2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
6 Copyright (C) Jeremy Allison 2010
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../libcli/auth/spnego.h"
26 #include "../libcli/auth/ntlmssp.h"
27 #include "ntlmssp_wrap.h"
28 #include "../librpc/gen_ndr/krb5pac.h"
29 #include "libads/kerberos_proto.h"
30 #include "../lib/util/asn1.h"
32 static NTSTATUS
smbd_smb2_session_setup(struct smbd_smb2_request
*smb2req
,
33 uint64_t in_session_id
,
34 uint8_t in_security_mode
,
35 DATA_BLOB in_security_buffer
,
36 uint16_t *out_session_flags
,
37 DATA_BLOB
*out_security_buffer
,
38 uint64_t *out_session_id
);
40 NTSTATUS
smbd_smb2_request_process_sesssetup(struct smbd_smb2_request
*smb2req
)
43 const uint8_t *inbody
;
44 int i
= smb2req
->current_idx
;
48 size_t expected_body_size
= 0x19;
50 uint64_t in_session_id
;
51 uint8_t in_security_mode
;
52 uint16_t in_security_offset
;
53 uint16_t in_security_length
;
54 DATA_BLOB in_security_buffer
;
55 uint16_t out_session_flags
;
56 uint64_t out_session_id
;
57 uint16_t out_security_offset
;
58 DATA_BLOB out_security_buffer
;
61 inhdr
= (const uint8_t *)smb2req
->in
.vector
[i
+0].iov_base
;
63 if (smb2req
->in
.vector
[i
+1].iov_len
!= (expected_body_size
& 0xFFFFFFFE)) {
64 return smbd_smb2_request_error(smb2req
, NT_STATUS_INVALID_PARAMETER
);
67 inbody
= (const uint8_t *)smb2req
->in
.vector
[i
+1].iov_base
;
69 body_size
= SVAL(inbody
, 0x00);
70 if (body_size
!= expected_body_size
) {
71 return smbd_smb2_request_error(smb2req
, NT_STATUS_INVALID_PARAMETER
);
74 in_security_offset
= SVAL(inbody
, 0x0C);
75 in_security_length
= SVAL(inbody
, 0x0E);
77 if (in_security_offset
!= (SMB2_HDR_BODY
+ (body_size
& 0xFFFFFFFE))) {
78 return smbd_smb2_request_error(smb2req
, NT_STATUS_INVALID_PARAMETER
);
81 if (in_security_length
> smb2req
->in
.vector
[i
+2].iov_len
) {
82 return smbd_smb2_request_error(smb2req
, NT_STATUS_INVALID_PARAMETER
);
85 in_session_id
= BVAL(inhdr
, SMB2_HDR_SESSION_ID
);
86 in_security_mode
= CVAL(inbody
, 0x03);
87 in_security_buffer
.data
= (uint8_t *)smb2req
->in
.vector
[i
+2].iov_base
;
88 in_security_buffer
.length
= in_security_length
;
90 status
= smbd_smb2_session_setup(smb2req
,
97 if (!NT_STATUS_IS_OK(status
) &&
98 !NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
99 status
= nt_status_squash(status
);
100 return smbd_smb2_request_error(smb2req
, status
);
103 out_security_offset
= SMB2_HDR_BODY
+ 0x08;
105 outhdr
= (uint8_t *)smb2req
->out
.vector
[i
].iov_base
;
107 outbody
= data_blob_talloc(smb2req
->out
.vector
, NULL
, 0x08);
108 if (outbody
.data
== NULL
) {
109 return smbd_smb2_request_error(smb2req
, NT_STATUS_NO_MEMORY
);
112 SBVAL(outhdr
, SMB2_HDR_SESSION_ID
, out_session_id
);
114 SSVAL(outbody
.data
, 0x00, 0x08 + 1); /* struct size */
115 SSVAL(outbody
.data
, 0x02,
116 out_session_flags
); /* session flags */
117 SSVAL(outbody
.data
, 0x04,
118 out_security_offset
); /* security buffer offset */
119 SSVAL(outbody
.data
, 0x06,
120 out_security_buffer
.length
); /* security buffer length */
122 outdyn
= out_security_buffer
;
124 return smbd_smb2_request_done_ex(smb2req
, status
, outbody
, &outdyn
,
128 static int smbd_smb2_session_destructor(struct smbd_smb2_session
*session
)
130 if (session
->sconn
== NULL
) {
134 /* first free all tcons */
135 while (session
->tcons
.list
) {
136 talloc_free(session
->tcons
.list
);
139 idr_remove(session
->sconn
->smb2
.sessions
.idtree
, session
->vuid
);
140 DLIST_REMOVE(session
->sconn
->smb2
.sessions
.list
, session
);
141 invalidate_vuid(session
->sconn
, session
->vuid
);
144 session
->status
= NT_STATUS_USER_SESSION_DELETED
;
145 session
->sconn
= NULL
;
150 static NTSTATUS
setup_ntlmssp_session_info(struct smbd_smb2_session
*session
,
153 if (NT_STATUS_IS_OK(status
)) {
154 status
= auth_ntlmssp_steal_session_info(session
,
155 session
->auth_ntlmssp_state
,
156 &session
->session_info
);
158 /* Note that this session_info won't have a session
159 * key. But for map to guest, that's exactly the right
160 * thing - we can't reasonably guess the key the
161 * client wants, as the password was wrong */
162 status
= do_map_to_guest(status
,
163 &session
->session_info
,
164 auth_ntlmssp_get_username(session
->auth_ntlmssp_state
),
165 auth_ntlmssp_get_domain(session
->auth_ntlmssp_state
));
171 static NTSTATUS
smbd_smb2_session_setup_krb5(struct smbd_smb2_session
*session
,
172 struct smbd_smb2_request
*smb2req
,
173 uint8_t in_security_mode
,
174 const DATA_BLOB
*secblob
,
176 uint16_t *out_session_flags
,
177 DATA_BLOB
*out_security_buffer
,
178 uint64_t *out_session_id
)
180 DATA_BLOB ap_rep
= data_blob_null
;
181 DATA_BLOB ap_rep_wrapped
= data_blob_null
;
182 DATA_BLOB ticket
= data_blob_null
;
183 DATA_BLOB session_key
= data_blob_null
;
184 DATA_BLOB secblob_out
= data_blob_null
;
186 struct PAC_LOGON_INFO
*logon_info
= NULL
;
187 char *principal
= NULL
;
190 struct passwd
*pw
= NULL
;
194 bool username_was_mapped
= false;
195 bool map_domainuser_to_guest
= false;
197 if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob
, &ticket
, tok_id
)) {
198 status
= NT_STATUS_LOGON_FAILURE
;
202 status
= ads_verify_ticket(smb2req
, lp_realm(), 0, &ticket
,
203 &principal
, &logon_info
, &ap_rep
,
206 if (!NT_STATUS_IS_OK(status
)) {
207 DEBUG(1,("smb2: Failed to verify incoming ticket with error %s!\n",
209 if (!NT_STATUS_EQUAL(status
, NT_STATUS_TIME_DIFFERENCE_AT_DC
)) {
210 status
= NT_STATUS_LOGON_FAILURE
;
215 status
= get_user_from_kerberos_info(talloc_tos(),
216 smb2req
->sconn
->client_id
.name
,
217 principal
, logon_info
,
218 &username_was_mapped
,
219 &map_domainuser_to_guest
,
221 &real_username
, &pw
);
222 if (!NT_STATUS_IS_OK(status
)) {
226 /* save the PAC data if we have it */
228 netsamlogon_cache_store(user
, &logon_info
->info3
);
231 /* setup the string used by %U */
232 sub_set_smb_name(real_username
);
234 /* reload services so that the new %U is taken into account */
235 reload_services(smb2req
->sconn
->msg_ctx
, smb2req
->sconn
->sock
, true);
237 status
= make_server_info_krb5(session
,
238 user
, domain
, real_username
, pw
,
239 logon_info
, map_domainuser_to_guest
,
240 &session
->session_info
);
241 if (!NT_STATUS_IS_OK(status
)) {
242 DEBUG(1, ("smb2: make_server_info_krb5 failed\n"));
247 session
->session_info
->nss_token
|= username_was_mapped
;
249 /* we need to build the token for the user. make_session_info_guest()
252 if (!session
->session_info
->security_token
) {
253 status
= create_local_token(session
->session_info
);
254 if (!NT_STATUS_IS_OK(status
)) {
255 DEBUG(10,("smb2: failed to create local token: %s\n",
261 if ((in_security_mode
& SMB2_NEGOTIATE_SIGNING_REQUIRED
) ||
262 lp_server_signing() == Required
) {
263 session
->do_signing
= true;
266 if (session
->session_info
->guest
) {
267 /* we map anonymous to guest internally */
268 *out_session_flags
|= SMB2_SESSION_FLAG_IS_GUEST
;
269 *out_session_flags
|= SMB2_SESSION_FLAG_IS_NULL
;
270 /* force no signing */
271 session
->do_signing
= false;
274 data_blob_free(&session
->session_info
->user_session_key
);
275 session
->session_info
->user_session_key
=
277 session
->session_info
,
280 if (session_key
.length
> 0) {
281 if (session
->session_info
->user_session_key
.data
== NULL
) {
282 status
= NT_STATUS_NO_MEMORY
;
286 session
->session_key
= session
->session_info
->user_session_key
;
288 session
->compat_vuser
= talloc_zero(session
, user_struct
);
289 if (session
->compat_vuser
== NULL
) {
290 status
= NT_STATUS_NO_MEMORY
;
293 session
->compat_vuser
->auth_ntlmssp_state
= NULL
;
294 session
->compat_vuser
->homes_snum
= -1;
295 session
->compat_vuser
->session_info
= session
->session_info
;
296 session
->compat_vuser
->session_keystr
= NULL
;
297 session
->compat_vuser
->vuid
= session
->vuid
;
298 DLIST_ADD(session
->sconn
->smb1
.sessions
.validated_users
, session
->compat_vuser
);
300 /* This is a potentially untrusted username */
301 alpha_strcpy(tmp
, user
, ". _-$", sizeof(tmp
));
302 session
->session_info
->sanitized_username
=
303 talloc_strdup(session
->session_info
, tmp
);
305 if (!session
->session_info
->guest
) {
306 session
->compat_vuser
->homes_snum
=
307 register_homes_share(session
->session_info
->unix_name
);
310 if (!session_claim(session
->sconn
, session
->compat_vuser
)) {
311 DEBUG(1, ("smb2: Failed to claim session "
313 session
->compat_vuser
->vuid
));
317 session
->status
= NT_STATUS_OK
;
320 * we attach the session to the request
321 * so that the response can be signed
323 smb2req
->session
= session
;
324 if (session
->do_signing
) {
325 smb2req
->do_signing
= true;
328 global_client_caps
|= (CAP_LEVEL_II_OPLOCKS
|CAP_STATUS32
);
329 status
= NT_STATUS_OK
;
331 /* wrap that up in a nice GSS-API wrapping */
332 ap_rep_wrapped
= spnego_gen_krb5_wrap(talloc_tos(), ap_rep
,
335 secblob_out
= spnego_gen_auth_response(
341 *out_security_buffer
= data_blob_talloc(smb2req
,
344 if (secblob_out
.data
&& out_security_buffer
->data
== NULL
) {
345 status
= NT_STATUS_NO_MEMORY
;
349 data_blob_free(&ap_rep
);
350 data_blob_free(&ap_rep_wrapped
);
351 data_blob_free(&ticket
);
352 data_blob_free(&session_key
);
353 data_blob_free(&secblob_out
);
355 *out_session_id
= session
->vuid
;
361 data_blob_free(&ap_rep
);
362 data_blob_free(&ap_rep_wrapped
);
363 data_blob_free(&ticket
);
364 data_blob_free(&session_key
);
365 data_blob_free(&secblob_out
);
367 ap_rep_wrapped
= data_blob_null
;
368 secblob_out
= spnego_gen_auth_response(
374 *out_security_buffer
= data_blob_talloc(smb2req
,
377 data_blob_free(&secblob_out
);
382 static NTSTATUS
smbd_smb2_spnego_negotiate(struct smbd_smb2_session
*session
,
383 struct smbd_smb2_request
*smb2req
,
384 uint8_t in_security_mode
,
385 DATA_BLOB in_security_buffer
,
386 uint16_t *out_session_flags
,
387 DATA_BLOB
*out_security_buffer
,
388 uint64_t *out_session_id
)
390 DATA_BLOB secblob_in
= data_blob_null
;
391 DATA_BLOB chal_out
= data_blob_null
;
392 char *kerb_mech
= NULL
;
395 /* Ensure we have no old NTLM state around. */
396 TALLOC_FREE(session
->auth_ntlmssp_state
);
398 status
= parse_spnego_mechanisms(talloc_tos(), in_security_buffer
,
399 &secblob_in
, &kerb_mech
);
400 if (!NT_STATUS_IS_OK(status
)) {
405 if (kerb_mech
&& ((lp_security()==SEC_ADS
) ||
406 USE_KERBEROS_KEYTAB
) ) {
407 status
= smbd_smb2_session_setup_krb5(session
,
421 /* The mechtoken is a krb5 ticket, but
422 * we need to fall back to NTLM. */
424 DEBUG(3,("smb2: Got krb5 ticket in SPNEGO "
425 "but set to downgrade to NTLMSSP\n"));
427 status
= NT_STATUS_MORE_PROCESSING_REQUIRED
;
429 /* Fall back to NTLMSSP. */
430 status
= auth_ntlmssp_start(&session
->auth_ntlmssp_state
);
431 if (!NT_STATUS_IS_OK(status
)) {
435 status
= auth_ntlmssp_update(session
->auth_ntlmssp_state
,
440 if (!NT_STATUS_IS_OK(status
) &&
441 !NT_STATUS_EQUAL(status
,
442 NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
446 *out_security_buffer
= spnego_gen_auth_response(smb2req
,
450 if (out_security_buffer
->data
== NULL
) {
451 status
= NT_STATUS_NO_MEMORY
;
454 *out_session_id
= session
->vuid
;
458 data_blob_free(&secblob_in
);
459 data_blob_free(&chal_out
);
460 TALLOC_FREE(kerb_mech
);
461 if (!NT_STATUS_IS_OK(status
) &&
462 !NT_STATUS_EQUAL(status
,
463 NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
464 TALLOC_FREE(session
->auth_ntlmssp_state
);
465 TALLOC_FREE(session
);
470 static NTSTATUS
smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session
*session
,
471 struct smbd_smb2_request
*smb2req
,
472 uint8_t in_security_mode
,
473 DATA_BLOB in_security_buffer
,
474 uint16_t *out_session_flags
,
475 uint64_t *out_session_id
)
479 if ((in_security_mode
& SMB2_NEGOTIATE_SIGNING_REQUIRED
) ||
480 lp_server_signing() == Required
) {
481 session
->do_signing
= true;
484 if (session
->session_info
->guest
) {
485 /* we map anonymous to guest internally */
486 *out_session_flags
|= SMB2_SESSION_FLAG_IS_GUEST
;
487 *out_session_flags
|= SMB2_SESSION_FLAG_IS_NULL
;
488 /* force no signing */
489 session
->do_signing
= false;
492 session
->session_key
= session
->session_info
->user_session_key
;
494 session
->compat_vuser
= talloc_zero(session
, user_struct
);
495 if (session
->compat_vuser
== NULL
) {
496 TALLOC_FREE(session
->auth_ntlmssp_state
);
497 TALLOC_FREE(session
);
498 return NT_STATUS_NO_MEMORY
;
500 session
->compat_vuser
->auth_ntlmssp_state
= session
->auth_ntlmssp_state
;
501 session
->compat_vuser
->homes_snum
= -1;
502 session
->compat_vuser
->session_info
= session
->session_info
;
503 session
->compat_vuser
->session_keystr
= NULL
;
504 session
->compat_vuser
->vuid
= session
->vuid
;
505 DLIST_ADD(session
->sconn
->smb1
.sessions
.validated_users
, session
->compat_vuser
);
507 /* This is a potentially untrusted username */
509 auth_ntlmssp_get_username(session
->auth_ntlmssp_state
),
512 session
->session_info
->sanitized_username
= talloc_strdup(
513 session
->session_info
, tmp
);
515 if (!session
->compat_vuser
->session_info
->guest
) {
516 session
->compat_vuser
->homes_snum
=
517 register_homes_share(session
->session_info
->unix_name
);
520 if (!session_claim(session
->sconn
, session
->compat_vuser
)) {
521 DEBUG(1, ("smb2: Failed to claim session "
523 session
->compat_vuser
->vuid
));
524 TALLOC_FREE(session
->auth_ntlmssp_state
);
525 TALLOC_FREE(session
);
526 return NT_STATUS_LOGON_FAILURE
;
530 session
->status
= NT_STATUS_OK
;
533 * we attach the session to the request
534 * so that the response can be signed
536 smb2req
->session
= session
;
537 if (session
->do_signing
) {
538 smb2req
->do_signing
= true;
541 global_client_caps
|= (CAP_LEVEL_II_OPLOCKS
|CAP_STATUS32
);
543 *out_session_id
= session
->vuid
;
548 static NTSTATUS
smbd_smb2_spnego_auth(struct smbd_smb2_session
*session
,
549 struct smbd_smb2_request
*smb2req
,
550 uint8_t in_security_mode
,
551 DATA_BLOB in_security_buffer
,
552 uint16_t *out_session_flags
,
553 DATA_BLOB
*out_security_buffer
,
554 uint64_t *out_session_id
)
556 DATA_BLOB auth
= data_blob_null
;
557 DATA_BLOB auth_out
= data_blob_null
;
560 if (!spnego_parse_auth(talloc_tos(), in_security_buffer
, &auth
)) {
561 TALLOC_FREE(session
);
562 return NT_STATUS_LOGON_FAILURE
;
565 if (auth
.data
[0] == ASN1_APPLICATION(0)) {
566 /* Might be a second negTokenTarg packet */
567 DATA_BLOB secblob_in
= data_blob_null
;
568 char *kerb_mech
= NULL
;
570 status
= parse_spnego_mechanisms(talloc_tos(),
572 &secblob_in
, &kerb_mech
);
573 if (!NT_STATUS_IS_OK(status
)) {
574 TALLOC_FREE(session
);
579 if (kerb_mech
&& ((lp_security()==SEC_ADS
) ||
580 USE_KERBEROS_KEYTAB
) ) {
581 status
= smbd_smb2_session_setup_krb5(session
,
590 data_blob_free(&secblob_in
);
591 TALLOC_FREE(kerb_mech
);
592 if (!NT_STATUS_IS_OK(status
)) {
593 TALLOC_FREE(session
);
599 /* Can't blunder into NTLMSSP auth if we have
603 DEBUG(3,("smb2: network "
604 "misconfiguration, client sent us a "
605 "krb5 ticket and kerberos security "
607 TALLOC_FREE(session
);
608 data_blob_free(&secblob_in
);
609 TALLOC_FREE(kerb_mech
);
610 return NT_STATUS_LOGON_FAILURE
;
613 data_blob_free(&secblob_in
);
616 if (session
->auth_ntlmssp_state
== NULL
) {
617 status
= auth_ntlmssp_start(&session
->auth_ntlmssp_state
);
618 if (!NT_STATUS_IS_OK(status
)) {
619 data_blob_free(&auth
);
620 TALLOC_FREE(session
);
625 status
= auth_ntlmssp_update(session
->auth_ntlmssp_state
,
628 /* We need to call setup_ntlmssp_session_info() if status==NT_STATUS_OK,
629 or if status is anything except NT_STATUS_MORE_PROCESSING_REQUIRED,
630 as this can trigger map to guest. */
631 if (!NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
632 status
= setup_ntlmssp_session_info(session
, status
);
635 if (!NT_STATUS_IS_OK(status
) &&
636 !NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
637 TALLOC_FREE(session
->auth_ntlmssp_state
);
638 data_blob_free(&auth
);
639 TALLOC_FREE(session
);
643 data_blob_free(&auth
);
645 *out_security_buffer
= spnego_gen_auth_response(smb2req
,
646 &auth_out
, status
, NULL
);
648 if (out_security_buffer
->data
== NULL
) {
649 TALLOC_FREE(session
->auth_ntlmssp_state
);
650 TALLOC_FREE(session
);
651 return NT_STATUS_NO_MEMORY
;
654 *out_session_id
= session
->vuid
;
656 if (NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
657 return NT_STATUS_MORE_PROCESSING_REQUIRED
;
660 /* We're done - claim the session. */
661 return smbd_smb2_common_ntlmssp_auth_return(session
,
669 static NTSTATUS
smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session
*session
,
670 struct smbd_smb2_request
*smb2req
,
671 uint8_t in_security_mode
,
672 DATA_BLOB in_security_buffer
,
673 uint16_t *out_session_flags
,
674 DATA_BLOB
*out_security_buffer
,
675 uint64_t *out_session_id
)
678 DATA_BLOB secblob_out
= data_blob_null
;
680 if (session
->auth_ntlmssp_state
== NULL
) {
681 status
= auth_ntlmssp_start(&session
->auth_ntlmssp_state
);
682 if (!NT_STATUS_IS_OK(status
)) {
683 TALLOC_FREE(session
);
689 status
= auth_ntlmssp_update(session
->auth_ntlmssp_state
,
693 if (NT_STATUS_IS_OK(status
) ||
694 NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
695 *out_security_buffer
= data_blob_talloc(smb2req
,
698 if (secblob_out
.data
&& out_security_buffer
->data
== NULL
) {
699 TALLOC_FREE(session
->auth_ntlmssp_state
);
700 TALLOC_FREE(session
);
701 return NT_STATUS_NO_MEMORY
;
705 if (NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
706 *out_session_id
= session
->vuid
;
710 status
= setup_ntlmssp_session_info(session
, status
);
712 if (!NT_STATUS_IS_OK(status
)) {
713 TALLOC_FREE(session
->auth_ntlmssp_state
);
714 TALLOC_FREE(session
);
717 *out_session_id
= session
->vuid
;
719 return smbd_smb2_common_ntlmssp_auth_return(session
,
727 static NTSTATUS
smbd_smb2_session_setup(struct smbd_smb2_request
*smb2req
,
728 uint64_t in_session_id
,
729 uint8_t in_security_mode
,
730 DATA_BLOB in_security_buffer
,
731 uint16_t *out_session_flags
,
732 DATA_BLOB
*out_security_buffer
,
733 uint64_t *out_session_id
)
735 struct smbd_smb2_session
*session
;
737 *out_session_flags
= 0;
740 if (in_session_id
== 0) {
743 /* create a new session */
744 session
= talloc_zero(smb2req
->sconn
, struct smbd_smb2_session
);
745 if (session
== NULL
) {
746 return NT_STATUS_NO_MEMORY
;
748 session
->status
= NT_STATUS_MORE_PROCESSING_REQUIRED
;
749 id
= idr_get_new_random(smb2req
->sconn
->smb2
.sessions
.idtree
,
751 smb2req
->sconn
->smb2
.sessions
.limit
);
753 return NT_STATUS_INSUFFICIENT_RESOURCES
;
757 session
->tcons
.idtree
= idr_init(session
);
758 if (session
->tcons
.idtree
== NULL
) {
759 return NT_STATUS_NO_MEMORY
;
761 session
->tcons
.limit
= 0x0000FFFE;
762 session
->tcons
.list
= NULL
;
764 DLIST_ADD_END(smb2req
->sconn
->smb2
.sessions
.list
, session
,
765 struct smbd_smb2_session
*);
766 session
->sconn
= smb2req
->sconn
;
767 talloc_set_destructor(session
, smbd_smb2_session_destructor
);
771 /* lookup an existing session */
772 p
= idr_find(smb2req
->sconn
->smb2
.sessions
.idtree
, in_session_id
);
774 return NT_STATUS_USER_SESSION_DELETED
;
776 session
= talloc_get_type_abort(p
, struct smbd_smb2_session
);
779 if (NT_STATUS_IS_OK(session
->status
)) {
780 return NT_STATUS_REQUEST_NOT_ACCEPTED
;
783 if (in_security_buffer
.data
[0] == ASN1_APPLICATION(0)) {
784 return smbd_smb2_spnego_negotiate(session
,
791 } else if (in_security_buffer
.data
[0] == ASN1_CONTEXT(1)) {
792 return smbd_smb2_spnego_auth(session
,
799 } else if (strncmp((char *)(in_security_buffer
.data
), "NTLMSSP", 7) == 0) {
800 return smbd_smb2_raw_ntlmssp_auth(session
,
809 /* Unknown packet type. */
810 DEBUG(1,("Unknown packet type %u in smb2 sessionsetup\n",
811 (unsigned int)in_security_buffer
.data
[0] ));
812 TALLOC_FREE(session
->auth_ntlmssp_state
);
813 TALLOC_FREE(session
);
814 return NT_STATUS_LOGON_FAILURE
;
817 NTSTATUS
smbd_smb2_request_check_session(struct smbd_smb2_request
*req
)
819 const uint8_t *inhdr
;
820 const uint8_t *outhdr
;
821 int i
= req
->current_idx
;
822 uint64_t in_session_id
;
824 struct smbd_smb2_session
*session
;
825 bool chained_fixup
= false;
827 inhdr
= (const uint8_t *)req
->in
.vector
[i
+0].iov_base
;
829 in_session_id
= BVAL(inhdr
, SMB2_HDR_SESSION_ID
);
831 if (in_session_id
== (0xFFFFFFFFFFFFFFFFLL
)) {
834 * async request - fill in session_id from
835 * already setup request out.vector[].iov_base.
837 outhdr
= (const uint8_t *)req
->out
.vector
[i
].iov_base
;
838 in_session_id
= BVAL(outhdr
, SMB2_HDR_SESSION_ID
);
841 * Chained request - fill in session_id from
842 * the previous request out.vector[].iov_base.
844 outhdr
= (const uint8_t *)req
->out
.vector
[i
-3].iov_base
;
845 in_session_id
= BVAL(outhdr
, SMB2_HDR_SESSION_ID
);
846 chained_fixup
= true;
850 /* lookup an existing session */
851 p
= idr_find(req
->sconn
->smb2
.sessions
.idtree
, in_session_id
);
853 return NT_STATUS_USER_SESSION_DELETED
;
855 session
= talloc_get_type_abort(p
, struct smbd_smb2_session
);
857 if (!NT_STATUS_IS_OK(session
->status
)) {
858 return NT_STATUS_ACCESS_DENIED
;
861 set_current_user_info(session
->session_info
->sanitized_username
,
862 session
->session_info
->unix_name
,
863 session
->session_info
->info3
->base
.domain
.string
);
865 req
->session
= session
;
868 /* Fix up our own outhdr. */
869 outhdr
= (const uint8_t *)req
->out
.vector
[i
].iov_base
;
870 SBVAL(outhdr
, SMB2_HDR_SESSION_ID
, in_session_id
);
875 NTSTATUS
smbd_smb2_request_process_logoff(struct smbd_smb2_request
*req
)
877 const uint8_t *inbody
;
878 int i
= req
->current_idx
;
880 size_t expected_body_size
= 0x04;
883 if (req
->in
.vector
[i
+1].iov_len
!= (expected_body_size
& 0xFFFFFFFE)) {
884 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
887 inbody
= (const uint8_t *)req
->in
.vector
[i
+1].iov_base
;
889 body_size
= SVAL(inbody
, 0x00);
890 if (body_size
!= expected_body_size
) {
891 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
895 * TODO: cancel all outstanding requests on the session
896 * and delete all tree connections.
898 smbd_smb2_session_destructor(req
->session
);
900 * we may need to sign the response, so we need to keep
901 * the session until the response is sent to the wire.
903 talloc_steal(req
, req
->session
);
905 outbody
= data_blob_talloc(req
->out
.vector
, NULL
, 0x04);
906 if (outbody
.data
== NULL
) {
907 return smbd_smb2_request_error(req
, NT_STATUS_NO_MEMORY
);
910 SSVAL(outbody
.data
, 0x00, 0x04); /* struct size */
911 SSVAL(outbody
.data
, 0x02, 0); /* reserved */
913 return smbd_smb2_request_done(req
, outbody
, NULL
);