2
Unix SMB2 implementation.
4
Copyright (C) Andrew Bartlett 2001-2005
5
Copyright (C) Stefan Metzmacher 2005
7
This program is free software; you can redistribute it and/or modify
8
it under the terms of the GNU General Public License as published by
9
the Free Software Foundation; either version 3 of the License, or
10
(at your option) any later version.
12
This program is distributed in the hope that it will be useful,
13
but WITHOUT ANY WARRANTY; without even the implied warranty of
14
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
GNU General Public License for more details.
17
You should have received a copy of the GNU General Public License
18
along with this program. If not, see <http://www.gnu.org/licenses/>.
22
#include "auth/credentials/credentials.h"
23
#include "auth/auth.h"
24
#include "auth/gensec/gensec.h"
25
#include "libcli/raw/libcliraw.h"
26
#include "libcli/raw/raw_proto.h"
27
#include "libcli/smb2/smb2.h"
28
#include "libcli/smb2/smb2_calls.h"
29
#include "smb_server/smb_server.h"
30
#include "smb_server/service_smb_proto.h"
31
#include "smb_server/smb2/smb2_server.h"
32
#include "smbd/service_stream.h"
33
#include "param/param.h"
34
#include "librpc/ndr/libndr.h"
36
static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *_blob)
38
struct gensec_security *gensec_security;
39
DATA_BLOB null_data_blob = data_blob(NULL, 0);
42
struct cli_credentials *server_credentials;
44
server_credentials = cli_credentials_init(req);
45
if (!server_credentials) {
46
smbsrv_terminate_connection(req->smb_conn, "Failed to init server credentials\n");
47
return NT_STATUS_NO_MEMORY;
50
cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx);
51
nt_status = cli_credentials_set_machine_account(server_credentials, req->smb_conn->lp_ctx);
52
if (!NT_STATUS_IS_OK(nt_status)) {
53
DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status)));
54
talloc_free(server_credentials);
55
server_credentials = NULL;
58
req->smb_conn->negotiate.server_credentials = talloc_steal(req->smb_conn, server_credentials);
60
nt_status = samba_server_gensec_start(req,
61
req->smb_conn->connection->event.ctx,
62
req->smb_conn->connection->msg_ctx,
63
req->smb_conn->lp_ctx,
67
if (!NT_STATUS_IS_OK(nt_status)) {
68
DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
69
smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
73
gensec_set_target_service(gensec_security, "cifs");
75
gensec_set_credentials(gensec_security, server_credentials);
77
nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
78
if (!NT_STATUS_IS_OK(nt_status)) {
79
DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status)));
80
smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO\n");
84
nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
85
if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
86
DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
87
smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
95
static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2_negprot *io)
98
struct timeval current_time;
99
struct timeval boot_time;
101
/* we only do one dialect for now */
102
if (io->in.dialect_count < 1) {
103
return NT_STATUS_NOT_SUPPORTED;
105
if (io->in.dialects[0] != 0 &&
106
io->in.dialects[0] != SMB2_DIALECT_REVISION) {
107
DEBUG(0,("Got unexpected SMB2 dialect %u\n", io->in.dialects[0]));
108
return NT_STATUS_NOT_SUPPORTED;
111
req->smb_conn->negotiate.protocol = PROTOCOL_SMB2;
113
current_time = timeval_current(); /* TODO: handle timezone?! */
114
boot_time = timeval_current(); /* TODO: fix me */
116
ZERO_STRUCT(io->out);
117
switch (lp_server_signing(req->smb_conn->lp_ctx)) {
118
case SMB_SIGNING_OFF:
119
io->out.security_mode = 0;
121
case SMB_SIGNING_SUPPORTED:
122
case SMB_SIGNING_AUTO:
123
io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
125
case SMB_SIGNING_REQUIRED:
126
io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
127
/* force signing on immediately */
128
req->smb_conn->smb2_signing_required = true;
131
io->out.dialect_revision = SMB2_DIALECT_REVISION;
132
io->out.capabilities = 0;
133
io->out.max_transact_size = lp_parm_ulong(req->smb_conn->lp_ctx, NULL,
134
"smb2", "max transaction size", 0x10000);
135
io->out.max_read_size = lp_parm_ulong(req->smb_conn->lp_ctx, NULL,
136
"smb2", "max read size", 0x10000);
137
io->out.max_write_size = lp_parm_ulong(req->smb_conn->lp_ctx, NULL,
138
"smb2", "max write size", 0x10000);
139
io->out.system_time = timeval_to_nttime(¤t_time);
140
io->out.server_start_time = timeval_to_nttime(&boot_time);
141
io->out.reserved2 = 0;
142
status = smb2srv_negprot_secblob(req, &io->out.secblob);
143
NT_STATUS_NOT_OK_RETURN(status);
148
static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negprot *io)
151
enum ndr_err_code ndr_err;
153
if (NT_STATUS_IS_ERR(req->status)) {
154
smb2srv_send_error(req, req->status); /* TODO: is this correct? */
158
status = smb2srv_setup_reply(req, 0x40, true, io->out.secblob.length);
159
if (!NT_STATUS_IS_OK(status)) {
160
smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
165
SSVAL(req->out.body, 0x02, io->out.security_mode);
166
SIVAL(req->out.body, 0x04, io->out.dialect_revision);
167
SIVAL(req->out.body, 0x06, io->out.reserved);
168
ndr_err = smbcli_push_guid(req->out.body, 0x08, &io->out.server_guid);
169
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
170
smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
174
SIVAL(req->out.body, 0x18, io->out.capabilities);
175
SIVAL(req->out.body, 0x1C, io->out.max_transact_size);
176
SIVAL(req->out.body, 0x20, io->out.max_read_size);
177
SIVAL(req->out.body, 0x24, io->out.max_write_size);
178
push_nttime(req->out.body, 0x28, io->out.system_time);
179
push_nttime(req->out.body, 0x30, io->out.server_start_time);
180
SIVAL(req->out.body, 0x3C, io->out.reserved2);
181
status = smb2_push_o16s16_blob(&req->out, 0x38, io->out.secblob);
182
if (!NT_STATUS_IS_OK(status)) {
183
smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
188
smb2srv_send_reply(req);
191
void smb2srv_negprot_recv(struct smb2srv_request *req)
193
struct smb2_negprot *io;
195
enum ndr_err_code ndr_err;
197
if (req->in.body_size < 0x26) {
198
smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot");
202
io = talloc(req, struct smb2_negprot);
204
smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
209
io->in.dialect_count = SVAL(req->in.body, 0x02);
210
io->in.security_mode = SVAL(req->in.body, 0x04);
211
io->in.reserved = SVAL(req->in.body, 0x06);
212
io->in.capabilities = IVAL(req->in.body, 0x08);
213
ndr_err = smbcli_pull_guid(req->in.body, 0xC, &io->in.client_guid);
214
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
215
smbsrv_terminate_connection(req->smb_conn, "Bad GUID in SMB2 negprot");
219
io->in.start_time = smbcli_pull_nttime(req->in.body, 0x1C);
221
io->in.dialects = talloc_array(req, uint16_t, io->in.dialect_count);
222
if (io->in.dialects == NULL) {
223
smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
227
for (i=0;i<io->in.dialect_count;i++) {
228
io->in.dialects[i] = SVAL(req->in.body, 0x24+i*2);
231
req->status = smb2srv_negprot_backend(req, io);
233
if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
237
smb2srv_negprot_send(req, io);
241
* reply to a SMB negprot request with dialect "SMB 2.002"
243
void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req)
245
struct smb2srv_request *req;
246
uint32_t body_fixed_size = 0x26;
248
req = talloc_zero(smb_req->smb_conn, struct smb2srv_request);
249
if (!req) goto nomem;
250
req->smb_conn = smb_req->smb_conn;
251
req->request_time = smb_req->request_time;
252
talloc_steal(req, smb_req);
254
req->in.size = NBT_HDR_SIZE+SMB2_HDR_BODY+body_fixed_size;
255
req->in.allocated = req->in.size;
256
req->in.buffer = talloc_array(req, uint8_t, req->in.allocated);
257
if (!req->in.buffer) goto nomem;
258
req->in.hdr = req->in.buffer + NBT_HDR_SIZE;
259
req->in.body = req->in.hdr + SMB2_HDR_BODY;
260
req->in.body_size = body_fixed_size;
261
req->in.dynamic = NULL;
263
smb2srv_setup_bufinfo(req);
265
SIVAL(req->in.hdr, 0, SMB2_MAGIC);
266
SSVAL(req->in.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
267
SSVAL(req->in.hdr, SMB2_HDR_EPOCH, 0);
268
SIVAL(req->in.hdr, SMB2_HDR_STATUS, 0);
269
SSVAL(req->in.hdr, SMB2_HDR_OPCODE, SMB2_OP_NEGPROT);
270
SSVAL(req->in.hdr, SMB2_HDR_CREDIT, 0);
271
SIVAL(req->in.hdr, SMB2_HDR_FLAGS, 0);
272
SIVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND, 0);
273
SBVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID, 0);
274
SIVAL(req->in.hdr, SMB2_HDR_PID, 0);
275
SIVAL(req->in.hdr, SMB2_HDR_TID, 0);
276
SBVAL(req->in.hdr, SMB2_HDR_SESSION_ID, 0);
277
memset(req->in.hdr+SMB2_HDR_SIGNATURE, 0, 16);
279
/* this seems to be a bug, they use 0x24 but the length is 0x26 */
280
SSVAL(req->in.body, 0x00, 0x24);
282
SSVAL(req->in.body, 0x02, 1);
283
memset(req->in.body+0x04, 0, 32);
284
SSVAL(req->in.body, 0x24, 0);
286
smb2srv_negprot_recv(req);
289
smbsrv_terminate_connection(smb_req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));