1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

Make the composite 'connect to server' code useful for security=server

The ability to short-circuit the connection code to only do a negprot
allows us to do the rest once we have the user's password.  We return
the 8 byte challenge so we can pass it to the client.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2008-04-25 15:08:52 +01:00
parent 53ea233649
commit 40fe386b03
3 changed files with 35 additions and 14 deletions

View File

@ -38,7 +38,9 @@ enum connect_stage {CONNECT_RESOLVE,
CONNECT_NEGPROT,
CONNECT_SESSION_SETUP,
CONNECT_SESSION_SETUP_ANON,
CONNECT_TCON};
CONNECT_TCON,
CONNECT_DONE
};
struct connect_state {
enum connect_stage stage;
@ -97,8 +99,7 @@ static NTSTATUS connect_tcon(struct composite_context *c,
state->io_tcon->tconx.out.fs_type);
}
/* all done! */
c->state = COMPOSITE_STATE_DONE;
state->stage = CONNECT_DONE;
return NT_STATUS_OK;
}
@ -203,6 +204,13 @@ static NTSTATUS connect_session_setup(struct composite_context *c,
state->session->vuid = state->io_setup->out.vuid;
/* If we don't have a remote share name then this indicates that
* we don't want to do a tree connect */
if (!io->in.service) {
state->stage = CONNECT_DONE;
return NT_STATUS_OK;
}
/* setup for a tconx */
io->out.tree = smbcli_tree_init(state->session, state, true);
NT_STATUS_HAVE_NO_MEMORY(io->out.tree);
@ -251,10 +259,23 @@ static NTSTATUS connect_negprot(struct composite_context *c,
status = smb_raw_negotiate_recv(state->req);
NT_STATUS_NOT_OK_RETURN(status);
if (!(state->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY)) {
io->out.negprot_challenge = state->transport->negotiate.secblob;
} else {
io->out.negprot_challenge = data_blob(NULL, 0);
}
/* If we don't have any credentials then this indicates that
* we don't want to do a session setup */
if (!io->in.credentials) {
state->stage = CONNECT_DONE;
return NT_STATUS_OK;
}
/* next step is a session setup */
state->session = smbcli_session_init(state->transport, state, true);
NT_STATUS_HAVE_NO_MEMORY(state->session);
state->io_setup = talloc(c, struct smb_composite_sesssetup);
NT_STATUS_HAVE_NO_MEMORY(state->io_setup);
@ -272,6 +293,7 @@ static NTSTATUS connect_negprot(struct composite_context *c,
state->creq->async.fn = composite_handler;
state->creq->async.private_data = c;
state->stage = CONNECT_SESSION_SETUP;
return NT_STATUS_OK;
@ -405,13 +427,11 @@ static void state_handler(struct composite_context *c)
break;
}
if (!NT_STATUS_IS_OK(c->status)) {
c->state = COMPOSITE_STATE_ERROR;
}
if (c->state >= COMPOSITE_STATE_DONE &&
c->async.fn) {
c->async.fn(c);
if (state->stage == CONNECT_DONE) {
/* all done! */
composite_done(c);
} else {
composite_is_ok(c);
}
}

View File

@ -224,7 +224,6 @@ static NTSTATUS session_setup_nt1(struct composite_context *c,
{
NTSTATUS nt_status;
struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
const char *password = cli_credentials_get_password(io->in.credentials);
DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_iconv_convenience(global_loadparm), session->transport->socket->hostname, lp_workgroup(global_loadparm));
DATA_BLOB session_key;
int flags = CLI_CRED_NTLM_AUTH;
@ -266,6 +265,7 @@ static NTSTATUS session_setup_nt1(struct composite_context *c,
data_blob_free(&session_key);
} else if (session->options.plaintext_auth) {
const char *password = cli_credentials_get_password(io->in.credentials);
state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password));
state->setup.nt1.in.password2 = data_blob(NULL, 0);
} else {

View File

@ -83,8 +83,8 @@ struct smb_composite_savefile {
- socket establishment
- session request
- negprot
- session setup
- tree connect
- session setup (if credentials are not NULL)
- tree connect (if service is not NULL)
*/
struct smb_composite_connect {
struct {
@ -101,6 +101,7 @@ struct smb_composite_connect {
struct {
struct smbcli_tree *tree;
bool anonymous_fallback_done;
DATA_BLOB negprot_challenge;
} out;
};