The branch, master has been updated
via f7d249d s3:libsmb: Always use GENSEC_OID_SPNEGO in
cli_smb1_setup_encryption_send()
via f595031 s3:libsmb: pass cli_credentials to cli_check_msdfs_proxy()
via c19232b s3:client: use cli_cm_force_encryption_creds in smbspool.c
(in a #if 0 section)
via 0c52239 s3:libsmb: make use of cli_cm_force_encryption_creds()
where we already have creds
via ff23ee7 s3:libsmb: split out cli_cm_force_encryption_creds()
via b4340ea s3:libsmb: make use of cli_tree_connect_creds() in
SMBC_server_internal()
via 5fd8db9 s3:libsmb: make use of cli_tree_connect_creds() in
clidfs.c:do_connect()
via 1221236 s3:libsmb: remove now unused cli_session_setup()
via 151e37b s3:libsmb: avoid using cli_session_setup() in
SMBC_server_internal()
via c478f68 s3:libsmb: make use of get_cmdline_auth_info_creds() in
clidfs.c:do_connect()
via 9e79433 s3:libsmb: remove unused cli_*_encryption* functions
via b9ff137 s3:libsmb: make use of cli_smb1_setup_encryption() in
cli_cm_force_encryption()
via 19bbd37 s3:client: make use of cli_smb1_setup_encryption() in
cmd_posix_encrypt()
via 791847f s3:torture: make use of cli_smb1_setup_encryption() in
force_cli_encryption()
via b9b0815 s3:libsmb: add cli_smb1_setup_encryption*() functions
via 9b39377 s3:printing: remove double PRINT_SPOOL_PREFIX define
via 1aa765d testprogs: Use better KRB5CCNAME in
test_password_settings.sh
from 1a59014 docs-xml: Remove duplicate listing of configfile option in
man pages
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f7d249da4e79bb4f35b9b57b21f0f5e66380402d
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Dec 8 12:25:22 2016 +0100
s3:libsmb: Always use GENSEC_OID_SPNEGO in cli_smb1_setup_encryption_send()
Also old servers should be able to handle NTLMSSP via SPNEGO.
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Wed Dec 21 22:21:08 CET 2016 on sn-devel-144
commit f595031cb8203d4184b81976c22644e86a30cabe
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Nov 4 12:25:34 2016 +0100
s3:libsmb: pass cli_credentials to cli_check_msdfs_proxy()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit c19232b4bcfe80e7501c5600bbbec2b27832c1ce
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Nov 4 12:37:08 2016 +0100
s3:client: use cli_cm_force_encryption_creds in smbspool.c (in a #if 0
section)
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 0c522398684ae34d4306285cb6b30ecc5b5a0e98
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Nov 3 17:27:49 2016 +0100
s3:libsmb: make use of cli_cm_force_encryption_creds() where we already
have creds
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit ff23ee7ef209b74856426df6bf4e36d9a7ed8f94
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Nov 3 17:26:41 2016 +0100
s3:libsmb: split out cli_cm_force_encryption_creds()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit b4340ea7743cdfff91a08eb4fe656ddbe0794cc7
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Dec 12 06:00:32 2016 +0100
s3:libsmb: make use of cli_tree_connect_creds() in SMBC_server_internal()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 5fd8db91efe24e0da8321197b8b568fed9ea4d78
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Dec 9 09:06:38 2016 +0100
s3:libsmb: make use of cli_tree_connect_creds() in clidfs.c:do_connect()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 12212363bf756c6ba33804f859d67395e4cf71d3
Author: Stefan Metzmacher <me...@samba.org>
Date: Sun Oct 30 16:46:54 2016 +0100
s3:libsmb: remove now unused cli_session_setup()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 151e37b548bdba582bcbe7a216cd9b420d29b7b6
Author: Stefan Metzmacher <me...@samba.org>
Date: Sun Oct 30 16:42:45 2016 +0100
s3:libsmb: avoid using cli_session_setup() in SMBC_server_internal()
Using cli_session_creds_init() will allow it to be passed to other sub
functions
later.
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit c478f688c29f0b9ff114cf2554c1c6cb273c98e4
Author: Stefan Metzmacher <me...@samba.org>
Date: Sun Oct 30 16:45:39 2016 +0100
s3:libsmb: make use of get_cmdline_auth_info_creds() in
clidfs.c:do_connect()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 9e794330d0399777cb6cc4c9b036ba1b4f7ea470
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Nov 3 14:50:28 2016 +0100
s3:libsmb: remove unused cli_*_encryption* functions
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit b9ff137e03ef4ba2cc42e886d6133c5ad61b7ea6
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Nov 3 14:50:28 2016 +0100
s3:libsmb: make use of cli_smb1_setup_encryption() in
cli_cm_force_encryption()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 19bbd37b8df6315efc09b8e4007f4c4ddc155244
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Nov 3 14:50:28 2016 +0100
s3:client: make use of cli_smb1_setup_encryption() in cmd_posix_encrypt()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 791847f90ce0c0fc42c75ec6283906a0c5f5b926
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Nov 3 14:50:28 2016 +0100
s3:torture: make use of cli_smb1_setup_encryption() in
force_cli_encryption()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit b9b0815d0f566923fe7442c35e2f321e442bb6bb
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 31 23:02:27 2016 +0100
s3:libsmb: add cli_smb1_setup_encryption*() functions
This will allow us to setup SMB1 encryption by just passing
cli_credentials.
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 9b3937704d2b3a03590758bec7bdbe838d4e83be
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Dec 19 23:04:17 2016 +0100
s3:printing: remove double PRINT_SPOOL_PREFIX define
We already have this in source3/include/printing.h
which is also included in source3/printing/printspoolss.c
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 1aa765d344e148826c75d65c502ee45bc9e8f42c
Author: Andreas Schneider <a...@samba.org>
Date: Tue Sep 20 09:46:34 2016 +0200
testprogs: Use better KRB5CCNAME in test_password_settings.sh
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/client/client.c | 46 ++-
source3/client/smbspool.c | 6 +-
source3/libsmb/cliconnect.c | 452 ++++++++++++++++++++++++---
source3/libsmb/clidfs.c | 96 +++---
source3/libsmb/clifsinfo.c | 245 ---------------
source3/libsmb/libsmb_server.c | 47 ++-
source3/libsmb/proto.h | 22 +-
source3/printing/printspoolss.c | 3 -
source3/torture/torture.c | 10 +-
testprogs/blackbox/test_password_settings.sh | 8 +
10 files changed, 556 insertions(+), 379 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/client/client.c b/source3/client/client.c
index cde9776..226eb27 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -2535,35 +2535,53 @@ static int cmd_posix_encrypt(void)
{
TALLOC_CTX *ctx = talloc_tos();
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ char *domain = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ struct cli_credentials *creds = NULL;
+ struct cli_credentials *lcreds = NULL;
- if (cli->use_kerberos) {
- status = cli_gss_smb_encryption_start(cli);
- } else {
- char *domain = NULL;
- char *user = NULL;
- char *password = NULL;
+ if (next_token_talloc(ctx, &cmd_ptr, &domain, NULL)) {
- if (!next_token_talloc(ctx, &cmd_ptr,&domain,NULL)) {
+ if (!next_token_talloc(ctx, &cmd_ptr, &user, NULL)) {
d_printf("posix_encrypt domain user password\n");
return 1;
}
- if (!next_token_talloc(ctx, &cmd_ptr,&user,NULL)) {
+ if (!next_token_talloc(ctx, &cmd_ptr, &password, NULL)) {
d_printf("posix_encrypt domain user password\n");
return 1;
}
- if (!next_token_talloc(ctx, &cmd_ptr,&password,NULL)) {
+ lcreds = cli_session_creds_init(ctx,
+ user,
+ domain,
+ NULL, /* realm */
+ password,
+ false, /* use_kerberos */
+ false, /*
fallback_after_kerberos */
+ false, /* use_ccache */
+ false); /* password_is_nt_hash
*/
+ if (lcreds == NULL) {
+ d_printf("cli_session_creds_init() failed.\n");
+ return -1;
+ }
+ creds = lcreds;
+ } else {
+ bool auth_requested = false;
+
+ creds = get_cmdline_auth_info_creds(auth_info);
+
+ auth_requested =
cli_credentials_authentication_requested(creds);
+ if (!auth_requested) {
d_printf("posix_encrypt domain user password\n");
return 1;
}
-
- status = cli_raw_ntlm_smb_encryption_start(cli,
- user,
- password,
- domain);
}
+ status = cli_smb1_setup_encryption(cli, creds);
+ /* gensec currently references the creds so we can't free them here */
+ talloc_unlink(ctx, lcreds);
if (!NT_STATUS_IS_OK(status)) {
d_printf("posix_encrypt failed with error %s\n",
nt_errstr(status));
} else {
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index a447836..10e89c7 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -474,11 +474,7 @@ smb_complete_connection(const char *myname,
#if 0
/* Need to work out how to specify this on the URL. */
if (smb_encrypt) {
- if (!cli_cm_force_encryption(cli,
- username,
- password,
- workgroup,
- share)) {
+ if (!cli_cm_force_encryption_creds(cli, creds, share)) {
fprintf(stderr, "ERROR: encryption setup failed\n");
cli_shutdown(cli);
return NULL;
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 02c465c..55768bf 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -37,6 +37,7 @@
#include "libsmb/nmblib.h"
#include "librpc/ndr/libndr.h"
#include "../libcli/smb/smbXcli_base.h"
+#include "../libcli/smb/smb_seal.h"
#include "lib/param/param.h"
#define STAR_SMBSERVER "*SMBSERVER"
@@ -1774,43 +1775,6 @@ NTSTATUS cli_session_setup_anon(struct cli_state *cli)
return NT_STATUS_OK;
}
-NTSTATUS cli_session_setup(struct cli_state *cli,
- const char *user,
- const char *pass,
- const char *workgroup)
-{
- NTSTATUS status = NT_STATUS_NO_MEMORY;
- const char *dest_realm = NULL;
- struct cli_credentials *creds = NULL;
-
- /*
- * dest_realm is only valid in the winbindd use case,
- * where we also have the account in that realm.
- */
- dest_realm = cli_state_remote_realm(cli);
-
- creds = cli_session_creds_init(cli,
- user,
- workgroup,
- dest_realm,
- pass,
- cli->use_kerberos,
- cli->fallback_after_kerberos,
- cli->use_ccache,
- cli->pw_nt_hash);
- if (creds == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- status = cli_session_setup_creds(cli, creds);
- TALLOC_FREE(creds);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- return NT_STATUS_OK;
-}
-
/****************************************************************************
Send a uloggoff.
*****************************************************************************/
@@ -2864,6 +2828,420 @@ fail:
return status;
}
+struct cli_smb1_setup_encryption_blob_state {
+ uint16_t setup[1];
+ uint8_t param[4];
+ NTSTATUS status;
+ DATA_BLOB out;
+ uint16_t enc_ctx_id;
+};
+
+static void cli_smb1_setup_encryption_blob_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_smb1_setup_encryption_blob_send(TALLOC_CTX
*mem_ctx,
+ struct tevent_context
*ev,
+ struct cli_state *cli,
+ const DATA_BLOB in)
+{
+ struct tevent_req *req = NULL;
+ struct cli_smb1_setup_encryption_blob_state *state = NULL;
+ struct tevent_req *subreq = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb1_setup_encryption_blob_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (in.length > CLI_BUFFER_SIZE) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+
+ SSVAL(state->setup+0, 0, TRANSACT2_SETFSINFO);
+ SSVAL(state->param, 0, 0);
+ SSVAL(state->param, 2, SMB_REQUEST_TRANSPORT_ENCRYPTION);
+
+ subreq = smb1cli_trans_send(state, ev, cli->conn,
+ SMBtrans2,
+ 0, 0, /* _flags */
+ 0, 0, /* _flags2 */
+ cli->timeout,
+ cli->smb1.pid,
+ cli->smb1.tcon,
+ cli->smb1.session,
+ NULL, /* pipe_name */
+ 0, /* fid */
+ 0, /* function */
+ 0, /* flags */
+ state->setup, 1, 0,
+ state->param, 4, 2,
+ in.data, in.length, CLI_BUFFER_SIZE);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ cli_smb1_setup_encryption_blob_done,
+ req);
+
+ return req;
+}
+
+static void cli_smb1_setup_encryption_blob_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct cli_smb1_setup_encryption_blob_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_blob_state);
+ uint8_t *rparam=NULL, *rdata=NULL;
+ uint32_t num_rparam, num_rdata;
+ NTSTATUS status;
+
+ status = smb1cli_trans_recv(subreq, state,
+ NULL, /* recv_flags */
+ NULL, 0, NULL, /* rsetup */
+ &rparam, 0, &num_rparam,
+ &rdata, 0, &num_rdata);
+ TALLOC_FREE(subreq);
+ state->status = status;
+ if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ status = NT_STATUS_OK;
+ }
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (num_rparam == 2) {
+ state->enc_ctx_id = SVAL(rparam, 0);
+ }
+ TALLOC_FREE(rparam);
+
+ state->out = data_blob_const(rdata, num_rdata);
+
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_smb1_setup_encryption_blob_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *out,
+ uint16_t *enc_ctx_id)
+{
+ struct cli_smb1_setup_encryption_blob_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_blob_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ status = state->status;
+
+ *out = state->out;
+ talloc_steal(mem_ctx, out->data);
+
+ *enc_ctx_id = state->enc_ctx_id;
+
+ tevent_req_received(req);
+ return status;
+}
+
+struct cli_smb1_setup_encryption_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ struct smb_trans_enc_state *es;
+ DATA_BLOB blob_in;
+ DATA_BLOB blob_out;
+ bool local_ready;
+ bool remote_ready;
+};
+
+static void cli_smb1_setup_encryption_local_next(struct tevent_req *req);
+static void cli_smb1_setup_encryption_local_done(struct tevent_req *subreq);
+static void cli_smb1_setup_encryption_remote_next(struct tevent_req *req);
+static void cli_smb1_setup_encryption_remote_done(struct tevent_req *subreq);
+static void cli_smb1_setup_encryption_ready(struct tevent_req *req);
+
+static struct tevent_req *cli_smb1_setup_encryption_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ struct cli_credentials *creds)
+{
+ struct tevent_req *req = NULL;
+ struct cli_smb1_setup_encryption_state *state = NULL;
+ struct auth_generic_state *ags = NULL;
+ const DATA_BLOB *b = NULL;
+ bool auth_requested = false;
+ const char *target_service = NULL;
+ const char *target_hostname = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb1_setup_encryption_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+
+ auth_requested = cli_credentials_authentication_requested(creds);
+ if (!auth_requested) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+
+ target_service = "cifs";
+ target_hostname = smbXcli_conn_remote_name(cli->conn);
+
+ status = cli_session_creds_prepare_krb5(cli, creds);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->es = talloc_zero(state, struct smb_trans_enc_state);
+ if (tevent_req_nomem(state->es, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ status = auth_generic_client_prepare(state->es, &ags);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ gensec_want_feature(ags->gensec_security,
+ GENSEC_FEATURE_SIGN);
+ gensec_want_feature(ags->gensec_security,
+ GENSEC_FEATURE_SEAL);
+
+ status = auth_generic_set_creds(ags, creds);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (target_service != NULL) {
+ status = gensec_set_target_service(ags->gensec_security,
+ target_service);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ if (target_hostname != NULL) {
+ status = gensec_set_target_hostname(ags->gensec_security,
+ target_hostname);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ gensec_set_max_update_size(ags->gensec_security,
+ CLI_BUFFER_SIZE);
+
+ b = smbXcli_conn_server_gss_blob(state->cli->conn);
+ if (b != NULL) {
+ state->blob_in = *b;
+ }
+
+ status = auth_generic_client_start(ags, GENSEC_OID_SPNEGO);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * We only need the gensec_security part from here.
+ */
+ state->es->gensec_security = talloc_move(state->es,
+ &ags->gensec_security);
+ TALLOC_FREE(ags);
+
+ cli_smb1_setup_encryption_local_next(req);
+ if (!tevent_req_is_in_progress(req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ return req;
+}
+
+static void cli_smb1_setup_encryption_local_next(struct tevent_req *req)
+{
+ struct cli_smb1_setup_encryption_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_state);
+ struct tevent_req *subreq = NULL;
+
+ if (state->local_ready) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ subreq = gensec_update_send(state, state->ev,
+ state->es->gensec_security,
+ state->blob_in);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb1_setup_encryption_local_done,
req);
+}
+
+static void cli_smb1_setup_encryption_local_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct cli_smb1_setup_encryption_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_state);
+ NTSTATUS status;
+
+ status = gensec_update_recv(subreq, state, &state->blob_out);
+ TALLOC_FREE(subreq);
+ state->blob_in = data_blob_null;
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
+ {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ state->local_ready = true;
+ }
+
+ /*
+ * We always get NT_STATUS_OK from the server even if it is not ready.
+ * So guess the server is ready when we are ready and already sent
+ * our last blob to the server.
+ */
+ if (state->local_ready && state->blob_out.length == 0) {
+ state->remote_ready = true;
+ }
+
+ if (state->local_ready && state->remote_ready) {
+ cli_smb1_setup_encryption_ready(req);
+ return;
+ }
+
+ cli_smb1_setup_encryption_remote_next(req);
+}
+
+static void cli_smb1_setup_encryption_remote_next(struct tevent_req *req)
+{
+ struct cli_smb1_setup_encryption_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_state);
+ struct tevent_req *subreq = NULL;
+
+ if (state->remote_ready) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ subreq = cli_smb1_setup_encryption_blob_send(state, state->ev,
+ state->cli,
state->blob_out);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_smb1_setup_encryption_remote_done,
+ req);
+}
+
+static void cli_smb1_setup_encryption_remote_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct cli_smb1_setup_encryption_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_state);
+ NTSTATUS status;
+
+ status = cli_smb1_setup_encryption_blob_recv(subreq, state,
+ &state->blob_in,
+ &state->es->enc_ctx_num);
+ TALLOC_FREE(subreq);
+ data_blob_free(&state->blob_out);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
+ {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ /*
+ * We always get NT_STATUS_OK even if the server is not ready.
+ * So guess the server is ready when we are ready and sent
+ * our last blob to the server.
+ */
+ if (state->local_ready) {
+ state->remote_ready = true;
+ }
--
Samba Shared Repository
