search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-tests: Avoid segfault by initializing logging
[Samba.git] / source3 / smbd / negprot.c
bloba36822e1907cfd08856bb5f5f36c6b3d01e29594
1 /*
2 Unix SMB/CIFS implementation.
3 negprot reply code
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "serverid.h"
25 #include "auth.h"
26 #include "messages.h"
27 #include "smbprofile.h"
28 #include "auth/gensec/gensec.h"
29 #include "../libcli/smb/smb_signing.h"
30
31 extern fstring remote_proto;
32
33 static void get_challenge(struct smbXsrv_connection *xconn, uint8_t buff[8])
34 {
35 NTSTATUS nt_status;
36
37 /* We might be called more than once, multiple negprots are
38 * permitted */
39 if (xconn->smb1.negprot.auth_context) {
40 DEBUG(3, ("get challenge: is this a secondary negprot? "
41 "sconn->negprot.auth_context is non-NULL!\n"));
42 TALLOC_FREE(xconn->smb1.negprot.auth_context);
43 }
44
45 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
46 nt_status = make_auth4_context(
47 xconn, &xconn->smb1.negprot.auth_context);
48 if (!NT_STATUS_IS_OK(nt_status)) {
49 DEBUG(0, ("make_auth_context_subsystem returned %s",
50 nt_errstr(nt_status)));
51 smb_panic("cannot make_negprot_global_auth_context!");
52 }
53 DEBUG(10, ("get challenge: getting challenge\n"));
54 xconn->smb1.negprot.auth_context->get_ntlm_challenge(
55 xconn->smb1.negprot.auth_context, buff);
56 }
57
58 /****************************************************************************
59 Reply for the lanman 1.0 protocol.
60 ****************************************************************************/
61
62 static void reply_lanman1(struct smb_request *req, uint16_t choice)
63 {
64 int secword=0;
65 time_t t = time(NULL);
66 struct smbXsrv_connection *xconn = req->xconn;
67 uint16_t raw;
68 NTSTATUS status;
69
70 if (lp_async_smb_echo_handler()) {
71 raw = 0;
72 } else {
73 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
74 }
75
76 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
77
78 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
79 if (xconn->smb1.negprot.encrypted_passwords) {
80 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
81 }
82
83 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
84
85 SSVAL(req->outbuf,smb_vwv0,choice);
86 SSVAL(req->outbuf,smb_vwv1,secword);
87 /* Create a token value and add it to the outgoing packet. */
88 if (xconn->smb1.negprot.encrypted_passwords) {
89 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
90 SSVAL(req->outbuf,smb_vwv11, 8);
91 }
92
93 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
94 if (!NT_STATUS_IS_OK(status)) {
95 reply_nterror(req, status);
96 return;
97 }
98
99 /* Reply, SMBlockread, SMBwritelock supported. */
100 SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
101 SSVAL(req->outbuf,smb_vwv2, xconn->smb1.negprot.max_recv);
102 SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
103 SSVAL(req->outbuf,smb_vwv4, 1);
104 SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
105 readbraw writebraw (possibly) */
106 SIVAL(req->outbuf,smb_vwv6, getpid());
107 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
108
109 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
110
111 return;
112 }
113
114 /****************************************************************************
115 Reply for the lanman 2.0 protocol.
116 ****************************************************************************/
117
118 static void reply_lanman2(struct smb_request *req, uint16_t choice)
119 {
120 int secword=0;
121 time_t t = time(NULL);
122 struct smbXsrv_connection *xconn = req->xconn;
123 uint16_t raw;
124 NTSTATUS status;
125
126 if (lp_async_smb_echo_handler()) {
127 raw = 0;
128 } else {
129 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
130 }
131
132 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
133
134 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
135 if (xconn->smb1.negprot.encrypted_passwords) {
136 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
137 }
138
139 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
140
141 SSVAL(req->outbuf,smb_vwv0, choice);
142 SSVAL(req->outbuf,smb_vwv1, secword);
143 SIVAL(req->outbuf,smb_vwv6, getpid());
144
145 /* Create a token value and add it to the outgoing packet. */
146 if (xconn->smb1.negprot.encrypted_passwords) {
147 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
148 SSVAL(req->outbuf,smb_vwv11, 8);
149 }
150
151 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
152 if (!NT_STATUS_IS_OK(status)) {
153 reply_nterror(req, status);
154 return;
155 }
156
157 /* Reply, SMBlockread, SMBwritelock supported. */
158 SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
159 SSVAL(req->outbuf,smb_vwv2,xconn->smb1.negprot.max_recv);
160 SSVAL(req->outbuf,smb_vwv3,lp_max_mux());
161 SSVAL(req->outbuf,smb_vwv4,1);
162 SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
163 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
164 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
165 }
166
167 /****************************************************************************
168 Generate the spnego negprot reply blob. Return the number of bytes used.
169 ****************************************************************************/
170
171 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbXsrv_connection *xconn)
172 {
173 DATA_BLOB blob = data_blob_null;
174 DATA_BLOB blob_out = data_blob_null;
175 nstring dos_name;
176 fstring unix_name;
177 NTSTATUS status;
178 #ifdef DEVELOPER
179 size_t slen;
180 #endif
181 struct gensec_security *gensec_security;
182
183 /* See if we can get an SPNEGO blob */
184 status = auth_generic_prepare(talloc_tos(),
185 xconn->remote_address,
186 xconn->local_address,
187 "SMB",
188 &gensec_security);
189
190 /*
191 * Despite including it above, there is no need to set a
192 * remote address or similar as we are just interested in the
193 * SPNEGO blob, we never keep this context.
194 */
195
196 if (NT_STATUS_IS_OK(status)) {
197 status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
198 if (NT_STATUS_IS_OK(status)) {
199 status = gensec_update(gensec_security, ctx,
200 data_blob_null, &blob);
201 /* If we get the list of OIDs, the 'OK' answer
202 * is NT_STATUS_MORE_PROCESSING_REQUIRED */
203 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
204 DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
205 blob = data_blob_null;
206 }
207 }
208 TALLOC_FREE(gensec_security);
209 }
210
211 xconn->smb1.negprot.spnego = true;
212
213 /* strangely enough, NT does not sent the single OID NTLMSSP when
214 not a ADS member, it sends no OIDs at all
215
216 OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
217 about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
218
219 Our sessionsetup code now handles raw NTLMSSP connects, so we can go
220 back to doing what W2K3 does here. This is needed to make PocketPC 2003
221 CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
222 for details. JRA.
223
224 */
225
226 if (blob.length == 0 || blob.data == NULL) {
227 return data_blob_null;
228 }
229
230 blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
231 if (blob_out.data == NULL) {
232 data_blob_free(&blob);
233 return data_blob_null;
234 }
235
236 memset(blob_out.data, '\0', 16);
237
238 checked_strlcpy(unix_name, lp_netbios_name(), sizeof(unix_name));
239 (void)strlower_m(unix_name);
240 push_ascii_nstring(dos_name, unix_name);
241 strlcpy((char *)blob_out.data, dos_name, 17);
242
243 #ifdef DEVELOPER
244 /* Fix valgrind 'uninitialized bytes' issue. */
245 slen = strlen(dos_name);
246 if (slen < 16) {
247 memset(blob_out.data+slen, '\0', 16 - slen);
248 }
249 #endif
250
251 memcpy(&blob_out.data[16], blob.data, blob.length);
252
253 data_blob_free(&blob);
254
255 return blob_out;
256 }
257
258 /****************************************************************************
259 Reply for the nt protocol.
260 ****************************************************************************/
261
262 static void reply_nt1(struct smb_request *req, uint16_t choice)
263 {
264 /* dual names + lock_and_read + nt SMBs + remote API calls */
265 int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
266 CAP_LEVEL_II_OPLOCKS;
267
268 int secword=0;
269 bool negotiate_spnego = False;
270 struct timespec ts;
271 ssize_t ret;
272 struct smbXsrv_connection *xconn = req->xconn;
273 bool signing_desired = false;
274 bool signing_required = false;
275 NTSTATUS status;
276
277 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
278
279 /* Check the flags field to see if this is Vista.
280 WinXP sets it and Vista does not. But we have to
281 distinguish from NT which doesn't set it either. */
282
283 if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
284 ((req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) == 0) )
285 {
286 if ((get_remote_arch() != RA_SAMBA) &&
287 (get_remote_arch() != RA_CIFSFS)) {
288 set_remote_arch( RA_VISTA );
289 }
290 }
291
292 reply_outbuf(req,17,0);
293
294 /* do spnego in user level security if the client
295 supports it and we can do encrypted passwords */
296
297 if (xconn->smb1.negprot.encrypted_passwords &&
298 (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
299 negotiate_spnego = True;
300 capabilities |= CAP_EXTENDED_SECURITY;
301 add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
302 /* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
303 (already partially constructed. */
304 SSVAL(req->outbuf, smb_flg2,
305 req->flags2 | FLAGS2_EXTENDED_SECURITY);
306 }
307
308 capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS;
309
310 if (lp_unicode()) {
311 capabilities |= CAP_UNICODE;
312 }
313
314 if (lp_unix_extensions()) {
315 capabilities |= CAP_UNIX;
316 }
317
318 if (lp_large_readwrite())
319 capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
320
321 capabilities |= CAP_LARGE_FILES;
322
323 if (!lp_async_smb_echo_handler() && lp_read_raw() && lp_write_raw())
324 capabilities |= CAP_RAW_MODE;
325
326 if (lp_nt_status_support())
327 capabilities |= CAP_STATUS32;
328
329 if (lp_host_msdfs())
330 capabilities |= CAP_DFS;
331
332 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
333 if (xconn->smb1.negprot.encrypted_passwords) {
334 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
335 }
336
337 signing_desired = smb_signing_is_desired(xconn->smb1.signing_state);
338 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
339
340 if (signing_desired) {
341 secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
342 /* No raw mode with smb signing. */
343 capabilities &= ~CAP_RAW_MODE;
344 if (signing_required) {
345 secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
346 }
347 }
348
349 SSVAL(req->outbuf,smb_vwv0,choice);
350 SCVAL(req->outbuf,smb_vwv1,secword);
351
352 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
353 if (!NT_STATUS_IS_OK(status)) {
354 reply_nterror(req, status);
355 return;
356 }
357
358 SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
359 SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
360 SIVAL(req->outbuf,smb_vwv3+1,
361 xconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
362 SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
363 SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
364 SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
365 clock_gettime(CLOCK_REALTIME,&ts);
366 put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
367 SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
368
369 if (!negotiate_spnego) {
370 /* Create a token value and add it to the outgoing packet. */
371 if (xconn->smb1.negprot.encrypted_passwords) {
372 uint8_t chal[8];
373 /* note that we do not send a challenge at all if
374 we are using plaintext */
375 get_challenge(xconn, chal);
376 ret = message_push_blob(
377 &req->outbuf, data_blob_const(chal, sizeof(chal)));
378 if (ret == -1) {
379 DEBUG(0, ("Could not push challenge\n"));
380 reply_nterror(req, NT_STATUS_NO_MEMORY);
381 return;
382 }
383 SCVAL(req->outbuf, smb_vwv16+1, ret);
384 }
385 ret = message_push_string(&req->outbuf, lp_workgroup(),
386 STR_UNICODE|STR_TERMINATE
387 |STR_NOALIGN);
388 if (ret == -1) {
389 DEBUG(0, ("Could not push workgroup string\n"));
390 reply_nterror(req, NT_STATUS_NO_MEMORY);
391 return;
392 }
393 ret = message_push_string(&req->outbuf, lp_netbios_name(),
394 STR_UNICODE|STR_TERMINATE
395 |STR_NOALIGN);
396 if (ret == -1) {
397 DEBUG(0, ("Could not push netbios name string\n"));
398 reply_nterror(req, NT_STATUS_NO_MEMORY);
399 return;
400 }
401 DEBUG(3,("not using SPNEGO\n"));
402 } else {
403 DATA_BLOB spnego_blob = negprot_spnego(req, xconn);
404
405 if (spnego_blob.data == NULL) {
406 reply_nterror(req, NT_STATUS_NO_MEMORY);
407 return;
408 }
409
410 ret = message_push_blob(&req->outbuf, spnego_blob);
411 if (ret == -1) {
412 DEBUG(0, ("Could not push spnego blob\n"));
413 reply_nterror(req, NT_STATUS_NO_MEMORY);
414 return;
415 }
416 data_blob_free(&spnego_blob);
417
418 SCVAL(req->outbuf,smb_vwv16+1, 0);
419 DEBUG(3,("using SPNEGO\n"));
420 }
421
422 return;
423 }
424
425 /* these are the protocol lists used for auto architecture detection:
426
427 WinNT 3.51:
428 protocol [PC NETWORK PROGRAM 1.0]
429 protocol [XENIX CORE]
430 protocol [MICROSOFT NETWORKS 1.03]
431 protocol [LANMAN1.0]
432 protocol [Windows for Workgroups 3.1a]
433 protocol [LM1.2X002]
434 protocol [LANMAN2.1]
435 protocol [NT LM 0.12]
436
437 Win95:
438 protocol [PC NETWORK PROGRAM 1.0]
439 protocol [XENIX CORE]
440 protocol [MICROSOFT NETWORKS 1.03]
441 protocol [LANMAN1.0]
442 protocol [Windows for Workgroups 3.1a]
443 protocol [LM1.2X002]
444 protocol [LANMAN2.1]
445 protocol [NT LM 0.12]
446
447 Win2K:
448 protocol [PC NETWORK PROGRAM 1.0]
449 protocol [LANMAN1.0]
450 protocol [Windows for Workgroups 3.1a]
451 protocol [LM1.2X002]
452 protocol [LANMAN2.1]
453 protocol [NT LM 0.12]
454
455 Vista:
456 protocol [PC NETWORK PROGRAM 1.0]
457 protocol [LANMAN1.0]
458 protocol [Windows for Workgroups 3.1a]
459 protocol [LM1.2X002]
460 protocol [LANMAN2.1]
461 protocol [NT LM 0.12]
462 protocol [SMB 2.001]
463
464 OS/2:
465 protocol [PC NETWORK PROGRAM 1.0]
466 protocol [XENIX CORE]
467 protocol [LANMAN1.0]
468 protocol [LM1.2X002]
469 protocol [LANMAN2.1]
470
471 OSX:
472 protocol [NT LM 0.12]
473 protocol [SMB 2.002]
474 protocol [SMB 2.???]
475 */
476
477 /*
478 * Modified to recognize the architecture of the remote machine better.
479 *
480 * This appears to be the matrix of which protocol is used by which
481 * product.
482 Protocol WfWg Win95 WinNT Win2K OS/2 Vista OSX
483 PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
484 XENIX CORE 2 2
485 MICROSOFT NETWORKS 3.0 2 2
486 DOS LM1.2X002 3 3
487 MICROSOFT NETWORKS 1.03 3
488 DOS LANMAN2.1 4 4
489 LANMAN1.0 4 2 3 2
490 Windows for Workgroups 3.1a 5 5 5 3 3
491 LM1.2X002 6 4 4 4
492 LANMAN2.1 7 5 5 5
493 NT LM 0.12 6 8 6 6 6 1
494 SMB 2.001 7
495 SMB 2.002 2
496 SMB 2.??? 3
497 *
498 * tim@fsg.com 09/29/95
499 * Win2K added by matty 17/7/99
500 */
501
502 #define PROT_PC_NETWORK_PROGRAM_1_0 0x0001
503 #define PROT_XENIX_CORE 0x0002
504 #define PROT_MICROSOFT_NETWORKS_3_0 0x0004
505 #define PROT_DOS_LM1_2X002 0x0008
506 #define PROT_MICROSOFT_NETWORKS_1_03 0x0010
507 #define PROT_DOS_LANMAN2_1 0x0020
508 #define PROT_LANMAN1_0 0x0040
509 #define PROT_WFWG 0x0080
510 #define PROT_LM1_2X002 0x0100
511 #define PROT_LANMAN2_1 0x0200
512 #define PROT_NT_LM_0_12 0x0400
513 #define PROT_SMB_2_001 0x0800
514 #define PROT_SMB_2_002 0x1000
515 #define PROT_SMB_2_FF 0x2000
516 #define PROT_SAMBA 0x4000
517 #define PROT_POSIX_2 0x8000
518
519 #define ARCH_WFWG ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_MICROSOFT_NETWORKS_3_0 | \
520 PROT_DOS_LM1_2X002 | PROT_DOS_LANMAN2_1 | PROT_WFWG )
521 #define ARCH_WIN95 ( ARCH_WFWG | PROT_NT_LM_0_12 )
522 #define ARCH_WINNT ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_XENIX_CORE | \
523 PROT_MICROSOFT_NETWORKS_1_03 | PROT_LANMAN1_0 | PROT_WFWG | \
524 PROT_LM1_2X002 | PROT_LANMAN2_1 | PROT_NT_LM_0_12 )
525 #define ARCH_WIN2K ( ARCH_WINNT & ~(PROT_XENIX_CORE | PROT_MICROSOFT_NETWORKS_1_03) )
526 #define ARCH_OS2 ( ARCH_WINNT & ~(PROT_MICROSOFT_NETWORKS_1_03 | PROT_WFWG) )
527 #define ARCH_VISTA ( ARCH_WIN2K | PROT_SMB_2_001 )
528 #define ARCH_SAMBA ( PROT_SAMBA )
529 #define ARCH_CIFSFS ( PROT_POSIX_2 )
530 #define ARCH_OSX ( PROT_NT_LM_0_12 | PROT_SMB_2_002 | PROT_SMB_2_FF )
531
532 /* List of supported protocols, most desired first */
533 static const struct {
534 const char *proto_name;
535 const char *short_name;
536 void (*proto_reply_fn)(struct smb_request *req, uint16_t choice);
537 int protocol_level;
538 } supported_protocols[] = {
539 {"SMB 2.???", "SMB2_FF", reply_smb20ff, PROTOCOL_SMB2_10},
540 {"SMB 2.002", "SMB2_02", reply_smb2002, PROTOCOL_SMB2_02},
541 {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
542 {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
543 {"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
544 {"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
545 {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
546 {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
547 {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
548 {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
549 {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
550 {NULL,NULL,NULL,0},
551 };
552
553 /****************************************************************************
554 Reply to a negprot.
555 conn POINTER CAN BE NULL HERE !
556 ****************************************************************************/
557
558 void reply_negprot(struct smb_request *req)
559 {
560 int choice= -1;
561 int chosen_level = -1;
562 int protocol;
563 const char *p;
564 int protocols = 0;
565 int num_cliprotos;
566 char **cliprotos;
567 int i;
568 size_t converted_size;
569 struct smbXsrv_connection *xconn = req->xconn;
570 struct smbd_server_connection *sconn = req->sconn;
571 bool signing_required = true;
572 int max_proto;
573 int min_proto;
574
575 START_PROFILE(SMBnegprot);
576
577 if (xconn->smb1.negprot.done) {
578 END_PROFILE(SMBnegprot);
579 exit_server_cleanly("multiple negprot's are not permitted");
580 }
581 xconn->smb1.negprot.done = true;
582
583 if (req->buflen == 0) {
584 DEBUG(0, ("negprot got no protocols\n"));
585 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
586 END_PROFILE(SMBnegprot);
587 return;
588 }
589
590 if (req->buf[req->buflen-1] != '\0') {
591 DEBUG(0, ("negprot protocols not 0-terminated\n"));
592 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
593 END_PROFILE(SMBnegprot);
594 return;
595 }
596
597 p = (const char *)req->buf + 1;
598
599 num_cliprotos = 0;
600 cliprotos = NULL;
601
602 while (smbreq_bufrem(req, p) > 0) {
603
604 char **tmp;
605
606 tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
607 num_cliprotos+1);
608 if (tmp == NULL) {
609 DEBUG(0, ("talloc failed\n"));
610 TALLOC_FREE(cliprotos);
611 reply_nterror(req, NT_STATUS_NO_MEMORY);
612 END_PROFILE(SMBnegprot);
613 return;
614 }
615
616 cliprotos = tmp;
617
618 if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
619 &converted_size)) {
620 DEBUG(0, ("pull_ascii_talloc failed\n"));
621 TALLOC_FREE(cliprotos);
622 reply_nterror(req, NT_STATUS_NO_MEMORY);
623 END_PROFILE(SMBnegprot);
624 return;
625 }
626
627 DEBUG(3, ("Requested protocol [%s]\n",
628 cliprotos[num_cliprotos]));
629
630 num_cliprotos += 1;
631 p += strlen(p) + 2;
632 }
633
634 for (i=0; i<num_cliprotos; i++) {
635 if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a")) {
636 protocols |= PROT_WFWG;
637 } else if (strcsequal(cliprotos[i], "DOS LM1.2X002")) {
638 protocols |= PROT_DOS_LM1_2X002;
639 } else if (strcsequal(cliprotos[i], "DOS LANMAN2.1")) {
640 protocols |= PROT_DOS_LANMAN2_1;
641 } else if (strcsequal(cliprotos[i], "LANMAN1.0")) {
642 protocols |= PROT_LANMAN1_0;
643 } else if (strcsequal(cliprotos[i], "NT LM 0.12")) {
644 protocols |= PROT_NT_LM_0_12;
645 } else if (strcsequal(cliprotos[i], "SMB 2.001")) {
646 protocols |= PROT_SMB_2_001;
647 } else if (strcsequal(cliprotos[i], "SMB 2.002")) {
648 protocols |= PROT_SMB_2_002;
649 } else if (strcsequal(cliprotos[i], "SMB 2.???")) {
650 protocols |= PROT_SMB_2_FF;
651 } else if (strcsequal(cliprotos[i], "LANMAN2.1")) {
652 protocols |= PROT_LANMAN2_1;
653 } else if (strcsequal(cliprotos[i], "LM1.2X002")) {
654 protocols |= PROT_LM1_2X002;
655 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03")) {
656 protocols |= PROT_MICROSOFT_NETWORKS_1_03;
657 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 3.0")) {
658 protocols |= PROT_MICROSOFT_NETWORKS_3_0;
659 } else if (strcsequal(cliprotos[i], "PC NETWORK PROGRAM 1.0")) {
660 protocols |= PROT_PC_NETWORK_PROGRAM_1_0;
661 } else if (strcsequal(cliprotos[i], "XENIX CORE")) {
662 protocols |= PROT_XENIX_CORE;
663 } else if (strcsequal(cliprotos[i], "Samba")) {
664 protocols = PROT_SAMBA;
665 break;
666 } else if (strcsequal(cliprotos[i], "POSIX 2")) {
667 protocols = PROT_POSIX_2;
668 break;
669 }
670 }
671
672 switch ( protocols ) {
673 /* Old CIFSFS can send one arch only, NT LM 0.12. */
674 case PROT_NT_LM_0_12:
675 case ARCH_CIFSFS:
676 set_remote_arch(RA_CIFSFS);
677 break;
678 case ARCH_SAMBA:
679 set_remote_arch(RA_SAMBA);
680 break;
681 case ARCH_WFWG:
682 set_remote_arch(RA_WFWG);
683 break;
684 case ARCH_WIN95:
685 set_remote_arch(RA_WIN95);
686 break;
687 case ARCH_WINNT:
688 set_remote_arch(RA_WINNT);
689 break;
690 case ARCH_WIN2K:
691 set_remote_arch(RA_WIN2K);
692 break;
693 case ARCH_VISTA:
694 set_remote_arch(RA_VISTA);
695 break;
696 case ARCH_OS2:
697 set_remote_arch(RA_OS2);
698 break;
699 case ARCH_OSX:
700 set_remote_arch(RA_OSX);
701 break;
702 default:
703 set_remote_arch(RA_UNKNOWN);
704 break;
705 }
706
707 /* possibly reload - change of architecture */
708 reload_services(sconn, conn_snum_used, true);
709
710 /*
711 * Anything higher than PROTOCOL_SMB2_10 still
712 * needs to go via "SMB 2.???", which is marked
713 * as PROTOCOL_SMB2_10.
714 *
715 * The real negotiation happens via reply_smb20ff()
716 * using SMB2 Negotiation.
717 */
718 max_proto = lp_server_max_protocol();
719 if (max_proto > PROTOCOL_SMB2_10) {
720 max_proto = PROTOCOL_SMB2_10;
721 }
722 min_proto = lp_server_min_protocol();
723 if (min_proto > PROTOCOL_SMB2_10) {
724 min_proto = PROTOCOL_SMB2_10;
725 }
726
727 /* Check for protocols, most desirable first */
728 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
729 i = 0;
730 if ((supported_protocols[protocol].protocol_level <= max_proto) &&
731 (supported_protocols[protocol].protocol_level >= min_proto))
732 while (i < num_cliprotos) {
733 if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
734 choice = i;
735 chosen_level = supported_protocols[protocol].protocol_level;
736 }
737 i++;
738 }
739 if(choice != -1)
740 break;
741 }
742
743 if (choice == -1) {
744 bool ok;
745
746 DBG_NOTICE("No protocol supported !\n");
747 reply_outbuf(req, 1, 0);
748 SSVAL(req->outbuf, smb_vwv0, choice);
749
750 ok = srv_send_smb(xconn, (char *)req->outbuf,
751 false, 0, false, NULL);
752 if (!ok) {
753 DBG_NOTICE("srv_send_smb failed\n");
754 }
755 exit_server_cleanly("no protocol supported\n");
756 }
757
758 fstrcpy(remote_proto,supported_protocols[protocol].short_name);
759 reload_services(sconn, conn_snum_used, true);
760 supported_protocols[protocol].proto_reply_fn(req, choice);
761 DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
762
763 DEBUG( 5, ( "negprot index=%d\n", choice ) );
764
765 /* We always have xconn->smb1.signing_state also for >= SMB2_02 */
766 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
767 if (signing_required && (chosen_level < PROTOCOL_NT1)) {
768 exit_server_cleanly("SMB signing is required and "
769 "client negotiated a downlevel protocol");
770 }
771
772 TALLOC_FREE(cliprotos);
773
774 if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
775 !fork_echo_handler(xconn)) {
776 exit_server("Failed to fork echo handler");
777 }
778
779 END_PROFILE(SMBnegprot);
780 return;
781 }
Samba GIT mirror