search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-torture: smb2 copychunk data integrity checks
[Samba/gbeck.git] / source3 / libsmb / smb2cli_session.c
blobf09932a5d546d421ac066becdb55039de0ef0c51
1 /*
2 Unix SMB/CIFS implementation.
3 smb2 lib
4 Copyright (C) Volker Lendecke 2011
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "client.h"
22 #include "async_smb.h"
23 #include "smb2cli_base.h"
24 #include "smb2cli.h"
25 #include "libsmb/proto.h"
26 #include "lib/util/tevent_ntstatus.h"
27 #include "../libcli/auth/spnego.h"
28 #include "../auth/ntlmssp/ntlmssp.h"
29
30 struct smb2cli_session_setup_state {
31 uint8_t fixed[24];
32 uint8_t dyn_pad[1];
33 uint64_t uid;
34 DATA_BLOB out;
35 };
36
37 static void smb2cli_session_setup_done(struct tevent_req *subreq);
38
39 static struct tevent_req *smb2cli_session_setup_send(TALLOC_CTX *mem_ctx,
40 struct tevent_context *ev,
41 struct cli_state *cli,
42 DATA_BLOB *blob)
43 {
44 struct tevent_req *req, *subreq;
45 struct smb2cli_session_setup_state *state;
46 uint8_t *buf;
47 uint8_t *dyn;
48 size_t dyn_len;
49
50 req = tevent_req_create(mem_ctx, &state,
51 struct smb2cli_session_setup_state);
52 if (req == NULL) {
53 return NULL;
54 }
55
56 buf = state->fixed;
57
58 SSVAL(buf, 0, 25);
59 SCVAL(buf, 2, 0); /* VcNumber */
60 SCVAL(buf, 3, 0); /* SecurityMode */
61 SIVAL(buf, 4, 0); /* Capabilities */
62 SIVAL(buf, 8, 0); /* Channel */
63 SSVAL(buf, 12, SMB2_HDR_BODY + 24); /* SecurityBufferOffset */
64 SSVAL(buf, 14, blob->length);
65 SBVAL(buf, 16, 0); /* PreviousSessionId */
66
67 if (blob->length > 0) {
68 dyn = blob->data;
69 dyn_len = blob->length;
70 } else {
71 dyn = state->dyn_pad;;
72 dyn_len = sizeof(state->dyn_pad);
73 }
74
75 subreq = smb2cli_req_send(state, ev, cli, SMB2_OP_SESSSETUP,
76 0, 0, /* flags */
77 cli->timeout,
78 cli->smb2.pid,
79 0, /* tid */
80 cli->smb2.uid,
81 state->fixed, sizeof(state->fixed),
82 dyn, dyn_len);
83 if (tevent_req_nomem(subreq, req)) {
84 return tevent_req_post(req, ev);
85 }
86 tevent_req_set_callback(subreq, smb2cli_session_setup_done, req);
87 return req;
88 }
89
90 static void smb2cli_session_setup_done(struct tevent_req *subreq)
91 {
92 struct tevent_req *req =
93 tevent_req_callback_data(subreq,
94 struct tevent_req);
95 struct smb2cli_session_setup_state *state =
96 tevent_req_data(req,
97 struct smb2cli_session_setup_state);
98 NTSTATUS status;
99 struct iovec *iov;
100 uint16_t offset, length;
101 static const struct smb2cli_req_expected_response expected[] = {
102 {
103 .status = NT_STATUS_MORE_PROCESSING_REQUIRED,
104 .body_size = 0x09
105 },
106 {
107 .status = NT_STATUS_OK,
108 .body_size = 0x09
109 }
110 };
111
112 status = smb2cli_req_recv(subreq, talloc_tos(), &iov,
113 expected, ARRAY_SIZE(expected));
114 if (!NT_STATUS_IS_OK(status) &&
115 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
116 TALLOC_FREE(subreq);
117 tevent_req_nterror(req, status);
118 return;
119 }
120
121 offset = SVAL(iov[1].iov_base, 4);
122 length = SVAL(iov[1].iov_base, 6);
123
124 if ((offset != SMB2_HDR_BODY + 8) || (length > iov[2].iov_len)) {
125 TALLOC_FREE(subreq);
126 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
127 return;
128 }
129 state->uid = BVAL(iov[0].iov_base, SMB2_HDR_SESSION_ID);
130 state->out.data = (uint8_t *)iov[2].iov_base;
131 state->out.length = length;
132 if (!NT_STATUS_IS_OK(status)) {
133 tevent_req_nterror(req, status);
134 return;
135 }
136 tevent_req_done(req);
137 }
138
139 static NTSTATUS smb2cli_session_setup_recv(struct tevent_req *req,
140 uint64_t *uid, DATA_BLOB *out)
141 {
142 struct smb2cli_session_setup_state *state =
143 tevent_req_data(req,
144 struct smb2cli_session_setup_state);
145 NTSTATUS status = NT_STATUS_OK;
146
147 if (tevent_req_is_nterror(req, &status)
148 && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
149 return status;
150 }
151 *uid = state->uid;
152 *out = state->out;
153 return status;
154 }
155
156 struct smb2cli_sesssetup_ntlmssp_state {
157 struct tevent_context *ev;
158 struct cli_state *cli;
159 struct ntlmssp_state *ntlmssp;
160 struct iovec iov[2];
161 uint8_t fixed[24];
162 DATA_BLOB msg;
163 int turn;
164 };
165
166 static void smb2cli_sesssetup_ntlmssp_done(struct tevent_req *subreq);
167
168 struct tevent_req *smb2cli_sesssetup_ntlmssp_send(TALLOC_CTX *mem_ctx,
169 struct tevent_context *ev,
170 struct cli_state *cli,
171 const char *user,
172 const char *domain,
173 const char *pass)
174 {
175 struct tevent_req *req, *subreq;
176 struct smb2cli_sesssetup_ntlmssp_state *state;
177 NTSTATUS status;
178 DATA_BLOB blob_out;
179 const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
180
181 req = tevent_req_create(mem_ctx, &state,
182 struct smb2cli_sesssetup_ntlmssp_state);
183 if (req == NULL) {
184 return NULL;
185 }
186 state->ev = ev;
187 state->cli = cli;
188
189 status = ntlmssp_client_start(state,
190 lp_netbios_name(),
191 lp_workgroup(),
192 lp_client_ntlmv2_auth(),
193 &state->ntlmssp);
194 if (!NT_STATUS_IS_OK(status)) {
195 goto post_status;
196 }
197 ntlmssp_want_feature(state->ntlmssp,
198 NTLMSSP_FEATURE_SESSION_KEY);
199 status = ntlmssp_set_username(state->ntlmssp, user);
200 if (!NT_STATUS_IS_OK(status)) {
201 goto post_status;
202 }
203 status = ntlmssp_set_domain(state->ntlmssp, domain);
204 if (!NT_STATUS_IS_OK(status)) {
205 goto post_status;
206 }
207 status = ntlmssp_set_password(state->ntlmssp, pass);
208 if (!NT_STATUS_IS_OK(status)) {
209 goto post_status;
210 }
211
212 status = ntlmssp_update(state->ntlmssp, data_blob_null, &blob_out);
213 if (!NT_STATUS_IS_OK(status)
214 && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
215 goto post_status;
216 }
217
218 blob_out = spnego_gen_negTokenInit(state, OIDs_ntlm, &blob_out, NULL);
219 state->turn = 1;
220
221 subreq = smb2cli_session_setup_send(
222 state, state->ev, state->cli, &blob_out);
223 if (tevent_req_nomem(subreq, req)) {
224 return tevent_req_post(req, ev);
225 }
226 tevent_req_set_callback(subreq, smb2cli_sesssetup_ntlmssp_done, req);
227 return req;
228 post_status:
229 tevent_req_nterror(req, status);
230 return tevent_req_post(req, ev);
231 }
232
233 static void smb2cli_sesssetup_ntlmssp_done(struct tevent_req *subreq)
234 {
235 struct tevent_req *req =
236 tevent_req_callback_data(subreq,
237 struct tevent_req);
238 struct smb2cli_sesssetup_ntlmssp_state *state =
239 tevent_req_data(req,
240 struct smb2cli_sesssetup_ntlmssp_state);
241 NTSTATUS status;
242 uint64_t uid = 0;
243 DATA_BLOB blob, blob_in, blob_out, spnego_blob;
244 bool ret;
245
246 status = smb2cli_session_setup_recv(subreq, &uid, &blob);
247 if (!NT_STATUS_IS_OK(status)
248 && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
249 TALLOC_FREE(subreq);
250 tevent_req_nterror(req, status);
251 return;
252 }
253
254 if (NT_STATUS_IS_OK(status)) {
255 TALLOC_FREE(subreq);
256 tevent_req_done(req);
257 return;
258 }
259
260 if (state->turn == 1) {
261 DATA_BLOB tmp_blob = data_blob_null;
262 ret = spnego_parse_challenge(state, blob, &blob_in, &tmp_blob);
263 data_blob_free(&tmp_blob);
264 } else {
265 ret = spnego_parse_auth_response(state, blob, status,
266 OID_NTLMSSP, &blob_in);
267 }
268 TALLOC_FREE(subreq);
269 if (!ret) {
270 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
271 return;
272 }
273
274 status = ntlmssp_update(state->ntlmssp, blob_in, &blob_out);
275 data_blob_free(&blob_in);
276 state->turn += 1;
277
278 if (!NT_STATUS_IS_OK(status)) {
279 tevent_req_nterror(req, status);
280 return;
281 }
282
283 state->cli->smb2.uid = uid;
284
285 spnego_blob = spnego_gen_auth(state, blob_out);
286 TALLOC_FREE(subreq);
287 if (tevent_req_nomem(spnego_blob.data, req)) {
288 return;
289 }
290
291 subreq = smb2cli_session_setup_send(
292 state, state->ev, state->cli, &spnego_blob);
293 if (tevent_req_nomem(subreq, req)) {
294 return;
295 }
296 tevent_req_set_callback(subreq, smb2cli_sesssetup_ntlmssp_done, req);
297 }
298
299 NTSTATUS smb2cli_sesssetup_ntlmssp_recv(struct tevent_req *req)
300 {
301 return tevent_req_simple_recv_ntstatus(req);
302 }
303
304 NTSTATUS smb2cli_sesssetup_ntlmssp(struct cli_state *cli, const char *user,
305 const char *domain, const char *pass)
306 {
307 TALLOC_CTX *frame = talloc_stackframe();
308 struct event_context *ev;
309 struct tevent_req *req;
310 NTSTATUS status = NT_STATUS_NO_MEMORY;
311
312 if (cli_has_async_calls(cli)) {
313 /*
314 * Can't use sync call while an async call is in flight
315 */
316 status = NT_STATUS_INVALID_PARAMETER;
317 goto fail;
318 }
319 ev = event_context_init(frame);
320 if (ev == NULL) {
321 goto fail;
322 }
323 req = smb2cli_sesssetup_ntlmssp_send(frame, ev, cli, user, domain, pass);
324 if (req == NULL) {
325 goto fail;
326 }
327 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
328 goto fail;
329 }
330 status = smb2cli_sesssetup_ntlmssp_recv(req);
331 fail:
332 TALLOC_FREE(frame);
333 return status;
334 }
335
336 struct smb2cli_logoff_state {
337 uint8_t fixed[4];
338 };
339
340 static void smb2cli_logoff_done(struct tevent_req *subreq);
341
342 struct tevent_req *smb2cli_logoff_send(TALLOC_CTX *mem_ctx,
343 struct tevent_context *ev,
344 struct cli_state *cli)
345 {
346 struct tevent_req *req, *subreq;
347 struct smb2cli_logoff_state *state;
348
349 req = tevent_req_create(mem_ctx, &state,
350 struct smb2cli_logoff_state);
351 if (req == NULL) {
352 return NULL;
353 }
354 SSVAL(state->fixed, 0, 4);
355
356 subreq = smb2cli_req_send(state, ev, cli, SMB2_OP_LOGOFF,
357 0, 0, /* flags */
358 cli->timeout,
359 cli->smb2.pid,
360 0, /* tid */
361 cli->smb2.uid,
362 state->fixed, sizeof(state->fixed),
363 NULL, 0);
364 if (tevent_req_nomem(subreq, req)) {
365 return tevent_req_post(req, ev);
366 }
367 tevent_req_set_callback(subreq, smb2cli_logoff_done, req);
368 return req;
369 }
370
371 static void smb2cli_logoff_done(struct tevent_req *subreq)
372 {
373 struct tevent_req *req =
374 tevent_req_callback_data(subreq,
375 struct tevent_req);
376 NTSTATUS status;
377 struct iovec *iov;
378 static const struct smb2cli_req_expected_response expected[] = {
379 {
380 .status = NT_STATUS_OK,
381 .body_size = 0x04
382 }
383 };
384
385 status = smb2cli_req_recv(subreq, talloc_tos(), &iov,
386 expected, ARRAY_SIZE(expected));
387 TALLOC_FREE(subreq);
388 if (tevent_req_nterror(req, status)) {
389 return;
390 }
391 tevent_req_done(req);
392 }
393
394 NTSTATUS smb2cli_logoff_recv(struct tevent_req *req)
395 {
396 return tevent_req_simple_recv_ntstatus(req);
397 }
398
399 NTSTATUS smb2cli_logoff(struct cli_state *cli)
400 {
401 TALLOC_CTX *frame = talloc_stackframe();
402 struct event_context *ev;
403 struct tevent_req *req;
404 NTSTATUS status = NT_STATUS_NO_MEMORY;
405
406 if (cli_has_async_calls(cli)) {
407 /*
408 * Can't use sync call while an async call is in flight
409 */
410 status = NT_STATUS_INVALID_PARAMETER;
411 goto fail;
412 }
413 ev = event_context_init(frame);
414 if (ev == NULL) {
415 goto fail;
416 }
417 req = smb2cli_logoff_send(frame, ev, cli);
418 if (req == NULL) {
419 goto fail;
420 }
421 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
422 goto fail;
423 }
424 status = smb2cli_logoff_recv(req);
425 fail:
426 TALLOC_FREE(frame);
427 return status;
428 }
WIP