3 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 1998-2001
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
7 Copyright (C) Jim McDonough 2002
8 Copyright (C) Luke Howard 2003
9 Copyright (C) Stefan Metzmacher 2005
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include "auth/credentials/credentials.h"
28 #include "auth/gensec/gensec.h"
29 #include "auth/auth.h"
30 #include "smb_server/smb_server.h"
31 #include "smbd/service_stream.h"
32 #include "librpc/gen_ndr/nbt.h"
33 #include "param/param.h"
36 setup the OS, Lanman and domain portions of a session setup reply
38 static void sesssetup_common_strings(struct smbsrv_request
*req
,
39 char **os
, char **lanman
, char **domain
)
41 (*os
) = talloc_asprintf(req
, "Unix");
42 (*lanman
) = talloc_asprintf(req
, "Samba %s", SAMBA_VERSION_STRING
);
43 (*domain
) = talloc_asprintf(req
, "%s", lp_workgroup(global_loadparm
));
46 static void smbsrv_sesssetup_backend_send(struct smbsrv_request
*req
,
47 union smb_sesssetup
*sess
,
50 if (NT_STATUS_IS_OK(status
)) {
51 req
->smb_conn
->negotiate
.done_sesssetup
= true;
52 /* we need to keep the session long term */
53 req
->session
= talloc_steal(req
->smb_conn
, req
->session
);
55 smbsrv_reply_sesssetup_send(req
, sess
, status
);
58 static void sesssetup_old_send(struct auth_check_password_request
*areq
,
61 struct smbsrv_request
*req
= talloc_get_type(private_data
, struct smbsrv_request
);
62 union smb_sesssetup
*sess
= talloc_get_type(req
->io_ptr
, union smb_sesssetup
);
63 struct auth_serversupplied_info
*server_info
= NULL
;
64 struct auth_session_info
*session_info
;
65 struct smbsrv_session
*smb_sess
;
68 status
= auth_check_password_recv(areq
, req
, &server_info
);
69 if (!NT_STATUS_IS_OK(status
)) goto failed
;
71 /* This references server_info into session_info */
72 status
= auth_generate_session_info(req
, server_info
, &session_info
);
73 if (!NT_STATUS_IS_OK(status
)) goto failed
;
75 /* allocate a new session */
76 smb_sess
= smbsrv_session_new(req
->smb_conn
, req
, NULL
);
78 status
= NT_STATUS_INSUFFICIENT_RESOURCES
;
82 /* Ensure this is marked as a 'real' vuid, not one
83 * simply valid for the session setup leg */
84 status
= smbsrv_session_sesssetup_finished(smb_sess
, session_info
);
85 if (!NT_STATUS_IS_OK(status
)) goto failed
;
87 /* To correctly process any AndX packet (like a tree connect)
88 * we need to fill in the session on the request here */
89 req
->session
= smb_sess
;
90 sess
->old
.out
.vuid
= smb_sess
->vuid
;
93 status
= auth_nt_status_squash(status
);
94 smbsrv_sesssetup_backend_send(req
, sess
, status
);
98 handler for old style session setup
100 static void sesssetup_old(struct smbsrv_request
*req
, union smb_sesssetup
*sess
)
102 struct auth_usersupplied_info
*user_info
= NULL
;
103 struct socket_address
*remote_address
;
104 const char *remote_machine
= NULL
;
106 sess
->old
.out
.vuid
= 0;
107 sess
->old
.out
.action
= 0;
109 sesssetup_common_strings(req
,
111 &sess
->old
.out
.lanman
,
112 &sess
->old
.out
.domain
);
114 if (!req
->smb_conn
->negotiate
.done_sesssetup
) {
115 req
->smb_conn
->negotiate
.max_send
= sess
->old
.in
.bufsize
;
118 if (req
->smb_conn
->negotiate
.calling_name
) {
119 remote_machine
= req
->smb_conn
->negotiate
.calling_name
->name
;
122 remote_address
= socket_get_peer_addr(req
->smb_conn
->connection
->socket
, req
);
123 if (!remote_address
) goto nomem
;
125 if (!remote_machine
) {
126 remote_machine
= remote_address
->addr
;
129 user_info
= talloc(req
, struct auth_usersupplied_info
);
130 if (!user_info
) goto nomem
;
132 user_info
->mapped_state
= false;
133 user_info
->logon_parameters
= 0;
134 user_info
->flags
= 0;
135 user_info
->client
.account_name
= sess
->old
.in
.user
;
136 user_info
->client
.domain_name
= sess
->old
.in
.domain
;
137 user_info
->workstation_name
= remote_machine
;
138 user_info
->remote_host
= talloc_steal(user_info
, remote_address
);
140 user_info
->password_state
= AUTH_PASSWORD_RESPONSE
;
141 user_info
->password
.response
.lanman
= sess
->old
.in
.password
;
142 user_info
->password
.response
.lanman
.data
= talloc_steal(user_info
, sess
->old
.in
.password
.data
);
143 user_info
->password
.response
.nt
= data_blob(NULL
, 0);
145 auth_check_password_send(req
->smb_conn
->negotiate
.auth_context
, user_info
,
146 sesssetup_old_send
, req
);
150 smbsrv_sesssetup_backend_send(req
, sess
, NT_STATUS_NO_MEMORY
);
153 static void sesssetup_nt1_send(struct auth_check_password_request
*areq
,
156 struct smbsrv_request
*req
= talloc_get_type(private_data
, struct smbsrv_request
);
157 union smb_sesssetup
*sess
= talloc_get_type(req
->io_ptr
, union smb_sesssetup
);
158 struct auth_serversupplied_info
*server_info
= NULL
;
159 struct auth_session_info
*session_info
;
160 struct smbsrv_session
*smb_sess
;
163 status
= auth_check_password_recv(areq
, req
, &server_info
);
164 if (!NT_STATUS_IS_OK(status
)) goto failed
;
166 /* This references server_info into session_info */
167 status
= auth_generate_session_info(req
, server_info
, &session_info
);
168 if (!NT_STATUS_IS_OK(status
)) goto failed
;
170 /* allocate a new session */
171 smb_sess
= smbsrv_session_new(req
->smb_conn
, req
, NULL
);
173 status
= NT_STATUS_INSUFFICIENT_RESOURCES
;
177 /* Ensure this is marked as a 'real' vuid, not one
178 * simply valid for the session setup leg */
179 status
= smbsrv_session_sesssetup_finished(smb_sess
, session_info
);
180 if (!NT_STATUS_IS_OK(status
)) goto failed
;
182 /* To correctly process any AndX packet (like a tree connect)
183 * we need to fill in the session on the request here */
184 req
->session
= smb_sess
;
185 sess
->nt1
.out
.vuid
= smb_sess
->vuid
;
187 if (!session_info
->server_info
->authenticated
) {
188 /* don't try signing as anonymous */
192 if (!smbsrv_setup_signing(req
->smb_conn
, &session_info
->session_key
, &sess
->nt1
.in
.password2
)) {
193 /* Already signing, or disabled */
197 /* Force check of the request packet, now we know the session key */
198 smbsrv_signing_check_incoming(req
);
199 /* TODO: why don't we check the result here? */
201 /* Unfortunetly win2k3 as a client doesn't sign the request
202 * packet here, so we have to force signing to start again */
204 smbsrv_signing_restart(req
->smb_conn
, &session_info
->session_key
, &sess
->nt1
.in
.password2
);
207 status
= NT_STATUS_OK
;
209 status
= auth_nt_status_squash(status
);
210 smbsrv_sesssetup_backend_send(req
, sess
, status
);
214 handler for NT1 style session setup
216 static void sesssetup_nt1(struct smbsrv_request
*req
, union smb_sesssetup
*sess
)
219 struct auth_context
*auth_context
;
220 struct auth_usersupplied_info
*user_info
= NULL
;
221 struct socket_address
*remote_address
;
222 const char *remote_machine
= NULL
;
224 sess
->nt1
.out
.vuid
= 0;
225 sess
->nt1
.out
.action
= 0;
227 sesssetup_common_strings(req
,
229 &sess
->nt1
.out
.lanman
,
230 &sess
->nt1
.out
.domain
);
232 if (!req
->smb_conn
->negotiate
.done_sesssetup
) {
233 req
->smb_conn
->negotiate
.max_send
= sess
->nt1
.in
.bufsize
;
234 req
->smb_conn
->negotiate
.client_caps
= sess
->nt1
.in
.capabilities
;
237 if (req
->smb_conn
->negotiate
.oid
) {
238 if (sess
->nt1
.in
.user
&& *sess
->nt1
.in
.user
) {
239 /* We can't accept a normal login, because we
240 * don't have a challenge */
241 status
= NT_STATUS_LOGON_FAILURE
;
245 /* TODO: should we use just "anonymous" here? */
246 status
= auth_context_create(req
,
247 req
->smb_conn
->connection
->event
.ctx
,
248 req
->smb_conn
->connection
->msg_ctx
,
250 if (!NT_STATUS_IS_OK(status
)) goto failed
;
252 auth_context
= req
->smb_conn
->negotiate
.auth_context
;
255 if (req
->smb_conn
->negotiate
.calling_name
) {
256 remote_machine
= req
->smb_conn
->negotiate
.calling_name
->name
;
259 remote_address
= socket_get_peer_addr(req
->smb_conn
->connection
->socket
, req
);
260 if (!remote_address
) goto nomem
;
262 if (!remote_machine
) {
263 remote_machine
= remote_address
->addr
;
266 user_info
= talloc(req
, struct auth_usersupplied_info
);
267 if (!user_info
) goto nomem
;
269 user_info
->mapped_state
= false;
270 user_info
->logon_parameters
= 0;
271 user_info
->flags
= 0;
272 user_info
->client
.account_name
= sess
->nt1
.in
.user
;
273 user_info
->client
.domain_name
= sess
->nt1
.in
.domain
;
274 user_info
->workstation_name
= remote_machine
;
275 user_info
->remote_host
= talloc_steal(user_info
, remote_address
);
277 user_info
->password_state
= AUTH_PASSWORD_RESPONSE
;
278 user_info
->password
.response
.lanman
= sess
->nt1
.in
.password1
;
279 user_info
->password
.response
.lanman
.data
= talloc_steal(user_info
, sess
->nt1
.in
.password1
.data
);
280 user_info
->password
.response
.nt
= sess
->nt1
.in
.password2
;
281 user_info
->password
.response
.nt
.data
= talloc_steal(user_info
, sess
->nt1
.in
.password2
.data
);
283 auth_check_password_send(auth_context
, user_info
,
284 sesssetup_nt1_send
, req
);
288 status
= NT_STATUS_NO_MEMORY
;
290 status
= auth_nt_status_squash(status
);
291 smbsrv_sesssetup_backend_send(req
, sess
, status
);
294 struct sesssetup_spnego_state
{
295 struct smbsrv_request
*req
;
296 union smb_sesssetup
*sess
;
297 struct smbsrv_session
*smb_sess
;
300 static void sesssetup_spnego_send(struct gensec_update_request
*greq
, void *private_data
)
302 struct sesssetup_spnego_state
*s
= talloc_get_type(private_data
,
303 struct sesssetup_spnego_state
);
304 struct smbsrv_request
*req
= s
->req
;
305 union smb_sesssetup
*sess
= s
->sess
;
306 struct smbsrv_session
*smb_sess
= s
->smb_sess
;
307 struct auth_session_info
*session_info
= NULL
;
309 NTSTATUS skey_status
;
310 DATA_BLOB session_key
;
312 status
= gensec_update_recv(greq
, req
, &sess
->spnego
.out
.secblob
);
313 if (NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
315 } else if (!NT_STATUS_IS_OK(status
)) {
319 status
= gensec_session_info(smb_sess
->gensec_ctx
, &session_info
);
320 if (!NT_STATUS_IS_OK(status
)) goto failed
;
322 skey_status
= gensec_session_key(smb_sess
->gensec_ctx
, &session_key
);
323 if (NT_STATUS_IS_OK(skey_status
) &&
324 session_info
->server_info
->authenticated
&&
325 smbsrv_setup_signing(req
->smb_conn
, &session_key
, NULL
)) {
326 /* Force check of the request packet, now we know the session key */
327 smbsrv_signing_check_incoming(req
);
329 smbsrv_signing_restart(req
->smb_conn
, &session_key
, NULL
);
332 /* Ensure this is marked as a 'real' vuid, not one
333 * simply valid for the session setup leg */
334 status
= smbsrv_session_sesssetup_finished(smb_sess
, session_info
);
335 if (!NT_STATUS_IS_OK(status
)) goto failed
;
337 req
->session
= smb_sess
;
340 sess
->spnego
.out
.vuid
= smb_sess
->vuid
;
342 status
= auth_nt_status_squash(status
);
343 smbsrv_sesssetup_backend_send(req
, sess
, status
);
344 if (!NT_STATUS_IS_OK(status
) &&
345 !NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
346 talloc_free(smb_sess
);
351 handler for SPNEGO style session setup
353 static void sesssetup_spnego(struct smbsrv_request
*req
, union smb_sesssetup
*sess
)
356 struct smbsrv_session
*smb_sess
= NULL
;
357 struct sesssetup_spnego_state
*s
= NULL
;
360 sess
->spnego
.out
.vuid
= 0;
361 sess
->spnego
.out
.action
= 0;
363 sesssetup_common_strings(req
,
364 &sess
->spnego
.out
.os
,
365 &sess
->spnego
.out
.lanman
,
366 &sess
->spnego
.out
.workgroup
);
368 if (!req
->smb_conn
->negotiate
.done_sesssetup
) {
369 req
->smb_conn
->negotiate
.max_send
= sess
->spnego
.in
.bufsize
;
370 req
->smb_conn
->negotiate
.client_caps
= sess
->spnego
.in
.capabilities
;
373 vuid
= SVAL(req
->in
.hdr
,HDR_UID
);
375 /* lookup an existing session */
376 smb_sess
= smbsrv_session_find_sesssetup(req
->smb_conn
, vuid
);
378 struct gensec_security
*gensec_ctx
;
380 status
= gensec_server_start(req
,
381 req
->smb_conn
->connection
->event
.ctx
,
382 req
->smb_conn
->connection
->msg_ctx
,
384 if (!NT_STATUS_IS_OK(status
)) {
385 DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status
)));
389 gensec_set_credentials(gensec_ctx
, req
->smb_conn
->negotiate
.server_credentials
);
391 gensec_set_target_service(gensec_ctx
, "cifs");
393 gensec_want_feature(gensec_ctx
, GENSEC_FEATURE_SESSION_KEY
);
395 status
= gensec_start_mech_by_oid(gensec_ctx
, req
->smb_conn
->negotiate
.oid
);
396 if (!NT_STATUS_IS_OK(status
)) {
397 DEBUG(1, ("Failed to start GENSEC %s server code: %s\n",
398 gensec_get_name_by_oid(req
->smb_conn
->negotiate
.oid
), nt_errstr(status
)));
402 /* allocate a new session */
403 smb_sess
= smbsrv_session_new(req
->smb_conn
, req
->smb_conn
, gensec_ctx
);
405 status
= NT_STATUS_INSUFFICIENT_RESOURCES
;
411 status
= NT_STATUS_ACCESS_DENIED
;
415 if (!smb_sess
->gensec_ctx
) {
416 status
= NT_STATUS_INTERNAL_ERROR
;
417 DEBUG(1, ("Internal ERROR: no gensec_ctx on session: %s\n", nt_errstr(status
)));
421 s
= talloc(req
, struct sesssetup_spnego_state
);
425 s
->smb_sess
= smb_sess
;
427 gensec_update_send(smb_sess
->gensec_ctx
, sess
->spnego
.in
.secblob
,
428 sesssetup_spnego_send
, s
);
432 status
= NT_STATUS_NO_MEMORY
;
434 talloc_free(smb_sess
);
435 status
= auth_nt_status_squash(status
);
436 smbsrv_sesssetup_backend_send(req
, sess
, status
);
440 backend for sessionsetup call - this takes all 3 variants of the call
442 void smbsrv_sesssetup_backend(struct smbsrv_request
*req
,
443 union smb_sesssetup
*sess
)
445 switch (sess
->old
.level
) {
446 case RAW_SESSSETUP_OLD
:
447 sesssetup_old(req
, sess
);
450 case RAW_SESSSETUP_NT1
:
451 sesssetup_nt1(req
, sess
);
454 case RAW_SESSSETUP_SPNEGO
:
455 sesssetup_spnego(req
, sess
);
458 case RAW_SESSSETUP_SMB2
:
462 smbsrv_sesssetup_backend_send(req
, sess
, NT_STATUS_INVALID_LEVEL
);