2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
6 Copyright (C) Jeremy Allison 2010
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "../libcli/smb/smb_common.h"
26 #include "../auth/gensec/gensec.h"
28 #include "../lib/tsocket/tsocket.h"
29 #include "../libcli/security/security.h"
30 #include "../lib/util/tevent_ntstatus.h"
32 static struct tevent_req
*smbd_smb2_session_setup_send(TALLOC_CTX
*mem_ctx
,
33 struct tevent_context
*ev
,
34 struct smbd_smb2_request
*smb2req
,
35 uint64_t in_session_id
,
37 uint8_t in_security_mode
,
38 uint64_t in_previous_session_id
,
39 DATA_BLOB in_security_buffer
);
40 static NTSTATUS
smbd_smb2_session_setup_recv(struct tevent_req
*req
,
41 uint16_t *out_session_flags
,
43 DATA_BLOB
*out_security_buffer
,
44 uint64_t *out_session_id
);
46 static void smbd_smb2_request_sesssetup_done(struct tevent_req
*subreq
);
48 NTSTATUS
smbd_smb2_request_process_sesssetup(struct smbd_smb2_request
*smb2req
)
51 const uint8_t *inbody
;
52 int i
= smb2req
->current_idx
;
53 uint64_t in_session_id
;
55 uint8_t in_security_mode
;
56 uint64_t in_previous_session_id
;
57 uint16_t in_security_offset
;
58 uint16_t in_security_length
;
59 DATA_BLOB in_security_buffer
;
61 struct tevent_req
*subreq
;
63 status
= smbd_smb2_request_verify_sizes(smb2req
, 0x19);
64 if (!NT_STATUS_IS_OK(status
)) {
65 return smbd_smb2_request_error(smb2req
, status
);
67 inhdr
= (const uint8_t *)smb2req
->in
.vector
[i
+0].iov_base
;
68 inbody
= (const uint8_t *)smb2req
->in
.vector
[i
+1].iov_base
;
70 in_session_id
= BVAL(inhdr
, SMB2_HDR_SESSION_ID
);
72 in_flags
= CVAL(inbody
, 0x02);
73 in_security_mode
= CVAL(inbody
, 0x03);
74 /* Capabilities = IVAL(inbody, 0x04) */
75 /* Channel = IVAL(inbody, 0x08) */
76 in_security_offset
= SVAL(inbody
, 0x0C);
77 in_security_length
= SVAL(inbody
, 0x0E);
78 in_previous_session_id
= BVAL(inbody
, 0x10);
80 if (in_security_offset
!= (SMB2_HDR_BODY
+ smb2req
->in
.vector
[i
+1].iov_len
)) {
81 return smbd_smb2_request_error(smb2req
, NT_STATUS_INVALID_PARAMETER
);
84 if (in_security_length
> smb2req
->in
.vector
[i
+2].iov_len
) {
85 return smbd_smb2_request_error(smb2req
, NT_STATUS_INVALID_PARAMETER
);
88 in_security_buffer
.data
= (uint8_t *)smb2req
->in
.vector
[i
+2].iov_base
;
89 in_security_buffer
.length
= in_security_length
;
91 subreq
= smbd_smb2_session_setup_send(smb2req
,
92 smb2req
->sconn
->ev_ctx
,
97 in_previous_session_id
,
100 return smbd_smb2_request_error(smb2req
, NT_STATUS_NO_MEMORY
);
102 tevent_req_set_callback(subreq
, smbd_smb2_request_sesssetup_done
, smb2req
);
104 return smbd_smb2_request_pending_queue(smb2req
, subreq
, 500);
107 static void smbd_smb2_request_sesssetup_done(struct tevent_req
*subreq
)
109 struct smbd_smb2_request
*smb2req
=
110 tevent_req_callback_data(subreq
,
111 struct smbd_smb2_request
);
112 int i
= smb2req
->current_idx
;
116 uint16_t out_session_flags
;
117 uint64_t out_session_id
;
118 uint16_t out_security_offset
;
119 DATA_BLOB out_security_buffer
= data_blob_null
;
121 NTSTATUS error
; /* transport error */
123 status
= smbd_smb2_session_setup_recv(subreq
,
126 &out_security_buffer
,
129 if (!NT_STATUS_IS_OK(status
) &&
130 !NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
131 status
= nt_status_squash(status
);
132 error
= smbd_smb2_request_error(smb2req
, status
);
133 if (!NT_STATUS_IS_OK(error
)) {
134 smbd_server_connection_terminate(smb2req
->sconn
,
141 out_security_offset
= SMB2_HDR_BODY
+ 0x08;
143 outhdr
= (uint8_t *)smb2req
->out
.vector
[i
].iov_base
;
145 outbody
= data_blob_talloc(smb2req
->out
.vector
, NULL
, 0x08);
146 if (outbody
.data
== NULL
) {
147 error
= smbd_smb2_request_error(smb2req
, NT_STATUS_NO_MEMORY
);
148 if (!NT_STATUS_IS_OK(error
)) {
149 smbd_server_connection_terminate(smb2req
->sconn
,
156 SBVAL(outhdr
, SMB2_HDR_SESSION_ID
, out_session_id
);
158 SSVAL(outbody
.data
, 0x00, 0x08 + 1); /* struct size */
159 SSVAL(outbody
.data
, 0x02,
160 out_session_flags
); /* session flags */
161 SSVAL(outbody
.data
, 0x04,
162 out_security_offset
); /* security buffer offset */
163 SSVAL(outbody
.data
, 0x06,
164 out_security_buffer
.length
); /* security buffer length */
166 outdyn
= out_security_buffer
;
168 error
= smbd_smb2_request_done_ex(smb2req
, status
, outbody
, &outdyn
,
170 if (!NT_STATUS_IS_OK(error
)) {
171 smbd_server_connection_terminate(smb2req
->sconn
,
177 static int smbd_smb2_session_destructor(struct smbd_smb2_session
*session
)
179 if (session
->sconn
== NULL
) {
183 file_close_user(session
->sconn
, session
->vuid
);
185 /* first free all tcons */
186 while (session
->tcons
.list
) {
187 talloc_free(session
->tcons
.list
);
190 idr_remove(session
->sconn
->smb2
.sessions
.idtree
, session
->vuid
);
191 DLIST_REMOVE(session
->sconn
->smb2
.sessions
.list
, session
);
192 invalidate_vuid(session
->sconn
, session
->vuid
);
195 session
->status
= NT_STATUS_USER_SESSION_DELETED
;
196 session
->sconn
= NULL
;
201 static NTSTATUS
smbd_smb2_auth_generic_return(struct smbd_smb2_session
*session
,
202 struct smbd_smb2_request
*smb2req
,
203 uint8_t in_security_mode
,
204 uint64_t in_previous_session_id
,
205 DATA_BLOB in_security_buffer
,
206 uint16_t *out_session_flags
,
207 uint64_t *out_session_id
)
211 if ((in_security_mode
& SMB2_NEGOTIATE_SIGNING_REQUIRED
) ||
212 lp_server_signing() == SMB_SIGNING_REQUIRED
) {
213 session
->do_signing
= true;
216 if (security_session_user_level(session
->session_info
, NULL
) < SECURITY_USER
) {
217 /* we map anonymous to guest internally */
218 *out_session_flags
|= SMB2_SESSION_FLAG_IS_GUEST
;
219 *out_session_flags
|= SMB2_SESSION_FLAG_IS_NULL
;
220 /* force no signing */
221 session
->do_signing
= false;
225 session
->session_key
= session
->session_info
->session_key
;
227 session
->compat_vuser
= talloc_zero(session
, struct user_struct
);
228 if (session
->compat_vuser
== NULL
) {
229 TALLOC_FREE(session
);
230 return NT_STATUS_NO_MEMORY
;
232 session
->compat_vuser
->gensec_security
= session
->gensec_security
;
233 session
->compat_vuser
->homes_snum
= -1;
234 session
->compat_vuser
->session_info
= session
->session_info
;
235 session
->compat_vuser
->session_keystr
= NULL
;
236 session
->compat_vuser
->vuid
= session
->vuid
;
237 DLIST_ADD(session
->sconn
->users
, session
->compat_vuser
);
238 session
->sconn
->num_users
++;
240 if (security_session_user_level(session
->session_info
, NULL
) >= SECURITY_USER
) {
241 session
->compat_vuser
->homes_snum
=
242 register_homes_share(session
->session_info
->unix_info
->unix_name
);
245 if (!session_claim(session
->sconn
, session
->compat_vuser
)) {
246 DEBUG(1, ("smb2: Failed to claim session "
248 (unsigned long long)session
->compat_vuser
->vuid
));
249 TALLOC_FREE(session
);
250 return NT_STATUS_LOGON_FAILURE
;
253 set_current_user_info(session
->session_info
->unix_info
->sanitized_username
,
254 session
->session_info
->unix_info
->unix_name
,
255 session
->session_info
->info
->domain_name
);
257 reload_services(smb2req
->sconn
, conn_snum_used
, true);
259 session
->status
= NT_STATUS_OK
;
262 * we attach the session to the request
263 * so that the response can be signed
265 smb2req
->session
= session
;
267 smb2req
->do_signing
= true;
270 global_client_caps
|= (CAP_LEVEL_II_OPLOCKS
|CAP_STATUS32
);
272 *out_session_id
= session
->vuid
;
277 static NTSTATUS
smbd_smb2_auth_generic(struct smbd_smb2_session
*session
,
278 struct smbd_smb2_request
*smb2req
,
279 uint8_t in_security_mode
,
280 uint64_t in_previous_session_id
,
281 DATA_BLOB in_security_buffer
,
282 uint16_t *out_session_flags
,
283 DATA_BLOB
*out_security_buffer
,
284 uint64_t *out_session_id
)
288 *out_security_buffer
= data_blob_null
;
290 if (session
->gensec_security
== NULL
) {
291 status
= auth_generic_prepare(session
, session
->sconn
->remote_address
,
292 &session
->gensec_security
);
293 if (!NT_STATUS_IS_OK(status
)) {
294 TALLOC_FREE(session
);
298 gensec_want_feature(session
->gensec_security
, GENSEC_FEATURE_SESSION_KEY
);
299 gensec_want_feature(session
->gensec_security
, GENSEC_FEATURE_UNIX_TOKEN
);
301 status
= gensec_start_mech_by_oid(session
->gensec_security
, GENSEC_OID_SPNEGO
);
302 if (!NT_STATUS_IS_OK(status
)) {
303 TALLOC_FREE(session
);
309 status
= gensec_update(session
->gensec_security
,
312 out_security_buffer
);
314 if (!NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
) &&
315 !NT_STATUS_IS_OK(status
)) {
316 TALLOC_FREE(session
);
317 return nt_status_squash(status
);
320 if (NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
321 *out_session_id
= session
->vuid
;
325 status
= gensec_session_info(session
->gensec_security
,
327 &session
->session_info
);
329 if (!NT_STATUS_IS_OK(status
)) {
330 TALLOC_FREE(session
);
333 *out_session_id
= session
->vuid
;
335 return smbd_smb2_auth_generic_return(session
,
338 in_previous_session_id
,
344 static NTSTATUS
smbd_smb2_session_setup(struct smbd_smb2_request
*smb2req
,
345 uint64_t in_session_id
,
347 uint8_t in_security_mode
,
348 uint64_t in_previous_session_id
,
349 DATA_BLOB in_security_buffer
,
350 uint16_t *out_session_flags
,
351 DATA_BLOB
*out_security_buffer
,
352 uint64_t *out_session_id
)
354 struct smbd_smb2_session
*session
;
356 *out_session_flags
= 0;
359 if (in_session_id
== 0) {
362 /* create a new session */
363 session
= talloc_zero(smb2req
->sconn
, struct smbd_smb2_session
);
364 if (session
== NULL
) {
365 return NT_STATUS_NO_MEMORY
;
367 session
->status
= NT_STATUS_MORE_PROCESSING_REQUIRED
;
368 id
= idr_get_new_random(smb2req
->sconn
->smb2
.sessions
.idtree
,
370 smb2req
->sconn
->smb2
.sessions
.limit
);
372 return NT_STATUS_INSUFFICIENT_RESOURCES
;
376 session
->tcons
.idtree
= idr_init(session
);
377 if (session
->tcons
.idtree
== NULL
) {
378 return NT_STATUS_NO_MEMORY
;
380 session
->tcons
.limit
= 0x0000FFFE;
381 session
->tcons
.list
= NULL
;
383 DLIST_ADD_END(smb2req
->sconn
->smb2
.sessions
.list
, session
,
384 struct smbd_smb2_session
*);
385 session
->sconn
= smb2req
->sconn
;
386 talloc_set_destructor(session
, smbd_smb2_session_destructor
);
390 /* lookup an existing session */
391 p
= idr_find(smb2req
->sconn
->smb2
.sessions
.idtree
, in_session_id
);
393 return NT_STATUS_USER_SESSION_DELETED
;
395 session
= talloc_get_type_abort(p
, struct smbd_smb2_session
);
398 if (NT_STATUS_IS_OK(session
->status
)) {
399 return NT_STATUS_REQUEST_NOT_ACCEPTED
;
402 return smbd_smb2_auth_generic(session
,
405 in_previous_session_id
,
412 struct smbd_smb2_session_setup_state
{
413 struct tevent_context
*ev
;
414 struct smbd_smb2_request
*smb2req
;
415 uint64_t in_session_id
;
417 uint8_t in_security_mode
;
418 uint64_t in_previous_session_id
;
419 DATA_BLOB in_security_buffer
;
420 uint16_t out_session_flags
;
421 DATA_BLOB out_security_buffer
;
422 uint64_t out_session_id
;
425 static struct tevent_req
*smbd_smb2_session_setup_send(TALLOC_CTX
*mem_ctx
,
426 struct tevent_context
*ev
,
427 struct smbd_smb2_request
*smb2req
,
428 uint64_t in_session_id
,
430 uint8_t in_security_mode
,
431 uint64_t in_previous_session_id
,
432 DATA_BLOB in_security_buffer
)
434 struct tevent_req
*req
;
435 struct smbd_smb2_session_setup_state
*state
;
438 req
= tevent_req_create(mem_ctx
, &state
,
439 struct smbd_smb2_session_setup_state
);
444 state
->smb2req
= smb2req
;
445 state
->in_session_id
= in_session_id
;
446 state
->in_flags
= in_flags
;
447 state
->in_security_mode
= in_security_mode
;
448 state
->in_previous_session_id
= in_previous_session_id
;
449 state
->in_security_buffer
= in_security_buffer
;
451 status
= smbd_smb2_session_setup(smb2req
,
455 in_previous_session_id
,
457 &state
->out_session_flags
,
458 &state
->out_security_buffer
,
459 &state
->out_session_id
);
460 if (NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
) ||
461 NT_STATUS_IS_OK(status
))
463 talloc_steal(state
, state
->out_security_buffer
.data
);
465 if (tevent_req_nterror(req
, status
)) {
466 return tevent_req_post(req
, ev
);
469 tevent_req_done(req
);
470 return tevent_req_post(req
, ev
);
473 static NTSTATUS
smbd_smb2_session_setup_recv(struct tevent_req
*req
,
474 uint16_t *out_session_flags
,
476 DATA_BLOB
*out_security_buffer
,
477 uint64_t *out_session_id
)
479 struct smbd_smb2_session_setup_state
*state
=
481 struct smbd_smb2_session_setup_state
);
484 if (tevent_req_is_nterror(req
, &status
)) {
485 if (!NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
486 tevent_req_received(req
);
487 return nt_status_squash(status
);
490 status
= NT_STATUS_OK
;
493 *out_session_flags
= state
->out_session_flags
;
494 *out_security_buffer
= state
->out_security_buffer
;
495 *out_session_id
= state
->out_session_id
;
497 talloc_steal(mem_ctx
, out_security_buffer
->data
);
498 tevent_req_received(req
);
502 NTSTATUS
smbd_smb2_request_process_logoff(struct smbd_smb2_request
*req
)
507 status
= smbd_smb2_request_verify_sizes(req
, 0x04);
508 if (!NT_STATUS_IS_OK(status
)) {
509 return smbd_smb2_request_error(req
, status
);
513 * TODO: cancel all outstanding requests on the session
514 * and delete all tree connections.
516 smbd_smb2_session_destructor(req
->session
);
518 * we may need to sign the response, so we need to keep
519 * the session until the response is sent to the wire.
521 talloc_steal(req
, req
->session
);
523 outbody
= data_blob_talloc(req
->out
.vector
, NULL
, 0x04);
524 if (outbody
.data
== NULL
) {
525 return smbd_smb2_request_error(req
, NT_STATUS_NO_MEMORY
);
528 SSVAL(outbody
.data
, 0x00, 0x04); /* struct size */
529 SSVAL(outbody
.data
, 0x02, 0); /* reserved */
531 return smbd_smb2_request_done(req
, outbody
, NULL
);