search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
WHATSNEW: Add release notes for Samba 4.12.3.
[Samba.git] / source3 / smbd / negprot.c
blob67ef60da8528b46e88551cd26ea572e40cfb1c6f
1 /*
2 Unix SMB/CIFS implementation.
3 negprot reply code
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "serverid.h"
25 #include "auth.h"
26 #include "messages.h"
27 #include "smbprofile.h"
28 #include "auth/gensec/gensec.h"
29 #include "../libcli/smb/smb_signing.h"
30
31 /*
32 * MS-CIFS, 2.2.4.52.2 SMB_COM_NEGOTIATE Response:
33 * If the server does not support any of the listed dialects, it MUST return a
34 * DialectIndex of 0XFFFF
35 */
36 #define NO_PROTOCOL_CHOSEN 0xffff
37
38 extern fstring remote_proto;
39
40 static void get_challenge(struct smbXsrv_connection *xconn, uint8_t buff[8])
41 {
42 NTSTATUS nt_status;
43
44 /* We might be called more than once, multiple negprots are
45 * permitted */
46 if (xconn->smb1.negprot.auth_context) {
47 DEBUG(3, ("get challenge: is this a secondary negprot? "
48 "sconn->negprot.auth_context is non-NULL!\n"));
49 TALLOC_FREE(xconn->smb1.negprot.auth_context);
50 }
51
52 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
53 nt_status = make_auth4_context(
54 xconn, &xconn->smb1.negprot.auth_context);
55 if (!NT_STATUS_IS_OK(nt_status)) {
56 DEBUG(0, ("make_auth_context_subsystem returned %s",
57 nt_errstr(nt_status)));
58 smb_panic("cannot make_negprot_global_auth_context!");
59 }
60 DEBUG(10, ("get challenge: getting challenge\n"));
61 xconn->smb1.negprot.auth_context->get_ntlm_challenge(
62 xconn->smb1.negprot.auth_context, buff);
63 }
64
65 /****************************************************************************
66 Reply for the lanman 1.0 protocol.
67 ****************************************************************************/
68
69 static NTSTATUS reply_lanman1(struct smb_request *req, uint16_t choice)
70 {
71 int secword=0;
72 time_t t = time(NULL);
73 struct smbXsrv_connection *xconn = req->xconn;
74 uint16_t raw;
75 NTSTATUS status;
76
77 if (lp_async_smb_echo_handler()) {
78 raw = 0;
79 } else {
80 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
81 }
82
83 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
84
85 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
86 if (xconn->smb1.negprot.encrypted_passwords) {
87 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
88 }
89
90 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
91
92 SSVAL(req->outbuf,smb_vwv0,choice);
93 SSVAL(req->outbuf,smb_vwv1,secword);
94 /* Create a token value and add it to the outgoing packet. */
95 if (xconn->smb1.negprot.encrypted_passwords) {
96 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
97 SSVAL(req->outbuf,smb_vwv11, 8);
98 }
99
100 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
101 if (!NT_STATUS_IS_OK(status)) {
102 reply_nterror(req, status);
103 return status;
104 }
105
106 /* Reply, SMBlockread, SMBwritelock supported. */
107 SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
108 SSVAL(req->outbuf,smb_vwv2, xconn->smb1.negprot.max_recv);
109 SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
110 SSVAL(req->outbuf,smb_vwv4, 1);
111 SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
112 readbraw writebraw (possibly) */
113 SIVAL(req->outbuf,smb_vwv6, getpid());
114 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
115
116 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
117
118 return NT_STATUS_OK;
119 }
120
121 /****************************************************************************
122 Reply for the lanman 2.0 protocol.
123 ****************************************************************************/
124
125 static NTSTATUS reply_lanman2(struct smb_request *req, uint16_t choice)
126 {
127 int secword=0;
128 time_t t = time(NULL);
129 struct smbXsrv_connection *xconn = req->xconn;
130 uint16_t raw;
131 NTSTATUS status;
132
133 if (lp_async_smb_echo_handler()) {
134 raw = 0;
135 } else {
136 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
137 }
138
139 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
140
141 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
142 if (xconn->smb1.negprot.encrypted_passwords) {
143 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
144 }
145
146 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
147
148 SSVAL(req->outbuf,smb_vwv0, choice);
149 SSVAL(req->outbuf,smb_vwv1, secword);
150 SIVAL(req->outbuf,smb_vwv6, getpid());
151
152 /* Create a token value and add it to the outgoing packet. */
153 if (xconn->smb1.negprot.encrypted_passwords) {
154 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
155 SSVAL(req->outbuf,smb_vwv11, 8);
156 }
157
158 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
159 if (!NT_STATUS_IS_OK(status)) {
160 reply_nterror(req, status);
161 return status;
162 }
163
164 /* Reply, SMBlockread, SMBwritelock supported. */
165 SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
166 SSVAL(req->outbuf,smb_vwv2,xconn->smb1.negprot.max_recv);
167 SSVAL(req->outbuf,smb_vwv3,lp_max_mux());
168 SSVAL(req->outbuf,smb_vwv4,1);
169 SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
170 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
171 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
172 return NT_STATUS_OK;
173 }
174
175 /****************************************************************************
176 Generate the spnego negprot reply blob. Return the number of bytes used.
177 ****************************************************************************/
178
179 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbXsrv_connection *xconn)
180 {
181 DATA_BLOB blob = data_blob_null;
182 DATA_BLOB blob_out = data_blob_null;
183 nstring dos_name;
184 fstring unix_name;
185 NTSTATUS status;
186 #ifdef DEVELOPER
187 size_t slen;
188 #endif
189 struct gensec_security *gensec_security;
190
191 /* See if we can get an SPNEGO blob */
192 status = auth_generic_prepare(talloc_tos(),
193 xconn->remote_address,
194 xconn->local_address,
195 "SMB",
196 &gensec_security);
197
198 /*
199 * Despite including it above, there is no need to set a
200 * remote address or similar as we are just interested in the
201 * SPNEGO blob, we never keep this context.
202 */
203
204 if (NT_STATUS_IS_OK(status)) {
205 status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
206 if (NT_STATUS_IS_OK(status)) {
207 status = gensec_update(gensec_security, ctx,
208 data_blob_null, &blob);
209 /* If we get the list of OIDs, the 'OK' answer
210 * is NT_STATUS_MORE_PROCESSING_REQUIRED */
211 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
212 DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
213 blob = data_blob_null;
214 }
215 }
216 TALLOC_FREE(gensec_security);
217 }
218
219 xconn->smb1.negprot.spnego = true;
220
221 /* strangely enough, NT does not sent the single OID NTLMSSP when
222 not a ADS member, it sends no OIDs at all
223
224 OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
225 about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
226
227 Our sessionsetup code now handles raw NTLMSSP connects, so we can go
228 back to doing what W2K3 does here. This is needed to make PocketPC 2003
229 CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
230 for details. JRA.
231
232 */
233
234 if (blob.length == 0 || blob.data == NULL) {
235 return data_blob_null;
236 }
237
238 blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
239 if (blob_out.data == NULL) {
240 data_blob_free(&blob);
241 return data_blob_null;
242 }
243
244 memset(blob_out.data, '\0', 16);
245
246 checked_strlcpy(unix_name, lp_netbios_name(), sizeof(unix_name));
247 (void)strlower_m(unix_name);
248 push_ascii_nstring(dos_name, unix_name);
249 strlcpy((char *)blob_out.data, dos_name, 17);
250
251 #ifdef DEVELOPER
252 /* Fix valgrind 'uninitialized bytes' issue. */
253 slen = strlen(dos_name);
254 if (slen < 16) {
255 memset(blob_out.data+slen, '\0', 16 - slen);
256 }
257 #endif
258
259 memcpy(&blob_out.data[16], blob.data, blob.length);
260
261 data_blob_free(&blob);
262
263 return blob_out;
264 }
265
266 /****************************************************************************
267 Reply for the nt protocol.
268 ****************************************************************************/
269
270 static NTSTATUS reply_nt1(struct smb_request *req, uint16_t choice)
271 {
272 /* dual names + lock_and_read + nt SMBs + remote API calls */
273 int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
274 CAP_LEVEL_II_OPLOCKS;
275
276 int secword=0;
277 bool negotiate_spnego = False;
278 struct timespec ts;
279 ssize_t ret;
280 struct smbXsrv_connection *xconn = req->xconn;
281 bool signing_desired = false;
282 bool signing_required = false;
283 NTSTATUS status;
284
285 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
286
287 /* Check the flags field to see if this is Vista.
288 WinXP sets it and Vista does not. But we have to
289 distinguish from NT which doesn't set it either. */
290
291 if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
292 ((req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) == 0) )
293 {
294 if ((get_remote_arch() != RA_SAMBA) &&
295 (get_remote_arch() != RA_CIFSFS)) {
296 set_remote_arch( RA_VISTA );
297 }
298 }
299
300 reply_outbuf(req,17,0);
301
302 /* do spnego in user level security if the client
303 supports it and we can do encrypted passwords */
304
305 if (xconn->smb1.negprot.encrypted_passwords &&
306 (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
307 negotiate_spnego = True;
308 capabilities |= CAP_EXTENDED_SECURITY;
309 add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
310 /* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
311 (already partially constructed. */
312 SSVAL(req->outbuf, smb_flg2,
313 req->flags2 | FLAGS2_EXTENDED_SECURITY);
314 }
315
316 capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS;
317
318 if (lp_unicode()) {
319 capabilities |= CAP_UNICODE;
320 }
321
322 if (lp_unix_extensions()) {
323 capabilities |= CAP_UNIX;
324 }
325
326 if (lp_large_readwrite())
327 capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
328
329 capabilities |= CAP_LARGE_FILES;
330
331 if (!lp_async_smb_echo_handler() && lp_read_raw() && lp_write_raw())
332 capabilities |= CAP_RAW_MODE;
333
334 if (lp_nt_status_support())
335 capabilities |= CAP_STATUS32;
336
337 if (lp_host_msdfs())
338 capabilities |= CAP_DFS;
339
340 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
341 if (xconn->smb1.negprot.encrypted_passwords) {
342 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
343 }
344
345 signing_desired = smb_signing_is_desired(xconn->smb1.signing_state);
346 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
347
348 if (signing_desired) {
349 secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
350 /* No raw mode with smb signing. */
351 capabilities &= ~CAP_RAW_MODE;
352 if (signing_required) {
353 secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
354 }
355 }
356
357 SSVAL(req->outbuf,smb_vwv0,choice);
358 SCVAL(req->outbuf,smb_vwv1,secword);
359
360 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
361 if (!NT_STATUS_IS_OK(status)) {
362 reply_nterror(req, status);
363 return status;
364 }
365
366 SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
367 SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
368 SIVAL(req->outbuf,smb_vwv3+1,
369 xconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
370 SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
371 SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
372 SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
373 clock_gettime(CLOCK_REALTIME,&ts);
374 put_long_date_full_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,&ts);
375 SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
376
377 if (!negotiate_spnego) {
378 /* Create a token value and add it to the outgoing packet. */
379 if (xconn->smb1.negprot.encrypted_passwords) {
380 uint8_t chal[8];
381 /* note that we do not send a challenge at all if
382 we are using plaintext */
383 get_challenge(xconn, chal);
384 ret = message_push_blob(
385 &req->outbuf, data_blob_const(chal, sizeof(chal)));
386 if (ret == -1) {
387 DEBUG(0, ("Could not push challenge\n"));
388 reply_nterror(req, NT_STATUS_NO_MEMORY);
389 return NT_STATUS_NO_MEMORY;
390 }
391 SCVAL(req->outbuf, smb_vwv16+1, ret);
392 }
393 ret = message_push_string(&req->outbuf, lp_workgroup(),
394 STR_UNICODE|STR_TERMINATE
395 |STR_NOALIGN);
396 if (ret == -1) {
397 DEBUG(0, ("Could not push workgroup string\n"));
398 reply_nterror(req, NT_STATUS_NO_MEMORY);
399 return NT_STATUS_NO_MEMORY;
400 }
401 ret = message_push_string(&req->outbuf, lp_netbios_name(),
402 STR_UNICODE|STR_TERMINATE
403 |STR_NOALIGN);
404 if (ret == -1) {
405 DEBUG(0, ("Could not push netbios name string\n"));
406 reply_nterror(req, NT_STATUS_NO_MEMORY);
407 return NT_STATUS_NO_MEMORY;
408 }
409 DEBUG(3,("not using SPNEGO\n"));
410 } else {
411 DATA_BLOB spnego_blob = negprot_spnego(req, xconn);
412
413 if (spnego_blob.data == NULL) {
414 reply_nterror(req, NT_STATUS_NO_MEMORY);
415 return NT_STATUS_NO_MEMORY;
416 }
417
418 ret = message_push_blob(&req->outbuf, spnego_blob);
419 if (ret == -1) {
420 DEBUG(0, ("Could not push spnego blob\n"));
421 reply_nterror(req, NT_STATUS_NO_MEMORY);
422 return NT_STATUS_NO_MEMORY;
423 }
424 data_blob_free(&spnego_blob);
425
426 SCVAL(req->outbuf,smb_vwv16+1, 0);
427 DEBUG(3,("using SPNEGO\n"));
428 }
429
430 return NT_STATUS_OK;
431 }
432
433 /* these are the protocol lists used for auto architecture detection:
434
435 WinNT 3.51:
436 protocol [PC NETWORK PROGRAM 1.0]
437 protocol [XENIX CORE]
438 protocol [MICROSOFT NETWORKS 1.03]
439 protocol [LANMAN1.0]
440 protocol [Windows for Workgroups 3.1a]
441 protocol [LM1.2X002]
442 protocol [LANMAN2.1]
443 protocol [NT LM 0.12]
444
445 Win95:
446 protocol [PC NETWORK PROGRAM 1.0]
447 protocol [XENIX CORE]
448 protocol [MICROSOFT NETWORKS 1.03]
449 protocol [LANMAN1.0]
450 protocol [Windows for Workgroups 3.1a]
451 protocol [LM1.2X002]
452 protocol [LANMAN2.1]
453 protocol [NT LM 0.12]
454
455 Win2K:
456 protocol [PC NETWORK PROGRAM 1.0]
457 protocol [LANMAN1.0]
458 protocol [Windows for Workgroups 3.1a]
459 protocol [LM1.2X002]
460 protocol [LANMAN2.1]
461 protocol [NT LM 0.12]
462
463 Vista:
464 protocol [PC NETWORK PROGRAM 1.0]
465 protocol [LANMAN1.0]
466 protocol [Windows for Workgroups 3.1a]
467 protocol [LM1.2X002]
468 protocol [LANMAN2.1]
469 protocol [NT LM 0.12]
470 protocol [SMB 2.001]
471
472 OS/2:
473 protocol [PC NETWORK PROGRAM 1.0]
474 protocol [XENIX CORE]
475 protocol [LANMAN1.0]
476 protocol [LM1.2X002]
477 protocol [LANMAN2.1]
478
479 OSX:
480 protocol [NT LM 0.12]
481 protocol [SMB 2.002]
482 protocol [SMB 2.???]
483 */
484
485 /*
486 * Modified to recognize the architecture of the remote machine better.
487 *
488 * This appears to be the matrix of which protocol is used by which
489 * product.
490 Protocol WfWg Win95 WinNT Win2K OS/2 Vista OSX
491 PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
492 XENIX CORE 2 2
493 MICROSOFT NETWORKS 3.0 2 2
494 DOS LM1.2X002 3 3
495 MICROSOFT NETWORKS 1.03 3
496 DOS LANMAN2.1 4 4
497 LANMAN1.0 4 2 3 2
498 Windows for Workgroups 3.1a 5 5 5 3 3
499 LM1.2X002 6 4 4 4
500 LANMAN2.1 7 5 5 5
501 NT LM 0.12 6 8 6 6 6 1
502 SMB 2.001 7
503 SMB 2.002 2
504 SMB 2.??? 3
505 *
506 * tim@fsg.com 09/29/95
507 * Win2K added by matty 17/7/99
508 */
509
510 #define PROT_PC_NETWORK_PROGRAM_1_0 0x0001
511 #define PROT_XENIX_CORE 0x0002
512 #define PROT_MICROSOFT_NETWORKS_3_0 0x0004
513 #define PROT_DOS_LM1_2X002 0x0008
514 #define PROT_MICROSOFT_NETWORKS_1_03 0x0010
515 #define PROT_DOS_LANMAN2_1 0x0020
516 #define PROT_LANMAN1_0 0x0040
517 #define PROT_WFWG 0x0080
518 #define PROT_LM1_2X002 0x0100
519 #define PROT_LANMAN2_1 0x0200
520 #define PROT_NT_LM_0_12 0x0400
521 #define PROT_SMB_2_001 0x0800
522 #define PROT_SMB_2_002 0x1000
523 #define PROT_SMB_2_FF 0x2000
524 #define PROT_SAMBA 0x4000
525 #define PROT_POSIX_2 0x8000
526
527 #define ARCH_WFWG ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_MICROSOFT_NETWORKS_3_0 | \
528 PROT_DOS_LM1_2X002 | PROT_DOS_LANMAN2_1 | PROT_WFWG )
529 #define ARCH_WIN95 ( ARCH_WFWG | PROT_NT_LM_0_12 )
530 #define ARCH_WINNT ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_XENIX_CORE | \
531 PROT_MICROSOFT_NETWORKS_1_03 | PROT_LANMAN1_0 | PROT_WFWG | \
532 PROT_LM1_2X002 | PROT_LANMAN2_1 | PROT_NT_LM_0_12 )
533 #define ARCH_WIN2K ( ARCH_WINNT & ~(PROT_XENIX_CORE | PROT_MICROSOFT_NETWORKS_1_03) )
534 #define ARCH_OS2 ( ARCH_WINNT & ~(PROT_MICROSOFT_NETWORKS_1_03 | PROT_WFWG) )
535 #define ARCH_VISTA ( ARCH_WIN2K | PROT_SMB_2_001 )
536 #define ARCH_SAMBA ( PROT_SAMBA )
537 #define ARCH_CIFSFS ( PROT_POSIX_2 )
538 #define ARCH_OSX ( PROT_NT_LM_0_12 | PROT_SMB_2_002 | PROT_SMB_2_FF )
539
540 /* List of supported protocols, most desired first */
541 static const struct {
542 const char *proto_name;
543 const char *short_name;
544 NTSTATUS (*proto_reply_fn)(struct smb_request *req, uint16_t choice);
545 int protocol_level;
546 } supported_protocols[] = {
547 {"SMB 2.???", "SMB2_FF", reply_smb20ff, PROTOCOL_SMB2_10},
548 {"SMB 2.002", "SMB2_02", reply_smb2002, PROTOCOL_SMB2_02},
549 {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
550 {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
551 {"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
552 {"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
553 {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
554 {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
555 {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
556 {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
557 {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
558 {NULL,NULL,NULL,0},
559 };
560
561 /****************************************************************************
562 Reply to a negprot.
563 conn POINTER CAN BE NULL HERE !
564 ****************************************************************************/
565
566 void reply_negprot(struct smb_request *req)
567 {
568 size_t choice = 0;
569 int chosen_level = -1;
570 bool choice_set = false;
571 int protocol;
572 const char *p;
573 int protocols = 0;
574 int num_cliprotos;
575 char **cliprotos;
576 size_t i;
577 size_t converted_size;
578 struct smbXsrv_connection *xconn = req->xconn;
579 struct smbd_server_connection *sconn = req->sconn;
580 bool signing_required = true;
581 int max_proto;
582 int min_proto;
583 NTSTATUS status;
584
585 START_PROFILE(SMBnegprot);
586
587 if (xconn->smb1.negprot.done) {
588 END_PROFILE(SMBnegprot);
589 exit_server_cleanly("multiple negprot's are not permitted");
590 }
591
592 if (req->buflen == 0) {
593 DEBUG(0, ("negprot got no protocols\n"));
594 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
595 END_PROFILE(SMBnegprot);
596 return;
597 }
598
599 if (req->buf[req->buflen-1] != '\0') {
600 DEBUG(0, ("negprot protocols not 0-terminated\n"));
601 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
602 END_PROFILE(SMBnegprot);
603 return;
604 }
605
606 p = (const char *)req->buf + 1;
607
608 num_cliprotos = 0;
609 cliprotos = NULL;
610
611 while (smbreq_bufrem(req, p) > 0) {
612
613 char **tmp;
614
615 tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
616 num_cliprotos+1);
617 if (tmp == NULL) {
618 DEBUG(0, ("talloc failed\n"));
619 TALLOC_FREE(cliprotos);
620 reply_nterror(req, NT_STATUS_NO_MEMORY);
621 END_PROFILE(SMBnegprot);
622 return;
623 }
624
625 cliprotos = tmp;
626
627 if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
628 &converted_size)) {
629 DEBUG(0, ("pull_ascii_talloc failed\n"));
630 TALLOC_FREE(cliprotos);
631 reply_nterror(req, NT_STATUS_NO_MEMORY);
632 END_PROFILE(SMBnegprot);
633 return;
634 }
635
636 DEBUG(3, ("Requested protocol [%s]\n",
637 cliprotos[num_cliprotos]));
638
639 num_cliprotos += 1;
640 p += strlen(p) + 2;
641 }
642
643 for (i=0; i<num_cliprotos; i++) {
644 if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a")) {
645 protocols |= PROT_WFWG;
646 } else if (strcsequal(cliprotos[i], "DOS LM1.2X002")) {
647 protocols |= PROT_DOS_LM1_2X002;
648 } else if (strcsequal(cliprotos[i], "DOS LANMAN2.1")) {
649 protocols |= PROT_DOS_LANMAN2_1;
650 } else if (strcsequal(cliprotos[i], "LANMAN1.0")) {
651 protocols |= PROT_LANMAN1_0;
652 } else if (strcsequal(cliprotos[i], "NT LM 0.12")) {
653 protocols |= PROT_NT_LM_0_12;
654 } else if (strcsequal(cliprotos[i], "SMB 2.001")) {
655 protocols |= PROT_SMB_2_001;
656 } else if (strcsequal(cliprotos[i], "SMB 2.002")) {
657 protocols |= PROT_SMB_2_002;
658 } else if (strcsequal(cliprotos[i], "SMB 2.???")) {
659 protocols |= PROT_SMB_2_FF;
660 } else if (strcsequal(cliprotos[i], "LANMAN2.1")) {
661 protocols |= PROT_LANMAN2_1;
662 } else if (strcsequal(cliprotos[i], "LM1.2X002")) {
663 protocols |= PROT_LM1_2X002;
664 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03")) {
665 protocols |= PROT_MICROSOFT_NETWORKS_1_03;
666 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 3.0")) {
667 protocols |= PROT_MICROSOFT_NETWORKS_3_0;
668 } else if (strcsequal(cliprotos[i], "PC NETWORK PROGRAM 1.0")) {
669 protocols |= PROT_PC_NETWORK_PROGRAM_1_0;
670 } else if (strcsequal(cliprotos[i], "XENIX CORE")) {
671 protocols |= PROT_XENIX_CORE;
672 } else if (strcsequal(cliprotos[i], "Samba")) {
673 protocols = PROT_SAMBA;
674 break;
675 } else if (strcsequal(cliprotos[i], "POSIX 2")) {
676 protocols = PROT_POSIX_2;
677 break;
678 }
679 }
680
681 switch ( protocols ) {
682 /* Old CIFSFS can send one arch only, NT LM 0.12. */
683 case PROT_NT_LM_0_12:
684 case ARCH_CIFSFS:
685 set_remote_arch(RA_CIFSFS);
686 break;
687 case ARCH_SAMBA:
688 set_remote_arch(RA_SAMBA);
689 break;
690 case ARCH_WFWG:
691 set_remote_arch(RA_WFWG);
692 break;
693 case ARCH_WIN95:
694 set_remote_arch(RA_WIN95);
695 break;
696 case ARCH_WINNT:
697 set_remote_arch(RA_WINNT);
698 break;
699 case ARCH_WIN2K:
700 set_remote_arch(RA_WIN2K);
701 break;
702 case ARCH_VISTA:
703 set_remote_arch(RA_VISTA);
704 break;
705 case ARCH_OS2:
706 set_remote_arch(RA_OS2);
707 break;
708 case ARCH_OSX:
709 set_remote_arch(RA_OSX);
710 break;
711 default:
712 set_remote_arch(RA_UNKNOWN);
713 break;
714 }
715
716 /* possibly reload - change of architecture */
717 reload_services(sconn, conn_snum_used, true);
718
719 /*
720 * Anything higher than PROTOCOL_SMB2_10 still
721 * needs to go via "SMB 2.???", which is marked
722 * as PROTOCOL_SMB2_10.
723 *
724 * The real negotiation happens via reply_smb20ff()
725 * using SMB2 Negotiation.
726 */
727 max_proto = lp_server_max_protocol();
728 if (max_proto > PROTOCOL_SMB2_10) {
729 max_proto = PROTOCOL_SMB2_10;
730 }
731 min_proto = lp_server_min_protocol();
732 if (min_proto > PROTOCOL_SMB2_10) {
733 min_proto = PROTOCOL_SMB2_10;
734 }
735
736 /* Check for protocols, most desirable first */
737 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
738 i = 0;
739 if ((supported_protocols[protocol].protocol_level <= max_proto) &&
740 (supported_protocols[protocol].protocol_level >= min_proto))
741 while (i < num_cliprotos) {
742 if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
743 choice = i;
744 chosen_level = supported_protocols[protocol].protocol_level;
745 choice_set = true;
746 }
747 i++;
748 }
749 if (choice_set) {
750 break;
751 }
752 }
753
754 if (!choice_set) {
755 bool ok;
756
757 DBG_NOTICE("No protocol supported !\n");
758 reply_outbuf(req, 1, 0);
759 SSVAL(req->outbuf, smb_vwv0, NO_PROTOCOL_CHOSEN);
760
761 ok = srv_send_smb(xconn, (char *)req->outbuf,
762 false, 0, false, NULL);
763 if (!ok) {
764 DBG_NOTICE("srv_send_smb failed\n");
765 }
766 exit_server_cleanly("no protocol supported\n");
767 }
768
769 fstrcpy(remote_proto,supported_protocols[protocol].short_name);
770 reload_services(sconn, conn_snum_used, true);
771 status = supported_protocols[protocol].proto_reply_fn(req, choice);
772 if (!NT_STATUS_IS_OK(status)) {
773 exit_server_cleanly("negprot function failed\n");
774 }
775
776 DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
777
778 DBG_INFO("negprot index=%zu\n", choice);
779
780 xconn->smb1.negprot.done = true;
781
782 /* We always have xconn->smb1.signing_state also for >= SMB2_02 */
783 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
784 if (signing_required && (chosen_level < PROTOCOL_NT1)) {
785 exit_server_cleanly("SMB signing is required and "
786 "client negotiated a downlevel protocol");
787 }
788
789 TALLOC_FREE(cliprotos);
790
791 if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
792 !fork_echo_handler(xconn)) {
793 exit_server("Failed to fork echo handler");
794 }
795
796 END_PROFILE(SMBnegprot);
797 return;
798 }
Samba GIT mirror