == NULL) return NULL; - state = talloc(c, struct sesssetup_state); - if (state == NULL) { - talloc_free(c); - return NULL; - } + state = talloc_zero(c, struct sesssetup_state); + if (composite_nomem(state, c)) return c; + c->private_data = state; state->io = io; - c->state = COMPOSITE_STATE_IN_PROGRESS; - c->private_data = state; - c->event_ctx = session->transport->socket->event.ctx; + talloc_set_destructor(state, sesssetup_state_destructor); /* no session setup at all in earliest protocol varients */ if (session->transport->negotiate.protocol < PROTOCOL_LANMAN1) { @@ -491,13 +492,11 @@ struct composite_context *smb_composite_sesssetup_send(struct smbcli_session *se if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { - state->req->async.fn = request_handler; - state->req->async.private = c; + composite_continue_smb(c, state->req, request_handler, c); return c; } - c->state = COMPOSITE_STATE_ERROR; - c->status = status; + composite_error(c, status); return c; } -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/libcli/smb_composite/sesssetup.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 9267d1d38b..25cf8b3f12 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* a composite API for making handling a generic async session setup -- cgit From 6cf69fee189857ae6f85cd3f81a6a58364839942 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 7 Sep 2007 13:31:15 +0000 Subject: r24994: Fix some C++ warnings. (This used to be commit 925abf74fa1ed5ae726bae8781ec549302786b39) --- source4/libcli/smb_composite/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 25cf8b3f12..579706261a 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -76,7 +76,7 @@ static void set_user_session_key(struct smbcli_session *session, */ static void request_handler(struct smbcli_request *req) { - struct composite_context *c = req->async.private; + struct composite_context *c = (struct composite_context *)req->async.private; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); struct smbcli_session *session = req->session; DATA_BLOB session_key = data_blob(NULL, 0); -- cgit From ffeee68e4b72dd94fee57366bd8d38b8c284c3d4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 8 Sep 2007 12:42:09 +0000 Subject: r25026: Move param/param.h out of includes.h (This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31) --- source4/libcli/smb_composite/sesssetup.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 579706261a..6a14e57ad0 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -29,6 +29,7 @@ #include "auth/gensec/gensec.h" #include "auth/credentials/credentials.h" #include "version.h" +#include "param/param.h" struct sesssetup_state { union smb_sesssetup setup; -- cgit From 37d53832a4623653f706e77985a79d84bd7c6694 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 28 Sep 2007 01:17:46 +0000 Subject: r25398: Parse loadparm context to all lp_*() functions. (This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238) --- source4/libcli/smb_composite/sesssetup.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 6a14e57ad0..6f9e6b0de3 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -223,14 +223,14 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); const char *password = cli_credentials_get_password(io->in.credentials); - DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup()); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup(global_loadparm)); DATA_BLOB session_key; int flags = CLI_CRED_NTLM_AUTH; - if (lp_client_lanman_auth()) { + if (lp_client_lanman_auth(global_loadparm)) { flags |= CLI_CRED_LANMAN_AUTH; } - if (lp_client_ntlmv2_auth()) { + if (lp_client_ntlmv2_auth(global_loadparm)) { flags |= CLI_CRED_NTLMv2_AUTH; } @@ -263,7 +263,7 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, set_user_session_key(session, &session_key); data_blob_free(&session_key); - } else if (lp_client_plaintext_auth()) { + } else if (lp_client_plaintext_auth(global_loadparm)) { state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password)); state->setup.nt1.in.password2 = data_blob(NULL, 0); } else { @@ -290,14 +290,14 @@ static NTSTATUS session_setup_old(struct composite_context *c, NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); const char *password = cli_credentials_get_password(io->in.credentials); - DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup()); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup(global_loadparm)); DATA_BLOB session_key; int flags = 0; - if (lp_client_lanman_auth()) { + if (lp_client_lanman_auth(global_loadparm)) { flags |= CLI_CRED_LANMAN_AUTH; } - if (lp_client_ntlmv2_auth()) { + if (lp_client_ntlmv2_auth(global_loadparm)) { flags |= CLI_CRED_NTLMv2_AUTH; } @@ -324,7 +324,7 @@ static NTSTATUS session_setup_old(struct composite_context *c, set_user_session_key(session, &session_key); data_blob_free(&session_key); - } else if (lp_client_plaintext_auth()) { + } else if (lp_client_plaintext_auth(global_loadparm)) { state->setup.old.in.password = data_blob_talloc(state, password, strlen(password)); } else { /* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */ -- cgit From 2f3551ca7cee59d4d053cceb87abdf1da1b3a1ad Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 1 Oct 2007 18:52:55 +0000 Subject: r25446: Merge some changes I made on the way home from SFO: 2007-09-29 More higher-level passing around of lp_ctx. 2007-09-29 Fix warning. 2007-09-29 Pass loadparm contexts on a higher level. 2007-09-29 Avoid using global loadparm context. (This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42) --- source4/libcli/smb_composite/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 6f9e6b0de3..622367e746 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -418,7 +418,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, } } - if (chosen_oid == GENSEC_OID_SPNEGO) { + if ((const void *)chosen_oid == (const void *)GENSEC_OID_SPNEGO) { status = gensec_update(session->gensec, state, session->transport->negotiate.secblob, &state->setup.spnego.in.secblob); -- cgit From fface33dd731a711688b56593bb703c38090e782 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 19:31:14 +0100 Subject: r26231: Spell check: credentails -> credentials. (This used to be commit 4b46888bd0195ab12190f76868719fc018baafd6) --- source4/libcli/smb_composite/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 622367e746..a726860647 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -375,7 +375,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, status = gensec_set_credentials(session->gensec, io->in.credentials); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to start set GENSEC client credentails: %s\n", + DEBUG(1, ("Failed to start set GENSEC client credentials: %s\n", nt_errstr(status))); return status; } -- cgit From ecea5ce24553989103d4a06296b24f4d29f30a36 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 17:41:50 +0100 Subject: r26260: Store loadparm context in gensec context. (This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081) --- source4/libcli/smb_composite/sesssetup.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index a726860647..3ed0bb2473 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -365,7 +365,8 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, smbcli_temp_set_signing(session->transport); - status = gensec_client_start(session, &session->gensec, c->event_ctx); + status = gensec_client_start(session, &session->gensec, c->event_ctx, + global_loadparm); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status))); return status; -- cgit From 9d09a06920c2de8c6312f3c0a0280faee65fd432 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 6 Jan 2008 22:01:31 -0600 Subject: r26676: libcli: Fill in lp_workgroup() again, should fix my breakage of cifsdd tests. Thanks to Andrew for catching this. Also fixes a typo in sessetup.c. (This used to be commit b97de4a655b989a481d5d001ce9a5d3969d2909c) --- source4/libcli/smb_composite/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 3ed0bb2473..ce7bcc143e 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -129,7 +129,7 @@ static void request_handler(struct smbcli_request *req) case RAW_SESSSETUP_SPNEGO: state->io->out.vuid = state->setup.spnego.out.vuid; if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) { - /* we neet to reset the vuid for a new try */ + /* we need to reset the vuid for a new try */ session->vuid = 0; if (cli_credentials_wrong_password(state->io->in.credentials)) { nt_status = session_setup_spnego(c, session, -- cgit From 263a77c5618daddb0c1e4f0ad0a922bca55faf0d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 21 Feb 2008 15:45:32 +0100 Subject: Remove more uses of global_loadparm. (This used to be commit a1715b1f48ba44bd94844418cc9299649aaf1a5e) --- source4/libcli/smb_composite/sesssetup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index ce7bcc143e..f5a976958d 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -223,7 +223,7 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); const char *password = cli_credentials_get_password(io->in.credentials); - DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup(global_loadparm)); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_iconv_convenience(global_loadparm), session->transport->socket->hostname, lp_workgroup(global_loadparm)); DATA_BLOB session_key; int flags = CLI_CRED_NTLM_AUTH; if (lp_client_lanman_auth(global_loadparm)) { @@ -290,7 +290,7 @@ static NTSTATUS session_setup_old(struct composite_context *c, NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); const char *password = cli_credentials_get_password(io->in.credentials); - DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup(global_loadparm)); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_iconv_convenience(global_loadparm), session->transport->socket->hostname, lp_workgroup(global_loadparm)); DATA_BLOB session_key; int flags = 0; if (lp_client_lanman_auth(global_loadparm)) { -- cgit From 299265d47b5b2faac39fbf908c738f336ea21e67 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 21 Feb 2008 18:09:47 +0100 Subject: Remove yet more global_loadparm instances. (This used to be commit 5de88728ac5c567d3711d1ac6862bbdaced84b75) --- source4/libcli/smb_composite/sesssetup.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index f5a976958d..75a2a579a2 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -226,11 +226,11 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_iconv_convenience(global_loadparm), session->transport->socket->hostname, lp_workgroup(global_loadparm)); DATA_BLOB session_key; int flags = CLI_CRED_NTLM_AUTH; - if (lp_client_lanman_auth(global_loadparm)) { + if (session->options.lanman_auth) { flags |= CLI_CRED_LANMAN_AUTH; } - if (lp_client_ntlmv2_auth(global_loadparm)) { + if (session->options.ntlmv2_auth) { flags |= CLI_CRED_NTLMv2_AUTH; } @@ -263,7 +263,7 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, set_user_session_key(session, &session_key); data_blob_free(&session_key); - } else if (lp_client_plaintext_auth(global_loadparm)) { + } else if (session->options.plaintext_auth) { state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password)); state->setup.nt1.in.password2 = data_blob(NULL, 0); } else { @@ -293,11 +293,11 @@ static NTSTATUS session_setup_old(struct composite_context *c, DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_iconv_convenience(global_loadparm), session->transport->socket->hostname, lp_workgroup(global_loadparm)); DATA_BLOB session_key; int flags = 0; - if (lp_client_lanman_auth(global_loadparm)) { + if (session->options.lanman_auth) { flags |= CLI_CRED_LANMAN_AUTH; } - if (lp_client_ntlmv2_auth(global_loadparm)) { + if (session->options.ntlmv2_auth) { flags |= CLI_CRED_NTLMv2_AUTH; } @@ -324,7 +324,7 @@ static NTSTATUS session_setup_old(struct composite_context *c, set_user_session_key(session, &session_key); data_blob_free(&session_key); - } else if (lp_client_plaintext_auth(global_loadparm)) { + } else if (session->options.plaintext_auth) { state->setup.old.in.password = data_blob_talloc(state, password, strlen(password)); } else { /* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */ -- cgit From afe3e8172ddaa5e4aa811faceecda4f943d6e2ef Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2008 04:53:27 +0200 Subject: Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) --- source4/libcli/smb_composite/sesssetup.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 75a2a579a2..1427fe525b 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -22,8 +22,10 @@ #include "includes.h" #include "libcli/raw/libcliraw.h" +#include "libcli/raw/raw_proto.h" #include "libcli/composite/composite.h" #include "libcli/smb_composite/smb_composite.h" +#include "libcli/smb_composite/proto.h" #include "libcli/auth/libcli_auth.h" #include "auth/auth.h" #include "auth/gensec/gensec.h" -- cgit From c4219fd8030494986c5fa418c46defb1a9c05c7e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 25 Apr 2008 15:08:52 +0100 Subject: Make the composite 'connect to server' code useful for security=server The ability to short-circuit the connection code to only do a negprot allows us to do the rest once we have the user's password. We return the 8 byte challenge so we can pass it to the client. Andrew Bartlett (This used to be commit 40fe386b0374df8b390b995c332d048dbbc08f1b) --- source4/libcli/smb_composite/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/smb_composite/sesssetup.c') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 1427fe525b..11ac37e257 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -224,7 +224,6 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, { NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); - const char *password = cli_credentials_get_password(io->in.credentials); DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_iconv_convenience(global_loadparm), session->transport->socket->hostname, lp_workgroup(global_loadparm)); DATA_BLOB session_key; int flags = CLI_CRED_NTLM_AUTH; @@ -266,6 +265,7 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, data_blob_free(&session_key); } else if (session->options.plaintext_auth) { + const char *password = cli_credentials_get_password(io->in.credentials); state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password)); state->setup.nt1.in.password2 = data_blob(NULL, 0); } else { -- cgit