LCOV - code coverage report
Current view: top level - libcli/smb - smb1cli_session.c (source / functions) Hit Total Coverage
Test: coverage report for master 2b515b7d Lines: 296 372 79.6 %
Date: 2024-02-28 12:06:22 Functions: 9 9 100.0 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    client connect/disconnect routines
       4             :    Copyright (C) Andrew Tridgell 1994-1998
       5             :    Copyright (C) Andrew Bartlett 2001-2003
       6             :    Copyright (C) Volker Lendecke 2011
       7             :    Copyright (C) Jeremy Allison 2011
       8             :    Copyright (C) Stefan Metzmacher 2016
       9             : 
      10             :    This program is free software; you can redistribute it and/or modify
      11             :    it under the terms of the GNU General Public License as published by
      12             :    the Free Software Foundation; either version 3 of the License, or
      13             :    (at your option) any later version.
      14             : 
      15             :    This program is distributed in the hope that it will be useful,
      16             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      18             :    GNU General Public License for more details.
      19             : 
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include "system/network.h"
      26             : #include "../lib/util/tevent_ntstatus.h"
      27             : #include "../libcli/smb/smb_common.h"
      28             : #include "../libcli/smb/smbXcli_base.h"
      29             : 
      30             : 
      31             : struct smb1cli_session_setup_lm21_state {
      32             :         struct smbXcli_session *session;
      33             :         uint16_t vwv[10];
      34             :         struct iovec *recv_iov;
      35             :         uint16_t out_session_id;
      36             :         uint16_t out_action;
      37             :         char *out_native_os;
      38             :         char *out_native_lm;
      39             : };
      40             : 
      41             : static void smb1cli_session_setup_lm21_done(struct tevent_req *subreq);
      42             : 
      43          24 : struct tevent_req *smb1cli_session_setup_lm21_send(TALLOC_CTX *mem_ctx,
      44             :                                 struct tevent_context *ev,
      45             :                                 struct smbXcli_conn *conn,
      46             :                                 uint32_t timeout_msec,
      47             :                                 uint32_t pid,
      48             :                                 struct smbXcli_session *session,
      49             :                                 uint16_t in_buf_size,
      50             :                                 uint16_t in_mpx_max,
      51             :                                 uint16_t in_vc_num,
      52             :                                 uint32_t in_sess_key,
      53             :                                 const char *in_user,
      54             :                                 const char *in_domain,
      55             :                                 const DATA_BLOB in_apassword,
      56             :                                 const char *in_native_os,
      57             :                                 const char *in_native_lm)
      58             : {
      59          24 :         struct tevent_req *req = NULL;
      60          24 :         struct smb1cli_session_setup_lm21_state *state = NULL;
      61          24 :         struct tevent_req *subreq = NULL;
      62          24 :         uint16_t *vwv = NULL;
      63          24 :         uint8_t *bytes = NULL;
      64             : 
      65          24 :         req = tevent_req_create(mem_ctx, &state,
      66             :                                 struct smb1cli_session_setup_lm21_state);
      67          24 :         if (req == NULL) {
      68           0 :                 return NULL;
      69             :         }
      70          24 :         state->session = session;
      71          24 :         vwv = state->vwv;
      72             : 
      73          24 :         if (in_user == NULL) {
      74           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
      75           0 :                 return tevent_req_post(req, ev);
      76             :         }
      77             : 
      78          24 :         if (in_domain == NULL) {
      79           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
      80           0 :                 return tevent_req_post(req, ev);
      81             :         }
      82             : 
      83          24 :         if (in_apassword.length > UINT16_MAX) {
      84           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
      85           0 :                 return tevent_req_post(req, ev);
      86             :         }
      87             : 
      88          24 :         if (in_native_os == NULL && in_native_lm != NULL) {
      89           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
      90           0 :                 return tevent_req_post(req, ev);
      91             :         }
      92             : 
      93          24 :         SCVAL(vwv+0, 0, 0xff);
      94          24 :         SCVAL(vwv+0, 1, 0);
      95          24 :         SSVAL(vwv+1, 0, 0);
      96          24 :         SSVAL(vwv+2, 0, in_buf_size);
      97          24 :         SSVAL(vwv+3, 0, in_mpx_max);
      98          24 :         SSVAL(vwv+4, 0, in_vc_num);
      99          24 :         SIVAL(vwv+5, 0, in_sess_key);
     100          24 :         SSVAL(vwv+7, 0, in_apassword.length);
     101          24 :         SSVAL(vwv+8, 0, 0); /* reserved */
     102          24 :         SSVAL(vwv+9, 0, 0); /* reserved */
     103             : 
     104          24 :         bytes = talloc_array(state, uint8_t,
     105             :                              in_apassword.length);
     106          24 :         if (tevent_req_nomem(bytes, req)) {
     107           0 :                 return tevent_req_post(req, ev);
     108             :         }
     109          24 :         if (in_apassword.length != 0) {
     110          14 :                 memcpy(bytes,
     111          14 :                        in_apassword.data,
     112          14 :                        in_apassword.length);
     113             :         }
     114             : 
     115          24 :         bytes = smb_bytes_push_str(bytes,
     116          24 :                                    smbXcli_conn_use_unicode(conn),
     117          24 :                                    in_user, strlen(in_user)+1,
     118             :                                    NULL);
     119          24 :         bytes = smb_bytes_push_str(bytes,
     120          24 :                                    smbXcli_conn_use_unicode(conn),
     121          24 :                                    in_domain, strlen(in_domain)+1,
     122             :                                    NULL);
     123          24 :         if (in_native_os != NULL) {
     124          24 :                 bytes = smb_bytes_push_str(bytes,
     125          24 :                                            smbXcli_conn_use_unicode(conn),
     126          24 :                                            in_native_os, strlen(in_native_os)+1,
     127             :                                            NULL);
     128             :         }
     129          24 :         if (in_native_lm != NULL) {
     130          24 :                 bytes = smb_bytes_push_str(bytes,
     131          24 :                                            smbXcli_conn_use_unicode(conn),
     132          24 :                                            in_native_lm, strlen(in_native_lm)+1,
     133             :                                            NULL);
     134             :         }
     135          24 :         if (tevent_req_nomem(bytes, req)) {
     136           0 :                 return tevent_req_post(req, ev);
     137             :         }
     138             : 
     139          24 :         subreq = smb1cli_req_send(state, ev, conn,
     140             :                                   SMBsesssetupX,
     141             :                                   0, /*  additional_flags */
     142             :                                   0, /*  clear_flags */
     143             :                                   0, /*  additional_flags2 */
     144             :                                   0, /*  clear_flags2 */
     145             :                                   timeout_msec,
     146             :                                   pid,
     147             :                                   NULL, /* tcon */
     148             :                                   session,
     149             :                                   10, /* wct */
     150             :                                   vwv,
     151          24 :                                   talloc_get_size(bytes),
     152             :                                   bytes);
     153          24 :         if (tevent_req_nomem(subreq, req)) {
     154           0 :                 return tevent_req_post(req, ev);
     155             :         }
     156          24 :         tevent_req_set_callback(subreq, smb1cli_session_setup_lm21_done, req);
     157             : 
     158          24 :         return req;
     159             : }
     160             : 
     161          24 : static void smb1cli_session_setup_lm21_done(struct tevent_req *subreq)
     162             : {
     163           0 :         struct tevent_req *req =
     164          24 :                 tevent_req_callback_data(subreq,
     165             :                 struct tevent_req);
     166           0 :         struct smb1cli_session_setup_lm21_state *state =
     167          24 :                 tevent_req_data(req,
     168             :                 struct smb1cli_session_setup_lm21_state);
     169           0 :         NTSTATUS status;
     170          24 :         uint8_t *inhdr = NULL;
     171           0 :         uint8_t wct;
     172          24 :         uint16_t *vwv = NULL;
     173           0 :         uint32_t num_bytes;
     174          24 :         uint8_t *bytes = NULL;
     175          24 :         const uint8_t *p = NULL;
     176          24 :         size_t ret = 0;
     177           0 :         uint16_t flags2;
     178          24 :         bool use_unicode = false;
     179          24 :         struct smb1cli_req_expected_response expected[] = {
     180             :         {
     181             :                 .status = NT_STATUS_OK,
     182             :                 .wct    = 3,
     183             :         },
     184             :         };
     185             : 
     186          24 :         status = smb1cli_req_recv(subreq, state,
     187             :                                   &state->recv_iov,
     188             :                                   &inhdr,
     189             :                                   &wct,
     190             :                                   &vwv,
     191             :                                   NULL, /* pvwv_offset */
     192             :                                   &num_bytes,
     193             :                                   &bytes,
     194             :                                   NULL, /* pbytes_offset */
     195             :                                   NULL, /* pinbuf */
     196             :                                   expected, ARRAY_SIZE(expected));
     197          24 :         TALLOC_FREE(subreq);
     198          24 :         if (tevent_req_nterror(req, status)) {
     199           0 :                 return;
     200             :         }
     201             : 
     202          24 :         flags2 = SVAL(inhdr, HDR_FLG2);
     203          24 :         if (flags2 & FLAGS2_UNICODE_STRINGS) {
     204           0 :                 use_unicode = true;
     205             :         }
     206             : 
     207          24 :         state->out_session_id = SVAL(inhdr, HDR_UID);
     208          24 :         state->out_action = SVAL(vwv+2, 0);
     209             : 
     210          24 :         p = bytes;
     211             : 
     212          24 :         status = smb_bytes_pull_str(state, &state->out_native_os,
     213             :                                     use_unicode, bytes, num_bytes,
     214             :                                     p, &ret);
     215          24 :         if (tevent_req_nterror(req, status)) {
     216           0 :                 return;
     217             :         }
     218          24 :         p += ret;
     219             : 
     220          24 :         status = smb_bytes_pull_str(state, &state->out_native_lm,
     221             :                                     use_unicode, bytes, num_bytes,
     222             :                                     p, &ret);
     223          24 :         if (tevent_req_nterror(req, status)) {
     224           0 :                 return;
     225             :         }
     226             : 
     227          24 :         smb1cli_session_set_id(state->session, state->out_session_id);
     228          24 :         smb1cli_session_set_action(state->session, state->out_action);
     229             : 
     230          24 :         tevent_req_done(req);
     231             : }
     232             : 
     233          24 : NTSTATUS smb1cli_session_setup_lm21_recv(struct tevent_req *req,
     234             :                                          TALLOC_CTX *mem_ctx,
     235             :                                          char **out_native_os,
     236             :                                          char **out_native_lm)
     237             : {
     238           0 :         struct smb1cli_session_setup_lm21_state *state =
     239          24 :                 tevent_req_data(req,
     240             :                 struct smb1cli_session_setup_lm21_state);
     241           0 :         NTSTATUS status;
     242             : 
     243          24 :         if (tevent_req_is_nterror(req, &status)) {
     244           0 :                 tevent_req_received(req);
     245           0 :                 return status;
     246             :         }
     247             : 
     248          24 :         if (out_native_os != NULL) {
     249          24 :                 *out_native_os = talloc_move(mem_ctx, &state->out_native_os);
     250             :         }
     251             : 
     252          24 :         if (out_native_lm != NULL) {
     253          24 :                 *out_native_lm = talloc_move(mem_ctx, &state->out_native_lm);
     254             :         }
     255             : 
     256          24 :         tevent_req_received(req);
     257          24 :         return NT_STATUS_OK;
     258             : }
     259             : 
     260             : struct smb1cli_session_setup_nt1_state {
     261             :         struct smbXcli_session *session;
     262             :         uint16_t vwv[13];
     263             :         struct iovec *recv_iov;
     264             :         uint8_t *inbuf;
     265             :         uint16_t out_session_id;
     266             :         uint16_t out_action;
     267             :         char *out_native_os;
     268             :         char *out_native_lm;
     269             :         char *out_primary_domain;
     270             : };
     271             : 
     272             : static void smb1cli_session_setup_nt1_done(struct tevent_req *subreq);
     273             : 
     274          65 : struct tevent_req *smb1cli_session_setup_nt1_send(TALLOC_CTX *mem_ctx,
     275             :                                 struct tevent_context *ev,
     276             :                                 struct smbXcli_conn *conn,
     277             :                                 uint32_t timeout_msec,
     278             :                                 uint32_t pid,
     279             :                                 struct smbXcli_session *session,
     280             :                                 uint16_t in_buf_size,
     281             :                                 uint16_t in_mpx_max,
     282             :                                 uint16_t in_vc_num,
     283             :                                 uint32_t in_sess_key,
     284             :                                 const char *in_user,
     285             :                                 const char *in_domain,
     286             :                                 const DATA_BLOB in_apassword,
     287             :                                 const DATA_BLOB in_upassword,
     288             :                                 uint32_t in_capabilities,
     289             :                                 const char *in_native_os,
     290             :                                 const char *in_native_lm)
     291             : {
     292          65 :         struct tevent_req *req = NULL;
     293          65 :         struct smb1cli_session_setup_nt1_state *state = NULL;
     294          65 :         struct tevent_req *subreq = NULL;
     295          65 :         uint16_t *vwv = NULL;
     296          65 :         uint8_t *bytes = NULL;
     297          65 :         size_t align_upassword = 0;
     298          65 :         size_t apassword_ofs = 0;
     299          65 :         size_t upassword_ofs = 0;
     300             : 
     301          65 :         req = tevent_req_create(mem_ctx, &state,
     302             :                                 struct smb1cli_session_setup_nt1_state);
     303          65 :         if (req == NULL) {
     304           0 :                 return NULL;
     305             :         }
     306          65 :         state->session = session;
     307          65 :         vwv = state->vwv;
     308             : 
     309          65 :         if (in_user == NULL) {
     310           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
     311           0 :                 return tevent_req_post(req, ev);
     312             :         }
     313             : 
     314          65 :         if (in_domain == NULL) {
     315           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
     316           0 :                 return tevent_req_post(req, ev);
     317             :         }
     318             : 
     319          65 :         if (in_apassword.length > UINT16_MAX) {
     320           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
     321           0 :                 return tevent_req_post(req, ev);
     322             :         }
     323             : 
     324          65 :         if (in_upassword.length > UINT16_MAX) {
     325           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
     326           0 :                 return tevent_req_post(req, ev);
     327             :         }
     328             : 
     329          65 :         if (in_native_os == NULL && in_native_lm != NULL) {
     330           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
     331           0 :                 return tevent_req_post(req, ev);
     332             :         }
     333             : 
     334          65 :         SCVAL(vwv+0,  0, 0xff);
     335          65 :         SCVAL(vwv+0,  1, 0);
     336          65 :         SSVAL(vwv+1,  0, 0);
     337          65 :         SSVAL(vwv+2,  0, in_buf_size);
     338          65 :         SSVAL(vwv+3,  0, in_mpx_max);
     339          65 :         SSVAL(vwv+4,  0, in_vc_num);
     340          65 :         SIVAL(vwv+5,  0, in_sess_key);
     341          65 :         SSVAL(vwv+7,  0, in_apassword.length);
     342          65 :         SSVAL(vwv+8,  0, in_upassword.length);
     343          65 :         SSVAL(vwv+9,  0, 0); /* reserved */
     344          65 :         SSVAL(vwv+10, 0, 0); /* reserved */
     345          65 :         SIVAL(vwv+11, 0, in_capabilities);
     346             : 
     347          65 :         if (in_apassword.length == 0 && in_upassword.length > 0) {
     348             :                 /*
     349             :                  * This is plaintext auth with a unicode password,
     350             :                  * we need to align the buffer.
     351             :                  *
     352             :                  * This is what smbclient and Windows XP send as
     353             :                  * a client. And what smbd expects.
     354             :                  *
     355             :                  * But it doesn't follow [MS-CIFS] (v20160714)
     356             :                  * 2.2.4.53.1 SMB_COM_SESSION_SETUP_ANDX Request:
     357             :                  *
     358             :                  * ...
     359             :                  *
     360             :                  *  If SMB_FLAGS2_UNICODE is set (1), the value of OEMPasswordLen
     361             :                  *  MUST be 0x0000 and the password MUST be encoded using
     362             :                  *  UTF-16LE Unicode. Padding MUST NOT be added to
     363             :                  *  align this plaintext Unicode string to a word boundary.
     364             :                  *
     365             :                  * ...
     366             :                  */
     367           0 :                 uint16_t security_mode = smb1cli_conn_server_security_mode(conn);
     368             : 
     369           0 :                 if (!(security_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)) {
     370           0 :                         align_upassword = 1;
     371             :                 }
     372             :         }
     373             : 
     374          65 :         bytes = talloc_array(state, uint8_t,
     375             :                              in_apassword.length +
     376             :                              align_upassword +
     377             :                              in_upassword.length);
     378          65 :         if (tevent_req_nomem(bytes, req)) {
     379           0 :                 return tevent_req_post(req, ev);
     380             :         }
     381          65 :         if (in_apassword.length != 0) {
     382          42 :                 memcpy(bytes + apassword_ofs,
     383          42 :                        in_apassword.data,
     384          42 :                        in_apassword.length);
     385          42 :                 upassword_ofs += in_apassword.length;
     386             :         }
     387          65 :         if (align_upassword != 0) {
     388           0 :                 memset(bytes + upassword_ofs, 0, align_upassword);
     389           0 :                 upassword_ofs += align_upassword;
     390             :         }
     391          65 :         if (in_upassword.length != 0) {
     392          42 :                 memcpy(bytes + upassword_ofs,
     393          42 :                        in_upassword.data,
     394          42 :                        in_upassword.length);
     395             :         }
     396             : 
     397          65 :         bytes = smb_bytes_push_str(bytes,
     398          65 :                                    smbXcli_conn_use_unicode(conn),
     399          65 :                                    in_user, strlen(in_user)+1,
     400             :                                    NULL);
     401          65 :         bytes = smb_bytes_push_str(bytes,
     402          65 :                                    smbXcli_conn_use_unicode(conn),
     403          65 :                                    in_domain, strlen(in_domain)+1,
     404             :                                    NULL);
     405          65 :         if (in_native_os != NULL) {
     406          65 :                 bytes = smb_bytes_push_str(bytes,
     407          65 :                                            smbXcli_conn_use_unicode(conn),
     408          65 :                                            in_native_os, strlen(in_native_os)+1,
     409             :                                            NULL);
     410             :         }
     411          65 :         if (in_native_lm != NULL) {
     412          65 :                 bytes = smb_bytes_push_str(bytes,
     413          65 :                                            smbXcli_conn_use_unicode(conn),
     414          65 :                                            in_native_lm, strlen(in_native_lm)+1,
     415             :                                            NULL);
     416             :         }
     417          65 :         if (tevent_req_nomem(bytes, req)) {
     418           0 :                 return tevent_req_post(req, ev);
     419             :         }
     420             : 
     421          65 :         subreq = smb1cli_req_send(state, ev, conn,
     422             :                                   SMBsesssetupX,
     423             :                                   0, /*  additional_flags */
     424             :                                   0, /*  clear_flags */
     425             :                                   0, /*  additional_flags2 */
     426             :                                   0, /*  clear_flags2 */
     427             :                                   timeout_msec,
     428             :                                   pid,
     429             :                                   NULL, /* tcon */
     430             :                                   session,
     431             :                                   13, /* wct */
     432             :                                   vwv,
     433          65 :                                   talloc_get_size(bytes),
     434             :                                   bytes);
     435          65 :         if (tevent_req_nomem(subreq, req)) {
     436           0 :                 return tevent_req_post(req, ev);
     437             :         }
     438          65 :         tevent_req_set_callback(subreq, smb1cli_session_setup_nt1_done, req);
     439             : 
     440          65 :         return req;
     441             : }
     442             : 
     443          65 : static void smb1cli_session_setup_nt1_done(struct tevent_req *subreq)
     444             : {
     445           0 :         struct tevent_req *req =
     446          65 :                 tevent_req_callback_data(subreq,
     447             :                 struct tevent_req);
     448           0 :         struct smb1cli_session_setup_nt1_state *state =
     449          65 :                 tevent_req_data(req,
     450             :                 struct smb1cli_session_setup_nt1_state);
     451           0 :         NTSTATUS status;
     452          65 :         uint8_t *inhdr = NULL;
     453           0 :         uint8_t wct;
     454          65 :         uint16_t *vwv = NULL;
     455           0 :         uint32_t num_bytes;
     456          65 :         uint8_t *bytes = NULL;
     457          65 :         const uint8_t *p = NULL;
     458          65 :         size_t ret = 0;
     459           0 :         uint16_t flags2;
     460          65 :         bool use_unicode = false;
     461          65 :         struct smb1cli_req_expected_response expected[] = {
     462             :         {
     463             :                 .status = NT_STATUS_OK,
     464             :                 .wct    = 3,
     465             :         },
     466             :         };
     467             : 
     468          65 :         status = smb1cli_req_recv(subreq, state,
     469             :                                   &state->recv_iov,
     470             :                                   &inhdr,
     471             :                                   &wct,
     472             :                                   &vwv,
     473             :                                   NULL, /* pvwv_offset */
     474             :                                   &num_bytes,
     475             :                                   &bytes,
     476             :                                   NULL, /* pbytes_offset */
     477             :                                   &state->inbuf,
     478             :                                   expected, ARRAY_SIZE(expected));
     479          65 :         TALLOC_FREE(subreq);
     480          65 :         if (tevent_req_nterror(req, status)) {
     481           4 :                 return;
     482             :         }
     483             : 
     484          61 :         flags2 = SVAL(inhdr, HDR_FLG2);
     485          61 :         if (flags2 & FLAGS2_UNICODE_STRINGS) {
     486          61 :                 use_unicode = true;
     487             :         }
     488             : 
     489          61 :         state->out_session_id = SVAL(inhdr, HDR_UID);
     490          61 :         state->out_action = SVAL(vwv+2, 0);
     491             : 
     492          61 :         p = bytes;
     493             : 
     494          61 :         status = smb_bytes_pull_str(state, &state->out_native_os,
     495             :                                     use_unicode, bytes, num_bytes,
     496             :                                     p, &ret);
     497          61 :         if (tevent_req_nterror(req, status)) {
     498           0 :                 return;
     499             :         }
     500          61 :         p += ret;
     501             : 
     502          61 :         status = smb_bytes_pull_str(state, &state->out_native_lm,
     503             :                                     use_unicode, bytes, num_bytes,
     504             :                                     p, &ret);
     505          61 :         if (tevent_req_nterror(req, status)) {
     506           0 :                 return;
     507             :         }
     508          61 :         p += ret;
     509             : 
     510          61 :         status = smb_bytes_pull_str(state, &state->out_primary_domain,
     511             :                                     use_unicode, bytes, num_bytes,
     512             :                                     p, &ret);
     513          61 :         if (tevent_req_nterror(req, status)) {
     514           0 :                 return;
     515             :         }
     516             : 
     517          61 :         smb1cli_session_set_id(state->session, state->out_session_id);
     518          61 :         smb1cli_session_set_action(state->session, state->out_action);
     519             : 
     520          61 :         tevent_req_done(req);
     521             : }
     522             : 
     523          65 : NTSTATUS smb1cli_session_setup_nt1_recv(struct tevent_req *req,
     524             :                                         TALLOC_CTX *mem_ctx,
     525             :                                         struct iovec **precv_iov,
     526             :                                         const uint8_t **precv_inbuf,
     527             :                                         char **out_native_os,
     528             :                                         char **out_native_lm,
     529             :                                         char **out_primary_domain)
     530             : {
     531           0 :         struct smb1cli_session_setup_nt1_state *state =
     532          65 :                 tevent_req_data(req,
     533             :                 struct smb1cli_session_setup_nt1_state);
     534           0 :         NTSTATUS status;
     535          65 :         struct iovec *recv_iov = NULL;
     536             : 
     537          65 :         if (tevent_req_is_nterror(req, &status)) {
     538           4 :                 tevent_req_received(req);
     539           4 :                 return status;
     540             :         }
     541             : 
     542          61 :         recv_iov = talloc_move(mem_ctx, &state->recv_iov);
     543          61 :         if (precv_iov != NULL) {
     544          61 :                 *precv_iov = recv_iov;
     545             :         }
     546          61 :         if (precv_inbuf != NULL) {
     547          61 :                 *precv_inbuf = state->inbuf;
     548             :         }
     549             : 
     550          61 :         if (out_native_os != NULL) {
     551          61 :                 *out_native_os = talloc_move(mem_ctx, &state->out_native_os);
     552             :         }
     553             : 
     554          61 :         if (out_native_lm != NULL) {
     555          61 :                 *out_native_lm = talloc_move(mem_ctx, &state->out_native_lm);
     556             :         }
     557             : 
     558          61 :         if (out_primary_domain != NULL) {
     559          61 :                 *out_primary_domain = talloc_move(mem_ctx,
     560             :                                                   &state->out_primary_domain);
     561             :         }
     562             : 
     563          61 :         tevent_req_received(req);
     564          61 :         return NT_STATUS_OK;
     565             : }
     566             : 
     567             : struct smb1cli_session_setup_ext_state {
     568             :         struct smbXcli_session *session;
     569             :         uint16_t vwv[12];
     570             :         struct iovec *recv_iov;
     571             :         uint8_t *inbuf;
     572             :         NTSTATUS status;
     573             :         uint16_t out_session_id;
     574             :         uint16_t out_action;
     575             :         DATA_BLOB out_security_blob;
     576             :         char *out_native_os;
     577             :         char *out_native_lm;
     578             : };
     579             : 
     580             : static void smb1cli_session_setup_ext_done(struct tevent_req *subreq);
     581             : 
     582        7631 : struct tevent_req *smb1cli_session_setup_ext_send(TALLOC_CTX *mem_ctx,
     583             :                                 struct tevent_context *ev,
     584             :                                 struct smbXcli_conn *conn,
     585             :                                 uint32_t timeout_msec,
     586             :                                 uint32_t pid,
     587             :                                 struct smbXcli_session *session,
     588             :                                 uint16_t in_buf_size,
     589             :                                 uint16_t in_mpx_max,
     590             :                                 uint16_t in_vc_num,
     591             :                                 uint32_t in_sess_key,
     592             :                                 const DATA_BLOB in_security_blob,
     593             :                                 uint32_t in_capabilities,
     594             :                                 const char *in_native_os,
     595             :                                 const char *in_native_lm)
     596             : {
     597        7631 :         struct tevent_req *req = NULL;
     598        7631 :         struct smb1cli_session_setup_ext_state *state = NULL;
     599        7631 :         struct tevent_req *subreq = NULL;
     600        7631 :         uint16_t *vwv = NULL;
     601        7631 :         uint8_t *bytes = NULL;
     602             : 
     603        7631 :         req = tevent_req_create(mem_ctx, &state,
     604             :                                 struct smb1cli_session_setup_ext_state);
     605        7631 :         if (req == NULL) {
     606           0 :                 return NULL;
     607             :         }
     608        7631 :         state->session = session;
     609        7631 :         vwv = state->vwv;
     610             : 
     611        7631 :         if (in_security_blob.length > UINT16_MAX) {
     612           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
     613           0 :                 return tevent_req_post(req, ev);
     614             :         }
     615             : 
     616        7631 :         if (in_native_os == NULL && in_native_lm != NULL) {
     617           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
     618           0 :                 return tevent_req_post(req, ev);
     619             :         }
     620             : 
     621        7631 :         SCVAL(vwv+0,  0, 0xff);
     622        7631 :         SCVAL(vwv+0,  1, 0);
     623        7631 :         SSVAL(vwv+1,  0, 0);
     624        7631 :         SSVAL(vwv+2,  0, in_buf_size);
     625        7631 :         SSVAL(vwv+3,  0, in_mpx_max);
     626        7631 :         SSVAL(vwv+4,  0, in_vc_num);
     627        7631 :         SIVAL(vwv+5,  0, in_sess_key);
     628        7631 :         SSVAL(vwv+7,  0, in_security_blob.length);
     629        7631 :         SSVAL(vwv+8,  0, 0); /* reserved */
     630        7631 :         SSVAL(vwv+9,  0, 0); /* reserved */
     631        7631 :         SIVAL(vwv+10, 0, in_capabilities);
     632             : 
     633        7631 :         bytes = talloc_array(state, uint8_t,
     634             :                              in_security_blob.length);
     635        7631 :         if (tevent_req_nomem(bytes, req)) {
     636           0 :                 return tevent_req_post(req, ev);
     637             :         }
     638        7631 :         if (in_security_blob.length != 0) {
     639        7631 :                 memcpy(bytes,
     640        7631 :                        in_security_blob.data,
     641        7631 :                        in_security_blob.length);
     642             :         }
     643             : 
     644        7631 :         if (in_native_os != NULL) {
     645        7631 :                 bytes = smb_bytes_push_str(bytes,
     646        7631 :                                            smbXcli_conn_use_unicode(conn),
     647        7631 :                                            in_native_os, strlen(in_native_os)+1,
     648             :                                            NULL);
     649             :         }
     650        7631 :         if (in_native_lm != NULL) {
     651        7631 :                 bytes = smb_bytes_push_str(bytes,
     652        7631 :                                            smbXcli_conn_use_unicode(conn),
     653        7631 :                                            in_native_lm, strlen(in_native_lm)+1,
     654             :                                            NULL);
     655             :         }
     656        7631 :         if (tevent_req_nomem(bytes, req)) {
     657           0 :                 return tevent_req_post(req, ev);
     658             :         }
     659             : 
     660        7631 :         subreq = smb1cli_req_send(state, ev, conn,
     661             :                                   SMBsesssetupX,
     662             :                                   0, /*  additional_flags */
     663             :                                   0, /*  clear_flags */
     664             :                                   0, /*  additional_flags2 */
     665             :                                   0, /*  clear_flags2 */
     666             :                                   timeout_msec,
     667             :                                   pid,
     668             :                                   NULL, /* tcon */
     669             :                                   session,
     670             :                                   12, /* wct */
     671             :                                   vwv,
     672        7631 :                                   talloc_get_size(bytes),
     673             :                                   bytes);
     674        7631 :         if (tevent_req_nomem(subreq, req)) {
     675           0 :                 return tevent_req_post(req, ev);
     676             :         }
     677        7631 :         tevent_req_set_callback(subreq, smb1cli_session_setup_ext_done, req);
     678             : 
     679        7631 :         return req;
     680             : }
     681             : 
     682        7631 : static void smb1cli_session_setup_ext_done(struct tevent_req *subreq)
     683             : {
     684           0 :         struct tevent_req *req =
     685        7631 :                 tevent_req_callback_data(subreq,
     686             :                 struct tevent_req);
     687           0 :         struct smb1cli_session_setup_ext_state *state =
     688        7631 :                 tevent_req_data(req,
     689             :                 struct smb1cli_session_setup_ext_state);
     690           0 :         NTSTATUS status;
     691        7631 :         uint8_t *inhdr = NULL;
     692           0 :         uint8_t wct;
     693        7631 :         uint16_t *vwv = NULL;
     694           0 :         uint32_t num_bytes;
     695        7631 :         uint8_t *bytes = NULL;
     696        7631 :         const uint8_t *p = NULL;
     697        7631 :         size_t ret = 0;
     698           0 :         uint16_t flags2;
     699        7631 :         uint16_t out_security_blob_length = 0;
     700        7631 :         bool use_unicode = false;
     701        7631 :         struct smb1cli_req_expected_response expected[] = {
     702             :         {
     703             :                 .status = NT_STATUS_OK,
     704             :                 .wct    = 4,
     705             :         },
     706             :         {
     707             :                 .status = NT_STATUS_MORE_PROCESSING_REQUIRED,
     708             :                 .wct    = 4,
     709             :         },
     710             :         };
     711             : 
     712        7631 :         status = smb1cli_req_recv(subreq, state,
     713             :                                   &state->recv_iov,
     714             :                                   &inhdr,
     715             :                                   &wct,
     716             :                                   &vwv,
     717             :                                   NULL, /* pvwv_offset */
     718             :                                   &num_bytes,
     719             :                                   &bytes,
     720             :                                   NULL, /* pbytes_offset */
     721             :                                   &state->inbuf,
     722             :                                   expected, ARRAY_SIZE(expected));
     723        7631 :         TALLOC_FREE(subreq);
     724        7631 :         state->status = status;
     725        7631 :         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
     726        3805 :                 status = NT_STATUS_OK;
     727             :         }
     728        7631 :         if (tevent_req_nterror(req, status)) {
     729          44 :                 return;
     730             :         }
     731             : 
     732        7587 :         flags2 = SVAL(inhdr, HDR_FLG2);
     733        7587 :         if (flags2 & FLAGS2_UNICODE_STRINGS) {
     734        7587 :                 use_unicode = true;
     735             :         }
     736             : 
     737        7587 :         state->out_session_id = SVAL(inhdr, HDR_UID);
     738        7587 :         state->out_action = SVAL(vwv+2, 0);
     739        7587 :         out_security_blob_length = SVAL(vwv+3, 0);
     740             : 
     741        7587 :         if (out_security_blob_length > num_bytes) {
     742           0 :                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
     743           0 :                 return;
     744             :         }
     745             : 
     746        7587 :         p = bytes;
     747             : 
     748             :         /*
     749             :          * Note: this points into state->recv_iov!
     750             :          */
     751        7587 :         state->out_security_blob = data_blob_const(p, out_security_blob_length);
     752        7587 :         p += out_security_blob_length;
     753             : 
     754        7587 :         status = smb_bytes_pull_str(state, &state->out_native_os,
     755             :                                     use_unicode, bytes, num_bytes,
     756             :                                     p, &ret);
     757        7587 :         if (tevent_req_nterror(req, status)) {
     758           0 :                 return;
     759             :         }
     760        7587 :         p += ret;
     761             : 
     762        7587 :         status = smb_bytes_pull_str(state, &state->out_native_lm,
     763             :                                     use_unicode, bytes, num_bytes,
     764             :                                     p, &ret);
     765        7587 :         if (tevent_req_nterror(req, status)) {
     766           0 :                 return;
     767             :         }
     768             :         /* p += ret; */
     769             : 
     770        7587 :         smb1cli_session_set_id(state->session, state->out_session_id);
     771        7587 :         smb1cli_session_set_action(state->session, state->out_action);
     772             : 
     773        7587 :         tevent_req_done(req);
     774             : }
     775             : 
     776        7631 : NTSTATUS smb1cli_session_setup_ext_recv(struct tevent_req *req,
     777             :                                         TALLOC_CTX *mem_ctx,
     778             :                                         struct iovec **precv_iov,
     779             :                                         const uint8_t **precv_inbuf,
     780             :                                         DATA_BLOB *out_security_blob,
     781             :                                         char **out_native_os,
     782             :                                         char **out_native_lm)
     783             : {
     784           0 :         struct smb1cli_session_setup_ext_state *state =
     785        7631 :                 tevent_req_data(req,
     786             :                 struct smb1cli_session_setup_ext_state);
     787           0 :         NTSTATUS status;
     788        7631 :         struct iovec *recv_iov = NULL;
     789             : 
     790        7631 :         if (tevent_req_is_nterror(req, &status)) {
     791          44 :                 tevent_req_received(req);
     792          44 :                 return status;
     793             :         }
     794             : 
     795        7587 :         recv_iov = talloc_move(mem_ctx, &state->recv_iov);
     796        7587 :         if (precv_iov != NULL) {
     797        7587 :                 *precv_iov = recv_iov;
     798             :         }
     799        7587 :         if (precv_inbuf != NULL) {
     800        7587 :                 *precv_inbuf = state->inbuf;
     801             :         }
     802             : 
     803        7587 :         *out_security_blob = state->out_security_blob;
     804             : 
     805        7587 :         if (out_native_os != NULL) {
     806        7587 :                 *out_native_os = talloc_move(mem_ctx, &state->out_native_os);
     807             :         }
     808             : 
     809        7587 :         if (out_native_lm != NULL) {
     810        7587 :                 *out_native_lm = talloc_move(mem_ctx, &state->out_native_lm);
     811             :         }
     812             : 
     813             :         /*
     814             :          * Return the status from the server:
     815             :          * NT_STATUS_MORE_PROCESSING_REQUIRED or
     816             :          * NT_STATUS_OK.
     817             :          */
     818        7587 :         status = state->status;
     819        7587 :         tevent_req_received(req);
     820        7587 :         return status;
     821             : }

Generated by: LCOV version 1.14