2
Unix SMB/CIFS implementation.
4
SMB2 client session handling
6
Copyright (C) Andrew Tridgell 2005
8
This program is free software; you can redistribute it and/or modify
9
it under the terms of the GNU General Public License as published by
10
the Free Software Foundation; either version 3 of the License, or
11
(at your option) any later version.
13
This program is distributed in the hope that it will be useful,
14
but WITHOUT ANY WARRANTY; without even the implied warranty of
15
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
GNU General Public License for more details.
18
You should have received a copy of the GNU General Public License
19
along with this program. If not, see <http://www.gnu.org/licenses/>.
23
#include "libcli/raw/libcliraw.h"
24
#include "libcli/smb2/smb2.h"
25
#include "libcli/smb2/smb2_calls.h"
26
#include "libcli/composite/composite.h"
27
#include "auth/gensec/gensec.h"
30
initialise a smb2_session structure
32
struct smb2_session *smb2_session_init(struct smb2_transport *transport,
33
struct gensec_settings *settings,
34
TALLOC_CTX *parent_ctx, bool primary)
36
struct smb2_session *session;
39
session = talloc_zero(parent_ctx, struct smb2_session);
44
session->transport = talloc_steal(session, transport);
46
session->transport = talloc_reference(session, transport);
49
/* prepare a gensec context for later use */
50
status = gensec_client_start(session, &session->gensec,
51
session->transport->socket->event.ctx,
53
if (!NT_STATUS_IS_OK(status)) {
58
gensec_want_feature(session->gensec, GENSEC_FEATURE_SESSION_KEY);
64
send a session setup request
66
struct smb2_request *smb2_session_setup_send(struct smb2_session *session,
67
struct smb2_session_setup *io)
69
struct smb2_request *req;
72
req = smb2_request_init(session->transport, SMB2_OP_SESSSETUP,
73
0x18, true, io->in.secblob.length);
74
if (req == NULL) return NULL;
76
SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID, session->uid);
77
SCVAL(req->out.body, 0x02, io->in.vc_number);
78
SCVAL(req->out.body, 0x03, io->in.security_mode);
79
SIVAL(req->out.body, 0x04, io->in.capabilities);
80
SIVAL(req->out.body, 0x08, io->in.channel);
81
SBVAL(req->out.body, 0x10, io->in.previous_sessionid);
83
req->session = session;
85
status = smb2_push_o16s16_blob(&req->out, 0x0C, io->in.secblob);
86
if (!NT_STATUS_IS_OK(status)) {
91
smb2_transport_send(req);
98
recv a session setup reply
100
NTSTATUS smb2_session_setup_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx,
101
struct smb2_session_setup *io)
105
if (!smb2_request_receive(req) ||
106
(smb2_request_is_error(req) &&
107
!NT_STATUS_EQUAL(req->status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
108
return smb2_request_destroy(req);
111
SMB2_CHECK_PACKET_RECV(req, 0x08, true);
113
io->out.session_flags = SVAL(req->in.body, 0x02);
114
io->out.uid = BVAL(req->in.hdr, SMB2_HDR_SESSION_ID);
116
status = smb2_pull_o16s16_blob(&req->in, mem_ctx, req->in.body+0x04, &io->out.secblob);
117
if (!NT_STATUS_IS_OK(status)) {
118
smb2_request_destroy(req);
122
return smb2_request_destroy(req);
126
sync session setup request
128
NTSTATUS smb2_session_setup(struct smb2_session *session,
129
TALLOC_CTX *mem_ctx, struct smb2_session_setup *io)
131
struct smb2_request *req = smb2_session_setup_send(session, io);
132
return smb2_session_setup_recv(req, mem_ctx, io);
136
struct smb2_session_state {
137
struct smb2_session_setup io;
138
struct smb2_request *req;
139
NTSTATUS gensec_status;
143
handle continuations of the spnego session setup
145
static void session_request_handler(struct smb2_request *req)
147
struct composite_context *c = talloc_get_type(req->async.private_data,
148
struct composite_context);
149
struct smb2_session_state *state = talloc_get_type(c->private_data,
150
struct smb2_session_state);
151
struct smb2_session *session = req->session;
153
c->status = smb2_session_setup_recv(req, c, &state->io);
154
if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED) ||
155
(NT_STATUS_IS_OK(c->status) &&
156
NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
157
NTSTATUS session_key_err;
158
DATA_BLOB session_key;
159
c->status = gensec_update(session->gensec, c,
160
state->io.out.secblob,
161
&state->io.in.secblob);
162
state->gensec_status = c->status;
164
session_key_err = gensec_session_key(session->gensec, &session_key);
165
if (NT_STATUS_IS_OK(session_key_err)) {
166
session->session_key = session_key;
170
session->uid = state->io.out.uid;
172
if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
173
state->req = smb2_session_setup_send(session, &state->io);
174
if (state->req == NULL) {
175
composite_error(c, NT_STATUS_NO_MEMORY);
179
state->req->async.fn = session_request_handler;
180
state->req->async.private_data = c;
184
if (!NT_STATUS_IS_OK(c->status)) {
185
composite_error(c, c->status);
189
if (session->transport->signing_required) {
190
if (session->session_key.length == 0) {
191
DEBUG(0,("Wrong session key length %u for SMB2 signing\n",
192
(unsigned)session->session_key.length));
193
composite_error(c, NT_STATUS_ACCESS_DENIED);
196
session->signing_active = true;
203
a composite function that does a full SPNEGO session setup
205
struct composite_context *smb2_session_setup_spnego_send(struct smb2_session *session,
206
struct cli_credentials *credentials)
208
struct composite_context *c;
209
struct smb2_session_state *state;
211
c = composite_create(session, session->transport->socket->event.ctx);
212
if (c == NULL) return NULL;
214
state = talloc(c, struct smb2_session_state);
215
if (composite_nomem(state, c)) return c;
216
c->private_data = state;
218
ZERO_STRUCT(state->io);
219
state->io.in.vc_number = 0;
220
if (session->transport->signing_required) {
221
state->io.in.security_mode =
222
SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
224
state->io.in.capabilities = 0;
225
state->io.in.channel = 0;
226
state->io.in.previous_sessionid = 0;
228
c->status = gensec_set_credentials(session->gensec, credentials);
229
if (!composite_is_ok(c)) return c;
231
c->status = gensec_set_target_hostname(session->gensec,
232
session->transport->socket->hostname);
233
if (!composite_is_ok(c)) return c;
235
c->status = gensec_set_target_service(session->gensec, "cifs");
236
if (!composite_is_ok(c)) return c;
238
c->status = gensec_start_mech_by_oid(session->gensec, GENSEC_OID_SPNEGO);
239
if (!composite_is_ok(c)) return c;
241
c->status = gensec_update(session->gensec, c,
242
session->transport->negotiate.secblob,
243
&state->io.in.secblob);
244
if (!NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
245
composite_error(c, c->status);
248
state->gensec_status = c->status;
250
state->req = smb2_session_setup_send(session, &state->io);
251
composite_continue_smb2(c, state->req, session_request_handler, c);
256
receive a composite session setup reply
258
NTSTATUS smb2_session_setup_spnego_recv(struct composite_context *c)
261
status = composite_wait(c);
267
sync version of smb2_session_setup_spnego
269
NTSTATUS smb2_session_setup_spnego(struct smb2_session *session,
270
struct cli_credentials *credentials)
272
struct composite_context *c = smb2_session_setup_spnego_send(session, credentials);
273
return smb2_session_setup_spnego_recv(c);