source4/libcli/smb2/connect.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    SMB2 composite connection setup
   5
   6    Copyright (C) Andrew Tridgell 2005
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include <tevent.h>
  24 #include "lib/util/tevent_ntstatus.h"
  25 #include "libcli/raw/libcliraw.h"
  26 #include "libcli/raw/raw_proto.h"
  27 #include "libcli/smb2/smb2.h"
  28 #include "libcli/smb2/smb2_calls.h"
  29 #include "libcli/composite/composite.h"
  30 #include "libcli/resolve/resolve.h"
  31 #include "param/param.h"
  32 #include "auth/credentials/credentials.h"
  33 #include "../libcli/smb/smbXcli_base.h"
  34 #include "smb2_constants.h"
  35
  36 struct smb2_connect_state {
  37         struct tevent_context *ev;
  38         struct cli_credentials *credentials;
  39         bool fallback_to_anonymous;
  40         uint64_t previous_session_id;
  41         struct resolve_context *resolve_ctx;
  42         const char *host;
  43         const char *share;
  44         const char *unc;
  45         const char **ports;
  46         const char *socket_options;
  47         struct nbt_name calling, called;
  48         struct gensec_settings *gensec_settings;
  49         struct smbcli_options options;
  50         struct smb2_transport *transport;
  51         struct smb2_session *session;
  52         struct smb2_tree *tree;
  53 };
  54
  55 static void smb2_connect_session_start(struct tevent_req *req);
  56 static void smb2_connect_socket_done(struct composite_context *creq);
  57
  58 /*
  59   a composite function that does a full negprot/sesssetup/tcon, returning
  60   a connected smb2_tree
  61  */
  62 struct tevent_req *smb2_connect_send(TALLOC_CTX *mem_ctx,
  63                                      struct tevent_context *ev,
  64                                      const char *host,
  65                                      const char **ports,
  66                                      const char *share,
  67                                      struct resolve_context *resolve_ctx,
  68                                      struct cli_credentials *credentials,
  69                                      bool fallback_to_anonymous,
  70                                      struct smbXcli_conn **existing_conn,
  71                                      uint64_t previous_session_id,
  72                                      const struct smbcli_options *options,
  73                                      const char *socket_options,
  74                                      struct gensec_settings *gensec_settings)
  75 {
  76         struct tevent_req *req;
  77         struct smb2_connect_state *state;
  78         struct composite_context *creq;
  79         static const char *default_ports[] = { "445", "139", NULL };
  80         enum smb_encryption_setting encryption_state =
  81                 cli_credentials_get_smb_encryption(credentials);
  82
  83         req = tevent_req_create(mem_ctx, &state,
  84                                 struct smb2_connect_state);
  85         if (req == NULL) {
  86                 return NULL;
  87         }
  88
  89         state->ev = ev;
  90         state->credentials = credentials;
  91         state->fallback_to_anonymous = fallback_to_anonymous;
  92         state->previous_session_id = previous_session_id;
  93         state->options = *options;
  94         state->host = host;
  95         state->ports = ports;
  96         state->share = share;
  97         state->resolve_ctx = resolve_ctx;
  98         state->socket_options = socket_options;
  99         state->gensec_settings = gensec_settings;
 100
 101         if (state->ports == NULL) {
 102                 state->ports = default_ports;
 103         }
 104
 105         if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
 106                 state->options.signing = SMB_SIGNING_REQUIRED;
 107         }
 108
 109         make_nbt_name_client(&state->calling,
 110                              cli_credentials_get_workstation(credentials));
 111
 112         nbt_choose_called_name(state, &state->called,
 113                                host, NBT_NAME_SERVER);
 114
 115         state->unc = talloc_asprintf(state, "\\\\%s\\%s",
 116                                     state->host, state->share);
 117         if (tevent_req_nomem(state->unc, req)) {
 118                 return tevent_req_post(req, ev);
 119         }
 120
 121         if (existing_conn != NULL) {
 122                 NTSTATUS status;
 123
 124                 status = smb2_transport_raw_init(state, ev,
 125                                                  existing_conn,
 126                                                  &state->options,
 127                                                  &state->transport);
 128                 if (tevent_req_nterror(req, status)) {
 129                         return tevent_req_post(req, ev);
 130                 }
 131
 132                 smb2_connect_session_start(req);
 133                 if (!tevent_req_is_in_progress(req)) {
 134                         return tevent_req_post(req, ev);
 135                 }
 136
 137                 return req;
 138         }
 139
 140         creq = smbcli_sock_connect_send(state, NULL, state->ports,
 141                                         state->host, state->resolve_ctx,
 142                                         state->ev, state->socket_options,
 143                                         &state->calling,
 144                                         &state->called);
 145         if (tevent_req_nomem(creq, req)) {
 146                 return tevent_req_post(req, ev);
 147         }
 148         creq->async.fn = smb2_connect_socket_done;
 149         creq->async.private_data = req;
 150
 151         return req;
 152 }
 153
 154 static void smb2_connect_negprot_done(struct tevent_req *subreq);
 155
 156 static void smb2_connect_socket_done(struct composite_context *creq)
 157 {
 158         struct tevent_req *req =
 159                 talloc_get_type_abort(creq->async.private_data,
 160                 struct tevent_req);
 161         struct smb2_connect_state *state =
 162                 tevent_req_data(req,
 163                 struct smb2_connect_state);
 164         struct smbcli_socket *sock;
 165         struct tevent_req *subreq;
 166         NTSTATUS status;
 167         uint32_t timeout_msec;
 168         enum protocol_types min_protocol;
 169
 170         status = smbcli_sock_connect_recv(creq, state, &sock);
 171         if (tevent_req_nterror(req, status)) {
 172                 return;
 173         }
 174
 175         state->transport = smb2_transport_init(sock, state, &state->options);
 176         if (tevent_req_nomem(state->transport, req)) {
 177                 return;
 178         }
 179
 180         timeout_msec = state->transport->options.request_timeout * 1000;
 181         min_protocol = state->transport->options.min_protocol;
 182         if (min_protocol < PROTOCOL_SMB2_02) {
 183                 min_protocol = PROTOCOL_SMB2_02;
 184         }
 185
 186         subreq = smbXcli_negprot_send(state, state->ev,
 187                                       state->transport->conn, timeout_msec,
 188                                       min_protocol,
 189                                       state->transport->options.max_protocol,
 190                                       state->transport->options.max_credits,
 191                                       NULL);
 192         if (tevent_req_nomem(subreq, req)) {
 193                 return;
 194         }
 195         tevent_req_set_callback(subreq, smb2_connect_negprot_done, req);
 196 }
 197
 198 static void smb2_connect_session_done(struct tevent_req *subreq);
 199
 200 static void smb2_connect_negprot_done(struct tevent_req *subreq)
 201 {
 202         struct tevent_req *req =
 203                 tevent_req_callback_data(subreq,
 204                 struct tevent_req);
 205         NTSTATUS status;
 206
 207         status = smbXcli_negprot_recv(subreq, NULL, NULL);
 208         TALLOC_FREE(subreq);
 209         if (tevent_req_nterror(req, status)) {
 210                 return;
 211         }
 212
 213         smb2_connect_session_start(req);
 214 }
 215
 216 static void smb2_connect_session_start(struct tevent_req *req)
 217 {
 218         struct smb2_connect_state *state =
 219                 tevent_req_data(req,
 220                 struct smb2_connect_state);
 221         struct smb2_transport *transport = state->transport;
 222         struct tevent_req *subreq = NULL;
 223
 224         state->session = smb2_session_init(transport, state->gensec_settings, state);
 225         if (tevent_req_nomem(state->session, req)) {
 226                 return;
 227         }
 228
 229         if (state->options.only_negprot) {
 230                 state->tree = smb2_tree_init(state->session, state, true);
 231                 if (tevent_req_nomem(state->tree, req)) {
 232                         return;
 233                 }
 234                 tevent_req_done(req);
 235                 return;
 236         }
 237
 238         subreq = smb2_session_setup_spnego_send(state, state->ev,
 239                                                 state->session,
 240                                                 state->credentials,
 241                                                 state->previous_session_id);
 242         if (tevent_req_nomem(subreq, req)) {
 243                 return;
 244         }
 245         tevent_req_set_callback(subreq, smb2_connect_session_done, req);
 246 }
 247
 248 static void smb2_connect_enc_start(struct tevent_req *req);
 249 static void smb2_connect_tcon_start(struct tevent_req *req);
 250 static void smb2_connect_tcon_done(struct tevent_req *subreq);
 251
 252 static void smb2_connect_session_done(struct tevent_req *subreq)
 253 {
 254         struct tevent_req *req =
 255                 tevent_req_callback_data(subreq,
 256                 struct tevent_req);
 257         struct smb2_connect_state *state =
 258                 tevent_req_data(req,
 259                 struct smb2_connect_state);
 260         NTSTATUS status;
 261
 262         status = smb2_session_setup_spnego_recv(subreq);
 263         TALLOC_FREE(subreq);
 264         if (!NT_STATUS_IS_OK(status) &&
 265             !cli_credentials_is_anonymous(state->credentials) &&
 266             state->fallback_to_anonymous) {
 267                 struct cli_credentials *anon_creds = NULL;
 268
 269                 /*
 270                  * The transport was moved to session,
 271                  * we need to revert that before removing
 272                  * the old broken session.
 273                  */
 274                 state->transport = talloc_move(state, &state->session->transport);
 275                 TALLOC_FREE(state->session);
 276
 277                 anon_creds = cli_credentials_init_anon(state);
 278                 if (tevent_req_nomem(anon_creds, req)) {
 279                         return;
 280                 }
 281                 cli_credentials_set_workstation(anon_creds,
 282                    cli_credentials_get_workstation(state->credentials),
 283                    CRED_SPECIFIED);
 284
 285                 /*
 286                  * retry with anonymous credentials
 287                  */
 288                 state->credentials = anon_creds;
 289                 smb2_connect_session_start(req);
 290                 return;
 291         }
 292         if (tevent_req_nterror(req, status)) {
 293                 return;
 294         }
 295
 296         state->tree = smb2_tree_init(state->session, state, true);
 297         if (tevent_req_nomem(state->tree, req)) {
 298                 return;
 299         }
 300
 301         smb2_connect_enc_start(req);
 302 }
 303
 304 static void smb2_connect_enc_start(struct tevent_req *req)
 305 {
 306         struct smb2_connect_state *state =
 307                 tevent_req_data(req,
 308                                 struct smb2_connect_state);
 309         enum smb_encryption_setting encryption_state =
 310                 cli_credentials_get_smb_encryption(state->credentials);
 311         NTSTATUS status;
 312
 313         if (encryption_state < SMB_ENCRYPTION_DESIRED) {
 314                 smb2_connect_tcon_start(req);
 315                 return;
 316         }
 317
 318         status = smb2cli_session_encryption_on(state->session->smbXcli);
 319         if (!NT_STATUS_IS_OK(status)) {
 320                 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
 321                         if (encryption_state < SMB_ENCRYPTION_REQUIRED) {
 322                                 smb2_connect_tcon_start(req);
 323                                 return;
 324                         }
 325
 326                         DBG_ERR("Encryption required and server doesn't support "
 327                                 "SMB3 encryption - failing connect\n");
 328                         tevent_req_nterror(req, status);
 329                         return;
 330                 }
 331
 332                 DBG_ERR("Encryption required and setup failed with error %s.\n",
 333                         nt_errstr(status));
 334                 tevent_req_nterror(req, NT_STATUS_PROTOCOL_NOT_SUPPORTED);
 335                 return;
 336         }
 337
 338         smb2_connect_tcon_start(req);
 339 }
 340
 341 static void smb2_connect_tcon_start(struct tevent_req *req)
 342 {
 343         struct smb2_connect_state *state =
 344                 tevent_req_data(req,
 345                                 struct smb2_connect_state);
 346         struct tevent_req *subreq = NULL;
 347         uint32_t timeout_msec;
 348
 349         timeout_msec = state->transport->options.request_timeout * 1000;
 350
 351         subreq = smb2cli_tcon_send(state, state->ev,
 352                                    state->transport->conn,
 353                                    timeout_msec,
 354                                    state->session->smbXcli,
 355                                    state->tree->smbXcli,
 356                                    0, /* flags */
 357                                    state->unc);
 358         if (tevent_req_nomem(subreq, req)) {
 359                 return;
 360         }
 361         tevent_req_set_callback(subreq, smb2_connect_tcon_done, req);
 362 }
 363
 364 static void smb2_connect_tcon_done(struct tevent_req *subreq)
 365 {
 366         struct tevent_req *req =
 367                 tevent_req_callback_data(subreq,
 368                 struct tevent_req);
 369         NTSTATUS status;
 370
 371         status = smb2cli_tcon_recv(subreq);
 372         if (tevent_req_nterror(req, status)) {
 373                 return;
 374         }
 375
 376         tevent_req_done(req);
 377 }
 378
 379 NTSTATUS smb2_connect_recv(struct tevent_req *req,
 380                            TALLOC_CTX *mem_ctx,
 381                            struct smb2_tree **tree)
 382 {
 383         struct smb2_connect_state *state =
 384                 tevent_req_data(req,
 385                 struct smb2_connect_state);
 386         NTSTATUS status;
 387
 388         if (tevent_req_is_nterror(req, &status)) {
 389                 tevent_req_received(req);
 390                 return status;
 391         }
 392
 393         *tree = talloc_move(mem_ctx, &state->tree);
 394
 395         tevent_req_received(req);
 396         return NT_STATUS_OK;
 397 }
 398
 399 /*
 400   sync version of smb2_connect
 401 */
 402 NTSTATUS smb2_connect_ext(TALLOC_CTX *mem_ctx,
 403                           const char *host,
 404                           const char **ports,
 405                           const char *share,
 406                           struct resolve_context *resolve_ctx,
 407                           struct cli_credentials *credentials,
 408                           struct smbXcli_conn **existing_conn,
 409                           uint64_t previous_session_id,
 410                           struct smb2_tree **tree,
 411                           struct tevent_context *ev,
 412                           const struct smbcli_options *options,
 413                           const char *socket_options,
 414                           struct gensec_settings *gensec_settings)
 415 {
 416         struct tevent_req *subreq;
 417         NTSTATUS status;
 418         bool ok;
 419         TALLOC_CTX *frame = talloc_stackframe();
 420
 421         if (frame == NULL) {
 422                 return NT_STATUS_NO_MEMORY;
 423         }
 424
 425         subreq = smb2_connect_send(frame,
 426                                    ev,
 427                                    host,
 428                                    ports,
 429                                    share,
 430                                    resolve_ctx,
 431                                    credentials,
 432                                    false, /* fallback_to_anonymous */
 433                                    existing_conn,
 434                                    previous_session_id,
 435                                    options,
 436                                    socket_options,
 437                                    gensec_settings);
 438         if (subreq == NULL) {
 439                 TALLOC_FREE(frame);
 440                 return NT_STATUS_NO_MEMORY;
 441         }
 442
 443         ok = tevent_req_poll(subreq, ev);
 444         if (!ok) {
 445                 status = map_nt_error_from_unix_common(errno);
 446                 TALLOC_FREE(frame);
 447                 return status;
 448         }
 449
 450         status = smb2_connect_recv(subreq, mem_ctx, tree);
 451         TALLOC_FREE(subreq);
 452         if (!NT_STATUS_IS_OK(status)) {
 453                 TALLOC_FREE(frame);
 454                 return status;
 455         }
 456
 457         TALLOC_FREE(frame);
 458         return NT_STATUS_OK;
 459 }
 460
 461 NTSTATUS smb2_connect(TALLOC_CTX *mem_ctx,
 462                       const char *host,
 463                       const char **ports,
 464                       const char *share,
 465                       struct resolve_context *resolve_ctx,
 466                       struct cli_credentials *credentials,
 467                       struct smb2_tree **tree,
 468                       struct tevent_context *ev,
 469                       const struct smbcli_options *options,
 470                       const char *socket_options,
 471                       struct gensec_settings *gensec_settings)
 472 {
 473         NTSTATUS status;
 474
 475         status = smb2_connect_ext(mem_ctx, host, ports, share, resolve_ctx,
 476                                   credentials,
 477                                   NULL, /* existing_conn */
 478                                   0, /* previous_session_id */
 479                                   tree, ev, options, socket_options,
 480                                   gensec_settings);
 481
 482         return status;
 483 }