#include "includes.h"
#include "../lib/tsocket/tsocket.h"
+#include "lib/util/server_id.h"
#include "smbd/smbd.h"
#include "smbd/globals.h"
-#include "../libcli/auth/spnego.h"
-#include "../auth/ntlmssp/ntlmssp.h"
-#include "../librpc/gen_ndr/krb5pac.h"
-#include "libads/kerberos_proto.h"
-#include "../lib/util/asn1.h"
#include "auth.h"
#include "messages.h"
#include "smbprofile.h"
#include "../libcli/security/security.h"
#include "auth/gensec/gensec.h"
+#include "lib/conn_tdb.h"
+#include "../libcli/smb/smb_signing.h"
/****************************************************************************
Add the standard 'Samba' signature to the end of the session setup.
****************************************************************************/
-static int push_signature(uint8 **outbuf)
+static int push_signature(uint8_t **outbuf)
{
char *lanman;
int result, tmp;
+ fstring native_os;
result = 0;
- tmp = message_push_string(outbuf, "Unix", STR_TERMINATE);
+ fstr_sprintf(native_os, "Windows %d.%d", SAMBA_MAJOR_NBT_ANNOUNCE_VERSION,
+ SAMBA_MINOR_NBT_ANNOUNCE_VERSION);
+
+ tmp = message_push_string(outbuf, native_os, STR_TERMINATE);
if (tmp == -1) return -1;
result += tmp;
return result;
}
-/****************************************************************************
- Send a security blob via a session setup reply.
-****************************************************************************/
-
-static void reply_sesssetup_blob(struct smb_request *req,
- DATA_BLOB blob,
- NTSTATUS nt_status)
-{
- if (!NT_STATUS_IS_OK(nt_status) &&
- !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- reply_nterror(req, nt_status_squash(nt_status));
- return;
- }
-
- nt_status = nt_status_squash(nt_status);
- SIVAL(req->outbuf, smb_rcls, NT_STATUS_V(nt_status));
- SSVAL(req->outbuf, smb_vwv0, 0xFF); /* no chaining possible */
- SSVAL(req->outbuf, smb_vwv3, blob.length);
-
- if ((message_push_blob(&req->outbuf, blob) == -1)
- || (push_signature(&req->outbuf) == -1)) {
- reply_nterror(req, NT_STATUS_NO_MEMORY);
- }
-}
-
-/****************************************************************************
- Do a 'guest' logon, getting back the
-****************************************************************************/
-
-static NTSTATUS check_guest_password(const struct tsocket_address *remote_address,
- struct auth_serversupplied_info **server_info)
-{
- struct auth_context *auth_context;
- struct auth_usersupplied_info *user_info = NULL;
-
- NTSTATUS nt_status;
- static unsigned char chal[8] = { 0, };
-
- DEBUG(3,("Got anonymous request\n"));
-
- nt_status = make_auth_context_fixed(talloc_tos(), &auth_context, chal);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- if (!make_user_info_guest(remote_address, &user_info)) {
- TALLOC_FREE(auth_context);
- return NT_STATUS_NO_MEMORY;
- }
-
- nt_status = auth_context->check_ntlm_password(auth_context,
- user_info,
- server_info);
- TALLOC_FREE(auth_context);
- free_user_info(&user_info);
- return nt_status;
-}
-
-/****************************************************************************
- Send a session setup reply, wrapped in SPNEGO.
- Get vuid and check first.
- End the NTLMSSP exchange context if we are OK/complete fail
- This should be split into two functions, one to handle each
- leg of the NTLM auth steps.
-***************************************************************************/
-
-static void reply_spnego_ntlmssp(struct smb_request *req,
- uint16 vuid,
- struct gensec_security **gensec_security,
- DATA_BLOB *ntlmssp_blob, NTSTATUS nt_status,
- const char *OID,
- bool wrap)
-{
- bool do_invalidate = true;
- DATA_BLOB response;
- struct auth_session_info *session_info = NULL;
- struct smbd_server_connection *sconn = req->sconn;
-
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = gensec_session_info(*gensec_security,
- talloc_tos(),
- &session_info);
- }
-
- reply_outbuf(req, 4, 0);
-
- SSVAL(req->outbuf, smb_uid, vuid);
-
- if (NT_STATUS_IS_OK(nt_status)) {
- DATA_BLOB nullblob = data_blob_null;
-
- if (!is_partial_auth_vuid(sconn, vuid)) {
- nt_status = NT_STATUS_LOGON_FAILURE;
- goto out;
- }
-
- /* register_existing_vuid keeps the server info */
- if (register_existing_vuid(sconn, vuid,
- session_info, nullblob) !=
- vuid) {
- /* The problem is, *gensec_security points
- * into the vuser this will have
- * talloc_free()'ed in
- * register_existing_vuid() */
- do_invalidate = false;
- nt_status = NT_STATUS_LOGON_FAILURE;
- goto out;
- }
-
- /* current_user_info is changed on new vuid */
- reload_services(sconn, conn_snum_used, true);
-
- SSVAL(req->outbuf, smb_vwv3, 0);
-
- if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
- SSVAL(req->outbuf,smb_vwv2,1);
- }
- }
-
- out:
-
- if (wrap) {
- response = spnego_gen_auth_response(talloc_tos(),
- ntlmssp_blob,
- nt_status, OID);
- } else {
- response = *ntlmssp_blob;
- }
-
- reply_sesssetup_blob(req, response, nt_status);
- if (wrap) {
- data_blob_free(&response);
- }
-
- /* NT_STATUS_MORE_PROCESSING_REQUIRED from our NTLMSSP code tells us,
- and the other end, that we are not finished yet. */
-
- if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- /* NB. This is *NOT* an error case. JRA */
- if (do_invalidate) {
- TALLOC_FREE(*gensec_security);
- if (!NT_STATUS_IS_OK(nt_status)) {
- /* Kill the intermediate vuid */
- invalidate_vuid(sconn, vuid);
- }
- }
- }
-}
-
/****************************************************************************
Reply to a session setup command.
conn POINTER CAN BE NULL HERE !
static void reply_sesssetup_and_X_spnego(struct smb_request *req)
{
- const uint8 *p;
- DATA_BLOB blob1;
+ const uint8_t *p;
+ DATA_BLOB in_blob;
+ DATA_BLOB out_blob = data_blob_null;
size_t bufrem;
char *tmp;
const char *native_os;
const char *native_lanman;
const char *primary_domain;
- const char *p2;
- uint16 data_blob_len = SVAL(req->vwv+7, 0);
+ uint16_t data_blob_len = SVAL(req->vwv+7, 0);
enum remote_arch_types ra_type = get_remote_arch();
- int vuid = req->vuid;
- user_struct *vuser = NULL;
+ uint64_t vuid = req->vuid;
NTSTATUS status = NT_STATUS_OK;
+ struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
- DATA_BLOB chal;
+ uint16_t action = 0;
+ bool is_authenticated = false;
+ NTTIME now = timeval_to_nttime(&req->request_time);
+ struct smbXsrv_session *session = NULL;
+ uint16_t smb_bufsize = SVAL(req->vwv+2, 0);
+ uint32_t client_caps = IVAL(req->vwv+10, 0);
+ struct smbXsrv_session_auth0 *auth;
DEBUG(3,("Doing spnego session setup\n"));
- if (global_client_caps == 0) {
- global_client_caps = IVAL(req->vwv+10, 0);
+ if (!xconn->smb1.sessions.done_sesssetup) {
+ global_client_caps = client_caps;
if (!(global_client_caps & CAP_STATUS32)) {
remove_from_common_flags2(FLAGS2_32_BIT_ERROR_CODES);
}
-
}
p = req->buf;
bufrem = smbreq_bufrem(req, p);
/* pull the spnego blob */
- blob1 = data_blob(p, MIN(bufrem, data_blob_len));
+ in_blob = data_blob_const(p, MIN(bufrem, data_blob_len));
#if 0
- file_save("negotiate.dat", blob1.data, blob1.length);
+ file_save("negotiate.dat", in_blob.data, in_blob.length);
#endif
- p2 = (const char *)req->buf + blob1.length;
+ p = req->buf + in_blob.length;
- p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
native_os = tmp ? tmp : "";
- p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
native_lanman = tmp ? tmp : "";
- p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
primary_domain = tmp ? tmp : "";
}
}
- /* Do we have a valid vuid now ? */
- if (!is_partial_auth_vuid(sconn, vuid)) {
- /* No, start a new authentication setup. */
- vuid = register_initial_vuid(sconn);
- if (vuid == UID_FIELD_INVALID) {
- data_blob_free(&blob1);
- reply_nterror(req, nt_status_squash(
- NT_STATUS_INVALID_PARAMETER));
+ if (vuid != 0) {
+ status = smb1srv_session_lookup(xconn,
+ vuid, now,
+ &session);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
+ reply_force_doserror(req, ERRSRV, ERRbaduid);
+ return;
+ }
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
+ status = NT_STATUS_OK;
+ }
+ if (NT_STATUS_IS_OK(status)) {
+ session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ TALLOC_FREE(session->pending_auth);
+ }
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ reply_nterror(req, nt_status_squash(status));
+ return;
+ }
+ }
+
+ if (session == NULL) {
+ /* create a new session */
+ status = smbXsrv_session_create(xconn,
+ now, &session);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, nt_status_squash(status));
+ return;
+ }
+ }
+
+ status = smbXsrv_session_find_auth(session, xconn, now, &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ status = smbXsrv_session_create_auth(session, xconn, now,
+ 0, /* flags */
+ 0, /* security */
+ &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, nt_status_squash(status));
return;
}
}
- vuser = get_partial_auth_user_struct(sconn, vuid);
- /* This MUST be valid. */
- if (!vuser) {
- smb_panic("reply_sesssetup_and_X_spnego: invalid vuid.");
+ if (auth->gensec == NULL) {
+ status = auth_generic_prepare(session,
+ xconn->remote_address,
+ xconn->local_address,
+ "SMB",
+ &auth->gensec);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(session);
+ reply_nterror(req, nt_status_squash(status));
+ return;
+ }
+
+ gensec_want_feature(auth->gensec, GENSEC_FEATURE_SESSION_KEY);
+ gensec_want_feature(auth->gensec, GENSEC_FEATURE_UNIX_TOKEN);
+ gensec_want_feature(auth->gensec, GENSEC_FEATURE_SMB_TRANSPORT);
+
+ status = gensec_start_mech_by_oid(auth->gensec,
+ GENSEC_OID_SPNEGO);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to start SPNEGO handler!\n"));
+ TALLOC_FREE(session);;
+ reply_nterror(req, nt_status_squash(status));
+ return;
+ }
+ }
+
+ become_root();
+ status = gensec_update(auth->gensec,
+ talloc_tos(),
+ in_blob, &out_blob);
+ unbecome_root();
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ TALLOC_FREE(session);
+ reply_nterror(req, nt_status_squash(status));
+ return;
}
- if (!vuser->gensec_security) {
- status = auth_generic_prepare(vuser, sconn->remote_address,
- &vuser->gensec_security);
+ if (NT_STATUS_IS_OK(status) && session->global->auth_session_info == NULL) {
+ struct auth_session_info *session_info = NULL;
+
+ status = gensec_session_info(auth->gensec,
+ session,
+ &session_info);
if (!NT_STATUS_IS_OK(status)) {
- /* Kill the intermediate vuid */
- invalidate_vuid(sconn, vuid);
- data_blob_free(&blob1);
+ DEBUG(1,("Failed to generate session_info "
+ "(user and group token) for session setup: %s\n",
+ nt_errstr(status)));
+ data_blob_free(&out_blob);
+ TALLOC_FREE(session);
reply_nterror(req, nt_status_squash(status));
return;
}
- gensec_want_feature(vuser->gensec_security, GENSEC_FEATURE_SESSION_KEY);
- gensec_want_feature(vuser->gensec_security, GENSEC_FEATURE_UNIX_TOKEN);
+ if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
+ action |= SMB_SETUP_GUEST;
+ }
+
+ if (session_info->session_key.length > 0) {
+ struct smbXsrv_session *x = session;
- if (sconn->use_gensec_hook) {
- status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_SPNEGO);
+ /*
+ * Note: the SMB1 signing key is not truncated to 16 byte!
+ */
+ x->global->signing_key =
+ data_blob_dup_talloc(x->global,
+ session_info->session_key);
+ if (x->global->signing_key.data == NULL) {
+ data_blob_free(&out_blob);
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+
+ /*
+ * clear the session key
+ * the first tcon will add setup the application key
+ */
+ data_blob_clear_free(&session_info->session_key);
+ }
+
+ session->compat = talloc_zero(session, struct user_struct);
+ if (session->compat == NULL) {
+ data_blob_free(&out_blob);
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+ session->compat->session = session;
+ session->compat->homes_snum = -1;
+ session->compat->session_info = session_info;
+ session->compat->session_keystr = NULL;
+ session->compat->vuid = session->global->session_wire_id;
+ DLIST_ADD(sconn->users, session->compat);
+ sconn->num_users++;
+
+ if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+ is_authenticated = true;
+ session->compat->homes_snum =
+ register_homes_share(session_info->unix_info->unix_name);
+ }
+
+ if (srv_is_signing_negotiated(xconn) &&
+ is_authenticated &&
+ session->global->signing_key.length > 0)
+ {
+ /*
+ * Try and turn on server signing on the first non-guest
+ * sessionsetup.
+ */
+ srv_set_signing(xconn,
+ session->global->signing_key,
+ data_blob_null);
+ }
+
+ set_current_user_info(session_info->unix_info->sanitized_username,
+ session_info->unix_info->unix_name,
+ session_info->info->domain_name);
+
+ session->status = NT_STATUS_OK;
+ session->global->auth_session_info = talloc_move(session->global,
+ &session_info);
+ session->global->auth_session_info_seqnum += 1;
+ session->global->channels[0].auth_session_info_seqnum =
+ session->global->auth_session_info_seqnum;
+ session->global->auth_time = now;
+ if (client_caps & CAP_DYNAMIC_REAUTH) {
+ session->global->expiration_time =
+ gensec_expire_time(auth->gensec);
} else {
- status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_NTLMSSP);
+ session->global->expiration_time =
+ GENSEC_EXPIRE_TIME_INFINITY;
}
+
+ if (!session_claim(session)) {
+ DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n",
+ (unsigned long long)session->compat->vuid));
+ data_blob_free(&out_blob);
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_LOGON_FAILURE);
+ return;
+ }
+
+ status = smbXsrv_session_update(session);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("smb1: Failed to update session for vuid=%llu - %s\n",
+ (unsigned long long)session->compat->vuid,
+ nt_errstr(status)));
+ data_blob_free(&out_blob);
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_LOGON_FAILURE);
+ return;
+ }
+
+ if (!xconn->smb1.sessions.done_sesssetup) {
+ if (smb_bufsize < SMB_BUFFER_SIZE_MIN) {
+ reply_force_doserror(req, ERRSRV, ERRerror);
+ return;
+ }
+ xconn->smb1.sessions.max_send = smb_bufsize;
+ xconn->smb1.sessions.done_sesssetup = true;
+ }
+
+ /* current_user_info is changed on new vuid */
+ reload_services(sconn, conn_snum_used, true);
+ } else if (NT_STATUS_IS_OK(status)) {
+ struct auth_session_info *session_info = NULL;
+
+ status = gensec_session_info(auth->gensec,
+ session,
+ &session_info);
if (!NT_STATUS_IS_OK(status)) {
- /* Kill the intermediate vuid */
- invalidate_vuid(sconn, vuid);
- data_blob_free(&blob1);
+ DEBUG(1,("Failed to generate session_info "
+ "(user and group token) for session setup: %s\n",
+ nt_errstr(status)));
+ data_blob_free(&out_blob);
+ TALLOC_FREE(session);
reply_nterror(req, nt_status_squash(status));
return;
}
+
+ if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
+ action |= SMB_SETUP_GUEST;
+ }
+
+ /*
+ * Keep the application key
+ */
+ data_blob_clear_free(&session_info->session_key);
+ session_info->session_key =
+ session->global->auth_session_info->session_key;
+ talloc_steal(session_info, session_info->session_key.data);
+ TALLOC_FREE(session->global->auth_session_info);
+
+ session->compat->session_info = session_info;
+
+ session->compat->vuid = session->global->session_wire_id;
+
+ if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+ session->compat->homes_snum =
+ register_homes_share(session_info->unix_info->unix_name);
+ }
+
+ set_current_user_info(session_info->unix_info->sanitized_username,
+ session_info->unix_info->unix_name,
+ session_info->info->domain_name);
+
+ session->status = NT_STATUS_OK;
+ session->global->auth_session_info = talloc_move(session->global,
+ &session_info);
+ session->global->auth_session_info_seqnum += 1;
+ session->global->channels[0].auth_session_info_seqnum =
+ session->global->auth_session_info_seqnum;
+ session->global->auth_time = now;
+ if (client_caps & CAP_DYNAMIC_REAUTH) {
+ session->global->expiration_time =
+ gensec_expire_time(auth->gensec);
+ } else {
+ session->global->expiration_time =
+ GENSEC_EXPIRE_TIME_INFINITY;
+ }
+
+ status = smbXsrv_session_update(session);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("smb1: Failed to update session for vuid=%llu - %s\n",
+ (unsigned long long)session->compat->vuid,
+ nt_errstr(status)));
+ data_blob_free(&out_blob);
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_LOGON_FAILURE);
+ return;
+ }
+
+ conn_clear_vuid_caches(sconn, session->compat->vuid);
+
+ /* current_user_info is changed on new vuid */
+ reload_services(sconn, conn_snum_used, true);
}
- status = gensec_update(vuser->gensec_security,
- talloc_tos(), NULL,
- blob1, &chal);
+ vuid = session->global->session_wire_id;
+
+ reply_outbuf(req, 4, 0);
+
+ SSVAL(req->outbuf, smb_uid, vuid);
+ SIVAL(req->outbuf, smb_rcls, NT_STATUS_V(status));
+ SSVAL(req->outbuf, smb_vwv0, 0xFF); /* no chaining possible */
+ SSVAL(req->outbuf, smb_vwv2, action);
+ SSVAL(req->outbuf, smb_vwv3, out_blob.length);
- data_blob_free(&blob1);
+ if (message_push_blob(&req->outbuf, out_blob) == -1) {
+ data_blob_free(&out_blob);
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+ data_blob_free(&out_blob);
- reply_spnego_ntlmssp(req, vuid,
- &vuser->gensec_security,
- &chal, status, NULL, false);
- data_blob_free(&chal);
- return;
+ if (push_signature(&req->outbuf) == -1) {
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+#if 0
+ if (!sconn->smb1.sessions.done_sesssetup) {
+ sconn->smb1.sessions.max_send =
+ MIN(sconn->smb1.sessions.max_send,smb_bufsize);
+ }
+ sconn->smb1.sessions.done_sesssetup = true;
+#endif
}
/****************************************************************************
struct messaging_context *msg_ctx;
};
-static int shutdown_other_smbds(const struct connections_key *key,
- const struct connections_data *crec,
+static int shutdown_other_smbds(struct smbXsrv_session_global0 *session,
void *private_data)
{
struct shutdown_state *state = (struct shutdown_state *)private_data;
+ struct server_id self_pid = messaging_server_id(state->msg_ctx);
+ struct server_id pid = session->channels[0].server_id;
+ const char *addr = session->channels[0].remote_address;
+ struct server_id_buf tmp;
DEBUG(10, ("shutdown_other_smbds: %s, %s\n",
- server_id_str(talloc_tos(), &crec->pid), crec->addr));
+ server_id_str_buf(pid, &tmp), addr));
- if (!process_exists(crec->pid)) {
+ if (!process_exists(pid)) {
DEBUG(10, ("process does not exist\n"));
return 0;
}
- if (procid_is_me(&crec->pid)) {
+ if (serverid_equal(&pid, &self_pid)) {
DEBUG(10, ("It's me\n"));
return 0;
}
- if (strcmp(state->ip, crec->addr) != 0) {
- DEBUG(10, ("%s does not match %s\n", state->ip, crec->addr));
+ /*
+ * here we use strstr() because 'addr'
+ * (session->channels[0].remote_address)
+ * contains a string like:
+ * 'ipv4:127.0.0.1:48163'
+ */
+ if (strstr(addr, state->ip) == NULL) {
+ DEBUG(10, ("%s does not match %s\n", state->ip, addr));
return 0;
}
DEBUG(1, ("shutdown_other_smbds: shutting down pid %u "
- "(IP %s)\n", (unsigned int)procid_to_pid(&crec->pid),
+ "(IP %s)\n", (unsigned int)procid_to_pid(&pid),
state->ip));
- messaging_send(state->msg_ctx, crec->pid, MSG_SHUTDOWN,
+ messaging_send(state->msg_ctx, pid, MSG_SHUTDOWN,
&data_blob_null);
return 0;
}
}
state.ip = addr;
state.msg_ctx = sconn->msg_ctx;
- connections_forall_read(shutdown_other_smbds, &state);
+ smbXsrv_session_global_traverse(shutdown_other_smbds, &state);
TALLOC_FREE(addr);
}
}
Reply to a session setup command.
****************************************************************************/
-void reply_sesssetup_and_X(struct smb_request *req)
-{
- int sess_vuid;
- int smb_bufsize;
+struct reply_sesssetup_and_X_state {
+ struct smb_request *req;
+ struct auth4_context *auth_context;
+ struct auth_usersupplied_info *user_info;
+ const char *user;
+ const char *domain;
DATA_BLOB lm_resp;
DATA_BLOB nt_resp;
DATA_BLOB plaintext_password;
+};
+
+static int reply_sesssetup_and_X_state_destructor(
+ struct reply_sesssetup_and_X_state *state)
+{
+ data_blob_clear_free(&state->nt_resp);
+ data_blob_clear_free(&state->lm_resp);
+ data_blob_clear_free(&state->plaintext_password);
+ return 0;
+}
+
+void reply_sesssetup_and_X(struct smb_request *req)
+{
+ struct reply_sesssetup_and_X_state *state = NULL;
+ uint64_t sess_vuid;
+ uint16_t smb_bufsize;
char *tmp;
- const char *user;
fstring sub_user; /* Sanitised username for substituion */
- const char *domain;
const char *native_os;
const char *native_lanman;
const char *primary_domain;
- struct auth_usersupplied_info *user_info = NULL;
- struct auth_serversupplied_info *server_info = NULL;
struct auth_session_info *session_info = NULL;
- uint16 smb_flag2 = req->flags2;
-
+ uint16_t smb_flag2 = req->flags2;
+ uint16_t action = 0;
+ bool is_authenticated = false;
+ NTTIME now = timeval_to_nttime(&req->request_time);
+ struct smbXsrv_session *session = NULL;
NTSTATUS nt_status;
+ struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
-
- bool doencrypt = sconn->smb1.negprot.encrypted_passwords;
+ bool doencrypt = xconn->smb1.negprot.encrypted_passwords;
bool signing_allowed = false;
- bool signing_mandatory = false;
+ bool signing_mandatory = smb_signing_is_mandatory(
+ xconn->smb1.signing_state);
START_PROFILE(SMBsesssetupX);
- ZERO_STRUCT(lm_resp);
- ZERO_STRUCT(nt_resp);
- ZERO_STRUCT(plaintext_password);
-
DEBUG(3,("wct=%d flg2=0x%x\n", req->wct, req->flags2));
+ state = talloc_zero(req, struct reply_sesssetup_and_X_state);
+ if (state == NULL) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
+ state->req = req;
+ talloc_set_destructor(state, reply_sesssetup_and_X_state_destructor);
+
if (req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES) {
signing_allowed = true;
}
* It finds out when it needs to turn into a noop
* itself.
*/
- srv_set_signing_negotiated(req->sconn,
+ srv_set_signing_negotiated(xconn,
signing_allowed,
signing_mandatory);
if (req->wct == 12 &&
(req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
- if (!sconn->smb1.negprot.spnego) {
+ if (!xconn->smb1.negprot.spnego) {
DEBUG(0,("reply_sesssetup_and_X: Rejecting attempt "
"at SPNEGO session setup when it was not "
"negotiated.\n"));
smb_bufsize = SVAL(req->vwv+2, 0);
if (get_Protocol() < PROTOCOL_NT1) {
- uint16 passlen1 = SVAL(req->vwv+7, 0);
+ uint16_t passlen1 = SVAL(req->vwv+7, 0);
/* Never do NT status codes with protocols before NT1 as we
* don't get client caps. */
}
if (doencrypt) {
- lm_resp = data_blob(req->buf, passlen1);
+ state->lm_resp = data_blob_talloc(state,
+ req->buf,
+ passlen1);
} else {
- plaintext_password = data_blob(req->buf, passlen1+1);
+ state->plaintext_password = data_blob_talloc(state,
+ req->buf,
+ passlen1+1);
/* Ensure null termination */
- plaintext_password.data[passlen1] = 0;
+ state->plaintext_password.data[passlen1] = 0;
}
- srvstr_pull_req_talloc(talloc_tos(), req, &tmp,
+ srvstr_pull_req_talloc(state, req, &tmp,
req->buf + passlen1, STR_TERMINATE);
- user = tmp ? tmp : "";
+ state->user = tmp ? tmp : "";
- domain = "";
+ state->domain = "";
} else {
- uint16 passlen1 = SVAL(req->vwv+7, 0);
- uint16 passlen2 = SVAL(req->vwv+8, 0);
+ uint16_t passlen1 = SVAL(req->vwv+7, 0);
+ uint16_t passlen2 = SVAL(req->vwv+8, 0);
enum remote_arch_types ra_type = get_remote_arch();
const uint8_t *p = req->buf;
const uint8_t *save_p = req->buf;
- uint16 byte_count;
+ uint16_t byte_count;
-
- if(global_client_caps == 0) {
+ if (!xconn->smb1.sessions.done_sesssetup) {
global_client_caps = IVAL(req->vwv+11, 0);
if (!(global_client_caps & CAP_STATUS32)) {
}
if (doencrypt) {
- lm_resp = data_blob(p, passlen1);
- nt_resp = data_blob(p+passlen1, passlen2);
- } else if (lp_security() != SEC_SHARE) {
- /*
- * In share level we should ignore any passwords, so
- * only read them if we're not.
- */
+ state->lm_resp = data_blob_talloc(state, p, passlen1);
+ state->nt_resp = data_blob_talloc(state, p+passlen1, passlen2);
+ } else {
char *pass = NULL;
bool unic= smb_flag2 & FLAGS2_UNICODE_STRINGS;
if (unic && (passlen2 == 0) && passlen1) {
/* Only a ascii plaintext password was sent. */
- (void)srvstr_pull_talloc(talloc_tos(),
+ (void)srvstr_pull_talloc(state,
req->inbuf,
req->flags2,
&pass,
passlen1,
STR_TERMINATE|STR_ASCII);
} else {
- (void)srvstr_pull_talloc(talloc_tos(),
+ (void)srvstr_pull_talloc(state,
req->inbuf,
req->flags2,
&pass,
END_PROFILE(SMBsesssetupX);
return;
}
- plaintext_password = data_blob(pass, strlen(pass)+1);
+ state->plaintext_password = data_blob_talloc(state,
+ pass,
+ strlen(pass)+1);
}
p += passlen1 + passlen2;
- p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
+ p += srvstr_pull_req_talloc(state, req, &tmp, p,
STR_TERMINATE);
- user = tmp ? tmp : "";
+ state->user = tmp ? tmp : "";
- p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
+ p += srvstr_pull_req_talloc(state, req, &tmp, p,
STR_TERMINATE);
- domain = tmp ? tmp : "";
+ state->domain = tmp ? tmp : "";
p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
DEBUG(3,("Domain=[%s] NativeOS=[%s] NativeLanMan=[%s] "
"PrimaryDomain=[%s]\n",
- domain, native_os, native_lanman, primary_domain));
+ state->domain, native_os, native_lanman, primary_domain));
if ( ra_type == RA_WIN2K ) {
if ( strlen(native_lanman) == 0 )
}
DEBUG(3,("sesssetupX:name=[%s]\\[%s]@[%s]\n",
- domain, user, get_remote_machine_name()));
+ state->domain, state->user, get_remote_machine_name()));
- if (*user) {
- if (sconn->smb1.negprot.spnego) {
+ if (*state->user) {
+ if (xconn->smb1.negprot.spnego) {
/* This has to be here, because this is a perfectly
* valid behaviour for guest logons :-( */
END_PROFILE(SMBsesssetupX);
return;
}
- fstrcpy(sub_user, user);
+ fstrcpy(sub_user, state->user);
} else {
fstrcpy(sub_user, "");
}
reload_services(sconn, conn_snum_used, true);
- if (lp_security() == SEC_SHARE) {
- char *sub_user_mapped = NULL;
- /* In share level we should ignore any passwords */
-
- data_blob_free(&lm_resp);
- data_blob_free(&nt_resp);
- data_blob_clear_free(&plaintext_password);
+ if (!*state->user) {
+ DEBUG(3,("Got anonymous request\n"));
- (void)map_username(talloc_tos(), sub_user, &sub_user_mapped);
- if (!sub_user_mapped) {
- reply_nterror(req, NT_STATUS_NO_MEMORY);
- END_PROFILE(SMBsesssetupX);
- return;
- }
- fstrcpy(sub_user, sub_user_mapped);
- add_session_user(sconn, sub_user);
- add_session_workgroup(sconn, domain);
- /* Then force it to null for the benfit of the code below */
- user = "";
- }
+ nt_status = make_auth4_context(state, &state->auth_context);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ uint8_t chal[8];
- if (!*user) {
+ state->auth_context->get_ntlm_challenge(
+ state->auth_context, chal);
- nt_status = check_guest_password(sconn->remote_address, &server_info);
+ if (!make_user_info_guest(state,
+ sconn->remote_address,
+ sconn->local_address,
+ "SMB", &state->user_info)) {
+ nt_status = NT_STATUS_NO_MEMORY;
+ }
+ if (NT_STATUS_IS_OK(nt_status)) {
+ state->user_info->auth_description = "guest";
+ }
+ }
} else if (doencrypt) {
- struct auth_context *negprot_auth_context = NULL;
- negprot_auth_context = sconn->smb1.negprot.auth_context;
- if (!negprot_auth_context) {
+ state->auth_context = xconn->smb1.negprot.auth_context;
+ if (state->auth_context == NULL) {
DEBUG(0, ("reply_sesssetup_and_X: Attempted encrypted "
"session setup without negprot denied!\n"));
reply_nterror(req, nt_status_squash(
END_PROFILE(SMBsesssetupX);
return;
}
- nt_status = make_user_info_for_reply_enc(&user_info, user,
- domain,
- sconn->remote_address,
- lm_resp, nt_resp);
+ nt_status = make_user_info_for_reply_enc(state,
+ &state->user_info,
+ state->user,
+ state->domain,
+ sconn->remote_address,
+ sconn->local_address,
+ "SMB",
+ state->lm_resp,
+ state->nt_resp);
+
if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = negprot_auth_context->check_ntlm_password(
- negprot_auth_context,
- user_info,
- &server_info);
+ state->user_info->auth_description = "bare-NTLM";
}
} else {
- struct auth_context *plaintext_auth_context = NULL;
-
- nt_status = make_auth_context_subsystem(
- talloc_tos(), &plaintext_auth_context);
-
+ nt_status = make_auth4_context(state, &state->auth_context);
if (NT_STATUS_IS_OK(nt_status)) {
uint8_t chal[8];
- plaintext_auth_context->get_ntlm_challenge(
- plaintext_auth_context, chal);
+ state->auth_context->get_ntlm_challenge(
+ state->auth_context, chal);
- if (!make_user_info_for_reply(&user_info,
- user, domain,
+ if (!make_user_info_for_reply(state,
+ &state->user_info,
+ state->user,
+ state->domain,
sconn->remote_address,
+ sconn->local_address,
+ "SMB",
chal,
- plaintext_password)) {
+ state->plaintext_password)) {
nt_status = NT_STATUS_NO_MEMORY;
}
if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = plaintext_auth_context->check_ntlm_password(
- plaintext_auth_context,
- user_info,
- &server_info);
-
- TALLOC_FREE(plaintext_auth_context);
+ state->user_info->auth_description = "plaintext";
}
}
}
- free_user_info(&user_info);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- nt_status = do_map_to_guest_server_info(nt_status, &server_info,
- user, domain);
- }
-
if (!NT_STATUS_IS_OK(nt_status)) {
- data_blob_free(&nt_resp);
- data_blob_free(&lm_resp);
- data_blob_clear_free(&plaintext_password);
reply_nterror(req, nt_status_squash(nt_status));
END_PROFILE(SMBsesssetupX);
return;
}
- nt_status = create_local_token(req, server_info, NULL, sub_user, &session_info);
- TALLOC_FREE(server_info);
-
+ nt_status = auth_check_password_session_info(state->auth_context,
+ req, state->user_info,
+ &session_info);
+ TALLOC_FREE(state->user_info);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(10, ("create_local_token failed: %s\n",
- nt_errstr(nt_status)));
- data_blob_free(&nt_resp);
- data_blob_free(&lm_resp);
- data_blob_clear_free(&plaintext_password);
reply_nterror(req, nt_status_squash(nt_status));
END_PROFILE(SMBsesssetupX);
return;
}
- data_blob_clear_free(&plaintext_password);
-
/* it's ok - setup a reply */
reply_outbuf(req, 3, 0);
+ SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
+ SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
+
if (get_Protocol() >= PROTOCOL_NT1) {
push_signature(&req->outbuf);
/* perhaps grab OS version here?? */
}
- if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
- SSVAL(req->outbuf,smb_vwv2,1);
+ if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
+ action |= SMB_SETUP_GUEST;
}
/* register the name and uid as being validated, so further connections
to a uid can get through without a password, on the same VC */
- if (lp_security() == SEC_SHARE) {
- sess_vuid = UID_FIELD_INVALID;
- TALLOC_FREE(session_info);
- } else {
- /* Ignore the initial vuid. */
- sess_vuid = register_initial_vuid(sconn);
- if (sess_vuid == UID_FIELD_INVALID) {
- data_blob_free(&nt_resp);
- data_blob_free(&lm_resp);
- reply_nterror(req, nt_status_squash(
- NT_STATUS_LOGON_FAILURE));
+ nt_status = smbXsrv_session_create(xconn,
+ now, &session);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ reply_nterror(req, nt_status_squash(nt_status));
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
+
+ if (session_info->session_key.length > 0) {
+ uint8_t session_key[16];
+
+ /*
+ * Note: the SMB1 signing key is not truncated to 16 byte!
+ */
+ session->global->signing_key =
+ data_blob_dup_talloc(session->global,
+ session_info->session_key);
+ if (session->global->signing_key.data == NULL) {
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBsesssetupX);
return;
}
- /* register_existing_vuid keeps the session_info */
- sess_vuid = register_existing_vuid(sconn, sess_vuid,
- session_info,
- nt_resp.data ? nt_resp : lm_resp);
- if (sess_vuid == UID_FIELD_INVALID) {
- data_blob_free(&nt_resp);
- data_blob_free(&lm_resp);
- reply_nterror(req, nt_status_squash(
- NT_STATUS_LOGON_FAILURE));
+
+ /*
+ * The application key is truncated/padded to 16 bytes
+ */
+ ZERO_STRUCT(session_key);
+ memcpy(session_key, session->global->signing_key.data,
+ MIN(session->global->signing_key.length,
+ sizeof(session_key)));
+ session->global->application_key =
+ data_blob_talloc(session->global,
+ session_key,
+ sizeof(session_key));
+ ZERO_STRUCT(session_key);
+ if (session->global->application_key.data == NULL) {
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBsesssetupX);
return;
}
- /* current_user_info is changed on new vuid */
- reload_services(sconn, conn_snum_used, true);
+ /*
+ * Place the application key into the session_info
+ */
+ data_blob_clear_free(&session_info->session_key);
+ session_info->session_key = data_blob_dup_talloc(session_info,
+ session->global->application_key);
+ if (session_info->session_key.data == NULL) {
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
}
- data_blob_free(&nt_resp);
- data_blob_free(&lm_resp);
+ session->compat = talloc_zero(session, struct user_struct);
+ if (session->compat == NULL) {
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
+ session->compat->session = session;
+ session->compat->homes_snum = -1;
+ session->compat->session_info = session_info;
+ session->compat->session_keystr = NULL;
+ session->compat->vuid = session->global->session_wire_id;
+ DLIST_ADD(sconn->users, session->compat);
+ sconn->num_users++;
+
+ if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+ is_authenticated = true;
+ session->compat->homes_snum =
+ register_homes_share(session_info->unix_info->unix_name);
+ }
+ if (srv_is_signing_negotiated(xconn) &&
+ is_authenticated &&
+ session->global->signing_key.length > 0)
+ {
+ /*
+ * Try and turn on server signing on the first non-guest
+ * sessionsetup.
+ */
+ srv_set_signing(xconn,
+ session->global->signing_key,
+ state->nt_resp.data ? state->nt_resp : state->lm_resp);
+ }
+
+ set_current_user_info(session_info->unix_info->sanitized_username,
+ session_info->unix_info->unix_name,
+ session_info->info->domain_name);
+
+ session->status = NT_STATUS_OK;
+ session->global->auth_session_info = talloc_move(session->global,
+ &session_info);
+ session->global->auth_session_info_seqnum += 1;
+ session->global->channels[0].auth_session_info_seqnum =
+ session->global->auth_session_info_seqnum;
+ session->global->auth_time = now;
+ session->global->expiration_time = GENSEC_EXPIRE_TIME_INFINITY;
+
+ nt_status = smbXsrv_session_update(session);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("smb1: Failed to update session for vuid=%llu - %s\n",
+ (unsigned long long)session->compat->vuid,
+ nt_errstr(nt_status)));
+ TALLOC_FREE(session);
+ reply_nterror(req, nt_status_squash(nt_status));
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
+
+ if (!session_claim(session)) {
+ DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n",
+ (unsigned long long)session->compat->vuid));
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_LOGON_FAILURE);
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
+
+ /* current_user_info is changed on new vuid */
+ reload_services(sconn, conn_snum_used, true);
+
+ sess_vuid = session->global->session_wire_id;
+
+ SSVAL(req->outbuf,smb_vwv2,action);
SSVAL(req->outbuf,smb_uid,sess_vuid);
SSVAL(discard_const_p(char, req->inbuf),smb_uid,sess_vuid);
req->vuid = sess_vuid;
- if (!sconn->smb1.sessions.done_sesssetup) {
- sconn->smb1.sessions.max_send =
- MIN(sconn->smb1.sessions.max_send,smb_bufsize);
+ if (!xconn->smb1.sessions.done_sesssetup) {
+ if (smb_bufsize < SMB_BUFFER_SIZE_MIN) {
+ reply_force_doserror(req, ERRSRV, ERRerror);
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
+ xconn->smb1.sessions.max_send = smb_bufsize;
+ xconn->smb1.sessions.done_sesssetup = true;
}
- sconn->smb1.sessions.done_sesssetup = true;
+ TALLOC_FREE(state);
END_PROFILE(SMBsesssetupX);
- chain_reply(req);
- return;
}