void nb_setup(struct smbcli_state *cli, int id)
{
nbio_id = id;
c = cli;
if (bypass_io)
printf("skipping I/O\n");
if (cli) {
smbcli_oplock_handler(cli->transport, oplock_handler, cli->tree);
}
children[id].connected = true;
}
/*
connect to a share - used when a tree_connect operation comes in.
*/
static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req,
union smb_tcon *tcon)
{
NTSTATUS status;
struct cvfs_private *p;
const char *host, *user, *pass, *domain, *remote_share;
struct smb_composite_connect io;
struct composite_context *creq;
struct share_config *scfg = ntvfs->ctx->config;
struct cli_credentials *credentials;
bool machine_account;
bool s4u2proxy;
const char* sharename;
switch (tcon->generic.level) {
case RAW_TCON_TCON:
sharename = tcon->tcon.in.service;
break;
case RAW_TCON_TCONX:
sharename = tcon->tconx.in.path;
break;
case RAW_TCON_SMB2:
sharename = tcon->smb2.in.path;
break;
default:
return NT_STATUS_INVALID_LEVEL;
}
if (strncmp(sharename, "\\\\", 2) == 0) {
char *str = strchr(sharename+2, '\\');
if (str) {
sharename = str + 1;
}
}
/* Here we need to determine which server to connect to.
* For now we use parametric options, type cifs.
* Later we will use security=server and auth_server.c.
*/
host = share_string_option(scfg, CIFS_SERVER, NULL);
user = share_string_option(scfg, CIFS_USER, NULL);
pass = share_string_option(scfg, CIFS_PASSWORD, NULL);
domain = share_string_option(scfg, CIFS_DOMAIN, NULL);
remote_share = share_string_option(scfg, CIFS_SHARE, NULL);
if (!remote_share) {
remote_share = sharename;
}
machine_account = share_bool_option(scfg, CIFS_USE_MACHINE_ACCT, CIFS_USE_MACHINE_ACCT_DEFAULT);
s4u2proxy = share_bool_option(scfg, CIFS_USE_S4U2PROXY, CIFS_USE_S4U2PROXY_DEFAULT);
p = talloc_zero(ntvfs, struct cvfs_private);
if (!p) {
return NT_STATUS_NO_MEMORY;
}
ntvfs->private_data = p;
if (!host) {
DEBUG(1,("CIFS backend: You must supply server\n"));
return NT_STATUS_INVALID_PARAMETER;
}
if (user && pass) {
DEBUG(5, ("CIFS backend: Using specified password\n"));
credentials = cli_credentials_init(p);
if (!credentials) {
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(credentials, ntvfs->ctx->lp_ctx);
cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
if (domain) {
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
}
cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
} else if (machine_account) {
DEBUG(5, ("CIFS backend: Using machine account\n"));
credentials = cli_credentials_init(p);
cli_credentials_set_conf(credentials, ntvfs->ctx->lp_ctx);
if (domain) {
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
}
status = cli_credentials_set_machine_account(credentials, ntvfs->ctx->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
} else if (req->session_info->credentials) {
DEBUG(5, ("CIFS backend: Using delegated credentials\n"));
credentials = req->session_info->credentials;
} else if (s4u2proxy) {
struct ccache_container *ccc = NULL;
const char *err_str = NULL;
int ret;
char *impersonate_principal;
char *self_service;
char *target_service;
impersonate_principal = talloc_asprintf(req, "%s@%s",
req->session_info->info->account_name,
req->session_info->info->domain_name);
self_service = talloc_asprintf(req, "cifs/%s",
lpcfg_netbios_name(ntvfs->ctx->lp_ctx));
target_service = talloc_asprintf(req, "cifs/%s", host);
DEBUG(5, ("CIFS backend: Using S4U2Proxy credentials\n"));
credentials = cli_credentials_init(p);
cli_credentials_set_conf(credentials, ntvfs->ctx->lp_ctx);
if (domain) {
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
}
status = cli_credentials_set_machine_account(credentials, ntvfs->ctx->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
cli_credentials_set_impersonate_principal(credentials,
impersonate_principal,
self_service);
cli_credentials_set_target_service(credentials, target_service);
ret = cli_credentials_get_ccache(credentials,
ntvfs->ctx->event_ctx,
ntvfs->ctx->lp_ctx,
&ccc,
&err_str);
if (ret != 0) {
status = NT_STATUS_CROSSREALM_DELEGATION_FAILURE;
DEBUG(1,("S4U2Proxy: cli_credentials_get_ccache() gave: ret[%d] str[%s] - %s\n",
ret, err_str, nt_errstr(status)));
return status;
}
} else {
DEBUG(1,("CIFS backend: NO delegated credentials found: You must supply server, user and password or the client must supply delegated credentials\n"));
return NT_STATUS_INTERNAL_ERROR;
}
/* connect to the server, using the smbd event context */
io.in.dest_host = host;
io.in.dest_ports = lpcfg_smb_ports(ntvfs->ctx->lp_ctx);
io.in.socket_options = lpcfg_socket_options(ntvfs->ctx->lp_ctx);
io.in.called_name = host;
io.in.credentials = credentials;
io.in.fallback_to_anonymous = false;
io.in.workgroup = lpcfg_workgroup(ntvfs->ctx->lp_ctx);
io.in.service = remote_share;
io.in.service_type = "?????";
io.in.gensec_settings = lpcfg_gensec_settings(p, ntvfs->ctx->lp_ctx);
lpcfg_smbcli_options(ntvfs->ctx->lp_ctx, &io.in.options);
lpcfg_smbcli_session_options(ntvfs->ctx->lp_ctx, &io.in.session_options);
if (!(ntvfs->ctx->client_caps & NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS)) {
io.in.options.use_level2_oplocks = false;
}
creq = smb_composite_connect_send(&io, p,
lpcfg_resolve_context(ntvfs->ctx->lp_ctx),
ntvfs->ctx->event_ctx);
status = smb_composite_connect_recv(creq, p);
NT_STATUS_NOT_OK_RETURN(status);
p->tree = io.out.tree;
p->transport = p->tree->session->transport;
SETUP_PID;
p->ntvfs = ntvfs;
ntvfs->ctx->fs_type = talloc_strdup(ntvfs->ctx, "NTFS");
NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->fs_type);
ntvfs->ctx->dev_type = talloc_strdup(ntvfs->ctx, "A:");
NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->dev_type);
if (tcon->generic.level == RAW_TCON_TCONX) {
tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
}
/* we need to receive oplock break requests from the server */
smbcli_oplock_handler(p->transport, oplock_handler, p);
p->map_generic = share_bool_option(scfg, CIFS_MAP_GENERIC, CIFS_MAP_GENERIC_DEFAULT);
p->map_trans2 = share_bool_option(scfg, CIFS_MAP_TRANS2, CIFS_MAP_TRANS2_DEFAULT);
return NT_STATUS_OK;
}
static bool test_session_reauth2(struct torture_context *tctx,
struct smbcli_state *cli)
{
char *random_string;
char *fname;
union smb_open io_open;
struct smb_composite_sesssetup io_sesssetup;
union smb_fileinfo io_qsecdesc;
struct smbcli_request *req;
struct cli_credentials *anon_creds;
NTSTATUS status;
uint16_t fnum;
ssize_t nwritten;
uint16_t vuid1 = cli->session->vuid;
random_string = generate_random_str(tctx, 8);
torture_assert(tctx, (random_string != NULL),
"memory allocation failed");
fname = talloc_asprintf(tctx, "raw_session_reauth2_%s.dat",
random_string);
talloc_free(random_string);
torture_assert(tctx, (fname != NULL), "memory allocation failed");
smbcli_unlink(cli->tree, fname);
smbcli_oplock_handler(cli->transport,
test_session_reauth2_oplock_timeout,
cli->tree);
/*
base ntcreatex parms
*/
ZERO_STRUCT(io_open);
io_open.generic.level = RAW_OPEN_NTCREATEX;
io_open.ntcreatex.in.root_fid.fnum = 0;
io_open.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ |
SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;
io_open.ntcreatex.in.alloc_size = 0;
io_open.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io_open.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
io_open.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
io_open.ntcreatex.in.create_options = 0;
io_open.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
io_open.ntcreatex.in.security_flags = 0;
io_open.ntcreatex.in.fname = fname;
torture_comment(tctx, "open with batch oplock\n");
io_open.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
status = smb_raw_open(cli->tree, tctx, &io_open);
torture_assert_ntstatus_ok(tctx, status, "smb_raw_open failed");
fnum = io_open.ntcreatex.out.file.fnum;
torture_assert(
tctx,
(io_open.ntcreatex.out.oplock_level == BATCH_OPLOCK_RETURN),
"did not get batch oplock");
io_open.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
req = smb_raw_open_send(cli->tree, &io_open);
torture_assert(tctx, (req != NULL), "memory allocation failed");
/*
* Make sure the open went through
*/
status = smbcli_chkpath(cli->tree, "\\");
torture_assert_ntstatus_ok(tctx, status, "smb_chkpath failed");
status = smbcli_nt_delete_on_close(cli->tree, fnum, true);
torture_assert_ntstatus_ok(tctx, status, "could not set delete on "
"close");
anon_creds = cli_credentials_init_anon(tctx);
torture_assert(tctx, (anon_creds != NULL), "memory allocation failed");
ZERO_STRUCT(io_sesssetup);
io_sesssetup.in.sesskey = cli->transport->negotiate.sesskey;
io_sesssetup.in.capabilities = cli->transport->negotiate.capabilities;
io_sesssetup.in.credentials = anon_creds;
io_sesssetup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
io_sesssetup.in.gensec_settings = lpcfg_gensec_settings(
tctx, tctx->lp_ctx);
status = smb_composite_sesssetup(cli->session, &io_sesssetup);
torture_assert_ntstatus_ok(tctx, status, "setup2 failed");
torture_assert_int_equal(tctx, io_sesssetup.out.vuid, vuid1, "setup2");
status = smbcli_close(cli->tree, fnum);
torture_assert_ntstatus_ok(tctx, status, "close failed");
status = smb_raw_open_recv(req, tctx, &io_open);
torture_assert_ntstatus_ok(tctx, status, "2nd open failed");
fnum = io_open.ntcreatex.out.file.fnum;
nwritten = smbcli_write(cli->tree, fnum, 0, fname, 0, strlen(fname));
torture_assert(tctx, (nwritten == strlen(fname)),
"smbcli_write failed");
ZERO_STRUCT(io_qsecdesc);
io_qsecdesc.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
io_qsecdesc.query_secdesc.in.file.fnum = fnum;
io_qsecdesc.query_secdesc.in.secinfo_flags = SECINFO_OWNER;
status = smb_raw_fileinfo(cli->tree, tctx, &io_qsecdesc);
torture_assert_ntstatus_equal(
tctx, status, NT_STATUS_ACCESS_DENIED,
"anon qsecdesc did not return ACCESS_DENIED");
ZERO_STRUCT(io_sesssetup);
io_sesssetup.in.sesskey = cli->transport->negotiate.sesskey;
io_sesssetup.in.capabilities = cli->transport->negotiate.capabilities;
io_sesssetup.in.credentials = cmdline_credentials;
io_sesssetup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
io_sesssetup.in.gensec_settings = lpcfg_gensec_settings(
tctx, tctx->lp_ctx);
status = smb_composite_sesssetup(cli->session, &io_sesssetup);
torture_assert_ntstatus_ok(tctx, status, "setup3 failed");
torture_assert_int_equal(tctx, io_sesssetup.out.vuid, vuid1, "setup2");
status = smb_raw_fileinfo(cli->tree, tctx, &io_qsecdesc);
torture_assert_ntstatus_ok(tctx, status, "2nd qsecdesc failed");
status = smbcli_nt_delete_on_close(cli->tree, fnum, true);
torture_assert_ntstatus_ok(tctx, status, "could not set delete on "
"close");
status = smbcli_close(cli->tree, fnum);
torture_assert_ntstatus_ok(tctx, status, "close failed");
return true;
}
