search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libcli/smb2: the session key for SMB2 signing is truncated to 16 bytes
[Samba/ekacnet.git] / source4 / libcli / smb2 / session.c
blob31b3e942e92d967e8ff72a4e09c301594f16d544
1 /*
2 Unix SMB/CIFS implementation.
3
4 SMB2 client session handling
5
6 Copyright (C) Andrew Tridgell 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "libcli/raw/libcliraw.h"
24 #include "libcli/smb2/smb2.h"
25 #include "libcli/smb2/smb2_calls.h"
26 #include "libcli/composite/composite.h"
27 #include "auth/gensec/gensec.h"
28 #include "param/param.h"
29
30 /**
31 initialise a smb2_session structure
32 */
33 struct smb2_session *smb2_session_init(struct smb2_transport *transport,
34 struct loadparm_context *lp_ctx,
35 TALLOC_CTX *parent_ctx, bool primary)
36 {
37 struct smb2_session *session;
38 NTSTATUS status;
39
40 session = talloc_zero(parent_ctx, struct smb2_session);
41 if (!session) {
42 return NULL;
43 }
44 if (primary) {
45 session->transport = talloc_steal(session, transport);
46 } else {
47 session->transport = talloc_reference(session, transport);
48 }
49
50 /* prepare a gensec context for later use */
51 status = gensec_client_start(session, &session->gensec,
52 session->transport->socket->event.ctx,
53 lp_ctx);
54 if (!NT_STATUS_IS_OK(status)) {
55 talloc_free(session);
56 return NULL;
57 }
58
59 gensec_want_feature(session->gensec, GENSEC_FEATURE_SESSION_KEY);
60
61 return session;
62 }
63
64 /**
65 send a session setup request
66 */
67 struct smb2_request *smb2_session_setup_send(struct smb2_session *session,
68 struct smb2_session_setup *io)
69 {
70 struct smb2_request *req;
71 NTSTATUS status;
72
73 req = smb2_request_init(session->transport, SMB2_OP_SESSSETUP,
74 0x18, true, io->in.secblob.length);
75 if (req == NULL) return NULL;
76
77 SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID, session->uid);
78 SCVAL(req->out.body, 0x02, io->in.vc_number);
79 SCVAL(req->out.body, 0x03, io->in.security_mode);
80 SIVAL(req->out.body, 0x04, io->in.capabilities);
81 SIVAL(req->out.body, 0x08, io->in.channel);
82 SBVAL(req->out.body, 0x10, io->in.previous_sessionid);
83
84 req->session = session;
85
86 status = smb2_push_o16s16_blob(&req->out, 0x0C, io->in.secblob);
87 if (!NT_STATUS_IS_OK(status)) {
88 talloc_free(req);
89 return NULL;
90 }
91
92 smb2_transport_send(req);
93
94 return req;
95 }
96
97
98 /**
99 recv a session setup reply
100 */
101 NTSTATUS smb2_session_setup_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx,
102 struct smb2_session_setup *io)
103 {
104 NTSTATUS status;
105
106 if (!smb2_request_receive(req) ||
107 (smb2_request_is_error(req) &&
108 !NT_STATUS_EQUAL(req->status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
109 return smb2_request_destroy(req);
110 }
111
112 SMB2_CHECK_PACKET_RECV(req, 0x08, true);
113
114 io->out.session_flags = SVAL(req->in.body, 0x02);
115 io->out.uid = BVAL(req->in.hdr, SMB2_HDR_SESSION_ID);
116
117 status = smb2_pull_o16s16_blob(&req->in, mem_ctx, req->in.body+0x04, &io->out.secblob);
118 if (!NT_STATUS_IS_OK(status)) {
119 smb2_request_destroy(req);
120 return status;
121 }
122
123 return smb2_request_destroy(req);
124 }
125
126 /*
127 sync session setup request
128 */
129 NTSTATUS smb2_session_setup(struct smb2_session *session,
130 TALLOC_CTX *mem_ctx, struct smb2_session_setup *io)
131 {
132 struct smb2_request *req = smb2_session_setup_send(session, io);
133 return smb2_session_setup_recv(req, mem_ctx, io);
134 }
135
136
137 struct smb2_session_state {
138 struct smb2_session_setup io;
139 struct smb2_request *req;
140 NTSTATUS gensec_status;
141 };
142
143 /*
144 handle continuations of the spnego session setup
145 */
146 static void session_request_handler(struct smb2_request *req)
147 {
148 struct composite_context *c = talloc_get_type(req->async.private_data,
149 struct composite_context);
150 struct smb2_session_state *state = talloc_get_type(c->private_data,
151 struct smb2_session_state);
152 struct smb2_session *session = req->session;
153
154 c->status = smb2_session_setup_recv(req, c, &state->io);
155 if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED) ||
156 (NT_STATUS_IS_OK(c->status) &&
157 NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
158 NTSTATUS session_key_err;
159 DATA_BLOB session_key;
160 c->status = gensec_update(session->gensec, c,
161 state->io.out.secblob,
162 &state->io.in.secblob);
163 state->gensec_status = c->status;
164
165 session_key_err = gensec_session_key(session->gensec, &session_key);
166 if (NT_STATUS_IS_OK(session_key_err)) {
167 session->session_key = session_key;
168 }
169 }
170
171 session->uid = state->io.out.uid;
172
173 if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
174 state->req = smb2_session_setup_send(session, &state->io);
175 if (state->req == NULL) {
176 composite_error(c, NT_STATUS_NO_MEMORY);
177 return;
178 }
179
180 state->req->async.fn = session_request_handler;
181 state->req->async.private_data = c;
182 return;
183 }
184
185 if (!NT_STATUS_IS_OK(c->status)) {
186 composite_error(c, c->status);
187 return;
188 }
189
190 if (session->transport->signing_required) {
191 if (session->session_key.length == 0) {
192 DEBUG(0,("Wrong session key length %u for SMB2 signing\n",
193 (unsigned)session->session_key.length));
194 composite_error(c, NT_STATUS_ACCESS_DENIED);
195 return;
196 }
197 session->signing_active = true;
198 }
199
200 composite_done(c);
201 }
202
203 /*
204 a composite function that does a full SPNEGO session setup
205 */
206 struct composite_context *smb2_session_setup_spnego_send(struct smb2_session *session,
207 struct cli_credentials *credentials)
208 {
209 struct composite_context *c;
210 struct smb2_session_state *state;
211
212 c = composite_create(session, session->transport->socket->event.ctx);
213 if (c == NULL) return NULL;
214
215 state = talloc(c, struct smb2_session_state);
216 if (composite_nomem(state, c)) return c;
217 c->private_data = state;
218
219 ZERO_STRUCT(state->io);
220 state->io.in.vc_number = 0;
221 if (session->transport->signing_required) {
222 state->io.in.security_mode =
223 SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
224 }
225 state->io.in.capabilities = 0;
226 state->io.in.channel = 0;
227 state->io.in.previous_sessionid = 0;
228
229 c->status = gensec_set_credentials(session->gensec, credentials);
230 if (!composite_is_ok(c)) return c;
231
232 c->status = gensec_set_target_hostname(session->gensec,
233 session->transport->socket->hostname);
234 if (!composite_is_ok(c)) return c;
235
236 c->status = gensec_set_target_service(session->gensec, "cifs");
237 if (!composite_is_ok(c)) return c;
238
239 c->status = gensec_start_mech_by_oid(session->gensec, GENSEC_OID_SPNEGO);
240 if (!composite_is_ok(c)) return c;
241
242 c->status = gensec_update(session->gensec, c,
243 session->transport->negotiate.secblob,
244 &state->io.in.secblob);
245 if (!NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
246 composite_error(c, c->status);
247 return c;
248 }
249 state->gensec_status = c->status;
250
251 state->req = smb2_session_setup_send(session, &state->io);
252 composite_continue_smb2(c, state->req, session_request_handler, c);
253 return c;
254 }
255
256 /*
257 receive a composite session setup reply
258 */
259 NTSTATUS smb2_session_setup_spnego_recv(struct composite_context *c)
260 {
261 NTSTATUS status;
262 status = composite_wait(c);
263 talloc_free(c);
264 return status;
265 }
266
267 /*
268 sync version of smb2_session_setup_spnego
269 */
270 NTSTATUS smb2_session_setup_spnego(struct smb2_session *session,
271 struct cli_credentials *credentials)
272 {
273 struct composite_context *c = smb2_session_setup_spnego_send(session, credentials);
274 return smb2_session_setup_spnego_recv(c);
275 }