3 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 1998-2001
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
7 Copyright (C) Jim McDonough 2002
8 Copyright (C) Luke Howard 2003
9 Copyright (C) Stefan Metzmacher 2005
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
28 #include "auth/gensec/gensec.h"
29 #include "auth/auth.h"
30 #include "smb_server/smb_server.h"
31 #include "smbd/service_stream.h"
32 #include "param/param.h"
33 #include "../lib/tsocket/tsocket.h"
35 struct sesssetup_context
{
36 struct auth_context
*auth_context
;
37 struct smbsrv_request
*req
;
41 setup the OS, Lanman and domain portions of a session setup reply
43 static void sesssetup_common_strings(struct smbsrv_request
*req
,
44 char **os
, char **lanman
, char **domain
)
46 (*os
) = talloc_asprintf(req
, "Unix");
47 (*lanman
) = talloc_asprintf(req
, "Samba %s", SAMBA_VERSION_STRING
);
48 (*domain
) = talloc_asprintf(req
, "%s",
49 lp_workgroup(req
->smb_conn
->lp_ctx
));
52 static void smbsrv_sesssetup_backend_send(struct smbsrv_request
*req
,
53 union smb_sesssetup
*sess
,
56 if (NT_STATUS_IS_OK(status
)) {
57 req
->smb_conn
->negotiate
.done_sesssetup
= true;
58 /* we need to keep the session long term */
59 req
->session
= talloc_steal(req
->smb_conn
, req
->session
);
61 smbsrv_reply_sesssetup_send(req
, sess
, status
);
64 static void sesssetup_old_send(struct tevent_req
*subreq
)
66 struct sesssetup_context
*state
= tevent_req_callback_data(subreq
, struct sesssetup_context
);
67 struct smbsrv_request
*req
= state
->req
;
69 union smb_sesssetup
*sess
= talloc_get_type(req
->io_ptr
, union smb_sesssetup
);
70 struct auth_serversupplied_info
*server_info
= NULL
;
71 struct auth_session_info
*session_info
;
72 struct smbsrv_session
*smb_sess
;
76 status
= auth_check_password_recv(subreq
, req
, &server_info
);
78 if (!NT_STATUS_IS_OK(status
)) goto failed
;
80 flags
= AUTH_SESSION_INFO_DEFAULT_GROUPS
;
81 if (server_info
->authenticated
) {
82 flags
|= AUTH_SESSION_INFO_AUTHENTICATED
;
84 /* This references server_info into session_info */
85 status
= req
->smb_conn
->negotiate
.auth_context
->generate_session_info(req
,
86 req
->smb_conn
->negotiate
.auth_context
,
87 server_info
, flags
, &session_info
);
88 if (!NT_STATUS_IS_OK(status
)) goto failed
;
90 /* allocate a new session */
91 smb_sess
= smbsrv_session_new(req
->smb_conn
, req
, NULL
);
93 status
= NT_STATUS_INSUFFICIENT_RESOURCES
;
97 /* Ensure this is marked as a 'real' vuid, not one
98 * simply valid for the session setup leg */
99 status
= smbsrv_session_sesssetup_finished(smb_sess
, session_info
);
100 if (!NT_STATUS_IS_OK(status
)) goto failed
;
102 /* To correctly process any AndX packet (like a tree connect)
103 * we need to fill in the session on the request here */
104 req
->session
= smb_sess
;
105 sess
->old
.out
.vuid
= smb_sess
->vuid
;
108 status
= auth_nt_status_squash(status
);
109 smbsrv_sesssetup_backend_send(req
, sess
, status
);
113 handler for old style session setup
115 static void sesssetup_old(struct smbsrv_request
*req
, union smb_sesssetup
*sess
)
117 struct auth_usersupplied_info
*user_info
= NULL
;
118 struct tsocket_address
*remote_address
;
119 const char *remote_machine
= NULL
;
120 struct tevent_req
*subreq
;
121 struct sesssetup_context
*state
;
123 sess
->old
.out
.vuid
= 0;
124 sess
->old
.out
.action
= 0;
126 sesssetup_common_strings(req
,
128 &sess
->old
.out
.lanman
,
129 &sess
->old
.out
.domain
);
131 if (!req
->smb_conn
->negotiate
.done_sesssetup
) {
132 req
->smb_conn
->negotiate
.max_send
= sess
->old
.in
.bufsize
;
135 if (req
->smb_conn
->negotiate
.calling_name
) {
136 remote_machine
= req
->smb_conn
->negotiate
.calling_name
->name
;
139 remote_address
= socket_get_remote_addr(req
->smb_conn
->connection
->socket
, req
);
140 if (!remote_address
) goto nomem
;
142 if (!remote_machine
) {
143 remote_machine
= tsocket_address_inet_addr_string(remote_address
, req
);
144 if (!remote_machine
) goto nomem
;
147 user_info
= talloc(req
, struct auth_usersupplied_info
);
148 if (!user_info
) goto nomem
;
150 user_info
->mapped_state
= false;
151 user_info
->logon_parameters
= 0;
152 user_info
->flags
= 0;
153 user_info
->client
.account_name
= sess
->old
.in
.user
;
154 user_info
->client
.domain_name
= sess
->old
.in
.domain
;
155 user_info
->workstation_name
= remote_machine
;
156 user_info
->remote_host
= talloc_steal(user_info
, remote_address
);
158 user_info
->password_state
= AUTH_PASSWORD_RESPONSE
;
159 user_info
->password
.response
.lanman
= sess
->old
.in
.password
;
160 user_info
->password
.response
.lanman
.data
= talloc_steal(user_info
, sess
->old
.in
.password
.data
);
161 user_info
->password
.response
.nt
= data_blob(NULL
, 0);
163 state
= talloc(req
, struct sesssetup_context
);
164 if (!state
) goto nomem
;
166 if (req
->smb_conn
->negotiate
.auth_context
) {
167 state
->auth_context
= req
->smb_conn
->negotiate
.auth_context
;
169 /* TODO: should we use just "anonymous" here? */
170 NTSTATUS status
= auth_context_create(state
,
171 req
->smb_conn
->connection
->event
.ctx
,
172 req
->smb_conn
->connection
->msg_ctx
,
173 req
->smb_conn
->lp_ctx
,
174 &state
->auth_context
);
175 if (!NT_STATUS_IS_OK(status
)) {
176 smbsrv_sesssetup_backend_send(req
, sess
, status
);
183 subreq
= auth_check_password_send(state
,
184 req
->smb_conn
->connection
->event
.ctx
,
185 req
->smb_conn
->negotiate
.auth_context
,
187 if (!subreq
) goto nomem
;
188 tevent_req_set_callback(subreq
, sesssetup_old_send
, state
);
192 smbsrv_sesssetup_backend_send(req
, sess
, NT_STATUS_NO_MEMORY
);
195 static void sesssetup_nt1_send(struct tevent_req
*subreq
)
197 struct sesssetup_context
*state
= tevent_req_callback_data(subreq
, struct sesssetup_context
);
198 struct smbsrv_request
*req
= state
->req
;
199 union smb_sesssetup
*sess
= talloc_get_type(req
->io_ptr
, union smb_sesssetup
);
200 struct auth_serversupplied_info
*server_info
= NULL
;
201 struct auth_session_info
*session_info
;
202 struct smbsrv_session
*smb_sess
;
207 status
= auth_check_password_recv(subreq
, req
, &server_info
);
209 if (!NT_STATUS_IS_OK(status
)) goto failed
;
211 flags
= AUTH_SESSION_INFO_DEFAULT_GROUPS
;
212 if (server_info
->authenticated
) {
213 flags
|= AUTH_SESSION_INFO_AUTHENTICATED
;
216 /* This references server_info into session_info */
217 status
= state
->auth_context
->generate_session_info(req
,
222 if (!NT_STATUS_IS_OK(status
)) goto failed
;
224 /* allocate a new session */
225 smb_sess
= smbsrv_session_new(req
->smb_conn
, req
, NULL
);
227 status
= NT_STATUS_INSUFFICIENT_RESOURCES
;
231 /* Ensure this is marked as a 'real' vuid, not one
232 * simply valid for the session setup leg */
233 status
= smbsrv_session_sesssetup_finished(smb_sess
, session_info
);
234 if (!NT_STATUS_IS_OK(status
)) goto failed
;
236 /* To correctly process any AndX packet (like a tree connect)
237 * we need to fill in the session on the request here */
238 req
->session
= smb_sess
;
239 sess
->nt1
.out
.vuid
= smb_sess
->vuid
;
241 if (!smbsrv_setup_signing(req
->smb_conn
, &session_info
->session_key
, &sess
->nt1
.in
.password2
)) {
242 /* Already signing, or disabled */
247 status
= NT_STATUS_OK
;
249 status
= auth_nt_status_squash(status
);
250 smbsrv_sesssetup_backend_send(req
, sess
, status
);
254 handler for NT1 style session setup
256 static void sesssetup_nt1(struct smbsrv_request
*req
, union smb_sesssetup
*sess
)
259 struct auth_usersupplied_info
*user_info
= NULL
;
260 struct tsocket_address
*remote_address
;
261 const char *remote_machine
= NULL
;
262 struct tevent_req
*subreq
;
263 struct sesssetup_context
*state
;
265 sess
->nt1
.out
.vuid
= 0;
266 sess
->nt1
.out
.action
= 0;
268 sesssetup_common_strings(req
,
270 &sess
->nt1
.out
.lanman
,
271 &sess
->nt1
.out
.domain
);
273 if (!req
->smb_conn
->negotiate
.done_sesssetup
) {
274 req
->smb_conn
->negotiate
.max_send
= sess
->nt1
.in
.bufsize
;
275 req
->smb_conn
->negotiate
.client_caps
= sess
->nt1
.in
.capabilities
;
278 state
= talloc(req
, struct sesssetup_context
);
279 if (!state
) goto nomem
;
283 if (req
->smb_conn
->negotiate
.oid
) {
284 if (sess
->nt1
.in
.user
&& *sess
->nt1
.in
.user
) {
285 /* We can't accept a normal login, because we
286 * don't have a challenge */
287 status
= NT_STATUS_LOGON_FAILURE
;
291 /* TODO: should we use just "anonymous" here? */
292 status
= auth_context_create(state
,
293 req
->smb_conn
->connection
->event
.ctx
,
294 req
->smb_conn
->connection
->msg_ctx
,
295 req
->smb_conn
->lp_ctx
,
296 &state
->auth_context
);
297 if (!NT_STATUS_IS_OK(status
)) goto failed
;
298 } else if (req
->smb_conn
->negotiate
.auth_context
) {
299 state
->auth_context
= req
->smb_conn
->negotiate
.auth_context
;
301 /* TODO: should we use just "anonymous" here? */
302 status
= auth_context_create(state
,
303 req
->smb_conn
->connection
->event
.ctx
,
304 req
->smb_conn
->connection
->msg_ctx
,
305 req
->smb_conn
->lp_ctx
,
306 &state
->auth_context
);
307 if (!NT_STATUS_IS_OK(status
)) goto failed
;
310 if (req
->smb_conn
->negotiate
.calling_name
) {
311 remote_machine
= req
->smb_conn
->negotiate
.calling_name
->name
;
314 remote_address
= socket_get_remote_addr(req
->smb_conn
->connection
->socket
, req
);
315 if (!remote_address
) goto nomem
;
317 if (!remote_machine
) {
318 remote_machine
= tsocket_address_inet_addr_string(remote_address
, req
);
319 if (!remote_machine
) goto nomem
;
322 user_info
= talloc(req
, struct auth_usersupplied_info
);
323 if (!user_info
) goto nomem
;
325 user_info
->mapped_state
= false;
326 user_info
->logon_parameters
= 0;
327 user_info
->flags
= 0;
328 user_info
->client
.account_name
= sess
->nt1
.in
.user
;
329 user_info
->client
.domain_name
= sess
->nt1
.in
.domain
;
330 user_info
->workstation_name
= remote_machine
;
331 user_info
->remote_host
= talloc_steal(user_info
, remote_address
);
333 user_info
->password_state
= AUTH_PASSWORD_RESPONSE
;
334 user_info
->password
.response
.lanman
= sess
->nt1
.in
.password1
;
335 user_info
->password
.response
.lanman
.data
= talloc_steal(user_info
, sess
->nt1
.in
.password1
.data
);
336 user_info
->password
.response
.nt
= sess
->nt1
.in
.password2
;
337 user_info
->password
.response
.nt
.data
= talloc_steal(user_info
, sess
->nt1
.in
.password2
.data
);
339 subreq
= auth_check_password_send(state
,
340 req
->smb_conn
->connection
->event
.ctx
,
343 if (!subreq
) goto nomem
;
344 tevent_req_set_callback(subreq
, sesssetup_nt1_send
, state
);
349 status
= NT_STATUS_NO_MEMORY
;
351 status
= auth_nt_status_squash(status
);
352 smbsrv_sesssetup_backend_send(req
, sess
, status
);
355 struct sesssetup_spnego_state
{
356 struct smbsrv_request
*req
;
357 union smb_sesssetup
*sess
;
358 struct smbsrv_session
*smb_sess
;
361 static void sesssetup_spnego_send(struct tevent_req
*subreq
)
363 struct sesssetup_spnego_state
*s
= tevent_req_callback_data(subreq
,
364 struct sesssetup_spnego_state
);
365 struct smbsrv_request
*req
= s
->req
;
366 union smb_sesssetup
*sess
= s
->sess
;
367 struct smbsrv_session
*smb_sess
= s
->smb_sess
;
368 struct auth_session_info
*session_info
= NULL
;
370 NTSTATUS skey_status
;
371 DATA_BLOB session_key
;
373 status
= gensec_update_recv(subreq
, req
, &sess
->spnego
.out
.secblob
);
375 if (NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
377 } else if (!NT_STATUS_IS_OK(status
)) {
381 status
= gensec_session_info(smb_sess
->gensec_ctx
, &session_info
);
382 if (!NT_STATUS_IS_OK(status
)) goto failed
;
384 skey_status
= gensec_session_key(smb_sess
->gensec_ctx
, &session_key
);
385 if (NT_STATUS_IS_OK(skey_status
)) {
386 smbsrv_setup_signing(req
->smb_conn
, &session_key
, NULL
);
389 /* Ensure this is marked as a 'real' vuid, not one
390 * simply valid for the session setup leg */
391 status
= smbsrv_session_sesssetup_finished(smb_sess
, session_info
);
392 if (!NT_STATUS_IS_OK(status
)) goto failed
;
394 req
->session
= smb_sess
;
397 sess
->spnego
.out
.vuid
= smb_sess
->vuid
;
399 status
= auth_nt_status_squash(status
);
400 smbsrv_sesssetup_backend_send(req
, sess
, status
);
401 if (!NT_STATUS_IS_OK(status
) &&
402 !NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
403 talloc_free(smb_sess
);
408 handler for SPNEGO style session setup
410 static void sesssetup_spnego(struct smbsrv_request
*req
, union smb_sesssetup
*sess
)
413 struct smbsrv_session
*smb_sess
= NULL
;
414 struct sesssetup_spnego_state
*s
= NULL
;
416 struct tevent_req
*subreq
;
418 sess
->spnego
.out
.vuid
= 0;
419 sess
->spnego
.out
.action
= 0;
421 sesssetup_common_strings(req
,
422 &sess
->spnego
.out
.os
,
423 &sess
->spnego
.out
.lanman
,
424 &sess
->spnego
.out
.workgroup
);
426 if (!req
->smb_conn
->negotiate
.done_sesssetup
) {
427 req
->smb_conn
->negotiate
.max_send
= sess
->spnego
.in
.bufsize
;
428 req
->smb_conn
->negotiate
.client_caps
= sess
->spnego
.in
.capabilities
;
431 vuid
= SVAL(req
->in
.hdr
,HDR_UID
);
433 /* lookup an existing session */
434 smb_sess
= smbsrv_session_find_sesssetup(req
->smb_conn
, vuid
);
436 struct gensec_security
*gensec_ctx
;
438 status
= samba_server_gensec_start(req
,
439 req
->smb_conn
->connection
->event
.ctx
,
440 req
->smb_conn
->connection
->msg_ctx
,
441 req
->smb_conn
->lp_ctx
,
442 req
->smb_conn
->negotiate
.server_credentials
,
445 if (!NT_STATUS_IS_OK(status
)) {
446 DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status
)));
450 gensec_want_feature(gensec_ctx
, GENSEC_FEATURE_SESSION_KEY
);
452 status
= gensec_start_mech_by_oid(gensec_ctx
, req
->smb_conn
->negotiate
.oid
);
453 if (!NT_STATUS_IS_OK(status
)) {
454 DEBUG(1, ("Failed to start GENSEC %s server code: %s\n",
455 gensec_get_name_by_oid(gensec_ctx
, req
->smb_conn
->negotiate
.oid
), nt_errstr(status
)));
459 /* allocate a new session */
460 smb_sess
= smbsrv_session_new(req
->smb_conn
, req
->smb_conn
, gensec_ctx
);
462 status
= NT_STATUS_INSUFFICIENT_RESOURCES
;
468 status
= NT_STATUS_ACCESS_DENIED
;
472 if (!smb_sess
->gensec_ctx
) {
473 status
= NT_STATUS_INTERNAL_ERROR
;
474 DEBUG(1, ("Internal ERROR: no gensec_ctx on session: %s\n", nt_errstr(status
)));
478 s
= talloc(req
, struct sesssetup_spnego_state
);
482 s
->smb_sess
= smb_sess
;
484 subreq
= gensec_update_send(s
,
485 req
->smb_conn
->connection
->event
.ctx
,
486 smb_sess
->gensec_ctx
,
487 sess
->spnego
.in
.secblob
);
491 tevent_req_set_callback(subreq
, sesssetup_spnego_send
, s
);
496 status
= NT_STATUS_NO_MEMORY
;
498 talloc_free(smb_sess
);
499 status
= auth_nt_status_squash(status
);
500 smbsrv_sesssetup_backend_send(req
, sess
, status
);
504 backend for sessionsetup call - this takes all 3 variants of the call
506 void smbsrv_sesssetup_backend(struct smbsrv_request
*req
,
507 union smb_sesssetup
*sess
)
509 switch (sess
->old
.level
) {
510 case RAW_SESSSETUP_OLD
:
511 sesssetup_old(req
, sess
);
514 case RAW_SESSSETUP_NT1
:
515 sesssetup_nt1(req
, sess
);
518 case RAW_SESSSETUP_SPNEGO
:
519 sesssetup_spnego(req
, sess
);
522 case RAW_SESSSETUP_SMB2
:
526 smbsrv_sesssetup_backend_send(req
, sess
, NT_STATUS_INVALID_LEVEL
);