search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:smbd: make use of smbXsrv_tcon and smbXsrv_session for smb2
[Samba/gebeck_regimport.git] / source3 / smbd / smb2_sesssetup.c
blobdc01fc38bd87b3472db9ac5eadd16347be2cd42d
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
4
5 Copyright (C) Stefan Metzmacher 2009
6 Copyright (C) Jeremy Allison 2010
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "../libcli/smb/smb_common.h"
26 #include "../auth/gensec/gensec.h"
27 #include "auth.h"
28 #include "../lib/tsocket/tsocket.h"
29 #include "../libcli/security/security.h"
30 #include "../lib/util/tevent_ntstatus.h"
31
32 static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
33 struct tevent_context *ev,
34 struct smbd_smb2_request *smb2req,
35 uint64_t in_session_id,
36 uint8_t in_flags,
37 uint8_t in_security_mode,
38 uint64_t in_previous_session_id,
39 DATA_BLOB in_security_buffer);
40 static NTSTATUS smbd_smb2_session_setup_recv(struct tevent_req *req,
41 uint16_t *out_session_flags,
42 TALLOC_CTX *mem_ctx,
43 DATA_BLOB *out_security_buffer,
44 uint64_t *out_session_id);
45
46 static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq);
47
48 NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
49 {
50 const uint8_t *inhdr;
51 const uint8_t *inbody;
52 int i = smb2req->current_idx;
53 uint64_t in_session_id;
54 uint8_t in_flags;
55 uint8_t in_security_mode;
56 uint64_t in_previous_session_id;
57 uint16_t in_security_offset;
58 uint16_t in_security_length;
59 DATA_BLOB in_security_buffer;
60 NTSTATUS status;
61 struct tevent_req *subreq;
62
63 status = smbd_smb2_request_verify_sizes(smb2req, 0x19);
64 if (!NT_STATUS_IS_OK(status)) {
65 return smbd_smb2_request_error(smb2req, status);
66 }
67 inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base;
68 inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
69
70 in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
71
72 in_flags = CVAL(inbody, 0x02);
73 in_security_mode = CVAL(inbody, 0x03);
74 /* Capabilities = IVAL(inbody, 0x04) */
75 /* Channel = IVAL(inbody, 0x08) */
76 in_security_offset = SVAL(inbody, 0x0C);
77 in_security_length = SVAL(inbody, 0x0E);
78 in_previous_session_id = BVAL(inbody, 0x10);
79
80 if (in_security_offset != (SMB2_HDR_BODY + smb2req->in.vector[i+1].iov_len)) {
81 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
82 }
83
84 if (in_security_length > smb2req->in.vector[i+2].iov_len) {
85 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
86 }
87
88 in_security_buffer.data = (uint8_t *)smb2req->in.vector[i+2].iov_base;
89 in_security_buffer.length = in_security_length;
90
91 subreq = smbd_smb2_session_setup_send(smb2req,
92 smb2req->sconn->ev_ctx,
93 smb2req,
94 in_session_id,
95 in_flags,
96 in_security_mode,
97 in_previous_session_id,
98 in_security_buffer);
99 if (subreq == NULL) {
100 return smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
101 }
102 tevent_req_set_callback(subreq, smbd_smb2_request_sesssetup_done, smb2req);
103
104 return smbd_smb2_request_pending_queue(smb2req, subreq, 500);
105 }
106
107 static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq)
108 {
109 struct smbd_smb2_request *smb2req =
110 tevent_req_callback_data(subreq,
111 struct smbd_smb2_request);
112 int i = smb2req->current_idx;
113 uint8_t *outhdr;
114 DATA_BLOB outbody;
115 DATA_BLOB outdyn;
116 uint16_t out_session_flags;
117 uint64_t out_session_id;
118 uint16_t out_security_offset;
119 DATA_BLOB out_security_buffer = data_blob_null;
120 NTSTATUS status;
121 NTSTATUS error; /* transport error */
122
123 status = smbd_smb2_session_setup_recv(subreq,
124 &out_session_flags,
125 smb2req,
126 &out_security_buffer,
127 &out_session_id);
128 TALLOC_FREE(subreq);
129 if (!NT_STATUS_IS_OK(status) &&
130 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
131 status = nt_status_squash(status);
132 error = smbd_smb2_request_error(smb2req, status);
133 if (!NT_STATUS_IS_OK(error)) {
134 smbd_server_connection_terminate(smb2req->sconn,
135 nt_errstr(error));
136 return;
137 }
138 return;
139 }
140
141 out_security_offset = SMB2_HDR_BODY + 0x08;
142
143 outhdr = (uint8_t *)smb2req->out.vector[i].iov_base;
144
145 outbody = data_blob_talloc(smb2req->out.vector, NULL, 0x08);
146 if (outbody.data == NULL) {
147 error = smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
148 if (!NT_STATUS_IS_OK(error)) {
149 smbd_server_connection_terminate(smb2req->sconn,
150 nt_errstr(error));
151 return;
152 }
153 return;
154 }
155
156 SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id);
157
158 SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */
159 SSVAL(outbody.data, 0x02,
160 out_session_flags); /* session flags */
161 SSVAL(outbody.data, 0x04,
162 out_security_offset); /* security buffer offset */
163 SSVAL(outbody.data, 0x06,
164 out_security_buffer.length); /* security buffer length */
165
166 outdyn = out_security_buffer;
167
168 error = smbd_smb2_request_done_ex(smb2req, status, outbody, &outdyn,
169 __location__);
170 if (!NT_STATUS_IS_OK(error)) {
171 smbd_server_connection_terminate(smb2req->sconn,
172 nt_errstr(error));
173 return;
174 }
175 }
176
177 static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
178 struct smbd_smb2_request *smb2req,
179 uint8_t in_security_mode,
180 uint64_t in_previous_session_id,
181 DATA_BLOB in_security_buffer,
182 uint16_t *out_session_flags,
183 uint64_t *out_session_id)
184 {
185 NTSTATUS status;
186 bool guest = false;
187 uint8_t session_key[16];
188 struct smbXsrv_session *x = session;
189 struct auth_session_info *session_info;
190 struct smbXsrv_connection *conn = session->connection;
191
192 if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
193 lp_server_signing() == SMB_SIGNING_REQUIRED) {
194 x->global->signing_required = true;
195 }
196
197 status = gensec_session_info(session->gensec,
198 session->global,
199 &session_info);
200 if (!NT_STATUS_IS_OK(status)) {
201 TALLOC_FREE(session);
202 return status;
203 }
204
205 if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
206 /* we map anonymous to guest internally */
207 *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
208 *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
209 /* force no signing */
210 x->global->signing_required = false;
211 guest = true;
212 }
213
214 ZERO_STRUCT(session_key);
215 memcpy(session_key, session_info->session_key.data,
216 MIN(session_info->session_key.length, sizeof(session_key)));
217
218 x->global->signing_key = data_blob_talloc(x->global,
219 session_key,
220 sizeof(session_key));
221 if (x->global->signing_key.data == NULL) {
222 ZERO_STRUCT(session_key);
223 TALLOC_FREE(session);
224 return NT_STATUS_NO_MEMORY;
225 }
226
227 if (conn->protocol >= PROTOCOL_SMB2_24) {
228 const DATA_BLOB label = data_blob_string_const_null("SMB2AESCMAC");
229 const DATA_BLOB context = data_blob_string_const_null("SmbSign");
230
231 smb2_key_derivation(session_key, sizeof(session_key),
232 label.data, label.length,
233 context.data, context.length,
234 x->global->signing_key.data);
235 }
236
237 x->global->application_key = data_blob_dup_talloc(x->global,
238 x->global->signing_key);
239 if (x->global->application_key.data == NULL) {
240 ZERO_STRUCT(session_key);
241 TALLOC_FREE(session);
242 return NT_STATUS_NO_MEMORY;
243 }
244
245 if (conn->protocol >= PROTOCOL_SMB2_24) {
246 const DATA_BLOB label = data_blob_string_const_null("SMB2APP");
247 const DATA_BLOB context = data_blob_string_const_null("SmbRpc");
248
249 smb2_key_derivation(session_key, sizeof(session_key),
250 label.data, label.length,
251 context.data, context.length,
252 x->global->application_key.data);
253 }
254 ZERO_STRUCT(session_key);
255
256 x->global->channels[0].signing_key = data_blob_dup_talloc(x->global->channels,
257 x->global->signing_key);
258 if (x->global->channels[0].signing_key.data == NULL) {
259 TALLOC_FREE(session);
260 return NT_STATUS_NO_MEMORY;
261 }
262
263 data_blob_clear_free(&session_info->session_key);
264 session_info->session_key = data_blob_dup_talloc(session_info,
265 x->global->application_key);
266 if (session_info->session_key.data == NULL) {
267 TALLOC_FREE(session);
268 return NT_STATUS_NO_MEMORY;
269 }
270
271 session->compat = talloc_zero(session, struct user_struct);
272 if (session->compat == NULL) {
273 TALLOC_FREE(session);
274 return NT_STATUS_NO_MEMORY;
275 }
276 session->compat->session = session;
277 session->compat->homes_snum = -1;
278 session->compat->session_info = session_info;
279 session->compat->session_keystr = NULL;
280 session->compat->vuid = session->global->session_wire_id;
281 DLIST_ADD(smb2req->sconn->users, session->compat);
282 smb2req->sconn->num_users++;
283
284 if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
285 session->compat->homes_snum =
286 register_homes_share(session_info->unix_info->unix_name);
287 }
288
289 if (!session_claim(smb2req->sconn, session->compat)) {
290 DEBUG(1, ("smb2: Failed to claim session "
291 "for vuid=%llu\n",
292 (unsigned long long)session->compat->vuid));
293 TALLOC_FREE(session);
294 return NT_STATUS_LOGON_FAILURE;
295 }
296
297 set_current_user_info(session_info->unix_info->sanitized_username,
298 session_info->unix_info->unix_name,
299 session_info->info->domain_name);
300
301 reload_services(smb2req->sconn, conn_snum_used, true);
302
303 session->status = NT_STATUS_OK;
304 session->global->auth_session_info = session_info;
305 session->global->auth_session_info_seqnum += 1;
306 session->global->channels[0].auth_session_info_seqnum =
307 session->global->auth_session_info_seqnum;
308
309 status = smbXsrv_session_update(session);
310 if (!NT_STATUS_IS_OK(status)) {
311 DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
312 (unsigned long long)session->compat->vuid,
313 nt_errstr(status)));
314 TALLOC_FREE(session);
315 return NT_STATUS_LOGON_FAILURE;
316 }
317
318 /*
319 * we attach the session to the request
320 * so that the response can be signed
321 */
322 smb2req->session = session;
323 if (!guest) {
324 smb2req->do_signing = true;
325 }
326
327 global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
328
329 *out_session_id = session->global->session_wire_id;
330
331 return NT_STATUS_OK;
332 }
333
334 static NTSTATUS smbd_smb2_auth_generic(struct smbXsrv_session *session,
335 struct smbd_smb2_request *smb2req,
336 uint8_t in_security_mode,
337 uint64_t in_previous_session_id,
338 DATA_BLOB in_security_buffer,
339 uint16_t *out_session_flags,
340 DATA_BLOB *out_security_buffer,
341 uint64_t *out_session_id)
342 {
343 NTSTATUS status;
344
345 *out_security_buffer = data_blob_null;
346
347 if (session->gensec == NULL) {
348 status = auth_generic_prepare(session,
349 session->connection->remote_address,
350 &session->gensec);
351 if (!NT_STATUS_IS_OK(status)) {
352 TALLOC_FREE(session);
353 return status;
354 }
355
356 gensec_want_feature(session->gensec, GENSEC_FEATURE_SESSION_KEY);
357 gensec_want_feature(session->gensec, GENSEC_FEATURE_UNIX_TOKEN);
358
359 status = gensec_start_mech_by_oid(session->gensec,
360 GENSEC_OID_SPNEGO);
361 if (!NT_STATUS_IS_OK(status)) {
362 TALLOC_FREE(session);
363 return status;
364 }
365 }
366
367 become_root();
368 status = gensec_update(session->gensec,
369 smb2req, NULL,
370 in_security_buffer,
371 out_security_buffer);
372 unbecome_root();
373 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
374 !NT_STATUS_IS_OK(status)) {
375 TALLOC_FREE(session);
376 return nt_status_squash(status);
377 }
378
379 if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
380 *out_session_id = session->global->session_wire_id;
381 return status;
382 }
383
384 return smbd_smb2_auth_generic_return(session,
385 smb2req,
386 in_security_mode,
387 in_previous_session_id,
388 in_security_buffer,
389 out_session_flags,
390 out_session_id);
391 }
392
393 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
394 uint64_t in_session_id,
395 uint8_t in_flags,
396 uint8_t in_security_mode,
397 uint64_t in_previous_session_id,
398 DATA_BLOB in_security_buffer,
399 uint16_t *out_session_flags,
400 DATA_BLOB *out_security_buffer,
401 uint64_t *out_session_id)
402 {
403 struct smbXsrv_session *session;
404 NTSTATUS status;
405 NTTIME now = timeval_to_nttime(&smb2req->request_time);
406
407 *out_session_flags = 0;
408 *out_session_id = 0;
409
410 if (in_session_id == 0) {
411 /* create a new session */
412 status = smbXsrv_session_create(smb2req->sconn->conn,
413 now, &session);
414 if (!NT_STATUS_IS_OK(status)) {
415 return status;
416 }
417 } else {
418 status = smb2srv_session_lookup(smb2req->sconn->conn,
419 in_session_id, now,
420 &session);
421 if (NT_STATUS_IS_OK(status)) {
422 return NT_STATUS_REQUEST_NOT_ACCEPTED;
423 }
424 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
425 return status;
426 }
427 }
428
429 return smbd_smb2_auth_generic(session,
430 smb2req,
431 in_security_mode,
432 in_previous_session_id,
433 in_security_buffer,
434 out_session_flags,
435 out_security_buffer,
436 out_session_id);
437 }
438
439 struct smbd_smb2_session_setup_state {
440 struct tevent_context *ev;
441 struct smbd_smb2_request *smb2req;
442 uint64_t in_session_id;
443 uint8_t in_flags;
444 uint8_t in_security_mode;
445 uint64_t in_previous_session_id;
446 DATA_BLOB in_security_buffer;
447 uint16_t out_session_flags;
448 DATA_BLOB out_security_buffer;
449 uint64_t out_session_id;
450 };
451
452 static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
453 struct tevent_context *ev,
454 struct smbd_smb2_request *smb2req,
455 uint64_t in_session_id,
456 uint8_t in_flags,
457 uint8_t in_security_mode,
458 uint64_t in_previous_session_id,
459 DATA_BLOB in_security_buffer)
460 {
461 struct tevent_req *req;
462 struct smbd_smb2_session_setup_state *state;
463 NTSTATUS status;
464
465 req = tevent_req_create(mem_ctx, &state,
466 struct smbd_smb2_session_setup_state);
467 if (req == NULL) {
468 return NULL;
469 }
470 state->ev = ev;
471 state->smb2req = smb2req;
472 state->in_session_id = in_session_id;
473 state->in_flags = in_flags;
474 state->in_security_mode = in_security_mode;
475 state->in_previous_session_id = in_previous_session_id;
476 state->in_security_buffer = in_security_buffer;
477
478 status = smbd_smb2_session_setup(smb2req,
479 in_session_id,
480 in_flags,
481 in_security_mode,
482 in_previous_session_id,
483 in_security_buffer,
484 &state->out_session_flags,
485 &state->out_security_buffer,
486 &state->out_session_id);
487 if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) ||
488 NT_STATUS_IS_OK(status))
489 {
490 talloc_steal(state, state->out_security_buffer.data);
491 }
492 if (tevent_req_nterror(req, status)) {
493 return tevent_req_post(req, ev);
494 }
495
496 tevent_req_done(req);
497 return tevent_req_post(req, ev);
498 }
499
500 static NTSTATUS smbd_smb2_session_setup_recv(struct tevent_req *req,
501 uint16_t *out_session_flags,
502 TALLOC_CTX *mem_ctx,
503 DATA_BLOB *out_security_buffer,
504 uint64_t *out_session_id)
505 {
506 struct smbd_smb2_session_setup_state *state =
507 tevent_req_data(req,
508 struct smbd_smb2_session_setup_state);
509 NTSTATUS status;
510
511 if (tevent_req_is_nterror(req, &status)) {
512 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
513 tevent_req_received(req);
514 return nt_status_squash(status);
515 }
516 } else {
517 status = NT_STATUS_OK;
518 }
519
520 *out_session_flags = state->out_session_flags;
521 *out_security_buffer = state->out_security_buffer;
522 *out_session_id = state->out_session_id;
523
524 talloc_steal(mem_ctx, out_security_buffer->data);
525 tevent_req_received(req);
526 return status;
527 }
528
529 NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
530 {
531 NTSTATUS status;
532 DATA_BLOB outbody;
533
534 status = smbd_smb2_request_verify_sizes(req, 0x04);
535 if (!NT_STATUS_IS_OK(status)) {
536 return smbd_smb2_request_error(req, status);
537 }
538
539 /*
540 * TODO: cancel all outstanding requests on the session
541 */
542 status = smbXsrv_session_logoff(req->session);
543 if (!NT_STATUS_IS_OK(status)) {
544 DEBUG(0, ("smbd_smb2_request_process_logoff: "
545 "smbXsrv_session_logoff() failed: %s\n",
546 nt_errstr(status)));
547 /*
548 * If we hit this case, there is something completely
549 * wrong, so we better disconnect the transport connection.
550 */
551 return status;
552 }
553
554 /*
555 * we may need to sign the response, so we need to keep
556 * the session until the response is sent to the wire.
557 */
558 talloc_steal(req, req->session);
559
560 outbody = data_blob_talloc(req->out.vector, NULL, 0x04);
561 if (outbody.data == NULL) {
562 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
563 }
564
565 SSVAL(outbody.data, 0x00, 0x04); /* struct size */
566 SSVAL(outbody.data, 0x02, 0); /* reserved */
567
568 return smbd_smb2_request_done(req, outbody, NULL);
569 }
reg import