int
smb_smb_ssnclose(struct smb_vc *vcp, struct smb_cred *scred)
{
struct smb_rq *rqp;
struct mbchain *mbp;
int error;
if (vcp->vc_smbuid == SMB_UID_UNKNOWN)
return 0;
if (smb_smb_nomux(vcp, scred, __func__) != 0)
return EINVAL;
error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_LOGOFF_ANDX, scred, &rqp);
if (error)
return error;
mbp = &rqp->sr_rq;
smb_rq_wstart(rqp);
mb_put_uint8(mbp, 0xff);
mb_put_uint8(mbp, 0);
mb_put_uint16le(mbp, 0);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
SMBSDEBUG("%d\n", error);
smb_rq_done(rqp);
return error;
}
int
smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred)
{
struct smb_dialect *dp;
struct smb_sopt *sp = NULL;
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
u_int8_t wc, stime[8], sblen;
u_int16_t dindex, tw, tw1, swlen, bc;
int error, maxqsz;
if (smb_smb_nomux(vcp, scred, __func__) != 0)
return EINVAL;
vcp->vc_hflags = 0;
vcp->vc_hflags2 = 0;
vcp->obj.co_flags &= ~(SMBV_ENCRYPT);
sp = &vcp->vc_sopt;
bzero(sp, sizeof(struct smb_sopt));
error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_NEGOTIATE, scred, &rqp);
if (error)
return error;
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
for(dp = smb_dialects; dp->d_id != -1; dp++) {
mb_put_uint8(mbp, SMB_DT_DIALECT);
smb_put_dstring(mbp, vcp, dp->d_name, SMB_CS_NONE);
}
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
SMBSDEBUG("%d\n", error);
if (error)
goto bad;
smb_rq_getreply(rqp, &mdp);
do {
error = md_get_uint8(mdp, &wc);
if (error)
break;
error = md_get_uint16le(mdp, &dindex);
if (error)
break;
if (dindex > 7) {
SMBERROR("Don't know how to talk with server %s (%d)\n", "xxx", dindex);
error = EBADRPC;
break;
}
dp = smb_dialects + dindex;
sp->sv_proto = dp->d_id;
SMBSDEBUG("Dialect %s (%d, %d)\n", dp->d_name, dindex, wc);
error = EBADRPC;
if (dp->d_id >= SMB_DIALECT_NTLM0_12) {
if (wc != 17)
break;
md_get_uint8(mdp, &sp->sv_sm);
md_get_uint16le(mdp, &sp->sv_maxmux);
md_get_uint16le(mdp, &sp->sv_maxvcs);
md_get_uint32le(mdp, &sp->sv_maxtx);
md_get_uint32le(mdp, &sp->sv_maxraw);
md_get_uint32le(mdp, &sp->sv_skey);
md_get_uint32le(mdp, &sp->sv_caps);
md_get_mem(mdp, stime, 8, MB_MSYSTEM);
md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz);
md_get_uint8(mdp, &sblen);
if (sblen && (sp->sv_sm & SMB_SM_ENCRYPT)) {
if (sblen != SMB_MAXCHALLENGELEN) {
SMBERROR("Unexpected length of security blob (%d)\n", sblen);
break;
}
error = md_get_uint16(mdp, &bc);
if (error)
break;
if (sp->sv_caps & SMB_CAP_EXT_SECURITY)
md_get_mem(mdp, NULL, 16, MB_MSYSTEM);
error = md_get_mem(mdp, vcp->vc_ch, sblen, MB_MSYSTEM);
if (error)
break;
vcp->vc_chlen = sblen;
vcp->obj.co_flags |= SMBV_ENCRYPT;
}
vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
if (dp->d_id == SMB_DIALECT_NTLM0_12 &&
sp->sv_maxtx < 4096 &&
(sp->sv_caps & SMB_CAP_NT_SMBS) == 0) {
vcp->obj.co_flags |= SMBV_WIN95;
SMBSDEBUG("Win95 detected\n");
}
} else if (dp->d_id > SMB_DIALECT_CORE) {
md_get_uint16le(mdp, &tw);
sp->sv_sm = tw;
md_get_uint16le(mdp, &tw);
sp->sv_maxtx = tw;
md_get_uint16le(mdp, &sp->sv_maxmux);
md_get_uint16le(mdp, &sp->sv_maxvcs);
md_get_uint16le(mdp, &tw); /* rawmode */
md_get_uint32le(mdp, &sp->sv_skey);
if (wc == 13) { /* >= LANMAN1 */
md_get_uint16(mdp, &tw); /* time */
md_get_uint16(mdp, &tw1); /* date */
md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz);
md_get_uint16le(mdp, &swlen);
if (swlen > SMB_MAXCHALLENGELEN)
break;
md_get_uint16(mdp, NULL); /* mbz */
if (md_get_uint16(mdp, &bc) != 0)
break;
if (bc < swlen)
break;
if (swlen && (sp->sv_sm & SMB_SM_ENCRYPT)) {
error = md_get_mem(mdp, vcp->vc_ch, swlen, MB_MSYSTEM);
if (error)
break;
vcp->vc_chlen = swlen;
vcp->obj.co_flags |= SMBV_ENCRYPT;
}
}
vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
} else { /* an old CORE protocol */
sp->sv_maxmux = 1;
}
error = 0;
} while (0);
if (error == 0) {
vcp->vc_maxvcs = sp->sv_maxvcs;
if (vcp->vc_maxvcs <= 1) {
if (vcp->vc_maxvcs == 0)
vcp->vc_maxvcs = 1;
}
if (sp->sv_maxtx <= 0 || sp->sv_maxtx > 0xffff)
sp->sv_maxtx = 1024;
SMB_TRAN_GETPARAM(vcp, SMBTP_SNDSZ, &maxqsz);
vcp->vc_txmax = min(sp->sv_maxtx, maxqsz);
SMBSDEBUG("TZ = %d\n", sp->sv_tz);
SMBSDEBUG("CAPS = %x\n", sp->sv_caps);
SMBSDEBUG("MAXMUX = %d\n", sp->sv_maxmux);
SMBSDEBUG("MAXVCS = %d\n", sp->sv_maxvcs);
SMBSDEBUG("MAXRAW = %d\n", sp->sv_maxraw);
SMBSDEBUG("MAXTX = %d\n", sp->sv_maxtx);
}
bad:
smb_rq_done(rqp);
return error;
}
int
smb_smb_ssnsetup(struct smb_vc *vcp, struct smb_cred *scred)
{
struct smb_rq *rqp;
struct mbchain *mbp;
/* u_int8_t wc;
u_int16_t tw, tw1;*/
smb_uniptr unipp, ntencpass = NULL;
char *pp, *up, *pbuf, *encpass;
int error, plen, uniplen, ulen;
vcp->vc_smbuid = SMB_UID_UNKNOWN;
if (smb_smb_nomux(vcp, scred, __func__) != 0)
return EINVAL;
error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_SESSION_SETUP_ANDX, scred, &rqp);
if (error)
return error;
pbuf = kmalloc(SMB_MAXPASSWORDLEN + 1, M_SMBTEMP, M_WAITOK);
encpass = kmalloc(24, M_SMBTEMP, M_WAITOK);
if (vcp->vc_sopt.sv_sm & SMB_SM_USER) {
iconv_convstr(vcp->vc_toupper, pbuf, smb_vc_getpass(vcp));
iconv_convstr(vcp->vc_toserver, pbuf, pbuf);
if (vcp->vc_sopt.sv_sm & SMB_SM_ENCRYPT) {
uniplen = plen = 24;
smb_encrypt(pbuf, vcp->vc_ch, encpass);
ntencpass = kmalloc(uniplen, M_SMBTEMP, M_WAITOK);
iconv_convstr(vcp->vc_toserver, pbuf, smb_vc_getpass(vcp));
smb_ntencrypt(pbuf, vcp->vc_ch, (u_char*)ntencpass);
pp = encpass;
unipp = ntencpass;
} else {
plen = strlen(pbuf) + 1;
pp = pbuf;
uniplen = plen * 2;
ntencpass = kmalloc(uniplen, M_SMBTEMP, M_WAITOK);
smb_strtouni(ntencpass, smb_vc_getpass(vcp));
plen--;
/*
* The uniplen is zeroed because Samba cannot deal
* with this 2nd cleartext password. This Samba
* "bug" is actually a workaround for problems in
* Microsoft clients.
*/
uniplen = 0/*-= 2*/;
unipp = ntencpass;
}
} else {
/*
* In the share security mode password will be used
* only in the tree authentication
*/
pp = "";
plen = 1;
unipp = &smb_unieol;
uniplen = 0 /* sizeof(smb_unieol) */;
}
smb_rq_wstart(rqp);
mbp = &rqp->sr_rq;
up = vcp->vc_username;
ulen = strlen(up) + 1;
mb_put_uint8(mbp, 0xff);
mb_put_uint8(mbp, 0);
mb_put_uint16le(mbp, 0);
mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxtx);
mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxmux);
mb_put_uint16le(mbp, vcp->vc_number);
mb_put_uint32le(mbp, vcp->vc_sopt.sv_skey);
mb_put_uint16le(mbp, plen);
if (SMB_DIALECT(vcp) < SMB_DIALECT_NTLM0_12) {
mb_put_uint32le(mbp, 0);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
smb_put_dstring(mbp, vcp, up, SMB_CS_NONE);
} else {
mb_put_uint16le(mbp, uniplen);
mb_put_uint32le(mbp, 0); /* reserved */
mb_put_uint32le(mbp, vcp->obj.co_flags & SMBV_UNICODE ?
SMB_CAP_UNICODE : 0);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
mb_put_mem(mbp, (caddr_t)unipp, uniplen, MB_MSYSTEM);
smb_put_dstring(mbp, vcp, up, SMB_CS_NONE); /* AccountName */
smb_put_dstring(mbp, vcp, vcp->vc_domain, SMB_CS_NONE); /* PrimaryDomain */
smb_put_dstring(mbp, vcp, "FreeBSD", SMB_CS_NONE); /* Client's OS */
smb_put_dstring(mbp, vcp, "NETSMB", SMB_CS_NONE); /* Client name */
}
smb_rq_bend(rqp);
if (ntencpass)
kfree(ntencpass, M_SMBTEMP);
error = smb_rq_simple(rqp);
SMBSDEBUG("%d\n", error);
if (error) {
if (rqp->sr_errclass == ERRDOS && rqp->sr_serror == ERRnoaccess)
error = EAUTH;
goto bad;
}
vcp->vc_smbuid = rqp->sr_rpuid;
bad:
kfree(encpass, M_SMBTEMP);
kfree(pbuf, M_SMBTEMP);
smb_rq_done(rqp);
return error;
}
int
smb_smb_ssnsetup(struct smb_vc *vcp, struct smb_cred *scred)
{
struct smb_rq *rqp;
struct mbchain *mbp;
/* u_int8_t wc;
u_int16_t tw, tw1;*/
smb_uniptr unipp, ntencpass = NULL;
char *pp, *up, *pbuf, *encpass;
int error, plen, uniplen, ulen, upper;
upper = 0;
again:
vcp->vc_smbuid = SMB_UID_UNKNOWN;
if (smb_smb_nomux(vcp, scred, __func__) != 0)
return EINVAL;
error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_SESSION_SETUP_ANDX, scred, &rqp);
if (error)
return error;
pbuf = malloc(SMB_MAXPASSWORDLEN + 1, M_SMBTEMP, M_WAITOK);
encpass = malloc(24, M_SMBTEMP, M_WAITOK);
if (vcp->vc_sopt.sv_sm & SMB_SM_USER) {
/*
* We try w/o uppercasing first so Samba mixed case
* passwords work. If that fails we come back and try
* uppercasing to satisfy OS/2 and Windows for Workgroups.
*/
if (upper++) {
iconv_convstr(vcp->vc_toupper, pbuf,
smb_vc_getpass(vcp)/*, SMB_MAXPASSWORDLEN*/);
} else {
strncpy(pbuf, smb_vc_getpass(vcp), SMB_MAXPASSWORDLEN);
pbuf[SMB_MAXPASSWORDLEN] = '\0';
}
if (!SMB_UNICODE_STRINGS(vcp))
iconv_convstr(vcp->vc_toserver, pbuf, pbuf/*,
SMB_MAXPASSWORDLEN*/);
if (vcp->vc_sopt.sv_sm & SMB_SM_ENCRYPT) {
uniplen = plen = 24;
smb_encrypt(pbuf, vcp->vc_ch, encpass);
ntencpass = malloc(uniplen, M_SMBTEMP, M_WAITOK);
if (SMB_UNICODE_STRINGS(vcp)) {
strncpy(pbuf, smb_vc_getpass(vcp),
SMB_MAXPASSWORDLEN);
pbuf[SMB_MAXPASSWORDLEN] = '\0';
} else
iconv_convstr(vcp->vc_toserver, pbuf,
smb_vc_getpass(vcp)/*,
SMB_MAXPASSWORDLEN*/);
smb_ntencrypt(pbuf, vcp->vc_ch, (u_char*)ntencpass);
pp = encpass;
unipp = ntencpass;
} else {
plen = strlen(pbuf) + 1;
pp = pbuf;
uniplen = plen * 2;
ntencpass = malloc(uniplen, M_SMBTEMP, M_WAITOK);
smb_strtouni(ntencpass, smb_vc_getpass(vcp));
plen--;
/*
* The uniplen is zeroed because Samba cannot deal
* with this 2nd cleartext password. This Samba
* "bug" is actually a workaround for problems in
* Microsoft clients.
*/
uniplen = 0/*-= 2*/;
unipp = ntencpass;
}
} else {
/*
* In the share security mode password will be used
* only in the tree authentication
*/
pp = "";
plen = 1;
unipp = &smb_unieol;
uniplen = 0 /* sizeof(smb_unieol) */;
}
smb_rq_wstart(rqp);
mbp = &rqp->sr_rq;
up = vcp->vc_username;
ulen = strlen(up) + 1;
/*
* If userid is null we are attempting anonymous browse login
* so passwords must be zero length.
*/
if (ulen == 1)
plen = uniplen = 0;
mb_put_uint8(mbp, 0xff);
mb_put_uint8(mbp, 0);
mb_put_uint16le(mbp, 0);
mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxtx);
mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxmux);
mb_put_uint16le(mbp, vcp->vc_number);
mb_put_uint32le(mbp, vcp->vc_sopt.sv_skey);
mb_put_uint16le(mbp, plen);
if (SMB_DIALECT(vcp) < SMB_DIALECT_NTLM0_12) {
mb_put_uint32le(mbp, 0);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
smb_put_dstring(mbp, vcp, up, SMB_CS_NONE);
} else {
mb_put_uint16le(mbp, uniplen);
mb_put_uint32le(mbp, 0); /* reserved */
mb_put_uint32le(mbp, vcp->obj.co_flags & SMBV_UNICODE ?
SMB_CAP_UNICODE : 0);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
mb_put_mem(mbp, (caddr_t)unipp, uniplen, MB_MSYSTEM);
smb_put_dstring(mbp, vcp, up, SMB_CS_NONE); /* AccountName */
smb_put_dstring(mbp, vcp, vcp->vc_domain, SMB_CS_NONE); /* PrimaryDomain */
smb_put_dstring(mbp, vcp, "FreeBSD", SMB_CS_NONE); /* Client's OS */
smb_put_dstring(mbp, vcp, "NETSMB", SMB_CS_NONE); /* Client name */
}
smb_rq_bend(rqp);
if (ntencpass)
free(ntencpass, M_SMBTEMP);
if (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE)
smb_calcmackey(vcp);
error = smb_rq_simple(rqp);
SMBSDEBUG("%d\n", error);
if (error) {
if (rqp->sr_errclass == ERRDOS && rqp->sr_serror == ERRnoaccess)
error = EAUTH;
goto bad;
}
vcp->vc_smbuid = rqp->sr_rpuid;
bad:
free(encpass, M_SMBTEMP);
free(pbuf, M_SMBTEMP);
smb_rq_done(rqp);
if (error && upper == 1 && vcp->vc_sopt.sv_sm & SMB_SM_USER)
goto again;
return error;
}
