LCOV - code coverage report
Current view: top level - source3/libsmb - cliconnect.c (source / functions) Hit Total Coverage
Test: coverage report for v4-17-test 1498b464 Lines: 1010 1790 56.4 %
Date: 2024-06-13 04:01:37 Functions: 70 98 71.4 %

          Line data    Source code
       1             : /* 
       2             :    Unix SMB/CIFS implementation.
       3             :    client connect/disconnect routines
       4             :    Copyright (C) Andrew Tridgell 1994-1998
       5             :    Copyright (C) Andrew Bartlett 2001-2003
       6             :    Copyright (C) Volker Lendecke 2011
       7             :    Copyright (C) Jeremy Allison 2011
       8             : 
       9             :    This program is free software; you can redistribute it and/or modify
      10             :    it under the terms of the GNU General Public License as published by
      11             :    the Free Software Foundation; either version 3 of the License, or
      12             :    (at your option) any later version.
      13             : 
      14             :    This program is distributed in the hope that it will be useful,
      15             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      17             :    GNU General Public License for more details.
      18             : 
      19             :    You should have received a copy of the GNU General Public License
      20             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      21             : */
      22             : 
      23             : #include "includes.h"
      24             : #include "libsmb/libsmb.h"
      25             : #include "libsmb/namequery.h"
      26             : #include "../libcli/auth/libcli_auth.h"
      27             : #include "../libcli/auth/spnego.h"
      28             : #include "smb_krb5.h"
      29             : #include "auth/credentials/credentials.h"
      30             : #include "auth/gensec/gensec.h"
      31             : #include "auth/ntlmssp/ntlmssp.h"
      32             : #include "auth_generic.h"
      33             : #include "libads/kerberos_proto.h"
      34             : #include "krb5_env.h"
      35             : #include "../lib/util/tevent_ntstatus.h"
      36             : #include "async_smb.h"
      37             : #include "libsmb/nmblib.h"
      38             : #include "librpc/ndr/libndr.h"
      39             : #include "../libcli/smb/smbXcli_base.h"
      40             : #include "../libcli/smb/smb_seal.h"
      41             : #include "lib/param/param.h"
      42             : #include "../libcli/smb/smb2_negotiate_context.h"
      43             : 
      44             : #define STAR_SMBSERVER "*SMBSERVER"
      45             : 
      46             : static char *cli_session_setup_get_account(TALLOC_CTX *mem_ctx,
      47             :                                            const char *principal);
      48             : 
      49          87 : struct cli_credentials *cli_session_creds_init(TALLOC_CTX *mem_ctx,
      50             :                                                const char *username,
      51             :                                                const char *domain,
      52             :                                                const char *realm,
      53             :                                                const char *password,
      54             :                                                bool use_kerberos,
      55             :                                                bool fallback_after_kerberos,
      56             :                                                bool use_ccache,
      57             :                                                bool password_is_nt_hash)
      58             : {
      59          87 :         struct loadparm_context *lp_ctx = NULL;
      60          87 :         struct cli_credentials *creds = NULL;
      61          87 :         const char *principal = NULL;
      62          87 :         char *tmp = NULL;
      63          87 :         char *p = NULL;
      64             :         bool ok;
      65             : 
      66          87 :         creds = cli_credentials_init(mem_ctx);
      67          87 :         if (creds == NULL) {
      68           0 :                 return NULL;
      69             :         }
      70             : 
      71          87 :         lp_ctx = loadparm_init_s3(creds, loadparm_s3_helpers());
      72          87 :         if (lp_ctx == NULL) {
      73           0 :                 goto fail;
      74             :         }
      75          87 :         ok = cli_credentials_set_conf(creds, lp_ctx);
      76          87 :         if (!ok) {
      77           0 :                 goto fail;
      78             :         }
      79             : 
      80          87 :         if (username == NULL) {
      81           0 :                 username = "";
      82             :         }
      83             : 
      84          87 :         if (strlen(username) == 0) {
      85           3 :                 if (password != NULL && strlen(password) == 0) {
      86             :                         /*
      87             :                          * some callers pass "" as no password
      88             :                          *
      89             :                          * gensec only handles NULL as no password.
      90             :                          */
      91           2 :                         password = NULL;
      92             :                 }
      93           3 :                 if (password == NULL) {
      94           3 :                         cli_credentials_set_anonymous(creds);
      95           3 :                         return creds;
      96             :                 }
      97             :         }
      98             : 
      99          84 :         tmp = talloc_strdup(creds, username);
     100          84 :         if (tmp == NULL) {
     101           0 :                 goto fail;
     102             :         }
     103          84 :         username = tmp;
     104             : 
     105             :         /* allow for workgroups as part of the username */
     106          97 :         if ((p = strchr_m(tmp, '\\')) ||
     107          95 :             (p = strchr_m(tmp, '/')) ||
     108          82 :             (p = strchr_m(tmp, *lp_winbind_separator()))) {
     109           2 :                 *p = 0;
     110           2 :                 username = p + 1;
     111           2 :                 domain = tmp;
     112             :         }
     113             : 
     114          84 :         principal = username;
     115          84 :         username = cli_session_setup_get_account(creds, principal);
     116          84 :         if (username == NULL) {
     117           0 :                 goto fail;
     118             :         }
     119          84 :         ok = strequal(username, principal);
     120          84 :         if (ok) {
     121             :                 /*
     122             :                  * Ok still the same, so it's not a principal
     123             :                  */
     124          84 :                 principal = NULL;
     125             :         }
     126             : 
     127          84 :         if (use_kerberos && fallback_after_kerberos) {
     128          16 :                 cli_credentials_set_kerberos_state(creds,
     129             :                                                    CRED_USE_KERBEROS_DESIRED,
     130             :                                                    CRED_SPECIFIED);
     131          68 :         } else if (use_kerberos) {
     132           0 :                 cli_credentials_set_kerberos_state(creds,
     133             :                                                    CRED_USE_KERBEROS_REQUIRED,
     134             :                                                    CRED_SPECIFIED);
     135             :         } else {
     136          68 :                 cli_credentials_set_kerberos_state(creds,
     137             :                                                    CRED_USE_KERBEROS_DISABLED,
     138             :                                                    CRED_SPECIFIED);
     139             :         }
     140             : 
     141          84 :         if (use_ccache) {
     142             :                 uint32_t features;
     143             : 
     144           0 :                 features = cli_credentials_get_gensec_features(creds);
     145           0 :                 features |= GENSEC_FEATURE_NTLM_CCACHE;
     146           0 :                 cli_credentials_set_gensec_features(creds,
     147             :                                                     features,
     148             :                                                     CRED_SPECIFIED);
     149             : 
     150           0 :                 if (password != NULL && strlen(password) == 0) {
     151             :                         /*
     152             :                          * some callers pass "" as no password
     153             :                          *
     154             :                          * GENSEC_FEATURE_NTLM_CCACHE only handles
     155             :                          * NULL as no password.
     156             :                          */
     157           0 :                         password = NULL;
     158             :                 }
     159             :         }
     160             : 
     161          84 :         ok = cli_credentials_set_username(creds,
     162             :                                           username,
     163             :                                           CRED_SPECIFIED);
     164          84 :         if (!ok) {
     165           0 :                 goto fail;
     166             :         }
     167             : 
     168          84 :         if (domain != NULL) {
     169          83 :                 ok = cli_credentials_set_domain(creds,
     170             :                                                 domain,
     171             :                                                 CRED_SPECIFIED);
     172          83 :                 if (!ok) {
     173           0 :                         goto fail;
     174             :                 }
     175             :         }
     176             : 
     177          84 :         if (principal != NULL) {
     178           0 :                 ok = cli_credentials_set_principal(creds,
     179             :                                                    principal,
     180             :                                                    CRED_SPECIFIED);
     181           0 :                 if (!ok) {
     182           0 :                         goto fail;
     183             :                 }
     184             :         }
     185             : 
     186          84 :         if (realm != NULL) {
     187           0 :                 ok = cli_credentials_set_realm(creds,
     188             :                                                realm,
     189             :                                                CRED_SPECIFIED);
     190           0 :                 if (!ok) {
     191           0 :                         goto fail;
     192             :                 }
     193             :         }
     194             : 
     195          84 :         if (password != NULL && strlen(password) > 0) {
     196          84 :                 if (password_is_nt_hash) {
     197             :                         struct samr_Password nt_hash;
     198             :                         size_t converted;
     199             : 
     200           0 :                         converted = strhex_to_str((char *)nt_hash.hash,
     201             :                                                   sizeof(nt_hash.hash),
     202             :                                                   password,
     203             :                                                   strlen(password));
     204           0 :                         if (converted != sizeof(nt_hash.hash)) {
     205           0 :                                 goto fail;
     206             :                         }
     207             : 
     208           0 :                         ok = cli_credentials_set_nt_hash(creds,
     209             :                                                          &nt_hash,
     210             :                                                          CRED_SPECIFIED);
     211           0 :                         if (!ok) {
     212           0 :                                 goto fail;
     213             :                         }
     214             :                 } else {
     215          84 :                         ok = cli_credentials_set_password(creds,
     216             :                                                           password,
     217             :                                                           CRED_SPECIFIED);
     218          84 :                         if (!ok) {
     219           0 :                                 goto fail;
     220             :                         }
     221             :                 }
     222             :         }
     223             : 
     224          84 :         return creds;
     225           0 : fail:
     226           0 :         TALLOC_FREE(creds);
     227           0 :         return NULL;
     228             : }
     229             : 
     230        2304 : NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
     231             :                                         struct cli_credentials *creds)
     232             : {
     233        2304 :         TALLOC_CTX *frame = talloc_stackframe();
     234        2304 :         const char *user_principal = NULL;
     235        2304 :         const char *user_account = NULL;
     236        2304 :         const char *user_domain = NULL;
     237        2304 :         const char *pass = NULL;
     238        2304 :         char *canon_principal = NULL;
     239        2304 :         char *canon_realm = NULL;
     240        2304 :         const char *target_hostname = NULL;
     241             :         enum credentials_use_kerberos krb5_state;
     242        2304 :         bool try_kerberos = false;
     243        2304 :         bool need_kinit = false;
     244        2304 :         bool auth_requested = true;
     245             :         int ret;
     246             :         bool ok;
     247             : 
     248        2304 :         target_hostname = smbXcli_conn_remote_name(cli->conn);
     249             : 
     250        2304 :         auth_requested = cli_credentials_authentication_requested(creds);
     251        2304 :         if (auth_requested) {
     252        2085 :                 errno = 0;
     253        2085 :                 user_principal = cli_credentials_get_principal(creds, frame);
     254        2085 :                 if (errno != 0) {
     255           0 :                         TALLOC_FREE(frame);
     256           0 :                         return NT_STATUS_NO_MEMORY;
     257             :                 }
     258             :         }
     259        2304 :         user_account = cli_credentials_get_username(creds);
     260        2304 :         user_domain = cli_credentials_get_domain(creds);
     261        2304 :         pass = cli_credentials_get_password(creds);
     262             : 
     263        2304 :         krb5_state = cli_credentials_get_kerberos_state(creds);
     264             : 
     265        2304 :         if (krb5_state != CRED_USE_KERBEROS_DISABLED) {
     266        1998 :                 try_kerberos = true;
     267             :         }
     268             : 
     269        2304 :         if (user_principal == NULL) {
     270         247 :                 try_kerberos = false;
     271             :         }
     272             : 
     273        2304 :         if (target_hostname == NULL) {
     274           0 :                 try_kerberos = false;
     275        2304 :         } else if (is_ipaddress(target_hostname)) {
     276         389 :                 try_kerberos = false;
     277        1915 :         } else if (strequal(target_hostname, "localhost")) {
     278           0 :                 try_kerberos = false;
     279        1915 :         } else if (strequal(target_hostname, STAR_SMBSERVER)) {
     280           0 :                 try_kerberos = false;
     281        1915 :         } else if (!auth_requested) {
     282         208 :                 try_kerberos = false;
     283             :         }
     284             : 
     285        2304 :         if (krb5_state == CRED_USE_KERBEROS_REQUIRED && !try_kerberos) {
     286           0 :                 DEBUG(0, ("Kerberos auth with '%s' (%s\\%s) to access "
     287             :                           "'%s' not possible\n",
     288             :                           user_principal, user_domain, user_account,
     289             :                           target_hostname));
     290           0 :                 TALLOC_FREE(frame);
     291           0 :                 return NT_STATUS_ACCESS_DENIED;
     292             :         }
     293             : 
     294        2304 :         if (pass == NULL || strlen(pass) == 0) {
     295         364 :                 need_kinit = false;
     296        1940 :         } else if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
     297          77 :                 need_kinit = try_kerberos;
     298             :         } else {
     299        1863 :                 need_kinit = try_kerberos;
     300             :         }
     301             : 
     302        2304 :         if (!need_kinit) {
     303         810 :                 TALLOC_FREE(frame);
     304         810 :                 return NT_STATUS_OK;
     305             :         }
     306             : 
     307        1494 :         DBG_INFO("Doing kinit for %s to access %s\n",
     308             :                  user_principal, target_hostname);
     309             : 
     310             :         /*
     311             :          * TODO: This should be done within the gensec layer
     312             :          * only if required!
     313             :          */
     314        1494 :         setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
     315        1494 :         ret = kerberos_kinit_password_ext(user_principal,
     316             :                                           pass,
     317             :                                           0,
     318             :                                           0,
     319             :                                           0,
     320             :                                           NULL,
     321             :                                           false,
     322             :                                           false,
     323             :                                           0,
     324             :                                           frame,
     325             :                                           &canon_principal,
     326             :                                           &canon_realm,
     327             :                                           NULL);
     328        1494 :         if (ret != 0) {
     329         379 :                 int dbglvl = DBGLVL_NOTICE;
     330             : 
     331         379 :                 if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
     332           4 :                         dbglvl = DBGLVL_ERR;
     333             :                 }
     334             : 
     335         379 :                 DEBUG(dbglvl, ("Kinit for %s to access %s failed: %s\n",
     336             :                                user_principal, target_hostname,
     337             :                                error_message(ret)));
     338         379 :                 if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
     339           4 :                         TALLOC_FREE(frame);
     340           4 :                         return krb5_to_nt_status(ret);
     341             :                 }
     342             : 
     343             :                 /*
     344             :                  * Ignore the error and hope that NTLM will work
     345             :                  */
     346         375 :                 TALLOC_FREE(frame);
     347         375 :                 return NT_STATUS_OK;
     348             :         }
     349             : 
     350        1115 :         ok = cli_credentials_set_principal(creds,
     351             :                                            canon_principal,
     352             :                                            CRED_SPECIFIED);
     353        1115 :         if (!ok) {
     354           0 :                 TALLOC_FREE(frame);
     355           0 :                 return NT_STATUS_NO_MEMORY;
     356             :         }
     357             : 
     358        1115 :         ok = cli_credentials_set_realm(creds,
     359             :                                        canon_realm,
     360             :                                        CRED_SPECIFIED);
     361        1115 :         if (!ok) {
     362           0 :                 TALLOC_FREE(frame);
     363           0 :                 return NT_STATUS_NO_MEMORY;
     364             :         }
     365             : 
     366        1115 :         DBG_DEBUG("Successfully authenticated as %s (%s) to access %s using "
     367             :                   "Kerberos\n",
     368             :                   user_principal,
     369             :                   canon_principal,
     370             :                   target_hostname);
     371             : 
     372        1115 :         TALLOC_FREE(frame);
     373        1115 :         return NT_STATUS_OK;
     374             : }
     375             : 
     376        3193 : static NTSTATUS cli_state_update_after_sesssetup(struct cli_state *cli,
     377             :                                                  const char *native_os,
     378             :                                                  const char *native_lm,
     379             :                                                  const char *primary_domain)
     380             : {
     381             : #define _VALID_STR(p) ((p) != NULL && (p)[0] != '\0')
     382             : 
     383        3193 :         if (!_VALID_STR(cli->server_os) && _VALID_STR(native_os)) {
     384          88 :                 cli->server_os = talloc_strdup(cli, native_os);
     385          88 :                 if (cli->server_os == NULL) {
     386           0 :                         return NT_STATUS_NO_MEMORY;
     387             :                 }
     388             :         }
     389             : 
     390        3193 :         if (!_VALID_STR(cli->server_type) && _VALID_STR(native_lm)) {
     391          88 :                 cli->server_type = talloc_strdup(cli, native_lm);
     392          88 :                 if (cli->server_type == NULL) {
     393           0 :                         return NT_STATUS_NO_MEMORY;
     394             :                 }
     395             :         }
     396             : 
     397        3193 :         if (!_VALID_STR(cli->server_domain) && _VALID_STR(primary_domain)) {
     398           7 :                 cli->server_domain = talloc_strdup(cli, primary_domain);
     399           7 :                 if (cli->server_domain == NULL) {
     400           0 :                         return NT_STATUS_NO_MEMORY;
     401             :                 }
     402             :         }
     403             : 
     404             : #undef _VALID_STRING
     405        3193 :         return NT_STATUS_OK;
     406             : }
     407             : 
     408             : /********************************************************
     409             :  Utility function to ensure we always return at least
     410             :  a valid char * pointer to an empty string for the
     411             :  cli->server_os, cli->server_type and cli->server_domain
     412             :  strings.
     413             : *******************************************************/
     414             : 
     415           3 : static NTSTATUS smb_bytes_talloc_string(TALLOC_CTX *mem_ctx,
     416             :                                         const uint8_t *hdr,
     417             :                                         char **dest,
     418             :                                         uint8_t *src,
     419             :                                         size_t srclen,
     420             :                                         ssize_t *destlen)
     421             : {
     422           3 :         *destlen = pull_string_talloc(mem_ctx,
     423             :                                       (const char *)hdr,
     424           3 :                                       SVAL(hdr, HDR_FLG2),
     425             :                                       dest,
     426             :                                       (char *)src,
     427             :                                       srclen,
     428             :                                       STR_TERMINATE);
     429           3 :         if (*destlen == -1) {
     430           0 :                 return NT_STATUS_NO_MEMORY;
     431             :         }
     432             : 
     433           3 :         if (*dest == NULL) {
     434           0 :                 *dest = talloc_strdup(mem_ctx, "");
     435           0 :                 if (*dest == NULL) {
     436           0 :                         return NT_STATUS_NO_MEMORY;
     437             :                 }
     438             :         }
     439           3 :         return NT_STATUS_OK;
     440             : }
     441             : 
     442             : /****************************************************************************
     443             :  Work out suitable capabilities to offer the server.
     444             : ****************************************************************************/
     445             : 
     446         180 : static uint32_t cli_session_setup_capabilities(struct cli_state *cli,
     447             :                                                uint32_t sesssetup_capabilities)
     448             : {
     449         180 :         uint32_t client_capabilities = smb1cli_conn_capabilities(cli->conn);
     450             : 
     451             :         /*
     452             :          * We only send capabilities based on the mask for:
     453             :          * - client only flags
     454             :          * - flags used in both directions
     455             :          *
     456             :          * We do not echo the server only flags, except some legacy flags.
     457             :          *
     458             :          * SMB_CAP_LEGACY_CLIENT_MASK contains CAP_LARGE_READX and
     459             :          * CAP_LARGE_WRITEX in order to allow us to do large reads
     460             :          * against old Samba releases (<= 3.6.x).
     461             :          */
     462         180 :         client_capabilities &= (SMB_CAP_BOTH_MASK | SMB_CAP_LEGACY_CLIENT_MASK);
     463             : 
     464             :         /*
     465             :          * Session Setup specific flags CAP_DYNAMIC_REAUTH
     466             :          * and CAP_EXTENDED_SECURITY are passed by the caller.
     467             :          * We need that in order to do guest logins even if
     468             :          * CAP_EXTENDED_SECURITY is negotiated.
     469             :          */
     470         180 :         client_capabilities &= ~(CAP_DYNAMIC_REAUTH|CAP_EXTENDED_SECURITY);
     471         180 :         sesssetup_capabilities &= (CAP_DYNAMIC_REAUTH|CAP_EXTENDED_SECURITY);
     472         180 :         client_capabilities |= sesssetup_capabilities;
     473             : 
     474         180 :         return client_capabilities;
     475             : }
     476             : 
     477             : /****************************************************************************
     478             :  Do a NT1 guest session setup.
     479             : ****************************************************************************/
     480             : 
     481             : struct cli_session_setup_guest_state {
     482             :         struct cli_state *cli;
     483             :         uint16_t vwv[13];
     484             :         struct iovec bytes;
     485             : };
     486             : 
     487             : static void cli_session_setup_guest_done(struct tevent_req *subreq);
     488             : 
     489           1 : struct tevent_req *cli_session_setup_guest_create(TALLOC_CTX *mem_ctx,
     490             :                                                   struct tevent_context *ev,
     491             :                                                   struct cli_state *cli,
     492             :                                                   struct tevent_req **psmbreq)
     493             : {
     494             :         struct tevent_req *req, *subreq;
     495             :         struct cli_session_setup_guest_state *state;
     496             :         uint16_t *vwv;
     497             :         uint8_t *bytes;
     498             : 
     499           1 :         req = tevent_req_create(mem_ctx, &state,
     500             :                                 struct cli_session_setup_guest_state);
     501           1 :         if (req == NULL) {
     502           0 :                 return NULL;
     503             :         }
     504           1 :         state->cli = cli;
     505           1 :         vwv = state->vwv;
     506             : 
     507           1 :         SCVAL(vwv+0, 0, 0xFF);
     508           1 :         SCVAL(vwv+0, 1, 0);
     509           1 :         SSVAL(vwv+1, 0, 0);
     510           1 :         SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
     511           1 :         SSVAL(vwv+3, 0, 2);
     512           1 :         SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
     513           1 :         SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
     514           1 :         SSVAL(vwv+7, 0, 0);
     515           1 :         SSVAL(vwv+8, 0, 0);
     516           1 :         SSVAL(vwv+9, 0, 0);
     517           1 :         SSVAL(vwv+10, 0, 0);
     518           1 :         SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
     519             : 
     520           1 :         bytes = talloc_array(state, uint8_t, 0);
     521             : 
     522           1 :         bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "",  1, /* username */
     523             :                                    NULL);
     524           1 :         bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "", 1, /* workgroup */
     525             :                                    NULL);
     526           1 :         bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Unix", 5, NULL);
     527           1 :         bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Samba", 6, NULL);
     528             : 
     529           1 :         if (bytes == NULL) {
     530           0 :                 TALLOC_FREE(req);
     531           0 :                 return NULL;
     532             :         }
     533             : 
     534           1 :         state->bytes.iov_base = (void *)bytes;
     535           1 :         state->bytes.iov_len = talloc_get_size(bytes);
     536             : 
     537           1 :         subreq = cli_smb_req_create(state, ev, cli, SMBsesssetupX, 0, 0, 13,
     538           1 :                         vwv, 1, &state->bytes);
     539           1 :         if (subreq == NULL) {
     540           0 :                 TALLOC_FREE(req);
     541           0 :                 return NULL;
     542             :         }
     543           1 :         tevent_req_set_callback(subreq, cli_session_setup_guest_done, req);
     544           1 :         *psmbreq = subreq;
     545           1 :         return req;
     546             : }
     547             : 
     548           0 : struct tevent_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
     549             :                                                 struct tevent_context *ev,
     550             :                                                 struct cli_state *cli)
     551             : {
     552             :         struct tevent_req *req, *subreq;
     553             :         NTSTATUS status;
     554             : 
     555           0 :         req = cli_session_setup_guest_create(mem_ctx, ev, cli, &subreq);
     556           0 :         if (req == NULL) {
     557           0 :                 return NULL;
     558             :         }
     559             : 
     560           0 :         status = smb1cli_req_chain_submit(&subreq, 1);
     561           0 :         if (!NT_STATUS_IS_OK(status)) {
     562           0 :                 tevent_req_nterror(req, status);
     563           0 :                 return tevent_req_post(req, ev);
     564             :         }
     565           0 :         return req;
     566             : }
     567             : 
     568           1 : static void cli_session_setup_guest_done(struct tevent_req *subreq)
     569             : {
     570           1 :         struct tevent_req *req = tevent_req_callback_data(
     571             :                 subreq, struct tevent_req);
     572           1 :         struct cli_session_setup_guest_state *state = tevent_req_data(
     573             :                 req, struct cli_session_setup_guest_state);
     574           1 :         struct cli_state *cli = state->cli;
     575             :         uint32_t num_bytes;
     576             :         uint8_t *in;
     577             :         uint8_t *inhdr;
     578             :         uint8_t *bytes;
     579             :         uint8_t *p;
     580             :         NTSTATUS status;
     581             :         ssize_t ret;
     582             :         uint8_t wct;
     583             :         uint16_t *vwv;
     584             : 
     585           1 :         status = cli_smb_recv(subreq, state, &in, 3, &wct, &vwv,
     586             :                               &num_bytes, &bytes);
     587           1 :         TALLOC_FREE(subreq);
     588           1 :         if (!NT_STATUS_IS_OK(status)) {
     589           0 :                 tevent_req_nterror(req, status);
     590           0 :                 return;
     591             :         }
     592             : 
     593           1 :         inhdr = in + NBT_HDR_SIZE;
     594           1 :         p = bytes;
     595             : 
     596           1 :         cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
     597           1 :         smb1cli_session_set_action(cli->smb1.session, SVAL(vwv+2, 0));
     598             : 
     599           1 :         status = smb_bytes_talloc_string(cli,
     600             :                                         inhdr,
     601             :                                         &cli->server_os,
     602             :                                         p,
     603           1 :                                         bytes+num_bytes-p,
     604             :                                         &ret);
     605             : 
     606           1 :         if (!NT_STATUS_IS_OK(status)) {
     607           0 :                 tevent_req_nterror(req, status);
     608           0 :                 return;
     609             :         }
     610           1 :         p += ret;
     611             : 
     612           1 :         status = smb_bytes_talloc_string(cli,
     613             :                                         inhdr,
     614             :                                         &cli->server_type,
     615             :                                         p,
     616           1 :                                         bytes+num_bytes-p,
     617             :                                         &ret);
     618             : 
     619           1 :         if (!NT_STATUS_IS_OK(status)) {
     620           0 :                 tevent_req_nterror(req, status);
     621           0 :                 return;
     622             :         }
     623           1 :         p += ret;
     624             : 
     625           1 :         status = smb_bytes_talloc_string(cli,
     626             :                                         inhdr,
     627             :                                         &cli->server_domain,
     628             :                                         p,
     629           1 :                                         bytes+num_bytes-p,
     630             :                                         &ret);
     631             : 
     632           1 :         if (!NT_STATUS_IS_OK(status)) {
     633           0 :                 tevent_req_nterror(req, status);
     634           0 :                 return;
     635             :         }
     636             : 
     637           1 :         tevent_req_done(req);
     638             : }
     639             : 
     640           1 : NTSTATUS cli_session_setup_guest_recv(struct tevent_req *req)
     641             : {
     642           1 :         return tevent_req_simple_recv_ntstatus(req);
     643             : }
     644             : 
     645             : /* The following is calculated from :
     646             :  * (smb_size-4) = 35
     647             :  * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
     648             :  * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
     649             :  * end of packet.
     650             :  */
     651             : 
     652             : #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
     653             : 
     654             : struct cli_sesssetup_blob_state {
     655             :         struct tevent_context *ev;
     656             :         struct cli_state *cli;
     657             :         DATA_BLOB blob;
     658             :         uint16_t max_blob_size;
     659             : 
     660             :         DATA_BLOB this_blob;
     661             :         struct iovec *recv_iov;
     662             : 
     663             :         NTSTATUS status;
     664             :         const uint8_t *inbuf;
     665             :         DATA_BLOB ret_blob;
     666             : 
     667             :         char *out_native_os;
     668             :         char *out_native_lm;
     669             : };
     670             : 
     671             : static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
     672             :                                     struct tevent_req **psubreq);
     673             : static void cli_sesssetup_blob_done(struct tevent_req *subreq);
     674             : 
     675        3334 : static struct tevent_req *cli_sesssetup_blob_send(TALLOC_CTX *mem_ctx,
     676             :                                                   struct tevent_context *ev,
     677             :                                                   struct cli_state *cli,
     678             :                                                   DATA_BLOB blob)
     679             : {
     680             :         struct tevent_req *req, *subreq;
     681             :         struct cli_sesssetup_blob_state *state;
     682             :         uint32_t usable_space;
     683             : 
     684        3334 :         req = tevent_req_create(mem_ctx, &state,
     685             :                                 struct cli_sesssetup_blob_state);
     686        3334 :         if (req == NULL) {
     687           0 :                 return NULL;
     688             :         }
     689        3334 :         state->ev = ev;
     690        3334 :         state->blob = blob;
     691        3334 :         state->cli = cli;
     692             : 
     693        3334 :         if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
     694        3167 :                 usable_space = UINT16_MAX;
     695             :         } else {
     696         167 :                 usable_space = cli_state_available_size(cli,
     697             :                                 BASE_SESSSETUP_BLOB_PACKET_SIZE);
     698             :         }
     699             : 
     700        3334 :         if (usable_space == 0) {
     701           0 :                 DEBUG(1, ("cli_session_setup_blob: cli->max_xmit too small "
     702             :                           "(not possible to send %u bytes)\n",
     703             :                           BASE_SESSSETUP_BLOB_PACKET_SIZE + 1));
     704           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
     705           0 :                 return tevent_req_post(req, ev);
     706             :         }
     707        3334 :         state->max_blob_size = MIN(usable_space, 0xFFFF);
     708             : 
     709        3334 :         if (!cli_sesssetup_blob_next(state, &subreq)) {
     710           0 :                 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
     711           0 :                 return tevent_req_post(req, ev);
     712             :         }
     713        3334 :         tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
     714        3334 :         return req;
     715             : }
     716             : 
     717        3334 : static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
     718             :                                     struct tevent_req **psubreq)
     719             : {
     720             :         struct tevent_req *subreq;
     721             :         uint16_t thistime;
     722             : 
     723        3334 :         thistime = MIN(state->blob.length, state->max_blob_size);
     724             : 
     725        3334 :         state->this_blob.data = state->blob.data;
     726        3334 :         state->this_blob.length = thistime;
     727             : 
     728        3334 :         state->blob.data += thistime;
     729        3334 :         state->blob.length -= thistime;
     730             : 
     731        3334 :         if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
     732        7191 :                 subreq = smb2cli_session_setup_send(state, state->ev,
     733        3167 :                                                     state->cli->conn,
     734        3167 :                                                     state->cli->timeout,
     735        3167 :                                                     state->cli->smb2.session,
     736             :                                                     0, /* in_flags */
     737             :                                                     SMB2_CAP_DFS, /* in_capabilities */
     738             :                                                     0, /* in_channel */
     739             :                                                     0, /* in_previous_session_id */
     740        3167 :                                                     &state->this_blob);
     741        3167 :                 if (subreq == NULL) {
     742           0 :                         return false;
     743             :                 }
     744             :         } else {
     745         167 :                 uint16_t in_buf_size = 0;
     746         167 :                 uint16_t in_mpx_max = 0;
     747         167 :                 uint16_t in_vc_num = 0;
     748         167 :                 uint32_t in_sess_key = 0;
     749         167 :                 uint32_t in_capabilities = 0;
     750         167 :                 const char *in_native_os = NULL;
     751         167 :                 const char *in_native_lm = NULL;
     752             : 
     753         167 :                 in_buf_size = CLI_BUFFER_SIZE;
     754         167 :                 in_mpx_max = smbXcli_conn_max_requests(state->cli->conn);
     755         167 :                 in_vc_num = cli_state_get_vc_num(state->cli);
     756         167 :                 in_sess_key = smb1cli_conn_server_session_key(state->cli->conn);
     757         167 :                 in_capabilities = cli_session_setup_capabilities(state->cli,
     758             :                                                                 CAP_EXTENDED_SECURITY);
     759         167 :                 in_native_os = "Unix";
     760         167 :                 in_native_lm = "Samba";
     761             : 
     762             :                 /*
     763             :                  * For now we keep the same values as before,
     764             :                  * we may remove these in a separate commit later.
     765             :                  */
     766         167 :                 in_mpx_max = 2;
     767         167 :                 in_vc_num = 1;
     768         167 :                 in_sess_key = 0;
     769             : 
     770         759 :                 subreq = smb1cli_session_setup_ext_send(state, state->ev,
     771         167 :                                                         state->cli->conn,
     772         167 :                                                         state->cli->timeout,
     773         167 :                                                         state->cli->smb1.pid,
     774         167 :                                                         state->cli->smb1.session,
     775             :                                                         in_buf_size,
     776             :                                                         in_mpx_max,
     777             :                                                         in_vc_num,
     778             :                                                         in_sess_key,
     779             :                                                         state->this_blob,
     780             :                                                         in_capabilities,
     781             :                                                         in_native_os,
     782             :                                                         in_native_lm);
     783         167 :                 if (subreq == NULL) {
     784           0 :                         return false;
     785             :                 }
     786             :         }
     787        3334 :         *psubreq = subreq;
     788        3334 :         return true;
     789             : }
     790             : 
     791        3334 : static void cli_sesssetup_blob_done(struct tevent_req *subreq)
     792             : {
     793        3334 :         struct tevent_req *req = tevent_req_callback_data(
     794             :                 subreq, struct tevent_req);
     795        3334 :         struct cli_sesssetup_blob_state *state = tevent_req_data(
     796             :                 req, struct cli_sesssetup_blob_state);
     797             :         NTSTATUS status;
     798             : 
     799        3334 :         if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
     800        3167 :                 status = smb2cli_session_setup_recv(subreq, state,
     801             :                                                     &state->recv_iov,
     802             :                                                     &state->ret_blob);
     803             :         } else {
     804         167 :                 status = smb1cli_session_setup_ext_recv(subreq, state,
     805             :                                                         &state->recv_iov,
     806             :                                                         &state->inbuf,
     807             :                                                         &state->ret_blob,
     808             :                                                         &state->out_native_os,
     809             :                                                         &state->out_native_lm);
     810             :         }
     811        3334 :         TALLOC_FREE(subreq);
     812        3334 :         if (!NT_STATUS_IS_OK(status)
     813        1186 :             && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
     814         148 :                 tevent_req_nterror(req, status);
     815         148 :                 return;
     816             :         }
     817             : 
     818        3186 :         state->status = status;
     819             : 
     820        3186 :         status = cli_state_update_after_sesssetup(state->cli,
     821        3186 :                                                   state->out_native_os,
     822        3186 :                                                   state->out_native_lm,
     823             :                                                   NULL);
     824        3186 :         if (tevent_req_nterror(req, status)) {
     825           0 :                 return;
     826             :         }
     827             : 
     828        3186 :         if (state->blob.length != 0) {
     829             :                 /*
     830             :                  * More to send
     831             :                  */
     832           0 :                 if (!cli_sesssetup_blob_next(state, &subreq)) {
     833           0 :                         tevent_req_oom(req);
     834           0 :                         return;
     835             :                 }
     836           0 :                 tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
     837           0 :                 return;
     838             :         }
     839        3186 :         tevent_req_done(req);
     840             : }
     841             : 
     842        3334 : static NTSTATUS cli_sesssetup_blob_recv(struct tevent_req *req,
     843             :                                         TALLOC_CTX *mem_ctx,
     844             :                                         DATA_BLOB *pblob,
     845             :                                         const uint8_t **pinbuf,
     846             :                                         struct iovec **precv_iov)
     847             : {
     848        3334 :         struct cli_sesssetup_blob_state *state = tevent_req_data(
     849             :                 req, struct cli_sesssetup_blob_state);
     850             :         NTSTATUS status;
     851             :         struct iovec *recv_iov;
     852             : 
     853        3334 :         if (tevent_req_is_nterror(req, &status)) {
     854         148 :                 TALLOC_FREE(state->cli->smb2.session);
     855         148 :                 cli_state_set_uid(state->cli, UID_FIELD_INVALID);
     856         148 :                 tevent_req_received(req);
     857         148 :                 return status;
     858             :         }
     859             : 
     860        3186 :         recv_iov = talloc_move(mem_ctx, &state->recv_iov);
     861        3186 :         if (pblob != NULL) {
     862        3186 :                 *pblob = state->ret_blob;
     863             :         }
     864        3186 :         if (pinbuf != NULL) {
     865        3186 :                 *pinbuf = state->inbuf;
     866             :         }
     867        3186 :         if (precv_iov != NULL) {
     868        3186 :                 *precv_iov = recv_iov;
     869             :         }
     870             :         /* could be NT_STATUS_MORE_PROCESSING_REQUIRED */
     871        3186 :         status = state->status;
     872        3186 :         tevent_req_received(req);
     873        3186 :         return status;
     874             : }
     875             : 
     876             : /****************************************************************************
     877             :  Do a spnego/NTLMSSP encrypted session setup.
     878             : ****************************************************************************/
     879             : 
     880             : struct cli_session_setup_gensec_state {
     881             :         struct tevent_context *ev;
     882             :         struct cli_state *cli;
     883             :         struct auth_generic_state *auth_generic;
     884             :         bool is_anonymous;
     885             :         DATA_BLOB blob_in;
     886             :         const uint8_t *inbuf;
     887             :         struct iovec *recv_iov;
     888             :         DATA_BLOB blob_out;
     889             :         bool local_ready;
     890             :         bool remote_ready;
     891             :         DATA_BLOB session_key;
     892             : };
     893             : 
     894        2300 : static int cli_session_setup_gensec_state_destructor(
     895             :         struct cli_session_setup_gensec_state *state)
     896             : {
     897        2300 :         TALLOC_FREE(state->auth_generic);
     898        2300 :         data_blob_clear_free(&state->session_key);
     899        2300 :         return 0;
     900             : }
     901             : 
     902             : static void cli_session_setup_gensec_local_next(struct tevent_req *req);
     903             : static void cli_session_setup_gensec_local_done(struct tevent_req *subreq);
     904             : static void cli_session_setup_gensec_remote_next(struct tevent_req *req);
     905             : static void cli_session_setup_gensec_remote_done(struct tevent_req *subreq);
     906             : static void cli_session_setup_gensec_ready(struct tevent_req *req);
     907             : 
     908        2300 : static struct tevent_req *cli_session_setup_gensec_send(
     909             :         TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
     910             :         struct cli_credentials *creds,
     911             :         const char *target_service,
     912             :         const char *target_hostname)
     913             : {
     914             :         struct tevent_req *req;
     915             :         struct cli_session_setup_gensec_state *state;
     916             :         NTSTATUS status;
     917        2300 :         const DATA_BLOB *b = NULL;
     918             : 
     919        2300 :         req = tevent_req_create(mem_ctx, &state,
     920             :                                 struct cli_session_setup_gensec_state);
     921        2300 :         if (req == NULL) {
     922           0 :                 return NULL;
     923             :         }
     924        2300 :         state->ev = ev;
     925        2300 :         state->cli = cli;
     926             : 
     927        2300 :         talloc_set_destructor(
     928             :                 state, cli_session_setup_gensec_state_destructor);
     929             : 
     930        2300 :         status = auth_generic_client_prepare(state, &state->auth_generic);
     931        2300 :         if (tevent_req_nterror(req, status)) {
     932           0 :                 return tevent_req_post(req, ev);
     933             :         }
     934             : 
     935        2300 :         status = auth_generic_set_creds(state->auth_generic, creds);
     936        2300 :         if (tevent_req_nterror(req, status)) {
     937           0 :                 return tevent_req_post(req, ev);
     938             :         }
     939             : 
     940        2300 :         gensec_want_feature(state->auth_generic->gensec_security,
     941             :                             GENSEC_FEATURE_SESSION_KEY);
     942             : 
     943        2300 :         if (target_service != NULL) {
     944        2300 :                 status = gensec_set_target_service(
     945        2300 :                                 state->auth_generic->gensec_security,
     946             :                                 target_service);
     947        2300 :                 if (tevent_req_nterror(req, status)) {
     948           0 :                         return tevent_req_post(req, ev);
     949             :                 }
     950             :         }
     951             : 
     952        2300 :         if (target_hostname != NULL) {
     953        2300 :                 status = gensec_set_target_hostname(
     954        2300 :                                 state->auth_generic->gensec_security,
     955             :                                 target_hostname);
     956        2300 :                 if (tevent_req_nterror(req, status)) {
     957           0 :                         return tevent_req_post(req, ev);
     958             :                 }
     959             :         }
     960             : 
     961        2300 :         b = smbXcli_conn_server_gss_blob(cli->conn);
     962        2300 :         if (b != NULL) {
     963        2300 :                 state->blob_in = *b;
     964             :         }
     965             : 
     966        2300 :         state->is_anonymous = cli_credentials_is_anonymous(state->auth_generic->credentials);
     967             : 
     968        2300 :         status = auth_generic_client_start(state->auth_generic,
     969             :                                            GENSEC_OID_SPNEGO);
     970        2300 :         if (tevent_req_nterror(req, status)) {
     971           0 :                 return tevent_req_post(req, ev);
     972             :         }
     973             : 
     974        2300 :         if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
     975        2209 :                 state->cli->smb2.session = smbXcli_session_create(cli,
     976             :                                                                   cli->conn);
     977        2209 :                 if (tevent_req_nomem(state->cli->smb2.session, req)) {
     978           0 :                         return tevent_req_post(req, ev);
     979             :                 }
     980             :         }
     981             : 
     982        2300 :         cli_session_setup_gensec_local_next(req);
     983        2300 :         if (!tevent_req_is_in_progress(req)) {
     984           0 :                 return tevent_req_post(req, ev);
     985             :         }
     986             : 
     987        2300 :         return req;
     988             : }
     989             : 
     990        5480 : static void cli_session_setup_gensec_local_next(struct tevent_req *req)
     991             : {
     992        3639 :         struct cli_session_setup_gensec_state *state =
     993        5480 :                 tevent_req_data(req,
     994             :                 struct cli_session_setup_gensec_state);
     995        5480 :         struct tevent_req *subreq = NULL;
     996             : 
     997        5480 :         if (state->local_ready) {
     998           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
     999           0 :                 return;
    1000             :         }
    1001             : 
    1002        5480 :         subreq = gensec_update_send(state, state->ev,
    1003        5480 :                         state->auth_generic->gensec_security,
    1004             :                         state->blob_in);
    1005        5480 :         if (tevent_req_nomem(subreq, req)) {
    1006           0 :                 return;
    1007             :         }
    1008        5480 :         tevent_req_set_callback(subreq, cli_session_setup_gensec_local_done, req);
    1009             : }
    1010             : 
    1011        5480 : static void cli_session_setup_gensec_local_done(struct tevent_req *subreq)
    1012             : {
    1013        3639 :         struct tevent_req *req =
    1014        5480 :                 tevent_req_callback_data(subreq,
    1015             :                 struct tevent_req);
    1016        3639 :         struct cli_session_setup_gensec_state *state =
    1017        5480 :                 tevent_req_data(req,
    1018             :                 struct cli_session_setup_gensec_state);
    1019             :         NTSTATUS status;
    1020             : 
    1021        5480 :         status = gensec_update_recv(subreq, state, &state->blob_out);
    1022        5480 :         TALLOC_FREE(subreq);
    1023        5480 :         state->blob_in = data_blob_null;
    1024        7642 :         if (!NT_STATUS_IS_OK(status) &&
    1025        3338 :             !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
    1026             :         {
    1027           4 :                 tevent_req_nterror(req, status);
    1028           4 :                 return;
    1029             :         }
    1030             : 
    1031        5476 :         if (NT_STATUS_IS_OK(status)) {
    1032        2142 :                 state->local_ready = true;
    1033             :         }
    1034             : 
    1035        5476 :         if (state->local_ready && state->remote_ready) {
    1036        2142 :                 cli_session_setup_gensec_ready(req);
    1037        2142 :                 return;
    1038             :         }
    1039             : 
    1040        3334 :         cli_session_setup_gensec_remote_next(req);
    1041             : }
    1042             : 
    1043        3334 : static void cli_session_setup_gensec_remote_next(struct tevent_req *req)
    1044             : {
    1045        2160 :         struct cli_session_setup_gensec_state *state =
    1046        3334 :                 tevent_req_data(req,
    1047             :                 struct cli_session_setup_gensec_state);
    1048        3334 :         struct tevent_req *subreq = NULL;
    1049             : 
    1050        3334 :         if (state->remote_ready) {
    1051           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
    1052           0 :                 return;
    1053             :         }
    1054             : 
    1055        3334 :         subreq = cli_sesssetup_blob_send(state, state->ev,
    1056             :                                          state->cli, state->blob_out);
    1057        3334 :         if (tevent_req_nomem(subreq, req)) {
    1058           0 :                 return;
    1059             :         }
    1060        3334 :         tevent_req_set_callback(subreq,
    1061             :                                 cli_session_setup_gensec_remote_done,
    1062             :                                 req);
    1063             : }
    1064             : 
    1065        3334 : static void cli_session_setup_gensec_remote_done(struct tevent_req *subreq)
    1066             : {
    1067        2160 :         struct tevent_req *req =
    1068        3334 :                 tevent_req_callback_data(subreq,
    1069             :                 struct tevent_req);
    1070        2160 :         struct cli_session_setup_gensec_state *state =
    1071        3334 :                 tevent_req_data(req,
    1072             :                 struct cli_session_setup_gensec_state);
    1073             :         NTSTATUS status;
    1074             : 
    1075        3334 :         state->inbuf = NULL;
    1076        3334 :         TALLOC_FREE(state->recv_iov);
    1077             : 
    1078        3334 :         status = cli_sesssetup_blob_recv(subreq, state, &state->blob_in,
    1079             :                                          &state->inbuf, &state->recv_iov);
    1080        3334 :         TALLOC_FREE(subreq);
    1081        3334 :         data_blob_free(&state->blob_out);
    1082        4014 :         if (!NT_STATUS_IS_OK(status) &&
    1083        1186 :             !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
    1084             :         {
    1085         148 :                 tevent_req_nterror(req, status);
    1086         148 :                 return;
    1087             :         }
    1088             : 
    1089        3186 :         if (NT_STATUS_IS_OK(status)) {
    1090        2148 :                 struct smbXcli_session *session = NULL;
    1091        2148 :                 bool is_guest = false;
    1092             : 
    1093        2148 :                 if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
    1094        2071 :                         session = state->cli->smb2.session;
    1095             :                 } else {
    1096          77 :                         session = state->cli->smb1.session;
    1097             :                 }
    1098             : 
    1099        2148 :                 is_guest = smbXcli_session_is_guest(session);
    1100        2148 :                 if (is_guest) {
    1101             :                         /*
    1102             :                          * We can't finish the gensec handshake, we don't
    1103             :                          * have a negotiated session key.
    1104             :                          *
    1105             :                          * So just pretend we are completely done,
    1106             :                          * we need to continue as anonymous from this point,
    1107             :                          * as we can't get a session key.
    1108             :                          *
    1109             :                          * Note that smbXcli_session_is_guest()
    1110             :                          * always returns false if we require signing.
    1111             :                          */
    1112           6 :                         state->blob_in = data_blob_null;
    1113           6 :                         state->local_ready = true;
    1114           6 :                         state->is_anonymous = true;
    1115             :                 }
    1116             : 
    1117        2148 :                 state->remote_ready = true;
    1118             :         }
    1119             : 
    1120        3186 :         if (state->local_ready && state->remote_ready) {
    1121           6 :                 cli_session_setup_gensec_ready(req);
    1122           6 :                 return;
    1123             :         }
    1124             : 
    1125        3180 :         cli_session_setup_gensec_local_next(req);
    1126             : }
    1127             : 
    1128           0 : static void cli_session_dump_keys(TALLOC_CTX *mem_ctx,
    1129             :                                   struct smbXcli_session *session,
    1130             :                                   DATA_BLOB session_key)
    1131             : {
    1132             :         NTSTATUS status;
    1133           0 :         DATA_BLOB sig = data_blob_null;
    1134           0 :         DATA_BLOB app = data_blob_null;
    1135           0 :         DATA_BLOB enc = data_blob_null;
    1136           0 :         DATA_BLOB dec = data_blob_null;
    1137           0 :         uint64_t sid = smb2cli_session_current_id(session);
    1138             : 
    1139           0 :         status = smb2cli_session_signing_key(session, mem_ctx, &sig);
    1140           0 :         if (!NT_STATUS_IS_OK(status)) {
    1141           0 :                 goto out;
    1142             :         }
    1143           0 :         status = smbXcli_session_application_key(session, mem_ctx, &app);
    1144           0 :         if (!NT_STATUS_IS_OK(status)) {
    1145           0 :                 goto out;
    1146             :         }
    1147           0 :         status = smb2cli_session_encryption_key(session, mem_ctx, &enc);
    1148           0 :         if (!NT_STATUS_IS_OK(status)) {
    1149           0 :                 goto out;
    1150             :         }
    1151           0 :         status = smb2cli_session_decryption_key(session, mem_ctx, &dec);
    1152           0 :         if (!NT_STATUS_IS_OK(status)) {
    1153           0 :                 goto out;
    1154             :         }
    1155             : 
    1156           0 :         DEBUG(0, ("debug encryption: dumping generated session keys\n"));
    1157           0 :         DEBUGADD(0, ("Session Id    "));
    1158           0 :         dump_data(0, (uint8_t*)&sid, sizeof(sid));
    1159           0 :         DEBUGADD(0, ("Session Key   "));
    1160           0 :         dump_data(0, session_key.data, session_key.length);
    1161           0 :         DEBUGADD(0, ("Signing Key   "));
    1162           0 :         dump_data(0, sig.data, sig.length);
    1163           0 :         DEBUGADD(0, ("App Key       "));
    1164           0 :         dump_data(0, app.data, app.length);
    1165             : 
    1166             :         /* In client code, ServerIn is the encryption key */
    1167             : 
    1168           0 :         DEBUGADD(0, ("ServerIn Key  "));
    1169           0 :         dump_data(0, enc.data, enc.length);
    1170           0 :         DEBUGADD(0, ("ServerOut Key "));
    1171           0 :         dump_data(0, dec.data, dec.length);
    1172             : 
    1173           0 : out:
    1174           0 :         data_blob_clear_free(&sig);
    1175           0 :         data_blob_clear_free(&app);
    1176           0 :         data_blob_clear_free(&enc);
    1177           0 :         data_blob_clear_free(&dec);
    1178           0 : }
    1179             : 
    1180        2148 : static void cli_session_setup_gensec_ready(struct tevent_req *req)
    1181             : {
    1182        1480 :         struct cli_session_setup_gensec_state *state =
    1183        2148 :                 tevent_req_data(req,
    1184             :                 struct cli_session_setup_gensec_state);
    1185        2148 :         const char *server_domain = NULL;
    1186             :         NTSTATUS status;
    1187             : 
    1188        2148 :         if (state->blob_in.length != 0) {
    1189           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
    1190           0 :                 return;
    1191             :         }
    1192             : 
    1193        2148 :         if (state->blob_out.length != 0) {
    1194           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
    1195           0 :                 return;
    1196             :         }
    1197             : 
    1198             :         /*
    1199             :          * gensec_ntlmssp_server_domain() returns NULL
    1200             :          * if NTLMSSP is not used.
    1201             :          *
    1202             :          * We can remove this later
    1203             :          * and leave the server domain empty for SMB2 and above
    1204             :          * in future releases.
    1205             :          */
    1206        2148 :         server_domain = gensec_ntlmssp_server_domain(
    1207        2148 :                                 state->auth_generic->gensec_security);
    1208             : 
    1209        2148 :         if (state->cli->server_domain[0] == '\0' && server_domain != NULL) {
    1210         898 :                 TALLOC_FREE(state->cli->server_domain);
    1211         898 :                 state->cli->server_domain = talloc_strdup(state->cli,
    1212             :                                         server_domain);
    1213         898 :                 if (state->cli->server_domain == NULL) {
    1214           0 :                         tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
    1215           0 :                         return;
    1216             :                 }
    1217             :         }
    1218             : 
    1219        2148 :         if (state->is_anonymous) {
    1220             :                 /*
    1221             :                  * Windows server does not set the
    1222             :                  * SMB2_SESSION_FLAG_IS_NULL flag.
    1223             :                  *
    1224             :                  * This fix makes sure we do not try
    1225             :                  * to verify a signature on the final
    1226             :                  * session setup response.
    1227             :                  */
    1228         205 :                 tevent_req_done(req);
    1229         205 :                 return;
    1230             :         }
    1231             : 
    1232        1943 :         status = gensec_session_key(state->auth_generic->gensec_security,
    1233             :                                     state, &state->session_key);
    1234        1943 :         if (tevent_req_nterror(req, status)) {
    1235           0 :                 return;
    1236             :         }
    1237             : 
    1238        1943 :         if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
    1239        1872 :                 struct smbXcli_session *session = state->cli->smb2.session;
    1240             : 
    1241        1872 :                 status = smb2cli_session_set_session_key(session,
    1242             :                                                          state->session_key,
    1243        1872 :                                                          state->recv_iov);
    1244        1872 :                 if (tevent_req_nterror(req, status)) {
    1245           0 :                         return;
    1246             :                 }
    1247        1872 :                 if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB3_00
    1248         744 :                     && lp_debug_encryption())
    1249             :                 {
    1250           0 :                         cli_session_dump_keys(state, session, state->session_key);
    1251             :                 }
    1252             :         } else {
    1253          71 :                 struct smbXcli_session *session = state->cli->smb1.session;
    1254             :                 bool active;
    1255             : 
    1256          71 :                 status = smb1cli_session_set_session_key(session,
    1257             :                                                          state->session_key);
    1258          71 :                 if (tevent_req_nterror(req, status)) {
    1259           0 :                         return;
    1260             :                 }
    1261             : 
    1262          71 :                 active = smb1cli_conn_activate_signing(state->cli->conn,
    1263             :                                                        state->session_key,
    1264             :                                                        data_blob_null);
    1265          71 :                 if (active) {
    1266             :                         bool ok;
    1267             : 
    1268          60 :                         ok = smb1cli_conn_check_signing(state->cli->conn,
    1269             :                                                         state->inbuf, 1);
    1270          60 :                         if (!ok) {
    1271           0 :                                 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
    1272           0 :                                 return;
    1273             :                         }
    1274             :                 }
    1275             :         }
    1276             : 
    1277        1943 :         tevent_req_done(req);
    1278             : }
    1279             : 
    1280        2300 : static NTSTATUS cli_session_setup_gensec_recv(struct tevent_req *req)
    1281             : {
    1282        1561 :         struct cli_session_setup_gensec_state *state =
    1283        2300 :                 tevent_req_data(req,
    1284             :                 struct cli_session_setup_gensec_state);
    1285             :         NTSTATUS status;
    1286             : 
    1287        2300 :         if (tevent_req_is_nterror(req, &status)) {
    1288         152 :                 cli_state_set_uid(state->cli, UID_FIELD_INVALID);
    1289         152 :                 return status;
    1290             :         }
    1291        2148 :         return NT_STATUS_OK;
    1292             : }
    1293             : 
    1294          84 : static char *cli_session_setup_get_account(TALLOC_CTX *mem_ctx,
    1295             :                                            const char *principal)
    1296             : {
    1297             :         char *account, *p;
    1298             : 
    1299          84 :         account = talloc_strdup(mem_ctx, principal);
    1300          84 :         if (account == NULL) {
    1301           0 :                 return NULL;
    1302             :         }
    1303          84 :         p = strchr_m(account, '@');
    1304          84 :         if (p != NULL) {
    1305           0 :                 *p = '\0';
    1306             :         }
    1307          84 :         return account;
    1308             : }
    1309             : 
    1310             : /****************************************************************************
    1311             :  Do a spnego encrypted session setup.
    1312             : 
    1313             :  user_domain: The shortname of the domain the user/machine is a member of.
    1314             :  dest_realm: The realm we're connecting to, if NULL we use our default realm.
    1315             : ****************************************************************************/
    1316             : 
    1317             : struct cli_session_setup_spnego_state {
    1318             :         ADS_STATUS result;
    1319             : };
    1320             : 
    1321             : static void cli_session_setup_spnego_done(struct tevent_req *subreq);
    1322             : 
    1323        2304 : static struct tevent_req *cli_session_setup_spnego_send(
    1324             :         TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
    1325             :         struct cli_credentials *creds)
    1326             : {
    1327             :         struct tevent_req *req, *subreq;
    1328             :         struct cli_session_setup_spnego_state *state;
    1329        2304 :         const char *target_service = NULL;
    1330        2304 :         const char *target_hostname = NULL;
    1331             :         NTSTATUS status;
    1332             : 
    1333        2304 :         req = tevent_req_create(mem_ctx, &state,
    1334             :                                 struct cli_session_setup_spnego_state);
    1335        2304 :         if (req == NULL) {
    1336           0 :                 return NULL;
    1337             :         }
    1338             : 
    1339        2304 :         target_service = "cifs";
    1340        2304 :         target_hostname = smbXcli_conn_remote_name(cli->conn);
    1341             : 
    1342        2304 :         status = cli_session_creds_prepare_krb5(cli, creds);
    1343        2304 :         if (tevent_req_nterror(req, status)) {
    1344           4 :                 return tevent_req_post(req, ev);
    1345             :         }
    1346             : 
    1347        2300 :         DBG_INFO("Connect to %s as %s using SPNEGO\n",
    1348             :                  target_hostname,
    1349             :                  cli_credentials_get_principal(creds, talloc_tos()));
    1350             : 
    1351        2300 :         subreq = cli_session_setup_gensec_send(state, ev, cli, creds,
    1352             :                                                target_service, target_hostname);
    1353        2300 :         if (tevent_req_nomem(subreq, req)) {
    1354           0 :                 return tevent_req_post(req, ev);
    1355             :         }
    1356        2300 :         tevent_req_set_callback(
    1357             :                 subreq, cli_session_setup_spnego_done, req);
    1358        2300 :         return req;
    1359             : }
    1360             : 
    1361        2300 : static void cli_session_setup_spnego_done(struct tevent_req *subreq)
    1362             : {
    1363        2300 :         struct tevent_req *req = tevent_req_callback_data(
    1364             :                 subreq, struct tevent_req);
    1365             :         NTSTATUS status;
    1366             : 
    1367        2300 :         status = cli_session_setup_gensec_recv(subreq);
    1368        2300 :         TALLOC_FREE(subreq);
    1369        2300 :         if (tevent_req_nterror(req, status)) {
    1370         152 :                 return;
    1371             :         }
    1372             : 
    1373        2148 :         tevent_req_done(req);
    1374             : }
    1375             : 
    1376        2304 : static ADS_STATUS cli_session_setup_spnego_recv(struct tevent_req *req)
    1377             : {
    1378        2304 :         struct cli_session_setup_spnego_state *state = tevent_req_data(
    1379             :                 req, struct cli_session_setup_spnego_state);
    1380             :         NTSTATUS status;
    1381             : 
    1382        2304 :         if (tevent_req_is_nterror(req, &status)) {
    1383         156 :                 state->result = ADS_ERROR_NT(status);
    1384             :         }
    1385             : 
    1386        2304 :         return state->result;
    1387             : }
    1388             : 
    1389             : struct cli_session_setup_creds_state {
    1390             :         struct cli_state *cli;
    1391             :         DATA_BLOB apassword_blob;
    1392             :         DATA_BLOB upassword_blob;
    1393             :         DATA_BLOB lm_session_key;
    1394             :         DATA_BLOB session_key;
    1395             :         char *out_native_os;
    1396             :         char *out_native_lm;
    1397             :         char *out_primary_domain;
    1398             : };
    1399             : 
    1400        4626 : static void cli_session_setup_creds_cleanup(struct tevent_req *req,
    1401             :                                             enum tevent_req_state req_state)
    1402             : {
    1403        4626 :         struct cli_session_setup_creds_state *state = tevent_req_data(
    1404             :                 req, struct cli_session_setup_creds_state);
    1405             : 
    1406        4626 :         if (req_state != TEVENT_REQ_RECEIVED) {
    1407        2313 :                 return;
    1408             :         }
    1409             : 
    1410             :         /*
    1411             :          * We only call data_blob_clear() as
    1412             :          * some of the blobs point to the same memory.
    1413             :          *
    1414             :          * We let the talloc hierarchy free the memory.
    1415             :          */
    1416        2313 :         data_blob_clear(&state->apassword_blob);
    1417        2313 :         data_blob_clear(&state->upassword_blob);
    1418        2313 :         data_blob_clear(&state->lm_session_key);
    1419        2313 :         data_blob_clear(&state->session_key);
    1420        2313 :         ZERO_STRUCTP(state);
    1421             : }
    1422             : 
    1423             : static void cli_session_setup_creds_done_spnego(struct tevent_req *subreq);
    1424             : static void cli_session_setup_creds_done_nt1(struct tevent_req *subreq);
    1425             : static void cli_session_setup_creds_done_lm21(struct tevent_req *subreq);
    1426             : 
    1427             : /****************************************************************************
    1428             :  Send a session setup. The username and workgroup is in UNIX character
    1429             :  format and must be converted to DOS codepage format before sending. If the
    1430             :  password is in plaintext, the same should be done.
    1431             : ****************************************************************************/
    1432             : 
    1433        2313 : struct tevent_req *cli_session_setup_creds_send(TALLOC_CTX *mem_ctx,
    1434             :                                         struct tevent_context *ev,
    1435             :                                         struct cli_state *cli,
    1436             :                                         struct cli_credentials *creds)
    1437             : {
    1438             :         struct tevent_req *req, *subreq;
    1439             :         struct cli_session_setup_creds_state *state;
    1440        2313 :         uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
    1441        2313 :         bool use_spnego = false;
    1442        2313 :         int flags = 0;
    1443        2313 :         const char *username = "";
    1444        2313 :         const char *domain = "";
    1445        2313 :         DATA_BLOB target_info = data_blob_null;
    1446        2313 :         DATA_BLOB challenge = data_blob_null;
    1447        2313 :         uint16_t in_buf_size = 0;
    1448        2313 :         uint16_t in_mpx_max = 0;
    1449        2313 :         uint16_t in_vc_num = 0;
    1450        2313 :         uint32_t in_sess_key = 0;
    1451        2313 :         const char *in_native_os = NULL;
    1452        2313 :         const char *in_native_lm = NULL;
    1453        1572 :         enum credentials_use_kerberos krb5_state =
    1454         741 :                 cli_credentials_get_kerberos_state(creds);
    1455             :         NTSTATUS status;
    1456             : 
    1457        2313 :         req = tevent_req_create(mem_ctx, &state,
    1458             :                                 struct cli_session_setup_creds_state);
    1459        2313 :         if (req == NULL) {
    1460           0 :                 return NULL;
    1461             :         }
    1462        2313 :         state->cli = cli;
    1463             : 
    1464        2313 :         tevent_req_set_cleanup_fn(req, cli_session_setup_creds_cleanup);
    1465             : 
    1466             :         /*
    1467             :          * Now work out what sort of session setup we are going to
    1468             :          * do. I have split this into separate functions to make the flow a bit
    1469             :          * easier to understand (tridge).
    1470             :          */
    1471        2313 :         if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1) {
    1472           0 :                 use_spnego = false;
    1473        2313 :         } else if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
    1474        2213 :                 use_spnego = true;
    1475         100 :         } else if (smb1cli_conn_capabilities(cli->conn) & CAP_EXTENDED_SECURITY) {
    1476             :                 /*
    1477             :                  * if the server supports extended security then use SPNEGO
    1478             :                  * even for anonymous connections.
    1479             :                  */
    1480          91 :                 use_spnego = true;
    1481             :         } else {
    1482           9 :                 use_spnego = false;
    1483             :         }
    1484             : 
    1485        2313 :         if (use_spnego) {
    1486        2304 :                 subreq = cli_session_setup_spnego_send(
    1487             :                         state, ev, cli, creds);
    1488        2304 :                 if (tevent_req_nomem(subreq, req)) {
    1489           0 :                         return tevent_req_post(req, ev);
    1490             :                 }
    1491        2304 :                 tevent_req_set_callback(subreq, cli_session_setup_creds_done_spnego,
    1492             :                                         req);
    1493        2304 :                 return req;
    1494             :         }
    1495             : 
    1496           9 :         if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
    1497           0 :                 DBG_WARNING("Kerberos authentication requested, but "
    1498             :                             "the server does not support SPNEGO authentication\n");
    1499           0 :                 tevent_req_nterror(req, NT_STATUS_NETWORK_CREDENTIAL_CONFLICT);
    1500           0 :                 return tevent_req_post(req, ev);
    1501             :         }
    1502             : 
    1503           9 :         if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_LANMAN1) {
    1504             :                 /*
    1505             :                  * SessionSetupAndX was introduced by LANMAN 1.0. So we skip
    1506             :                  * this step against older servers.
    1507             :                  */
    1508           0 :                 tevent_req_done(req);
    1509           0 :                 return tevent_req_post(req, ev);
    1510             :         }
    1511             : 
    1512           9 :         if (cli_credentials_is_anonymous(creds)) {
    1513             :                 /*
    1514             :                  * Do an anonymous session setup
    1515             :                  */
    1516           3 :                 goto non_spnego_creds_done;
    1517             :         }
    1518             : 
    1519           6 :         if ((sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0) {
    1520             :                 /*
    1521             :                  * Do an anonymous session setup,
    1522             :                  * the password is passed via the tree connect.
    1523             :                  */
    1524           0 :                 goto non_spnego_creds_done;
    1525             :         }
    1526             : 
    1527           6 :         cli_credentials_get_ntlm_username_domain(creds, state,
    1528             :                                                  &username,
    1529             :                                                  &domain);
    1530           6 :         if (tevent_req_nomem(username, req)) {
    1531           0 :                 return tevent_req_post(req, ev);
    1532             :         }
    1533           6 :         if (tevent_req_nomem(domain, req)) {
    1534           0 :                 return tevent_req_post(req, ev);
    1535             :         }
    1536             : 
    1537           6 :         DBG_INFO("Connect to %s as %s using NTLM\n", domain, username);
    1538             : 
    1539           6 :         if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
    1540           0 :                 bool use_unicode = smbXcli_conn_use_unicode(cli->conn);
    1541           0 :                 uint8_t *bytes = NULL;
    1542           0 :                 size_t bytes_len = 0;
    1543           0 :                 const char *pw = cli_credentials_get_password(creds);
    1544           0 :                 size_t pw_len = 0;
    1545             : 
    1546           0 :                 if (pw == NULL) {
    1547           0 :                         pw = "";
    1548             :                 }
    1549           0 :                 pw_len = strlen(pw) + 1;
    1550             : 
    1551           0 :                 if (!lp_client_plaintext_auth()) {
    1552           0 :                         DEBUG(1, ("Server requested PLAINTEXT password but "
    1553             :                                   "'client plaintext auth = no'\n"));
    1554           0 :                         tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
    1555           0 :                         return tevent_req_post(req, ev);
    1556             :                 }
    1557             : 
    1558           0 :                 bytes = talloc_array(state, uint8_t, 0);
    1559           0 :                 bytes = trans2_bytes_push_str(bytes, use_unicode,
    1560             :                                               pw, pw_len, &bytes_len);
    1561           0 :                 if (tevent_req_nomem(bytes, req)) {
    1562           0 :                         return tevent_req_post(req, ev);
    1563             :                 }
    1564             : 
    1565           0 :                 if (use_unicode) {
    1566             :                         /*
    1567             :                          * CAP_UNICODE, can only be negotiated by NT1.
    1568             :                          */
    1569           0 :                         state->upassword_blob = data_blob_const(bytes,
    1570             :                                                                 bytes_len);
    1571             :                 } else {
    1572           0 :                         state->apassword_blob = data_blob_const(bytes,
    1573             :                                                                 bytes_len);
    1574             :                 }
    1575             : 
    1576           0 :                 goto non_spnego_creds_done;
    1577             :         }
    1578             : 
    1579           6 :         challenge = data_blob_const(smb1cli_conn_server_challenge(cli->conn), 8);
    1580             : 
    1581           6 :         if (smbXcli_conn_protocol(cli->conn) == PROTOCOL_NT1) {
    1582           6 :                 if (lp_client_ntlmv2_auth() && lp_client_use_spnego()) {
    1583             :                         /*
    1584             :                          * Don't send an NTLMv2 response without NTLMSSP if we
    1585             :                          * want to use spnego support.
    1586             :                          */
    1587           0 :                         DEBUG(1, ("Server does not support EXTENDED_SECURITY "
    1588             :                                   " but 'client use spnego = yes'"
    1589             :                                   " and 'client ntlmv2 auth = yes' is set\n"));
    1590           0 :                         tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
    1591           0 :                         return tevent_req_post(req, ev);
    1592             :                 }
    1593             : 
    1594           6 :                 if (lp_client_ntlmv2_auth()) {
    1595           0 :                         flags |= CLI_CRED_NTLMv2_AUTH;
    1596             : 
    1597             :                         /*
    1598             :                          * note that the 'domain' here is a best
    1599             :                          * guess - we don't know the server's domain
    1600             :                          * at this point. Windows clients also don't
    1601             :                          * use hostname...
    1602             :                          */
    1603           0 :                         target_info = NTLMv2_generate_names_blob(state,
    1604             :                                                                  NULL,
    1605             :                                                                  domain);
    1606           0 :                         if (tevent_req_nomem(target_info.data, req)) {
    1607           0 :                                 return tevent_req_post(req, ev);
    1608             :                         }
    1609             :                 } else {
    1610           6 :                         flags |= CLI_CRED_NTLM_AUTH;
    1611           6 :                         if (lp_client_lanman_auth()) {
    1612           3 :                                 flags |= CLI_CRED_LANMAN_AUTH;
    1613             :                         }
    1614             :                 }
    1615             :         } else {
    1616           0 :                 if (!lp_client_lanman_auth()) {
    1617           0 :                         DEBUG(1, ("Server requested user level LM password but "
    1618             :                                   "'client lanman auth = no' is set.\n"));
    1619           0 :                         tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
    1620           0 :                         return tevent_req_post(req, ev);
    1621             :                 }
    1622             : 
    1623           0 :                 flags |= CLI_CRED_LANMAN_AUTH;
    1624             :         }
    1625             : 
    1626          21 :         status = cli_credentials_get_ntlm_response(creds, state, &flags,
    1627             :                                                    challenge, NULL,
    1628             :                                                    target_info,
    1629           6 :                                                    &state->apassword_blob,
    1630           6 :                                                    &state->upassword_blob,
    1631           6 :                                                    &state->lm_session_key,
    1632           6 :                                                    &state->session_key);
    1633           6 :         if (tevent_req_nterror(req, status)) {
    1634           0 :                 return tevent_req_post(req, ev);
    1635             :         }
    1636             : 
    1637           6 : non_spnego_creds_done:
    1638             : 
    1639           9 :         in_buf_size = CLI_BUFFER_SIZE;
    1640           9 :         in_mpx_max = smbXcli_conn_max_requests(cli->conn);
    1641           9 :         in_vc_num = cli_state_get_vc_num(cli);
    1642           9 :         in_sess_key = smb1cli_conn_server_session_key(cli->conn);
    1643           9 :         in_native_os = "Unix";
    1644           9 :         in_native_lm = "Samba";
    1645             : 
    1646           9 :         if (smbXcli_conn_protocol(cli->conn) == PROTOCOL_NT1) {
    1647           9 :                 uint32_t in_capabilities = 0;
    1648             : 
    1649           9 :                 in_capabilities = cli_session_setup_capabilities(cli, 0);
    1650             : 
    1651             :                 /*
    1652             :                  * For now we keep the same values as before,
    1653             :                  * we may remove these in a separate commit later.
    1654             :                  */
    1655           9 :                 in_mpx_max = 2;
    1656             : 
    1657          16 :                 subreq = smb1cli_session_setup_nt1_send(state, ev,
    1658             :                                                         cli->conn,
    1659           9 :                                                         cli->timeout,
    1660             :                                                         cli->smb1.pid,
    1661             :                                                         cli->smb1.session,
    1662             :                                                         in_buf_size,
    1663             :                                                         in_mpx_max,
    1664             :                                                         in_vc_num,
    1665             :                                                         in_sess_key,
    1666             :                                                         username,
    1667             :                                                         domain,
    1668           9 :                                                         state->apassword_blob,
    1669           9 :                                                         state->upassword_blob,
    1670             :                                                         in_capabilities,
    1671             :                                                         in_native_os,
    1672             :                                                         in_native_lm);
    1673           9 :                 if (tevent_req_nomem(subreq, req)) {
    1674           0 :                         return tevent_req_post(req, ev);
    1675             :                 }
    1676           9 :                 tevent_req_set_callback(subreq, cli_session_setup_creds_done_nt1,
    1677             :                                         req);
    1678           9 :                 return req;
    1679             :         }
    1680             : 
    1681             :         /*
    1682             :          * For now we keep the same values as before,
    1683             :          * we may remove these in a separate commit later.
    1684             :          */
    1685           0 :         in_mpx_max = 2;
    1686           0 :         in_vc_num = 1;
    1687             : 
    1688           0 :         subreq = smb1cli_session_setup_lm21_send(state, ev,
    1689             :                                                  cli->conn,
    1690           0 :                                                  cli->timeout,
    1691             :                                                  cli->smb1.pid,
    1692             :                                                  cli->smb1.session,
    1693             :                                                  in_buf_size,
    1694             :                                                  in_mpx_max,
    1695             :                                                  in_vc_num,
    1696             :                                                  in_sess_key,
    1697             :                                                  username,
    1698             :                                                  domain,
    1699           0 :                                                  state->apassword_blob,
    1700             :                                                  in_native_os,
    1701             :                                                  in_native_lm);
    1702           0 :         if (tevent_req_nomem(subreq, req)) {
    1703           0 :                 return tevent_req_post(req, ev);
    1704             :         }
    1705           0 :         tevent_req_set_callback(subreq, cli_session_setup_creds_done_lm21,
    1706             :                                 req);
    1707           0 :         return req;
    1708             : }
    1709             : 
    1710        2304 : static void cli_session_setup_creds_done_spnego(struct tevent_req *subreq)
    1711             : {
    1712        2304 :         struct tevent_req *req = tevent_req_callback_data(
    1713             :                 subreq, struct tevent_req);
    1714             :         ADS_STATUS status;
    1715             : 
    1716        2304 :         status = cli_session_setup_spnego_recv(subreq);
    1717        2304 :         TALLOC_FREE(subreq);
    1718        2304 :         if (!ADS_ERR_OK(status)) {
    1719         156 :                 DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
    1720         156 :                 tevent_req_nterror(req, ads_ntstatus(status));
    1721         156 :                 return;
    1722             :         }
    1723        2148 :         tevent_req_done(req);
    1724             : }
    1725             : 
    1726           9 : static void cli_session_setup_creds_done_nt1(struct tevent_req *subreq)
    1727             : {
    1728           9 :         struct tevent_req *req = tevent_req_callback_data(
    1729             :                 subreq, struct tevent_req);
    1730           9 :         struct cli_session_setup_creds_state *state = tevent_req_data(
    1731             :                 req, struct cli_session_setup_creds_state);
    1732           9 :         struct cli_state *cli = state->cli;
    1733             :         NTSTATUS status;
    1734           9 :         struct iovec *recv_iov = NULL;
    1735           9 :         const uint8_t *inbuf = NULL;
    1736             :         bool ok;
    1737             : 
    1738           9 :         status = smb1cli_session_setup_nt1_recv(subreq, state,
    1739             :                                                 &recv_iov,
    1740             :                                                 &inbuf,
    1741             :                                                 &state->out_native_os,
    1742             :                                                 &state->out_native_lm,
    1743             :                                                 &state->out_primary_domain);
    1744           9 :         TALLOC_FREE(subreq);
    1745           9 :         if (!NT_STATUS_IS_OK(status)) {
    1746           2 :                 DEBUG(3, ("NT1 login failed: %s\n", nt_errstr(status)));
    1747           2 :                 tevent_req_nterror(req, status);
    1748           2 :                 return;
    1749             :         }
    1750             : 
    1751           7 :         status = cli_state_update_after_sesssetup(state->cli,
    1752           7 :                                                   state->out_native_os,
    1753           7 :                                                   state->out_native_lm,
    1754           7 :                                                   state->out_primary_domain);
    1755           7 :         if (tevent_req_nterror(req, status)) {
    1756           0 :                 return;
    1757             :         }
    1758             : 
    1759           7 :         ok = smb1cli_conn_activate_signing(cli->conn,
    1760             :                                            state->session_key,
    1761             :                                            state->upassword_blob);
    1762           7 :         if (ok) {
    1763           2 :                 ok = smb1cli_conn_check_signing(cli->conn, inbuf, 1);
    1764           2 :                 if (!ok) {
    1765           0 :                         tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
    1766           0 :                         return;
    1767             :                 }
    1768             :         }
    1769             : 
    1770           7 :         if (state->session_key.data) {
    1771           4 :                 struct smbXcli_session *session = cli->smb1.session;
    1772             : 
    1773           4 :                 status = smb1cli_session_set_session_key(session,
    1774             :                                                          state->session_key);
    1775           4 :                 if (tevent_req_nterror(req, status)) {
    1776           0 :                         return;
    1777             :                 }
    1778             :         }
    1779             : 
    1780           7 :         tevent_req_done(req);
    1781             : }
    1782             : 
    1783           0 : static void cli_session_setup_creds_done_lm21(struct tevent_req *subreq)
    1784             : {
    1785           0 :         struct tevent_req *req = tevent_req_callback_data(
    1786             :                 subreq, struct tevent_req);
    1787           0 :         struct cli_session_setup_creds_state *state = tevent_req_data(
    1788             :                 req, struct cli_session_setup_creds_state);
    1789             :         NTSTATUS status;
    1790             : 
    1791           0 :         status = smb1cli_session_setup_lm21_recv(subreq, state,
    1792             :                                                  &state->out_native_os,
    1793             :                                                  &state->out_native_lm);
    1794           0 :         TALLOC_FREE(subreq);
    1795           0 :         if (!NT_STATUS_IS_OK(status)) {
    1796           0 :                 DEBUG(3, ("LM21 login failed: %s\n", nt_errstr(status)));
    1797           0 :                 tevent_req_nterror(req, status);
    1798           0 :                 return;
    1799             :         }
    1800             : 
    1801           0 :         status = cli_state_update_after_sesssetup(state->cli,
    1802           0 :                                                   state->out_native_os,
    1803           0 :                                                   state->out_native_lm,
    1804             :                                                   NULL);
    1805           0 :         if (tevent_req_nterror(req, status)) {
    1806           0 :                 return;
    1807             :         }
    1808             : 
    1809           0 :         tevent_req_done(req);
    1810             : }
    1811             : 
    1812        2313 : NTSTATUS cli_session_setup_creds_recv(struct tevent_req *req)
    1813             : {
    1814        2313 :         return tevent_req_simple_recv_ntstatus(req);
    1815             : }
    1816             : 
    1817        1164 : NTSTATUS cli_session_setup_creds(struct cli_state *cli,
    1818             :                                  struct cli_credentials *creds)
    1819             : {
    1820             :         struct tevent_context *ev;
    1821             :         struct tevent_req *req;
    1822        1164 :         NTSTATUS status = NT_STATUS_NO_MEMORY;
    1823             : 
    1824        1164 :         if (smbXcli_conn_has_async_calls(cli->conn)) {
    1825           0 :                 return NT_STATUS_INVALID_PARAMETER;
    1826             :         }
    1827        1164 :         ev = samba_tevent_context_init(talloc_tos());
    1828        1164 :         if (ev == NULL) {
    1829           0 :                 goto fail;
    1830             :         }
    1831        1164 :         req = cli_session_setup_creds_send(ev, ev, cli, creds);
    1832        1164 :         if (req == NULL) {
    1833           0 :                 goto fail;
    1834             :         }
    1835        1164 :         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
    1836           0 :                 goto fail;
    1837             :         }
    1838        1164 :         status = cli_session_setup_creds_recv(req);
    1839        1164 :  fail:
    1840        1164 :         TALLOC_FREE(ev);
    1841        1164 :         return status;
    1842             : }
    1843             : 
    1844          10 : NTSTATUS cli_session_setup_anon(struct cli_state *cli)
    1845             : {
    1846             :         NTSTATUS status;
    1847          10 :         struct cli_credentials *creds = NULL;
    1848             : 
    1849          10 :         creds = cli_credentials_init_anon(cli);
    1850          10 :         if (creds == NULL) {
    1851           0 :                 return NT_STATUS_NO_MEMORY;
    1852             :         }
    1853             : 
    1854          10 :         status = cli_session_setup_creds(cli, creds);
    1855          10 :         TALLOC_FREE(creds);
    1856          10 :         if (!NT_STATUS_IS_OK(status)) {
    1857           0 :                 return status;
    1858             :         }
    1859             : 
    1860          10 :         return NT_STATUS_OK;
    1861             : }
    1862             : 
    1863             : /****************************************************************************
    1864             :  Send a uloggoff.
    1865             : *****************************************************************************/
    1866             : 
    1867             : struct cli_ulogoff_state {
    1868             :         struct cli_state *cli;
    1869             :         uint16_t vwv[3];
    1870             : };
    1871             : 
    1872             : static void cli_ulogoff_done(struct tevent_req *subreq);
    1873             : 
    1874           0 : static struct tevent_req *cli_ulogoff_send(TALLOC_CTX *mem_ctx,
    1875             :                                     struct tevent_context *ev,
    1876             :                                     struct cli_state *cli)
    1877             : {
    1878             :         struct tevent_req *req, *subreq;
    1879             :         struct cli_ulogoff_state *state;
    1880             : 
    1881           0 :         req = tevent_req_create(mem_ctx, &state, struct cli_ulogoff_state);
    1882           0 :         if (req == NULL) {
    1883           0 :                 return NULL;
    1884             :         }
    1885           0 :         state->cli = cli;
    1886             : 
    1887           0 :         SCVAL(state->vwv+0, 0, 0xFF);
    1888           0 :         SCVAL(state->vwv+1, 0, 0);
    1889           0 :         SSVAL(state->vwv+2, 0, 0);
    1890             : 
    1891           0 :         subreq = cli_smb_send(state, ev, cli, SMBulogoffX, 0, 0, 2, state->vwv,
    1892             :                               0, NULL);
    1893           0 :         if (tevent_req_nomem(subreq, req)) {
    1894           0 :                 return tevent_req_post(req, ev);
    1895             :         }
    1896           0 :         tevent_req_set_callback(subreq, cli_ulogoff_done, req);
    1897           0 :         return req;
    1898             : }
    1899             : 
    1900           0 : static void cli_ulogoff_done(struct tevent_req *subreq)
    1901             : {
    1902           0 :         struct tevent_req *req = tevent_req_callback_data(
    1903             :                 subreq, struct tevent_req);
    1904           0 :         struct cli_ulogoff_state *state = tevent_req_data(
    1905             :                 req, struct cli_ulogoff_state);
    1906             :         NTSTATUS status;
    1907             : 
    1908           0 :         status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
    1909           0 :         if (!NT_STATUS_IS_OK(status)) {
    1910           0 :                 tevent_req_nterror(req, status);
    1911           0 :                 return;
    1912             :         }
    1913           0 :         cli_state_set_uid(state->cli, UID_FIELD_INVALID);
    1914           0 :         tevent_req_done(req);
    1915             : }
    1916             : 
    1917           0 : static NTSTATUS cli_ulogoff_recv(struct tevent_req *req)
    1918             : {
    1919           0 :         return tevent_req_simple_recv_ntstatus(req);
    1920             : }
    1921             : 
    1922           0 : NTSTATUS cli_ulogoff(struct cli_state *cli)
    1923             : {
    1924             :         struct tevent_context *ev;
    1925             :         struct tevent_req *req;
    1926           0 :         NTSTATUS status = NT_STATUS_NO_MEMORY;
    1927             : 
    1928           0 :         if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
    1929           0 :                 status = smb2cli_logoff(cli->conn,
    1930           0 :                                         cli->timeout,
    1931             :                                         cli->smb2.session);
    1932           0 :                 if (!NT_STATUS_IS_OK(status)) {
    1933           0 :                         return status;
    1934             :                 }
    1935           0 :                 smb2cli_session_set_id_and_flags(cli->smb2.session,
    1936             :                                                  UINT64_MAX, 0);
    1937           0 :                 return NT_STATUS_OK;
    1938             :         }
    1939             : 
    1940           0 :         if (smbXcli_conn_has_async_calls(cli->conn)) {
    1941           0 :                 return NT_STATUS_INVALID_PARAMETER;
    1942             :         }
    1943           0 :         ev = samba_tevent_context_init(talloc_tos());
    1944           0 :         if (ev == NULL) {
    1945           0 :                 goto fail;
    1946             :         }
    1947           0 :         req = cli_ulogoff_send(ev, ev, cli);
    1948           0 :         if (req == NULL) {
    1949           0 :                 goto fail;
    1950             :         }
    1951           0 :         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
    1952           0 :                 goto fail;
    1953             :         }
    1954           0 :         status = cli_ulogoff_recv(req);
    1955           0 : fail:
    1956           0 :         TALLOC_FREE(ev);
    1957           0 :         return status;
    1958             : }
    1959             : 
    1960             : /****************************************************************************
    1961             :  Send a tconX.
    1962             : ****************************************************************************/
    1963             : 
    1964             : struct cli_tcon_andx_state {
    1965             :         struct cli_state *cli;
    1966             :         uint16_t vwv[4];
    1967             :         struct iovec bytes;
    1968             : };
    1969             : 
    1970             : static void cli_tcon_andx_done(struct tevent_req *subreq);
    1971             : 
    1972          95 : struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
    1973             :                                         struct tevent_context *ev,
    1974             :                                         struct cli_state *cli,
    1975             :                                         const char *share, const char *dev,
    1976             :                                         const char *pass, int passlen,
    1977             :                                         struct tevent_req **psmbreq)
    1978             : {
    1979             :         struct tevent_req *req, *subreq;
    1980             :         struct cli_tcon_andx_state *state;
    1981             :         uint8_t p24[24];
    1982             :         uint16_t *vwv;
    1983          95 :         char *tmp = NULL;
    1984             :         uint8_t *bytes;
    1985          95 :         uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
    1986          95 :         uint16_t tcon_flags = 0;
    1987             : 
    1988          95 :         *psmbreq = NULL;
    1989             : 
    1990          95 :         req = tevent_req_create(mem_ctx, &state, struct cli_tcon_andx_state);
    1991          95 :         if (req == NULL) {
    1992           0 :                 return NULL;
    1993             :         }
    1994          95 :         state->cli = cli;
    1995          95 :         vwv = state->vwv;
    1996             : 
    1997          95 :         TALLOC_FREE(cli->smb1.tcon);
    1998          95 :         cli->smb1.tcon = smbXcli_tcon_create(cli);
    1999          95 :         if (tevent_req_nomem(cli->smb1.tcon, req)) {
    2000           0 :                 return tevent_req_post(req, ev);
    2001             :         }
    2002          95 :         smb1cli_tcon_set_id(cli->smb1.tcon, UINT16_MAX);
    2003             : 
    2004          95 :         cli->share = talloc_strdup(cli, share);
    2005          95 :         if (!cli->share) {
    2006           0 :                 return NULL;
    2007             :         }
    2008             : 
    2009             :         /* in user level security don't send a password now */
    2010          95 :         if (sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
    2011          95 :                 passlen = 1;
    2012          95 :                 pass = "";
    2013           0 :         } else if (pass == NULL) {
    2014           0 :                 DEBUG(1, ("Server not using user level security and no "
    2015             :                           "password supplied.\n"));
    2016           0 :                 goto access_denied;
    2017             :         }
    2018             : 
    2019         181 :         if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
    2020          95 :             *pass && passlen != 24) {
    2021           0 :                 if (!lp_client_lanman_auth()) {
    2022           0 :                         DEBUG(1, ("Server requested LANMAN password "
    2023             :                                   "(share-level security) but "
    2024             :                                   "'client lanman auth = no' or 'client ntlmv2 auth = yes'\n"));
    2025           0 :                         goto access_denied;
    2026             :                 }
    2027             : 
    2028             :                 /*
    2029             :                  * Non-encrypted passwords - convert to DOS codepage before
    2030             :                  * encryption.
    2031             :                  */
    2032           0 :                 SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn), p24);
    2033           0 :                 passlen = 24;
    2034           0 :                 pass = (const char *)p24;
    2035             :         } else {
    2036          95 :                 if((sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL
    2037             :                                      |NEGOTIATE_SECURITY_CHALLENGE_RESPONSE))
    2038             :                    == 0) {
    2039             :                         uint8_t *tmp_pass;
    2040             : 
    2041           0 :                         if (!lp_client_plaintext_auth() && (*pass)) {
    2042           0 :                                 DEBUG(1, ("Server requested PLAINTEXT "
    2043             :                                           "password but "
    2044             :                                           "'client plaintext auth = no' or 'client ntlmv2 auth = yes'\n"));
    2045           0 :                                 goto access_denied;
    2046             :                         }
    2047             : 
    2048             :                         /*
    2049             :                          * Non-encrypted passwords - convert to DOS codepage
    2050             :                          * before using.
    2051             :                          */
    2052           0 :                         tmp_pass = talloc_array(talloc_tos(), uint8_t, 0);
    2053           0 :                         if (tevent_req_nomem(tmp_pass, req)) {
    2054           0 :                                 return tevent_req_post(req, ev);
    2055             :                         }
    2056           0 :                         tmp_pass = trans2_bytes_push_str(tmp_pass,
    2057             :                                                          false, /* always DOS */
    2058             :                                                          pass,
    2059             :                                                          passlen,
    2060             :                                                          NULL);
    2061           0 :                         if (tevent_req_nomem(tmp_pass, req)) {
    2062           0 :                                 return tevent_req_post(req, ev);
    2063             :                         }
    2064           0 :                         pass = (const char *)tmp_pass;
    2065           0 :                         passlen = talloc_get_size(tmp_pass);
    2066             :                 }
    2067             :         }
    2068             : 
    2069          95 :         tcon_flags |= TCONX_FLAG_EXTENDED_RESPONSE;
    2070          95 :         tcon_flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
    2071             : 
    2072          95 :         SCVAL(vwv+0, 0, 0xFF);
    2073          95 :         SCVAL(vwv+0, 1, 0);
    2074          95 :         SSVAL(vwv+1, 0, 0);
    2075          95 :         SSVAL(vwv+2, 0, tcon_flags);
    2076          95 :         SSVAL(vwv+3, 0, passlen);
    2077             : 
    2078          95 :         if (passlen && pass) {
    2079          95 :                 bytes = (uint8_t *)talloc_memdup(state, pass, passlen);
    2080             :         } else {
    2081           0 :                 bytes = talloc_array(state, uint8_t, 0);
    2082             :         }
    2083             : 
    2084             :         /*
    2085             :          * Add the sharename
    2086             :          */
    2087          95 :         tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s",
    2088             :                                          smbXcli_conn_remote_name(cli->conn), share);
    2089          95 :         if (tmp == NULL) {
    2090           0 :                 TALLOC_FREE(req);
    2091           0 :                 return NULL;
    2092             :         }
    2093          95 :         bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), tmp, strlen(tmp)+1,
    2094             :                                    NULL);
    2095          95 :         TALLOC_FREE(tmp);
    2096             : 
    2097             :         /*
    2098             :          * Add the devicetype
    2099             :          */
    2100          95 :         tmp = talloc_strdup_upper(talloc_tos(), dev);
    2101          95 :         if (tmp == NULL) {
    2102           0 :                 TALLOC_FREE(req);
    2103           0 :                 return NULL;
    2104             :         }
    2105          95 :         bytes = smb_bytes_push_str(bytes, false, tmp, strlen(tmp)+1, NULL);
    2106          95 :         TALLOC_FREE(tmp);
    2107             : 
    2108          95 :         if (bytes == NULL) {
    2109           0 :                 TALLOC_FREE(req);
    2110           0 :                 return NULL;
    2111             :         }
    2112             : 
    2113          95 :         state->bytes.iov_base = (void *)bytes;
    2114          95 :         state->bytes.iov_len = talloc_get_size(bytes);
    2115             : 
    2116          95 :         subreq = cli_smb_req_create(state, ev, cli, SMBtconX, 0, 0, 4, vwv,
    2117          95 :                                     1, &state->bytes);
    2118          95 :         if (subreq == NULL) {
    2119           0 :                 TALLOC_FREE(req);
    2120           0 :                 return NULL;
    2121             :         }
    2122          95 :         tevent_req_set_callback(subreq, cli_tcon_andx_done, req);
    2123          95 :         *psmbreq = subreq;
    2124          95 :         return req;
    2125             : 
    2126           0 :  access_denied:
    2127           0 :         tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
    2128           0 :         return tevent_req_post(req, ev);
    2129             : }
    2130             : 
    2131          94 : struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
    2132             :                                       struct tevent_context *ev,
    2133             :                                       struct cli_state *cli,
    2134             :                                       const char *share, const char *dev,
    2135             :                                       const char *pass, int passlen)
    2136             : {
    2137             :         struct tevent_req *req, *subreq;
    2138             :         NTSTATUS status;
    2139             : 
    2140          94 :         req = cli_tcon_andx_create(mem_ctx, ev, cli, share, dev, pass, passlen,
    2141             :                                    &subreq);
    2142          94 :         if (req == NULL) {
    2143           0 :                 return NULL;
    2144             :         }
    2145          94 :         if (subreq == NULL) {
    2146           0 :                 return req;
    2147             :         }
    2148          94 :         status = smb1cli_req_chain_submit(&subreq, 1);
    2149          94 :         if (!NT_STATUS_IS_OK(status)) {
    2150           0 :                 tevent_req_nterror(req, status);
    2151           0 :                 return tevent_req_post(req, ev);
    2152             :         }
    2153          94 :         return req;
    2154             : }
    2155             : 
    2156          95 : static void cli_tcon_andx_done(struct tevent_req *subreq)
    2157             : {
    2158          95 :         struct tevent_req *req = tevent_req_callback_data(
    2159             :                 subreq, struct tevent_req);
    2160          95 :         struct cli_tcon_andx_state *state = tevent_req_data(
    2161             :                 req, struct cli_tcon_andx_state);
    2162          95 :         struct cli_state *cli = state->cli;
    2163             :         uint8_t *in;
    2164             :         uint8_t *inhdr;
    2165             :         uint8_t wct;
    2166             :         uint16_t *vwv;
    2167             :         uint32_t num_bytes;
    2168             :         uint8_t *bytes;
    2169             :         NTSTATUS status;
    2170          95 :         uint16_t optional_support = 0;
    2171             : 
    2172          95 :         status = cli_smb_recv(subreq, state, &in, 0, &wct, &vwv,
    2173             :                               &num_bytes, &bytes);
    2174          95 :         TALLOC_FREE(subreq);
    2175          95 :         if (!NT_STATUS_IS_OK(status)) {
    2176           6 :                 tevent_req_nterror(req, status);
    2177           6 :                 return;
    2178             :         }
    2179             : 
    2180          89 :         inhdr = in + NBT_HDR_SIZE;
    2181             : 
    2182          89 :         if (num_bytes) {
    2183         169 :                 if (pull_string_talloc(cli,
    2184             :                                        (const char *)inhdr,
    2185          89 :                                        SVAL(inhdr, HDR_FLG2),
    2186             :                                        &cli->dev,
    2187             :                                        bytes,
    2188             :                                        num_bytes,
    2189             :                                        STR_TERMINATE|STR_ASCII) == -1) {
    2190           0 :                         tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
    2191           0 :                         return;
    2192             :                 }
    2193             :         } else {
    2194           0 :                 cli->dev = talloc_strdup(cli, "");
    2195           0 :                 if (cli->dev == NULL) {
    2196           0 :                         tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
    2197           0 :                         return;
    2198             :                 }
    2199             :         }
    2200             : 
    2201          89 :         if ((smbXcli_conn_protocol(cli->conn) >= PROTOCOL_NT1) && (num_bytes == 3)) {
    2202             :                 /* almost certainly win95 - enable bug fixes */
    2203           0 :                 cli->win95 = True;
    2204             :         }
    2205             : 
    2206             :         /*
    2207             :          * Make sure that we have the optional support 16-bit field. WCT > 2.
    2208             :          * Avoids issues when connecting to Win9x boxes sharing files
    2209             :          */
    2210             : 
    2211          89 :         if ((wct > 2) && (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_LANMAN2)) {
    2212          89 :                 optional_support = SVAL(vwv+2, 0);
    2213             :         }
    2214             : 
    2215          89 :         if (optional_support & SMB_EXTENDED_SIGNATURES) {
    2216          10 :                 smb1cli_session_protect_session_key(cli->smb1.session);
    2217             :         }
    2218             : 
    2219         169 :         smb1cli_tcon_set_values(state->cli->smb1.tcon,
    2220          89 :                                 SVAL(inhdr, HDR_TID),
    2221             :                                 optional_support,
    2222             :                                 0, /* maximal_access */
    2223             :                                 0, /* guest_maximal_access */
    2224             :                                 NULL, /* service */
    2225             :                                 NULL); /* fs_type */
    2226             : 
    2227          89 :         tevent_req_done(req);
    2228             : }
    2229             : 
    2230          95 : NTSTATUS cli_tcon_andx_recv(struct tevent_req *req)
    2231             : {
    2232          95 :         return tevent_req_simple_recv_ntstatus(req);
    2233             : }
    2234             : 
    2235           0 : NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
    2236             :                        const char *dev, const char *pass, int passlen)
    2237             : {
    2238           0 :         TALLOC_CTX *frame = talloc_stackframe();
    2239             :         struct tevent_context *ev;
    2240             :         struct tevent_req *req;
    2241           0 :         NTSTATUS status = NT_STATUS_NO_MEMORY;
    2242             : 
    2243           0 :         if (smbXcli_conn_has_async_calls(cli->conn)) {
    2244             :                 /*
    2245             :                  * Can't use sync call while an async call is in flight
    2246             :                  */
    2247           0 :                 status = NT_STATUS_INVALID_PARAMETER;
    2248           0 :                 goto fail;
    2249             :         }
    2250             : 
    2251           0 :         ev = samba_tevent_context_init(frame);
    2252           0 :         if (ev == NULL) {
    2253           0 :                 goto fail;
    2254             :         }
    2255             : 
    2256           0 :         req = cli_tcon_andx_send(frame, ev, cli, share, dev, pass, passlen);
    2257           0 :         if (req == NULL) {
    2258           0 :                 goto fail;
    2259             :         }
    2260             : 
    2261           0 :         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
    2262           0 :                 goto fail;
    2263             :         }
    2264             : 
    2265           0 :         status = cli_tcon_andx_recv(req);
    2266           0 :  fail:
    2267           0 :         TALLOC_FREE(frame);
    2268           0 :         return status;
    2269             : }
    2270             : 
    2271             : struct cli_tree_connect_state {
    2272             :         struct cli_state *cli;
    2273             : };
    2274             : 
    2275             : static struct tevent_req *cli_raw_tcon_send(
    2276             :         TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
    2277             :         const char *service, const char *pass, const char *dev);
    2278             : static NTSTATUS cli_raw_tcon_recv(struct tevent_req *req,
    2279             :                                   uint16_t *max_xmit, uint16_t *tid);
    2280             : 
    2281             : static void cli_tree_connect_smb2_done(struct tevent_req *subreq);
    2282             : static void cli_tree_connect_andx_done(struct tevent_req *subreq);
    2283             : static void cli_tree_connect_raw_done(struct tevent_req *subreq);
    2284             : 
    2285        2991 : static struct tevent_req *cli_tree_connect_send(
    2286             :         TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
    2287             :         const char *share, const char *dev, const char *pass)
    2288             : {
    2289             :         struct tevent_req *req, *subreq;
    2290             :         struct cli_tree_connect_state *state;
    2291             :         int passlen;
    2292             : 
    2293        2991 :         if (pass == NULL) {
    2294        1183 :                 pass = "";
    2295             :         }
    2296        2991 :         passlen = strlen(pass) + 1;
    2297             : 
    2298        2991 :         req = tevent_req_create(mem_ctx, &state,
    2299             :                                 struct cli_tree_connect_state);
    2300        2991 :         if (req == NULL) {
    2301           0 :                 return NULL;
    2302             :         }
    2303        2991 :         state->cli = cli;
    2304             : 
    2305        2991 :         cli->share = talloc_strdup(cli, share);
    2306        2991 :         if (tevent_req_nomem(cli->share, req)) {
    2307           0 :                 return tevent_req_post(req, ev);
    2308             :         }
    2309             : 
    2310        2991 :         if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
    2311             :                 char *unc;
    2312             : 
    2313        2897 :                 TALLOC_FREE(cli->smb2.tcon);
    2314        2897 :                 cli->smb2.tcon = smbXcli_tcon_create(cli);
    2315        2897 :                 if (tevent_req_nomem(cli->smb2.tcon, req)) {
    2316           0 :                         return tevent_req_post(req, ev);
    2317             :                 }
    2318             : 
    2319        2897 :                 unc = talloc_asprintf(state, "\\\\%s\\%s",
    2320             :                                       smbXcli_conn_remote_name(cli->conn),
    2321             :                                       share);
    2322        2897 :                 if (tevent_req_nomem(unc, req)) {
    2323           0 :                         return tevent_req_post(req, ev);
    2324             :                 }
    2325             : 
    2326        2897 :                 subreq = smb2cli_tcon_send(state, ev, cli->conn, cli->timeout,
    2327             :                                            cli->smb2.session, cli->smb2.tcon,
    2328             :                                            0, /* flags */
    2329             :                                            unc);
    2330        2897 :                 if (tevent_req_nomem(subreq, req)) {
    2331           0 :                         return tevent_req_post(req, ev);
    2332             :                 }
    2333        2897 :                 tevent_req_set_callback(subreq, cli_tree_connect_smb2_done,
    2334             :                                         req);
    2335        2897 :                 return req;
    2336             :         }
    2337             : 
    2338          94 :         if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_LANMAN1) {
    2339          94 :                 subreq = cli_tcon_andx_send(state, ev, cli, share, dev,
    2340             :                                             pass, passlen);
    2341          94 :                 if (tevent_req_nomem(subreq, req)) {
    2342           0 :                         return tevent_req_post(req, ev);
    2343             :                 }
    2344          94 :                 tevent_req_set_callback(subreq, cli_tree_connect_andx_done,
    2345             :                                         req);
    2346          94 :                 return req;
    2347             :         }
    2348             : 
    2349           0 :         subreq = cli_raw_tcon_send(state, ev, cli, share, pass, dev);
    2350           0 :         if (tevent_req_nomem(subreq, req)) {
    2351           0 :                 return tevent_req_post(req, ev);
    2352             :         }
    2353           0 :         tevent_req_set_callback(subreq, cli_tree_connect_raw_done, req);
    2354             : 
    2355           0 :         return req;
    2356             : }
    2357             : 
    2358        2897 : static void cli_tree_connect_smb2_done(struct tevent_req *subreq)
    2359             : {
    2360        2897 :         tevent_req_simple_finish_ntstatus(
    2361             :                 subreq, smb2cli_tcon_recv(subreq));
    2362        2897 : }
    2363             : 
    2364          94 : static void cli_tree_connect_andx_done(struct tevent_req *subreq)
    2365             : {
    2366          94 :         tevent_req_simple_finish_ntstatus(
    2367             :                 subreq, cli_tcon_andx_recv(subreq));
    2368          94 : }
    2369             : 
    2370           0 : static void cli_tree_connect_raw_done(struct tevent_req *subreq)
    2371             : {
    2372           0 :         struct tevent_req *req = tevent_req_callback_data(
    2373             :                 subreq, struct tevent_req);
    2374           0 :         struct cli_tree_connect_state *state = tevent_req_data(
    2375             :                 req, struct cli_tree_connect_state);
    2376             :         NTSTATUS status;
    2377           0 :         uint16_t max_xmit = 0;
    2378           0 :         uint16_t tid = 0;
    2379             : 
    2380           0 :         status = cli_raw_tcon_recv(subreq, &max_xmit, &tid);
    2381           0 :         if (tevent_req_nterror(req, status)) {
    2382           0 :                 return;
    2383             :         }
    2384             : 
    2385           0 :         smb1cli_tcon_set_values(state->cli->smb1.tcon,
    2386             :                                 tid,
    2387             :                                 0, /* optional_support */
    2388             :                                 0, /* maximal_access */
    2389             :                                 0, /* guest_maximal_access */
    2390             :                                 NULL, /* service */
    2391             :                                 NULL); /* fs_type */
    2392             : 
    2393           0 :         tevent_req_done(req);
    2394             : }
    2395             : 
    2396        2991 : static NTSTATUS cli_tree_connect_recv(struct tevent_req *req)
    2397             : {
    2398        2991 :         return tevent_req_simple_recv_ntstatus(req);
    2399             : }
    2400             : 
    2401        1871 : NTSTATUS cli_tree_connect(struct cli_state *cli, const char *share,
    2402             :                           const char *dev, const char *pass)
    2403             : {
    2404             :         struct tevent_context *ev;
    2405             :         struct tevent_req *req;
    2406        1871 :         NTSTATUS status = NT_STATUS_NO_MEMORY;
    2407             : 
    2408        1871 :         if (smbXcli_conn_has_async_calls(cli->conn)) {
    2409           0 :                 return NT_STATUS_INVALID_PARAMETER;
    2410             :         }
    2411        1871 :         ev = samba_tevent_context_init(talloc_tos());
    2412        1871 :         if (ev == NULL) {
    2413           0 :                 goto fail;
    2414             :         }
    2415        1871 :         req = cli_tree_connect_send(ev, ev, cli, share, dev, pass);
    2416        1871 :         if (req == NULL) {
    2417           0 :                 goto fail;
    2418             :         }
    2419        1871 :         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
    2420           0 :                 goto fail;
    2421             :         }
    2422        1871 :         status = cli_tree_connect_recv(req);
    2423        1871 : fail:
    2424        1871 :         TALLOC_FREE(ev);
    2425        1871 :         return status;
    2426             : }
    2427             : 
    2428        1029 : NTSTATUS cli_tree_connect_creds(struct cli_state *cli,
    2429             :                                 const char *share, const char *dev,
    2430             :                                 struct cli_credentials *creds)
    2431             : {
    2432        1029 :         const char *pw = NULL;
    2433             : 
    2434        1029 :         if (creds != NULL) {
    2435        1029 :                 pw = cli_credentials_get_password(creds);
    2436             :         }
    2437             : 
    2438        1029 :         return cli_tree_connect(cli, share, dev, pw);
    2439             : }
    2440             : 
    2441             : /****************************************************************************
    2442             :  Send a tree disconnect.
    2443             : ****************************************************************************/
    2444             : 
    2445             : struct cli_tdis_state {
    2446             :         struct cli_state *cli;
    2447             : };
    2448             : 
    2449             : static void cli_tdis_done(struct tevent_req *subreq);
    2450             : 
    2451          78 : static struct tevent_req *cli_tdis_send(TALLOC_CTX *mem_ctx,
    2452             :                                  struct tevent_context *ev,
    2453             :                                  struct cli_state *cli)
    2454             : {
    2455             :         struct tevent_req *req, *subreq;
    2456             :         struct cli_tdis_state *state;
    2457             : 
    2458          78 :         req = tevent_req_create(mem_ctx, &state, struct cli_tdis_state);
    2459          78 :         if (req == NULL) {
    2460           0 :                 return NULL;
    2461             :         }
    2462          78 :         state->cli = cli;
    2463             : 
    2464          78 :         subreq = cli_smb_send(state, ev, cli, SMBtdis, 0, 0, 0, NULL, 0, NULL);
    2465          78 :         if (tevent_req_nomem(subreq, req)) {
    2466           0 :                 return tevent_req_post(req, ev);
    2467             :         }
    2468          78 :         tevent_req_set_callback(subreq, cli_tdis_done, req);
    2469          78 :         return req;
    2470             : }
    2471             : 
    2472          78 : static void cli_tdis_done(struct tevent_req *subreq)
    2473             : {
    2474          78 :         struct tevent_req *req = tevent_req_callback_data(
    2475             :                 subreq, struct tevent_req);
    2476          78 :         struct cli_tdis_state *state = tevent_req_data(
    2477             :                 req, struct cli_tdis_state);
    2478             :         NTSTATUS status;
    2479             : 
    2480          78 :         status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
    2481          78 :         TALLOC_FREE(subreq);
    2482          78 :         if (!NT_STATUS_IS_OK(status)) {
    2483           2 :                 tevent_req_nterror(req, status);
    2484           2 :                 return;
    2485             :         }
    2486          76 :         TALLOC_FREE(state->cli->smb1.tcon);
    2487          76 :         tevent_req_done(req);
    2488             : }
    2489             : 
    2490          78 : static NTSTATUS cli_tdis_recv(struct tevent_req *req)
    2491             : {
    2492          78 :         return tevent_req_simple_recv_ntstatus(req);
    2493             : }
    2494             : 
    2495        2865 : NTSTATUS cli_tdis(struct cli_state *cli)
    2496             : {
    2497             :         struct tevent_context *ev;
    2498             :         struct tevent_req *req;
    2499        2865 :         NTSTATUS status = NT_STATUS_NO_MEMORY;
    2500             : 
    2501        2865 :         if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
    2502        4577 :                 status = smb2cli_tdis(cli->conn,
    2503        2787 :                                     cli->timeout,
    2504             :                                     cli->smb2.session,
    2505             :                                     cli->smb2.tcon);
    2506        2787 :                 if (NT_STATUS_IS_OK(status)) {
    2507        2765 :                         TALLOC_FREE(cli->smb2.tcon);
    2508             :                 }
    2509        2787 :                 return status;
    2510             :         }
    2511             : 
    2512          78 :         if (smbXcli_conn_has_async_calls(cli->conn)) {
    2513           0 :                 return NT_STATUS_INVALID_PARAMETER;
    2514             :         }
    2515          78 :         ev = samba_tevent_context_init(talloc_tos());
    2516          78 :         if (ev == NULL) {
    2517           0 :                 goto fail;
    2518             :         }
    2519          78 :         req = cli_tdis_send(ev, ev, cli);
    2520          78 :         if (req == NULL) {
    2521           0 :                 goto fail;
    2522             :         }
    2523          78 :         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
    2524           0 :                 goto fail;
    2525             :         }
    2526          78 :         status = cli_tdis_recv(req);
    2527          78 : fail:
    2528          78 :         TALLOC_FREE(ev);
    2529          78 :         return status;
    2530             : }
    2531             : 
    2532             : struct cli_connect_sock_state {
    2533             :         const char **called_names;
    2534             :         const char **calling_names;
    2535             :         int *called_types;
    2536             :         int fd;
    2537             :         uint16_t port;
    2538             : };
    2539             : 
    2540             : static void cli_connect_sock_done(struct tevent_req *subreq);
    2541             : 
    2542             : /*
    2543             :  * Async only if we don't have to look up the name, i.e. "pss" is set with a
    2544             :  * nonzero address.
    2545             :  */
    2546             : 
    2547        2481 : static struct tevent_req *cli_connect_sock_send(
    2548             :         TALLOC_CTX *mem_ctx, struct tevent_context *ev,
    2549             :         const char *host, int name_type, const struct sockaddr_storage *pss,
    2550             :         const char *myname, uint16_t port)
    2551             : {
    2552             :         struct tevent_req *req, *subreq;
    2553             :         struct cli_connect_sock_state *state;
    2554        2481 :         struct sockaddr_storage *addrs = NULL;
    2555             :         unsigned i;
    2556        2481 :         unsigned num_addrs = 0;
    2557             :         NTSTATUS status;
    2558             : 
    2559        2481 :         req = tevent_req_create(mem_ctx, &state,
    2560             :                                 struct cli_connect_sock_state);
    2561        2481 :         if (req == NULL) {
    2562           0 :                 return NULL;
    2563             :         }
    2564             : 
    2565        2481 :         if ((pss == NULL) || is_zero_addr(pss)) {
    2566             : 
    2567             :                 /*
    2568             :                  * Here we cheat. resolve_name_list is not async at all. So
    2569             :                  * this call will only be really async if the name lookup has
    2570             :                  * been done externally.
    2571             :                  */
    2572             : 
    2573        1704 :                 status = resolve_name_list(state, host, name_type,
    2574             :                                            &addrs, &num_addrs);
    2575        2956 :                 if (!NT_STATUS_IS_OK(status)) {
    2576           0 :                         tevent_req_nterror(req, status);
    2577           0 :                         return tevent_req_post(req, ev);
    2578             :                 }
    2579             :         } else {
    2580         777 :                 addrs = talloc_array(state, struct sockaddr_storage, 1);
    2581         777 :                 if (tevent_req_nomem(addrs, req)) {
    2582           0 :                         return tevent_req_post(req, ev);
    2583             :                 }
    2584         777 :                 addrs[0] = *pss;
    2585         777 :                 num_addrs = 1;
    2586             :         }
    2587             : 
    2588        2481 :         state->called_names = talloc_array(state, const char *, num_addrs);
    2589        2481 :         if (tevent_req_nomem(state->called_names, req)) {
    2590           0 :                 return tevent_req_post(req, ev);
    2591             :         }
    2592        2481 :         state->called_types = talloc_array(state, int, num_addrs);
    2593        2481 :         if (tevent_req_nomem(state->called_types, req)) {
    2594           0 :                 return tevent_req_post(req, ev);
    2595             :         }
    2596        2481 :         state->calling_names = talloc_array(state, const char *, num_addrs);
    2597        2481 :         if (tevent_req_nomem(state->calling_names, req)) {
    2598           0 :                 return tevent_req_post(req, ev);
    2599             :         }
    2600        6228 :         for (i=0; i<num_addrs; i++) {
    2601        3747 :                 state->called_names[i] = host;
    2602        3747 :                 state->called_types[i] = name_type;
    2603        3747 :                 state->calling_names[i] = myname;
    2604             :         }
    2605             : 
    2606        7446 :         subreq = smbsock_any_connect_send(
    2607        4136 :                 state, ev, addrs, state->called_names, state->called_types,
    2608        2481 :                 state->calling_names, NULL, num_addrs, port);
    2609        2481 :         if (tevent_req_nomem(subreq, req)) {
    2610           0 :                 return tevent_req_post(req, ev);
    2611             :         }
    2612        2481 :         tevent_req_set_callback(subreq, cli_connect_sock_done, req);
    2613        2481 :         return req;
    2614             : }
    2615             : 
    2616        2481 : static void cli_connect_sock_done(struct tevent_req *subreq)
    2617             : {
    2618        2481 :         struct tevent_req *req = tevent_req_callback_data(
    2619             :                 subreq, struct tevent_req);
    2620        2481 :         struct cli_connect_sock_state *state = tevent_req_data(
    2621             :                 req, struct cli_connect_sock_state);
    2622             :         NTSTATUS status;
    2623             : 
    2624        2481 :         status = smbsock_any_connect_recv(subreq, &state->fd, NULL,
    2625             :                                           &state->port);
    2626        2481 :         TALLOC_FREE(subreq);
    2627        2481 :         if (tevent_req_nterror(req, status)) {
    2628           0 :                 return;
    2629             :         }
    2630        2481 :         set_socket_options(state->fd, lp_socket_options());
    2631        2481 :         tevent_req_done(req);
    2632             : }
    2633             : 
    2634        2481 : static NTSTATUS cli_connect_sock_recv(struct tevent_req *req,
    2635             :                                       int *pfd, uint16_t *pport)
    2636             : {
    2637        2481 :         struct cli_connect_sock_state *state = tevent_req_data(
    2638             :                 req, struct cli_connect_sock_state);
    2639             :         NTSTATUS status;
    2640             : 
    2641        2481 :         if (tevent_req_is_nterror(req, &status)) {
    2642           0 :                 return status;
    2643             :         }
    2644        2481 :         *pfd = state->fd;
    2645        2481 :         *pport = state->port;
    2646        2481 :         return NT_STATUS_OK;
    2647             : }
    2648             : 
    2649             : struct cli_connect_nb_state {
    2650             :         const char *desthost;
    2651             :         enum smb_signing_setting signing_state;
    2652             :         int flags;
    2653             :         struct cli_state *cli;
    2654             : };
    2655             : 
    2656             : static void cli_connect_nb_done(struct tevent_req *subreq);
    2657             : 
    2658        2481 : static struct tevent_req *cli_connect_nb_send(
    2659             :         TALLOC_CTX *mem_ctx, struct tevent_context *ev,
    2660             :         const char *host, const struct sockaddr_storage *dest_ss,
    2661             :         uint16_t port, int name_type, const char *myname,
    2662             :         enum smb_signing_setting signing_state, int flags)
    2663             : {
    2664             :         struct tevent_req *req, *subreq;
    2665             :         struct cli_connect_nb_state *state;
    2666             : 
    2667        2481 :         req = tevent_req_create(mem_ctx, &state, struct cli_connect_nb_state);
    2668        2481 :         if (req == NULL) {
    2669           0 :                 return NULL;
    2670             :         }
    2671        2481 :         state->signing_state = signing_state;
    2672        2481 :         state->flags = flags;
    2673             : 
    2674        2481 :         if (host != NULL) {
    2675        2481 :                 char *p = strchr(host, '#');
    2676             : 
    2677        2481 :                 if (p != NULL) {
    2678           0 :                         name_type = strtol(p+1, NULL, 16);
    2679           0 :                         host = talloc_strndup(state, host, p - host);
    2680           0 :                         if (tevent_req_nomem(host, req)) {
    2681           0 :                                 return tevent_req_post(req, ev);
    2682             :                         }
    2683             :                 }
    2684             : 
    2685        2481 :                 state->desthost = host;
    2686           0 :         } else if (dest_ss != NULL) {
    2687           0 :                 state->desthost = print_canonical_sockaddr(state, dest_ss);
    2688           0 :                 if (tevent_req_nomem(state->desthost, req)) {
    2689           0 :                         return tevent_req_post(req, ev);
    2690             :                 }
    2691             :         } else {
    2692             :                 /* No host or dest_ss given. Error out. */
    2693           0 :                 tevent_req_error(req, EINVAL);
    2694           0 :                 return tevent_req_post(req, ev);
    2695             :         }
    2696             : 
    2697        2481 :         subreq = cli_connect_sock_send(state, ev, host, name_type, dest_ss,
    2698             :                                        myname, port);
    2699        2481 :         if (tevent_req_nomem(subreq, req)) {
    2700           0 :                 return tevent_req_post(req, ev);
    2701             :         }
    2702        2481 :         tevent_req_set_callback(subreq, cli_connect_nb_done, req);
    2703        2481 :         return req;
    2704             : }
    2705             : 
    2706        2481 : static void cli_connect_nb_done(struct tevent_req *subreq)
    2707             : {
    2708        2481 :         struct tevent_req *req = tevent_req_callback_data(
    2709             :                 subreq, struct tevent_req);
    2710        2481 :         struct cli_connect_nb_state *state = tevent_req_data(
    2711             :                 req, struct cli_connect_nb_state);
    2712             :         NTSTATUS status;
    2713        2481 :         int fd = 0;
    2714             :         uint16_t port;
    2715             : 
    2716        2481 :         status = cli_connect_sock_recv(subreq, &fd, &port);
    2717        2481 :         TALLOC_FREE(subreq);
    2718        2481 :         if (tevent_req_nterror(req, status)) {
    2719           0 :                 return;
    2720             :         }
    2721             : 
    2722        2481 :         state->cli = cli_state_create(state, fd, state->desthost,
    2723             :                                       state->signing_state, state->flags);
    2724        2481 :         if (tevent_req_nomem(state->cli, req)) {
    2725           0 :                 close(fd);
    2726           0 :                 return;
    2727             :         }
    2728        2481 :         tevent_req_done(req);
    2729             : }
    2730             : 
    2731        2481 : static NTSTATUS cli_connect_nb_recv(struct tevent_req *req,
    2732             :                                     struct cli_state **pcli)
    2733             : {
    2734        2481 :         struct cli_connect_nb_state *state = tevent_req_data(
    2735             :                 req, struct cli_connect_nb_state);
    2736             :         NTSTATUS status;
    2737             : 
    2738        2481 :         if (tevent_req_is_nterror(req, &status)) {
    2739           0 :                 return status;
    2740             :         }
    2741        2481 :         *pcli = talloc_move(NULL, &state->cli);
    2742        2481 :         return NT_STATUS_OK;
    2743             : }
    2744             : 
    2745        1329 : NTSTATUS cli_connect_nb(const char *host, const struct sockaddr_storage *dest_ss,
    2746             :                         uint16_t port, int name_type, const char *myname,
    2747             :                         enum smb_signing_setting signing_state, int flags, struct cli_state **pcli)
    2748             : {
    2749             :         struct tevent_context *ev;
    2750             :         struct tevent_req *req;
    2751        1329 :         NTSTATUS status = NT_STATUS_NO_MEMORY;
    2752             : 
    2753        1329 :         ev = samba_tevent_context_init(talloc_tos());
    2754        1329 :         if (ev == NULL) {
    2755           0 :                 goto fail;
    2756             :         }
    2757        1329 :         req = cli_connect_nb_send(ev, ev, host, dest_ss, port, name_type,
    2758             :                                   myname, signing_state, flags);
    2759        1329 :         if (req == NULL) {
    2760           0 :                 goto fail;
    2761             :         }
    2762        1329 :         if (!tevent_req_set_endtime(req, ev, timeval_current_ofs(20, 0))) {
    2763           0 :                 goto fail;
    2764             :         }
    2765        1329 :         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
    2766           0 :                 goto fail;
    2767             :         }
    2768        1329 :         status = cli_connect_nb_recv(req, pcli);
    2769        1329 : fail:
    2770        1329 :         TALLOC_FREE(ev);
    2771        1329 :         return status;
    2772             : }
    2773             : 
    2774             : struct cli_start_connection_state {
    2775             :         struct tevent_context *ev;
    2776             :         struct cli_state *cli;
    2777             :         int min_protocol;
    2778             :         int max_protocol;
    2779             : };
    2780             : 
    2781             : static void cli_start_connection_connected(struct tevent_req *subreq);
    2782             : static void cli_start_connection_done(struct tevent_req *subreq);
    2783             : 
    2784             : /**
    2785             :    establishes a connection to after the negprot. 
    2786             :    @param output_cli A fully initialised cli structure, non-null only on success
    2787             :    @param dest_host The netbios name of the remote host
    2788             :    @param dest_ss (optional) The the destination IP, NULL for name based lookup
    2789             :    @param port (optional) The destination port (0 for default)
    2790             : */
    2791             : 
    2792        1152 : static struct tevent_req *cli_start_connection_send(
    2793             :         TALLOC_CTX *mem_ctx, struct tevent_context *ev,
    2794             :         const char *my_name, const char *dest_host,
    2795             :         const struct sockaddr_storage *dest_ss, int port,
    2796             :         enum smb_signing_setting signing_state, int flags)
    2797             : {
    2798             :         struct tevent_req *req, *subreq;
    2799             :         struct cli_start_connection_state *state;
    2800             : 
    2801        1152 :         req = tevent_req_create(mem_ctx, &state,
    2802             :                                 struct cli_start_connection_state);
    2803        1152 :         if (req == NULL) {
    2804           0 :                 return NULL;
    2805             :         }
    2806        1152 :         state->ev = ev;
    2807             : 
    2808        1152 :         if (flags & CLI_FULL_CONNECTION_IPC) {
    2809         442 :                 state->min_protocol = lp_client_ipc_min_protocol();
    2810         442 :                 state->max_protocol = lp_client_ipc_max_protocol();
    2811             :         } else {
    2812         710 :                 state->min_protocol = lp_client_min_protocol();
    2813         710 :                 state->max_protocol = lp_client_max_protocol();
    2814             :         }
    2815             : 
    2816        1152 :         if (flags & CLI_FULL_CONNECTION_FORCE_SMB1) {
    2817          63 :                 state->max_protocol = MIN(state->max_protocol,
    2818             :                                           PROTOCOL_NT1);
    2819          63 :                 state->min_protocol = MIN(state->min_protocol,
    2820             :                                           state->max_protocol);
    2821             :         }
    2822             : 
    2823        1152 :         if (flags & CLI_FULL_CONNECTION_DISABLE_SMB1) {
    2824           0 :                 state->min_protocol = MAX(state->min_protocol,
    2825             :                                           PROTOCOL_SMB2_02);
    2826           0 :                 state->max_protocol = MAX(state->max_protocol,
    2827             :                                           state->min_protocol);
    2828             :         }
    2829             : 
    2830        1152 :         subreq = cli_connect_nb_send(state, ev, dest_host, dest_ss, port,
    2831             :                                      0x20, my_name, signing_state, flags);
    2832        1152 :         if (tevent_req_nomem(subreq, req)) {
    2833           0 :                 return tevent_req_post(req, ev);
    2834             :         }
    2835        1152 :         tevent_req_set_callback(subreq, cli_start_connection_connected, req);
    2836        1152 :         return req;
    2837             : }
    2838             : 
    2839        1152 : static void cli_start_connection_connected(struct tevent_req *subreq)
    2840             : {
    2841        1152 :         struct tevent_req *req = tevent_req_callback_data(
    2842             :                 subreq, struct tevent_req);
    2843        1152 :         struct cli_start_connection_state *state = tevent_req_data(
    2844             :                 req, struct cli_start_connection_state);
    2845             :         NTSTATUS status;
    2846             : 
    2847        1152 :         status = cli_connect_nb_recv(subreq, &state->cli);
    2848        1152 :         TALLOC_FREE(subreq);
    2849        1152 :         if (tevent_req_nterror(req, status)) {
    2850           0 :                 return;
    2851             :         }
    2852             : 
    2853        2091 :         subreq = smbXcli_negprot_send(
    2854             :                 state,
    2855             :                 state->ev,
    2856        1152 :                 state->cli->conn,
    2857        1152 :                 state->cli->timeout,
    2858        1152 :                 state->min_protocol,
    2859        1152 :                 state->max_protocol,
    2860             :                 WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK,
    2861             :                 NULL);
    2862        1152 :         if (tevent_req_nomem(subreq, req)) {
    2863           0 :                 return;
    2864             :         }
    2865        1152 :         tevent_req_set_callback(subreq, cli_start_connection_done, req);
    2866             : }
    2867             : 
    2868        1152 : static void cli_start_connection_done(struct tevent_req *subreq)
    2869             : {
    2870        1152 :         struct tevent_req *req = tevent_req_callback_data(
    2871             :                 subreq, struct tevent_req);
    2872        1152 :         struct cli_start_connection_state *state = tevent_req_data(
    2873             :                 req, struct cli_start_connection_state);
    2874             :         NTSTATUS status;
    2875             : 
    2876        1152 :         status = smbXcli_negprot_recv(subreq, NULL, NULL);
    2877        1152 :         TALLOC_FREE(subreq);
    2878        1152 :         if (tevent_req_nterror(req, status)) {
    2879           2 :                 return;
    2880             :         }
    2881             : 
    2882        1150 :         if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
    2883             :                 /* Ensure we ask for some initial credits. */
    2884        1071 :                 smb2cli_conn_set_max_credits(state->cli->conn,
    2885             :                                              DEFAULT_SMB2_MAX_CREDITS);
    2886             :         }
    2887             : 
    2888        1150 :         tevent_req_done(req);
    2889             : }
    2890             : 
    2891        1152 : static NTSTATUS cli_start_connection_recv(struct tevent_req *req,
    2892             :                                           struct cli_state **output_cli)
    2893             : {
    2894        1152 :         struct cli_start_connection_state *state = tevent_req_data(
    2895             :                 req, struct cli_start_connection_state);
    2896             :         NTSTATUS status;
    2897             : 
    2898        1152 :         if (tevent_req_is_nterror(req, &status)) {
    2899           2 :                 return status;
    2900             :         }
    2901        1150 :         *output_cli = state->cli;
    2902             : 
    2903        1150 :         return NT_STATUS_OK;
    2904             : }
    2905             : 
    2906           1 : NTSTATUS cli_start_connection(struct cli_state **output_cli, 
    2907             :                               const char *my_name, 
    2908             :                               const char *dest_host, 
    2909             :                               const struct sockaddr_storage *dest_ss, int port,
    2910             :                               enum smb_signing_setting signing_state, int flags)
    2911             : {
    2912             :         struct tevent_context *ev;
    2913             :         struct tevent_req *req;
    2914           1 :         NTSTATUS status = NT_STATUS_NO_MEMORY;
    2915             : 
    2916           1 :         ev = samba_tevent_context_init(talloc_tos());
    2917           1 :         if (ev == NULL) {
    2918           0 :                 goto fail;
    2919             :         }
    2920           1 :         req = cli_start_connection_send(ev, ev, my_name, dest_host, dest_ss,
    2921             :                                         port, signing_state, flags);
    2922           1 :         if (req == NULL) {
    2923           0 :                 goto fail;
    2924             :         }
    2925           1 :         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
    2926           0 :                 goto fail;
    2927             :         }
    2928           1 :         status = cli_start_connection_recv(req, output_cli);
    2929           1 : fail:
    2930           1 :         TALLOC_FREE(ev);
    2931           1 :         return status;
    2932             : }
    2933             : 
    2934             : struct cli_smb1_setup_encryption_blob_state {
    2935             :         uint16_t setup[1];
    2936             :         uint8_t param[4];
    2937             :         NTSTATUS status;
    2938             :         DATA_BLOB out;
    2939             :         uint16_t enc_ctx_id;
    2940             : };
    2941             : 
    2942             : static void cli_smb1_setup_encryption_blob_done(struct tevent_req *subreq);
    2943             : 
    2944           0 : static struct tevent_req *cli_smb1_setup_encryption_blob_send(TALLOC_CTX *mem_ctx,
    2945             :                                                         struct tevent_context *ev,
    2946             :                                                         struct cli_state *cli,
    2947             :                                                         const DATA_BLOB in)
    2948             : {
    2949           0 :         struct tevent_req *req = NULL;
    2950           0 :         struct cli_smb1_setup_encryption_blob_state *state = NULL;
    2951           0 :         struct tevent_req *subreq = NULL;
    2952             : 
    2953           0 :         req = tevent_req_create(mem_ctx, &state,
    2954             :                                 struct cli_smb1_setup_encryption_blob_state);
    2955           0 :         if (req == NULL) {
    2956           0 :                 return NULL;
    2957             :         }
    2958             : 
    2959           0 :         if (in.length > CLI_BUFFER_SIZE) {
    2960           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
    2961           0 :                 return tevent_req_post(req, ev);
    2962             :         }
    2963             : 
    2964           0 :         SSVAL(state->setup+0,  0, TRANSACT2_SETFSINFO);
    2965           0 :         SSVAL(state->param, 0, 0);
    2966           0 :         SSVAL(state->param, 2, SMB_REQUEST_TRANSPORT_ENCRYPTION);
    2967             : 
    2968           0 :         subreq = smb1cli_trans_send(state, ev, cli->conn,
    2969             :                                     SMBtrans2,
    2970             :                                     0, 0, /* _flags */
    2971             :                                     0, 0, /* _flags2 */
    2972           0 :                                     cli->timeout,
    2973             :                                     cli->smb1.pid,
    2974             :                                     cli->smb1.tcon,
    2975             :                                     cli->smb1.session,
    2976             :                                     NULL, /* pipe_name */
    2977             :                                     0, /* fid */
    2978             :                                     0, /* function */
    2979             :                                     0, /* flags */
    2980           0 :                                     state->setup, 1, 0,
    2981           0 :                                     state->param, 4, 2,
    2982           0 :                                     in.data, in.length, CLI_BUFFER_SIZE);
    2983           0 :         if (tevent_req_nomem(subreq, req)) {
    2984           0 :                 return tevent_req_post(req, ev);
    2985             :         }
    2986           0 :         tevent_req_set_callback(subreq,
    2987             :                                 cli_smb1_setup_encryption_blob_done,
    2988             :                                 req);
    2989             : 
    2990           0 :         return req;
    2991             : }
    2992             : 
    2993           0 : static void cli_smb1_setup_encryption_blob_done(struct tevent_req *subreq)
    2994             : {
    2995           0 :         struct tevent_req *req =
    2996           0 :                 tevent_req_callback_data(subreq,
    2997             :                                 struct tevent_req);
    2998           0 :         struct cli_smb1_setup_encryption_blob_state *state =
    2999           0 :                 tevent_req_data(req,
    3000             :                 struct cli_smb1_setup_encryption_blob_state);
    3001           0 :         uint8_t *rparam=NULL, *rdata=NULL;
    3002             :         uint32_t num_rparam, num_rdata;
    3003             :         NTSTATUS status;
    3004             : 
    3005           0 :         status = smb1cli_trans_recv(subreq, state,
    3006             :                                     NULL, /* recv_flags */
    3007             :                                     NULL, 0, NULL, /* rsetup */
    3008             :                                     &rparam, 0, &num_rparam,
    3009             :                                     &rdata, 0, &num_rdata);
    3010           0 :         TALLOC_FREE(subreq);
    3011           0 :         state->status = status;
    3012           0 :         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
    3013           0 :                 status = NT_STATUS_OK;
    3014             :         }
    3015           0 :         if (tevent_req_nterror(req, status)) {
    3016           0 :                 return;
    3017             :         }
    3018             : 
    3019           0 :         if (num_rparam == 2) {
    3020           0 :                 state->enc_ctx_id = SVAL(rparam, 0);
    3021             :         }
    3022           0 :         TALLOC_FREE(rparam);
    3023             : 
    3024           0 :         state->out = data_blob_const(rdata, num_rdata);
    3025             : 
    3026           0 :         tevent_req_done(req);
    3027             : }
    3028             : 
    3029           0 : static NTSTATUS cli_smb1_setup_encryption_blob_recv(struct tevent_req *req,
    3030             :                                                     TALLOC_CTX *mem_ctx,
    3031             :                                                     DATA_BLOB *out,
    3032             :                                                     uint16_t *enc_ctx_id)
    3033             : {
    3034           0 :         struct cli_smb1_setup_encryption_blob_state *state =
    3035           0 :                 tevent_req_data(req,
    3036             :                 struct cli_smb1_setup_encryption_blob_state);
    3037             :         NTSTATUS status;
    3038             : 
    3039           0 :         if (tevent_req_is_nterror(req, &status)) {
    3040           0 :                 tevent_req_received(req);
    3041           0 :                 return status;
    3042             :         }
    3043             : 
    3044           0 :         status = state->status;
    3045             : 
    3046           0 :         *out = state->out;
    3047           0 :         talloc_steal(mem_ctx, out->data);
    3048             : 
    3049           0 :         *enc_ctx_id = state->enc_ctx_id;
    3050             : 
    3051           0 :         tevent_req_received(req);
    3052           0 :         return status;
    3053             : }
    3054             : 
    3055             : struct cli_smb1_setup_encryption_state {
    3056             :         struct tevent_context *ev;
    3057             :         struct cli_state *cli;
    3058             :         struct smb_trans_enc_state *es;
    3059             :         DATA_BLOB blob_in;
    3060             :         DATA_BLOB blob_out;
    3061             :         bool local_ready;
    3062             :         bool remote_ready;
    3063             : };
    3064             : 
    3065             : static void cli_smb1_setup_encryption_local_next(struct tevent_req *req);
    3066             : static void cli_smb1_setup_encryption_local_done(struct tevent_req *subreq);
    3067             : static void cli_smb1_setup_encryption_remote_next(struct tevent_req *req);
    3068             : static void cli_smb1_setup_encryption_remote_done(struct tevent_req *subreq);
    3069             : static void cli_smb1_setup_encryption_ready(struct tevent_req *req);
    3070             : 
    3071           0 : static struct tevent_req *cli_smb1_setup_encryption_send(TALLOC_CTX *mem_ctx,
    3072             :                                                 struct tevent_context *ev,
    3073             :                                                 struct cli_state *cli,
    3074             :                                                 struct cli_credentials *creds)
    3075             : {
    3076           0 :         struct tevent_req *req = NULL;
    3077           0 :         struct cli_smb1_setup_encryption_state *state = NULL;
    3078           0 :         struct auth_generic_state *ags = NULL;
    3079           0 :         const DATA_BLOB *b = NULL;
    3080           0 :         bool auth_requested = false;
    3081           0 :         const char *target_service = NULL;
    3082           0 :         const char *target_hostname = NULL;
    3083             :         NTSTATUS status;
    3084             : 
    3085           0 :         req = tevent_req_create(mem_ctx, &state,
    3086             :                                 struct cli_smb1_setup_encryption_state);
    3087           0 :         if (req == NULL) {
    3088           0 :                 return NULL;
    3089             :         }
    3090           0 :         state->ev = ev;
    3091           0 :         state->cli = cli;
    3092             : 
    3093           0 :         auth_requested = cli_credentials_authentication_requested(creds);
    3094           0 :         if (!auth_requested) {
    3095           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
    3096           0 :                 return tevent_req_post(req, ev);
    3097             :         }
    3098             : 
    3099           0 :         target_service = "cifs";
    3100           0 :         target_hostname = smbXcli_conn_remote_name(cli->conn);
    3101             : 
    3102           0 :         status = cli_session_creds_prepare_krb5(cli, creds);
    3103           0 :         if (tevent_req_nterror(req, status)) {
    3104           0 :                 return tevent_req_post(req, ev);
    3105             :         }
    3106             : 
    3107           0 :         state->es = talloc_zero(state, struct smb_trans_enc_state);
    3108           0 :         if (tevent_req_nomem(state->es, req)) {
    3109           0 :                 return tevent_req_post(req, ev);
    3110             :         }
    3111             : 
    3112           0 :         status = auth_generic_client_prepare(state->es, &ags);
    3113           0 :         if (tevent_req_nterror(req, status)) {
    3114           0 :                 return tevent_req_post(req, ev);
    3115             :         }
    3116             : 
    3117           0 :         gensec_want_feature(ags->gensec_security,
    3118             :                             GENSEC_FEATURE_SIGN);
    3119           0 :         gensec_want_feature(ags->gensec_security,
    3120             :                             GENSEC_FEATURE_SEAL);
    3121             : 
    3122           0 :         status = auth_generic_set_creds(ags, creds);
    3123           0 :         if (tevent_req_nterror(req, status)) {
    3124           0 :                 return tevent_req_post(req, ev);
    3125             :         }
    3126             : 
    3127           0 :         if (target_service != NULL) {
    3128           0 :                 status = gensec_set_target_service(ags->gensec_security,
    3129             :                                                    target_service);
    3130           0 :                 if (tevent_req_nterror(req, status)) {
    3131           0 :                         return tevent_req_post(req, ev);
    3132             :                 }
    3133             :         }
    3134             : 
    3135           0 :         if (target_hostname != NULL) {
    3136           0 :                 status = gensec_set_target_hostname(ags->gensec_security,
    3137             :                                                     target_hostname);
    3138           0 :                 if (tevent_req_nterror(req, status)) {
    3139           0 :                         return tevent_req_post(req, ev);
    3140             :                 }
    3141             :         }
    3142             : 
    3143           0 :         gensec_set_max_update_size(ags->gensec_security,
    3144             :                                    CLI_BUFFER_SIZE);
    3145             : 
    3146           0 :         b = smbXcli_conn_server_gss_blob(state->cli->conn);
    3147           0 :         if (b != NULL) {
    3148           0 :                 state->blob_in = *b;
    3149             :         }
    3150             : 
    3151           0 :         status = auth_generic_client_start(ags, GENSEC_OID_SPNEGO);
    3152           0 :         if (tevent_req_nterror(req, status)) {
    3153           0 :                 return tevent_req_post(req, ev);
    3154             :         }
    3155             : 
    3156             :         /*
    3157             :          * We only need the gensec_security part from here.
    3158             :          */
    3159           0 :         state->es->gensec_security = talloc_move(state->es,
    3160             :                                                  &ags->gensec_security);
    3161           0 :         TALLOC_FREE(ags);
    3162             : 
    3163           0 :         cli_smb1_setup_encryption_local_next(req);
    3164           0 :         if (!tevent_req_is_in_progress(req)) {
    3165           0 :                 return tevent_req_post(req, ev);
    3166             :         }
    3167             : 
    3168           0 :         return req;
    3169             : }
    3170             : 
    3171           0 : static void cli_smb1_setup_encryption_local_next(struct tevent_req *req)
    3172             : {
    3173           0 :         struct cli_smb1_setup_encryption_state *state =
    3174           0 :                 tevent_req_data(req,
    3175             :                 struct cli_smb1_setup_encryption_state);
    3176           0 :         struct tevent_req *subreq = NULL;
    3177             : 
    3178           0 :         if (state->local_ready) {
    3179           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
    3180           0 :                 return;
    3181             :         }
    3182             : 
    3183           0 :         subreq = gensec_update_send(state, state->ev,
    3184           0 :                         state->es->gensec_security,
    3185             :                         state->blob_in);
    3186           0 :         if (tevent_req_nomem(subreq, req)) {
    3187           0 :                 return;
    3188             :         }
    3189           0 :         tevent_req_set_callback(subreq, cli_smb1_setup_encryption_local_done, req);
    3190             : }
    3191             : 
    3192           0 : static void cli_smb1_setup_encryption_local_done(struct tevent_req *subreq)
    3193             : {
    3194           0 :         struct tevent_req *req =
    3195           0 :                 tevent_req_callback_data(subreq,
    3196             :                 struct tevent_req);
    3197           0 :         struct cli_smb1_setup_encryption_state *state =
    3198           0 :                 tevent_req_data(req,
    3199             :                 struct cli_smb1_setup_encryption_state);
    3200             :         NTSTATUS status;
    3201             : 
    3202           0 :         status = gensec_update_recv(subreq, state, &state->blob_out);
    3203           0 :         TALLOC_FREE(subreq);
    3204           0 :         state->blob_in = data_blob_null;
    3205           0 :         if (!NT_STATUS_IS_OK(status) &&
    3206           0 :             !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
    3207             :         {
    3208           0 :                 tevent_req_nterror(req, status);
    3209           0 :                 return;
    3210             :         }
    3211             : 
    3212           0 :         if (NT_STATUS_IS_OK(status)) {
    3213           0 :                 state->local_ready = true;
    3214             :         }
    3215             : 
    3216             :         /*
    3217             :          * We always get NT_STATUS_OK from the server even if it is not ready.
    3218             :          * So guess the server is ready when we are ready and already sent
    3219             :          * our last blob to the server.
    3220             :          */
    3221           0 :         if (state->local_ready && state->blob_out.length == 0) {
    3222           0 :                 state->remote_ready = true;
    3223             :         }
    3224             : 
    3225           0 :         if (state->local_ready && state->remote_ready) {
    3226           0 :                 cli_smb1_setup_encryption_ready(req);
    3227           0 :                 return;
    3228             :         }
    3229             : 
    3230           0 :         cli_smb1_setup_encryption_remote_next(req);
    3231             : }
    3232             : 
    3233           0 : static void cli_smb1_setup_encryption_remote_next(struct tevent_req *req)
    3234             : {
    3235           0 :         struct cli_smb1_setup_encryption_state *state =
    3236           0 :                 tevent_req_data(req,
    3237             :                 struct cli_smb1_setup_encryption_state);
    3238           0 :         struct tevent_req *subreq = NULL;
    3239             : 
    3240           0 :         if (state->remote_ready) {
    3241           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
    3242           0 :                 return;
    3243             :         }
    3244             : 
    3245           0 :         subreq = cli_smb1_setup_encryption_blob_send(state, state->ev,
    3246             :                                                      state->cli, state->blob_out);
    3247           0 :         if (tevent_req_nomem(subreq, req)) {
    3248           0 :                 return;
    3249             :         }
    3250           0 :         tevent_req_set_callback(subreq,
    3251             :                                 cli_smb1_setup_encryption_remote_done,
    3252             :                                 req);
    3253             : }
    3254             : 
    3255           0 : static void cli_smb1_setup_encryption_remote_done(struct tevent_req *subreq)
    3256             : {
    3257           0 :         struct tevent_req *req =
    3258           0 :                 tevent_req_callback_data(subreq,
    3259             :                 struct tevent_req);
    3260           0 :         struct cli_smb1_setup_encryption_state *state =
    3261           0 :                 tevent_req_data(req,
    3262             :                 struct cli_smb1_setup_encryption_state);
    3263             :         NTSTATUS status;
    3264             : 
    3265           0 :         status = cli_smb1_setup_encryption_blob_recv(subreq, state,
    3266             :                                                      &state->blob_in,
    3267           0 :                                                      &state->es->enc_ctx_num);
    3268           0 :         TALLOC_FREE(subreq);
    3269           0 :         data_blob_free(&state->blob_out);
    3270           0 :         if (!NT_STATUS_IS_OK(status) &&
    3271           0 :             !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
    3272             :         {
    3273           0 :                 tevent_req_nterror(req, status);
    3274           0 :                 return;
    3275             :         }
    3276             : 
    3277             :         /*
    3278             :          * We always get NT_STATUS_OK even if the server is not ready.
    3279             :          * So guess the server is ready when we are ready and sent
    3280             :          * our last blob to the server.
    3281             :          */
    3282           0 :         if (state->local_ready) {
    3283           0 :                 state->remote_ready = true;
    3284             :         }
    3285             : 
    3286           0 :         if (state->local_ready && state->remote_ready) {
    3287           0 :                 cli_smb1_setup_encryption_ready(req);
    3288           0 :                 return;
    3289             :         }
    3290             : 
    3291           0 :         cli_smb1_setup_encryption_local_next(req);
    3292             : }
    3293             : 
    3294           0 : static void cli_smb1_setup_encryption_ready(struct tevent_req *req)
    3295             : {
    3296           0 :         struct cli_smb1_setup_encryption_state *state =
    3297           0 :                 tevent_req_data(req,
    3298             :                 struct cli_smb1_setup_encryption_state);
    3299           0 :         struct smb_trans_enc_state *es = NULL;
    3300             : 
    3301           0 :         if (state->blob_in.length != 0) {
    3302           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
    3303           0 :                 return;
    3304             :         }
    3305             : 
    3306           0 :         if (state->blob_out.length != 0) {
    3307           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
    3308           0 :                 return;
    3309             :         }
    3310             : 
    3311           0 :         es = talloc_move(state->cli->conn, &state->es);
    3312           0 :         es->enc_on = true;
    3313           0 :         smb1cli_conn_set_encryption(state->cli->conn, es);
    3314           0 :         es = NULL;
    3315             : 
    3316           0 :         tevent_req_done(req);
    3317             : }
    3318             : 
    3319           0 : static NTSTATUS cli_smb1_setup_encryption_recv(struct tevent_req *req)
    3320             : {
    3321           0 :         return tevent_req_simple_recv_ntstatus(req);
    3322             : }
    3323             : 
    3324           0 : NTSTATUS cli_smb1_setup_encryption(struct cli_state *cli,
    3325             :                                    struct cli_credentials *creds)
    3326             : {
    3327           0 :         struct tevent_context *ev = NULL;
    3328           0 :         struct tevent_req *req = NULL;
    3329           0 :         NTSTATUS status = NT_STATUS_NO_MEMORY;
    3330             : 
    3331           0 :         ev = samba_tevent_context_init(talloc_tos());
    3332           0 :         if (ev == NULL) {
    3333           0 :                 goto fail;
    3334             :         }
    3335           0 :         req = cli_smb1_setup_encryption_send(ev, ev, cli, creds);
    3336           0 :         if (req == NULL) {
    3337           0 :                 goto fail;
    3338             :         }
    3339           0 :         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
    3340           0 :                 goto fail;
    3341             :         }
    3342           0 :         status = cli_smb1_setup_encryption_recv(req);
    3343           0 :  fail:
    3344           0 :         TALLOC_FREE(ev);
    3345           0 :         return status;
    3346             : }
    3347             : 
    3348             : /**
    3349             :    establishes a connection right up to doing tconX, password specified.
    3350             :    @param output_cli A fully initialised cli structure, non-null only on success
    3351             :    @param dest_host The netbios name of the remote host
    3352             :    @param dest_ip (optional) The the destination IP, NULL for name based lookup
    3353             :    @param port (optional) The destination port (0 for default)
    3354             :    @param service (optional) The share to make the connection to.  Should be 'unqualified' in any way.
    3355             :    @param service_type The 'type' of serivice. 
    3356             :    @param creds The used user credentials
    3357             : */
    3358             : 
    3359             : struct cli_full_connection_creds_state {
    3360             :         struct tevent_context *ev;
    3361             :         const char *service;
    3362             :         const char *service_type;
    3363             :         struct cli_credentials *creds;
    3364             :         int flags;
    3365             :         struct cli_state *cli;
    3366             : };
    3367             : 
    3368          30 : static int cli_full_connection_creds_state_destructor(
    3369             :         struct cli_full_connection_creds_state *s)
    3370             : {
    3371          30 :         if (s->cli != NULL) {
    3372          28 :                 cli_shutdown(s->cli);
    3373          28 :                 s->cli = NULL;
    3374             :         }
    3375          30 :         return 0;
    3376             : }
    3377             : 
    3378             : static void cli_full_connection_creds_conn_done(struct tevent_req *subreq);
    3379             : static void cli_full_connection_creds_sess_start(struct tevent_req *req);
    3380             : static void cli_full_connection_creds_sess_done(struct tevent_req *subreq);
    3381             : static void cli_full_connection_creds_enc_start(struct tevent_req *req);
    3382             : static void cli_full_connection_creds_enc_tcon(struct tevent_req *subreq);
    3383             : static void cli_full_connection_creds_enc_ver(struct tevent_req *subreq);
    3384             : static void cli_full_connection_creds_enc_done(struct tevent_req *subreq);
    3385             : static void cli_full_connection_creds_enc_tdis(struct tevent_req *req);
    3386             : static void cli_full_connection_creds_enc_finished(struct tevent_req *subreq);
    3387             : static void cli_full_connection_creds_tcon_start(struct tevent_req *req);
    3388             : static void cli_full_connection_creds_tcon_done(struct tevent_req *subreq);
    3389             : 
    3390        1151 : struct tevent_req *cli_full_connection_creds_send(
    3391             :         TALLOC_CTX *mem_ctx, struct tevent_context *ev,
    3392             :         const char *my_name, const char *dest_host,
    3393             :         const struct sockaddr_storage *dest_ss, int port,
    3394             :         const char *service, const char *service_type,
    3395             :         struct cli_credentials *creds,
    3396             :         int flags)
    3397             : {
    3398             :         struct tevent_req *req, *subreq;
    3399             :         struct cli_full_connection_creds_state *state;
    3400             :         enum smb_signing_setting signing_state;
    3401         938 :         enum smb_encryption_setting encryption_state =
    3402         213 :                 cli_credentials_get_smb_encryption(creds);
    3403             : 
    3404        1151 :         req = tevent_req_create(mem_ctx, &state,
    3405             :                                 struct cli_full_connection_creds_state);
    3406        1151 :         if (req == NULL) {
    3407           0 :                 return NULL;
    3408             :         }
    3409        1151 :         talloc_set_destructor(state, cli_full_connection_creds_state_destructor);
    3410             : 
    3411        1151 :         state->ev = ev;
    3412        1151 :         state->service = service;
    3413        1151 :         state->service_type = service_type;
    3414        1151 :         state->creds = creds;
    3415        1151 :         state->flags = flags;
    3416             : 
    3417        1151 :         if (flags & CLI_FULL_CONNECTION_IPC) {
    3418         442 :                 signing_state = cli_credentials_get_smb_ipc_signing(creds);
    3419             :         } else {
    3420         709 :                 signing_state = cli_credentials_get_smb_signing(creds);
    3421             :         }
    3422             : 
    3423        1151 :         if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
    3424           0 :                 if (flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK) {
    3425           0 :                         encryption_state = SMB_ENCRYPTION_DESIRED;
    3426             :                 }
    3427             :         }
    3428             : 
    3429        1151 :         if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
    3430           0 :                 signing_state = SMB_SIGNING_REQUIRED;
    3431             :         }
    3432             : 
    3433        1151 :         subreq = cli_start_connection_send(
    3434             :                 state, ev, my_name, dest_host, dest_ss, port,
    3435             :                 signing_state, flags);
    3436        1151 :         if (tevent_req_nomem(subreq, req)) {
    3437           0 :                 return tevent_req_post(req, ev);
    3438             :         }
    3439        1151 :         tevent_req_set_callback(subreq,
    3440             :                                 cli_full_connection_creds_conn_done,
    3441             :                                 req);
    3442        1151 :         return req;
    3443             : }
    3444             : 
    3445        1151 : static void cli_full_connection_creds_conn_done(struct tevent_req *subreq)
    3446             : {
    3447        1151 :         struct tevent_req *req = tevent_req_callback_data(
    3448             :                 subreq, struct tevent_req);
    3449        1151 :         struct cli_full_connection_creds_state *state = tevent_req_data(
    3450             :                 req, struct cli_full_connection_creds_state);
    3451             :         NTSTATUS status;
    3452             : 
    3453        1151 :         status = cli_start_connection_recv(subreq, &state->cli);
    3454        1151 :         TALLOC_FREE(subreq);
    3455        1151 :         if (tevent_req_nterror(req, status)) {
    3456           2 :                 return;
    3457             :         }
    3458             : 
    3459        1149 :         cli_full_connection_creds_sess_start(req);
    3460             : }
    3461             : 
    3462        1149 : static void cli_full_connection_creds_sess_start(struct tevent_req *req)
    3463             : {
    3464        1149 :         struct cli_full_connection_creds_state *state = tevent_req_data(
    3465             :                 req, struct cli_full_connection_creds_state);
    3466        1149 :         struct tevent_req *subreq = NULL;
    3467             : 
    3468        1149 :         subreq = cli_session_setup_creds_send(
    3469             :                 state, state->ev, state->cli, state->creds);
    3470        1149 :         if (tevent_req_nomem(subreq, req)) {
    3471           0 :                 return;
    3472             :         }
    3473        1149 :         tevent_req_set_callback(subreq,
    3474             :                                 cli_full_connection_creds_sess_done,
    3475             :                                 req);
    3476             : }
    3477             : 
    3478        1149 : static void cli_full_connection_creds_sess_done(struct tevent_req *subreq)
    3479             : {
    3480        1149 :         struct tevent_req *req = tevent_req_callback_data(
    3481             :                 subreq, struct tevent_req);
    3482        1149 :         struct cli_full_connection_creds_state *state = tevent_req_data(
    3483             :                 req, struct cli_full_connection_creds_state);
    3484             :         NTSTATUS status;
    3485             : 
    3486        1149 :         status = cli_session_setup_creds_recv(subreq);
    3487        1149 :         TALLOC_FREE(subreq);
    3488             : 
    3489        1166 :         if (!NT_STATUS_IS_OK(status) &&
    3490          28 :             (state->flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
    3491             : 
    3492           0 :                 state->flags &= ~CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
    3493             : 
    3494           0 :                 state->creds = cli_credentials_init_anon(state);
    3495           0 :                 if (tevent_req_nomem(state->creds, req)) {
    3496          28 :                         return;
    3497             :                 }
    3498             : 
    3499           0 :                 cli_full_connection_creds_sess_start(req);
    3500           0 :                 return;
    3501             :         }
    3502             : 
    3503        1149 :         if (tevent_req_nterror(req, status)) {
    3504          28 :                 return;
    3505             :         }
    3506             : 
    3507        1121 :         cli_full_connection_creds_enc_start(req);
    3508             : }
    3509             : 
    3510        1121 : static void cli_full_connection_creds_enc_start(struct tevent_req *req)
    3511             : {
    3512        1121 :         struct cli_full_connection_creds_state *state = tevent_req_data(
    3513             :                 req, struct cli_full_connection_creds_state);
    3514         920 :         enum smb_encryption_setting encryption_state =
    3515        1121 :                 cli_credentials_get_smb_encryption(state->creds);
    3516        1121 :         struct tevent_req *subreq = NULL;
    3517             :         NTSTATUS status;
    3518             : 
    3519        1121 :         if (encryption_state < SMB_ENCRYPTION_DESIRED) {
    3520        1121 :                 cli_full_connection_creds_tcon_start(req);
    3521        1121 :                 return;
    3522             :         }
    3523             : 
    3524           0 :         if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
    3525           0 :                 status = smb2cli_session_encryption_on(state->cli->smb2.session);
    3526           0 :                 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
    3527           0 :                         if (encryption_state < SMB_ENCRYPTION_REQUIRED) {
    3528           0 :                                 cli_full_connection_creds_tcon_start(req);
    3529           0 :                                 return;
    3530             :                         }
    3531           0 :                         d_printf("Encryption required and "
    3532             :                                 "server doesn't support "
    3533             :                                 "SMB3 encryption - failing connect\n");
    3534           0 :                         tevent_req_nterror(req, status);
    3535           0 :                         return;
    3536           0 :                 } else if (!NT_STATUS_IS_OK(status)) {
    3537           0 :                         d_printf("Encryption required and "
    3538             :                                 "setup failed with error %s.\n",
    3539             :                                 nt_errstr(status));
    3540           0 :                         tevent_req_nterror(req, status);
    3541           0 :                         return;
    3542             :                 }
    3543             : 
    3544           0 :                 cli_full_connection_creds_tcon_start(req);
    3545           0 :                 return;
    3546             :         }
    3547             : 
    3548           0 :         if (!SERVER_HAS_UNIX_CIFS(state->cli)) {
    3549           0 :                 if (encryption_state < SMB_ENCRYPTION_REQUIRED) {
    3550           0 :                         cli_full_connection_creds_tcon_start(req);
    3551           0 :                         return;
    3552             :                 }
    3553             : 
    3554           0 :                 status = NT_STATUS_NOT_SUPPORTED;
    3555           0 :                 d_printf("Encryption required and "
    3556             :                         "server doesn't support "
    3557             :                         "SMB1 Unix Extensions - failing connect\n");
    3558           0 :                 tevent_req_nterror(req, status);
    3559           0 :                 return;
    3560             :         }
    3561             : 
    3562             :         /*
    3563             :          * We do a tcon on IPC$ just to setup the encryption,
    3564             :          * the real tcon will be encrypted then.
    3565             :          */
    3566           0 :         subreq = cli_tree_connect_send(state, state->ev, state->cli,
    3567             :                                        "IPC$", "IPC", NULL);
    3568           0 :         if (tevent_req_nomem(subreq, req)) {
    3569           0 :                 return;
    3570             :         }
    3571           0 :         tevent_req_set_callback(subreq, cli_full_connection_creds_enc_tcon, req);
    3572             : }
    3573             : 
    3574           0 : static void cli_full_connection_creds_enc_tcon(struct tevent_req *subreq)
    3575             : {
    3576           0 :         struct tevent_req *req = tevent_req_callback_data(
    3577             :                 subreq, struct tevent_req);
    3578           0 :         struct cli_full_connection_creds_state *state = tevent_req_data(
    3579             :                 req, struct cli_full_connection_creds_state);
    3580             :         NTSTATUS status;
    3581             : 
    3582           0 :         status = cli_tree_connect_recv(subreq);
    3583           0 :         TALLOC_FREE(subreq);
    3584           0 :         if (tevent_req_nterror(req, status)) {
    3585           0 :                 return;
    3586             :         }
    3587             : 
    3588           0 :         subreq = cli_unix_extensions_version_send(state, state->ev, state->cli);
    3589           0 :         if (tevent_req_nomem(subreq, req)) {
    3590           0 :                 return;
    3591             :         }
    3592           0 :         tevent_req_set_callback(subreq, cli_full_connection_creds_enc_ver, req);
    3593             : }
    3594             : 
    3595           0 : static void cli_full_connection_creds_enc_ver(struct tevent_req *subreq)
    3596             : {
    3597           0 :         struct tevent_req *req = tevent_req_callback_data(
    3598             :                 subreq, struct tevent_req);
    3599           0 :         struct cli_full_connection_creds_state *state = tevent_req_data(
    3600             :                 req, struct cli_full_connection_creds_state);
    3601           0 :         enum smb_encryption_setting encryption_state =
    3602           0 :                 cli_credentials_get_smb_encryption(state->creds);
    3603             :         uint16_t major, minor;
    3604             :         uint32_t caplow, caphigh;
    3605             :         NTSTATUS status;
    3606             : 
    3607           0 :         status = cli_unix_extensions_version_recv(subreq,
    3608             :                                                   &major, &minor,
    3609             :                                                   &caplow,
    3610             :                                                   &caphigh);
    3611           0 :         TALLOC_FREE(subreq);
    3612           0 :         if (!NT_STATUS_IS_OK(status)) {
    3613           0 :                 if (encryption_state < SMB_ENCRYPTION_REQUIRED) {
    3614             :                         /* disconnect ipc$ followed by the real tree connect */
    3615           0 :                         cli_full_connection_creds_enc_tdis(req);
    3616           0 :                         return;
    3617             :                 }
    3618           0 :                 DEBUG(10, ("%s: cli_unix_extensions_version "
    3619             :                            "returned %s\n", __func__, nt_errstr(status)));
    3620           0 :                 tevent_req_nterror(req, NT_STATUS_UNKNOWN_REVISION);
    3621           0 :                 return;
    3622             :         }
    3623             : 
    3624           0 :         if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
    3625           0 :                 if (encryption_state < SMB_ENCRYPTION_REQUIRED) {
    3626             :                         /* disconnect ipc$ followed by the real tree connect */
    3627           0 :                         cli_full_connection_creds_enc_tdis(req);
    3628           0 :                         return;
    3629             :                 }
    3630           0 :                 DEBUG(10, ("%s: CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP "
    3631             :                            "not supported\n", __func__));
    3632           0 :                 tevent_req_nterror(req, NT_STATUS_UNSUPPORTED_COMPRESSION);
    3633           0 :                 return;
    3634             :         }
    3635             : 
    3636           0 :         subreq = cli_smb1_setup_encryption_send(state, state->ev,
    3637             :                                                 state->cli,
    3638             :                                                 state->creds);
    3639           0 :         if (tevent_req_nomem(subreq, req)) {
    3640           0 :                 return;
    3641             :         }
    3642           0 :         tevent_req_set_callback(subreq,
    3643             :                                 cli_full_connection_creds_enc_done,
    3644             :                                 req);
    3645             : }
    3646             : 
    3647           0 : static void cli_full_connection_creds_enc_done(struct tevent_req *subreq)
    3648             : {
    3649           0 :         struct tevent_req *req = tevent_req_callback_data(
    3650             :                 subreq, struct tevent_req);
    3651             :         NTSTATUS status;
    3652             : 
    3653           0 :         status = cli_smb1_setup_encryption_recv(subreq);
    3654           0 :         TALLOC_FREE(subreq);
    3655           0 :         if (tevent_req_nterror(req, status)) {
    3656           0 :                 return;
    3657             :         }
    3658             : 
    3659             :         /* disconnect ipc$ followed by the real tree connect */
    3660           0 :         cli_full_connection_creds_enc_tdis(req);
    3661             : }
    3662             : 
    3663           0 : static void cli_full_connection_creds_enc_tdis(struct tevent_req *req)
    3664             : {
    3665           0 :         struct cli_full_connection_creds_state *state = tevent_req_data(
    3666             :                 req, struct cli_full_connection_creds_state);
    3667           0 :         struct tevent_req *subreq = NULL;
    3668             : 
    3669           0 :         subreq = cli_tdis_send(state, state->ev, state->cli);
    3670           0 :         if (tevent_req_nomem(subreq, req)) {
    3671           0 :                 return;
    3672             :         }
    3673           0 :         tevent_req_set_callback(subreq,
    3674             :                                 cli_full_connection_creds_enc_finished,
    3675             :                                 req);
    3676             : }
    3677             : 
    3678           0 : static void cli_full_connection_creds_enc_finished(struct tevent_req *subreq)
    3679             : {
    3680           0 :         struct tevent_req *req = tevent_req_callback_data(
    3681             :                 subreq, struct tevent_req);
    3682             :         NTSTATUS status;
    3683             : 
    3684           0 :         status = cli_tdis_recv(subreq);
    3685           0 :         TALLOC_FREE(subreq);
    3686           0 :         if (tevent_req_nterror(req, status)) {
    3687           0 :                 return;
    3688             :         }
    3689             : 
    3690           0 :         cli_full_connection_creds_tcon_start(req);
    3691             : }
    3692             : 
    3693        1121 : static void cli_full_connection_creds_tcon_start(struct tevent_req *req)
    3694             : {
    3695        1121 :         struct cli_full_connection_creds_state *state = tevent_req_data(
    3696             :                 req, struct cli_full_connection_creds_state);
    3697        1121 :         struct tevent_req *subreq = NULL;
    3698        1121 :         const char *password = NULL;
    3699             : 
    3700        1121 :         if (state->service == NULL) {
    3701           1 :                 tevent_req_done(req);
    3702           1 :                 return;
    3703             :         }
    3704             : 
    3705        1120 :         password = cli_credentials_get_password(state->creds);
    3706             : 
    3707        1120 :         subreq = cli_tree_connect_send(state, state->ev,
    3708             :                                        state->cli,
    3709             :                                        state->service,
    3710             :                                        state->service_type,
    3711             :                                        password);
    3712        1120 :         if (tevent_req_nomem(subreq, req)) {
    3713           0 :                 return;
    3714             :         }
    3715        1120 :         tevent_req_set_callback(subreq,
    3716             :                                 cli_full_connection_creds_tcon_done,
    3717             :                                 req);
    3718             : }
    3719             : 
    3720        1120 : static void cli_full_connection_creds_tcon_done(struct tevent_req *subreq)
    3721             : {
    3722        1120 :         struct tevent_req *req = tevent_req_callback_data(
    3723             :                 subreq, struct tevent_req);
    3724             :         NTSTATUS status;
    3725             : 
    3726        1120 :         status = cli_tree_connect_recv(subreq);
    3727        1120 :         TALLOC_FREE(subreq);
    3728        1120 :         if (tevent_req_nterror(req, status)) {
    3729           0 :                 return;
    3730             :         }
    3731             : 
    3732        1120 :         tevent_req_done(req);
    3733             : }
    3734             : 
    3735        1151 : NTSTATUS cli_full_connection_creds_recv(struct tevent_req *req,
    3736             :                                   struct cli_state **output_cli)
    3737             : {
    3738        1151 :         struct cli_full_connection_creds_state *state = tevent_req_data(
    3739             :                 req, struct cli_full_connection_creds_state);
    3740             :         NTSTATUS status;
    3741             : 
    3742        1151 :         if (tevent_req_is_nterror(req, &status)) {
    3743          30 :                 return status;
    3744             :         }
    3745        1121 :         *output_cli = state->cli;
    3746        1121 :         talloc_set_destructor(state, NULL);
    3747        1121 :         return NT_STATUS_OK;
    3748             : }
    3749             : 
    3750         462 : NTSTATUS cli_full_connection_creds(struct cli_state **output_cli,
    3751             :                                    const char *my_name,
    3752             :                                    const char *dest_host,
    3753             :                                    const struct sockaddr_storage *dest_ss, int port,
    3754             :                                    const char *service, const char *service_type,
    3755             :                                    struct cli_credentials *creds,
    3756             :                                    int flags)
    3757             : {
    3758             :         struct tevent_context *ev;
    3759             :         struct tevent_req *req;
    3760         462 :         NTSTATUS status = NT_STATUS_NO_MEMORY;
    3761             : 
    3762         462 :         ev = samba_tevent_context_init(talloc_tos());
    3763         462 :         if (ev == NULL) {
    3764           0 :                 goto fail;
    3765             :         }
    3766         462 :         req = cli_full_connection_creds_send(
    3767             :                 ev, ev, my_name, dest_host, dest_ss, port, service,
    3768             :                 service_type, creds, flags);
    3769         462 :         if (req == NULL) {
    3770           0 :                 goto fail;
    3771             :         }
    3772         462 :         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
    3773           0 :                 goto fail;
    3774             :         }
    3775         462 :         status = cli_full_connection_creds_recv(req, output_cli);
    3776         462 :  fail:
    3777         462 :         TALLOC_FREE(ev);
    3778         462 :         return status;
    3779             : }
    3780             : 
    3781             : /****************************************************************************
    3782             :  Send an old style tcon.
    3783             : ****************************************************************************/
    3784             : struct cli_raw_tcon_state {
    3785             :         uint16_t *ret_vwv;
    3786             : };
    3787             : 
    3788             : static void cli_raw_tcon_done(struct tevent_req *subreq);
    3789             : 
    3790           1 : static struct tevent_req *cli_raw_tcon_send(
    3791             :         TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
    3792             :         const char *service, const char *pass, const char *dev)
    3793             : {
    3794             :         struct tevent_req *req, *subreq;
    3795             :         struct cli_raw_tcon_state *state;
    3796             :         uint8_t *bytes;
    3797             : 
    3798           1 :         req = tevent_req_create(mem_ctx, &state, struct cli_raw_tcon_state);
    3799           1 :         if (req == NULL) {
    3800           0 :                 return NULL;
    3801             :         }
    3802             : 
    3803           1 :         if (!lp_client_plaintext_auth() && (*pass)) {
    3804           1 :                 DEBUG(1, ("Server requested PLAINTEXT password but 'client plaintext auth = no'"
    3805             :                           " or 'client ntlmv2 auth = yes'\n"));
    3806           1 :                 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
    3807           1 :                 return tevent_req_post(req, ev);
    3808             :         }
    3809             : 
    3810           0 :         TALLOC_FREE(cli->smb1.tcon);
    3811           0 :         cli->smb1.tcon = smbXcli_tcon_create(cli);
    3812           0 :         if (tevent_req_nomem(cli->smb1.tcon, req)) {
    3813           0 :                 return tevent_req_post(req, ev);
    3814             :         }
    3815           0 :         smb1cli_tcon_set_id(cli->smb1.tcon, UINT16_MAX);
    3816             : 
    3817           0 :         bytes = talloc_array(state, uint8_t, 0);
    3818           0 :         bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
    3819           0 :         bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
    3820           0 :                                    service, strlen(service)+1, NULL);
    3821           0 :         bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
    3822           0 :         bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
    3823           0 :                                    pass, strlen(pass)+1, NULL);
    3824           0 :         bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
    3825           0 :         bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
    3826           0 :                                    dev, strlen(dev)+1, NULL);
    3827             : 
    3828           0 :         if (tevent_req_nomem(bytes, req)) {
    3829           0 :                 return tevent_req_post(req, ev);
    3830             :         }
    3831             : 
    3832           0 :         subreq = cli_smb_send(state, ev, cli, SMBtcon, 0, 0, 0, NULL,
    3833           0 :                               talloc_get_size(bytes), bytes);
    3834           0 :         if (tevent_req_nomem(subreq, req)) {
    3835           0 :                 return tevent_req_post(req, ev);
    3836             :         }
    3837           0 :         tevent_req_set_callback(subreq, cli_raw_tcon_done, req);
    3838           0 :         return req;
    3839             : }
    3840             : 
    3841           0 : static void cli_raw_tcon_done(struct tevent_req *subreq)
    3842             : {
    3843           0 :         struct tevent_req *req = tevent_req_callback_data(
    3844             :                 subreq, struct tevent_req);
    3845           0 :         struct cli_raw_tcon_state *state = tevent_req_data(
    3846             :                 req, struct cli_raw_tcon_state);
    3847             :         NTSTATUS status;
    3848             : 
    3849           0 :         status = cli_smb_recv(subreq, state, NULL, 2, NULL, &state->ret_vwv,
    3850             :                               NULL, NULL);
    3851           0 :         TALLOC_FREE(subreq);
    3852           0 :         if (tevent_req_nterror(req, status)) {
    3853           0 :                 return;
    3854             :         }
    3855           0 :         tevent_req_done(req);
    3856             : }
    3857             : 
    3858           1 : static NTSTATUS cli_raw_tcon_recv(struct tevent_req *req,
    3859             :                                   uint16_t *max_xmit, uint16_t *tid)
    3860             : {
    3861           1 :         struct cli_raw_tcon_state *state = tevent_req_data(
    3862             :                 req, struct cli_raw_tcon_state);
    3863             :         NTSTATUS status;
    3864             : 
    3865           1 :         if (tevent_req_is_nterror(req, &status)) {
    3866           1 :                 return status;
    3867             :         }
    3868           0 :         *max_xmit = SVAL(state->ret_vwv + 0, 0);
    3869           0 :         *tid = SVAL(state->ret_vwv + 1, 0);
    3870           0 :         return NT_STATUS_OK;
    3871             : }
    3872             : 
    3873           1 : NTSTATUS cli_raw_tcon(struct cli_state *cli,
    3874             :                       const char *service, const char *pass, const char *dev,
    3875             :                       uint16_t *max_xmit, uint16_t *tid)
    3876             : {
    3877             :         struct tevent_context *ev;
    3878             :         struct tevent_req *req;
    3879           1 :         NTSTATUS status = NT_STATUS_NO_MEMORY;
    3880             : 
    3881           1 :         ev = samba_tevent_context_init(talloc_tos());
    3882           1 :         if (ev == NULL) {
    3883           0 :                 goto fail;
    3884             :         }
    3885           1 :         req = cli_raw_tcon_send(ev, ev, cli, service, pass, dev);
    3886           1 :         if (req == NULL) {
    3887           0 :                 goto fail;
    3888             :         }
    3889           1 :         if (!tevent_req_poll_ntstatus(req, ev, &status)) {
    3890           0 :                 goto fail;
    3891             :         }
    3892           1 :         status = cli_raw_tcon_recv(req, max_xmit, tid);
    3893           1 : fail:
    3894           1 :         TALLOC_FREE(ev);
    3895           1 :         return status;
    3896             : }
    3897             : 
    3898             : /* Return a cli_state pointing at the IPC$ share for the given server */
    3899             : 
    3900           0 : struct cli_state *get_ipc_connect(char *server,
    3901             :                                 struct sockaddr_storage *server_ss,
    3902             :                                 struct cli_credentials *creds)
    3903             : {
    3904             :         struct cli_state *cli;
    3905             :         NTSTATUS nt_status;
    3906           0 :         uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
    3907             : 
    3908           0 :         flags |= CLI_FULL_CONNECTION_FORCE_SMB1;
    3909           0 :         flags |= CLI_FULL_CONNECTION_IPC;
    3910             : 
    3911           0 :         nt_status = cli_full_connection_creds(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
    3912             :                                               creds,
    3913             :                                         flags);
    3914             : 
    3915           0 :         if (NT_STATUS_IS_OK(nt_status)) {
    3916           0 :                 return cli;
    3917             :         }
    3918           0 :         if (is_ipaddress(server)) {
    3919             :             /* windows 9* needs a correct NMB name for connections */
    3920             :             fstring remote_name;
    3921             : 
    3922           0 :             if (name_status_find("*", 0, 0, server_ss, remote_name)) {
    3923           0 :                 cli = get_ipc_connect(remote_name, server_ss, creds);
    3924           0 :                 if (cli)
    3925           0 :                     return cli;
    3926             :             }
    3927             :         }
    3928           0 :         return NULL;
    3929             : }
    3930             : 
    3931             : /*
    3932             :  * Given the IP address of a master browser on the network, return its
    3933             :  * workgroup and connect to it.
    3934             :  *
    3935             :  * This function is provided to allow additional processing beyond what
    3936             :  * get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
    3937             :  * browsers and obtain each master browsers' list of domains (in case the
    3938             :  * first master browser is recently on the network and has not yet
    3939             :  * synchronized with other master browsers and therefore does not yet have the
    3940             :  * entire network browse list)
    3941             :  */
    3942             : 
    3943           0 : struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
    3944             :                                 struct sockaddr_storage *mb_ip,
    3945             :                                 struct cli_credentials *creds,
    3946             :                                 char **pp_workgroup_out)
    3947             : {
    3948             :         char addr[INET6_ADDRSTRLEN];
    3949             :         fstring name;
    3950             :         struct cli_state *cli;
    3951             :         struct sockaddr_storage server_ss;
    3952             : 
    3953           0 :         *pp_workgroup_out = NULL;
    3954             : 
    3955           0 :         print_sockaddr(addr, sizeof(addr), mb_ip);
    3956           0 :         DEBUG(99, ("Looking up name of master browser %s\n",
    3957             :                    addr));
    3958             : 
    3959             :         /*
    3960             :          * Do a name status query to find out the name of the master browser.
    3961             :          * We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
    3962             :          * master browser will not respond to a wildcard query (or, at least,
    3963             :          * an NT4 server acting as the domain master browser will not).
    3964             :          *
    3965             :          * We might be able to use ONLY the query on MSBROWSE, but that's not
    3966             :          * yet been tested with all Windows versions, so until it is, leave
    3967             :          * the original wildcard query as the first choice and fall back to
    3968             :          * MSBROWSE if the wildcard query fails.
    3969             :          */
    3970           0 :         if (!name_status_find("*", 0, 0x1d, mb_ip, name) &&
    3971           0 :             !name_status_find(MSBROWSE, 1, 0x1d, mb_ip, name)) {
    3972             : 
    3973           0 :                 DEBUG(99, ("Could not retrieve name status for %s\n",
    3974             :                            addr));
    3975           0 :                 return NULL;
    3976             :         }
    3977             : 
    3978           0 :         if (!find_master_ip(name, &server_ss)) {
    3979           0 :                 DEBUG(99, ("Could not find master ip for %s\n", name));
    3980           0 :                 return NULL;
    3981             :         }
    3982             : 
    3983           0 :         *pp_workgroup_out = talloc_strdup(ctx, name);
    3984             : 
    3985           0 :         DEBUG(4, ("found master browser %s, %s\n", name, addr));
    3986             : 
    3987           0 :         print_sockaddr(addr, sizeof(addr), &server_ss);
    3988           0 :         cli = get_ipc_connect(addr, &server_ss, creds);
    3989             : 
    3990           0 :         return cli;
    3991             : }

Generated by: LCOV version 1.13