2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
27 #include "smbprofile.h"
28 #include "auth/gensec/gensec.h"
29 #include "../libcli/smb/smb_signing.h"
31 extern fstring remote_proto;
33 static void get_challenge(struct smbXsrv_connection *xconn, uint8_t buff[8])
37 /* We might be called more than once, multiple negprots are
39 if (xconn->smb1.negprot.auth_context) {
40 DEBUG(3, ("get challenge: is this a secondary negprot? "
41 "sconn->negprot.auth_context is non-NULL!\n"));
42 TALLOC_FREE(xconn->smb1.negprot.auth_context);
45 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
46 nt_status = make_auth4_context(
47 xconn, &xconn->smb1.negprot.auth_context);
48 if (!NT_STATUS_IS_OK(nt_status)) {
49 DEBUG(0, ("make_auth_context_subsystem returned %s",
50 nt_errstr(nt_status)));
51 smb_panic("cannot make_negprot_global_auth_context!");
53 DEBUG(10, ("get challenge: getting challenge\n"));
54 xconn->smb1.negprot.auth_context->get_ntlm_challenge(
55 xconn->smb1.negprot.auth_context, buff);
58 /****************************************************************************
59 Reply for the lanman 1.0 protocol.
60 ****************************************************************************/
62 static void reply_lanman1(struct smb_request *req, uint16_t choice)
65 time_t t = time(NULL);
66 struct smbXsrv_connection *xconn = req->xconn;
68 if (lp_async_smb_echo_handler()) {
71 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
74 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
76 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
77 if (xconn->smb1.negprot.encrypted_passwords) {
78 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
81 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
83 SSVAL(req->outbuf,smb_vwv0,choice);
84 SSVAL(req->outbuf,smb_vwv1,secword);
85 /* Create a token value and add it to the outgoing packet. */
86 if (xconn->smb1.negprot.encrypted_passwords) {
87 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
88 SSVAL(req->outbuf,smb_vwv11, 8);
91 smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
93 /* Reply, SMBlockread, SMBwritelock supported. */
94 SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
95 SSVAL(req->outbuf,smb_vwv2, xconn->smb1.negprot.max_recv);
96 SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
97 SSVAL(req->outbuf,smb_vwv4, 1);
98 SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
99 readbraw writebraw (possibly) */
100 SIVAL(req->outbuf,smb_vwv6, getpid());
101 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
103 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
108 /****************************************************************************
109 Reply for the lanman 2.0 protocol.
110 ****************************************************************************/
112 static void reply_lanman2(struct smb_request *req, uint16_t choice)
115 time_t t = time(NULL);
116 struct smbXsrv_connection *xconn = req->xconn;
118 if (lp_async_smb_echo_handler()) {
121 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
124 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
126 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
127 if (xconn->smb1.negprot.encrypted_passwords) {
128 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
131 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
133 SSVAL(req->outbuf,smb_vwv0, choice);
134 SSVAL(req->outbuf,smb_vwv1, secword);
135 SIVAL(req->outbuf,smb_vwv6, getpid());
137 /* Create a token value and add it to the outgoing packet. */
138 if (xconn->smb1.negprot.encrypted_passwords) {
139 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
140 SSVAL(req->outbuf,smb_vwv11, 8);
143 smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
145 /* Reply, SMBlockread, SMBwritelock supported. */
146 SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
147 SSVAL(req->outbuf,smb_vwv2,xconn->smb1.negprot.max_recv);
148 SSVAL(req->outbuf,smb_vwv3,lp_max_mux());
149 SSVAL(req->outbuf,smb_vwv4,1);
150 SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
151 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
152 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
155 /****************************************************************************
156 Generate the spnego negprot reply blob. Return the number of bytes used.
157 ****************************************************************************/
159 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbXsrv_connection *xconn)
161 DATA_BLOB blob = data_blob_null;
162 DATA_BLOB blob_out = data_blob_null;
169 struct gensec_security *gensec_security;
171 /* See if we can get an SPNEGO blob */
172 status = auth_generic_prepare(talloc_tos(),
173 xconn->remote_address,
178 * There is no need to set a remote address or similar as we
179 * are just interested in the SPNEGO blob, we never keep this
183 if (NT_STATUS_IS_OK(status)) {
184 status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
185 if (NT_STATUS_IS_OK(status)) {
186 status = gensec_update(gensec_security, ctx,
187 data_blob_null, &blob);
188 /* If we get the list of OIDs, the 'OK' answer
189 * is NT_STATUS_MORE_PROCESSING_REQUIRED */
190 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
191 DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
192 blob = data_blob_null;
195 TALLOC_FREE(gensec_security);
198 xconn->smb1.negprot.spnego = true;
200 /* strangely enough, NT does not sent the single OID NTLMSSP when
201 not a ADS member, it sends no OIDs at all
203 OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
204 about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
206 Our sessionsetup code now handles raw NTLMSSP connects, so we can go
207 back to doing what W2K3 does here. This is needed to make PocketPC 2003
208 CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
213 if (blob.length == 0 || blob.data == NULL) {
214 return data_blob_null;
217 blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
218 if (blob_out.data == NULL) {
219 data_blob_free(&blob);
220 return data_blob_null;
223 memset(blob_out.data, '\0', 16);
225 checked_strlcpy(unix_name, lp_netbios_name(), sizeof(unix_name));
226 (void)strlower_m(unix_name);
227 push_ascii_nstring(dos_name, unix_name);
228 strlcpy((char *)blob_out.data, dos_name, 17);
231 /* Fix valgrind 'uninitialized bytes' issue. */
232 slen = strlen(dos_name);
234 memset(blob_out.data+slen, '\0', 16 - slen);
238 memcpy(&blob_out.data[16], blob.data, blob.length);
240 data_blob_free(&blob);
245 /****************************************************************************
246 Reply for the nt protocol.
247 ****************************************************************************/
249 static void reply_nt1(struct smb_request *req, uint16_t choice)
251 /* dual names + lock_and_read + nt SMBs + remote API calls */
252 int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
253 CAP_LEVEL_II_OPLOCKS;
256 bool negotiate_spnego = False;
259 struct smbXsrv_connection *xconn = req->xconn;
260 bool signing_desired = false;
261 bool signing_required = false;
263 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
265 /* Check the flags field to see if this is Vista.
266 WinXP sets it and Vista does not. But we have to
267 distinguish from NT which doesn't set it either. */
269 if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
270 ((req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) == 0) )
272 if ((get_remote_arch() != RA_SAMBA) &&
273 (get_remote_arch() != RA_CIFSFS)) {
274 set_remote_arch( RA_VISTA );
278 reply_outbuf(req,17,0);
280 /* do spnego in user level security if the client
281 supports it and we can do encrypted passwords */
283 if (xconn->smb1.negprot.encrypted_passwords &&
285 (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
286 negotiate_spnego = True;
287 capabilities |= CAP_EXTENDED_SECURITY;
288 add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
289 /* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
290 (already partially constructed. */
291 SSVAL(req->outbuf, smb_flg2,
292 req->flags2 | FLAGS2_EXTENDED_SECURITY);
295 capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS;
298 capabilities |= CAP_UNICODE;
301 if (lp_unix_extensions()) {
302 capabilities |= CAP_UNIX;
305 if (lp_large_readwrite())
306 capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
308 capabilities |= CAP_LARGE_FILES;
310 if (!lp_async_smb_echo_handler() && lp_read_raw() && lp_write_raw())
311 capabilities |= CAP_RAW_MODE;
313 if (lp_nt_status_support())
314 capabilities |= CAP_STATUS32;
317 capabilities |= CAP_DFS;
319 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
320 if (xconn->smb1.negprot.encrypted_passwords) {
321 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
324 signing_desired = smb_signing_is_desired(xconn->smb1.signing_state);
325 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
327 if (signing_desired) {
328 secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
329 /* No raw mode with smb signing. */
330 capabilities &= ~CAP_RAW_MODE;
331 if (signing_required) {
332 secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
336 SSVAL(req->outbuf,smb_vwv0,choice);
337 SCVAL(req->outbuf,smb_vwv1,secword);
339 smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
341 SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
342 SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
343 SIVAL(req->outbuf,smb_vwv3+1,
344 xconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
345 SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
346 SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
347 SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
348 clock_gettime(CLOCK_REALTIME,&ts);
349 put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
350 SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
352 if (!negotiate_spnego) {
353 /* Create a token value and add it to the outgoing packet. */
354 if (xconn->smb1.negprot.encrypted_passwords) {
356 /* note that we do not send a challenge at all if
357 we are using plaintext */
358 get_challenge(xconn, chal);
359 ret = message_push_blob(
360 &req->outbuf, data_blob_const(chal, sizeof(chal)));
362 DEBUG(0, ("Could not push challenge\n"));
363 reply_nterror(req, NT_STATUS_NO_MEMORY);
366 SCVAL(req->outbuf, smb_vwv16+1, ret);
368 ret = message_push_string(&req->outbuf, lp_workgroup(),
369 STR_UNICODE|STR_TERMINATE
372 DEBUG(0, ("Could not push workgroup string\n"));
373 reply_nterror(req, NT_STATUS_NO_MEMORY);
376 ret = message_push_string(&req->outbuf, lp_netbios_name(),
377 STR_UNICODE|STR_TERMINATE
380 DEBUG(0, ("Could not push netbios name string\n"));
381 reply_nterror(req, NT_STATUS_NO_MEMORY);
384 DEBUG(3,("not using SPNEGO\n"));
386 DATA_BLOB spnego_blob = negprot_spnego(req, xconn);
388 if (spnego_blob.data == NULL) {
389 reply_nterror(req, NT_STATUS_NO_MEMORY);
393 ret = message_push_blob(&req->outbuf, spnego_blob);
395 DEBUG(0, ("Could not push spnego blob\n"));
396 reply_nterror(req, NT_STATUS_NO_MEMORY);
399 data_blob_free(&spnego_blob);
401 SCVAL(req->outbuf,smb_vwv16+1, 0);
402 DEBUG(3,("using SPNEGO\n"));
408 /* these are the protocol lists used for auto architecture detection:
411 protocol [PC NETWORK PROGRAM 1.0]
412 protocol [XENIX CORE]
413 protocol [MICROSOFT NETWORKS 1.03]
415 protocol [Windows for Workgroups 3.1a]
418 protocol [NT LM 0.12]
421 protocol [PC NETWORK PROGRAM 1.0]
422 protocol [XENIX CORE]
423 protocol [MICROSOFT NETWORKS 1.03]
425 protocol [Windows for Workgroups 3.1a]
428 protocol [NT LM 0.12]
431 protocol [PC NETWORK PROGRAM 1.0]
433 protocol [Windows for Workgroups 3.1a]
436 protocol [NT LM 0.12]
439 protocol [PC NETWORK PROGRAM 1.0]
441 protocol [Windows for Workgroups 3.1a]
444 protocol [NT LM 0.12]
448 protocol [PC NETWORK PROGRAM 1.0]
449 protocol [XENIX CORE]
455 protocol [NT LM 0.12]
461 * Modified to recognize the architecture of the remote machine better.
463 * This appears to be the matrix of which protocol is used by which
465 Protocol WfWg Win95 WinNT Win2K OS/2 Vista OSX
466 PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
468 MICROSOFT NETWORKS 3.0 2 2
470 MICROSOFT NETWORKS 1.03 3
473 Windows for Workgroups 3.1a 5 5 5 3 3
476 NT LM 0.12 6 8 6 6 6 1
481 * tim@fsg.com 09/29/95
482 * Win2K added by matty 17/7/99
485 #define PROT_PC_NETWORK_PROGRAM_1_0 0x0001
486 #define PROT_XENIX_CORE 0x0002
487 #define PROT_MICROSOFT_NETWORKS_3_0 0x0004
488 #define PROT_DOS_LM1_2X002 0x0008
489 #define PROT_MICROSOFT_NETWORKS_1_03 0x0010
490 #define PROT_DOS_LANMAN2_1 0x0020
491 #define PROT_LANMAN1_0 0x0040
492 #define PROT_WFWG 0x0080
493 #define PROT_LM1_2X002 0x0100
494 #define PROT_LANMAN2_1 0x0200
495 #define PROT_NT_LM_0_12 0x0400
496 #define PROT_SMB_2_001 0x0800
497 #define PROT_SMB_2_002 0x1000
498 #define PROT_SMB_2_FF 0x2000
499 #define PROT_SAMBA 0x4000
500 #define PROT_POSIX_2 0x8000
502 #define ARCH_WFWG ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_MICROSOFT_NETWORKS_3_0 | \
503 PROT_DOS_LM1_2X002 | PROT_DOS_LANMAN2_1 | PROT_WFWG )
504 #define ARCH_WIN95 ( ARCH_WFWG | PROT_NT_LM_0_12 )
505 #define ARCH_WINNT ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_XENIX_CORE | \
506 PROT_MICROSOFT_NETWORKS_1_03 | PROT_LANMAN1_0 | PROT_WFWG | \
507 PROT_LM1_2X002 | PROT_LANMAN2_1 | PROT_NT_LM_0_12 )
508 #define ARCH_WIN2K ( ARCH_WINNT & ~(PROT_XENIX_CORE | PROT_MICROSOFT_NETWORKS_1_03) )
509 #define ARCH_OS2 ( ARCH_WINNT & ~(PROT_MICROSOFT_NETWORKS_1_03 | PROT_WFWG) )
510 #define ARCH_VISTA ( ARCH_WIN2K | PROT_SMB_2_001 )
511 #define ARCH_SAMBA ( PROT_SAMBA )
512 #define ARCH_CIFSFS ( PROT_POSIX_2 )
513 #define ARCH_OSX ( PROT_NT_LM_0_12 | PROT_SMB_2_002 | PROT_SMB_2_FF )
515 /* List of supported protocols, most desired first */
516 static const struct {
517 const char *proto_name;
518 const char *short_name;
519 void (*proto_reply_fn)(struct smb_request *req, uint16_t choice);
521 } supported_protocols[] = {
522 {"SMB 2.???", "SMB2_FF", reply_smb20ff, PROTOCOL_SMB2_10},
523 {"SMB 2.002", "SMB2_02", reply_smb2002, PROTOCOL_SMB2_02},
524 {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
525 {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
526 {"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
527 {"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
528 {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
529 {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
530 {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
531 {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
532 {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
536 /****************************************************************************
538 conn POINTER CAN BE NULL HERE !
539 ****************************************************************************/
541 void reply_negprot(struct smb_request *req)
544 int chosen_level = -1;
551 size_t converted_size;
552 struct smbXsrv_connection *xconn = req->xconn;
553 struct smbd_server_connection *sconn = req->sconn;
554 bool signing_required = true;
558 START_PROFILE(SMBnegprot);
560 if (xconn->smb1.negprot.done) {
561 END_PROFILE(SMBnegprot);
562 exit_server_cleanly("multiple negprot's are not permitted");
564 xconn->smb1.negprot.done = true;
566 if (req->buflen == 0) {
567 DEBUG(0, ("negprot got no protocols\n"));
568 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
569 END_PROFILE(SMBnegprot);
573 if (req->buf[req->buflen-1] != '\0') {
574 DEBUG(0, ("negprot protocols not 0-terminated\n"));
575 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
576 END_PROFILE(SMBnegprot);
580 p = (const char *)req->buf + 1;
585 while (smbreq_bufrem(req, p) > 0) {
589 tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
592 DEBUG(0, ("talloc failed\n"));
593 TALLOC_FREE(cliprotos);
594 reply_nterror(req, NT_STATUS_NO_MEMORY);
595 END_PROFILE(SMBnegprot);
601 if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
603 DEBUG(0, ("pull_ascii_talloc failed\n"));
604 TALLOC_FREE(cliprotos);
605 reply_nterror(req, NT_STATUS_NO_MEMORY);
606 END_PROFILE(SMBnegprot);
610 DEBUG(3, ("Requested protocol [%s]\n",
611 cliprotos[num_cliprotos]));
617 for (i=0; i<num_cliprotos; i++) {
618 if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a")) {
619 protocols |= PROT_WFWG;
620 } else if (strcsequal(cliprotos[i], "DOS LM1.2X002")) {
621 protocols |= PROT_DOS_LM1_2X002;
622 } else if (strcsequal(cliprotos[i], "DOS LANMAN2.1")) {
623 protocols |= PROT_DOS_LANMAN2_1;
624 } else if (strcsequal(cliprotos[i], "LANMAN1.0")) {
625 protocols |= PROT_LANMAN1_0;
626 } else if (strcsequal(cliprotos[i], "NT LM 0.12")) {
627 protocols |= PROT_NT_LM_0_12;
628 } else if (strcsequal(cliprotos[i], "SMB 2.001")) {
629 protocols |= PROT_SMB_2_001;
630 } else if (strcsequal(cliprotos[i], "SMB 2.002")) {
631 protocols |= PROT_SMB_2_002;
632 } else if (strcsequal(cliprotos[i], "SMB 2.???")) {
633 protocols |= PROT_SMB_2_FF;
634 } else if (strcsequal(cliprotos[i], "LANMAN2.1")) {
635 protocols |= PROT_LANMAN2_1;
636 } else if (strcsequal(cliprotos[i], "LM1.2X002")) {
637 protocols |= PROT_LM1_2X002;
638 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03")) {
639 protocols |= PROT_MICROSOFT_NETWORKS_1_03;
640 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 3.0")) {
641 protocols |= PROT_MICROSOFT_NETWORKS_3_0;
642 } else if (strcsequal(cliprotos[i], "PC NETWORK PROGRAM 1.0")) {
643 protocols |= PROT_PC_NETWORK_PROGRAM_1_0;
644 } else if (strcsequal(cliprotos[i], "XENIX CORE")) {
645 protocols |= PROT_XENIX_CORE;
646 } else if (strcsequal(cliprotos[i], "Samba")) {
647 protocols = PROT_SAMBA;
649 } else if (strcsequal(cliprotos[i], "POSIX 2")) {
650 protocols = PROT_POSIX_2;
655 switch ( protocols ) {
656 /* Old CIFSFS can send one arch only, NT LM 0.12. */
657 case PROT_NT_LM_0_12:
659 set_remote_arch(RA_CIFSFS);
662 set_remote_arch(RA_SAMBA);
665 set_remote_arch(RA_WFWG);
668 set_remote_arch(RA_WIN95);
671 set_remote_arch(RA_WINNT);
674 set_remote_arch(RA_WIN2K);
677 set_remote_arch(RA_VISTA);
680 set_remote_arch(RA_OS2);
683 set_remote_arch(RA_OSX);
686 set_remote_arch(RA_UNKNOWN);
690 /* possibly reload - change of architecture */
691 reload_services(sconn, conn_snum_used, true);
693 /* moved from the netbios session setup code since we don't have that
694 when the client connects to port 445. Of course there is a small
695 window where we are listening to messages -- jerry */
697 serverid_register(messaging_server_id(sconn->msg_ctx),
698 FLAG_MSG_GENERAL|FLAG_MSG_SMBD
699 |FLAG_MSG_PRINT_GENERAL);
702 * Anything higher than PROTOCOL_SMB2_10 still
703 * needs to go via "SMB 2.???", which is marked
704 * as PROTOCOL_SMB2_10.
706 * The real negotiation happens via reply_smb20ff()
707 * using SMB2 Negotiation.
709 max_proto = lp_server_max_protocol();
710 if (max_proto > PROTOCOL_SMB2_10) {
711 max_proto = PROTOCOL_SMB2_10;
713 min_proto = lp_server_min_protocol();
714 if (min_proto > PROTOCOL_SMB2_10) {
715 min_proto = PROTOCOL_SMB2_10;
718 /* Check for protocols, most desirable first */
719 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
721 if ((supported_protocols[protocol].protocol_level <= max_proto) &&
722 (supported_protocols[protocol].protocol_level >= min_proto))
723 while (i < num_cliprotos) {
724 if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
726 chosen_level = supported_protocols[protocol].protocol_level;
737 DBG_NOTICE("No protocol supported !\n");
738 reply_outbuf(req, 1, 0);
739 SSVAL(req->outbuf, smb_vwv0, choice);
741 ok = srv_send_smb(xconn, (char *)req->outbuf,
742 false, 0, false, NULL);
744 DBG_NOTICE("srv_send_smb failed\n");
746 exit_server_cleanly("no protocol supported\n");
749 fstrcpy(remote_proto,supported_protocols[protocol].short_name);
750 reload_services(sconn, conn_snum_used, true);
751 supported_protocols[protocol].proto_reply_fn(req, choice);
752 DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
754 DEBUG( 5, ( "negprot index=%d\n", choice ) );
756 /* We always have xconn->smb1.signing_state also for >= SMB2_02 */
757 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
758 if (signing_required && (chosen_level < PROTOCOL_NT1)) {
759 exit_server_cleanly("SMB signing is required and "
760 "client negotiated a downlevel protocol");
763 TALLOC_FREE(cliprotos);
765 if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
766 !fork_echo_handler(xconn)) {
767 exit_server("Failed to fork echo handler");
770 END_PROFILE(SMBnegprot);