search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:smb2_server: return OBJECT_NAME_INVALID if the path is terminated in SMB2_FIND...
[Samba.git] / source3 / smbd / smb2_negprot.c
blob9245d6d79793f44d6e0d14ceb58f9dbc3fcf78d8
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
4
5 Copyright (C) Stefan Metzmacher 2009
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25
26 /*
27 * this is the entry point if SMB2 is selected via
28 * the SMB negprot
29 */
30 void reply_smb2002(struct smb_request *req, uint16_t choice)
31 {
32 uint8_t *smb2_inbuf;
33 uint8_t *smb2_hdr;
34 uint8_t *smb2_body;
35 uint8_t *smb2_dyn;
36 size_t len = 4 + SMB2_HDR_BODY + 0x24 + 2;
37
38 smb2_inbuf = talloc_zero_array(talloc_tos(), uint8_t, len);
39 if (smb2_inbuf == NULL) {
40 DEBUG(0, ("Could not push spnego blob\n"));
41 reply_nterror(req, NT_STATUS_NO_MEMORY);
42 return;
43 }
44 smb2_hdr = smb2_inbuf + 4;
45 smb2_body = smb2_hdr + SMB2_HDR_BODY;
46 smb2_dyn = smb2_body + 0x24;
47
48 SIVAL(smb2_hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
49 SIVAL(smb2_hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
50
51 SSVAL(smb2_body, 0x00, 0x0024); /* struct size */
52 SSVAL(smb2_body, 0x02, 0x0001); /* dialect count */
53
54 SSVAL(smb2_dyn, 0x00, 0x0202); /* dialect 2.002 */
55
56 req->outbuf = NULL;
57
58 smbd_smb2_first_negprot(req->sconn, smb2_inbuf, len);
59 return;
60 }
61
62 NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
63 {
64 NTSTATUS status;
65 const uint8_t *inbody;
66 const uint8_t *indyn = NULL;
67 int i = req->current_idx;
68 DATA_BLOB outbody;
69 DATA_BLOB outdyn;
70 DATA_BLOB negprot_spnego_blob;
71 uint16_t security_offset;
72 DATA_BLOB security_buffer;
73 size_t expected_dyn_size = 0;
74 size_t c;
75 uint16_t security_mode;
76 uint16_t dialect_count;
77 uint16_t dialect = 0;
78 uint32_t capabilities;
79
80 /* TODO: drop the connection with INVALID_PARAMETER */
81
82 status = smbd_smb2_request_verify_sizes(req, 0x24);
83 if (!NT_STATUS_IS_OK(status)) {
84 return smbd_smb2_request_error(req, status);
85 }
86 inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
87
88 dialect_count = SVAL(inbody, 0x02);
89 if (dialect_count == 0) {
90 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
91 }
92
93 expected_dyn_size = dialect_count * 2;
94 if (req->in.vector[i+2].iov_len < expected_dyn_size) {
95 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
96 }
97 indyn = (const uint8_t *)req->in.vector[i+2].iov_base;
98
99 for (c=0; c < dialect_count; c++) {
100 dialect = SVAL(indyn, c*2);
101 if (dialect == SMB2_DIALECT_REVISION_202) {
102 break;
103 }
104 }
105
106 if (dialect != SMB2_DIALECT_REVISION_202) {
107 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
108 }
109
110 set_Protocol(PROTOCOL_SMB2);
111
112 if (get_remote_arch() != RA_SAMBA) {
113 set_remote_arch(RA_VISTA);
114 }
115
116 /* negprot_spnego() returns a the server guid in the first 16 bytes */
117 negprot_spnego_blob = negprot_spnego(req, req->sconn);
118 if (negprot_spnego_blob.data == NULL) {
119 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
120 }
121
122 if (negprot_spnego_blob.length < 16) {
123 return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
124 }
125
126 security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
127 if (lp_server_signing() == Required) {
128 security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
129 }
130
131 capabilities = 0;
132 if (lp_host_msdfs()) {
133 capabilities |= SMB2_CAP_DFS;
134 }
135
136 security_offset = SMB2_HDR_BODY + 0x40;
137
138 #if 1
139 /* Try SPNEGO auth... */
140 security_buffer = data_blob_const(negprot_spnego_blob.data + 16,
141 negprot_spnego_blob.length - 16);
142 #else
143 /* for now we want raw NTLMSSP */
144 security_buffer = data_blob_const(NULL, 0);
145 #endif
146
147 outbody = data_blob_talloc(req->out.vector, NULL, 0x40);
148 if (outbody.data == NULL) {
149 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
150 }
151
152 SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
153 SSVAL(outbody.data, 0x02,
154 security_mode); /* security mode */
155 SSVAL(outbody.data, 0x04, dialect); /* dialect revision */
156 SSVAL(outbody.data, 0x06, 0); /* reserved */
157 memcpy(outbody.data + 0x08,
158 negprot_spnego_blob.data, 16); /* server guid */
159 SIVAL(outbody.data, 0x18,
160 capabilities); /* capabilities */
161 SIVAL(outbody.data, 0x1C, lp_smb2_max_trans()); /* max transact size */
162 SIVAL(outbody.data, 0x20, lp_smb2_max_read()); /* max read size */
163 SIVAL(outbody.data, 0x24, lp_smb2_max_write()); /* max write size */
164 SBVAL(outbody.data, 0x28, 0); /* system time */
165 SBVAL(outbody.data, 0x30, 0); /* server start time */
166 SSVAL(outbody.data, 0x38,
167 security_offset); /* security buffer offset */
168 SSVAL(outbody.data, 0x3A,
169 security_buffer.length); /* security buffer length */
170 SIVAL(outbody.data, 0x3C, 0); /* reserved */
171
172 outdyn = security_buffer;
173
174 req->sconn->using_smb2 = true;
175
176 return smbd_smb2_request_done(req, outbody, &outdyn);
177 }
Samba GIT mirror