static NTSTATUS setup_ntlmssp_session_info(struct smbd_smb2_session *session, NTSTATUS status) { if (NT_STATUS_IS_OK(status)) { status = auth_ntlmssp_steal_session_info(session, session->auth_ntlmssp_state, &session->session_info); } else { /* Note that this session_info won't have a session * key. But for map to guest, that's exactly the right * thing - we can't reasonably guess the key the * client wants, as the password was wrong */ status = do_map_to_guest(status, &session->session_info, auth_ntlmssp_get_username(session->auth_ntlmssp_state), auth_ntlmssp_get_domain(session->auth_ntlmssp_state)); } return status; }
NTSTATUS ntlmssp_server_get_user_info(struct auth_ntlmssp_state *ctx, TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **session_info) { NTSTATUS status; status = auth_ntlmssp_steal_session_info(mem_ctx, ctx, session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, (__location__ ": Failed to get authenticated user " "info: %s\n", nt_errstr(status))); return status; } DEBUG(5, (__location__ "OK: user: %s domain: %s workstation: %s\n", auth_ntlmssp_get_username(ctx), auth_ntlmssp_get_domain(ctx), auth_ntlmssp_get_client(ctx))); return NT_STATUS_OK; }
static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *session, struct smbd_smb2_request *smb2req, uint8_t in_security_mode, DATA_BLOB in_security_buffer, uint16_t *out_session_flags, uint64_t *out_session_id) { fstring tmp; bool guest = false; if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || lp_server_signing() == Required) { session->do_signing = true; } if (session->session_info->guest) { /* we map anonymous to guest internally */ *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST; *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; /* force no signing */ session->do_signing = false; guest = true; } session->session_key = session->session_info->user_session_key; session->compat_vuser = talloc_zero(session, user_struct); if (session->compat_vuser == NULL) { TALLOC_FREE(session->auth_ntlmssp_state); TALLOC_FREE(session); return NT_STATUS_NO_MEMORY; } session->compat_vuser->auth_ntlmssp_state = session->auth_ntlmssp_state; session->compat_vuser->homes_snum = -1; session->compat_vuser->session_info = session->session_info; session->compat_vuser->session_keystr = NULL; session->compat_vuser->vuid = session->vuid; DLIST_ADD(session->sconn->smb1.sessions.validated_users, session->compat_vuser); /* This is a potentially untrusted username */ alpha_strcpy(tmp, auth_ntlmssp_get_username(session->auth_ntlmssp_state), ". _-$", sizeof(tmp)); session->session_info->sanitized_username = talloc_strdup( session->session_info, tmp); if (!session->compat_vuser->session_info->guest) { session->compat_vuser->homes_snum = register_homes_share(session->session_info->unix_name); } if (!session_claim(session->sconn, session->compat_vuser)) { DEBUG(1, ("smb2: Failed to claim session " "for vuid=%d\n", session->compat_vuser->vuid)); TALLOC_FREE(session->auth_ntlmssp_state); TALLOC_FREE(session); return NT_STATUS_LOGON_FAILURE; } session->status = NT_STATUS_OK; /* * we attach the session to the request * so that the response can be signed */ smb2req->session = session; if (!guest) { smb2req->do_signing = true; } global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32); *out_session_id = session->vuid; return NT_STATUS_OK; }