search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:smb_server/smb: SMBreadX can return STATUS_BUFFER_OVERFLOW
[Samba/gebeck_regimport.git] / source4 / smb_server / smb / sesssetup.c
blobafc33dd3c6ceacc55ea8a78357ea4473f7ec94e1
1
2 /*
3 Unix SMB/CIFS implementation.
4 handle SMBsessionsetup
5 Copyright (C) Andrew Tridgell 1998-2001
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
7 Copyright (C) Jim McDonough 2002
8 Copyright (C) Luke Howard 2003
9 Copyright (C) Stefan Metzmacher 2005
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include <tevent.h>
27 #include "version.h"
28 #include "auth/gensec/gensec.h"
29 #include "auth/auth.h"
30 #include "smb_server/smb_server.h"
31 #include "smbd/service_stream.h"
32 #include "param/param.h"
33 #include "../lib/tsocket/tsocket.h"
34
35 struct sesssetup_context {
36 struct auth_context *auth_context;
37 struct smbsrv_request *req;
38 };
39
40 /*
41 setup the OS, Lanman and domain portions of a session setup reply
42 */
43 static void sesssetup_common_strings(struct smbsrv_request *req,
44 char **os, char **lanman, char **domain)
45 {
46 (*os) = talloc_asprintf(req, "Unix");
47 (*lanman) = talloc_asprintf(req, "Samba %s", SAMBA_VERSION_STRING);
48 (*domain) = talloc_asprintf(req, "%s",
49 lp_workgroup(req->smb_conn->lp_ctx));
50 }
51
52 static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req,
53 union smb_sesssetup *sess,
54 NTSTATUS status)
55 {
56 if (NT_STATUS_IS_OK(status)) {
57 req->smb_conn->negotiate.done_sesssetup = true;
58 /* we need to keep the session long term */
59 req->session = talloc_steal(req->smb_conn, req->session);
60 }
61 smbsrv_reply_sesssetup_send(req, sess, status);
62 }
63
64 static void sesssetup_old_send(struct tevent_req *subreq)
65 {
66 struct sesssetup_context *state = tevent_req_callback_data(subreq, struct sesssetup_context);
67 struct smbsrv_request *req = state->req;
68
69 union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
70 struct auth_serversupplied_info *server_info = NULL;
71 struct auth_session_info *session_info;
72 struct smbsrv_session *smb_sess;
73 NTSTATUS status;
74
75 status = auth_check_password_recv(subreq, req, &server_info);
76 TALLOC_FREE(subreq);
77 if (!NT_STATUS_IS_OK(status)) goto failed;
78
79 /* This references server_info into session_info */
80 status = req->smb_conn->negotiate.auth_context->generate_session_info(req,
81 req->smb_conn->negotiate.auth_context,
82 server_info, &session_info);
83 if (!NT_STATUS_IS_OK(status)) goto failed;
84
85 /* allocate a new session */
86 smb_sess = smbsrv_session_new(req->smb_conn, req, NULL);
87 if (!smb_sess) {
88 status = NT_STATUS_INSUFFICIENT_RESOURCES;
89 goto failed;
90 }
91
92 /* Ensure this is marked as a 'real' vuid, not one
93 * simply valid for the session setup leg */
94 status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
95 if (!NT_STATUS_IS_OK(status)) goto failed;
96
97 /* To correctly process any AndX packet (like a tree connect)
98 * we need to fill in the session on the request here */
99 req->session = smb_sess;
100 sess->old.out.vuid = smb_sess->vuid;
101
102 failed:
103 status = auth_nt_status_squash(status);
104 smbsrv_sesssetup_backend_send(req, sess, status);
105 }
106
107 /*
108 handler for old style session setup
109 */
110 static void sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess)
111 {
112 struct auth_usersupplied_info *user_info = NULL;
113 struct tsocket_address *remote_address;
114 const char *remote_machine = NULL;
115 struct tevent_req *subreq;
116 struct sesssetup_context *state;
117
118 sess->old.out.vuid = 0;
119 sess->old.out.action = 0;
120
121 sesssetup_common_strings(req,
122 &sess->old.out.os,
123 &sess->old.out.lanman,
124 &sess->old.out.domain);
125
126 if (!req->smb_conn->negotiate.done_sesssetup) {
127 req->smb_conn->negotiate.max_send = sess->old.in.bufsize;
128 }
129
130 if (req->smb_conn->negotiate.calling_name) {
131 remote_machine = req->smb_conn->negotiate.calling_name->name;
132 }
133
134 remote_address = socket_get_remote_addr(req->smb_conn->connection->socket, req);
135 if (!remote_address) goto nomem;
136
137 if (!remote_machine) {
138 remote_machine = tsocket_address_inet_addr_string(remote_address, req);
139 if (!remote_machine) goto nomem;
140 }
141
142 user_info = talloc(req, struct auth_usersupplied_info);
143 if (!user_info) goto nomem;
144
145 user_info->mapped_state = false;
146 user_info->logon_parameters = 0;
147 user_info->flags = 0;
148 user_info->client.account_name = sess->old.in.user;
149 user_info->client.domain_name = sess->old.in.domain;
150 user_info->workstation_name = remote_machine;
151 user_info->remote_host = talloc_steal(user_info, remote_address);
152
153 user_info->password_state = AUTH_PASSWORD_RESPONSE;
154 user_info->password.response.lanman = sess->old.in.password;
155 user_info->password.response.lanman.data = talloc_steal(user_info, sess->old.in.password.data);
156 user_info->password.response.nt = data_blob(NULL, 0);
157
158 state = talloc(req, struct sesssetup_context);
159 if (!state) goto nomem;
160
161 if (req->smb_conn->negotiate.auth_context) {
162 state->auth_context = req->smb_conn->negotiate.auth_context;
163 } else {
164 /* TODO: should we use just "anonymous" here? */
165 NTSTATUS status = auth_context_create(state,
166 req->smb_conn->connection->event.ctx,
167 req->smb_conn->connection->msg_ctx,
168 req->smb_conn->lp_ctx,
169 &state->auth_context);
170 if (!NT_STATUS_IS_OK(status)) {
171 smbsrv_sesssetup_backend_send(req, sess, status);
172 return;
173 }
174 }
175
176 state->req = req;
177
178 subreq = auth_check_password_send(state,
179 req->smb_conn->connection->event.ctx,
180 req->smb_conn->negotiate.auth_context,
181 user_info);
182 if (!subreq) goto nomem;
183 tevent_req_set_callback(subreq, sesssetup_old_send, state);
184 return;
185
186 nomem:
187 smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_NO_MEMORY);
188 }
189
190 static void sesssetup_nt1_send(struct tevent_req *subreq)
191 {
192 struct sesssetup_context *state = tevent_req_callback_data(subreq, struct sesssetup_context);
193 struct smbsrv_request *req = state->req;
194 union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
195 struct auth_serversupplied_info *server_info = NULL;
196 struct auth_session_info *session_info;
197 struct smbsrv_session *smb_sess;
198
199 NTSTATUS status;
200
201 status = auth_check_password_recv(subreq, req, &server_info);
202 TALLOC_FREE(subreq);
203 if (!NT_STATUS_IS_OK(status)) goto failed;
204
205 /* This references server_info into session_info */
206 status = state->auth_context->generate_session_info(req,
207 state->auth_context,
208 server_info,
209 &session_info);
210 if (!NT_STATUS_IS_OK(status)) goto failed;
211
212 /* allocate a new session */
213 smb_sess = smbsrv_session_new(req->smb_conn, req, NULL);
214 if (!smb_sess) {
215 status = NT_STATUS_INSUFFICIENT_RESOURCES;
216 goto failed;
217 }
218
219 /* Ensure this is marked as a 'real' vuid, not one
220 * simply valid for the session setup leg */
221 status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
222 if (!NT_STATUS_IS_OK(status)) goto failed;
223
224 /* To correctly process any AndX packet (like a tree connect)
225 * we need to fill in the session on the request here */
226 req->session = smb_sess;
227 sess->nt1.out.vuid = smb_sess->vuid;
228
229 if (!smbsrv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) {
230 /* Already signing, or disabled */
231 goto done;
232 }
233
234 done:
235 status = NT_STATUS_OK;
236 failed:
237 status = auth_nt_status_squash(status);
238 smbsrv_sesssetup_backend_send(req, sess, status);
239 }
240
241 /*
242 handler for NT1 style session setup
243 */
244 static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
245 {
246 NTSTATUS status;
247 struct auth_usersupplied_info *user_info = NULL;
248 struct tsocket_address *remote_address;
249 const char *remote_machine = NULL;
250 struct tevent_req *subreq;
251 struct sesssetup_context *state;
252
253 sess->nt1.out.vuid = 0;
254 sess->nt1.out.action = 0;
255
256 sesssetup_common_strings(req,
257 &sess->nt1.out.os,
258 &sess->nt1.out.lanman,
259 &sess->nt1.out.domain);
260
261 if (!req->smb_conn->negotiate.done_sesssetup) {
262 req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize;
263 req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities;
264 }
265
266 state = talloc(req, struct sesssetup_context);
267 if (!state) goto nomem;
268
269 state->req = req;
270
271 if (req->smb_conn->negotiate.oid) {
272 if (sess->nt1.in.user && *sess->nt1.in.user) {
273 /* We can't accept a normal login, because we
274 * don't have a challenge */
275 status = NT_STATUS_LOGON_FAILURE;
276 goto failed;
277 }
278
279 /* TODO: should we use just "anonymous" here? */
280 status = auth_context_create(state,
281 req->smb_conn->connection->event.ctx,
282 req->smb_conn->connection->msg_ctx,
283 req->smb_conn->lp_ctx,
284 &state->auth_context);
285 if (!NT_STATUS_IS_OK(status)) goto failed;
286 } else if (req->smb_conn->negotiate.auth_context) {
287 state->auth_context = req->smb_conn->negotiate.auth_context;
288 } else {
289 /* TODO: should we use just "anonymous" here? */
290 status = auth_context_create(state,
291 req->smb_conn->connection->event.ctx,
292 req->smb_conn->connection->msg_ctx,
293 req->smb_conn->lp_ctx,
294 &state->auth_context);
295 if (!NT_STATUS_IS_OK(status)) goto failed;
296 }
297
298 if (req->smb_conn->negotiate.calling_name) {
299 remote_machine = req->smb_conn->negotiate.calling_name->name;
300 }
301
302 remote_address = socket_get_remote_addr(req->smb_conn->connection->socket, req);
303 if (!remote_address) goto nomem;
304
305 if (!remote_machine) {
306 remote_machine = tsocket_address_inet_addr_string(remote_address, req);
307 if (!remote_machine) goto nomem;
308 }
309
310 user_info = talloc(req, struct auth_usersupplied_info);
311 if (!user_info) goto nomem;
312
313 user_info->mapped_state = false;
314 user_info->logon_parameters = 0;
315 user_info->flags = 0;
316 user_info->client.account_name = sess->nt1.in.user;
317 user_info->client.domain_name = sess->nt1.in.domain;
318 user_info->workstation_name = remote_machine;
319 user_info->remote_host = talloc_steal(user_info, remote_address);
320
321 user_info->password_state = AUTH_PASSWORD_RESPONSE;
322 user_info->password.response.lanman = sess->nt1.in.password1;
323 user_info->password.response.lanman.data = talloc_steal(user_info, sess->nt1.in.password1.data);
324 user_info->password.response.nt = sess->nt1.in.password2;
325 user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data);
326
327 subreq = auth_check_password_send(state,
328 req->smb_conn->connection->event.ctx,
329 state->auth_context,
330 user_info);
331 if (!subreq) goto nomem;
332 tevent_req_set_callback(subreq, sesssetup_nt1_send, state);
333
334 return;
335
336 nomem:
337 status = NT_STATUS_NO_MEMORY;
338 failed:
339 status = auth_nt_status_squash(status);
340 smbsrv_sesssetup_backend_send(req, sess, status);
341 }
342
343 struct sesssetup_spnego_state {
344 struct smbsrv_request *req;
345 union smb_sesssetup *sess;
346 struct smbsrv_session *smb_sess;
347 };
348
349 static void sesssetup_spnego_send(struct tevent_req *subreq)
350 {
351 struct sesssetup_spnego_state *s = tevent_req_callback_data(subreq,
352 struct sesssetup_spnego_state);
353 struct smbsrv_request *req = s->req;
354 union smb_sesssetup *sess = s->sess;
355 struct smbsrv_session *smb_sess = s->smb_sess;
356 struct auth_session_info *session_info = NULL;
357 NTSTATUS status;
358 NTSTATUS skey_status;
359 DATA_BLOB session_key;
360
361 status = gensec_update_recv(subreq, req, &sess->spnego.out.secblob);
362 TALLOC_FREE(subreq);
363 if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
364 goto done;
365 } else if (!NT_STATUS_IS_OK(status)) {
366 goto failed;
367 }
368
369 status = gensec_session_info(smb_sess->gensec_ctx, &session_info);
370 if (!NT_STATUS_IS_OK(status)) goto failed;
371
372 skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key);
373 if (NT_STATUS_IS_OK(skey_status)) {
374 smbsrv_setup_signing(req->smb_conn, &session_key, NULL);
375 }
376
377 /* Ensure this is marked as a 'real' vuid, not one
378 * simply valid for the session setup leg */
379 status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
380 if (!NT_STATUS_IS_OK(status)) goto failed;
381
382 req->session = smb_sess;
383
384 done:
385 sess->spnego.out.vuid = smb_sess->vuid;
386 failed:
387 status = auth_nt_status_squash(status);
388 smbsrv_sesssetup_backend_send(req, sess, status);
389 if (!NT_STATUS_IS_OK(status) &&
390 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
391 talloc_free(smb_sess);
392 }
393 }
394
395 /*
396 handler for SPNEGO style session setup
397 */
398 static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess)
399 {
400 NTSTATUS status;
401 struct smbsrv_session *smb_sess = NULL;
402 struct sesssetup_spnego_state *s = NULL;
403 uint16_t vuid;
404 struct tevent_req *subreq;
405
406 sess->spnego.out.vuid = 0;
407 sess->spnego.out.action = 0;
408
409 sesssetup_common_strings(req,
410 &sess->spnego.out.os,
411 &sess->spnego.out.lanman,
412 &sess->spnego.out.workgroup);
413
414 if (!req->smb_conn->negotiate.done_sesssetup) {
415 req->smb_conn->negotiate.max_send = sess->spnego.in.bufsize;
416 req->smb_conn->negotiate.client_caps = sess->spnego.in.capabilities;
417 }
418
419 vuid = SVAL(req->in.hdr,HDR_UID);
420
421 /* lookup an existing session */
422 smb_sess = smbsrv_session_find_sesssetup(req->smb_conn, vuid);
423 if (!smb_sess) {
424 struct gensec_security *gensec_ctx;
425
426 status = samba_server_gensec_start(req,
427 req->smb_conn->connection->event.ctx,
428 req->smb_conn->connection->msg_ctx,
429 req->smb_conn->lp_ctx,
430 req->smb_conn->negotiate.server_credentials,
431 "cifs",
432 &gensec_ctx);
433 if (!NT_STATUS_IS_OK(status)) {
434 DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
435 goto failed;
436 }
437
438 gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
439
440 status = gensec_start_mech_by_oid(gensec_ctx, req->smb_conn->negotiate.oid);
441 if (!NT_STATUS_IS_OK(status)) {
442 DEBUG(1, ("Failed to start GENSEC %s server code: %s\n",
443 gensec_get_name_by_oid(gensec_ctx, req->smb_conn->negotiate.oid), nt_errstr(status)));
444 goto failed;
445 }
446
447 /* allocate a new session */
448 smb_sess = smbsrv_session_new(req->smb_conn, req->smb_conn, gensec_ctx);
449 if (!smb_sess) {
450 status = NT_STATUS_INSUFFICIENT_RESOURCES;
451 goto failed;
452 }
453 }
454
455 if (!smb_sess) {
456 status = NT_STATUS_ACCESS_DENIED;
457 goto failed;
458 }
459
460 if (!smb_sess->gensec_ctx) {
461 status = NT_STATUS_INTERNAL_ERROR;
462 DEBUG(1, ("Internal ERROR: no gensec_ctx on session: %s\n", nt_errstr(status)));
463 goto failed;
464 }
465
466 s = talloc(req, struct sesssetup_spnego_state);
467 if (!s) goto nomem;
468 s->req = req;
469 s->sess = sess;
470 s->smb_sess = smb_sess;
471
472 subreq = gensec_update_send(s,
473 req->smb_conn->connection->event.ctx,
474 smb_sess->gensec_ctx,
475 sess->spnego.in.secblob);
476 if (!subreq) {
477 goto nomem;
478 }
479 tevent_req_set_callback(subreq, sesssetup_spnego_send, s);
480
481 return;
482
483 nomem:
484 status = NT_STATUS_NO_MEMORY;
485 failed:
486 talloc_free(smb_sess);
487 status = auth_nt_status_squash(status);
488 smbsrv_sesssetup_backend_send(req, sess, status);
489 }
490
491 /*
492 backend for sessionsetup call - this takes all 3 variants of the call
493 */
494 void smbsrv_sesssetup_backend(struct smbsrv_request *req,
495 union smb_sesssetup *sess)
496 {
497 switch (sess->old.level) {
498 case RAW_SESSSETUP_OLD:
499 sesssetup_old(req, sess);
500 return;
501
502 case RAW_SESSSETUP_NT1:
503 sesssetup_nt1(req, sess);
504 return;
505
506 case RAW_SESSSETUP_SPNEGO:
507 sesssetup_spnego(req, sess);
508 return;
509
510 case RAW_SESSSETUP_SMB2:
511 break;
512 }
513
514 smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_INVALID_LEVEL);
515 }
reg import