search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4/selftest: Enable samba.tests.samba_tool.join for py3
[Samba.git] / source3 / smbd / smb2_negprot.c
blob2b725f30f752d5dc84457928779c53d1b9a48416
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
4
5 Copyright (C) Stefan Metzmacher 2009
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../libcli/smb/smb2_negotiate_context.h"
26 #include "../lib/tsocket/tsocket.h"
27 #include "../librpc/ndr/libndr.h"
28 #include "../libcli/smb/smb_signing.h"
29
30 #undef DBGC_CLASS
31 #define DBGC_CLASS DBGC_SMB2
32
33 extern fstring remote_proto;
34
35 /*
36 * this is the entry point if SMB2 is selected via
37 * the SMB negprot and the given dialect.
38 */
39 static void reply_smb20xx(struct smb_request *req, uint16_t dialect)
40 {
41 uint8_t *smb2_inpdu;
42 uint8_t *smb2_hdr;
43 uint8_t *smb2_body;
44 uint8_t *smb2_dyn;
45 size_t len = SMB2_HDR_BODY + 0x24 + 2;
46
47 smb2_inpdu = talloc_zero_array(talloc_tos(), uint8_t, len);
48 if (smb2_inpdu == NULL) {
49 DEBUG(0, ("Could not push spnego blob\n"));
50 reply_nterror(req, NT_STATUS_NO_MEMORY);
51 return;
52 }
53 smb2_hdr = smb2_inpdu;
54 smb2_body = smb2_hdr + SMB2_HDR_BODY;
55 smb2_dyn = smb2_body + 0x24;
56
57 SIVAL(smb2_hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
58 SIVAL(smb2_hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
59
60 SSVAL(smb2_body, 0x00, 0x0024); /* struct size */
61 SSVAL(smb2_body, 0x02, 0x0001); /* dialect count */
62
63 SSVAL(smb2_dyn, 0x00, dialect);
64
65 req->outbuf = NULL;
66
67 smbd_smb2_process_negprot(req->xconn, 0, smb2_inpdu, len);
68 return;
69 }
70
71 /*
72 * this is the entry point if SMB2 is selected via
73 * the SMB negprot and the "SMB 2.002" dialect.
74 */
75 void reply_smb2002(struct smb_request *req, uint16_t choice)
76 {
77 reply_smb20xx(req, SMB2_DIALECT_REVISION_202);
78 }
79
80 /*
81 * this is the entry point if SMB2 is selected via
82 * the SMB negprot and the "SMB 2.???" dialect.
83 */
84 void reply_smb20ff(struct smb_request *req, uint16_t choice)
85 {
86 struct smbXsrv_connection *xconn = req->xconn;
87 xconn->smb2.allow_2ff = true;
88 reply_smb20xx(req, SMB2_DIALECT_REVISION_2FF);
89 }
90
91 enum protocol_types smbd_smb2_protocol_dialect_match(const uint8_t *indyn,
92 const int dialect_count,
93 uint16_t *dialect)
94 {
95 struct {
96 enum protocol_types proto;
97 uint16_t dialect;
98 } pd[] = {
99 { PROTOCOL_SMB3_11, SMB3_DIALECT_REVISION_311 },
100 { PROTOCOL_SMB3_10, SMB3_DIALECT_REVISION_310 },
101 { PROTOCOL_SMB3_02, SMB3_DIALECT_REVISION_302 },
102 { PROTOCOL_SMB3_00, SMB3_DIALECT_REVISION_300 },
103 { PROTOCOL_SMB2_24, SMB2_DIALECT_REVISION_224 },
104 { PROTOCOL_SMB2_22, SMB2_DIALECT_REVISION_222 },
105 { PROTOCOL_SMB2_10, SMB2_DIALECT_REVISION_210 },
106 { PROTOCOL_SMB2_02, SMB2_DIALECT_REVISION_202 },
107 };
108 size_t i;
109
110 for (i = 0; i < ARRAY_SIZE(pd); i ++) {
111 size_t c = 0;
112
113 if (lp_server_max_protocol() < pd[i].proto) {
114 continue;
115 }
116 if (lp_server_min_protocol() > pd[i].proto) {
117 continue;
118 }
119
120 for (c = 0; c < dialect_count; c++) {
121 *dialect = SVAL(indyn, c*2);
122 if (*dialect == pd[i].dialect) {
123 return pd[i].proto;
124 }
125 }
126 }
127
128 return PROTOCOL_NONE;
129 }
130
131 NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
132 {
133 struct smbXsrv_connection *xconn = req->xconn;
134 struct smbXsrv_client_global0 *global0 = NULL;
135 NTSTATUS status;
136 const uint8_t *inbody;
137 const uint8_t *indyn = NULL;
138 DATA_BLOB outbody;
139 DATA_BLOB outdyn;
140 DATA_BLOB negprot_spnego_blob;
141 uint16_t security_offset;
142 DATA_BLOB security_buffer;
143 size_t expected_dyn_size = 0;
144 size_t c;
145 uint16_t security_mode;
146 uint16_t dialect_count;
147 uint16_t in_security_mode;
148 uint32_t in_capabilities;
149 DATA_BLOB in_guid_blob;
150 struct GUID in_guid;
151 struct smb2_negotiate_contexts in_c = { .num_contexts = 0, };
152 struct smb2_negotiate_context *in_preauth = NULL;
153 struct smb2_negotiate_context *in_cipher = NULL;
154 struct smb2_negotiate_contexts out_c = { .num_contexts = 0, };
155 DATA_BLOB out_negotiate_context_blob = data_blob_null;
156 uint32_t out_negotiate_context_offset = 0;
157 uint16_t out_negotiate_context_count = 0;
158 uint16_t dialect = 0;
159 uint32_t capabilities;
160 DATA_BLOB out_guid_blob;
161 struct GUID out_guid;
162 enum protocol_types protocol = PROTOCOL_NONE;
163 uint32_t max_limit;
164 uint32_t max_trans = lp_smb2_max_trans();
165 uint32_t max_read = lp_smb2_max_read();
166 uint32_t max_write = lp_smb2_max_write();
167 NTTIME now = timeval_to_nttime(&req->request_time);
168 bool signing_required = true;
169 bool ok;
170
171 status = smbd_smb2_request_verify_sizes(req, 0x24);
172 if (!NT_STATUS_IS_OK(status)) {
173 return smbd_smb2_request_error(req, status);
174 }
175 inbody = SMBD_SMB2_IN_BODY_PTR(req);
176
177 dialect_count = SVAL(inbody, 0x02);
178
179 in_security_mode = SVAL(inbody, 0x04);
180 in_capabilities = IVAL(inbody, 0x08);
181 in_guid_blob = data_blob_const(inbody + 0x0C, 16);
182
183 if (dialect_count == 0) {
184 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
185 }
186
187 status = GUID_from_ndr_blob(&in_guid_blob, &in_guid);
188 if (!NT_STATUS_IS_OK(status)) {
189 return smbd_smb2_request_error(req, status);
190 }
191
192 expected_dyn_size = dialect_count * 2;
193 if (SMBD_SMB2_IN_DYN_LEN(req) < expected_dyn_size) {
194 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
195 }
196 indyn = SMBD_SMB2_IN_DYN_PTR(req);
197
198 protocol = smbd_smb2_protocol_dialect_match(indyn,
199 dialect_count,
200 &dialect);
201
202 for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
203 if (lp_server_max_protocol() < PROTOCOL_SMB2_10) {
204 break;
205 }
206
207 dialect = SVAL(indyn, c*2);
208 if (dialect == SMB2_DIALECT_REVISION_2FF) {
209 if (xconn->smb2.allow_2ff) {
210 xconn->smb2.allow_2ff = false;
211 protocol = PROTOCOL_SMB2_10;
212 break;
213 }
214 }
215 }
216
217 if (protocol == PROTOCOL_NONE) {
218 return smbd_smb2_request_error(req, NT_STATUS_NOT_SUPPORTED);
219 }
220
221 if (protocol >= PROTOCOL_SMB3_10) {
222 uint32_t in_negotiate_context_offset = 0;
223 uint16_t in_negotiate_context_count = 0;
224 DATA_BLOB in_negotiate_context_blob = data_blob_null;
225 size_t ofs;
226
227 in_negotiate_context_offset = IVAL(inbody, 0x1C);
228 in_negotiate_context_count = SVAL(inbody, 0x20);
229
230 ofs = SMB2_HDR_BODY;
231 ofs += SMBD_SMB2_IN_BODY_LEN(req);
232 ofs += expected_dyn_size;
233 if ((ofs % 8) != 0) {
234 ofs += 8 - (ofs % 8);
235 }
236
237 if (in_negotiate_context_offset != ofs) {
238 return smbd_smb2_request_error(req,
239 NT_STATUS_INVALID_PARAMETER);
240 }
241
242 ofs -= SMB2_HDR_BODY;
243 ofs -= SMBD_SMB2_IN_BODY_LEN(req);
244
245 if (SMBD_SMB2_IN_DYN_LEN(req) < ofs) {
246 return smbd_smb2_request_error(req,
247 NT_STATUS_INVALID_PARAMETER);
248 }
249
250 in_negotiate_context_blob = data_blob_const(indyn,
251 SMBD_SMB2_IN_DYN_LEN(req));
252
253 in_negotiate_context_blob.data += ofs;
254 in_negotiate_context_blob.length -= ofs;
255
256 status = smb2_negotiate_context_parse(req,
257 in_negotiate_context_blob, &in_c);
258 if (!NT_STATUS_IS_OK(status)) {
259 return smbd_smb2_request_error(req, status);
260 }
261
262 if (in_negotiate_context_count != in_c.num_contexts) {
263 return smbd_smb2_request_error(req,
264 NT_STATUS_INVALID_PARAMETER);
265 }
266 }
267
268 if ((dialect != SMB2_DIALECT_REVISION_2FF) &&
269 (protocol >= PROTOCOL_SMB2_10) &&
270 !GUID_all_zero(&in_guid))
271 {
272 ok = remote_arch_cache_update(&in_guid);
273 if (!ok) {
274 return smbd_smb2_request_error(
275 req, NT_STATUS_UNSUCCESSFUL);
276 }
277 }
278
279 switch (get_remote_arch()) {
280 case RA_VISTA:
281 case RA_SAMBA:
282 case RA_CIFSFS:
283 case RA_OSX:
284 break;
285 default:
286 set_remote_arch(RA_VISTA);
287 break;
288 }
289
290 fstr_sprintf(remote_proto, "SMB%X_%02X",
291 (dialect >> 8) & 0xFF, dialect & 0xFF);
292
293 reload_services(req->sconn, conn_snum_used, true);
294 DEBUG(3,("Selected protocol %s\n", remote_proto));
295
296 in_preauth = smb2_negotiate_context_find(&in_c,
297 SMB2_PREAUTH_INTEGRITY_CAPABILITIES);
298 if (protocol >= PROTOCOL_SMB3_10 && in_preauth == NULL) {
299 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
300 }
301 in_cipher = smb2_negotiate_context_find(&in_c,
302 SMB2_ENCRYPTION_CAPABILITIES);
303
304 /* negprot_spnego() returns a the server guid in the first 16 bytes */
305 negprot_spnego_blob = negprot_spnego(req, xconn);
306 if (negprot_spnego_blob.data == NULL) {
307 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
308 }
309
310 if (negprot_spnego_blob.length < 16) {
311 return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
312 }
313
314 security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
315 /*
316 * We use xconn->smb1.signing_state as that's already present
317 * and used lpcfg_server_signing_allowed() to get the correct
318 * defaults, e.g. signing_required for an ad_dc.
319 */
320 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
321 if (signing_required) {
322 security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
323 }
324
325 capabilities = 0;
326 if (lp_host_msdfs()) {
327 capabilities |= SMB2_CAP_DFS;
328 }
329
330 if (protocol >= PROTOCOL_SMB2_10 &&
331 lp_smb2_leases() &&
332 lp_oplocks(GLOBAL_SECTION_SNUM) &&
333 !lp_kernel_oplocks(GLOBAL_SECTION_SNUM))
334 {
335 capabilities |= SMB2_CAP_LEASING;
336 }
337
338 if ((protocol >= PROTOCOL_SMB2_24) &&
339 (lp_smb_encrypt(-1) != SMB_SIGNING_OFF) &&
340 (in_capabilities & SMB2_CAP_ENCRYPTION)) {
341 capabilities |= SMB2_CAP_ENCRYPTION;
342 }
343
344 /*
345 * 0x10000 (65536) is the maximum allowed message size
346 * for SMB 2.0
347 */
348 max_limit = 0x10000;
349
350 if (protocol >= PROTOCOL_SMB2_10) {
351 int p = 0;
352
353 if (tsocket_address_is_inet(req->sconn->local_address, "ip")) {
354 p = tsocket_address_inet_port(req->sconn->local_address);
355 }
356
357 /* largeMTU is not supported over NBT (tcp port 139) */
358 if (p != NBT_SMB_PORT) {
359 capabilities |= SMB2_CAP_LARGE_MTU;
360 xconn->smb2.credits.multicredit = true;
361
362 /*
363 * We allow up to almost 16MB.
364 *
365 * The maximum PDU size is 0xFFFFFF (16776960)
366 * and we need some space for the header.
367 */
368 max_limit = 0xFFFF00;
369 }
370 }
371
372 /*
373 * the defaults are 8MB, but we'll limit this to max_limit based on
374 * the dialect (64kb for SMB 2.0, 8MB for SMB >= 2.1 with LargeMTU)
375 *
376 * user configured values exceeding the limits will be overwritten,
377 * only smaller values will be accepted
378 */
379
380 max_trans = MIN(max_limit, lp_smb2_max_trans());
381 max_read = MIN(max_limit, lp_smb2_max_read());
382 max_write = MIN(max_limit, lp_smb2_max_write());
383
384 if (in_preauth != NULL) {
385 size_t needed = 4;
386 uint16_t hash_count;
387 uint16_t salt_length;
388 uint16_t selected_preauth = 0;
389 const uint8_t *p;
390 uint8_t buf[38];
391 DATA_BLOB b;
392 size_t i;
393
394 if (in_preauth->data.length < needed) {
395 return smbd_smb2_request_error(req,
396 NT_STATUS_INVALID_PARAMETER);
397 }
398
399 hash_count = SVAL(in_preauth->data.data, 0);
400 salt_length = SVAL(in_preauth->data.data, 2);
401
402 if (hash_count == 0) {
403 return smbd_smb2_request_error(req,
404 NT_STATUS_INVALID_PARAMETER);
405 }
406
407 p = in_preauth->data.data + needed;
408 needed += hash_count * 2;
409 needed += salt_length;
410
411 if (in_preauth->data.length < needed) {
412 return smbd_smb2_request_error(req,
413 NT_STATUS_INVALID_PARAMETER);
414 }
415
416 for (i=0; i < hash_count; i++) {
417 uint16_t v;
418
419 v = SVAL(p, 0);
420 p += 2;
421
422 if (v == SMB2_PREAUTH_INTEGRITY_SHA512) {
423 selected_preauth = v;
424 break;
425 }
426 }
427
428 if (selected_preauth == 0) {
429 return smbd_smb2_request_error(req,
430 NT_STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP);
431 }
432
433 SSVAL(buf, 0, 1); /* HashAlgorithmCount */
434 SSVAL(buf, 2, 32); /* SaltLength */
435 SSVAL(buf, 4, selected_preauth);
436 generate_random_buffer(buf + 6, 32);
437
438 b = data_blob_const(buf, sizeof(buf));
439 status = smb2_negotiate_context_add(req, &out_c,
440 SMB2_PREAUTH_INTEGRITY_CAPABILITIES, b);
441 if (!NT_STATUS_IS_OK(status)) {
442 return smbd_smb2_request_error(req, status);
443 }
444
445 req->preauth = &req->xconn->smb2.preauth;
446 }
447
448 if ((capabilities & SMB2_CAP_ENCRYPTION) && (in_cipher != NULL)) {
449 size_t needed = 2;
450 uint16_t cipher_count;
451 const uint8_t *p;
452 uint8_t buf[4];
453 DATA_BLOB b;
454 size_t i;
455 bool aes_128_ccm_supported = false;
456 bool aes_128_gcm_supported = false;
457
458 capabilities &= ~SMB2_CAP_ENCRYPTION;
459
460 if (in_cipher->data.length < needed) {
461 return smbd_smb2_request_error(req,
462 NT_STATUS_INVALID_PARAMETER);
463 }
464
465 cipher_count = SVAL(in_cipher->data.data, 0);
466
467 if (cipher_count == 0) {
468 return smbd_smb2_request_error(req,
469 NT_STATUS_INVALID_PARAMETER);
470 }
471
472 p = in_cipher->data.data + needed;
473 needed += cipher_count * 2;
474
475 if (in_cipher->data.length < needed) {
476 return smbd_smb2_request_error(req,
477 NT_STATUS_INVALID_PARAMETER);
478 }
479
480 for (i=0; i < cipher_count; i++) {
481 uint16_t v;
482
483 v = SVAL(p, 0);
484 p += 2;
485
486 if (v == SMB2_ENCRYPTION_AES128_GCM) {
487 aes_128_gcm_supported = true;
488 }
489 if (v == SMB2_ENCRYPTION_AES128_CCM) {
490 aes_128_ccm_supported = true;
491 }
492 }
493
494 /*
495 * For now we preferr CCM because our implementation
496 * is faster than GCM, see bug #11451.
497 */
498 if (aes_128_ccm_supported) {
499 xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
500 } else if (aes_128_gcm_supported) {
501 xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM;
502 }
503
504 SSVAL(buf, 0, 1); /* ChiperCount */
505 SSVAL(buf, 2, xconn->smb2.server.cipher);
506
507 b = data_blob_const(buf, sizeof(buf));
508 status = smb2_negotiate_context_add(req, &out_c,
509 SMB2_ENCRYPTION_CAPABILITIES, b);
510 if (!NT_STATUS_IS_OK(status)) {
511 return smbd_smb2_request_error(req, status);
512 }
513 }
514
515 if (capabilities & SMB2_CAP_ENCRYPTION) {
516 xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
517 }
518
519 if (protocol >= PROTOCOL_SMB2_22 &&
520 xconn->client->server_multi_channel_enabled)
521 {
522 if (in_capabilities & SMB2_CAP_MULTI_CHANNEL) {
523 capabilities |= SMB2_CAP_MULTI_CHANNEL;
524 }
525 }
526
527 security_offset = SMB2_HDR_BODY + 0x40;
528
529 #if 1
530 /* Try SPNEGO auth... */
531 security_buffer = data_blob_const(negprot_spnego_blob.data + 16,
532 negprot_spnego_blob.length - 16);
533 #else
534 /* for now we want raw NTLMSSP */
535 security_buffer = data_blob_const(NULL, 0);
536 #endif
537
538 if (out_c.num_contexts != 0) {
539 status = smb2_negotiate_context_push(req,
540 &out_negotiate_context_blob,
541 out_c);
542 if (!NT_STATUS_IS_OK(status)) {
543 return smbd_smb2_request_error(req, status);
544 }
545 }
546
547 if (out_negotiate_context_blob.length != 0) {
548 static const uint8_t zeros[8];
549 size_t pad = 0;
550 size_t ofs;
551
552 outdyn = data_blob_dup_talloc(req, security_buffer);
553 if (outdyn.length != security_buffer.length) {
554 return smbd_smb2_request_error(req,
555 NT_STATUS_NO_MEMORY);
556 }
557
558 ofs = security_offset + security_buffer.length;
559 if ((ofs % 8) != 0) {
560 pad = 8 - (ofs % 8);
561 }
562 ofs += pad;
563
564 ok = data_blob_append(req, &outdyn, zeros, pad);
565 if (!ok) {
566 return smbd_smb2_request_error(req,
567 NT_STATUS_NO_MEMORY);
568 }
569
570 ok = data_blob_append(req, &outdyn,
571 out_negotiate_context_blob.data,
572 out_negotiate_context_blob.length);
573 if (!ok) {
574 return smbd_smb2_request_error(req,
575 NT_STATUS_NO_MEMORY);
576 }
577
578 out_negotiate_context_offset = ofs;
579 out_negotiate_context_count = out_c.num_contexts;
580 } else {
581 outdyn = security_buffer;
582 }
583
584 out_guid_blob = data_blob_const(negprot_spnego_blob.data, 16);
585 status = GUID_from_ndr_blob(&out_guid_blob, &out_guid);
586 if (!NT_STATUS_IS_OK(status)) {
587 return smbd_smb2_request_error(req, status);
588 }
589
590 outbody = smbd_smb2_generate_outbody(req, 0x40);
591 if (outbody.data == NULL) {
592 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
593 }
594
595 SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
596 SSVAL(outbody.data, 0x02,
597 security_mode); /* security mode */
598 SSVAL(outbody.data, 0x04, dialect); /* dialect revision */
599 SSVAL(outbody.data, 0x06,
600 out_negotiate_context_count); /* reserved/NegotiateContextCount */
601 memcpy(outbody.data + 0x08,
602 out_guid_blob.data, 16); /* server guid */
603 SIVAL(outbody.data, 0x18,
604 capabilities); /* capabilities */
605 SIVAL(outbody.data, 0x1C, max_trans); /* max transact size */
606 SIVAL(outbody.data, 0x20, max_read); /* max read size */
607 SIVAL(outbody.data, 0x24, max_write); /* max write size */
608 SBVAL(outbody.data, 0x28, now); /* system time */
609 SBVAL(outbody.data, 0x30, 0); /* server start time */
610 SSVAL(outbody.data, 0x38,
611 security_offset); /* security buffer offset */
612 SSVAL(outbody.data, 0x3A,
613 security_buffer.length); /* security buffer length */
614 SIVAL(outbody.data, 0x3C,
615 out_negotiate_context_offset); /* reserved/NegotiateContextOffset */
616
617 req->sconn->using_smb2 = true;
618
619 if (dialect == SMB2_DIALECT_REVISION_2FF) {
620 return smbd_smb2_request_done(req, outbody, &outdyn);
621 }
622
623 status = smbXsrv_connection_init_tables(xconn, protocol);
624 if (!NT_STATUS_IS_OK(status)) {
625 return smbd_smb2_request_error(req, status);
626 }
627
628 xconn->smb2.client.capabilities = in_capabilities;
629 xconn->smb2.client.security_mode = in_security_mode;
630 xconn->smb2.client.guid = in_guid;
631 xconn->smb2.client.num_dialects = dialect_count;
632 xconn->smb2.client.dialects = talloc_array(xconn,
633 uint16_t,
634 dialect_count);
635 if (xconn->smb2.client.dialects == NULL) {
636 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
637 }
638 for (c=0; c < dialect_count; c++) {
639 xconn->smb2.client.dialects[c] = SVAL(indyn, c*2);
640 }
641
642 xconn->smb2.server.capabilities = capabilities;
643 xconn->smb2.server.security_mode = security_mode;
644 xconn->smb2.server.guid = out_guid;
645 xconn->smb2.server.dialect = dialect;
646 xconn->smb2.server.max_trans = max_trans;
647 xconn->smb2.server.max_read = max_read;
648 xconn->smb2.server.max_write = max_write;
649
650 if (xconn->protocol < PROTOCOL_SMB2_10) {
651 /*
652 * SMB2_02 doesn't support client guids
653 */
654 return smbd_smb2_request_done(req, outbody, &outdyn);
655 }
656
657 if (!xconn->client->server_multi_channel_enabled) {
658 /*
659 * Only deal with the client guid database
660 * if multi-channel is enabled.
661 */
662 return smbd_smb2_request_done(req, outbody, &outdyn);
663 }
664
665 if (xconn->smb2.client.guid_verified) {
666 /*
667 * The connection was passed from another
668 * smbd process.
669 */
670 return smbd_smb2_request_done(req, outbody, &outdyn);
671 }
672
673 status = smb2srv_client_lookup_global(xconn->client,
674 xconn->smb2.client.guid,
675 req, &global0);
676 /*
677 * TODO: check for races...
678 */
679 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECTID_NOT_FOUND)) {
680 /*
681 * This stores the new client information in
682 * smbXsrv_client_global.tdb
683 */
684 xconn->client->global->client_guid =
685 xconn->smb2.client.guid;
686 status = smbXsrv_client_update(xconn->client);
687 if (!NT_STATUS_IS_OK(status)) {
688 return status;
689 }
690
691 xconn->smb2.client.guid_verified = true;
692 } else if (NT_STATUS_IS_OK(status)) {
693 status = smb2srv_client_connection_pass(req,
694 global0);
695 if (!NT_STATUS_IS_OK(status)) {
696 return smbd_smb2_request_error(req, status);
697 }
698
699 smbd_server_connection_terminate(xconn,
700 "passed connection");
701 return NT_STATUS_OBJECTID_EXISTS;
702 } else {
703 return smbd_smb2_request_error(req, status);
704 }
705
706 return smbd_smb2_request_done(req, outbody, &outdyn);
707 }
Samba GIT mirror