From d67e47e5cd11c928299dc03ce2ff521e2d3cca83 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 24 Apr 2008 16:27:36 +0100 Subject: Add comment explaining why io.in.workgroup isn't important. This protocol feild isn't used by servers (apparently), so we might be able to get rid of it. Andrew Bartlett (This used to be commit 58935acc7c8e97323d5d5979234ef26ef8a100a4) --- source4/libcli/raw/clitree.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/libcli') diff --git a/source4/libcli/raw/clitree.c b/source4/libcli/raw/clitree.c index d5075f9271..15cd70833c 100644 --- a/source4/libcli/raw/clitree.c +++ b/source4/libcli/raw/clitree.c @@ -193,6 +193,11 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx, io.in.service_type = service_type; io.in.credentials = credentials; io.in.fallback_to_anonymous = false; + + /* This workgroup gets sent out by the SPNEGO session setup. + * I don't know of any servers that look at it, so we might + * hardcode it to "" some day, when the war on global_loadparm + * is complete -- abartlet 2008-04-28 */ io.in.workgroup = lp_workgroup(global_loadparm); io.in.options = *options; -- cgit From c4219fd8030494986c5fa418c46defb1a9c05c7e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 25 Apr 2008 15:08:52 +0100 Subject: Make the composite 'connect to server' code useful for security=server The ability to short-circuit the connection code to only do a negprot allows us to do the rest once we have the user's password. We return the 8 byte challenge so we can pass it to the client. Andrew Bartlett (This used to be commit 40fe386b0374df8b390b995c332d048dbbc08f1b) --- source4/libcli/smb_composite/connect.c | 42 ++++++++++++++++++++-------- source4/libcli/smb_composite/sesssetup.c | 2 +- source4/libcli/smb_composite/smb_composite.h | 5 ++-- 3 files changed, 35 insertions(+), 14 deletions(-) (limited to 'source4/libcli') diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index c4abfa5e37..4400c61a81 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -38,7 +38,9 @@ enum connect_stage {CONNECT_RESOLVE, CONNECT_NEGPROT, CONNECT_SESSION_SETUP, CONNECT_SESSION_SETUP_ANON, - CONNECT_TCON}; + CONNECT_TCON, + CONNECT_DONE +}; struct connect_state { enum connect_stage stage; @@ -97,8 +99,7 @@ static NTSTATUS connect_tcon(struct composite_context *c, state->io_tcon->tconx.out.fs_type); } - /* all done! */ - c->state = COMPOSITE_STATE_DONE; + state->stage = CONNECT_DONE; return NT_STATUS_OK; } @@ -203,6 +204,13 @@ static NTSTATUS connect_session_setup(struct composite_context *c, state->session->vuid = state->io_setup->out.vuid; + /* If we don't have a remote share name then this indicates that + * we don't want to do a tree connect */ + if (!io->in.service) { + state->stage = CONNECT_DONE; + return NT_STATUS_OK; + } + /* setup for a tconx */ io->out.tree = smbcli_tree_init(state->session, state, true); NT_STATUS_HAVE_NO_MEMORY(io->out.tree); @@ -251,10 +259,23 @@ static NTSTATUS connect_negprot(struct composite_context *c, status = smb_raw_negotiate_recv(state->req); NT_STATUS_NOT_OK_RETURN(status); + if (!(state->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY)) { + io->out.negprot_challenge = state->transport->negotiate.secblob; + } else { + io->out.negprot_challenge = data_blob(NULL, 0); + } + + /* If we don't have any credentials then this indicates that + * we don't want to do a session setup */ + if (!io->in.credentials) { + state->stage = CONNECT_DONE; + return NT_STATUS_OK; + } + /* next step is a session setup */ state->session = smbcli_session_init(state->transport, state, true); NT_STATUS_HAVE_NO_MEMORY(state->session); - + state->io_setup = talloc(c, struct smb_composite_sesssetup); NT_STATUS_HAVE_NO_MEMORY(state->io_setup); @@ -272,6 +293,7 @@ static NTSTATUS connect_negprot(struct composite_context *c, state->creq->async.fn = composite_handler; state->creq->async.private_data = c; + state->stage = CONNECT_SESSION_SETUP; return NT_STATUS_OK; @@ -405,13 +427,11 @@ static void state_handler(struct composite_context *c) break; } - if (!NT_STATUS_IS_OK(c->status)) { - c->state = COMPOSITE_STATE_ERROR; - } - - if (c->state >= COMPOSITE_STATE_DONE && - c->async.fn) { - c->async.fn(c); + if (state->stage == CONNECT_DONE) { + /* all done! */ + composite_done(c); + } else { + composite_is_ok(c); } } diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 1427fe525b..11ac37e257 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -224,7 +224,6 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, { NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); - const char *password = cli_credentials_get_password(io->in.credentials); DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_iconv_convenience(global_loadparm), session->transport->socket->hostname, lp_workgroup(global_loadparm)); DATA_BLOB session_key; int flags = CLI_CRED_NTLM_AUTH; @@ -266,6 +265,7 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, data_blob_free(&session_key); } else if (session->options.plaintext_auth) { + const char *password = cli_credentials_get_password(io->in.credentials); state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password)); state->setup.nt1.in.password2 = data_blob(NULL, 0); } else { diff --git a/source4/libcli/smb_composite/smb_composite.h b/source4/libcli/smb_composite/smb_composite.h index e7e131869c..80746f2732 100644 --- a/source4/libcli/smb_composite/smb_composite.h +++ b/source4/libcli/smb_composite/smb_composite.h @@ -83,8 +83,8 @@ struct smb_composite_savefile { - socket establishment - session request - negprot - - session setup - - tree connect + - session setup (if credentials are not NULL) + - tree connect (if service is not NULL) */ struct smb_composite_connect { struct { @@ -101,6 +101,7 @@ struct smb_composite_connect { struct { struct smbcli_tree *tree; bool anonymous_fallback_done; + DATA_BLOB negprot_challenge; } out; }; -- cgit From 35e45534c64930a0f22c5975c64be41d96265a00 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 25 Apr 2008 15:59:22 +0100 Subject: Revert to using the old CIFS connection API. Rather than add a new 'out' member to the API, simply fill in the 'tree' early enough that we can access the server challenge there. Andrew Bartlett (This used to be commit 6dbbcf8aaf9b93af970d1701dfb185460d4dc788) --- source4/libcli/smb_composite/connect.c | 24 ++++++++---------------- source4/libcli/smb_composite/smb_composite.h | 1 - 2 files changed, 8 insertions(+), 17 deletions(-) (limited to 'source4/libcli') diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index 4400c61a81..39c614f042 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -122,9 +122,6 @@ static NTSTATUS connect_session_setup_anon(struct composite_context *c, state->session->vuid = state->io_setup->out.vuid; /* setup for a tconx */ - io->out.tree = smbcli_tree_init(state->session, state, true); - NT_STATUS_HAVE_NO_MEMORY(io->out.tree); - state->io_tcon = talloc(c, union smb_tcon); NT_STATUS_HAVE_NO_MEMORY(state->io_tcon); @@ -211,10 +208,6 @@ static NTSTATUS connect_session_setup(struct composite_context *c, return NT_STATUS_OK; } - /* setup for a tconx */ - io->out.tree = smbcli_tree_init(state->session, state, true); - NT_STATUS_HAVE_NO_MEMORY(io->out.tree); - state->io_tcon = talloc(c, union smb_tcon); NT_STATUS_HAVE_NO_MEMORY(state->io_tcon); @@ -259,11 +252,14 @@ static NTSTATUS connect_negprot(struct composite_context *c, status = smb_raw_negotiate_recv(state->req); NT_STATUS_NOT_OK_RETURN(status); - if (!(state->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY)) { - io->out.negprot_challenge = state->transport->negotiate.secblob; - } else { - io->out.negprot_challenge = data_blob(NULL, 0); - } + /* next step is a session setup */ + state->session = smbcli_session_init(state->transport, state, true); + NT_STATUS_HAVE_NO_MEMORY(state->session); + + /* setup for a tconx (or at least have the structure ready to + * return, if we won't go that far) */ + io->out.tree = smbcli_tree_init(state->session, state, true); + NT_STATUS_HAVE_NO_MEMORY(io->out.tree); /* If we don't have any credentials then this indicates that * we don't want to do a session setup */ @@ -272,10 +268,6 @@ static NTSTATUS connect_negprot(struct composite_context *c, return NT_STATUS_OK; } - /* next step is a session setup */ - state->session = smbcli_session_init(state->transport, state, true); - NT_STATUS_HAVE_NO_MEMORY(state->session); - state->io_setup = talloc(c, struct smb_composite_sesssetup); NT_STATUS_HAVE_NO_MEMORY(state->io_setup); diff --git a/source4/libcli/smb_composite/smb_composite.h b/source4/libcli/smb_composite/smb_composite.h index 80746f2732..afee11ce3b 100644 --- a/source4/libcli/smb_composite/smb_composite.h +++ b/source4/libcli/smb_composite/smb_composite.h @@ -101,7 +101,6 @@ struct smb_composite_connect { struct { struct smbcli_tree *tree; bool anonymous_fallback_done; - DATA_BLOB negprot_challenge; } out; }; -- cgit From f8fb5d8c4da11cdb8ac79649fd74047d4cc42c68 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 5 May 2008 12:57:23 +1000 Subject: Reorder this function in the file, so it reads bottom-up. The rest of this file reads bottom-up, but this function (connect_send_negprot()) was out of place. Andrew Bartlett (This used to be commit f0c95cd74fb6fea57cef89b59e5d2f10ea25c138) --- source4/libcli/smb_composite/connect.c | 37 +++++++++++++++++----------------- 1 file changed, 18 insertions(+), 19 deletions(-) (limited to 'source4/libcli') diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index 39c614f042..e56339f96b 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -58,25 +58,6 @@ struct connect_state { static void request_handler(struct smbcli_request *); static void composite_handler(struct composite_context *); -/* - setup a negprot send -*/ -static NTSTATUS connect_send_negprot(struct composite_context *c, - struct smb_composite_connect *io) -{ - struct connect_state *state = talloc_get_type(c->private_data, struct connect_state); - - state->req = smb_raw_negotiate_send(state->transport, io->in.options.unicode, io->in.options.max_protocol); - NT_STATUS_HAVE_NO_MEMORY(state->req); - - state->req->async.fn = request_handler; - state->req->async.private = c; - state->stage = CONNECT_NEGPROT; - - return NT_STATUS_OK; -} - - /* a tree connect request has completed */ @@ -291,6 +272,24 @@ static NTSTATUS connect_negprot(struct composite_context *c, return NT_STATUS_OK; } +/* + setup a negprot send +*/ +static NTSTATUS connect_send_negprot(struct composite_context *c, + struct smb_composite_connect *io) +{ + struct connect_state *state = talloc_get_type(c->private_data, struct connect_state); + + state->req = smb_raw_negotiate_send(state->transport, io->in.options.unicode, io->in.options.max_protocol); + NT_STATUS_HAVE_NO_MEMORY(state->req); + + state->req->async.fn = request_handler; + state->req->async.private = c; + state->stage = CONNECT_NEGPROT; + + return NT_STATUS_OK; +} + /* a session request operation has completed -- cgit