2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/globals.h"
23 #include "../source4/libcli/smb2/smb2_constants.h"
25 static NTSTATUS
smbd_smb2_session_setup(struct smbd_smb2_request
*req
,
26 uint64_t in_session_id
,
27 uint8_t in_security_mode
,
28 DATA_BLOB in_security_buffer
,
29 uint16_t *out_session_flags
,
30 DATA_BLOB
*out_security_buffer
,
31 uint64_t *out_session_id
);
33 NTSTATUS
smbd_smb2_request_process_sesssetup(struct smbd_smb2_request
*req
)
36 const uint8_t *inbody
;
37 int i
= req
->current_idx
;
41 size_t expected_body_size
= 0x19;
43 uint64_t in_session_id
;
44 uint8_t in_security_mode
;
45 uint16_t in_security_offset
;
46 uint16_t in_security_length
;
47 DATA_BLOB in_security_buffer
;
48 uint16_t out_session_flags
;
49 uint64_t out_session_id
;
50 uint16_t out_security_offset
;
51 DATA_BLOB out_security_buffer
;
54 inhdr
= (const uint8_t *)req
->in
.vector
[i
+0].iov_base
;
56 if (req
->in
.vector
[i
+1].iov_len
!= (expected_body_size
& 0xFFFFFFFE)) {
57 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
60 inbody
= (const uint8_t *)req
->in
.vector
[i
+1].iov_base
;
62 body_size
= SVAL(inbody
, 0x00);
63 if (body_size
!= expected_body_size
) {
64 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
67 in_security_offset
= SVAL(inbody
, 0x0C);
68 in_security_length
= SVAL(inbody
, 0x0E);
70 if (in_security_offset
!= (SMB2_HDR_BODY
+ (body_size
& 0xFFFFFFFE))) {
71 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
74 if (in_security_length
> req
->in
.vector
[i
+2].iov_len
) {
75 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
78 in_session_id
= BVAL(inhdr
, SMB2_HDR_SESSION_ID
);
79 in_security_mode
= CVAL(inbody
, 0x03);
80 in_security_buffer
.data
= (uint8_t *)req
->in
.vector
[i
+2].iov_base
;
81 in_security_buffer
.length
= in_security_length
;
83 status
= smbd_smb2_session_setup(req
,
90 if (!NT_STATUS_IS_OK(status
) &&
91 !NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
92 status
= nt_status_squash(status
);
93 return smbd_smb2_request_error(req
, status
);
96 out_security_offset
= SMB2_HDR_BODY
+ 0x08;
98 outhdr
= (uint8_t *)req
->out
.vector
[i
].iov_base
;
100 outbody
= data_blob_talloc(req
->out
.vector
, NULL
, 0x08);
101 if (outbody
.data
== NULL
) {
102 return smbd_smb2_request_error(req
, NT_STATUS_NO_MEMORY
);
105 SBVAL(outhdr
, SMB2_HDR_SESSION_ID
, out_session_id
);
107 SSVAL(outbody
.data
, 0x00, 0x08 + 1); /* struct size */
108 SSVAL(outbody
.data
, 0x02,
109 out_session_flags
); /* session flags */
110 SSVAL(outbody
.data
, 0x04,
111 out_security_offset
); /* security buffer offset */
112 SSVAL(outbody
.data
, 0x06,
113 out_security_buffer
.length
); /* security buffer length */
115 outdyn
= out_security_buffer
;
117 return smbd_smb2_request_done_ex(req
, status
, outbody
, &outdyn
);
120 static int smbd_smb2_session_destructor(struct smbd_smb2_session
*session
)
122 if (session
->conn
== NULL
) {
126 /* first free all tcons */
127 while (session
->tcons
.list
) {
128 talloc_free(session
->tcons
.list
);
131 idr_remove(session
->conn
->smb2
.sessions
.idtree
, session
->vuid
);
132 DLIST_REMOVE(session
->conn
->smb2
.sessions
.list
, session
);
135 session
->status
= NT_STATUS_USER_SESSION_DELETED
;
136 session
->conn
= NULL
;
141 static NTSTATUS
smbd_smb2_session_setup(struct smbd_smb2_request
*req
,
142 uint64_t in_session_id
,
143 uint8_t in_security_mode
,
144 DATA_BLOB in_security_buffer
,
145 uint16_t *out_session_flags
,
146 DATA_BLOB
*out_security_buffer
,
147 uint64_t *out_session_id
)
149 struct smbd_smb2_session
*session
;
152 *out_session_flags
= 0;
154 if (in_session_id
== 0) {
157 /* create a new session */
158 session
= talloc_zero(req
->conn
, struct smbd_smb2_session
);
159 if (session
== NULL
) {
160 return NT_STATUS_NO_MEMORY
;
162 session
->status
= NT_STATUS_MORE_PROCESSING_REQUIRED
;
163 id
= idr_get_new_random(req
->conn
->smb2
.sessions
.idtree
,
165 req
->conn
->smb2
.sessions
.limit
);
167 return NT_STATUS_INSUFFICIENT_RESOURCES
;
171 session
->tcons
.idtree
= idr_init(session
);
172 if (session
->tcons
.idtree
== NULL
) {
173 return NT_STATUS_NO_MEMORY
;
175 session
->tcons
.limit
= 0x0000FFFE;
176 session
->tcons
.list
= NULL
;
178 DLIST_ADD_END(req
->conn
->smb2
.sessions
.list
, session
,
179 struct smbd_smb2_session
*);
180 session
->conn
= req
->conn
;
181 talloc_set_destructor(session
, smbd_smb2_session_destructor
);
185 /* lookup an existing session */
186 p
= idr_find(req
->conn
->smb2
.sessions
.idtree
, in_session_id
);
188 return NT_STATUS_USER_SESSION_DELETED
;
190 session
= talloc_get_type_abort(p
, struct smbd_smb2_session
);
193 if (NT_STATUS_IS_OK(session
->status
)) {
194 return NT_STATUS_REQUEST_NOT_ACCEPTED
;
197 if (session
->auth_ntlmssp_state
== NULL
) {
198 status
= auth_ntlmssp_start(&session
->auth_ntlmssp_state
);
199 if (!NT_STATUS_IS_OK(status
)) {
200 TALLOC_FREE(session
);
205 status
= auth_ntlmssp_update(session
->auth_ntlmssp_state
,
207 out_security_buffer
);
208 if (NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
209 *out_session_id
= session
->vuid
;
211 } else if (!NT_STATUS_IS_OK(status
)) {
212 TALLOC_FREE(session
);
216 /* TODO: setup session key for signing */
218 if ((in_security_mode
& SMB2_NEGOTIATE_SIGNING_REQUIRED
) ||
219 lp_server_signing() == Required
) {
220 session
->do_signing
= true;
223 if (session
->auth_ntlmssp_state
->server_info
->guest
) {
224 /* we map anonymous to guest internally */
225 *out_session_flags
|= SMB2_SESSION_FLAG_IS_GUEST
;
226 *out_session_flags
|= SMB2_SESSION_FLAG_IS_NULL
;
227 /* force no signing */
228 session
->do_signing
= false;
231 session
->server_info
= session
->auth_ntlmssp_state
->server_info
;
232 data_blob_free(&session
->server_info
->user_session_key
);
233 session
->server_info
->user_session_key
=
235 session
->server_info
,
236 session
->auth_ntlmssp_state
->ntlmssp_state
->session_key
.data
,
237 session
->auth_ntlmssp_state
->ntlmssp_state
->session_key
.length
);
238 if (session
->auth_ntlmssp_state
->ntlmssp_state
->session_key
.length
> 0) {
239 if (session
->server_info
->user_session_key
.data
== NULL
) {
240 TALLOC_FREE(session
);
241 return NT_STATUS_NO_MEMORY
;
244 session
->session_key
= session
->server_info
->user_session_key
;
246 session
->compat_vuser
= talloc_zero(session
, user_struct
);
247 if (session
->compat_vuser
== NULL
) {
248 TALLOC_FREE(session
);
249 return NT_STATUS_NO_MEMORY
;
251 session
->compat_vuser
->auth_ntlmssp_state
= session
->auth_ntlmssp_state
;
252 session
->compat_vuser
->homes_snum
= -1;
253 session
->compat_vuser
->server_info
= session
->server_info
;
254 session
->compat_vuser
->session_keystr
= NULL
;
255 session
->compat_vuser
->vuid
= session
->vuid
;
256 DLIST_ADD(session
->conn
->smb1
.sessions
.validated_users
, session
->compat_vuser
);
258 session
->status
= NT_STATUS_OK
;
261 * we attach the session to the request
262 * so that the response can be signed
264 req
->session
= session
;
265 if (session
->do_signing
) {
266 req
->do_signing
= true;
269 *out_session_id
= session
->vuid
;
273 NTSTATUS
smbd_smb2_request_check_session(struct smbd_smb2_request
*req
)
275 const uint8_t *inhdr
;
276 int i
= req
->current_idx
;
277 uint64_t in_session_id
;
279 struct smbd_smb2_session
*session
;
281 inhdr
= (const uint8_t *)req
->in
.vector
[i
+0].iov_base
;
283 in_session_id
= BVAL(inhdr
, SMB2_HDR_SESSION_ID
);
285 /* lookup an existing session */
286 p
= idr_find(req
->conn
->smb2
.sessions
.idtree
, in_session_id
);
288 return NT_STATUS_USER_SESSION_DELETED
;
290 session
= talloc_get_type_abort(p
, struct smbd_smb2_session
);
292 if (!NT_STATUS_IS_OK(session
->status
)) {
293 return NT_STATUS_ACCESS_DENIED
;
296 set_current_user_info(session
->server_info
->sanitized_username
,
297 session
->server_info
->unix_name
,
298 pdb_get_domain(session
->server_info
->sam_account
));
300 req
->session
= session
;
304 NTSTATUS
smbd_smb2_request_process_logoff(struct smbd_smb2_request
*req
)
306 const uint8_t *inbody
;
307 int i
= req
->current_idx
;
309 size_t expected_body_size
= 0x04;
312 if (req
->in
.vector
[i
+1].iov_len
!= (expected_body_size
& 0xFFFFFFFE)) {
313 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
316 inbody
= (const uint8_t *)req
->in
.vector
[i
+1].iov_base
;
318 body_size
= SVAL(inbody
, 0x00);
319 if (body_size
!= expected_body_size
) {
320 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
324 * TODO: cancel all outstanding requests on the session
325 * and delete all tree connections.
327 smbd_smb2_session_destructor(req
->session
);
329 * we may need to sign the response, so we need to keep
330 * the session until the response is sent to the wire.
332 talloc_steal(req
, req
->session
);
334 outbody
= data_blob_talloc(req
->out
.vector
, NULL
, 0x04);
335 if (outbody
.data
== NULL
) {
336 return smbd_smb2_request_error(req
, NT_STATUS_NO_MEMORY
);
339 SSVAL(outbody
.data
, 0x00, 0x04); /* struct size */
340 SSVAL(outbody
.data
, 0x02, 0); /* reserved */
342 return smbd_smb2_request_done(req
, outbody
, NULL
);