search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dns: The QCLASS is called IN, not IP
[Samba/gebeck_regimport.git] / source4 / libcli / smb2 / session.c
blob0f749a0b6c2f1a31ca6fc02406b979b7844201cd
1 /*
2 Unix SMB/CIFS implementation.
3
4 SMB2 client session handling
5
6 Copyright (C) Andrew Tridgell 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include <tevent.h>
24 #include "lib/util/tevent_ntstatus.h"
25 #include "libcli/raw/libcliraw.h"
26 #include "libcli/smb2/smb2.h"
27 #include "libcli/smb2/smb2_calls.h"
28 #include "auth/gensec/gensec.h"
29
30 #include <unistd.h>
31
32 /**
33 initialise a smb2_session structure
34 */
35 struct smb2_session *smb2_session_init(struct smb2_transport *transport,
36 struct gensec_settings *settings,
37 TALLOC_CTX *parent_ctx, bool primary)
38 {
39 struct smb2_session *session;
40 NTSTATUS status;
41
42 session = talloc_zero(parent_ctx, struct smb2_session);
43 if (!session) {
44 return NULL;
45 }
46 if (primary) {
47 session->transport = talloc_steal(session, transport);
48 } else {
49 session->transport = talloc_reference(session, transport);
50 }
51
52 session->pid = getpid();
53
54 /* prepare a gensec context for later use */
55 status = gensec_client_start(session, &session->gensec,
56 session->transport->socket->event.ctx,
57 settings);
58 if (!NT_STATUS_IS_OK(status)) {
59 talloc_free(session);
60 return NULL;
61 }
62
63 gensec_want_feature(session->gensec, GENSEC_FEATURE_SESSION_KEY);
64
65 return session;
66 }
67
68 /**
69 send a session setup request
70 */
71 struct smb2_request *smb2_session_setup_send(struct smb2_session *session,
72 struct smb2_session_setup *io)
73 {
74 struct smb2_request *req;
75 NTSTATUS status;
76
77 req = smb2_request_init(session->transport, SMB2_OP_SESSSETUP,
78 0x18, true, io->in.secblob.length);
79 if (req == NULL) return NULL;
80
81 SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID, session->uid);
82 SCVAL(req->out.body, 0x02, io->in.vc_number);
83 SCVAL(req->out.body, 0x03, io->in.security_mode);
84 SIVAL(req->out.body, 0x04, io->in.capabilities);
85 SIVAL(req->out.body, 0x08, io->in.channel);
86 SBVAL(req->out.body, 0x10, io->in.previous_sessionid);
87
88 req->session = session;
89
90 status = smb2_push_o16s16_blob(&req->out, 0x0C, io->in.secblob);
91 if (!NT_STATUS_IS_OK(status)) {
92 talloc_free(req);
93 return NULL;
94 }
95
96 smb2_transport_send(req);
97
98 return req;
99 }
100
101
102 /**
103 recv a session setup reply
104 */
105 NTSTATUS smb2_session_setup_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx,
106 struct smb2_session_setup *io)
107 {
108 NTSTATUS status;
109
110 if (!smb2_request_receive(req) ||
111 (smb2_request_is_error(req) &&
112 !NT_STATUS_EQUAL(req->status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
113 return smb2_request_destroy(req);
114 }
115
116 SMB2_CHECK_PACKET_RECV(req, 0x08, true);
117
118 io->out.session_flags = SVAL(req->in.body, 0x02);
119 io->out.uid = BVAL(req->in.hdr, SMB2_HDR_SESSION_ID);
120
121 status = smb2_pull_o16s16_blob(&req->in, mem_ctx, req->in.body+0x04, &io->out.secblob);
122 if (!NT_STATUS_IS_OK(status)) {
123 smb2_request_destroy(req);
124 return status;
125 }
126
127 return smb2_request_destroy(req);
128 }
129
130 /*
131 sync session setup request
132 */
133 NTSTATUS smb2_session_setup(struct smb2_session *session,
134 TALLOC_CTX *mem_ctx, struct smb2_session_setup *io)
135 {
136 struct smb2_request *req = smb2_session_setup_send(session, io);
137 return smb2_session_setup_recv(req, mem_ctx, io);
138 }
139
140 struct smb2_session_setup_spnego_state {
141 struct smb2_session_setup io;
142 struct smb2_request *req;
143 NTSTATUS gensec_status;
144 };
145
146 static void smb2_session_setup_spnego_handler(struct smb2_request *req);
147
148 /*
149 a composite function that does a full SPNEGO session setup
150 */
151 struct tevent_req *smb2_session_setup_spnego_send(TALLOC_CTX *mem_ctx,
152 struct tevent_context *ev,
153 struct smb2_session *session,
154 struct cli_credentials *credentials)
155 {
156 struct tevent_req *req;
157 struct smb2_session_setup_spnego_state *state;
158 const char *chosen_oid;
159 struct smb2_request *subreq;
160 NTSTATUS status;
161
162 req = tevent_req_create(mem_ctx, &state,
163 struct smb2_session_setup_spnego_state);
164 if (req == NULL) {
165 return NULL;
166 }
167
168 ZERO_STRUCT(state->io);
169 state->io.in.vc_number = 0;
170 if (session->transport->signing_required) {
171 state->io.in.security_mode =
172 SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
173 }
174 state->io.in.capabilities = 0;
175 state->io.in.channel = 0;
176 state->io.in.previous_sessionid = 0;
177
178 status = gensec_set_credentials(session->gensec, credentials);
179 if (tevent_req_nterror(req, status)) {
180 return tevent_req_post(req, ev);
181 }
182
183 status = gensec_set_target_hostname(session->gensec,
184 session->transport->socket->hostname);
185 if (tevent_req_nterror(req, status)) {
186 return tevent_req_post(req, ev);
187 }
188
189 status = gensec_set_target_service(session->gensec, "cifs");
190 if (tevent_req_nterror(req, status)) {
191 return tevent_req_post(req, ev);
192 }
193
194 if (session->transport->negotiate.secblob.length > 0) {
195 chosen_oid = GENSEC_OID_SPNEGO;
196 } else {
197 chosen_oid = GENSEC_OID_NTLMSSP;
198 }
199
200 status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
201 if (tevent_req_nterror(req, status)) {
202 return tevent_req_post(req, ev);
203 }
204
205 status = gensec_update(session->gensec, state,
206 session->transport->negotiate.secblob,
207 &state->io.in.secblob);
208 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
209 tevent_req_nterror(req, status);
210 return tevent_req_post(req, ev);
211 }
212 state->gensec_status = status;
213
214 subreq = smb2_session_setup_send(session, &state->io);
215 if (tevent_req_nomem(subreq, req)) {
216 return tevent_req_post(req, ev);
217 }
218 subreq->async.fn = smb2_session_setup_spnego_handler;
219 subreq->async.private_data = req;
220
221 return req;
222 }
223
224 /*
225 handle continuations of the spnego session setup
226 */
227 static void smb2_session_setup_spnego_handler(struct smb2_request *subreq)
228 {
229 struct tevent_req *req =
230 talloc_get_type_abort(subreq->async.private_data,
231 struct tevent_req);
232 struct smb2_session_setup_spnego_state *state =
233 tevent_req_data(req,
234 struct smb2_session_setup_spnego_state);
235 struct smb2_session *session = subreq->session;
236 NTSTATUS peer_status;
237 NTSTATUS status;
238
239 status = smb2_session_setup_recv(subreq, state, &state->io);
240 peer_status = status;
241 if (NT_STATUS_EQUAL(peer_status, NT_STATUS_MORE_PROCESSING_REQUIRED) ||
242 (NT_STATUS_IS_OK(peer_status) &&
243 NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
244 status = gensec_update(session->gensec, state,
245 state->io.out.secblob,
246 &state->io.in.secblob);
247 state->gensec_status = status;
248 session->uid = state->io.out.uid;
249 }
250
251 if (!NT_STATUS_IS_OK(status) &&
252 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
253 tevent_req_nterror(req, status);
254 return;
255 }
256
257 if (NT_STATUS_EQUAL(peer_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
258 subreq = smb2_session_setup_send(session, &state->io);
259 if (tevent_req_nomem(subreq, req)) {
260 return;
261 }
262
263 subreq->async.fn = smb2_session_setup_spnego_handler;
264 subreq->async.private_data = req;
265 return;
266 }
267
268 gensec_session_key(session->gensec, session, &session->session_key);
269
270 if (session->transport->signing_required) {
271 if (session->session_key.length == 0) {
272 DEBUG(0,("Wrong session key length %u for SMB2 signing\n",
273 (unsigned)session->session_key.length));
274 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
275 return;
276 }
277 session->signing_active = true;
278 }
279
280 tevent_req_done(req);
281 }
282
283 /*
284 receive a composite session setup reply
285 */
286 NTSTATUS smb2_session_setup_spnego_recv(struct tevent_req *req)
287 {
288 return tevent_req_simple_recv_ntstatus(req);
289 }
290
291 /*
292 sync version of smb2_session_setup_spnego
293 */
294 NTSTATUS smb2_session_setup_spnego(struct smb2_session *session,
295 struct cli_credentials *credentials)
296 {
297 struct tevent_req *subreq;
298 NTSTATUS status;
299 bool ok;
300 TALLOC_CTX *frame = talloc_stackframe();
301 struct tevent_context *ev = session->transport->socket->event.ctx;
302
303 if (frame == NULL) {
304 return NT_STATUS_NO_MEMORY;
305 }
306
307 subreq = smb2_session_setup_spnego_send(frame, ev,
308 session, credentials);
309 if (subreq == NULL) {
310 TALLOC_FREE(frame);
311 return NT_STATUS_NO_MEMORY;
312 }
313
314 ok = tevent_req_poll(subreq, ev);
315 if (!ok) {
316 status = map_nt_error_from_unix_common(errno);
317 TALLOC_FREE(frame);
318 return status;
319 }
320
321 status = smb2_session_setup_spnego_recv(subreq);
322 TALLOC_FREE(subreq);
323 if (!NT_STATUS_IS_OK(status)) {
324 TALLOC_FREE(frame);
325 return status;
326 }
327
328 TALLOC_FREE(frame);
329 return NT_STATUS_OK;
330 }
reg import