search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
traffic_packets: provision request data for packet_drsuapi_13
[Samba.git] / source3 / smbd / negprot.c
blob27366ea0013aa8ca6080d79972b31ca9ede7e824
1 /*
2 Unix SMB/CIFS implementation.
3 negprot reply code
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "serverid.h"
25 #include "auth.h"
26 #include "messages.h"
27 #include "smbprofile.h"
28 #include "auth/gensec/gensec.h"
29 #include "../libcli/smb/smb_signing.h"
30
31 extern fstring remote_proto;
32
33 static void get_challenge(struct smbXsrv_connection *xconn, uint8_t buff[8])
34 {
35 NTSTATUS nt_status;
36
37 /* We might be called more than once, multiple negprots are
38 * permitted */
39 if (xconn->smb1.negprot.auth_context) {
40 DEBUG(3, ("get challenge: is this a secondary negprot? "
41 "sconn->negprot.auth_context is non-NULL!\n"));
42 TALLOC_FREE(xconn->smb1.negprot.auth_context);
43 }
44
45 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
46 nt_status = make_auth4_context(
47 xconn, &xconn->smb1.negprot.auth_context);
48 if (!NT_STATUS_IS_OK(nt_status)) {
49 DEBUG(0, ("make_auth_context_subsystem returned %s",
50 nt_errstr(nt_status)));
51 smb_panic("cannot make_negprot_global_auth_context!");
52 }
53 DEBUG(10, ("get challenge: getting challenge\n"));
54 xconn->smb1.negprot.auth_context->get_ntlm_challenge(
55 xconn->smb1.negprot.auth_context, buff);
56 }
57
58 /****************************************************************************
59 Reply for the lanman 1.0 protocol.
60 ****************************************************************************/
61
62 static void reply_lanman1(struct smb_request *req, uint16_t choice)
63 {
64 int secword=0;
65 time_t t = time(NULL);
66 struct smbXsrv_connection *xconn = req->xconn;
67 uint16_t raw;
68 NTSTATUS status;
69
70 if (lp_async_smb_echo_handler()) {
71 raw = 0;
72 } else {
73 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
74 }
75
76 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
77
78 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
79 if (xconn->smb1.negprot.encrypted_passwords) {
80 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
81 }
82
83 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
84
85 SSVAL(req->outbuf,smb_vwv0,choice);
86 SSVAL(req->outbuf,smb_vwv1,secword);
87 /* Create a token value and add it to the outgoing packet. */
88 if (xconn->smb1.negprot.encrypted_passwords) {
89 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
90 SSVAL(req->outbuf,smb_vwv11, 8);
91 }
92
93 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
94 if (!NT_STATUS_IS_OK(status)) {
95 reply_nterror(req, status);
96 return;
97 }
98
99 /* Reply, SMBlockread, SMBwritelock supported. */
100 SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
101 SSVAL(req->outbuf,smb_vwv2, xconn->smb1.negprot.max_recv);
102 SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
103 SSVAL(req->outbuf,smb_vwv4, 1);
104 SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
105 readbraw writebraw (possibly) */
106 SIVAL(req->outbuf,smb_vwv6, getpid());
107 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
108
109 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
110
111 return;
112 }
113
114 /****************************************************************************
115 Reply for the lanman 2.0 protocol.
116 ****************************************************************************/
117
118 static void reply_lanman2(struct smb_request *req, uint16_t choice)
119 {
120 int secword=0;
121 time_t t = time(NULL);
122 struct smbXsrv_connection *xconn = req->xconn;
123 uint16_t raw;
124 NTSTATUS status;
125
126 if (lp_async_smb_echo_handler()) {
127 raw = 0;
128 } else {
129 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
130 }
131
132 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
133
134 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
135 if (xconn->smb1.negprot.encrypted_passwords) {
136 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
137 }
138
139 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
140
141 SSVAL(req->outbuf,smb_vwv0, choice);
142 SSVAL(req->outbuf,smb_vwv1, secword);
143 SIVAL(req->outbuf,smb_vwv6, getpid());
144
145 /* Create a token value and add it to the outgoing packet. */
146 if (xconn->smb1.negprot.encrypted_passwords) {
147 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
148 SSVAL(req->outbuf,smb_vwv11, 8);
149 }
150
151 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
152 if (!NT_STATUS_IS_OK(status)) {
153 reply_nterror(req, status);
154 return;
155 }
156
157 /* Reply, SMBlockread, SMBwritelock supported. */
158 SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
159 SSVAL(req->outbuf,smb_vwv2,xconn->smb1.negprot.max_recv);
160 SSVAL(req->outbuf,smb_vwv3,lp_max_mux());
161 SSVAL(req->outbuf,smb_vwv4,1);
162 SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
163 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
164 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
165 }
166
167 /****************************************************************************
168 Generate the spnego negprot reply blob. Return the number of bytes used.
169 ****************************************************************************/
170
171 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbXsrv_connection *xconn)
172 {
173 DATA_BLOB blob = data_blob_null;
174 DATA_BLOB blob_out = data_blob_null;
175 nstring dos_name;
176 fstring unix_name;
177 NTSTATUS status;
178 #ifdef DEVELOPER
179 size_t slen;
180 #endif
181 struct gensec_security *gensec_security;
182
183 /* See if we can get an SPNEGO blob */
184 status = auth_generic_prepare(talloc_tos(),
185 xconn->remote_address,
186 xconn->local_address,
187 "SMB",
188 &gensec_security);
189
190 /*
191 * Despite including it above, there is no need to set a
192 * remote address or similar as we are just interested in the
193 * SPNEGO blob, we never keep this context.
194 */
195
196 if (NT_STATUS_IS_OK(status)) {
197 status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
198 if (NT_STATUS_IS_OK(status)) {
199 status = gensec_update(gensec_security, ctx,
200 data_blob_null, &blob);
201 /* If we get the list of OIDs, the 'OK' answer
202 * is NT_STATUS_MORE_PROCESSING_REQUIRED */
203 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
204 DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
205 blob = data_blob_null;
206 }
207 }
208 TALLOC_FREE(gensec_security);
209 }
210
211 xconn->smb1.negprot.spnego = true;
212
213 /* strangely enough, NT does not sent the single OID NTLMSSP when
214 not a ADS member, it sends no OIDs at all
215
216 OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
217 about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
218
219 Our sessionsetup code now handles raw NTLMSSP connects, so we can go
220 back to doing what W2K3 does here. This is needed to make PocketPC 2003
221 CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
222 for details. JRA.
223
224 */
225
226 if (blob.length == 0 || blob.data == NULL) {
227 return data_blob_null;
228 }
229
230 blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
231 if (blob_out.data == NULL) {
232 data_blob_free(&blob);
233 return data_blob_null;
234 }
235
236 memset(blob_out.data, '\0', 16);
237
238 checked_strlcpy(unix_name, lp_netbios_name(), sizeof(unix_name));
239 (void)strlower_m(unix_name);
240 push_ascii_nstring(dos_name, unix_name);
241 strlcpy((char *)blob_out.data, dos_name, 17);
242
243 #ifdef DEVELOPER
244 /* Fix valgrind 'uninitialized bytes' issue. */
245 slen = strlen(dos_name);
246 if (slen < 16) {
247 memset(blob_out.data+slen, '\0', 16 - slen);
248 }
249 #endif
250
251 memcpy(&blob_out.data[16], blob.data, blob.length);
252
253 data_blob_free(&blob);
254
255 return blob_out;
256 }
257
258 /****************************************************************************
259 Reply for the nt protocol.
260 ****************************************************************************/
261
262 static void reply_nt1(struct smb_request *req, uint16_t choice)
263 {
264 /* dual names + lock_and_read + nt SMBs + remote API calls */
265 int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
266 CAP_LEVEL_II_OPLOCKS;
267
268 int secword=0;
269 bool negotiate_spnego = False;
270 struct timespec ts;
271 ssize_t ret;
272 struct smbXsrv_connection *xconn = req->xconn;
273 bool signing_desired = false;
274 bool signing_required = false;
275 NTSTATUS status;
276
277 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
278
279 /* Check the flags field to see if this is Vista.
280 WinXP sets it and Vista does not. But we have to
281 distinguish from NT which doesn't set it either. */
282
283 if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
284 ((req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) == 0) )
285 {
286 if ((get_remote_arch() != RA_SAMBA) &&
287 (get_remote_arch() != RA_CIFSFS)) {
288 set_remote_arch( RA_VISTA );
289 }
290 }
291
292 reply_outbuf(req,17,0);
293
294 /* do spnego in user level security if the client
295 supports it and we can do encrypted passwords */
296
297 if (xconn->smb1.negprot.encrypted_passwords &&
298 (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
299 negotiate_spnego = True;
300 capabilities |= CAP_EXTENDED_SECURITY;
301 add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
302 /* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
303 (already partially constructed. */
304 SSVAL(req->outbuf, smb_flg2,
305 req->flags2 | FLAGS2_EXTENDED_SECURITY);
306 }
307
308 capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS;
309
310 if (lp_unicode()) {
311 capabilities |= CAP_UNICODE;
312 }
313
314 if (lp_unix_extensions()) {
315 capabilities |= CAP_UNIX;
316 }
317
318 if (lp_large_readwrite())
319 capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
320
321 capabilities |= CAP_LARGE_FILES;
322
323 if (!lp_async_smb_echo_handler() && lp_read_raw() && lp_write_raw())
324 capabilities |= CAP_RAW_MODE;
325
326 if (lp_nt_status_support())
327 capabilities |= CAP_STATUS32;
328
329 if (lp_host_msdfs())
330 capabilities |= CAP_DFS;
331
332 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
333 if (xconn->smb1.negprot.encrypted_passwords) {
334 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
335 }
336
337 signing_desired = smb_signing_is_desired(xconn->smb1.signing_state);
338 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
339
340 if (signing_desired) {
341 secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
342 /* No raw mode with smb signing. */
343 capabilities &= ~CAP_RAW_MODE;
344 if (signing_required) {
345 secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
346 }
347 }
348
349 SSVAL(req->outbuf,smb_vwv0,choice);
350 SCVAL(req->outbuf,smb_vwv1,secword);
351
352 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
353 if (!NT_STATUS_IS_OK(status)) {
354 reply_nterror(req, status);
355 return;
356 }
357
358 SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
359 SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
360 SIVAL(req->outbuf,smb_vwv3+1,
361 xconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
362 SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
363 SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
364 SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
365 clock_gettime(CLOCK_REALTIME,&ts);
366 put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
367 SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
368
369 if (!negotiate_spnego) {
370 /* Create a token value and add it to the outgoing packet. */
371 if (xconn->smb1.negprot.encrypted_passwords) {
372 uint8_t chal[8];
373 /* note that we do not send a challenge at all if
374 we are using plaintext */
375 get_challenge(xconn, chal);
376 ret = message_push_blob(
377 &req->outbuf, data_blob_const(chal, sizeof(chal)));
378 if (ret == -1) {
379 DEBUG(0, ("Could not push challenge\n"));
380 reply_nterror(req, NT_STATUS_NO_MEMORY);
381 return;
382 }
383 SCVAL(req->outbuf, smb_vwv16+1, ret);
384 }
385 ret = message_push_string(&req->outbuf, lp_workgroup(),
386 STR_UNICODE|STR_TERMINATE
387 |STR_NOALIGN);
388 if (ret == -1) {
389 DEBUG(0, ("Could not push workgroup string\n"));
390 reply_nterror(req, NT_STATUS_NO_MEMORY);
391 return;
392 }
393 ret = message_push_string(&req->outbuf, lp_netbios_name(),
394 STR_UNICODE|STR_TERMINATE
395 |STR_NOALIGN);
396 if (ret == -1) {
397 DEBUG(0, ("Could not push netbios name string\n"));
398 reply_nterror(req, NT_STATUS_NO_MEMORY);
399 return;
400 }
401 DEBUG(3,("not using SPNEGO\n"));
402 } else {
403 DATA_BLOB spnego_blob = negprot_spnego(req, xconn);
404
405 if (spnego_blob.data == NULL) {
406 reply_nterror(req, NT_STATUS_NO_MEMORY);
407 return;
408 }
409
410 ret = message_push_blob(&req->outbuf, spnego_blob);
411 if (ret == -1) {
412 DEBUG(0, ("Could not push spnego blob\n"));
413 reply_nterror(req, NT_STATUS_NO_MEMORY);
414 return;
415 }
416 data_blob_free(&spnego_blob);
417
418 SCVAL(req->outbuf,smb_vwv16+1, 0);
419 DEBUG(3,("using SPNEGO\n"));
420 }
421
422 return;
423 }
424
425 /* these are the protocol lists used for auto architecture detection:
426
427 WinNT 3.51:
428 protocol [PC NETWORK PROGRAM 1.0]
429 protocol [XENIX CORE]
430 protocol [MICROSOFT NETWORKS 1.03]
431 protocol [LANMAN1.0]
432 protocol [Windows for Workgroups 3.1a]
433 protocol [LM1.2X002]
434 protocol [LANMAN2.1]
435 protocol [NT LM 0.12]
436
437 Win95:
438 protocol [PC NETWORK PROGRAM 1.0]
439 protocol [XENIX CORE]
440 protocol [MICROSOFT NETWORKS 1.03]
441 protocol [LANMAN1.0]
442 protocol [Windows for Workgroups 3.1a]
443 protocol [LM1.2X002]
444 protocol [LANMAN2.1]
445 protocol [NT LM 0.12]
446
447 Win2K:
448 protocol [PC NETWORK PROGRAM 1.0]
449 protocol [LANMAN1.0]
450 protocol [Windows for Workgroups 3.1a]
451 protocol [LM1.2X002]
452 protocol [LANMAN2.1]
453 protocol [NT LM 0.12]
454
455 Vista:
456 protocol [PC NETWORK PROGRAM 1.0]
457 protocol [LANMAN1.0]
458 protocol [Windows for Workgroups 3.1a]
459 protocol [LM1.2X002]
460 protocol [LANMAN2.1]
461 protocol [NT LM 0.12]
462 protocol [SMB 2.001]
463
464 OS/2:
465 protocol [PC NETWORK PROGRAM 1.0]
466 protocol [XENIX CORE]
467 protocol [LANMAN1.0]
468 protocol [LM1.2X002]
469 protocol [LANMAN2.1]
470
471 OSX:
472 protocol [NT LM 0.12]
473 protocol [SMB 2.002]
474 protocol [SMB 2.???]
475 */
476
477 /*
478 * Modified to recognize the architecture of the remote machine better.
479 *
480 * This appears to be the matrix of which protocol is used by which
481 * product.
482 Protocol WfWg Win95 WinNT Win2K OS/2 Vista OSX
483 PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
484 XENIX CORE 2 2
485 MICROSOFT NETWORKS 3.0 2 2
486 DOS LM1.2X002 3 3
487 MICROSOFT NETWORKS 1.03 3
488 DOS LANMAN2.1 4 4
489 LANMAN1.0 4 2 3 2
490 Windows for Workgroups 3.1a 5 5 5 3 3
491 LM1.2X002 6 4 4 4
492 LANMAN2.1 7 5 5 5
493 NT LM 0.12 6 8 6 6 6 1
494 SMB 2.001 7
495 SMB 2.002 2
496 SMB 2.??? 3
497 *
498 * tim@fsg.com 09/29/95
499 * Win2K added by matty 17/7/99
500 */
501
502 #define PROT_PC_NETWORK_PROGRAM_1_0 0x0001
503 #define PROT_XENIX_CORE 0x0002
504 #define PROT_MICROSOFT_NETWORKS_3_0 0x0004
505 #define PROT_DOS_LM1_2X002 0x0008
506 #define PROT_MICROSOFT_NETWORKS_1_03 0x0010
507 #define PROT_DOS_LANMAN2_1 0x0020
508 #define PROT_LANMAN1_0 0x0040
509 #define PROT_WFWG 0x0080
510 #define PROT_LM1_2X002 0x0100
511 #define PROT_LANMAN2_1 0x0200
512 #define PROT_NT_LM_0_12 0x0400
513 #define PROT_SMB_2_001 0x0800
514 #define PROT_SMB_2_002 0x1000
515 #define PROT_SMB_2_FF 0x2000
516 #define PROT_SAMBA 0x4000
517 #define PROT_POSIX_2 0x8000
518
519 #define ARCH_WFWG ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_MICROSOFT_NETWORKS_3_0 | \
520 PROT_DOS_LM1_2X002 | PROT_DOS_LANMAN2_1 | PROT_WFWG )
521 #define ARCH_WIN95 ( ARCH_WFWG | PROT_NT_LM_0_12 )
522 #define ARCH_WINNT ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_XENIX_CORE | \
523 PROT_MICROSOFT_NETWORKS_1_03 | PROT_LANMAN1_0 | PROT_WFWG | \
524 PROT_LM1_2X002 | PROT_LANMAN2_1 | PROT_NT_LM_0_12 )
525 #define ARCH_WIN2K ( ARCH_WINNT & ~(PROT_XENIX_CORE | PROT_MICROSOFT_NETWORKS_1_03) )
526 #define ARCH_OS2 ( ARCH_WINNT & ~(PROT_MICROSOFT_NETWORKS_1_03 | PROT_WFWG) )
527 #define ARCH_VISTA ( ARCH_WIN2K | PROT_SMB_2_001 )
528 #define ARCH_SAMBA ( PROT_SAMBA )
529 #define ARCH_CIFSFS ( PROT_POSIX_2 )
530 #define ARCH_OSX ( PROT_NT_LM_0_12 | PROT_SMB_2_002 | PROT_SMB_2_FF )
531
532 /* List of supported protocols, most desired first */
533 static const struct {
534 const char *proto_name;
535 const char *short_name;
536 void (*proto_reply_fn)(struct smb_request *req, uint16_t choice);
537 int protocol_level;
538 } supported_protocols[] = {
539 {"SMB 2.???", "SMB2_FF", reply_smb20ff, PROTOCOL_SMB2_10},
540 {"SMB 2.002", "SMB2_02", reply_smb2002, PROTOCOL_SMB2_02},
541 {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
542 {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
543 {"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
544 {"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
545 {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
546 {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
547 {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
548 {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
549 {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
550 {NULL,NULL,NULL,0},
551 };
552
553 /****************************************************************************
554 Reply to a negprot.
555 conn POINTER CAN BE NULL HERE !
556 ****************************************************************************/
557
558 void reply_negprot(struct smb_request *req)
559 {
560 size_t choice = 0;
561 int chosen_level = -1;
562 bool choice_set = false;
563 int protocol;
564 const char *p;
565 int protocols = 0;
566 int num_cliprotos;
567 char **cliprotos;
568 size_t i;
569 size_t converted_size;
570 struct smbXsrv_connection *xconn = req->xconn;
571 struct smbd_server_connection *sconn = req->sconn;
572 bool signing_required = true;
573 int max_proto;
574 int min_proto;
575
576 START_PROFILE(SMBnegprot);
577
578 if (xconn->smb1.negprot.done) {
579 END_PROFILE(SMBnegprot);
580 exit_server_cleanly("multiple negprot's are not permitted");
581 }
582 xconn->smb1.negprot.done = true;
583
584 if (req->buflen == 0) {
585 DEBUG(0, ("negprot got no protocols\n"));
586 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
587 END_PROFILE(SMBnegprot);
588 return;
589 }
590
591 if (req->buf[req->buflen-1] != '\0') {
592 DEBUG(0, ("negprot protocols not 0-terminated\n"));
593 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
594 END_PROFILE(SMBnegprot);
595 return;
596 }
597
598 p = (const char *)req->buf + 1;
599
600 num_cliprotos = 0;
601 cliprotos = NULL;
602
603 while (smbreq_bufrem(req, p) > 0) {
604
605 char **tmp;
606
607 tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
608 num_cliprotos+1);
609 if (tmp == NULL) {
610 DEBUG(0, ("talloc failed\n"));
611 TALLOC_FREE(cliprotos);
612 reply_nterror(req, NT_STATUS_NO_MEMORY);
613 END_PROFILE(SMBnegprot);
614 return;
615 }
616
617 cliprotos = tmp;
618
619 if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
620 &converted_size)) {
621 DEBUG(0, ("pull_ascii_talloc failed\n"));
622 TALLOC_FREE(cliprotos);
623 reply_nterror(req, NT_STATUS_NO_MEMORY);
624 END_PROFILE(SMBnegprot);
625 return;
626 }
627
628 DEBUG(3, ("Requested protocol [%s]\n",
629 cliprotos[num_cliprotos]));
630
631 num_cliprotos += 1;
632 p += strlen(p) + 2;
633 }
634
635 for (i=0; i<num_cliprotos; i++) {
636 if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a")) {
637 protocols |= PROT_WFWG;
638 } else if (strcsequal(cliprotos[i], "DOS LM1.2X002")) {
639 protocols |= PROT_DOS_LM1_2X002;
640 } else if (strcsequal(cliprotos[i], "DOS LANMAN2.1")) {
641 protocols |= PROT_DOS_LANMAN2_1;
642 } else if (strcsequal(cliprotos[i], "LANMAN1.0")) {
643 protocols |= PROT_LANMAN1_0;
644 } else if (strcsequal(cliprotos[i], "NT LM 0.12")) {
645 protocols |= PROT_NT_LM_0_12;
646 } else if (strcsequal(cliprotos[i], "SMB 2.001")) {
647 protocols |= PROT_SMB_2_001;
648 } else if (strcsequal(cliprotos[i], "SMB 2.002")) {
649 protocols |= PROT_SMB_2_002;
650 } else if (strcsequal(cliprotos[i], "SMB 2.???")) {
651 protocols |= PROT_SMB_2_FF;
652 } else if (strcsequal(cliprotos[i], "LANMAN2.1")) {
653 protocols |= PROT_LANMAN2_1;
654 } else if (strcsequal(cliprotos[i], "LM1.2X002")) {
655 protocols |= PROT_LM1_2X002;
656 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03")) {
657 protocols |= PROT_MICROSOFT_NETWORKS_1_03;
658 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 3.0")) {
659 protocols |= PROT_MICROSOFT_NETWORKS_3_0;
660 } else if (strcsequal(cliprotos[i], "PC NETWORK PROGRAM 1.0")) {
661 protocols |= PROT_PC_NETWORK_PROGRAM_1_0;
662 } else if (strcsequal(cliprotos[i], "XENIX CORE")) {
663 protocols |= PROT_XENIX_CORE;
664 } else if (strcsequal(cliprotos[i], "Samba")) {
665 protocols = PROT_SAMBA;
666 break;
667 } else if (strcsequal(cliprotos[i], "POSIX 2")) {
668 protocols = PROT_POSIX_2;
669 break;
670 }
671 }
672
673 switch ( protocols ) {
674 /* Old CIFSFS can send one arch only, NT LM 0.12. */
675 case PROT_NT_LM_0_12:
676 case ARCH_CIFSFS:
677 set_remote_arch(RA_CIFSFS);
678 break;
679 case ARCH_SAMBA:
680 set_remote_arch(RA_SAMBA);
681 break;
682 case ARCH_WFWG:
683 set_remote_arch(RA_WFWG);
684 break;
685 case ARCH_WIN95:
686 set_remote_arch(RA_WIN95);
687 break;
688 case ARCH_WINNT:
689 set_remote_arch(RA_WINNT);
690 break;
691 case ARCH_WIN2K:
692 set_remote_arch(RA_WIN2K);
693 break;
694 case ARCH_VISTA:
695 set_remote_arch(RA_VISTA);
696 break;
697 case ARCH_OS2:
698 set_remote_arch(RA_OS2);
699 break;
700 case ARCH_OSX:
701 set_remote_arch(RA_OSX);
702 break;
703 default:
704 set_remote_arch(RA_UNKNOWN);
705 break;
706 }
707
708 /* possibly reload - change of architecture */
709 reload_services(sconn, conn_snum_used, true);
710
711 /*
712 * Anything higher than PROTOCOL_SMB2_10 still
713 * needs to go via "SMB 2.???", which is marked
714 * as PROTOCOL_SMB2_10.
715 *
716 * The real negotiation happens via reply_smb20ff()
717 * using SMB2 Negotiation.
718 */
719 max_proto = lp_server_max_protocol();
720 if (max_proto > PROTOCOL_SMB2_10) {
721 max_proto = PROTOCOL_SMB2_10;
722 }
723 min_proto = lp_server_min_protocol();
724 if (min_proto > PROTOCOL_SMB2_10) {
725 min_proto = PROTOCOL_SMB2_10;
726 }
727
728 /* Check for protocols, most desirable first */
729 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
730 i = 0;
731 if ((supported_protocols[protocol].protocol_level <= max_proto) &&
732 (supported_protocols[protocol].protocol_level >= min_proto))
733 while (i < num_cliprotos) {
734 if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
735 choice = i;
736 chosen_level = supported_protocols[protocol].protocol_level;
737 choice_set = true;
738 }
739 i++;
740 }
741 if (choice_set) {
742 break;
743 }
744 }
745
746 if (!choice_set) {
747 bool ok;
748
749 DBG_NOTICE("No protocol supported !\n");
750 reply_outbuf(req, 1, 0);
751 SSVAL(req->outbuf, smb_vwv0, choice);
752
753 ok = srv_send_smb(xconn, (char *)req->outbuf,
754 false, 0, false, NULL);
755 if (!ok) {
756 DBG_NOTICE("srv_send_smb failed\n");
757 }
758 exit_server_cleanly("no protocol supported\n");
759 }
760
761 fstrcpy(remote_proto,supported_protocols[protocol].short_name);
762 reload_services(sconn, conn_snum_used, true);
763 supported_protocols[protocol].proto_reply_fn(req, choice);
764 DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
765
766 DBG_INFO("negprot index=%zu\n", choice);
767
768 /* We always have xconn->smb1.signing_state also for >= SMB2_02 */
769 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
770 if (signing_required && (chosen_level < PROTOCOL_NT1)) {
771 exit_server_cleanly("SMB signing is required and "
772 "client negotiated a downlevel protocol");
773 }
774
775 TALLOC_FREE(cliprotos);
776
777 if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
778 !fork_echo_handler(xconn)) {
779 exit_server("Failed to fork echo handler");
780 }
781
782 END_PROFILE(SMBnegprot);
783 return;
784 }
Samba GIT mirror