search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:smbd: use 'struct user_struct' instead of typedef'ed 'user_struct'
[Samba/gebeck_regimport.git] / source3 / smbd / smb2_sesssetup.c
blobcaf009aedc89982e472fd843eb5908a1d99854ea
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
4
5 Copyright (C) Stefan Metzmacher 2009
6 Copyright (C) Jeremy Allison 2010
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "../libcli/smb/smb_common.h"
26 #include "../auth/gensec/gensec.h"
27 #include "auth.h"
28 #include "../lib/tsocket/tsocket.h"
29 #include "../libcli/security/security.h"
30 #include "../lib/util/tevent_ntstatus.h"
31
32 static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
33 struct tevent_context *ev,
34 struct smbd_smb2_request *smb2req,
35 uint64_t in_session_id,
36 uint8_t in_flags,
37 uint8_t in_security_mode,
38 uint64_t in_previous_session_id,
39 DATA_BLOB in_security_buffer);
40 static NTSTATUS smbd_smb2_session_setup_recv(struct tevent_req *req,
41 uint16_t *out_session_flags,
42 TALLOC_CTX *mem_ctx,
43 DATA_BLOB *out_security_buffer,
44 uint64_t *out_session_id);
45
46 static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq);
47
48 NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
49 {
50 const uint8_t *inhdr;
51 const uint8_t *inbody;
52 int i = smb2req->current_idx;
53 uint64_t in_session_id;
54 uint8_t in_flags;
55 uint8_t in_security_mode;
56 uint64_t in_previous_session_id;
57 uint16_t in_security_offset;
58 uint16_t in_security_length;
59 DATA_BLOB in_security_buffer;
60 NTSTATUS status;
61 struct tevent_req *subreq;
62
63 status = smbd_smb2_request_verify_sizes(smb2req, 0x19);
64 if (!NT_STATUS_IS_OK(status)) {
65 return smbd_smb2_request_error(smb2req, status);
66 }
67 inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base;
68 inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
69
70 in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
71
72 in_flags = CVAL(inbody, 0x02);
73 in_security_mode = CVAL(inbody, 0x03);
74 /* Capabilities = IVAL(inbody, 0x04) */
75 /* Channel = IVAL(inbody, 0x08) */
76 in_security_offset = SVAL(inbody, 0x0C);
77 in_security_length = SVAL(inbody, 0x0E);
78 in_previous_session_id = BVAL(inbody, 0x10);
79
80 if (in_security_offset != (SMB2_HDR_BODY + smb2req->in.vector[i+1].iov_len)) {
81 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
82 }
83
84 if (in_security_length > smb2req->in.vector[i+2].iov_len) {
85 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
86 }
87
88 in_security_buffer.data = (uint8_t *)smb2req->in.vector[i+2].iov_base;
89 in_security_buffer.length = in_security_length;
90
91 subreq = smbd_smb2_session_setup_send(smb2req,
92 smb2req->sconn->ev_ctx,
93 smb2req,
94 in_session_id,
95 in_flags,
96 in_security_mode,
97 in_previous_session_id,
98 in_security_buffer);
99 if (subreq == NULL) {
100 return smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
101 }
102 tevent_req_set_callback(subreq, smbd_smb2_request_sesssetup_done, smb2req);
103
104 return smbd_smb2_request_pending_queue(smb2req, subreq, 500);
105 }
106
107 static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq)
108 {
109 struct smbd_smb2_request *smb2req =
110 tevent_req_callback_data(subreq,
111 struct smbd_smb2_request);
112 int i = smb2req->current_idx;
113 uint8_t *outhdr;
114 DATA_BLOB outbody;
115 DATA_BLOB outdyn;
116 uint16_t out_session_flags;
117 uint64_t out_session_id;
118 uint16_t out_security_offset;
119 DATA_BLOB out_security_buffer = data_blob_null;
120 NTSTATUS status;
121 NTSTATUS error; /* transport error */
122
123 status = smbd_smb2_session_setup_recv(subreq,
124 &out_session_flags,
125 smb2req,
126 &out_security_buffer,
127 &out_session_id);
128 TALLOC_FREE(subreq);
129 if (!NT_STATUS_IS_OK(status) &&
130 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
131 status = nt_status_squash(status);
132 error = smbd_smb2_request_error(smb2req, status);
133 if (!NT_STATUS_IS_OK(error)) {
134 smbd_server_connection_terminate(smb2req->sconn,
135 nt_errstr(error));
136 return;
137 }
138 return;
139 }
140
141 out_security_offset = SMB2_HDR_BODY + 0x08;
142
143 outhdr = (uint8_t *)smb2req->out.vector[i].iov_base;
144
145 outbody = data_blob_talloc(smb2req->out.vector, NULL, 0x08);
146 if (outbody.data == NULL) {
147 error = smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
148 if (!NT_STATUS_IS_OK(error)) {
149 smbd_server_connection_terminate(smb2req->sconn,
150 nt_errstr(error));
151 return;
152 }
153 return;
154 }
155
156 SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id);
157
158 SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */
159 SSVAL(outbody.data, 0x02,
160 out_session_flags); /* session flags */
161 SSVAL(outbody.data, 0x04,
162 out_security_offset); /* security buffer offset */
163 SSVAL(outbody.data, 0x06,
164 out_security_buffer.length); /* security buffer length */
165
166 outdyn = out_security_buffer;
167
168 error = smbd_smb2_request_done_ex(smb2req, status, outbody, &outdyn,
169 __location__);
170 if (!NT_STATUS_IS_OK(error)) {
171 smbd_server_connection_terminate(smb2req->sconn,
172 nt_errstr(error));
173 return;
174 }
175 }
176
177 static int smbd_smb2_session_destructor(struct smbd_smb2_session *session)
178 {
179 if (session->sconn == NULL) {
180 return 0;
181 }
182
183 file_close_user(session->sconn, session->vuid);
184
185 /* first free all tcons */
186 while (session->tcons.list) {
187 talloc_free(session->tcons.list);
188 }
189
190 idr_remove(session->sconn->smb2.sessions.idtree, session->vuid);
191 DLIST_REMOVE(session->sconn->smb2.sessions.list, session);
192 invalidate_vuid(session->sconn, session->vuid);
193
194 session->vuid = 0;
195 session->status = NT_STATUS_USER_SESSION_DELETED;
196 session->sconn = NULL;
197
198 return 0;
199 }
200
201 static NTSTATUS smbd_smb2_auth_generic_return(struct smbd_smb2_session *session,
202 struct smbd_smb2_request *smb2req,
203 uint8_t in_security_mode,
204 uint64_t in_previous_session_id,
205 DATA_BLOB in_security_buffer,
206 uint16_t *out_session_flags,
207 uint64_t *out_session_id)
208 {
209 bool guest = false;
210
211 if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
212 lp_server_signing() == SMB_SIGNING_REQUIRED) {
213 session->do_signing = true;
214 }
215
216 if (security_session_user_level(session->session_info, NULL) < SECURITY_USER) {
217 /* we map anonymous to guest internally */
218 *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
219 *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
220 /* force no signing */
221 session->do_signing = false;
222 guest = true;
223 }
224
225 session->session_key = session->session_info->session_key;
226
227 session->compat_vuser = talloc_zero(session, struct user_struct);
228 if (session->compat_vuser == NULL) {
229 TALLOC_FREE(session);
230 return NT_STATUS_NO_MEMORY;
231 }
232 session->compat_vuser->gensec_security = session->gensec_security;
233 session->compat_vuser->homes_snum = -1;
234 session->compat_vuser->session_info = session->session_info;
235 session->compat_vuser->session_keystr = NULL;
236 session->compat_vuser->vuid = session->vuid;
237 DLIST_ADD(session->sconn->users, session->compat_vuser);
238 session->sconn->num_users++;
239
240 if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) {
241 session->compat_vuser->homes_snum =
242 register_homes_share(session->session_info->unix_info->unix_name);
243 }
244
245 if (!session_claim(session->sconn, session->compat_vuser)) {
246 DEBUG(1, ("smb2: Failed to claim session "
247 "for vuid=%d\n",
248 session->compat_vuser->vuid));
249 TALLOC_FREE(session);
250 return NT_STATUS_LOGON_FAILURE;
251 }
252
253 set_current_user_info(session->session_info->unix_info->sanitized_username,
254 session->session_info->unix_info->unix_name,
255 session->session_info->info->domain_name);
256
257 reload_services(smb2req->sconn, conn_snum_used, true);
258
259 session->status = NT_STATUS_OK;
260
261 /*
262 * we attach the session to the request
263 * so that the response can be signed
264 */
265 smb2req->session = session;
266 if (!guest) {
267 smb2req->do_signing = true;
268 }
269
270 global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
271
272 *out_session_id = session->vuid;
273
274 return NT_STATUS_OK;
275 }
276
277 static NTSTATUS smbd_smb2_auth_generic(struct smbd_smb2_session *session,
278 struct smbd_smb2_request *smb2req,
279 uint8_t in_security_mode,
280 uint64_t in_previous_session_id,
281 DATA_BLOB in_security_buffer,
282 uint16_t *out_session_flags,
283 DATA_BLOB *out_security_buffer,
284 uint64_t *out_session_id)
285 {
286 NTSTATUS status;
287
288 *out_security_buffer = data_blob_null;
289
290 if (session->gensec_security == NULL) {
291 status = auth_generic_prepare(session, session->sconn->remote_address,
292 &session->gensec_security);
293 if (!NT_STATUS_IS_OK(status)) {
294 TALLOC_FREE(session);
295 return status;
296 }
297
298 gensec_want_feature(session->gensec_security, GENSEC_FEATURE_SESSION_KEY);
299 gensec_want_feature(session->gensec_security, GENSEC_FEATURE_UNIX_TOKEN);
300
301 status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_SPNEGO);
302 if (!NT_STATUS_IS_OK(status)) {
303 TALLOC_FREE(session);
304 return status;
305 }
306 }
307
308 become_root();
309 status = gensec_update(session->gensec_security,
310 smb2req, NULL,
311 in_security_buffer,
312 out_security_buffer);
313 unbecome_root();
314 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
315 !NT_STATUS_IS_OK(status)) {
316 TALLOC_FREE(session);
317 return nt_status_squash(status);
318 }
319
320 if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
321 *out_session_id = session->vuid;
322 return status;
323 }
324
325 status = gensec_session_info(session->gensec_security,
326 session,
327 &session->session_info);
328
329 if (!NT_STATUS_IS_OK(status)) {
330 TALLOC_FREE(session);
331 return status;
332 }
333 *out_session_id = session->vuid;
334
335 return smbd_smb2_auth_generic_return(session,
336 smb2req,
337 in_security_mode,
338 in_previous_session_id,
339 in_security_buffer,
340 out_session_flags,
341 out_session_id);
342 }
343
344 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
345 uint64_t in_session_id,
346 uint8_t in_flags,
347 uint8_t in_security_mode,
348 uint64_t in_previous_session_id,
349 DATA_BLOB in_security_buffer,
350 uint16_t *out_session_flags,
351 DATA_BLOB *out_security_buffer,
352 uint64_t *out_session_id)
353 {
354 struct smbd_smb2_session *session;
355
356 *out_session_flags = 0;
357 *out_session_id = 0;
358
359 if (in_session_id == 0) {
360 int id;
361
362 /* create a new session */
363 session = talloc_zero(smb2req->sconn, struct smbd_smb2_session);
364 if (session == NULL) {
365 return NT_STATUS_NO_MEMORY;
366 }
367 session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
368 id = idr_get_new_random(smb2req->sconn->smb2.sessions.idtree,
369 session,
370 smb2req->sconn->smb2.sessions.limit);
371 if (id == -1) {
372 return NT_STATUS_INSUFFICIENT_RESOURCES;
373 }
374 session->vuid = id;
375
376 session->tcons.idtree = idr_init(session);
377 if (session->tcons.idtree == NULL) {
378 return NT_STATUS_NO_MEMORY;
379 }
380 session->tcons.limit = 0x0000FFFE;
381 session->tcons.list = NULL;
382
383 DLIST_ADD_END(smb2req->sconn->smb2.sessions.list, session,
384 struct smbd_smb2_session *);
385 session->sconn = smb2req->sconn;
386 talloc_set_destructor(session, smbd_smb2_session_destructor);
387 } else {
388 void *p;
389
390 /* lookup an existing session */
391 p = idr_find(smb2req->sconn->smb2.sessions.idtree, in_session_id);
392 if (p == NULL) {
393 return NT_STATUS_USER_SESSION_DELETED;
394 }
395 session = talloc_get_type_abort(p, struct smbd_smb2_session);
396 }
397
398 if (NT_STATUS_IS_OK(session->status)) {
399 return NT_STATUS_REQUEST_NOT_ACCEPTED;
400 }
401
402 return smbd_smb2_auth_generic(session,
403 smb2req,
404 in_security_mode,
405 in_previous_session_id,
406 in_security_buffer,
407 out_session_flags,
408 out_security_buffer,
409 out_session_id);
410 }
411
412 struct smbd_smb2_session_setup_state {
413 struct tevent_context *ev;
414 struct smbd_smb2_request *smb2req;
415 uint64_t in_session_id;
416 uint8_t in_flags;
417 uint8_t in_security_mode;
418 uint64_t in_previous_session_id;
419 DATA_BLOB in_security_buffer;
420 uint16_t out_session_flags;
421 DATA_BLOB out_security_buffer;
422 uint64_t out_session_id;
423 };
424
425 static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
426 struct tevent_context *ev,
427 struct smbd_smb2_request *smb2req,
428 uint64_t in_session_id,
429 uint8_t in_flags,
430 uint8_t in_security_mode,
431 uint64_t in_previous_session_id,
432 DATA_BLOB in_security_buffer)
433 {
434 struct tevent_req *req;
435 struct smbd_smb2_session_setup_state *state;
436 NTSTATUS status;
437
438 req = tevent_req_create(mem_ctx, &state,
439 struct smbd_smb2_session_setup_state);
440 if (req == NULL) {
441 return NULL;
442 }
443 state->ev = ev;
444 state->smb2req = smb2req;
445 state->in_session_id = in_session_id;
446 state->in_flags = in_flags;
447 state->in_security_mode = in_security_mode;
448 state->in_previous_session_id = in_previous_session_id;
449 state->in_security_buffer = in_security_buffer;
450
451 status = smbd_smb2_session_setup(smb2req,
452 in_session_id,
453 in_flags,
454 in_security_mode,
455 in_previous_session_id,
456 in_security_buffer,
457 &state->out_session_flags,
458 &state->out_security_buffer,
459 &state->out_session_id);
460 if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) ||
461 NT_STATUS_IS_OK(status))
462 {
463 talloc_steal(state, state->out_security_buffer.data);
464 }
465 if (tevent_req_nterror(req, status)) {
466 return tevent_req_post(req, ev);
467 }
468
469 tevent_req_done(req);
470 return tevent_req_post(req, ev);
471 }
472
473 static NTSTATUS smbd_smb2_session_setup_recv(struct tevent_req *req,
474 uint16_t *out_session_flags,
475 TALLOC_CTX *mem_ctx,
476 DATA_BLOB *out_security_buffer,
477 uint64_t *out_session_id)
478 {
479 struct smbd_smb2_session_setup_state *state =
480 tevent_req_data(req,
481 struct smbd_smb2_session_setup_state);
482 NTSTATUS status;
483
484 if (tevent_req_is_nterror(req, &status)) {
485 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
486 tevent_req_received(req);
487 return nt_status_squash(status);
488 }
489 } else {
490 status = NT_STATUS_OK;
491 }
492
493 *out_session_flags = state->out_session_flags;
494 *out_security_buffer = state->out_security_buffer;
495 *out_session_id = state->out_session_id;
496
497 talloc_steal(mem_ctx, out_security_buffer->data);
498 tevent_req_received(req);
499 return status;
500 }
501
502 NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
503 {
504 NTSTATUS status;
505 DATA_BLOB outbody;
506
507 status = smbd_smb2_request_verify_sizes(req, 0x04);
508 if (!NT_STATUS_IS_OK(status)) {
509 return smbd_smb2_request_error(req, status);
510 }
511
512 /*
513 * TODO: cancel all outstanding requests on the session
514 * and delete all tree connections.
515 */
516 smbd_smb2_session_destructor(req->session);
517 /*
518 * we may need to sign the response, so we need to keep
519 * the session until the response is sent to the wire.
520 */
521 talloc_steal(req, req->session);
522
523 outbody = data_blob_talloc(req->out.vector, NULL, 0x04);
524 if (outbody.data == NULL) {
525 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
526 }
527
528 SSVAL(outbody.data, 0x00, 0x04); /* struct size */
529 SSVAL(outbody.data, 0x02, 0); /* reserved */
530
531 return smbd_smb2_request_done(req, outbody, NULL);
532 }
reg import