2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
6 Copyright (C) Jeremy Allison 2010
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "../libcli/smb/smb_common.h"
26 #include "../auth/gensec/gensec.h"
28 #include "../lib/tsocket/tsocket.h"
29 #include "../libcli/security/security.h"
30 #include "../lib/util/tevent_ntstatus.h"
31 #include "lib/smbd_tevent_queue.h"
33 static struct tevent_req
*smbd_smb2_session_setup_send(TALLOC_CTX
*mem_ctx
,
34 struct tevent_context
*ev
,
35 struct smbd_smb2_request
*smb2req
,
36 uint64_t in_session_id
,
38 uint8_t in_security_mode
,
39 uint64_t in_previous_session_id
,
40 DATA_BLOB in_security_buffer
);
41 static NTSTATUS
smbd_smb2_session_setup_recv(struct tevent_req
*req
,
42 uint16_t *out_session_flags
,
44 DATA_BLOB
*out_security_buffer
,
45 uint64_t *out_session_id
);
47 static void smbd_smb2_request_sesssetup_done(struct tevent_req
*subreq
);
49 NTSTATUS
smbd_smb2_request_process_sesssetup(struct smbd_smb2_request
*smb2req
)
52 const uint8_t *inbody
;
53 uint64_t in_session_id
;
55 uint8_t in_security_mode
;
56 uint64_t in_previous_session_id
;
57 uint16_t in_security_offset
;
58 uint16_t in_security_length
;
59 DATA_BLOB in_security_buffer
;
61 struct tevent_req
*subreq
;
63 status
= smbd_smb2_request_verify_sizes(smb2req
, 0x19);
64 if (!NT_STATUS_IS_OK(status
)) {
65 return smbd_smb2_request_error(smb2req
, status
);
67 inhdr
= SMBD_SMB2_IN_HDR_PTR(smb2req
);
68 inbody
= SMBD_SMB2_IN_BODY_PTR(smb2req
);
70 in_session_id
= BVAL(inhdr
, SMB2_HDR_SESSION_ID
);
72 in_flags
= CVAL(inbody
, 0x02);
73 in_security_mode
= CVAL(inbody
, 0x03);
74 /* Capabilities = IVAL(inbody, 0x04) */
75 /* Channel = IVAL(inbody, 0x08) */
76 in_security_offset
= SVAL(inbody
, 0x0C);
77 in_security_length
= SVAL(inbody
, 0x0E);
78 in_previous_session_id
= BVAL(inbody
, 0x10);
80 if (in_security_offset
!= (SMB2_HDR_BODY
+ SMBD_SMB2_IN_BODY_LEN(smb2req
))) {
81 return smbd_smb2_request_error(smb2req
, NT_STATUS_INVALID_PARAMETER
);
84 if (in_security_length
> SMBD_SMB2_IN_DYN_LEN(smb2req
)) {
85 return smbd_smb2_request_error(smb2req
, NT_STATUS_INVALID_PARAMETER
);
88 in_security_buffer
.data
= SMBD_SMB2_IN_DYN_PTR(smb2req
);
89 in_security_buffer
.length
= in_security_length
;
91 subreq
= smbd_smb2_session_setup_send(smb2req
,
92 smb2req
->sconn
->ev_ctx
,
97 in_previous_session_id
,
100 return smbd_smb2_request_error(smb2req
, NT_STATUS_NO_MEMORY
);
102 tevent_req_set_callback(subreq
, smbd_smb2_request_sesssetup_done
, smb2req
);
104 return smbd_smb2_request_pending_queue(smb2req
, subreq
, 500);
107 static void smbd_smb2_request_sesssetup_done(struct tevent_req
*subreq
)
109 struct smbd_smb2_request
*smb2req
=
110 tevent_req_callback_data(subreq
,
111 struct smbd_smb2_request
);
115 uint16_t out_session_flags
;
116 uint64_t out_session_id
;
117 uint16_t out_security_offset
;
118 DATA_BLOB out_security_buffer
= data_blob_null
;
120 NTSTATUS error
; /* transport error */
122 status
= smbd_smb2_session_setup_recv(subreq
,
125 &out_security_buffer
,
128 if (!NT_STATUS_IS_OK(status
) &&
129 !NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
130 status
= nt_status_squash(status
);
131 error
= smbd_smb2_request_error(smb2req
, status
);
132 if (!NT_STATUS_IS_OK(error
)) {
133 smbd_server_connection_terminate(smb2req
->sconn
,
140 out_security_offset
= SMB2_HDR_BODY
+ 0x08;
142 outhdr
= SMBD_SMB2_OUT_HDR_PTR(smb2req
);
144 outbody
= data_blob_talloc(smb2req
->out
.vector
, NULL
, 0x08);
145 if (outbody
.data
== NULL
) {
146 error
= smbd_smb2_request_error(smb2req
, NT_STATUS_NO_MEMORY
);
147 if (!NT_STATUS_IS_OK(error
)) {
148 smbd_server_connection_terminate(smb2req
->sconn
,
155 SBVAL(outhdr
, SMB2_HDR_SESSION_ID
, out_session_id
);
157 SSVAL(outbody
.data
, 0x00, 0x08 + 1); /* struct size */
158 SSVAL(outbody
.data
, 0x02,
159 out_session_flags
); /* session flags */
160 SSVAL(outbody
.data
, 0x04,
161 out_security_offset
); /* security buffer offset */
162 SSVAL(outbody
.data
, 0x06,
163 out_security_buffer
.length
); /* security buffer length */
165 outdyn
= out_security_buffer
;
167 error
= smbd_smb2_request_done_ex(smb2req
, status
, outbody
, &outdyn
,
169 if (!NT_STATUS_IS_OK(error
)) {
170 smbd_server_connection_terminate(smb2req
->sconn
,
176 static NTSTATUS
smbd_smb2_auth_generic_return(struct smbXsrv_session
*session
,
177 struct smbd_smb2_request
*smb2req
,
178 uint8_t in_security_mode
,
179 struct auth_session_info
*session_info
,
180 uint16_t *out_session_flags
,
181 uint64_t *out_session_id
)
185 uint8_t session_key
[16];
186 struct smbXsrv_session
*x
= session
;
187 struct smbXsrv_connection
*conn
= session
->connection
;
189 if ((in_security_mode
& SMB2_NEGOTIATE_SIGNING_REQUIRED
) ||
190 lp_server_signing() == SMB_SIGNING_REQUIRED
) {
191 x
->global
->signing_required
= true;
194 if (lp_smb_encrypt(-1) == SMB_SIGNING_REQUIRED
) {
195 x
->global
->encryption_required
= true;
198 if (security_session_user_level(session_info
, NULL
) < SECURITY_USER
) {
199 /* we map anonymous to guest internally */
200 *out_session_flags
|= SMB2_SESSION_FLAG_IS_GUEST
;
201 *out_session_flags
|= SMB2_SESSION_FLAG_IS_NULL
;
202 /* force no signing */
203 x
->global
->signing_required
= false;
207 if (guest
&& x
->global
->encryption_required
) {
208 DEBUG(1,("reject guest session as encryption is required\n"));
209 return NT_STATUS_ACCESS_DENIED
;
212 if (!(conn
->smb2
.server
.capabilities
& SMB2_CAP_ENCRYPTION
)) {
213 if (x
->global
->encryption_required
) {
214 DEBUG(1,("reject session with dialect[0x%04X] "
215 "as encryption is required\n",
216 conn
->smb2
.server
.dialect
));
217 return NT_STATUS_ACCESS_DENIED
;
221 if (x
->global
->encryption_required
) {
222 *out_session_flags
|= SMB2_SESSION_FLAG_ENCRYPT_DATA
;
225 ZERO_STRUCT(session_key
);
226 memcpy(session_key
, session_info
->session_key
.data
,
227 MIN(session_info
->session_key
.length
, sizeof(session_key
)));
229 x
->global
->signing_key
= data_blob_talloc(x
->global
,
231 sizeof(session_key
));
232 if (x
->global
->signing_key
.data
== NULL
) {
233 ZERO_STRUCT(session_key
);
234 return NT_STATUS_NO_MEMORY
;
237 if (conn
->protocol
>= PROTOCOL_SMB2_24
) {
238 const DATA_BLOB label
= data_blob_string_const_null("SMB2AESCMAC");
239 const DATA_BLOB context
= data_blob_string_const_null("SmbSign");
241 smb2_key_derivation(session_key
, sizeof(session_key
),
242 label
.data
, label
.length
,
243 context
.data
, context
.length
,
244 x
->global
->signing_key
.data
);
247 if (conn
->protocol
>= PROTOCOL_SMB2_24
) {
248 const DATA_BLOB label
= data_blob_string_const_null("SMB2AESCCM");
249 const DATA_BLOB context
= data_blob_string_const_null("ServerIn ");
251 x
->global
->decryption_key
= data_blob_talloc(x
->global
,
253 sizeof(session_key
));
254 if (x
->global
->decryption_key
.data
== NULL
) {
255 ZERO_STRUCT(session_key
);
256 return NT_STATUS_NO_MEMORY
;
259 smb2_key_derivation(session_key
, sizeof(session_key
),
260 label
.data
, label
.length
,
261 context
.data
, context
.length
,
262 x
->global
->decryption_key
.data
);
265 if (conn
->protocol
>= PROTOCOL_SMB2_24
) {
266 const DATA_BLOB label
= data_blob_string_const_null("SMB2AESCCM");
267 const DATA_BLOB context
= data_blob_string_const_null("ServerOut");
269 x
->global
->encryption_key
= data_blob_talloc(x
->global
,
271 sizeof(session_key
));
272 if (x
->global
->encryption_key
.data
== NULL
) {
273 ZERO_STRUCT(session_key
);
274 return NT_STATUS_NO_MEMORY
;
277 smb2_key_derivation(session_key
, sizeof(session_key
),
278 label
.data
, label
.length
,
279 context
.data
, context
.length
,
280 x
->global
->encryption_key
.data
);
282 generate_random_buffer((uint8_t *)&x
->nonce_high
, sizeof(x
->nonce_high
));
286 x
->global
->application_key
= data_blob_dup_talloc(x
->global
,
287 x
->global
->signing_key
);
288 if (x
->global
->application_key
.data
== NULL
) {
289 ZERO_STRUCT(session_key
);
290 return NT_STATUS_NO_MEMORY
;
293 if (conn
->protocol
>= PROTOCOL_SMB2_24
) {
294 const DATA_BLOB label
= data_blob_string_const_null("SMB2APP");
295 const DATA_BLOB context
= data_blob_string_const_null("SmbRpc");
297 smb2_key_derivation(session_key
, sizeof(session_key
),
298 label
.data
, label
.length
,
299 context
.data
, context
.length
,
300 x
->global
->application_key
.data
);
302 ZERO_STRUCT(session_key
);
304 x
->global
->channels
[0].signing_key
= data_blob_dup_talloc(x
->global
->channels
,
305 x
->global
->signing_key
);
306 if (x
->global
->channels
[0].signing_key
.data
== NULL
) {
307 return NT_STATUS_NO_MEMORY
;
310 data_blob_clear_free(&session_info
->session_key
);
311 session_info
->session_key
= data_blob_dup_talloc(session_info
,
312 x
->global
->application_key
);
313 if (session_info
->session_key
.data
== NULL
) {
314 return NT_STATUS_NO_MEMORY
;
317 session
->compat
= talloc_zero(session
, struct user_struct
);
318 if (session
->compat
== NULL
) {
319 return NT_STATUS_NO_MEMORY
;
321 session
->compat
->session
= session
;
322 session
->compat
->homes_snum
= -1;
323 session
->compat
->session_info
= session_info
;
324 session
->compat
->session_keystr
= NULL
;
325 session
->compat
->vuid
= session
->global
->session_wire_id
;
326 DLIST_ADD(smb2req
->sconn
->users
, session
->compat
);
327 smb2req
->sconn
->num_users
++;
329 if (security_session_user_level(session_info
, NULL
) >= SECURITY_USER
) {
330 session
->compat
->homes_snum
=
331 register_homes_share(session_info
->unix_info
->unix_name
);
334 set_current_user_info(session_info
->unix_info
->sanitized_username
,
335 session_info
->unix_info
->unix_name
,
336 session_info
->info
->domain_name
);
338 reload_services(smb2req
->sconn
, conn_snum_used
, true);
340 session
->status
= NT_STATUS_OK
;
341 session
->global
->auth_session_info
= session_info
;
342 session
->global
->auth_session_info_seqnum
+= 1;
343 session
->global
->channels
[0].auth_session_info_seqnum
=
344 session
->global
->auth_session_info_seqnum
;
345 session
->global
->expiration_time
= gensec_expire_time(session
->gensec
);
347 if (!session_claim(session
)) {
348 DEBUG(1, ("smb2: Failed to claim session "
350 (unsigned long long)session
->compat
->vuid
));
351 return NT_STATUS_LOGON_FAILURE
;
354 status
= smbXsrv_session_update(session
);
355 if (!NT_STATUS_IS_OK(status
)) {
356 DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
357 (unsigned long long)session
->compat
->vuid
,
359 return NT_STATUS_LOGON_FAILURE
;
363 * we attach the session to the request
364 * so that the response can be signed
366 smb2req
->session
= session
;
368 smb2req
->do_signing
= true;
371 global_client_caps
|= (CAP_LEVEL_II_OPLOCKS
|CAP_STATUS32
);
373 *out_session_id
= session
->global
->session_wire_id
;
378 static NTSTATUS
smbd_smb2_reauth_generic_return(struct smbXsrv_session
*session
,
379 struct smbd_smb2_request
*smb2req
,
380 struct auth_session_info
*session_info
,
381 uint16_t *out_session_flags
,
382 uint64_t *out_session_id
)
385 struct smbXsrv_session
*x
= session
;
386 struct smbXsrv_connection
*conn
= session
->connection
;
388 data_blob_clear_free(&session_info
->session_key
);
389 session_info
->session_key
= data_blob_dup_talloc(session_info
,
390 x
->global
->application_key
);
391 if (session_info
->session_key
.data
== NULL
) {
392 return NT_STATUS_NO_MEMORY
;
395 session
->compat
->session_info
= session_info
;
396 session
->compat
->vuid
= session
->global
->session_wire_id
;
398 session
->compat
->homes_snum
=
399 register_homes_share(session_info
->unix_info
->unix_name
);
401 set_current_user_info(session_info
->unix_info
->sanitized_username
,
402 session_info
->unix_info
->unix_name
,
403 session_info
->info
->domain_name
);
405 reload_services(smb2req
->sconn
, conn_snum_used
, true);
407 session
->status
= NT_STATUS_OK
;
408 TALLOC_FREE(session
->global
->auth_session_info
);
409 session
->global
->auth_session_info
= session_info
;
410 session
->global
->auth_session_info_seqnum
+= 1;
411 session
->global
->channels
[0].auth_session_info_seqnum
=
412 session
->global
->auth_session_info_seqnum
;
413 session
->global
->expiration_time
= gensec_expire_time(session
->gensec
);
415 status
= smbXsrv_session_update(session
);
416 if (!NT_STATUS_IS_OK(status
)) {
417 DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
418 (unsigned long long)session
->compat
->vuid
,
420 return NT_STATUS_LOGON_FAILURE
;
423 conn_clear_vuid_caches(conn
->sconn
, session
->compat
->vuid
);
425 if (security_session_user_level(session_info
, NULL
) >= SECURITY_USER
) {
426 smb2req
->do_signing
= true;
429 *out_session_id
= session
->global
->session_wire_id
;
434 struct smbd_smb2_session_setup_state
{
435 struct tevent_context
*ev
;
436 struct smbd_smb2_request
*smb2req
;
437 uint64_t in_session_id
;
439 uint8_t in_security_mode
;
440 uint64_t in_previous_session_id
;
441 DATA_BLOB in_security_buffer
;
442 struct smbXsrv_session
*session
;
443 struct auth_session_info
*session_info
;
444 uint16_t out_session_flags
;
445 DATA_BLOB out_security_buffer
;
446 uint64_t out_session_id
;
447 /* The following pointer is owned by state->session. */
448 struct smbd_smb2_session_setup_state
**pp_self_ref
;
451 static int pp_self_ref_destructor(struct smbd_smb2_session_setup_state
**pp_state
)
453 (*pp_state
)->session
= NULL
;
455 * To make things clearer, ensure the pp_self_ref
456 * pointer is nulled out. We're never going to
459 (*pp_state
)->pp_self_ref
= NULL
;
463 static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_setup_state
*state
)
466 * if state->session is not NULL,
467 * we remove the session on failure
469 TALLOC_FREE(state
->session
);
473 static void smbd_smb2_session_setup_gensec_done(struct tevent_req
*subreq
);
474 static void smbd_smb2_session_setup_previous_done(struct tevent_req
*subreq
);
476 /************************************************************************
477 We have to tag the state->session pointer with memory talloc'ed
478 on it to ensure it gets NULL'ed out if the underlying struct smbXsrv_session
479 is deleted by shutdown whilst this request is in flight.
480 ************************************************************************/
482 static NTSTATUS
tag_state_session_ptr(struct smbd_smb2_session_setup_state
*state
)
484 state
->pp_self_ref
= talloc_zero(state
->session
,
485 struct smbd_smb2_session_setup_state
*);
486 if (state
->pp_self_ref
== NULL
) {
487 return NT_STATUS_NO_MEMORY
;
489 *state
->pp_self_ref
= state
;
490 talloc_set_destructor(state
->pp_self_ref
, pp_self_ref_destructor
);
494 static struct tevent_req
*smbd_smb2_session_setup_send(TALLOC_CTX
*mem_ctx
,
495 struct tevent_context
*ev
,
496 struct smbd_smb2_request
*smb2req
,
497 uint64_t in_session_id
,
499 uint8_t in_security_mode
,
500 uint64_t in_previous_session_id
,
501 DATA_BLOB in_security_buffer
)
503 struct tevent_req
*req
;
504 struct smbd_smb2_session_setup_state
*state
;
506 NTTIME now
= timeval_to_nttime(&smb2req
->request_time
);
507 struct tevent_req
*subreq
;
509 req
= tevent_req_create(mem_ctx
, &state
,
510 struct smbd_smb2_session_setup_state
);
515 state
->smb2req
= smb2req
;
516 state
->in_session_id
= in_session_id
;
517 state
->in_flags
= in_flags
;
518 state
->in_security_mode
= in_security_mode
;
519 state
->in_previous_session_id
= in_previous_session_id
;
520 state
->in_security_buffer
= in_security_buffer
;
522 if (in_flags
& SMB2_SESSION_FLAG_BINDING
) {
523 if (smb2req
->sconn
->conn
->protocol
< PROTOCOL_SMB2_22
) {
524 tevent_req_nterror(req
, NT_STATUS_REQUEST_NOT_ACCEPTED
);
525 return tevent_req_post(req
, ev
);
529 * We do not support multi channel.
531 tevent_req_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
532 return tevent_req_post(req
, ev
);
535 talloc_set_destructor(state
, smbd_smb2_session_setup_state_destructor
);
537 if (state
->in_session_id
== 0) {
538 /* create a new session */
539 status
= smbXsrv_session_create(state
->smb2req
->sconn
->conn
,
540 now
, &state
->session
);
541 if (tevent_req_nterror(req
, status
)) {
542 return tevent_req_post(req
, ev
);
545 status
= smb2srv_session_lookup(state
->smb2req
->sconn
->conn
,
546 state
->in_session_id
, now
,
548 if (NT_STATUS_EQUAL(status
, NT_STATUS_NETWORK_SESSION_EXPIRED
)) {
549 status
= NT_STATUS_OK
;
551 if (NT_STATUS_IS_OK(status
)) {
552 state
->session
->status
= NT_STATUS_MORE_PROCESSING_REQUIRED
;
553 status
= NT_STATUS_MORE_PROCESSING_REQUIRED
;
554 TALLOC_FREE(state
->session
->gensec
);
556 if (!NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
557 tevent_req_nterror(req
, status
);
558 return tevent_req_post(req
, ev
);
562 status
= tag_state_session_ptr(state
);
563 if (tevent_req_nterror(req
, status
)) {
564 return tevent_req_post(req
, ev
);
567 if (state
->session
->gensec
== NULL
) {
568 status
= auth_generic_prepare(state
->session
,
569 state
->session
->connection
->remote_address
,
570 &state
->session
->gensec
);
571 if (tevent_req_nterror(req
, status
)) {
572 return tevent_req_post(req
, ev
);
575 gensec_want_feature(state
->session
->gensec
, GENSEC_FEATURE_SESSION_KEY
);
576 gensec_want_feature(state
->session
->gensec
, GENSEC_FEATURE_UNIX_TOKEN
);
578 status
= gensec_start_mech_by_oid(state
->session
->gensec
,
580 if (tevent_req_nterror(req
, status
)) {
581 return tevent_req_post(req
, ev
);
586 subreq
= gensec_update_send(state
, state
->ev
,
587 state
->session
->gensec
,
588 state
->in_security_buffer
);
590 if (tevent_req_nomem(subreq
, req
)) {
591 return tevent_req_post(req
, ev
);
593 tevent_req_set_callback(subreq
, smbd_smb2_session_setup_gensec_done
, req
);
598 static void smbd_smb2_session_setup_gensec_done(struct tevent_req
*subreq
)
600 struct tevent_req
*req
=
601 tevent_req_callback_data(subreq
,
603 struct smbd_smb2_session_setup_state
*state
=
605 struct smbd_smb2_session_setup_state
);
609 status
= gensec_update_recv(subreq
, state
,
610 &state
->out_security_buffer
);
613 if (!NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
) &&
614 !NT_STATUS_IS_OK(status
)) {
615 tevent_req_nterror(req
, status
);
619 if (NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
620 state
->out_session_id
= state
->session
->global
->session_wire_id
;
621 /* we want to keep the session */
622 TALLOC_FREE(state
->pp_self_ref
);
623 tevent_req_nterror(req
, status
);
627 status
= gensec_session_info(state
->session
->gensec
,
628 state
->session
->global
,
629 &state
->session_info
);
630 if (tevent_req_nterror(req
, status
)) {
634 if ((state
->in_previous_session_id
!= 0) &&
635 (state
->session
->global
->session_wire_id
!=
636 state
->in_previous_session_id
))
638 subreq
= smb2srv_session_close_previous_send(state
, state
->ev
,
639 state
->session
->connection
,
641 state
->in_previous_session_id
,
642 state
->session
->global
->session_wire_id
);
643 if (tevent_req_nomem(subreq
, req
)) {
646 tevent_req_set_callback(subreq
,
647 smbd_smb2_session_setup_previous_done
,
652 if (state
->session
->global
->auth_session_info
!= NULL
) {
653 status
= smbd_smb2_reauth_generic_return(state
->session
,
656 &state
->out_session_flags
,
657 &state
->out_session_id
);
658 if (tevent_req_nterror(req
, status
)) {
661 /* we want to keep the session */
662 TALLOC_FREE(state
->pp_self_ref
);
663 tevent_req_done(req
);
667 status
= smbd_smb2_auth_generic_return(state
->session
,
669 state
->in_security_mode
,
671 &state
->out_session_flags
,
672 &state
->out_session_id
);
673 if (tevent_req_nterror(req
, status
)) {
677 /* we want to keep the session */
678 TALLOC_FREE(state
->pp_self_ref
);
679 tevent_req_done(req
);
683 static void smbd_smb2_session_setup_previous_done(struct tevent_req
*subreq
)
685 struct tevent_req
*req
=
686 tevent_req_callback_data(subreq
,
688 struct smbd_smb2_session_setup_state
*state
=
690 struct smbd_smb2_session_setup_state
);
693 status
= smb2srv_session_close_previous_recv(subreq
);
695 if (tevent_req_nterror(req
, status
)) {
699 if (state
->session
->global
->auth_session_info
!= NULL
) {
700 status
= smbd_smb2_reauth_generic_return(state
->session
,
703 &state
->out_session_flags
,
704 &state
->out_session_id
);
705 if (tevent_req_nterror(req
, status
)) {
708 /* we want to keep the session */
709 TALLOC_FREE(state
->pp_self_ref
);
710 tevent_req_done(req
);
714 status
= smbd_smb2_auth_generic_return(state
->session
,
716 state
->in_security_mode
,
718 &state
->out_session_flags
,
719 &state
->out_session_id
);
720 if (tevent_req_nterror(req
, status
)) {
724 /* we want to keep the session */
725 TALLOC_FREE(state
->pp_self_ref
);
726 tevent_req_done(req
);
730 static NTSTATUS
smbd_smb2_session_setup_recv(struct tevent_req
*req
,
731 uint16_t *out_session_flags
,
733 DATA_BLOB
*out_security_buffer
,
734 uint64_t *out_session_id
)
736 struct smbd_smb2_session_setup_state
*state
=
738 struct smbd_smb2_session_setup_state
);
741 if (tevent_req_is_nterror(req
, &status
)) {
742 if (!NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
743 tevent_req_received(req
);
744 return nt_status_squash(status
);
747 status
= NT_STATUS_OK
;
750 *out_session_flags
= state
->out_session_flags
;
751 *out_security_buffer
= state
->out_security_buffer
;
752 *out_session_id
= state
->out_session_id
;
754 talloc_steal(mem_ctx
, out_security_buffer
->data
);
755 tevent_req_received(req
);
759 static struct tevent_req
*smbd_smb2_logoff_send(TALLOC_CTX
*mem_ctx
,
760 struct tevent_context
*ev
,
761 struct smbd_smb2_request
*smb2req
);
762 static NTSTATUS
smbd_smb2_logoff_recv(struct tevent_req
*req
);
763 static void smbd_smb2_request_logoff_done(struct tevent_req
*subreq
);
765 NTSTATUS
smbd_smb2_request_process_logoff(struct smbd_smb2_request
*req
)
768 struct tevent_req
*subreq
= NULL
;
770 status
= smbd_smb2_request_verify_sizes(req
, 0x04);
771 if (!NT_STATUS_IS_OK(status
)) {
772 return smbd_smb2_request_error(req
, status
);
775 subreq
= smbd_smb2_logoff_send(req
, req
->sconn
->ev_ctx
, req
);
776 if (subreq
== NULL
) {
777 return smbd_smb2_request_error(req
, NT_STATUS_NO_MEMORY
);
779 tevent_req_set_callback(subreq
, smbd_smb2_request_logoff_done
, req
);
782 * Wait a long time before going async on this to allow
783 * requests we're waiting on to finish. Set timeout to 10 secs.
785 return smbd_smb2_request_pending_queue(req
, subreq
, 10000000);
788 static void smbd_smb2_request_logoff_done(struct tevent_req
*subreq
)
790 struct smbd_smb2_request
*smb2req
=
791 tevent_req_callback_data(subreq
,
792 struct smbd_smb2_request
);
797 status
= smbd_smb2_logoff_recv(subreq
);
799 if (!NT_STATUS_IS_OK(status
)) {
800 error
= smbd_smb2_request_error(smb2req
, status
);
801 if (!NT_STATUS_IS_OK(error
)) {
802 smbd_server_connection_terminate(smb2req
->sconn
,
809 outbody
= data_blob_talloc(smb2req
->out
.vector
, NULL
, 0x04);
810 if (outbody
.data
== NULL
) {
811 error
= smbd_smb2_request_error(smb2req
, NT_STATUS_NO_MEMORY
);
812 if (!NT_STATUS_IS_OK(error
)) {
813 smbd_server_connection_terminate(smb2req
->sconn
,
820 SSVAL(outbody
.data
, 0x00, 0x04); /* struct size */
821 SSVAL(outbody
.data
, 0x02, 0); /* reserved */
823 error
= smbd_smb2_request_done(smb2req
, outbody
, NULL
);
824 if (!NT_STATUS_IS_OK(error
)) {
825 smbd_server_connection_terminate(smb2req
->sconn
,
831 struct smbd_smb2_logout_state
{
832 struct smbd_smb2_request
*smb2req
;
833 struct tevent_queue
*wait_queue
;
836 static void smbd_smb2_logoff_wait_done(struct tevent_req
*subreq
);
838 static struct tevent_req
*smbd_smb2_logoff_send(TALLOC_CTX
*mem_ctx
,
839 struct tevent_context
*ev
,
840 struct smbd_smb2_request
*smb2req
)
842 struct tevent_req
*req
;
843 struct smbd_smb2_logout_state
*state
;
844 struct tevent_req
*subreq
;
845 struct smbd_smb2_request
*preq
;
847 req
= tevent_req_create(mem_ctx
, &state
,
848 struct smbd_smb2_logout_state
);
852 state
->smb2req
= smb2req
;
854 state
->wait_queue
= tevent_queue_create(state
, "logoff_wait_queue");
855 if (tevent_req_nomem(state
->wait_queue
, req
)) {
856 return tevent_req_post(req
, ev
);
860 * Make sure that no new request will be able to use this session.
862 smb2req
->session
->status
= NT_STATUS_USER_SESSION_DELETED
;
864 for (preq
= smb2req
->sconn
->smb2
.requests
; preq
!= NULL
; preq
= preq
->next
) {
865 if (preq
== smb2req
) {
866 /* Can't cancel current request. */
869 if (preq
->session
!= smb2req
->session
) {
870 /* Request on different session. */
875 * Never cancel anything in a compound
876 * request. Way too hard to deal with
879 if (!preq
->compound_related
&& preq
->subreq
!= NULL
) {
880 tevent_req_cancel(preq
->subreq
);
884 * Now wait until the request is finished.
886 * We don't set a callback, as we just want to block the
887 * wait queue and the talloc_free() of the request will
888 * remove the item from the wait queue.
890 subreq
= smbd_tevent_queue_wait_send(preq
, ev
, state
->wait_queue
);
891 if (tevent_req_nomem(subreq
, req
)) {
892 return tevent_req_post(req
, ev
);
897 * Now we add our own waiter to the end of the queue,
898 * this way we get notified when all pending requests are finished
899 * and send to the socket.
901 subreq
= smbd_tevent_queue_wait_send(state
, ev
, state
->wait_queue
);
902 if (tevent_req_nomem(subreq
, req
)) {
903 return tevent_req_post(req
, ev
);
905 tevent_req_set_callback(subreq
, smbd_smb2_logoff_wait_done
, req
);
910 static void smbd_smb2_logoff_wait_done(struct tevent_req
*subreq
)
912 struct tevent_req
*req
= tevent_req_callback_data(
913 subreq
, struct tevent_req
);
914 struct smbd_smb2_logout_state
*state
= tevent_req_data(
915 req
, struct smbd_smb2_logout_state
);
918 smbd_tevent_queue_wait_recv(subreq
);
922 * As we've been awoken, we may have changed
923 * uid in the meantime. Ensure we're still
924 * root (SMB2_OP_LOGOFF has .as_root = true).
926 change_to_root_user();
928 status
= smbXsrv_session_logoff(state
->smb2req
->session
);
929 if (tevent_req_nterror(req
, status
)) {
934 * we may need to sign the response, so we need to keep
935 * the session until the response is sent to the wire.
937 talloc_steal(state
->smb2req
, state
->smb2req
->session
);
939 tevent_req_done(req
);
942 static NTSTATUS
smbd_smb2_logoff_recv(struct tevent_req
*req
)
944 return tevent_req_simple_recv_ntstatus(req
);
