2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
27 * this is the entry point if SMB2 is selected via
30 void reply_smb2002(struct smb_request
*req
, uint16_t choice
)
36 size_t len
= 4 + SMB2_HDR_BODY
+ 0x24 + 2;
38 smb2_inbuf
= talloc_zero_array(talloc_tos(), uint8_t, len
);
39 if (smb2_inbuf
== NULL
) {
40 DEBUG(0, ("Could not push spnego blob\n"));
41 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
44 smb2_hdr
= smb2_inbuf
+ 4;
45 smb2_body
= smb2_hdr
+ SMB2_HDR_BODY
;
46 smb2_dyn
= smb2_body
+ 0x24;
48 SIVAL(smb2_hdr
, SMB2_HDR_PROTOCOL_ID
, SMB2_MAGIC
);
49 SIVAL(smb2_hdr
, SMB2_HDR_LENGTH
, SMB2_HDR_BODY
);
51 SSVAL(smb2_body
, 0x00, 0x0024); /* struct size */
52 SSVAL(smb2_body
, 0x02, 0x0001); /* dialect count */
54 SSVAL(smb2_dyn
, 0x00, 0x0202); /* dialect 2.002 */
58 smbd_smb2_first_negprot(req
->sconn
, smb2_inbuf
, len
);
62 NTSTATUS
smbd_smb2_request_process_negprot(struct smbd_smb2_request
*req
)
65 const uint8_t *inbody
;
66 const uint8_t *indyn
= NULL
;
67 int i
= req
->current_idx
;
70 DATA_BLOB negprot_spnego_blob
;
71 uint16_t security_offset
;
72 DATA_BLOB security_buffer
;
73 size_t expected_dyn_size
= 0;
75 uint16_t security_mode
;
76 uint16_t dialect_count
;
78 uint32_t capabilities
;
80 /* TODO: drop the connection with INVALID_PARAMETER */
82 status
= smbd_smb2_request_verify_sizes(req
, 0x24);
83 if (!NT_STATUS_IS_OK(status
)) {
84 return smbd_smb2_request_error(req
, status
);
86 inbody
= (const uint8_t *)req
->in
.vector
[i
+1].iov_base
;
88 dialect_count
= SVAL(inbody
, 0x02);
89 if (dialect_count
== 0) {
90 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
93 expected_dyn_size
= dialect_count
* 2;
94 if (req
->in
.vector
[i
+2].iov_len
< expected_dyn_size
) {
95 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
97 indyn
= (const uint8_t *)req
->in
.vector
[i
+2].iov_base
;
99 for (c
=0; c
< dialect_count
; c
++) {
100 dialect
= SVAL(indyn
, c
*2);
101 if (dialect
== SMB2_DIALECT_REVISION_202
) {
106 if (dialect
!= SMB2_DIALECT_REVISION_202
) {
107 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
110 set_Protocol(PROTOCOL_SMB2
);
112 if (get_remote_arch() != RA_SAMBA
) {
113 set_remote_arch(RA_VISTA
);
116 /* negprot_spnego() returns a the server guid in the first 16 bytes */
117 negprot_spnego_blob
= negprot_spnego(req
, req
->sconn
);
118 if (negprot_spnego_blob
.data
== NULL
) {
119 return smbd_smb2_request_error(req
, NT_STATUS_NO_MEMORY
);
122 if (negprot_spnego_blob
.length
< 16) {
123 return smbd_smb2_request_error(req
, NT_STATUS_INTERNAL_ERROR
);
126 security_mode
= SMB2_NEGOTIATE_SIGNING_ENABLED
;
127 if (lp_server_signing() == Required
) {
128 security_mode
|= SMB2_NEGOTIATE_SIGNING_REQUIRED
;
132 if (lp_host_msdfs()) {
133 capabilities
|= SMB2_CAP_DFS
;
136 security_offset
= SMB2_HDR_BODY
+ 0x40;
139 /* Try SPNEGO auth... */
140 security_buffer
= data_blob_const(negprot_spnego_blob
.data
+ 16,
141 negprot_spnego_blob
.length
- 16);
143 /* for now we want raw NTLMSSP */
144 security_buffer
= data_blob_const(NULL
, 0);
147 outbody
= data_blob_talloc(req
->out
.vector
, NULL
, 0x40);
148 if (outbody
.data
== NULL
) {
149 return smbd_smb2_request_error(req
, NT_STATUS_NO_MEMORY
);
152 SSVAL(outbody
.data
, 0x00, 0x40 + 1); /* struct size */
153 SSVAL(outbody
.data
, 0x02,
154 security_mode
); /* security mode */
155 SSVAL(outbody
.data
, 0x04, dialect
); /* dialect revision */
156 SSVAL(outbody
.data
, 0x06, 0); /* reserved */
157 memcpy(outbody
.data
+ 0x08,
158 negprot_spnego_blob
.data
, 16); /* server guid */
159 SIVAL(outbody
.data
, 0x18,
160 capabilities
); /* capabilities */
161 SIVAL(outbody
.data
, 0x1C, lp_smb2_max_trans()); /* max transact size */
162 SIVAL(outbody
.data
, 0x20, lp_smb2_max_read()); /* max read size */
163 SIVAL(outbody
.data
, 0x24, lp_smb2_max_write()); /* max write size */
164 SBVAL(outbody
.data
, 0x28, 0); /* system time */
165 SBVAL(outbody
.data
, 0x30, 0); /* server start time */
166 SSVAL(outbody
.data
, 0x38,
167 security_offset
); /* security buffer offset */
168 SSVAL(outbody
.data
, 0x3A,
169 security_buffer
.length
); /* security buffer length */
170 SIVAL(outbody
.data
, 0x3C, 0); /* reserved */
172 outdyn
= security_buffer
;
174 req
->sconn
->using_smb2
= true;
176 return smbd_smb2_request_done(req
, outbody
, &outdyn
);