search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add test for 'samba-tool user edit'
[Samba.git] / source3 / smbd / smb2_negprot.c
blobd9ccdbeea8ec7e2bc803c2f9d3b84a97f26cc9c6
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
4
5 Copyright (C) Stefan Metzmacher 2009
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../libcli/smb/smb2_negotiate_context.h"
26 #include "../lib/tsocket/tsocket.h"
27 #include "../librpc/ndr/libndr.h"
28 #include "../libcli/smb/smb_signing.h"
29
30 extern fstring remote_proto;
31
32 /*
33 * this is the entry point if SMB2 is selected via
34 * the SMB negprot and the given dialect.
35 */
36 static void reply_smb20xx(struct smb_request *req, uint16_t dialect)
37 {
38 uint8_t *smb2_inpdu;
39 uint8_t *smb2_hdr;
40 uint8_t *smb2_body;
41 uint8_t *smb2_dyn;
42 size_t len = SMB2_HDR_BODY + 0x24 + 2;
43
44 smb2_inpdu = talloc_zero_array(talloc_tos(), uint8_t, len);
45 if (smb2_inpdu == NULL) {
46 DEBUG(0, ("Could not push spnego blob\n"));
47 reply_nterror(req, NT_STATUS_NO_MEMORY);
48 return;
49 }
50 smb2_hdr = smb2_inpdu;
51 smb2_body = smb2_hdr + SMB2_HDR_BODY;
52 smb2_dyn = smb2_body + 0x24;
53
54 SIVAL(smb2_hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
55 SIVAL(smb2_hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
56
57 SSVAL(smb2_body, 0x00, 0x0024); /* struct size */
58 SSVAL(smb2_body, 0x02, 0x0001); /* dialect count */
59
60 SSVAL(smb2_dyn, 0x00, dialect);
61
62 req->outbuf = NULL;
63
64 smbd_smb2_process_negprot(req->xconn, 0, smb2_inpdu, len);
65 return;
66 }
67
68 /*
69 * this is the entry point if SMB2 is selected via
70 * the SMB negprot and the "SMB 2.002" dialect.
71 */
72 void reply_smb2002(struct smb_request *req, uint16_t choice)
73 {
74 reply_smb20xx(req, SMB2_DIALECT_REVISION_202);
75 }
76
77 /*
78 * this is the entry point if SMB2 is selected via
79 * the SMB negprot and the "SMB 2.???" dialect.
80 */
81 void reply_smb20ff(struct smb_request *req, uint16_t choice)
82 {
83 struct smbXsrv_connection *xconn = req->xconn;
84 xconn->smb2.allow_2ff = true;
85 reply_smb20xx(req, SMB2_DIALECT_REVISION_2FF);
86 }
87
88 enum protocol_types smbd_smb2_protocol_dialect_match(const uint8_t *indyn,
89 const int dialect_count,
90 uint16_t *dialect)
91 {
92 struct {
93 enum protocol_types proto;
94 uint16_t dialect;
95 } pd[] = {
96 { PROTOCOL_SMB3_11, SMB3_DIALECT_REVISION_311 },
97 { PROTOCOL_SMB3_10, SMB3_DIALECT_REVISION_310 },
98 { PROTOCOL_SMB3_02, SMB3_DIALECT_REVISION_302 },
99 { PROTOCOL_SMB3_00, SMB3_DIALECT_REVISION_300 },
100 { PROTOCOL_SMB2_24, SMB2_DIALECT_REVISION_224 },
101 { PROTOCOL_SMB2_22, SMB2_DIALECT_REVISION_222 },
102 { PROTOCOL_SMB2_10, SMB2_DIALECT_REVISION_210 },
103 { PROTOCOL_SMB2_02, SMB2_DIALECT_REVISION_202 },
104 };
105 size_t i;
106
107 for (i = 0; i < ARRAY_SIZE(pd); i ++) {
108 size_t c = 0;
109
110 if (lp_server_max_protocol() < pd[i].proto) {
111 continue;
112 }
113 if (lp_server_min_protocol() > pd[i].proto) {
114 continue;
115 }
116
117 for (c = 0; c < dialect_count; c++) {
118 *dialect = SVAL(indyn, c*2);
119 if (*dialect == pd[i].dialect) {
120 return pd[i].proto;
121 }
122 }
123 }
124
125 return PROTOCOL_NONE;
126 }
127
128 NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
129 {
130 struct smbXsrv_connection *xconn = req->xconn;
131 NTSTATUS status;
132 const uint8_t *inbody;
133 const uint8_t *indyn = NULL;
134 DATA_BLOB outbody;
135 DATA_BLOB outdyn;
136 DATA_BLOB negprot_spnego_blob;
137 uint16_t security_offset;
138 DATA_BLOB security_buffer;
139 size_t expected_dyn_size = 0;
140 size_t c;
141 uint16_t security_mode;
142 uint16_t dialect_count;
143 uint16_t in_security_mode;
144 uint32_t in_capabilities;
145 DATA_BLOB in_guid_blob;
146 struct GUID in_guid;
147 struct smb2_negotiate_contexts in_c = { .num_contexts = 0, };
148 struct smb2_negotiate_context *in_preauth = NULL;
149 struct smb2_negotiate_context *in_cipher = NULL;
150 struct smb2_negotiate_contexts out_c = { .num_contexts = 0, };
151 DATA_BLOB out_negotiate_context_blob = data_blob_null;
152 uint32_t out_negotiate_context_offset = 0;
153 uint16_t out_negotiate_context_count = 0;
154 uint16_t dialect = 0;
155 uint32_t capabilities;
156 DATA_BLOB out_guid_blob;
157 struct GUID out_guid;
158 enum protocol_types protocol = PROTOCOL_NONE;
159 uint32_t max_limit;
160 uint32_t max_trans = lp_smb2_max_trans();
161 uint32_t max_read = lp_smb2_max_read();
162 uint32_t max_write = lp_smb2_max_write();
163 NTTIME now = timeval_to_nttime(&req->request_time);
164 bool signing_required = true;
165 bool ok;
166
167 status = smbd_smb2_request_verify_sizes(req, 0x24);
168 if (!NT_STATUS_IS_OK(status)) {
169 return smbd_smb2_request_error(req, status);
170 }
171 inbody = SMBD_SMB2_IN_BODY_PTR(req);
172
173 dialect_count = SVAL(inbody, 0x02);
174
175 in_security_mode = SVAL(inbody, 0x04);
176 in_capabilities = IVAL(inbody, 0x08);
177 in_guid_blob = data_blob_const(inbody + 0x0C, 16);
178
179 if (dialect_count == 0) {
180 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
181 }
182
183 status = GUID_from_ndr_blob(&in_guid_blob, &in_guid);
184 if (!NT_STATUS_IS_OK(status)) {
185 return smbd_smb2_request_error(req, status);
186 }
187
188 expected_dyn_size = dialect_count * 2;
189 if (SMBD_SMB2_IN_DYN_LEN(req) < expected_dyn_size) {
190 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
191 }
192 indyn = SMBD_SMB2_IN_DYN_PTR(req);
193
194 protocol = smbd_smb2_protocol_dialect_match(indyn,
195 dialect_count,
196 &dialect);
197
198 for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
199 if (lp_server_max_protocol() < PROTOCOL_SMB2_10) {
200 break;
201 }
202
203 dialect = SVAL(indyn, c*2);
204 if (dialect == SMB2_DIALECT_REVISION_2FF) {
205 if (xconn->smb2.allow_2ff) {
206 xconn->smb2.allow_2ff = false;
207 protocol = PROTOCOL_SMB2_10;
208 break;
209 }
210 }
211 }
212
213 if (protocol == PROTOCOL_NONE) {
214 return smbd_smb2_request_error(req, NT_STATUS_NOT_SUPPORTED);
215 }
216
217 if (protocol >= PROTOCOL_SMB3_10) {
218 uint32_t in_negotiate_context_offset = 0;
219 uint16_t in_negotiate_context_count = 0;
220 DATA_BLOB in_negotiate_context_blob = data_blob_null;
221 size_t ofs;
222
223 in_negotiate_context_offset = IVAL(inbody, 0x1C);
224 in_negotiate_context_count = SVAL(inbody, 0x20);
225
226 ofs = SMB2_HDR_BODY;
227 ofs += SMBD_SMB2_IN_BODY_LEN(req);
228 ofs += expected_dyn_size;
229 if ((ofs % 8) != 0) {
230 ofs += 8 - (ofs % 8);
231 }
232
233 if (in_negotiate_context_offset != ofs) {
234 return smbd_smb2_request_error(req,
235 NT_STATUS_INVALID_PARAMETER);
236 }
237
238 ofs -= SMB2_HDR_BODY;
239 ofs -= SMBD_SMB2_IN_BODY_LEN(req);
240
241 if (SMBD_SMB2_IN_DYN_LEN(req) < ofs) {
242 return smbd_smb2_request_error(req,
243 NT_STATUS_INVALID_PARAMETER);
244 }
245
246 in_negotiate_context_blob = data_blob_const(indyn,
247 SMBD_SMB2_IN_DYN_LEN(req));
248
249 in_negotiate_context_blob.data += ofs;
250 in_negotiate_context_blob.length -= ofs;
251
252 status = smb2_negotiate_context_parse(req,
253 in_negotiate_context_blob, &in_c);
254 if (!NT_STATUS_IS_OK(status)) {
255 return smbd_smb2_request_error(req, status);
256 }
257
258 if (in_negotiate_context_count != in_c.num_contexts) {
259 return smbd_smb2_request_error(req,
260 NT_STATUS_INVALID_PARAMETER);
261 }
262 }
263
264 if ((dialect != SMB2_DIALECT_REVISION_2FF) &&
265 (protocol >= PROTOCOL_SMB2_10) &&
266 !GUID_all_zero(&in_guid))
267 {
268 ok = remote_arch_cache_update(&in_guid);
269 if (!ok) {
270 return smbd_smb2_request_error(
271 req, NT_STATUS_UNSUCCESSFUL);
272 }
273 }
274
275 switch (get_remote_arch()) {
276 case RA_VISTA:
277 case RA_SAMBA:
278 case RA_CIFSFS:
279 case RA_OSX:
280 break;
281 default:
282 set_remote_arch(RA_VISTA);
283 break;
284 }
285
286 fstr_sprintf(remote_proto, "SMB%X_%02X",
287 (dialect >> 8) & 0xFF, dialect & 0xFF);
288
289 reload_services(req->sconn, conn_snum_used, true);
290 DEBUG(3,("Selected protocol %s\n", remote_proto));
291
292 in_preauth = smb2_negotiate_context_find(&in_c,
293 SMB2_PREAUTH_INTEGRITY_CAPABILITIES);
294 if (protocol >= PROTOCOL_SMB3_10 && in_preauth == NULL) {
295 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
296 }
297 in_cipher = smb2_negotiate_context_find(&in_c,
298 SMB2_ENCRYPTION_CAPABILITIES);
299
300 /* negprot_spnego() returns a the server guid in the first 16 bytes */
301 negprot_spnego_blob = negprot_spnego(req, xconn);
302 if (negprot_spnego_blob.data == NULL) {
303 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
304 }
305
306 if (negprot_spnego_blob.length < 16) {
307 return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
308 }
309
310 security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
311 /*
312 * We use xconn->smb1.signing_state as that's already present
313 * and used lpcfg_server_signing_allowed() to get the correct
314 * defaults, e.g. signing_required for an ad_dc.
315 */
316 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
317 if (signing_required) {
318 security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
319 }
320
321 capabilities = 0;
322 if (lp_host_msdfs()) {
323 capabilities |= SMB2_CAP_DFS;
324 }
325
326 if (protocol >= PROTOCOL_SMB2_10 &&
327 lp_smb2_leases() &&
328 lp_oplocks(GLOBAL_SECTION_SNUM) &&
329 !lp_kernel_oplocks(GLOBAL_SECTION_SNUM))
330 {
331 capabilities |= SMB2_CAP_LEASING;
332 }
333
334 if ((protocol >= PROTOCOL_SMB2_24) &&
335 (lp_smb_encrypt(-1) != SMB_SIGNING_OFF) &&
336 (in_capabilities & SMB2_CAP_ENCRYPTION)) {
337 capabilities |= SMB2_CAP_ENCRYPTION;
338 }
339
340 /*
341 * 0x10000 (65536) is the maximum allowed message size
342 * for SMB 2.0
343 */
344 max_limit = 0x10000;
345
346 if (protocol >= PROTOCOL_SMB2_10) {
347 int p = 0;
348
349 if (tsocket_address_is_inet(req->sconn->local_address, "ip")) {
350 p = tsocket_address_inet_port(req->sconn->local_address);
351 }
352
353 /* largeMTU is not supported over NBT (tcp port 139) */
354 if (p != NBT_SMB_PORT) {
355 capabilities |= SMB2_CAP_LARGE_MTU;
356 xconn->smb2.credits.multicredit = true;
357
358 /*
359 * We allow up to almost 16MB.
360 *
361 * The maximum PDU size is 0xFFFFFF (16776960)
362 * and we need some space for the header.
363 */
364 max_limit = 0xFFFF00;
365 }
366 }
367
368 /*
369 * the defaults are 8MB, but we'll limit this to max_limit based on
370 * the dialect (64kb for SMB 2.0, 8MB for SMB >= 2.1 with LargeMTU)
371 *
372 * user configured values exceeding the limits will be overwritten,
373 * only smaller values will be accepted
374 */
375
376 max_trans = MIN(max_limit, lp_smb2_max_trans());
377 max_read = MIN(max_limit, lp_smb2_max_read());
378 max_write = MIN(max_limit, lp_smb2_max_write());
379
380 if (in_preauth != NULL) {
381 size_t needed = 4;
382 uint16_t hash_count;
383 uint16_t salt_length;
384 uint16_t selected_preauth = 0;
385 const uint8_t *p;
386 uint8_t buf[38];
387 DATA_BLOB b;
388 size_t i;
389
390 if (in_preauth->data.length < needed) {
391 return smbd_smb2_request_error(req,
392 NT_STATUS_INVALID_PARAMETER);
393 }
394
395 hash_count = SVAL(in_preauth->data.data, 0);
396 salt_length = SVAL(in_preauth->data.data, 2);
397
398 if (hash_count == 0) {
399 return smbd_smb2_request_error(req,
400 NT_STATUS_INVALID_PARAMETER);
401 }
402
403 p = in_preauth->data.data + needed;
404 needed += hash_count * 2;
405 needed += salt_length;
406
407 if (in_preauth->data.length < needed) {
408 return smbd_smb2_request_error(req,
409 NT_STATUS_INVALID_PARAMETER);
410 }
411
412 for (i=0; i < hash_count; i++) {
413 uint16_t v;
414
415 v = SVAL(p, 0);
416 p += 2;
417
418 if (v == SMB2_PREAUTH_INTEGRITY_SHA512) {
419 selected_preauth = v;
420 break;
421 }
422 }
423
424 if (selected_preauth == 0) {
425 return smbd_smb2_request_error(req,
426 NT_STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP);
427 }
428
429 SSVAL(buf, 0, 1); /* HashAlgorithmCount */
430 SSVAL(buf, 2, 32); /* SaltLength */
431 SSVAL(buf, 4, selected_preauth);
432 generate_random_buffer(buf + 6, 32);
433
434 b = data_blob_const(buf, sizeof(buf));
435 status = smb2_negotiate_context_add(req, &out_c,
436 SMB2_PREAUTH_INTEGRITY_CAPABILITIES, b);
437 if (!NT_STATUS_IS_OK(status)) {
438 return smbd_smb2_request_error(req, status);
439 }
440
441 req->preauth = &req->xconn->smb2.preauth;
442 }
443
444 if ((capabilities & SMB2_CAP_ENCRYPTION) && (in_cipher != NULL)) {
445 size_t needed = 2;
446 uint16_t cipher_count;
447 const uint8_t *p;
448 uint8_t buf[4];
449 DATA_BLOB b;
450 size_t i;
451 bool aes_128_ccm_supported = false;
452 bool aes_128_gcm_supported = false;
453
454 capabilities &= ~SMB2_CAP_ENCRYPTION;
455
456 if (in_cipher->data.length < needed) {
457 return smbd_smb2_request_error(req,
458 NT_STATUS_INVALID_PARAMETER);
459 }
460
461 cipher_count = SVAL(in_cipher->data.data, 0);
462
463 if (cipher_count == 0) {
464 return smbd_smb2_request_error(req,
465 NT_STATUS_INVALID_PARAMETER);
466 }
467
468 p = in_cipher->data.data + needed;
469 needed += cipher_count * 2;
470
471 if (in_cipher->data.length < needed) {
472 return smbd_smb2_request_error(req,
473 NT_STATUS_INVALID_PARAMETER);
474 }
475
476 for (i=0; i < cipher_count; i++) {
477 uint16_t v;
478
479 v = SVAL(p, 0);
480 p += 2;
481
482 if (v == SMB2_ENCRYPTION_AES128_GCM) {
483 aes_128_gcm_supported = true;
484 }
485 if (v == SMB2_ENCRYPTION_AES128_CCM) {
486 aes_128_ccm_supported = true;
487 }
488 }
489
490 /*
491 * For now we preferr CCM because our implementation
492 * is faster than GCM, see bug #11451.
493 */
494 if (aes_128_ccm_supported) {
495 xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
496 } else if (aes_128_gcm_supported) {
497 xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM;
498 }
499
500 SSVAL(buf, 0, 1); /* ChiperCount */
501 SSVAL(buf, 2, xconn->smb2.server.cipher);
502
503 b = data_blob_const(buf, sizeof(buf));
504 status = smb2_negotiate_context_add(req, &out_c,
505 SMB2_ENCRYPTION_CAPABILITIES, b);
506 if (!NT_STATUS_IS_OK(status)) {
507 return smbd_smb2_request_error(req, status);
508 }
509 }
510
511 if (capabilities & SMB2_CAP_ENCRYPTION) {
512 xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
513 }
514
515 if (protocol >= PROTOCOL_SMB2_22 &&
516 xconn->client->server_multi_channel_enabled)
517 {
518 if (in_capabilities & SMB2_CAP_MULTI_CHANNEL) {
519 capabilities |= SMB2_CAP_MULTI_CHANNEL;
520 }
521 }
522
523 security_offset = SMB2_HDR_BODY + 0x40;
524
525 #if 1
526 /* Try SPNEGO auth... */
527 security_buffer = data_blob_const(negprot_spnego_blob.data + 16,
528 negprot_spnego_blob.length - 16);
529 #else
530 /* for now we want raw NTLMSSP */
531 security_buffer = data_blob_const(NULL, 0);
532 #endif
533
534 if (out_c.num_contexts != 0) {
535 status = smb2_negotiate_context_push(req,
536 &out_negotiate_context_blob,
537 out_c);
538 if (!NT_STATUS_IS_OK(status)) {
539 return smbd_smb2_request_error(req, status);
540 }
541 }
542
543 if (out_negotiate_context_blob.length != 0) {
544 static const uint8_t zeros[8];
545 size_t pad = 0;
546 size_t ofs;
547
548 outdyn = data_blob_dup_talloc(req, security_buffer);
549 if (outdyn.length != security_buffer.length) {
550 return smbd_smb2_request_error(req,
551 NT_STATUS_NO_MEMORY);
552 }
553
554 ofs = security_offset + security_buffer.length;
555 if ((ofs % 8) != 0) {
556 pad = 8 - (ofs % 8);
557 }
558 ofs += pad;
559
560 ok = data_blob_append(req, &outdyn, zeros, pad);
561 if (!ok) {
562 return smbd_smb2_request_error(req,
563 NT_STATUS_NO_MEMORY);
564 }
565
566 ok = data_blob_append(req, &outdyn,
567 out_negotiate_context_blob.data,
568 out_negotiate_context_blob.length);
569 if (!ok) {
570 return smbd_smb2_request_error(req,
571 NT_STATUS_NO_MEMORY);
572 }
573
574 out_negotiate_context_offset = ofs;
575 out_negotiate_context_count = out_c.num_contexts;
576 } else {
577 outdyn = security_buffer;
578 }
579
580 out_guid_blob = data_blob_const(negprot_spnego_blob.data, 16);
581 status = GUID_from_ndr_blob(&out_guid_blob, &out_guid);
582 if (!NT_STATUS_IS_OK(status)) {
583 return smbd_smb2_request_error(req, status);
584 }
585
586 outbody = smbd_smb2_generate_outbody(req, 0x40);
587 if (outbody.data == NULL) {
588 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
589 }
590
591 SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
592 SSVAL(outbody.data, 0x02,
593 security_mode); /* security mode */
594 SSVAL(outbody.data, 0x04, dialect); /* dialect revision */
595 SSVAL(outbody.data, 0x06,
596 out_negotiate_context_count); /* reserved/NegotiateContextCount */
597 memcpy(outbody.data + 0x08,
598 out_guid_blob.data, 16); /* server guid */
599 SIVAL(outbody.data, 0x18,
600 capabilities); /* capabilities */
601 SIVAL(outbody.data, 0x1C, max_trans); /* max transact size */
602 SIVAL(outbody.data, 0x20, max_read); /* max read size */
603 SIVAL(outbody.data, 0x24, max_write); /* max write size */
604 SBVAL(outbody.data, 0x28, now); /* system time */
605 SBVAL(outbody.data, 0x30, 0); /* server start time */
606 SSVAL(outbody.data, 0x38,
607 security_offset); /* security buffer offset */
608 SSVAL(outbody.data, 0x3A,
609 security_buffer.length); /* security buffer length */
610 SIVAL(outbody.data, 0x3C,
611 out_negotiate_context_offset); /* reserved/NegotiateContextOffset */
612
613 req->sconn->using_smb2 = true;
614
615 if (dialect != SMB2_DIALECT_REVISION_2FF) {
616 struct smbXsrv_client_global0 *global0 = NULL;
617
618 status = smbXsrv_connection_init_tables(xconn, protocol);
619 if (!NT_STATUS_IS_OK(status)) {
620 return smbd_smb2_request_error(req, status);
621 }
622
623 xconn->smb2.client.capabilities = in_capabilities;
624 xconn->smb2.client.security_mode = in_security_mode;
625 xconn->smb2.client.guid = in_guid;
626 xconn->smb2.client.num_dialects = dialect_count;
627 xconn->smb2.client.dialects = talloc_array(xconn,
628 uint16_t,
629 dialect_count);
630 if (xconn->smb2.client.dialects == NULL) {
631 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
632 }
633 for (c=0; c < dialect_count; c++) {
634 xconn->smb2.client.dialects[c] = SVAL(indyn, c*2);
635 }
636
637 xconn->smb2.server.capabilities = capabilities;
638 xconn->smb2.server.security_mode = security_mode;
639 xconn->smb2.server.guid = out_guid;
640 xconn->smb2.server.dialect = dialect;
641 xconn->smb2.server.max_trans = max_trans;
642 xconn->smb2.server.max_read = max_read;
643 xconn->smb2.server.max_write = max_write;
644
645 if (xconn->protocol < PROTOCOL_SMB2_10) {
646 /*
647 * SMB2_02 doesn't support client guids
648 */
649 return smbd_smb2_request_done(req, outbody, &outdyn);
650 }
651
652 if (!xconn->client->server_multi_channel_enabled) {
653 /*
654 * Only deal with the client guid database
655 * if multi-channel is enabled.
656 */
657 return smbd_smb2_request_done(req, outbody, &outdyn);
658 }
659
660 if (xconn->smb2.client.guid_verified) {
661 /*
662 * The connection was passed from another
663 * smbd process.
664 */
665 return smbd_smb2_request_done(req, outbody, &outdyn);
666 }
667
668 status = smb2srv_client_lookup_global(xconn->client,
669 xconn->smb2.client.guid,
670 req, &global0);
671 /*
672 * TODO: check for races...
673 */
674 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECTID_NOT_FOUND)) {
675 /*
676 * This stores the new client information in
677 * smbXsrv_client_global.tdb
678 */
679 xconn->client->global->client_guid =
680 xconn->smb2.client.guid;
681 status = smbXsrv_client_update(xconn->client);
682 if (!NT_STATUS_IS_OK(status)) {
683 return status;
684 }
685
686 xconn->smb2.client.guid_verified = true;
687 } else if (NT_STATUS_IS_OK(status)) {
688 status = smb2srv_client_connection_pass(req,
689 global0);
690 if (!NT_STATUS_IS_OK(status)) {
691 return smbd_smb2_request_error(req, status);
692 }
693
694 smbd_server_connection_terminate(xconn,
695 "passed connection");
696 return NT_STATUS_OBJECTID_EXISTS;
697 } else {
698 return smbd_smb2_request_error(req, status);
699 }
700 }
701
702 return smbd_smb2_request_done(req, outbody, &outdyn);
703 }
Samba GIT mirror