2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/auth/spnego.h"
28 #include "smbprofile.h"
29 #include "auth/gensec/gensec.h"
30 #include "../libcli/smb/smb_signing.h"
32 extern fstring remote_proto;
34 static void get_challenge(struct smbXsrv_connection *xconn, uint8 buff[8])
38 /* We might be called more than once, multiple negprots are
40 if (xconn->smb1.negprot.auth_context) {
41 DEBUG(3, ("get challenge: is this a secondary negprot? "
42 "sconn->negprot.auth_context is non-NULL!\n"));
43 TALLOC_FREE(xconn->smb1.negprot.auth_context);
46 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
47 nt_status = make_auth4_context(
48 xconn, &xconn->smb1.negprot.auth_context);
49 if (!NT_STATUS_IS_OK(nt_status)) {
50 DEBUG(0, ("make_auth_context_subsystem returned %s",
51 nt_errstr(nt_status)));
52 smb_panic("cannot make_negprot_global_auth_context!");
54 DEBUG(10, ("get challenge: getting challenge\n"));
55 xconn->smb1.negprot.auth_context->get_ntlm_challenge(
56 xconn->smb1.negprot.auth_context, buff);
59 /****************************************************************************
60 Reply for the lanman 1.0 protocol.
61 ****************************************************************************/
63 static void reply_lanman1(struct smb_request *req, uint16 choice)
66 time_t t = time(NULL);
67 struct smbXsrv_connection *xconn = req->xconn;
69 if (lp_async_smb_echo_handler()) {
72 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
75 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
77 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
78 if (xconn->smb1.negprot.encrypted_passwords) {
79 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
82 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
84 SSVAL(req->outbuf,smb_vwv0,choice);
85 SSVAL(req->outbuf,smb_vwv1,secword);
86 /* Create a token value and add it to the outgoing packet. */
87 if (xconn->smb1.negprot.encrypted_passwords) {
88 get_challenge(xconn, (uint8 *)smb_buf(req->outbuf));
89 SSVAL(req->outbuf,smb_vwv11, 8);
92 smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
94 /* Reply, SMBlockread, SMBwritelock supported. */
95 SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
96 SSVAL(req->outbuf,smb_vwv2, xconn->smb1.negprot.max_recv);
97 SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
98 SSVAL(req->outbuf,smb_vwv4, 1);
99 SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
100 readbraw writebraw (possibly) */
101 SIVAL(req->outbuf,smb_vwv6, getpid());
102 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
104 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
109 /****************************************************************************
110 Reply for the lanman 2.0 protocol.
111 ****************************************************************************/
113 static void reply_lanman2(struct smb_request *req, uint16 choice)
116 time_t t = time(NULL);
117 struct smbXsrv_connection *xconn = req->xconn;
119 if (lp_async_smb_echo_handler()) {
122 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
125 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
127 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
128 if (xconn->smb1.negprot.encrypted_passwords) {
129 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
132 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
134 SSVAL(req->outbuf,smb_vwv0, choice);
135 SSVAL(req->outbuf,smb_vwv1, secword);
136 SIVAL(req->outbuf,smb_vwv6, getpid());
138 /* Create a token value and add it to the outgoing packet. */
139 if (xconn->smb1.negprot.encrypted_passwords) {
140 get_challenge(xconn, (uint8 *)smb_buf(req->outbuf));
141 SSVAL(req->outbuf,smb_vwv11, 8);
144 smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
146 /* Reply, SMBlockread, SMBwritelock supported. */
147 SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
148 SSVAL(req->outbuf,smb_vwv2,xconn->smb1.negprot.max_recv);
149 SSVAL(req->outbuf,smb_vwv3,lp_max_mux());
150 SSVAL(req->outbuf,smb_vwv4,1);
151 SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
152 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
153 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
156 /****************************************************************************
157 Generate the spnego negprot reply blob. Return the number of bytes used.
158 ****************************************************************************/
160 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbXsrv_connection *xconn)
162 DATA_BLOB blob = data_blob_null;
163 DATA_BLOB blob_out = data_blob_null;
170 struct gensec_security *gensec_security;
172 /* See if we can get an SPNEGO blob */
173 status = auth_generic_prepare(talloc_tos(),
174 xconn->remote_address,
176 if (NT_STATUS_IS_OK(status)) {
177 status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
178 if (NT_STATUS_IS_OK(status)) {
179 status = gensec_update(gensec_security, ctx,
180 data_blob_null, &blob);
181 /* If we get the list of OIDs, the 'OK' answer
182 * is NT_STATUS_MORE_PROCESSING_REQUIRED */
183 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
184 DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
185 blob = data_blob_null;
188 TALLOC_FREE(gensec_security);
191 xconn->smb1.negprot.spnego = true;
193 /* strangely enough, NT does not sent the single OID NTLMSSP when
194 not a ADS member, it sends no OIDs at all
196 OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
197 about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
199 Our sessionsetup code now handles raw NTLMSSP connects, so we can go
200 back to doing what W2K3 does here. This is needed to make PocketPC 2003
201 CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
206 if (blob.length == 0 || blob.data == NULL) {
207 return data_blob_null;
210 blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
211 if (blob_out.data == NULL) {
212 data_blob_free(&blob);
213 return data_blob_null;
216 memset(blob_out.data, '\0', 16);
218 checked_strlcpy(unix_name, lp_netbios_name(), sizeof(unix_name));
219 (void)strlower_m(unix_name);
220 push_ascii_nstring(dos_name, unix_name);
221 strlcpy((char *)blob_out.data, dos_name, 17);
224 /* Fix valgrind 'uninitialized bytes' issue. */
225 slen = strlen(dos_name);
227 memset(blob_out.data+slen, '\0', 16 - slen);
231 memcpy(&blob_out.data[16], blob.data, blob.length);
233 data_blob_free(&blob);
238 /****************************************************************************
239 Reply for the nt protocol.
240 ****************************************************************************/
242 static void reply_nt1(struct smb_request *req, uint16 choice)
244 /* dual names + lock_and_read + nt SMBs + remote API calls */
245 int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
246 CAP_LEVEL_II_OPLOCKS;
249 bool negotiate_spnego = False;
252 struct smbXsrv_connection *xconn = req->xconn;
253 bool signing_desired = false;
254 bool signing_required = false;
256 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
258 /* Check the flags field to see if this is Vista.
259 WinXP sets it and Vista does not. But we have to
260 distinguish from NT which doesn't set it either. */
262 if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
263 ((req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) == 0) )
265 if ((get_remote_arch() != RA_SAMBA) &&
266 (get_remote_arch() != RA_CIFSFS)) {
267 set_remote_arch( RA_VISTA );
271 reply_outbuf(req,17,0);
273 /* do spnego in user level security if the client
274 supports it and we can do encrypted passwords */
276 if (xconn->smb1.negprot.encrypted_passwords &&
278 (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
279 negotiate_spnego = True;
280 capabilities |= CAP_EXTENDED_SECURITY;
281 add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
282 /* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
283 (already partially constructed. */
284 SSVAL(req->outbuf, smb_flg2,
285 req->flags2 | FLAGS2_EXTENDED_SECURITY);
288 capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS;
291 capabilities |= CAP_UNICODE;
294 if (lp_unix_extensions()) {
295 capabilities |= CAP_UNIX;
298 if (lp_large_readwrite())
299 capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
301 capabilities |= CAP_LARGE_FILES;
303 if (!lp_async_smb_echo_handler() && lp_read_raw() && lp_write_raw())
304 capabilities |= CAP_RAW_MODE;
306 if (lp_nt_status_support())
307 capabilities |= CAP_STATUS32;
310 capabilities |= CAP_DFS;
312 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
313 if (xconn->smb1.negprot.encrypted_passwords) {
314 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
317 signing_desired = smb_signing_is_desired(xconn->smb1.signing_state);
318 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
320 if (signing_desired) {
321 secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
322 /* No raw mode with smb signing. */
323 capabilities &= ~CAP_RAW_MODE;
324 if (signing_required) {
325 secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
329 SSVAL(req->outbuf,smb_vwv0,choice);
330 SCVAL(req->outbuf,smb_vwv1,secword);
332 smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
334 SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
335 SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
336 SIVAL(req->outbuf,smb_vwv3+1,
337 xconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
338 SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
339 SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
340 SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
341 clock_gettime(CLOCK_REALTIME,&ts);
342 put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
343 SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
345 if (!negotiate_spnego) {
346 /* Create a token value and add it to the outgoing packet. */
347 if (xconn->smb1.negprot.encrypted_passwords) {
349 /* note that we do not send a challenge at all if
350 we are using plaintext */
351 get_challenge(xconn, chal);
352 ret = message_push_blob(
353 &req->outbuf, data_blob_const(chal, sizeof(chal)));
355 DEBUG(0, ("Could not push challenge\n"));
356 reply_nterror(req, NT_STATUS_NO_MEMORY);
359 SCVAL(req->outbuf, smb_vwv16+1, ret);
361 ret = message_push_string(&req->outbuf, lp_workgroup(),
362 STR_UNICODE|STR_TERMINATE
365 DEBUG(0, ("Could not push workgroup string\n"));
366 reply_nterror(req, NT_STATUS_NO_MEMORY);
369 ret = message_push_string(&req->outbuf, lp_netbios_name(),
370 STR_UNICODE|STR_TERMINATE
373 DEBUG(0, ("Could not push netbios name string\n"));
374 reply_nterror(req, NT_STATUS_NO_MEMORY);
377 DEBUG(3,("not using SPNEGO\n"));
379 DATA_BLOB spnego_blob = negprot_spnego(req, xconn);
381 if (spnego_blob.data == NULL) {
382 reply_nterror(req, NT_STATUS_NO_MEMORY);
386 ret = message_push_blob(&req->outbuf, spnego_blob);
388 DEBUG(0, ("Could not push spnego blob\n"));
389 reply_nterror(req, NT_STATUS_NO_MEMORY);
392 data_blob_free(&spnego_blob);
394 SCVAL(req->outbuf,smb_vwv16+1, 0);
395 DEBUG(3,("using SPNEGO\n"));
401 /* these are the protocol lists used for auto architecture detection:
404 protocol [PC NETWORK PROGRAM 1.0]
405 protocol [XENIX CORE]
406 protocol [MICROSOFT NETWORKS 1.03]
408 protocol [Windows for Workgroups 3.1a]
411 protocol [NT LM 0.12]
414 protocol [PC NETWORK PROGRAM 1.0]
415 protocol [XENIX CORE]
416 protocol [MICROSOFT NETWORKS 1.03]
418 protocol [Windows for Workgroups 3.1a]
421 protocol [NT LM 0.12]
424 protocol [PC NETWORK PROGRAM 1.0]
426 protocol [Windows for Workgroups 3.1a]
429 protocol [NT LM 0.12]
432 protocol [PC NETWORK PROGRAM 1.0]
434 protocol [Windows for Workgroups 3.1a]
437 protocol [NT LM 0.12]
441 protocol [PC NETWORK PROGRAM 1.0]
442 protocol [XENIX CORE]
449 * Modified to recognize the architecture of the remote machine better.
451 * This appears to be the matrix of which protocol is used by which
453 Protocol WfWg Win95 WinNT Win2K OS/2 Vista
454 PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
456 MICROSOFT NETWORKS 3.0 2 2
458 MICROSOFT NETWORKS 1.03 3
461 Windows for Workgroups 3.1a 5 5 5 3 3
467 * tim@fsg.com 09/29/95
468 * Win2K added by matty 17/7/99
471 #define ARCH_WFWG 0x3 /* This is a fudge because WfWg is like Win95 */
472 #define ARCH_WIN95 0x2
473 #define ARCH_WINNT 0x4
474 #define ARCH_WIN2K 0xC /* Win2K is like NT */
475 #define ARCH_OS2 0x14 /* Again OS/2 is like NT */
476 #define ARCH_SAMBA 0x20
477 #define ARCH_CIFSFS 0x40
478 #define ARCH_VISTA 0x8C /* Vista is like XP/2K */
480 #define ARCH_ALL 0x7F
482 /* List of supported protocols, most desired first */
483 static const struct {
484 const char *proto_name;
485 const char *short_name;
486 void (*proto_reply_fn)(struct smb_request *req, uint16 choice);
488 } supported_protocols[] = {
489 {"SMB 2.???", "SMB2_FF", reply_smb20ff, PROTOCOL_SMB2_10},
490 {"SMB 2.002", "SMB2_02", reply_smb2002, PROTOCOL_SMB2_02},
491 {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
492 {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
493 {"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
494 {"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
495 {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
496 {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
497 {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
498 {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
499 {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
503 /****************************************************************************
505 conn POINTER CAN BE NULL HERE !
506 ****************************************************************************/
508 void reply_negprot(struct smb_request *req)
511 int chosen_level = -1;
518 size_t converted_size;
519 struct smbXsrv_connection *xconn = req->xconn;
520 struct smbd_server_connection *sconn = req->sconn;
522 START_PROFILE(SMBnegprot);
524 if (xconn->smb1.negprot.done) {
525 END_PROFILE(SMBnegprot);
526 exit_server_cleanly("multiple negprot's are not permitted");
528 xconn->smb1.negprot.done = true;
530 if (req->buflen == 0) {
531 DEBUG(0, ("negprot got no protocols\n"));
532 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
533 END_PROFILE(SMBnegprot);
537 if (req->buf[req->buflen-1] != '\0') {
538 DEBUG(0, ("negprot protocols not 0-terminated\n"));
539 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
540 END_PROFILE(SMBnegprot);
544 p = (const char *)req->buf + 1;
549 while (smbreq_bufrem(req, p) > 0) {
553 tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
556 DEBUG(0, ("talloc failed\n"));
557 TALLOC_FREE(cliprotos);
558 reply_nterror(req, NT_STATUS_NO_MEMORY);
559 END_PROFILE(SMBnegprot);
565 if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
567 DEBUG(0, ("pull_ascii_talloc failed\n"));
568 TALLOC_FREE(cliprotos);
569 reply_nterror(req, NT_STATUS_NO_MEMORY);
570 END_PROFILE(SMBnegprot);
574 DEBUG(3, ("Requested protocol [%s]\n",
575 cliprotos[num_cliprotos]));
581 for (i=0; i<num_cliprotos; i++) {
582 if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a"))
583 arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT
585 else if (strcsequal(cliprotos[i], "DOS LM1.2X002"))
586 arch &= ( ARCH_WFWG | ARCH_WIN95 );
587 else if (strcsequal(cliprotos[i], "DOS LANMAN2.1"))
588 arch &= ( ARCH_WFWG | ARCH_WIN95 );
589 else if (strcsequal(cliprotos[i], "NT LM 0.12"))
590 arch &= ( ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K
592 else if (strcsequal(cliprotos[i], "SMB 2.001"))
594 else if (strcsequal(cliprotos[i], "LANMAN2.1"))
595 arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
596 else if (strcsequal(cliprotos[i], "LM1.2X002"))
597 arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
598 else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03"))
600 else if (strcsequal(cliprotos[i], "XENIX CORE"))
601 arch &= ( ARCH_WINNT | ARCH_OS2 );
602 else if (strcsequal(cliprotos[i], "Samba")) {
605 } else if (strcsequal(cliprotos[i], "POSIX 2")) {
611 /* CIFSFS can send one arch only, NT LM 0.12. */
612 if (i == 1 && (arch & ARCH_CIFSFS)) {
618 set_remote_arch(RA_CIFSFS);
621 set_remote_arch(RA_SAMBA);
624 set_remote_arch(RA_WFWG);
627 set_remote_arch(RA_WIN95);
630 if(req->flags2 == FLAGS2_WIN2K_SIGNATURE)
631 set_remote_arch(RA_WIN2K);
633 set_remote_arch(RA_WINNT);
636 /* Vista may have been set in the negprot so don't
638 if ( get_remote_arch() != RA_VISTA )
639 set_remote_arch(RA_WIN2K);
642 set_remote_arch(RA_VISTA);
645 set_remote_arch(RA_OS2);
648 set_remote_arch(RA_UNKNOWN);
652 /* possibly reload - change of architecture */
653 reload_services(sconn, conn_snum_used, true);
655 /* moved from the netbios session setup code since we don't have that
656 when the client connects to port 445. Of course there is a small
657 window where we are listening to messages -- jerry */
659 serverid_register(messaging_server_id(sconn->msg_ctx),
660 FLAG_MSG_GENERAL|FLAG_MSG_SMBD
661 |FLAG_MSG_PRINT_GENERAL);
663 /* Check for protocols, most desirable first */
664 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
666 if ((supported_protocols[protocol].protocol_level <= lp_server_max_protocol()) &&
667 (supported_protocols[protocol].protocol_level >= lp_server_min_protocol()))
668 while (i < num_cliprotos) {
669 if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
671 chosen_level = supported_protocols[protocol].protocol_level;
680 fstrcpy(remote_proto,supported_protocols[protocol].short_name);
681 reload_services(sconn, conn_snum_used, true);
682 supported_protocols[protocol].proto_reply_fn(req, choice);
683 DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
685 DEBUG(0,("No protocol supported !\n"));
686 reply_outbuf(req, 1, 0);
687 SSVAL(req->outbuf, smb_vwv0, choice);
690 DEBUG( 5, ( "negprot index=%d\n", choice ) );
692 if ((lp_server_signing() == SMB_SIGNING_REQUIRED)
693 && (chosen_level < PROTOCOL_NT1)) {
694 exit_server_cleanly("SMB signing is required and "
695 "client negotiated a downlevel protocol");
698 TALLOC_FREE(cliprotos);
700 if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
701 !fork_echo_handler(sconn)) {
702 exit_server("Failed to fork echo handler");
705 END_PROFILE(SMBnegprot);
git.samba.org / nivanova / samba-autobuild / .git / blob