static void reply_sesssetup_and_X_spnego(struct smb_request *req)
{
const uint8_t *p;
DATA_BLOB in_blob;
DATA_BLOB out_blob = data_blob_null;
size_t bufrem;
char *tmp;
const char *native_os;
const char *native_lanman;
const char *primary_domain;
uint16_t data_blob_len = SVAL(req->vwv+7, 0);
enum remote_arch_types ra_type = get_remote_arch();
uint64_t vuid = req->vuid;
NTSTATUS status = NT_STATUS_OK;
struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
uint16_t action = 0;
bool is_authenticated = false;
NTTIME now = timeval_to_nttime(&req->request_time);
struct smbXsrv_session *session = NULL;
uint16_t smb_bufsize = SVAL(req->vwv+2, 0);
uint32_t client_caps = IVAL(req->vwv+10, 0);
struct smbXsrv_session_auth0 *auth;
DEBUG(3,("Doing spnego session setup\n"));
if (!xconn->smb1.sessions.done_sesssetup) {
global_client_caps = client_caps;
if (!(global_client_caps & CAP_STATUS32)) {
remove_from_common_flags2(FLAGS2_32_BIT_ERROR_CODES);
}
}
p = req->buf;
if (data_blob_len == 0) {
/* an invalid request */
reply_nterror(req, nt_status_squash(NT_STATUS_LOGON_FAILURE));
return;
}
bufrem = smbreq_bufrem(req, p);
/* pull the spnego blob */
in_blob = data_blob_const(p, MIN(bufrem, data_blob_len));
#if 0
file_save("negotiate.dat", in_blob.data, in_blob.length);
#endif
p = req->buf + in_blob.length;
p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
native_os = tmp ? tmp : "";
p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
native_lanman = tmp ? tmp : "";
p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
primary_domain = tmp ? tmp : "";
DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n",
native_os, native_lanman, primary_domain));
if ( ra_type == RA_WIN2K ) {
/* Vista sets neither the OS or lanman strings */
if ( !strlen(native_os) && !strlen(native_lanman) )
set_remote_arch(RA_VISTA);
/* Windows 2003 doesn't set the native lanman string,
but does set primary domain which is a bug I think */
if ( !strlen(native_lanman) ) {
ra_lanman_string( primary_domain );
} else {
ra_lanman_string( native_lanman );
}
} else if ( ra_type == RA_VISTA ) {
if ( strncmp(native_os, "Mac OS X", 8) == 0 ) {
set_remote_arch(RA_OSX);
}
}
if (vuid != 0) {
status = smb1srv_session_lookup(xconn,
vuid, now,
&session);
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
reply_force_doserror(req, ERRSRV, ERRbaduid);
return;
}
if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
status = NT_STATUS_OK;
}
if (NT_STATUS_IS_OK(status)) {
session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
status = NT_STATUS_MORE_PROCESSING_REQUIRED;
TALLOC_FREE(session->pending_auth);
}
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
reply_nterror(req, nt_status_squash(status));
return;
}
}
if (session == NULL) {
/* create a new session */
status = smbXsrv_session_create(xconn,
now, &session);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, nt_status_squash(status));
return;
}
}
status = smbXsrv_session_find_auth(session, xconn, now, &auth);
if (!NT_STATUS_IS_OK(status)) {
status = smbXsrv_session_create_auth(session, xconn, now,
0, /* flags */
0, /* security */
&auth);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, nt_status_squash(status));
return;
}
}
if (auth->gensec == NULL) {
status = auth_generic_prepare(session,
xconn->remote_address,
xconn->local_address,
"SMB",
&auth->gensec);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
reply_nterror(req, nt_status_squash(status));
return;
}
gensec_want_feature(auth->gensec, GENSEC_FEATURE_SESSION_KEY);
gensec_want_feature(auth->gensec, GENSEC_FEATURE_UNIX_TOKEN);
gensec_want_feature(auth->gensec, GENSEC_FEATURE_SMB_TRANSPORT);
status = gensec_start_mech_by_oid(auth->gensec,
GENSEC_OID_SPNEGO);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to start SPNEGO handler!\n"));
TALLOC_FREE(session);;
reply_nterror(req, nt_status_squash(status));
return;
}
}
become_root();
status = gensec_update(auth->gensec,
talloc_tos(),
in_blob, &out_blob);
unbecome_root();
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
TALLOC_FREE(session);
reply_nterror(req, nt_status_squash(status));
return;
}
if (NT_STATUS_IS_OK(status) && session->global->auth_session_info == NULL) {
struct auth_session_info *session_info = NULL;
status = gensec_session_info(auth->gensec,
session,
&session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("Failed to generate session_info "
"(user and group token) for session setup: %s\n",
nt_errstr(status)));
data_blob_free(&out_blob);
TALLOC_FREE(session);
reply_nterror(req, nt_status_squash(status));
return;
}
if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
action |= SMB_SETUP_GUEST;
}
if (session_info->session_key.length > 0) {
struct smbXsrv_session *x = session;
/*
* Note: the SMB1 signing key is not truncated to 16 byte!
*/
x->global->signing_key =
data_blob_dup_talloc(x->global,
session_info->session_key);
if (x->global->signing_key.data == NULL) {
data_blob_free(&out_blob);
TALLOC_FREE(session);
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
/*
* clear the session key
* the first tcon will add setup the application key
*/
data_blob_clear_free(&session_info->session_key);
}
session->compat = talloc_zero(session, struct user_struct);
if (session->compat == NULL) {
data_blob_free(&out_blob);
TALLOC_FREE(session);
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
session->compat->session = session;
session->compat->homes_snum = -1;
session->compat->session_info = session_info;
session->compat->session_keystr = NULL;
session->compat->vuid = session->global->session_wire_id;
DLIST_ADD(sconn->users, session->compat);
sconn->num_users++;
if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
is_authenticated = true;
session->compat->homes_snum =
register_homes_share(session_info->unix_info->unix_name);
}
if (srv_is_signing_negotiated(xconn) &&
is_authenticated &&
session->global->signing_key.length > 0)
{
/*
* Try and turn on server signing on the first non-guest
* sessionsetup.
*/
srv_set_signing(xconn,
session->global->signing_key,
data_blob_null);
}
set_current_user_info(session_info->unix_info->sanitized_username,
session_info->unix_info->unix_name,
session_info->info->domain_name);
session->status = NT_STATUS_OK;
session->global->auth_session_info = talloc_move(session->global,
&session_info);
session->global->auth_session_info_seqnum += 1;
session->global->channels[0].auth_session_info_seqnum =
session->global->auth_session_info_seqnum;
session->global->auth_time = now;
if (client_caps & CAP_DYNAMIC_REAUTH) {
session->global->expiration_time =
gensec_expire_time(auth->gensec);
} else {
session->global->expiration_time =
GENSEC_EXPIRE_TIME_INFINITY;
}
if (!session_claim(session)) {
DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n",
(unsigned long long)session->compat->vuid));
data_blob_free(&out_blob);
TALLOC_FREE(session);
reply_nterror(req, NT_STATUS_LOGON_FAILURE);
return;
}
status = smbXsrv_session_update(session);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("smb1: Failed to update session for vuid=%llu - %s\n",
(unsigned long long)session->compat->vuid,
nt_errstr(status)));
data_blob_free(&out_blob);
TALLOC_FREE(session);
reply_nterror(req, NT_STATUS_LOGON_FAILURE);
return;
}
if (!xconn->smb1.sessions.done_sesssetup) {
if (smb_bufsize < SMB_BUFFER_SIZE_MIN) {
reply_force_doserror(req, ERRSRV, ERRerror);
return;
}
xconn->smb1.sessions.max_send = smb_bufsize;
xconn->smb1.sessions.done_sesssetup = true;
}
/* current_user_info is changed on new vuid */
reload_services(sconn, conn_snum_used, true);
} else if (NT_STATUS_IS_OK(status)) {
void reply_negprot(struct smb_request *req)
{
int choice= -1;
int chosen_level = -1;
int protocol;
const char *p;
int arch = ARCH_ALL;
int num_cliprotos;
char **cliprotos;
int i;
size_t converted_size;
struct smbd_server_connection *sconn = req->sconn;
START_PROFILE(SMBnegprot);
if (sconn->smb1.negprot.done) {
END_PROFILE(SMBnegprot);
exit_server_cleanly("multiple negprot's are not permitted");
}
sconn->smb1.negprot.done = true;
if (req->buflen == 0) {
DEBUG(0, ("negprot got no protocols\n"));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnegprot);
return;
}
if (req->buf[req->buflen-1] != '\0') {
DEBUG(0, ("negprot protocols not 0-terminated\n"));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnegprot);
return;
}
p = (const char *)req->buf + 1;
num_cliprotos = 0;
cliprotos = NULL;
while (smbreq_bufrem(req, p) > 0) {
char **tmp;
tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
num_cliprotos+1);
if (tmp == NULL) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(cliprotos);
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnegprot);
return;
}
cliprotos = tmp;
if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
&converted_size)) {
DEBUG(0, ("pull_ascii_talloc failed\n"));
TALLOC_FREE(cliprotos);
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnegprot);
return;
}
DEBUG(3, ("Requested protocol [%s]\n",
cliprotos[num_cliprotos]));
num_cliprotos += 1;
p += strlen(p) + 2;
}
for (i=0; i<num_cliprotos; i++) {
if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a"))
arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT
| ARCH_WIN2K );
else if (strcsequal(cliprotos[i], "DOS LM1.2X002"))
arch &= ( ARCH_WFWG | ARCH_WIN95 );
else if (strcsequal(cliprotos[i], "DOS LANMAN2.1"))
arch &= ( ARCH_WFWG | ARCH_WIN95 );
else if (strcsequal(cliprotos[i], "NT LM 0.12"))
arch &= ( ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K
| ARCH_CIFSFS);
else if (strcsequal(cliprotos[i], "SMB 2.001"))
arch = ARCH_VISTA;
else if (strcsequal(cliprotos[i], "LANMAN2.1"))
arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
else if (strcsequal(cliprotos[i], "LM1.2X002"))
arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03"))
arch &= ARCH_WINNT;
else if (strcsequal(cliprotos[i], "XENIX CORE"))
arch &= ( ARCH_WINNT | ARCH_OS2 );
else if (strcsequal(cliprotos[i], "Samba")) {
arch = ARCH_SAMBA;
break;
} else if (strcsequal(cliprotos[i], "POSIX 2")) {
arch = ARCH_CIFSFS;
break;
}
}
/* CIFSFS can send one arch only, NT LM 0.12. */
if (i == 1 && (arch & ARCH_CIFSFS)) {
arch = ARCH_CIFSFS;
}
switch ( arch ) {
case ARCH_CIFSFS:
set_remote_arch(RA_CIFSFS);
break;
case ARCH_SAMBA:
set_remote_arch(RA_SAMBA);
break;
case ARCH_WFWG:
set_remote_arch(RA_WFWG);
break;
case ARCH_WIN95:
set_remote_arch(RA_WIN95);
break;
case ARCH_WINNT:
if(req->flags2 == FLAGS2_WIN2K_SIGNATURE)
set_remote_arch(RA_WIN2K);
else
set_remote_arch(RA_WINNT);
break;
case ARCH_WIN2K:
/* Vista may have been set in the negprot so don't
override it here */
if ( get_remote_arch() != RA_VISTA )
set_remote_arch(RA_WIN2K);
break;
case ARCH_VISTA:
set_remote_arch(RA_VISTA);
break;
case ARCH_OS2:
set_remote_arch(RA_OS2);
break;
default:
set_remote_arch(RA_UNKNOWN);
break;
}
/* possibly reload - change of architecture */
reload_services(sconn, conn_snum_used, true);
/* moved from the netbios session setup code since we don't have that
when the client connects to port 445. Of course there is a small
window where we are listening to messages -- jerry */
serverid_register(messaging_server_id(sconn->msg_ctx),
FLAG_MSG_GENERAL|FLAG_MSG_SMBD
|FLAG_MSG_PRINT_GENERAL);
/* Check for protocols, most desirable first */
for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
i = 0;
if ((supported_protocols[protocol].protocol_level <= lp_server_max_protocol()) &&
(supported_protocols[protocol].protocol_level >= lp_server_min_protocol()))
while (i < num_cliprotos) {
if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
choice = i;
chosen_level = supported_protocols[protocol].protocol_level;
}
i++;
}
if(choice != -1)
break;
}
if(choice != -1) {
fstrcpy(remote_proto,supported_protocols[protocol].short_name);
reload_services(sconn, conn_snum_used, true);
supported_protocols[protocol].proto_reply_fn(req, choice);
DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
} else {
DEBUG(0,("No protocol supported !\n"));
reply_outbuf(req, 1, 0);
SSVAL(req->outbuf, smb_vwv0, choice);
}
DEBUG( 5, ( "negprot index=%d\n", choice ) );
if ((lp_server_signing() == SMB_SIGNING_REQUIRED)
&& (chosen_level < PROTOCOL_NT1)) {
exit_server_cleanly("SMB signing is required and "
"client negotiated a downlevel protocol");
}
TALLOC_FREE(cliprotos);
if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
!fork_echo_handler(sconn)) {
exit_server("Failed to fork echo handler");
}
END_PROFILE(SMBnegprot);
return;
}
