static int reply_coreplus(char *inbuf, char *outbuf)
{
int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
int outsize = set_message(outbuf,13,0,True);
SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support
readbraw and writebraw (possibly) */
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
SSVAL(outbuf,smb_vwv1,0x1); /* user level security, don't encrypt */
Protocol = PROTOCOL_COREPLUS;
return outsize;
}
static void reply_coreplus(struct smb_request *req, uint16 choice)
{
int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
reply_outbuf(req, 13, 0);
SSVAL(req->outbuf,smb_vwv0,choice);
SSVAL(req->outbuf,smb_vwv5,raw); /* tell redirector we support
readbraw and writebraw (possibly) */
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
SSVAL(req->outbuf,smb_vwv1,0x1); /* user level security, don't
* encrypt */
set_Protocol(PROTOCOL_COREPLUS);
}
static void reply_lanman1(struct smb_request *req, uint16 choice)
{
int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
int secword=0;
time_t t = time(NULL);
struct smbd_server_connection *sconn = req->sconn;
sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
if (lp_security()>=SEC_USER) {
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
}
if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
SSVAL(req->outbuf,smb_vwv0,choice);
SSVAL(req->outbuf,smb_vwv1,secword);
/* Create a token value and add it to the outgoing packet. */
if (sconn->smb1.negprot.encrypted_passwords) {
get_challenge(sconn, (uint8 *)smb_buf(req->outbuf));
SSVAL(req->outbuf,smb_vwv11, 8);
}
set_Protocol(PROTOCOL_LANMAN1);
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
SSVAL(req->outbuf,smb_vwv2,sconn->smb1.negprot.max_recv);
SSVAL(req->outbuf,smb_vwv3,lp_maxmux()); /* maxmux */
SSVAL(req->outbuf,smb_vwv4,1);
SSVAL(req->outbuf,smb_vwv5,raw); /* tell redirector we support
readbraw writebraw (possibly) */
SIVAL(req->outbuf,smb_vwv6,sys_getpid());
SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
return;
}
static int reply_lanman1(char *inbuf, char *outbuf)
{
int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
int secword=0;
time_t t = time(NULL);
global_encrypted_passwords_negotiated = lp_encrypted_passwords();
if (lp_security()>=SEC_USER)
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
if (global_encrypted_passwords_negotiated)
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True);
SSVAL(outbuf,smb_vwv1,secword);
/* Create a token value and add it to the outgoing packet. */
if (global_encrypted_passwords_negotiated) {
get_challenge(smb_buf(outbuf));
SSVAL(outbuf,smb_vwv11, 8);
}
Protocol = PROTOCOL_LANMAN1;
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
SSVAL(outbuf,smb_vwv2,max_recv);
SSVAL(outbuf,smb_vwv3,lp_maxmux()); /* maxmux */
SSVAL(outbuf,smb_vwv4,1);
SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support
readbraw writebraw (possibly) */
SIVAL(outbuf,smb_vwv6,sys_getpid());
SSVAL(outbuf,smb_vwv10, set_server_zone_offset(t)/60);
srv_put_dos_date(outbuf,smb_vwv8,t);
return (smb_len(outbuf)+4);
}
static int reply_nt1(char *inbuf, char *outbuf)
{
/* dual names + lock_and_read + nt SMBs + remote API calls */
int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
CAP_LEVEL_II_OPLOCKS;
int secword=0;
char *p, *q;
BOOL negotiate_spnego = False;
time_t t = time(NULL);
global_encrypted_passwords_negotiated = lp_encrypted_passwords();
/* Check the flags field to see if this is Vista.
WinXP sets it and Vista does not. But we have to
distinguish from NT which doesn't set it either. */
if ( (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY) &&
((SVAL(inbuf, smb_flg2) & FLAGS2_UNKNOWN_BIT4) == 0) )
{
/* Don't override the SAMBA or CIFSFS arch */
if ((get_remote_arch() != RA_SAMBA) && (get_remote_arch() != RA_CIFSFS)) {
set_remote_arch( RA_VISTA );
}
}
/* do spnego in user level security if the client
supports it and we can do encrypted passwords */
if (global_encrypted_passwords_negotiated &&
(lp_security() != SEC_SHARE) &&
lp_use_spnego() &&
(SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
negotiate_spnego = True;
capabilities |= CAP_EXTENDED_SECURITY;
add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
/* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply (already
partially constructed. */
SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_EXTENDED_SECURITY);
}
capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS|CAP_UNICODE;
if (lp_unix_extensions()) {
capabilities |= CAP_UNIX;
}
if (lp_large_readwrite() && (SMB_OFF_T_BITS == 64))
capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
if (SMB_OFF_T_BITS == 64)
capabilities |= CAP_LARGE_FILES;
if (lp_readraw() && lp_writeraw())
capabilities |= CAP_RAW_MODE;
if (lp_nt_status_support())
capabilities |= CAP_STATUS32;
if (lp_host_msdfs())
capabilities |= CAP_DFS;
if (lp_security() >= SEC_USER)
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
if (global_encrypted_passwords_negotiated)
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
if (lp_server_signing()) {
if (lp_security() >= SEC_USER) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
/* No raw mode with smb signing. */
capabilities &= ~CAP_RAW_MODE;
if (lp_server_signing() == Required)
secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
srv_set_signing_negotiated();
} else {
DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
if (lp_server_signing() == Required) {
exit_server_cleanly("reply_nt1: smb signing required and share level security selected.");
}
}
}
set_message(outbuf,17,0,True);
SCVAL(outbuf,smb_vwv1,secword);
Protocol = PROTOCOL_NT1;
SSVAL(outbuf,smb_vwv1+1,lp_maxmux()); /* maxmpx */
SSVAL(outbuf,smb_vwv2+1,1); /* num vcs */
SIVAL(outbuf,smb_vwv3+1,max_recv); /* max buffer. LOTS! */
SIVAL(outbuf,smb_vwv5+1,0x10000); /* raw size. full 64k */
SIVAL(outbuf,smb_vwv7+1,sys_getpid()); /* session key */
SIVAL(outbuf,smb_vwv9+1,capabilities); /* capabilities */
put_long_date(outbuf+smb_vwv11+1,t);
SSVALS(outbuf,smb_vwv15+1,set_server_zone_offset(t)/60);
p = q = smb_buf(outbuf);
if (!negotiate_spnego) {
/* Create a token value and add it to the outgoing packet. */
if (global_encrypted_passwords_negotiated) {
/* note that we do not send a challenge at all if
we are using plaintext */
get_challenge(p);
SCVAL(outbuf,smb_vwv16+1,8);
p += 8;
}
p += srvstr_push(outbuf, p, lp_workgroup(), BUFFER_SIZE - (p-outbuf),
STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
DEBUG(3,("not using SPNEGO\n"));
} else {
DATA_BLOB spnego_blob = negprot_spnego();
if (spnego_blob.data == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
memcpy(p, spnego_blob.data, spnego_blob.length);
p += spnego_blob.length;
data_blob_free(&spnego_blob);
SCVAL(outbuf,smb_vwv16+1, 0);
DEBUG(3,("using SPNEGO\n"));
}
SSVAL(outbuf,smb_vwv17, p - q); /* length of challenge+domain strings */
set_message_end(outbuf, p);
return (smb_len(outbuf)+4);
}
static void reply_nt1(struct smb_request *req, uint16 choice)
{
/* dual names + lock_and_read + nt SMBs + remote API calls */
int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
CAP_LEVEL_II_OPLOCKS;
int secword=0;
bool negotiate_spnego = False;
struct timespec ts;
ssize_t ret;
struct smbd_server_connection *sconn = req->sconn;
sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
/* Check the flags field to see if this is Vista.
WinXP sets it and Vista does not. But we have to
distinguish from NT which doesn't set it either. */
if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
((req->flags2 & FLAGS2_UNKNOWN_BIT4) == 0) )
{
if (get_remote_arch() != RA_SAMBA) {
set_remote_arch( RA_VISTA );
}
}
reply_outbuf(req,17,0);
/* do spnego in user level security if the client
supports it and we can do encrypted passwords */
if (sconn->smb1.negprot.encrypted_passwords &&
(lp_security() != SEC_SHARE) &&
lp_use_spnego() &&
(req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
negotiate_spnego = True;
capabilities |= CAP_EXTENDED_SECURITY;
add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
/* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
(already partially constructed. */
SSVAL(req->outbuf, smb_flg2,
req->flags2 | FLAGS2_EXTENDED_SECURITY);
}
capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS|CAP_UNICODE;
if (lp_unix_extensions()) {
capabilities |= CAP_UNIX;
}
if (lp_large_readwrite() && (SMB_OFF_T_BITS == 64))
capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
if (SMB_OFF_T_BITS == 64)
capabilities |= CAP_LARGE_FILES;
if (lp_readraw() && lp_writeraw())
capabilities |= CAP_RAW_MODE;
if (lp_nt_status_support())
capabilities |= CAP_STATUS32;
if (lp_host_msdfs())
capabilities |= CAP_DFS;
if (lp_security() >= SEC_USER) {
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
}
if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
if (lp_server_signing()) {
if (lp_security() >= SEC_USER) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
/* No raw mode with smb signing. */
capabilities &= ~CAP_RAW_MODE;
if (lp_server_signing() == Required)
secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
srv_set_signing_negotiated(sconn);
} else {
DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
if (lp_server_signing() == Required) {
exit_server_cleanly("reply_nt1: smb signing required and share level security selected.");
}
}
}
SSVAL(req->outbuf,smb_vwv0,choice);
SCVAL(req->outbuf,smb_vwv1,secword);
set_Protocol(PROTOCOL_NT1);
SSVAL(req->outbuf,smb_vwv1+1,lp_maxmux()); /* maxmpx */
SSVAL(req->outbuf,smb_vwv2+1,1); /* num vcs */
SIVAL(req->outbuf,smb_vwv3+1,
sconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
SIVAL(req->outbuf,smb_vwv5+1,0x10000); /* raw size. full 64k */
SIVAL(req->outbuf,smb_vwv7+1,sys_getpid()); /* session key */
SIVAL(req->outbuf,smb_vwv9+1,capabilities); /* capabilities */
clock_gettime(CLOCK_REALTIME,&ts);
put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
if (!negotiate_spnego) {
/* Create a token value and add it to the outgoing packet. */
if (sconn->smb1.negprot.encrypted_passwords) {
uint8 chal[8];
/* note that we do not send a challenge at all if
we are using plaintext */
get_challenge(sconn, chal);
ret = message_push_blob(
&req->outbuf, data_blob_const(chal, sizeof(chal)));
if (ret == -1) {
DEBUG(0, ("Could not push challenge\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
SCVAL(req->outbuf, smb_vwv16+1, ret);
}
ret = message_push_string(&req->outbuf, lp_workgroup(),
STR_UNICODE|STR_TERMINATE
|STR_NOALIGN);
if (ret == -1) {
DEBUG(0, ("Could not push workgroup string\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
DEBUG(3,("not using SPNEGO\n"));
} else {
DATA_BLOB spnego_blob = negprot_spnego(req, req->sconn);
if (spnego_blob.data == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
ret = message_push_blob(&req->outbuf, spnego_blob);
if (ret == -1) {
DEBUG(0, ("Could not push spnego blob\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
data_blob_free(&spnego_blob);
SCVAL(req->outbuf,smb_vwv16+1, 0);
DEBUG(3,("using SPNEGO\n"));
}
return;
}
