static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2_negprot *io)
{
NTSTATUS status;
struct timeval current_time;
struct timeval boot_time;
req->smb_conn->negotiate.protocol = PROTOCOL_SMB2;
current_time = timeval_current(); /* TODO: handle timezone?! */
boot_time = timeval_current(); /* TODO: fix me */
io->out._pad = 0;
io->out.unknown2 = 0x06;
ZERO_STRUCT(io->out.sessid);
io->out.unknown3 = 0x0d;
io->out.unknown4 = 0x00;
io->out.unknown5 = 0x01;
io->out.unknown6 = 0x01;
io->out.unknown7 = 0x01;
io->out.current_time = timeval_to_nttime(¤t_time);
io->out.boot_time = timeval_to_nttime(&boot_time);
status = smb2srv_negprot_secblob(req, &io->out.secblob);
NT_STATUS_NOT_OK_RETURN(status);
io->out.unknown9 = 0x204d4c20;
return NT_STATUS_OK;
}
static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2_negprot *io)
{
NTSTATUS status;
struct timeval current_time;
struct timeval boot_time;
uint16_t i;
uint16_t dialect = 0;
/* we only do one dialect for now */
if (io->in.dialect_count < 1) {
return NT_STATUS_NOT_SUPPORTED;
}
for (i=0; i < io->in.dialect_count; i++) {
dialect = io->in.dialects[i];
if (dialect == SMB2_DIALECT_REVISION_202) {
break;
}
}
if (dialect != SMB2_DIALECT_REVISION_202) {
DEBUG(0,("Got unexpected SMB2 dialect %u\n", dialect));
return NT_STATUS_NOT_SUPPORTED;
}
req->smb_conn->negotiate.protocol = PROTOCOL_SMB2_02;
current_time = timeval_current(); /* TODO: handle timezone?! */
boot_time = timeval_current(); /* TODO: fix me */
ZERO_STRUCT(io->out);
switch (lpcfg_server_signing(req->smb_conn->lp_ctx)) {
case SMB_SIGNING_OFF:
io->out.security_mode = 0;
break;
case SMB_SIGNING_SUPPORTED:
case SMB_SIGNING_AUTO:
io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
break;
case SMB_SIGNING_REQUIRED:
io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
/* force signing on immediately */
req->smb_conn->smb2_signing_required = true;
break;
}
io->out.dialect_revision = dialect;
io->out.capabilities = 0;
io->out.max_transact_size = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
"smb2", "max transaction size", 0x10000);
io->out.max_read_size = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
"smb2", "max read size", 0x10000);
io->out.max_write_size = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
"smb2", "max write size", 0x10000);
io->out.system_time = timeval_to_nttime(¤t_time);
io->out.server_start_time = timeval_to_nttime(&boot_time);
io->out.reserved2 = 0;
status = smb2srv_negprot_secblob(req, &io->out.secblob);
NT_STATUS_NOT_OK_RETURN(status);
return NT_STATUS_OK;
}
static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2_negprot *io)
{
NTSTATUS status;
struct timeval current_time;
struct timeval boot_time;
uint16_t i;
uint16_t dialect = 0;
enum smb_signing_setting signing_setting;
struct loadparm_context *lp_ctx = req->smb_conn->lp_ctx;
/* we only do one dialect for now */
if (io->in.dialect_count < 1) {
return NT_STATUS_NOT_SUPPORTED;
}
for (i=0; i < io->in.dialect_count; i++) {
dialect = io->in.dialects[i];
if (dialect == SMB2_DIALECT_REVISION_202) {
break;
}
}
if (dialect != SMB2_DIALECT_REVISION_202) {
DEBUG(0,("Got unexpected SMB2 dialect %u\n", dialect));
return NT_STATUS_NOT_SUPPORTED;
}
req->smb_conn->negotiate.protocol = PROTOCOL_SMB2_02;
current_time = timeval_current(); /* TODO: handle timezone?! */
boot_time = timeval_current(); /* TODO: fix me */
ZERO_STRUCT(io->out);
signing_setting = lpcfg_server_signing(lp_ctx);
if (signing_setting == SMB_SIGNING_DEFAULT) {
/*
* If we are a domain controller, SMB signing is
* really important, as it can prevent a number of
* attacks on communications between us and the
* clients
*
* However, it really sucks (no sendfile, CPU
* overhead) performance-wise when used on a
* file server, so disable it by default
* on non-DCs
*/
if (lpcfg_server_role(lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
signing_setting = SMB_SIGNING_REQUIRED;
} else {
signing_setting = SMB_SIGNING_OFF;
}
}
switch (signing_setting) {
case SMB_SIGNING_DEFAULT:
smb_panic(__location__);
break;
case SMB_SIGNING_OFF:
io->out.security_mode = 0;
break;
case SMB_SIGNING_DESIRED:
case SMB_SIGNING_IF_REQUIRED:
io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
break;
case SMB_SIGNING_REQUIRED:
io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
/* force signing on immediately */
req->smb_conn->smb2_signing_required = true;
break;
}
io->out.dialect_revision = dialect;
io->out.capabilities = 0;
io->out.max_transact_size = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
"smb2", "max transaction size", 0x10000);
io->out.max_read_size = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
"smb2", "max read size", 0x10000);
io->out.max_write_size = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
"smb2", "max write size", 0x10000);
io->out.system_time = timeval_to_nttime(¤t_time);
io->out.server_start_time = timeval_to_nttime(&boot_time);
io->out.reserved2 = 0;
status = smb2srv_negprot_secblob(req, &io->out.secblob);
NT_STATUS_NOT_OK_RETURN(status);
return NT_STATUS_OK;
}
