2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
27 #include "smbprofile.h"
28 #include "auth/gensec/gensec.h"
29 #include "../libcli/smb/smb_signing.h"
31 extern fstring remote_proto;
33 static void get_challenge(struct smbXsrv_connection *xconn, uint8_t buff[8])
37 /* We might be called more than once, multiple negprots are
39 if (xconn->smb1.negprot.auth_context) {
40 DEBUG(3, ("get challenge: is this a secondary negprot? "
41 "sconn->negprot.auth_context is non-NULL!\n"));
42 TALLOC_FREE(xconn->smb1.negprot.auth_context);
45 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
46 nt_status = make_auth4_context(
47 xconn, &xconn->smb1.negprot.auth_context);
48 if (!NT_STATUS_IS_OK(nt_status)) {
49 DEBUG(0, ("make_auth_context_subsystem returned %s",
50 nt_errstr(nt_status)));
51 smb_panic("cannot make_negprot_global_auth_context!");
53 DEBUG(10, ("get challenge: getting challenge\n"));
54 xconn->smb1.negprot.auth_context->get_ntlm_challenge(
55 xconn->smb1.negprot.auth_context, buff);
58 /****************************************************************************
59 Reply for the lanman 1.0 protocol.
60 ****************************************************************************/
62 static void reply_lanman1(struct smb_request *req, uint16_t choice)
65 time_t t = time(NULL);
66 struct smbXsrv_connection *xconn = req->xconn;
70 if (lp_async_smb_echo_handler()) {
73 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
76 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
78 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
79 if (xconn->smb1.negprot.encrypted_passwords) {
80 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
83 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
85 SSVAL(req->outbuf,smb_vwv0,choice);
86 SSVAL(req->outbuf,smb_vwv1,secword);
87 /* Create a token value and add it to the outgoing packet. */
88 if (xconn->smb1.negprot.encrypted_passwords) {
89 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
90 SSVAL(req->outbuf,smb_vwv11, 8);
93 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
94 if (!NT_STATUS_IS_OK(status)) {
95 reply_nterror(req, status);
99 /* Reply, SMBlockread, SMBwritelock supported. */
100 SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
101 SSVAL(req->outbuf,smb_vwv2, xconn->smb1.negprot.max_recv);
102 SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
103 SSVAL(req->outbuf,smb_vwv4, 1);
104 SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
105 readbraw writebraw (possibly) */
106 SIVAL(req->outbuf,smb_vwv6, getpid());
107 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
109 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
114 /****************************************************************************
115 Reply for the lanman 2.0 protocol.
116 ****************************************************************************/
118 static void reply_lanman2(struct smb_request *req, uint16_t choice)
121 time_t t = time(NULL);
122 struct smbXsrv_connection *xconn = req->xconn;
126 if (lp_async_smb_echo_handler()) {
129 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
132 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
134 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
135 if (xconn->smb1.negprot.encrypted_passwords) {
136 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
139 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
141 SSVAL(req->outbuf,smb_vwv0, choice);
142 SSVAL(req->outbuf,smb_vwv1, secword);
143 SIVAL(req->outbuf,smb_vwv6, getpid());
145 /* Create a token value and add it to the outgoing packet. */
146 if (xconn->smb1.negprot.encrypted_passwords) {
147 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
148 SSVAL(req->outbuf,smb_vwv11, 8);
151 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
152 if (!NT_STATUS_IS_OK(status)) {
153 reply_nterror(req, status);
157 /* Reply, SMBlockread, SMBwritelock supported. */
158 SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
159 SSVAL(req->outbuf,smb_vwv2,xconn->smb1.negprot.max_recv);
160 SSVAL(req->outbuf,smb_vwv3,lp_max_mux());
161 SSVAL(req->outbuf,smb_vwv4,1);
162 SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
163 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
164 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
167 /****************************************************************************
168 Generate the spnego negprot reply blob. Return the number of bytes used.
169 ****************************************************************************/
171 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbXsrv_connection *xconn)
173 DATA_BLOB blob = data_blob_null;
174 DATA_BLOB blob_out = data_blob_null;
181 struct gensec_security *gensec_security;
183 /* See if we can get an SPNEGO blob */
184 status = auth_generic_prepare(talloc_tos(),
185 xconn->remote_address,
186 xconn->local_address,
191 * Despite including it above, there is no need to set a
192 * remote address or similar as we are just interested in the
193 * SPNEGO blob, we never keep this context.
196 if (NT_STATUS_IS_OK(status)) {
197 status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
198 if (NT_STATUS_IS_OK(status)) {
199 status = gensec_update(gensec_security, ctx,
200 data_blob_null, &blob);
201 /* If we get the list of OIDs, the 'OK' answer
202 * is NT_STATUS_MORE_PROCESSING_REQUIRED */
203 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
204 DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
205 blob = data_blob_null;
208 TALLOC_FREE(gensec_security);
211 xconn->smb1.negprot.spnego = true;
213 /* strangely enough, NT does not sent the single OID NTLMSSP when
214 not a ADS member, it sends no OIDs at all
216 OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
217 about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
219 Our sessionsetup code now handles raw NTLMSSP connects, so we can go
220 back to doing what W2K3 does here. This is needed to make PocketPC 2003
221 CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
226 if (blob.length == 0 || blob.data == NULL) {
227 return data_blob_null;
230 blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
231 if (blob_out.data == NULL) {
232 data_blob_free(&blob);
233 return data_blob_null;
236 memset(blob_out.data, '\0', 16);
238 checked_strlcpy(unix_name, lp_netbios_name(), sizeof(unix_name));
239 (void)strlower_m(unix_name);
240 push_ascii_nstring(dos_name, unix_name);
241 strlcpy((char *)blob_out.data, dos_name, 17);
244 /* Fix valgrind 'uninitialized bytes' issue. */
245 slen = strlen(dos_name);
247 memset(blob_out.data+slen, '\0', 16 - slen);
251 memcpy(&blob_out.data[16], blob.data, blob.length);
253 data_blob_free(&blob);
258 /****************************************************************************
259 Reply for the nt protocol.
260 ****************************************************************************/
262 static void reply_nt1(struct smb_request *req, uint16_t choice)
264 /* dual names + lock_and_read + nt SMBs + remote API calls */
265 int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
266 CAP_LEVEL_II_OPLOCKS;
269 bool negotiate_spnego = False;
272 struct smbXsrv_connection *xconn = req->xconn;
273 bool signing_desired = false;
274 bool signing_required = false;
277 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
279 /* Check the flags field to see if this is Vista.
280 WinXP sets it and Vista does not. But we have to
281 distinguish from NT which doesn't set it either. */
283 if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
284 ((req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) == 0) )
286 if ((get_remote_arch() != RA_SAMBA) &&
287 (get_remote_arch() != RA_CIFSFS)) {
288 set_remote_arch( RA_VISTA );
292 reply_outbuf(req,17,0);
294 /* do spnego in user level security if the client
295 supports it and we can do encrypted passwords */
297 if (xconn->smb1.negprot.encrypted_passwords &&
298 (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
299 negotiate_spnego = True;
300 capabilities |= CAP_EXTENDED_SECURITY;
301 add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
302 /* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
303 (already partially constructed. */
304 SSVAL(req->outbuf, smb_flg2,
305 req->flags2 | FLAGS2_EXTENDED_SECURITY);
308 capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS;
311 capabilities |= CAP_UNICODE;
314 if (lp_unix_extensions()) {
315 capabilities |= CAP_UNIX;
318 if (lp_large_readwrite())
319 capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
321 capabilities |= CAP_LARGE_FILES;
323 if (!lp_async_smb_echo_handler() && lp_read_raw() && lp_write_raw())
324 capabilities |= CAP_RAW_MODE;
326 if (lp_nt_status_support())
327 capabilities |= CAP_STATUS32;
330 capabilities |= CAP_DFS;
332 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
333 if (xconn->smb1.negprot.encrypted_passwords) {
334 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
337 signing_desired = smb_signing_is_desired(xconn->smb1.signing_state);
338 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
340 if (signing_desired) {
341 secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
342 /* No raw mode with smb signing. */
343 capabilities &= ~CAP_RAW_MODE;
344 if (signing_required) {
345 secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
349 SSVAL(req->outbuf,smb_vwv0,choice);
350 SCVAL(req->outbuf,smb_vwv1,secword);
352 status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
353 if (!NT_STATUS_IS_OK(status)) {
354 reply_nterror(req, status);
358 SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
359 SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
360 SIVAL(req->outbuf,smb_vwv3+1,
361 xconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
362 SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
363 SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
364 SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
365 clock_gettime(CLOCK_REALTIME,&ts);
366 put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
367 SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
369 if (!negotiate_spnego) {
370 /* Create a token value and add it to the outgoing packet. */
371 if (xconn->smb1.negprot.encrypted_passwords) {
373 /* note that we do not send a challenge at all if
374 we are using plaintext */
375 get_challenge(xconn, chal);
376 ret = message_push_blob(
377 &req->outbuf, data_blob_const(chal, sizeof(chal)));
379 DEBUG(0, ("Could not push challenge\n"));
380 reply_nterror(req, NT_STATUS_NO_MEMORY);
383 SCVAL(req->outbuf, smb_vwv16+1, ret);
385 ret = message_push_string(&req->outbuf, lp_workgroup(),
386 STR_UNICODE|STR_TERMINATE
389 DEBUG(0, ("Could not push workgroup string\n"));
390 reply_nterror(req, NT_STATUS_NO_MEMORY);
393 ret = message_push_string(&req->outbuf, lp_netbios_name(),
394 STR_UNICODE|STR_TERMINATE
397 DEBUG(0, ("Could not push netbios name string\n"));
398 reply_nterror(req, NT_STATUS_NO_MEMORY);
401 DEBUG(3,("not using SPNEGO\n"));
403 DATA_BLOB spnego_blob = negprot_spnego(req, xconn);
405 if (spnego_blob.data == NULL) {
406 reply_nterror(req, NT_STATUS_NO_MEMORY);
410 ret = message_push_blob(&req->outbuf, spnego_blob);
412 DEBUG(0, ("Could not push spnego blob\n"));
413 reply_nterror(req, NT_STATUS_NO_MEMORY);
416 data_blob_free(&spnego_blob);
418 SCVAL(req->outbuf,smb_vwv16+1, 0);
419 DEBUG(3,("using SPNEGO\n"));
425 /* these are the protocol lists used for auto architecture detection:
428 protocol [PC NETWORK PROGRAM 1.0]
429 protocol [XENIX CORE]
430 protocol [MICROSOFT NETWORKS 1.03]
432 protocol [Windows for Workgroups 3.1a]
435 protocol [NT LM 0.12]
438 protocol [PC NETWORK PROGRAM 1.0]
439 protocol [XENIX CORE]
440 protocol [MICROSOFT NETWORKS 1.03]
442 protocol [Windows for Workgroups 3.1a]
445 protocol [NT LM 0.12]
448 protocol [PC NETWORK PROGRAM 1.0]
450 protocol [Windows for Workgroups 3.1a]
453 protocol [NT LM 0.12]
456 protocol [PC NETWORK PROGRAM 1.0]
458 protocol [Windows for Workgroups 3.1a]
461 protocol [NT LM 0.12]
465 protocol [PC NETWORK PROGRAM 1.0]
466 protocol [XENIX CORE]
472 protocol [NT LM 0.12]
478 * Modified to recognize the architecture of the remote machine better.
480 * This appears to be the matrix of which protocol is used by which
482 Protocol WfWg Win95 WinNT Win2K OS/2 Vista OSX
483 PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
485 MICROSOFT NETWORKS 3.0 2 2
487 MICROSOFT NETWORKS 1.03 3
490 Windows for Workgroups 3.1a 5 5 5 3 3
493 NT LM 0.12 6 8 6 6 6 1
498 * tim@fsg.com 09/29/95
499 * Win2K added by matty 17/7/99
502 #define PROT_PC_NETWORK_PROGRAM_1_0 0x0001
503 #define PROT_XENIX_CORE 0x0002
504 #define PROT_MICROSOFT_NETWORKS_3_0 0x0004
505 #define PROT_DOS_LM1_2X002 0x0008
506 #define PROT_MICROSOFT_NETWORKS_1_03 0x0010
507 #define PROT_DOS_LANMAN2_1 0x0020
508 #define PROT_LANMAN1_0 0x0040
509 #define PROT_WFWG 0x0080
510 #define PROT_LM1_2X002 0x0100
511 #define PROT_LANMAN2_1 0x0200
512 #define PROT_NT_LM_0_12 0x0400
513 #define PROT_SMB_2_001 0x0800
514 #define PROT_SMB_2_002 0x1000
515 #define PROT_SMB_2_FF 0x2000
516 #define PROT_SAMBA 0x4000
517 #define PROT_POSIX_2 0x8000
519 #define ARCH_WFWG ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_MICROSOFT_NETWORKS_3_0 | \
520 PROT_DOS_LM1_2X002 | PROT_DOS_LANMAN2_1 | PROT_WFWG )
521 #define ARCH_WIN95 ( ARCH_WFWG | PROT_NT_LM_0_12 )
522 #define ARCH_WINNT ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_XENIX_CORE | \
523 PROT_MICROSOFT_NETWORKS_1_03 | PROT_LANMAN1_0 | PROT_WFWG | \
524 PROT_LM1_2X002 | PROT_LANMAN2_1 | PROT_NT_LM_0_12 )
525 #define ARCH_WIN2K ( ARCH_WINNT & ~(PROT_XENIX_CORE | PROT_MICROSOFT_NETWORKS_1_03) )
526 #define ARCH_OS2 ( ARCH_WINNT & ~(PROT_MICROSOFT_NETWORKS_1_03 | PROT_WFWG) )
527 #define ARCH_VISTA ( ARCH_WIN2K | PROT_SMB_2_001 )
528 #define ARCH_SAMBA ( PROT_SAMBA )
529 #define ARCH_CIFSFS ( PROT_POSIX_2 )
530 #define ARCH_OSX ( PROT_NT_LM_0_12 | PROT_SMB_2_002 | PROT_SMB_2_FF )
532 /* List of supported protocols, most desired first */
533 static const struct {
534 const char *proto_name;
535 const char *short_name;
536 void (*proto_reply_fn)(struct smb_request *req, uint16_t choice);
538 } supported_protocols[] = {
539 {"SMB 2.???", "SMB2_FF", reply_smb20ff, PROTOCOL_SMB2_10},
540 {"SMB 2.002", "SMB2_02", reply_smb2002, PROTOCOL_SMB2_02},
541 {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
542 {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
543 {"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
544 {"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
545 {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
546 {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
547 {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
548 {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
549 {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
553 /****************************************************************************
555 conn POINTER CAN BE NULL HERE !
556 ****************************************************************************/
558 void reply_negprot(struct smb_request *req)
561 int chosen_level = -1;
562 bool choice_set = false;
569 size_t converted_size;
570 struct smbXsrv_connection *xconn = req->xconn;
571 struct smbd_server_connection *sconn = req->sconn;
572 bool signing_required = true;
576 START_PROFILE(SMBnegprot);
578 if (xconn->smb1.negprot.done) {
579 END_PROFILE(SMBnegprot);
580 exit_server_cleanly("multiple negprot's are not permitted");
582 xconn->smb1.negprot.done = true;
584 if (req->buflen == 0) {
585 DEBUG(0, ("negprot got no protocols\n"));
586 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
587 END_PROFILE(SMBnegprot);
591 if (req->buf[req->buflen-1] != '\0') {
592 DEBUG(0, ("negprot protocols not 0-terminated\n"));
593 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
594 END_PROFILE(SMBnegprot);
598 p = (const char *)req->buf + 1;
603 while (smbreq_bufrem(req, p) > 0) {
607 tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
610 DEBUG(0, ("talloc failed\n"));
611 TALLOC_FREE(cliprotos);
612 reply_nterror(req, NT_STATUS_NO_MEMORY);
613 END_PROFILE(SMBnegprot);
619 if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
621 DEBUG(0, ("pull_ascii_talloc failed\n"));
622 TALLOC_FREE(cliprotos);
623 reply_nterror(req, NT_STATUS_NO_MEMORY);
624 END_PROFILE(SMBnegprot);
628 DEBUG(3, ("Requested protocol [%s]\n",
629 cliprotos[num_cliprotos]));
635 for (i=0; i<num_cliprotos; i++) {
636 if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a")) {
637 protocols |= PROT_WFWG;
638 } else if (strcsequal(cliprotos[i], "DOS LM1.2X002")) {
639 protocols |= PROT_DOS_LM1_2X002;
640 } else if (strcsequal(cliprotos[i], "DOS LANMAN2.1")) {
641 protocols |= PROT_DOS_LANMAN2_1;
642 } else if (strcsequal(cliprotos[i], "LANMAN1.0")) {
643 protocols |= PROT_LANMAN1_0;
644 } else if (strcsequal(cliprotos[i], "NT LM 0.12")) {
645 protocols |= PROT_NT_LM_0_12;
646 } else if (strcsequal(cliprotos[i], "SMB 2.001")) {
647 protocols |= PROT_SMB_2_001;
648 } else if (strcsequal(cliprotos[i], "SMB 2.002")) {
649 protocols |= PROT_SMB_2_002;
650 } else if (strcsequal(cliprotos[i], "SMB 2.???")) {
651 protocols |= PROT_SMB_2_FF;
652 } else if (strcsequal(cliprotos[i], "LANMAN2.1")) {
653 protocols |= PROT_LANMAN2_1;
654 } else if (strcsequal(cliprotos[i], "LM1.2X002")) {
655 protocols |= PROT_LM1_2X002;
656 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03")) {
657 protocols |= PROT_MICROSOFT_NETWORKS_1_03;
658 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 3.0")) {
659 protocols |= PROT_MICROSOFT_NETWORKS_3_0;
660 } else if (strcsequal(cliprotos[i], "PC NETWORK PROGRAM 1.0")) {
661 protocols |= PROT_PC_NETWORK_PROGRAM_1_0;
662 } else if (strcsequal(cliprotos[i], "XENIX CORE")) {
663 protocols |= PROT_XENIX_CORE;
664 } else if (strcsequal(cliprotos[i], "Samba")) {
665 protocols = PROT_SAMBA;
667 } else if (strcsequal(cliprotos[i], "POSIX 2")) {
668 protocols = PROT_POSIX_2;
673 switch ( protocols ) {
674 /* Old CIFSFS can send one arch only, NT LM 0.12. */
675 case PROT_NT_LM_0_12:
677 set_remote_arch(RA_CIFSFS);
680 set_remote_arch(RA_SAMBA);
683 set_remote_arch(RA_WFWG);
686 set_remote_arch(RA_WIN95);
689 set_remote_arch(RA_WINNT);
692 set_remote_arch(RA_WIN2K);
695 set_remote_arch(RA_VISTA);
698 set_remote_arch(RA_OS2);
701 set_remote_arch(RA_OSX);
704 set_remote_arch(RA_UNKNOWN);
708 /* possibly reload - change of architecture */
709 reload_services(sconn, conn_snum_used, true);
712 * Anything higher than PROTOCOL_SMB2_10 still
713 * needs to go via "SMB 2.???", which is marked
714 * as PROTOCOL_SMB2_10.
716 * The real negotiation happens via reply_smb20ff()
717 * using SMB2 Negotiation.
719 max_proto = lp_server_max_protocol();
720 if (max_proto > PROTOCOL_SMB2_10) {
721 max_proto = PROTOCOL_SMB2_10;
723 min_proto = lp_server_min_protocol();
724 if (min_proto > PROTOCOL_SMB2_10) {
725 min_proto = PROTOCOL_SMB2_10;
728 /* Check for protocols, most desirable first */
729 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
731 if ((supported_protocols[protocol].protocol_level <= max_proto) &&
732 (supported_protocols[protocol].protocol_level >= min_proto))
733 while (i < num_cliprotos) {
734 if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
736 chosen_level = supported_protocols[protocol].protocol_level;
749 DBG_NOTICE("No protocol supported !\n");
750 reply_outbuf(req, 1, 0);
751 SSVAL(req->outbuf, smb_vwv0, choice);
753 ok = srv_send_smb(xconn, (char *)req->outbuf,
754 false, 0, false, NULL);
756 DBG_NOTICE("srv_send_smb failed\n");
758 exit_server_cleanly("no protocol supported\n");
761 fstrcpy(remote_proto,supported_protocols[protocol].short_name);
762 reload_services(sconn, conn_snum_used, true);
763 supported_protocols[protocol].proto_reply_fn(req, choice);
764 DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
766 DBG_INFO("negprot index=%zu\n", choice);
768 /* We always have xconn->smb1.signing_state also for >= SMB2_02 */
769 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
770 if (signing_required && (chosen_level < PROTOCOL_NT1)) {
771 exit_server_cleanly("SMB signing is required and "
772 "client negotiated a downlevel protocol");
775 TALLOC_FREE(cliprotos);
777 if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
778 !fork_echo_handler(xconn)) {
779 exit_server("Failed to fork echo handler");
782 END_PROFILE(SMBnegprot);
git.samba.org / samba.git / blob