2 Unix SMB/CIFS implementation.
3 Pipe SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
6 Copyright (C) Paul Ashton 1997-1998.
7 Copyright (C) Jeremy Allison 2005.
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles reply_ calls on named pipes that the server
24 makes to handle specific protocols
29 #include "smbd/smbd.h"
30 #include "smbd/globals.h"
31 #include "libcli/security/security.h"
32 #include "rpc_server/srv_pipe_hnd.h"
33 #include "auth/auth_util.h"
34 #include "librpc/rpc/dcerpc_helper.h"
36 NTSTATUS
open_np_file(struct smb_request
*smb_req
, const char *name
,
37 struct files_struct
**pfsp
)
39 struct smbXsrv_connection
*xconn
= smb_req
->xconn
;
40 struct connection_struct
*conn
= smb_req
->conn
;
41 struct files_struct
*fsp
;
42 struct smb_filename
*smb_fname
= NULL
;
43 struct auth_session_info
*session_info
= conn
->session_info
;
46 status
= file_new(smb_req
, conn
, &fsp
);
47 if (!NT_STATUS_IS_OK(status
)) {
48 DEBUG(0, ("file_new failed: %s\n", nt_errstr(status
)));
54 fsp
->vuid
= smb_req
->vuid
;
55 fsp
->fsp_flags
.can_lock
= false;
56 fsp
->access_mask
= FILE_READ_DATA
| FILE_WRITE_DATA
;
58 smb_fname
= synthetic_smb_fname(talloc_tos(),
64 if (smb_fname
== NULL
) {
65 file_free(smb_req
, fsp
);
66 return NT_STATUS_NO_MEMORY
;
68 status
= fsp_set_smb_fname(fsp
, smb_fname
);
69 TALLOC_FREE(smb_fname
);
70 if (!NT_STATUS_IS_OK(status
)) {
71 file_free(smb_req
, fsp
);
75 if (smb_req
->smb2req
!= NULL
&& smb_req
->smb2req
->was_encrypted
) {
76 struct security_token
*security_token
= NULL
;
77 uint16_t dialect
= xconn
->smb2
.server
.dialect
;
78 uint16_t srv_smb_encrypt
= DCERPC_SMB_ENCRYPTION_REQUIRED
;
79 uint16_t cipher
= xconn
->smb2
.server
.cipher
;
80 struct dom_sid smb3_sid
= global_sid_Samba_SMB3
;
84 session_info
= copy_session_info(fsp
, conn
->session_info
);
85 if (session_info
== NULL
) {
86 DBG_ERR("Failed to copy session info\n");
87 file_free(smb_req
, fsp
);
88 return NT_STATUS_NO_MEMORY
;
90 security_token
= session_info
->security_token
;
95 * Make sure we don't have a SMB3 SID in the security token!
97 num_smb3_sids
= security_token_count_flag_sids(security_token
,
101 if (num_smb3_sids
!= 0) {
102 DBG_ERR("ERROR: %zu SMB3 SIDs have already been "
103 "detected in the security token!\n",
105 file_free(smb_req
, fsp
);
106 return NT_STATUS_ACCESS_DENIED
;
109 ok
= sid_append_rid(&smb3_sid
, dialect
);
110 ok
&= sid_append_rid(&smb3_sid
, srv_smb_encrypt
);
111 ok
&= sid_append_rid(&smb3_sid
, cipher
);
114 DBG_ERR("sid too small\n");
115 file_free(smb_req
, fsp
);
116 return NT_STATUS_BUFFER_TOO_SMALL
;
119 status
= add_sid_to_array_unique(security_token
,
121 &security_token
->sids
,
122 &security_token
->num_sids
);
123 if (!NT_STATUS_IS_OK(status
)) {
124 DBG_ERR("Failed to add SMB3 SID to security token\n");
125 file_free(smb_req
, fsp
);
129 fsp
->fsp_flags
.encryption_required
= true;
132 status
= np_open(fsp
, name
,
133 conn
->sconn
->remote_address
,
134 conn
->sconn
->local_address
,
137 conn
->sconn
->msg_ctx
,
138 conn
->sconn
->dce_ctx
,
139 &fsp
->fake_file_handle
);
140 if (!NT_STATUS_IS_OK(status
)) {
141 DEBUG(10, ("np_open(%s) returned %s\n", name
,
143 file_free(smb_req
, fsp
);