1 /*
2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
10 Copyright (C) SATOH Fumiyasu <fumiyas@osstech.co.jp> 2009.
11
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
16
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
21
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 #include "includes.h"
27 #include "libsmb/libsmb.h"
28 #include "libsmbclient.h"
29 #include "libsmb_internal.h"
30 #include "../librpc/gen_ndr/ndr_lsa.h"
31 #include "rpc_client/cli_pipe.h"
32 #include "rpc_client/cli_lsarpc.h"
33 #include "libcli/security/security.h"
34 #include "libsmb/nmblib.h"
35 #include "../libcli/smb/smbXcli_base.h"
36
37 /*
38 * Check a server for being alive and well.
39 * returns 0 if the server is in shape. Returns 1 on error
40 *
41 * Also useable outside libsmbclient to enable external cache
42 * to do some checks too.
43 */
44 int
SMBC_check_server(SMBCCTX * context,SMBCSRV * server)45 SMBC_check_server(SMBCCTX * context,
46 SMBCSRV * server)
47 {
48 time_t now;
49
50 if (!cli_state_is_connected(server->cli)) {
51 return 1;
52 }
53
54 now = time_mono(NULL);
55
56 if (server->last_echo_time == (time_t)0 ||
57 now > server->last_echo_time +
58 (server->cli->timeout/1000)) {
59 unsigned char data[16] = {0};
60 NTSTATUS status = cli_echo(server->cli,
61 1,
62 data_blob_const(data, sizeof(data)));
63 if (!NT_STATUS_IS_OK(status)) {
64 /*
65 * Some NetApp servers return
66 * NT_STATUS_INVALID_PARAMETER.That's OK, they still
67 * replied.
68 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007
69 */
70 if (!NT_STATUS_EQUAL(status,
71 NT_STATUS_INVALID_PARAMETER)) {
72 return 1;
73 }
74 }
75 server->last_echo_time = now;
76 }
77 return 0;
78 }
79
80 /*
81 * Remove a server from the cached server list it's unused.
82 * On success, 0 is returned. 1 is returned if the server could not be removed.
83 *
84 * Also useable outside libsmbclient
85 */
86 int
SMBC_remove_unused_server(SMBCCTX * context,SMBCSRV * srv)87 SMBC_remove_unused_server(SMBCCTX * context,
88 SMBCSRV * srv)
89 {
90 SMBCFILE * file;
91
92 /* are we being fooled ? */
93 if (!context || !context->internal->initialized || !srv) {
94 return 1;
95 }
96
97 /* Check all open files/directories for a relation with this server */
98 for (file = context->internal->files; file; file = file->next) {
99 if (file->srv == srv) {
100 /* Still used */
101 DEBUG(3, ("smbc_remove_usused_server: "
102 "%p still used by %p.\n",
103 srv, file));
104 return 1;
105 }
106 }
107
108 DLIST_REMOVE(context->internal->servers, srv);
109
110 cli_shutdown(srv->cli);
111 srv->cli = NULL;
112
113 DEBUG(3, ("smbc_remove_usused_server: %p removed.\n", srv));
114
115 smbc_getFunctionRemoveCachedServer(context)(context, srv);
116
117 SAFE_FREE(srv);
118 return 0;
119 }
120
121 /****************************************************************
122 * Call the auth_fn with fixed size (fstring) buffers.
123 ***************************************************************/
124 static void
SMBC_call_auth_fn(TALLOC_CTX * ctx,SMBCCTX * context,const char * server,const char * share,char ** pp_workgroup,char ** pp_username,char ** pp_password)125 SMBC_call_auth_fn(TALLOC_CTX *ctx,
126 SMBCCTX *context,
127 const char *server,
128 const char *share,
129 char **pp_workgroup,
130 char **pp_username,
131 char **pp_password)
132 {
133 fstring workgroup = { 0 };
134 fstring username = { 0 };
135 fstring password = { 0 };
136 smbc_get_auth_data_with_context_fn auth_with_context_fn;
137
138 if (*pp_workgroup != NULL) {
139 strlcpy(workgroup, *pp_workgroup, sizeof(workgroup));
140 }
141 if (*pp_username != NULL) {
142 strlcpy(username, *pp_username, sizeof(username));
143 }
144 if (*pp_password != NULL) {
145 strlcpy(password, *pp_password, sizeof(password));
146 }
147
148 /* See if there's an authentication with context function provided */
149 auth_with_context_fn = smbc_getFunctionAuthDataWithContext(context);
150 if (auth_with_context_fn)
151 {
152 (* auth_with_context_fn)(context,
153 server, share,
154 workgroup, sizeof(workgroup),
155 username, sizeof(username),
156 password, sizeof(password));
157 }
158 else
159 {
160 smbc_getFunctionAuthData(context)(server, share,
161 workgroup, sizeof(workgroup),
162 username, sizeof(username),
163 password, sizeof(password));
164 }
165
166 TALLOC_FREE(*pp_workgroup);
167 TALLOC_FREE(*pp_username);
168 TALLOC_FREE(*pp_password);
169
170 *pp_workgroup = talloc_strdup(ctx, workgroup);
171 *pp_username = talloc_strdup(ctx, username);
172 *pp_password = talloc_strdup(ctx, password);
173 }
174
175
176 void
SMBC_get_auth_data(const char * server,const char * share,char * workgroup_buf,int workgroup_buf_len,char * username_buf,int username_buf_len,char * password_buf,int password_buf_len)177 SMBC_get_auth_data(const char *server, const char *share,
178 char *workgroup_buf, int workgroup_buf_len,
179 char *username_buf, int username_buf_len,
180 char *password_buf, int password_buf_len)
181 {
182 /* Default function just uses provided data. Nothing to do. */
183 }
184
185
186
187 SMBCSRV *
SMBC_find_server(TALLOC_CTX * ctx,SMBCCTX * context,const char * server,const char * share,char ** pp_workgroup,char ** pp_username,char ** pp_password)188 SMBC_find_server(TALLOC_CTX *ctx,
189 SMBCCTX *context,
190 const char *server,
191 const char *share,
192 char **pp_workgroup,
193 char **pp_username,
194 char **pp_password)
195 {
196 SMBCSRV *srv;
197 int auth_called = 0;
198
199 if (!pp_workgroup || !pp_username || !pp_password) {
200 return NULL;
201 }
202
203 check_server_cache:
204
205 srv = smbc_getFunctionGetCachedServer(context)(context,
206 server, share,
207 *pp_workgroup,
208 *pp_username);
209
210 if (!auth_called && !srv && (!*pp_username || !(*pp_username)[0] ||
211 !*pp_password || !(*pp_password)[0])) {
212 SMBC_call_auth_fn(ctx, context, server, share,
213 pp_workgroup, pp_username, pp_password);
214
215 /*
216 * However, smbc_auth_fn may have picked up info relating to
217 * an existing connection, so try for an existing connection
218 * again ...
219 */
220 auth_called = 1;
221 goto check_server_cache;
222
223 }
224
225 if (srv) {
226 if (smbc_getFunctionCheckServer(context)(context, srv)) {
227 /*
228 * This server is no good anymore
229 * Try to remove it and check for more possible
230 * servers in the cache
231 */
232 if (smbc_getFunctionRemoveUnusedServer(context)(context,
233 srv)) {
234 /*
235 * We could not remove the server completely,
236 * remove it from the cache so we will not get
237 * it again. It will be removed when the last
238 * file/dir is closed.
239 */
240 smbc_getFunctionRemoveCachedServer(context)(context,
241 srv);
242 }
243
244 /*
245 * Maybe there are more cached connections to this
246 * server
247 */
248 goto check_server_cache;
249 }
250
251 return srv;
252 }
253
254 return NULL;
255 }
256
257 /*
258 * Connect to a server, possibly on an existing connection
259 *
260 * Here, what we want to do is: If the server and username
261 * match an existing connection, reuse that, otherwise, establish a
262 * new connection.
263 *
264 * If we have to create a new connection, call the auth_fn to get the
265 * info we need, unless the username and password were passed in.
266 */
267
268 static SMBCSRV *
SMBC_server_internal(TALLOC_CTX * ctx,SMBCCTX * context,bool connect_if_not_found,const char * server,uint16_t port,const char * share,char ** pp_workgroup,char ** pp_username,char ** pp_password,bool * in_cache)269 SMBC_server_internal(TALLOC_CTX *ctx,
270 SMBCCTX *context,
271 bool connect_if_not_found,
272 const char *server,
273 uint16_t port,
274 const char *share,
275 char **pp_workgroup,
276 char **pp_username,
277 char **pp_password,
278 bool *in_cache)
279 {
280 SMBCSRV *srv=NULL;
281 char *workgroup = NULL;
282 struct cli_state *c = NULL;
283 const char *server_n = server;
284 int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
285 uint32_t fs_attrs = 0;
286 const char *username_used = NULL;
287 const char *password_used = NULL;
288 NTSTATUS status;
289 char *newserver, *newshare;
290 int flags = 0;
291 struct smbXcli_tcon *tcon = NULL;
292 int signing_state = SMB_SIGNING_DEFAULT;
293 struct cli_credentials *creds = NULL;
294 bool use_kerberos = false;
295 bool fallback_after_kerberos = false;
296 bool use_ccache = false;
297 bool pw_nt_hash = false;
298
299 ZERO_STRUCT(c);
300 *in_cache = false;
301
302 if (server[0] == 0) {
303 errno = EPERM;
304 return NULL;
305 }
306
307 /* Look for a cached connection */
308 srv = SMBC_find_server(ctx, context, server, share,
309 pp_workgroup, pp_username, pp_password);
310
311 /*
312 * If we found a connection and we're only allowed one share per
313 * server...
314 */
315 if (srv &&
316 share != NULL && *share != '\0' &&
317 smbc_getOptionOneSharePerServer(context)) {
318
319 /*
320 * ... then if there's no current connection to the share,
321 * connect to it. SMBC_find_server(), or rather the function
322 * pointed to by context->get_cached_srv_fn which
323 * was called by SMBC_find_server(), will have issued a tree
324 * disconnect if the requested share is not the same as the
325 * one that was already connected.
326 */
327
328 /*
329 * Use srv->cli->desthost and srv->cli->share instead of
330 * server and share below to connect to the actual share,
331 * i.e., a normal share or a referred share from
332 * 'msdfs proxy' share.
333 */
334 if (!cli_state_has_tcon(srv->cli)) {
335 /* Ensure we have accurate auth info */
336 SMBC_call_auth_fn(ctx, context,
337 smbXcli_conn_remote_name(srv->cli->conn),
338 srv->cli->share,
339 pp_workgroup,
340 pp_username,
341 pp_password);
342
343 if (!*pp_workgroup || !*pp_username || !*pp_password) {
344 errno = ENOMEM;
345 cli_shutdown(srv->cli);
346 srv->cli = NULL;
347 smbc_getFunctionRemoveCachedServer(context)(context,
348 srv);
349 return NULL;
350 }
351
352 /*
353 * We don't need to renegotiate encryption
354 * here as the encryption context is not per
355 * tid.
356 */
357
358 status = cli_tree_connect(srv->cli,
359 srv->cli->share,
360 "?????",
361 *pp_password);
362 if (!NT_STATUS_IS_OK(status)) {
363 cli_shutdown(srv->cli);
364 errno = map_errno_from_nt_status(status);
365 srv->cli = NULL;
366 smbc_getFunctionRemoveCachedServer(context)(context,
367 srv);
368 srv = NULL;
369 }
370
371 /* Determine if this share supports case sensitivity */
372 if (is_ipc) {
373 DEBUG(4,
374 ("IPC$ so ignore case sensitivity\n"));
375 status = NT_STATUS_OK;
376 } else {
377 status = cli_get_fs_attr_info(c, &fs_attrs);
378 }
379
380 if (!NT_STATUS_IS_OK(status)) {
381 DEBUG(4, ("Could not retrieve "
382 "case sensitivity flag: %s.\n",
383 nt_errstr(status)));
384
385 /*
386 * We can't determine the case sensitivity of
387 * the share. We have no choice but to use the
388 * user-specified case sensitivity setting.
389 */
390 if (smbc_getOptionCaseSensitive(context)) {
391 cli_set_case_sensitive(c, True);
392 } else {
393 cli_set_case_sensitive(c, False);
394 }
395 } else if (!is_ipc) {
396 DEBUG(4,
397 ("Case sensitive: %s\n",
398 (fs_attrs & FILE_CASE_SENSITIVE_SEARCH
399 ? "True"
400 : "False")));
401 cli_set_case_sensitive(
402 c,
403 (fs_attrs & FILE_CASE_SENSITIVE_SEARCH
404 ? True
405 : False));
406 }
407
408 /*
409 * Regenerate the dev value since it's based on both
410 * server and share
411 */
412 if (srv) {
413 const char *remote_name =
414 smbXcli_conn_remote_name(srv->cli->conn);
415
416 srv->dev = (dev_t)(str_checksum(remote_name) ^
417 str_checksum(srv->cli->share));
418 }
419 }
420 }
421
422 /* If we have a connection... */
423 if (srv) {
424
425 /* ... then we're done here. Give 'em what they came for. */
426 *in_cache = true;
427 goto done;
428 }
429
430 /* If we're not asked to connect when a connection doesn't exist... */
431 if (! connect_if_not_found) {
432 /* ... then we're done here. */
433 return NULL;
434 }
435
436 if (!*pp_workgroup || !*pp_username || !*pp_password) {
437 errno = ENOMEM;
438 return NULL;
439 }
440
441 DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
442
443 DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
444
445 status = NT_STATUS_UNSUCCESSFUL;
446
447 if (smbc_getOptionUseKerberos(context)) {
448 flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
449 use_kerberos = true;
450 }
451
452 if (smbc_getOptionFallbackAfterKerberos(context)) {
453 flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
454 fallback_after_kerberos = true;
455 }
456
457 if (smbc_getOptionUseCCache(context)) {
458 flags |= CLI_FULL_CONNECTION_USE_CCACHE;
459 use_ccache = true;
460 }
461
462 if (smbc_getOptionUseNTHash(context)) {
463 flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
464 pw_nt_hash = true;
465 }
466
467 if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
468 signing_state = SMB_SIGNING_REQUIRED;
469 }
470
471 if (port == 0) {
472 if (share == NULL || *share == '\0' || is_ipc) {
473 /*
474 * Try 139 first for IPC$
475 */
476 status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20,
477 smbc_getNetbiosName(context),
478 signing_state, flags, &c);
479 }
480 }
481
482 if (!NT_STATUS_IS_OK(status)) {
483 /*
484 * No IPC$ or 139 did not work
485 */
486 status = cli_connect_nb(server_n, NULL, port, 0x20,
487 smbc_getNetbiosName(context),
488 signing_state, flags, &c);
489 }
490
491 if (!NT_STATUS_IS_OK(status)) {
492 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
493 DBG_ERR("NetBIOS support disabled, unable to connect");
494 }
495
496 errno = map_errno_from_nt_status(status);
497 return NULL;
498 }
499
500 cli_set_timeout(c, smbc_getTimeout(context));
501
502 status = smbXcli_negprot(c->conn, c->timeout,
503 lp_client_min_protocol(),
504 lp_client_max_protocol());
505 if (!NT_STATUS_IS_OK(status)) {
506 cli_shutdown(c);
507 errno = map_errno_from_nt_status(status);
508 return NULL;
509 }
510
511 if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
512 /* Ensure we ask for some initial credits. */
513 smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
514 }
515
516 username_used = *pp_username;
517 password_used = *pp_password;
518
519 creds = cli_session_creds_init(c,
520 username_used,
521 *pp_workgroup,
522 NULL, /* realm */
523 password_used,
524 use_kerberos,
525 fallback_after_kerberos,
526 use_ccache,
527 pw_nt_hash);
528 if (creds == NULL) {
529 cli_shutdown(c);
530 errno = ENOMEM;
531 return NULL;
532 }
533
534 status = cli_session_setup_creds(c, creds);
535 if (!NT_STATUS_IS_OK(status)) {
536
537 /* Failed. Try an anonymous login, if allowed by flags. */
538 username_used = "";
539 password_used = "";
540
541 if (smbc_getOptionNoAutoAnonymousLogin(context) ||
542 !NT_STATUS_IS_OK(cli_session_setup_anon(c))) {
543
544 cli_shutdown(c);
545 errno = EPERM;
546 return NULL;
547 }
548 }
549
550 DEBUG(4,(" session setup ok\n"));
551
552 /* here's the fun part....to support 'msdfs proxy' shares
553 (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
554 here before trying to connect to the original share.
555 cli_check_msdfs_proxy() will fail if it is a normal share. */
556
557 if (smbXcli_conn_dfs_supported(c->conn) &&
558 cli_check_msdfs_proxy(ctx, c, share,
559 &newserver, &newshare,
560 /* FIXME: cli_check_msdfs_proxy() does
561 not support smbc_smb_encrypt_level type */
562 context->internal->smb_encryption_level ?
563 true : false,
564 creds)) {
565 cli_shutdown(c);
566 srv = SMBC_server_internal(ctx, context, connect_if_not_found,
567 newserver, port, newshare, pp_workgroup,
568 pp_username, pp_password, in_cache);
569 TALLOC_FREE(newserver);
570 TALLOC_FREE(newshare);
571 return srv;
572 }
573
574 /* must be a normal share */
575
576 status = cli_tree_connect_creds(c, share, "?????", creds);
577 if (!NT_STATUS_IS_OK(status)) {
578 cli_shutdown(c);
579 errno = map_errno_from_nt_status(status);
580 return NULL;
581 }
582
583 DEBUG(4,(" tconx ok\n"));
584
585 if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
586 tcon = c->smb2.tcon;
587 } else {
588 tcon = c->smb1.tcon;
589 }
590
591 /* Determine if this share supports case sensitivity */
592 if (is_ipc) {
593 DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
594 status = NT_STATUS_OK;
595 } else {
596 status = cli_get_fs_attr_info(c, &fs_attrs);
597 }
598
599 if (!NT_STATUS_IS_OK(status)) {
600 DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
601 nt_errstr(status)));
602
603 /*
604 * We can't determine the case sensitivity of the share. We
605 * have no choice but to use the user-specified case
606 * sensitivity setting.
607 */
608 if (smbc_getOptionCaseSensitive(context)) {
609 cli_set_case_sensitive(c, True);
610 } else {
611 cli_set_case_sensitive(c, False);
612 }
613 } else if (!is_ipc) {
614 DEBUG(4, ("Case sensitive: %s\n",
615 (fs_attrs & FILE_CASE_SENSITIVE_SEARCH
616 ? "True"
617 : "False")));
618 smbXcli_tcon_set_fs_attributes(tcon, fs_attrs);
619 }
620
621 if (context->internal->smb_encryption_level) {
622 /* Attempt encryption. */
623 status = cli_cm_force_encryption_creds(c,
624 creds,
625 share);
626 if (!NT_STATUS_IS_OK(status)) {
627
628 /*
629 * context->smb_encryption_level == 1
630 * means don't fail if encryption can't be negotiated,
631 * == 2 means fail if encryption can't be negotiated.
632 */
633
634 DEBUG(4,(" SMB encrypt failed\n"));
635
636 if (context->internal->smb_encryption_level == 2) {
637 cli_shutdown(c);
638 errno = EPERM;
639 return NULL;
640 }
641 }
642 DEBUG(4,(" SMB encrypt ok\n"));
643 }
644
645 /*
646 * Ok, we have got a nice connection
647 * Let's allocate a server structure.
648 */
649
650 srv = SMB_MALLOC_P(SMBCSRV);
651 if (!srv) {
652 cli_shutdown(c);
653 errno = ENOMEM;
654 return NULL;
655 }
656
657 ZERO_STRUCTP(srv);
658 DLIST_ADD(srv->cli, c);
659 srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
660 srv->no_pathinfo = False;
661 srv->no_pathinfo2 = False;
662 srv->no_pathinfo3 = False;
663 srv->no_nt_session = False;
664
665 done:
666 if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) {
667 workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
668 } else {
669 workgroup = *pp_workgroup;
670 }
671 if(!workgroup) {
672 if (c != NULL) {
673 cli_shutdown(c);
674 }
675 SAFE_FREE(srv);
676 return NULL;
677 }
678
679 /* set the credentials to make DFS work */
680 smbc_set_credentials_with_fallback(context,
681 workgroup,
682 *pp_username,
683 *pp_password);
684
685 return srv;
686 }
687
688 SMBCSRV *
SMBC_server(TALLOC_CTX * ctx,SMBCCTX * context,bool connect_if_not_found,const char * server,uint16_t port,const char * share,char ** pp_workgroup,char ** pp_username,char ** pp_password)689 SMBC_server(TALLOC_CTX *ctx,
690 SMBCCTX *context,
691 bool connect_if_not_found,
692 const char *server,
693 uint16_t port,
694 const char *share,
695 char **pp_workgroup,
696 char **pp_username,
697 char **pp_password)
698 {
699 SMBCSRV *srv=NULL;
700 bool in_cache = false;
701
702 srv = SMBC_server_internal(ctx, context, connect_if_not_found,
703 server, port, share, pp_workgroup,
704 pp_username, pp_password, &in_cache);
705
706 if (!srv) {
707 return NULL;
708 }
709 if (in_cache) {
710 return srv;
711 }
712
713 /* Now add it to the cache (internal or external) */
714 /* Let the cache function set errno if it wants to */
715 errno = 0;
716 if (smbc_getFunctionAddCachedServer(context)(context, srv,
717 server, share,
718 *pp_workgroup,
719 *pp_username)) {
720 int saved_errno = errno;
721 DEBUG(3, (" Failed to add server to cache\n"));
722 errno = saved_errno;
723 if (errno == 0) {
724 errno = ENOMEM;
725 }
726 SAFE_FREE(srv);
727 return NULL;
728 }
729
730 DEBUG(2, ("Server connect ok: //%s/%s: %p\n",
731 server, share, srv));
732
733 DLIST_ADD(context->internal->servers, srv);
734 return srv;
735 }
736
737 /*
738 * Connect to a server for getting/setting attributes, possibly on an existing
739 * connection. This works similarly to SMBC_server().
740 */
741 SMBCSRV *
SMBC_attr_server(TALLOC_CTX * ctx,SMBCCTX * context,const char * server,uint16_t port,const char * share,char ** pp_workgroup,char ** pp_username,char ** pp_password)742 SMBC_attr_server(TALLOC_CTX *ctx,
743 SMBCCTX *context,
744 const char *server,
745 uint16_t port,
746 const char *share,
747 char **pp_workgroup,
748 char **pp_username,
749 char **pp_password)
750 {
751 int flags;
752 struct cli_state *ipc_cli = NULL;
753 struct rpc_pipe_client *pipe_hnd = NULL;
754 NTSTATUS nt_status;
755 SMBCSRV *srv=NULL;
756 SMBCSRV *ipc_srv=NULL;
757
758 /*
759 * Use srv->cli->desthost and srv->cli->share instead of
760 * server and share below to connect to the actual share,
761 * i.e., a normal share or a referred share from
762 * 'msdfs proxy' share.
763 */
764 srv = SMBC_server(ctx, context, true, server, port, share,
765 pp_workgroup, pp_username, pp_password);
766 if (!srv) {
767 return NULL;
768 }
769 server = smbXcli_conn_remote_name(srv->cli->conn);
770 share = srv->cli->share;
771
772 /*
773 * See if we've already created this special connection. Reference
774 * our "special" share name '*IPC$', which is an impossible real share
775 * name due to the leading asterisk.
776 */
777 ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
778 pp_workgroup, pp_username, pp_password);
779 if (!ipc_srv) {
780 int signing_state = SMB_SIGNING_DEFAULT;
781
782 /* We didn't find a cached connection. Get the password */
783 if (!*pp_password || (*pp_password)[0] == '\0') {
784 /* ... then retrieve it now. */
785 SMBC_call_auth_fn(ctx, context, server, share,
786 pp_workgroup,
787 pp_username,
788 pp_password);
789 if (!*pp_workgroup || !*pp_username || !*pp_password) {
790 errno = ENOMEM;
791 return NULL;
792 }
793 }
794
795 flags = 0;
796 if (smbc_getOptionUseKerberos(context)) {
797 flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
798 }
799 if (smbc_getOptionUseCCache(context)) {
800 flags |= CLI_FULL_CONNECTION_USE_CCACHE;
801 }
802 if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
803 signing_state = SMB_SIGNING_REQUIRED;
804 }
805
806 nt_status = cli_full_connection(&ipc_cli,
807 lp_netbios_name(), server,
808 NULL, 0, "IPC$", "?????",
809 *pp_username,
810 *pp_workgroup,
811 *pp_password,
812 flags,
813 signing_state);
814 if (! NT_STATUS_IS_OK(nt_status)) {
815 DEBUG(1,("cli_full_connection failed! (%s)\n",
816 nt_errstr(nt_status)));
817 errno = ENOTSUP;
818 return NULL;
819 }
820
821 if (context->internal->smb_encryption_level) {
822 /* Attempt encryption. */
823 nt_status = cli_cm_force_encryption(ipc_cli,
824 *pp_username,
825 *pp_password,
826 *pp_workgroup,
827 "IPC$");
828 if (!NT_STATUS_IS_OK(nt_status)) {
829
830 /*
831 * context->smb_encryption_level ==
832 * 1 means don't fail if encryption can't be
833 * negotiated, == 2 means fail if encryption
834 * can't be negotiated.
835 */
836
837 DEBUG(4,(" SMB encrypt failed on IPC$\n"));
838
839 if (context->internal->smb_encryption_level == 2) {
840 cli_shutdown(ipc_cli);
841 errno = EPERM;
842 return NULL;
843 }
844 }
845 DEBUG(4,(" SMB encrypt ok on IPC$\n"));
846 }
847
848 ipc_srv = SMB_MALLOC_P(SMBCSRV);
849 if (!ipc_srv) {
850 errno = ENOMEM;
851 cli_shutdown(ipc_cli);
852 return NULL;
853 }
854
855 ZERO_STRUCTP(ipc_srv);
856 DLIST_ADD(ipc_srv->cli, ipc_cli);
857
858 nt_status = cli_rpc_pipe_open_noauth(
859 ipc_srv->cli, &ndr_table_lsarpc, &pipe_hnd);
860 if (!NT_STATUS_IS_OK(nt_status)) {
861 DEBUG(1, ("cli_nt_session_open fail!\n"));
862 errno = ENOTSUP;
863 cli_shutdown(ipc_srv->cli);
864 free(ipc_srv);
865 return NULL;
866 }
867
868 /*
869 * Some systems don't support
870 * SEC_FLAG_MAXIMUM_ALLOWED, but NT sends 0x2000000
871 * so we might as well do it too.
872 */
873
874 nt_status = rpccli_lsa_open_policy(
875 pipe_hnd,
876 talloc_tos(),
877 True,
878 GENERIC_EXECUTE_ACCESS,
879 &ipc_srv->pol);
880
881 if (!NT_STATUS_IS_OK(nt_status)) {
882 errno = SMBC_errno(context, ipc_srv->cli);
883 cli_shutdown(ipc_srv->cli);
884 free(ipc_srv);
885 return NULL;
886 }
887
888 /* now add it to the cache (internal or external) */
889
890 errno = 0; /* let cache function set errno if it likes */
891 if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv,
892 server,
893 "*IPC$",
894 *pp_workgroup,
895 *pp_username)) {
896 DEBUG(3, (" Failed to add server to cache\n"));
897 if (errno == 0) {
898 errno = ENOMEM;
899 }
900 cli_shutdown(ipc_srv->cli);
901 free(ipc_srv);
902 return NULL;
903 }
904
905 DLIST_ADD(context->internal->servers, ipc_srv);
906 }
907
908 return ipc_srv;
909 }
910