source3/smbd/smb2_sesssetup.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Core SMB2 server
   4
   5    Copyright (C) Stefan Metzmacher 2009
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22 #include "smbd/globals.h"
  23 #include "../source4/libcli/smb2/smb2_constants.h"
  24
  25 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req,
  26                                         uint64_t in_session_id,
  27                                         DATA_BLOB in_security_buffer,
  28                                         DATA_BLOB *out_security_buffer,
  29                                         uint64_t *out_session_id);
  30
  31 NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *req)
  32 {
  33         const uint8_t *inhdr;
  34         const uint8_t *inbody;
  35         int i = req->current_idx;
  36         uint8_t *outhdr;
  37         DATA_BLOB outbody;
  38         DATA_BLOB outdyn;
  39         size_t expected_body_size = 0x19;
  40         size_t body_size;
  41         uint64_t in_session_id;
  42         uint16_t in_security_offset;
  43         uint16_t in_security_length;
  44         DATA_BLOB in_security_buffer;
  45         uint64_t out_session_id;
  46         uint16_t out_security_offset;
  47         DATA_BLOB out_security_buffer;
  48         NTSTATUS status;
  49
  50         inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
  51
  52         if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
  53                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  54         }
  55
  56         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
  57
  58         body_size = SVAL(inbody, 0x00);
  59         if (body_size != expected_body_size) {
  60                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  61         }
  62
  63         in_security_offset = SVAL(inbody, 0x0C);
  64         in_security_length = SVAL(inbody, 0x0E);
  65
  66         if (in_security_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
  67                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  68         }
  69
  70         if (in_security_length > req->in.vector[i+2].iov_len) {
  71                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  72         }
  73
  74         in_session_id = SVAL(inhdr, SMB2_HDR_SESSION_ID);
  75         in_security_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
  76         in_security_buffer.length = in_security_length;
  77
  78         status = smbd_smb2_session_setup(req,
  79                                          in_session_id,
  80                                          in_security_buffer,
  81                                          &out_security_buffer,
  82                                          &out_session_id);
  83         if (!NT_STATUS_IS_OK(status) &&
  84             !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
  85                 status = nt_status_squash(status);
  86                 return smbd_smb2_request_error(req, status);
  87         }
  88
  89         out_security_offset = SMB2_HDR_BODY + 0x08;
  90
  91         outhdr = (uint8_t *)req->out.vector[i].iov_base;
  92
  93         outbody = data_blob_talloc(req->out.vector, NULL, 0x08);
  94         if (outbody.data == NULL) {
  95                 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
  96         }
  97
  98         SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id);
  99
 100         SSVAL(outbody.data, 0x00, 0x08 + 1);    /* struct size */
 101         SSVAL(outbody.data, 0x02, 0);           /* session flags */
 102         SSVAL(outbody.data, 0x04,
 103               out_security_offset);             /* security buffer offset */
 104         SSVAL(outbody.data, 0x06,
 105               out_security_buffer.length);      /* security buffer length */
 106
 107         outdyn = out_security_buffer;
 108
 109         return smbd_smb2_request_done_ex(req, status, outbody, &outdyn);
 110 }
 111
 112 static int smbd_smb2_session_destructor(struct smbd_smb2_session *session)
 113 {
 114         if (session->conn == NULL) {
 115                 return 0;
 116         }
 117
 118         idr_remove(session->conn->smb2.sessions.idtree, session->vuid);
 119         DLIST_REMOVE(session->conn->smb2.sessions.list, session);
 120
 121         return 0;
 122 }
 123
 124 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req,
 125                                         uint64_t in_session_id,
 126                                         DATA_BLOB in_security_buffer,
 127                                         DATA_BLOB *out_security_buffer,
 128                                         uint64_t *out_session_id)
 129 {
 130         struct smbd_smb2_session *session;
 131         NTSTATUS status;
 132
 133         if (in_session_id == 0) {
 134                 int id;
 135
 136                 /* create a new session */
 137                 session = talloc_zero(req->conn, struct smbd_smb2_session);
 138                 if (session == NULL) {
 139                         return NT_STATUS_NO_MEMORY;
 140                 }
 141                 session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
 142                 id = idr_get_new_random(req->conn->smb2.sessions.idtree,
 143                                         session,
 144                                         req->conn->smb2.sessions.limit);
 145                 if (id == -1) {
 146                         return NT_STATUS_INSUFFICIENT_RESOURCES;
 147                 }
 148                 session->vuid = id;
 149                 DLIST_ADD_END(req->conn->smb2.sessions.list, session,
 150                               struct smbd_smb2_session *);
 151                 session->conn = req->conn;
 152                 talloc_set_destructor(session, smbd_smb2_session_destructor);
 153         } else {
 154                 void *p;
 155
 156                 /* lookup an existing session */
 157                 p = idr_find(req->conn->smb2.sessions.idtree, in_session_id);
 158                 if (p == NULL) {
 159                         return NT_STATUS_USER_SESSION_DELETED;
 160                 }
 161                 session = talloc_get_type_abort(p, struct smbd_smb2_session);
 162         }
 163
 164         if (NT_STATUS_IS_OK(session->status)) {
 165                 return NT_STATUS_REQUEST_NOT_ACCEPTED;
 166         }
 167
 168         if (session->auth_ntlmssp_state == NULL) {
 169                 status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
 170                 if (!NT_STATUS_IS_OK(status)) {
 171                         return status;
 172                 }
 173         }
 174
 175         status = auth_ntlmssp_update(session->auth_ntlmssp_state,
 176                                      in_security_buffer,
 177                                      out_security_buffer);
 178         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 179                 /* nothing to do */
 180         } else if (NT_STATUS_IS_OK(status)) {
 181                 /* TODO: setup session key for signing */
 182                 session->status = NT_STATUS_OK;
 183         } else {
 184                 return status;
 185         }
 186
 187         *out_session_id = session->vuid;
 188         return status;
 189 }
 190