struct smbXcli_conn;
struct smbXcli_req;
struct smbXcli_session;
+struct smbXcli_tcon;
struct smbXcli_conn {
int read_fd;
struct smb_signing_state *signing;
struct smb_trans_enc_state *trans_enc;
+
+ struct tevent_req *read_braw_req;
} smb1;
struct {
struct {
+ uint32_t capabilities;
uint16_t security_mode;
struct GUID guid;
} client;
struct smbXcli_session *prev, *next;
struct smbXcli_conn *conn;
+ struct {
+ uint16_t session_id;
+ } smb1;
+
struct {
uint64_t session_id;
uint16_t session_flags;
+ DATA_BLOB application_key;
DATA_BLOB signing_key;
- DATA_BLOB session_key;
bool should_sign;
- bool channel_setup;
+ bool should_encrypt;
+ DATA_BLOB encryption_key;
+ DATA_BLOB decryption_key;
+ uint64_t channel_nonce;
+ uint64_t channel_next;
+ DATA_BLOB channel_signing_key;
+ } smb2;
+};
+
+struct smbXcli_tcon {
+ struct {
+ uint16_t tcon_id;
+ uint16_t optional_support;
+ uint32_t maximal_access;
+ uint32_t guest_maximal_access;
+ char *service;
+ char *fs_type;
+ } smb1;
+
+ struct {
+ uint32_t tcon_id;
+ uint8_t type;
+ uint32_t flags;
+ uint32_t capabilities;
+ uint32_t maximal_access;
} smb2;
};
uint16_t *vwv;
uint8_t bytecount_buf[2];
-#define MAX_SMB_IOV 5
+#define MAX_SMB_IOV 10
/* length_hdr, hdr, words, byte_count, buffers */
struct iovec iov[1 + 3 + MAX_SMB_IOV];
int iov_count;
const uint8_t *dyn;
uint32_t dyn_len;
- uint8_t hdr[64];
+ uint8_t transform[SMB2_TF_HDR_SIZE];
+ uint8_t hdr[SMB2_HDR_BODY];
uint8_t pad[7]; /* padding space for compounding */
- /* always an array of 3 talloc elements */
+ /*
+ * always an array of 3 talloc elements
+ * (without a SMB2_TRANSFORM header!)
+ *
+ * HDR, BODY, DYN
+ */
struct iovec *recv_iov;
uint16_t credit_charge;
+ bool should_sign;
+ bool should_encrypt;
+
bool signing_skipped;
bool notify_async;
bool got_async;
}
if (conn->smb1.trans_enc) {
- common_free_encryption_state(&conn->smb1.trans_enc);
+ TALLOC_FREE(conn->smb1.trans_enc);
}
return 0;
const char *remote_name,
enum smb_signing_setting signing_state,
uint32_t smb1_capabilities,
- struct GUID *client_guid)
+ struct GUID *client_guid,
+ uint32_t smb2_capabilities)
{
struct smbXcli_conn *conn = NULL;
void *ss = NULL;
if (client_guid) {
conn->smb2.client.guid = *client_guid;
}
+ conn->smb2.client.capabilities = smb2_capabilities;
conn->smb2.cur_credits = 1;
conn->smb2.max_credits = 0;
return &conn->smb1.server.guid;
}
+struct smbXcli_conn_samba_suicide_state {
+ struct smbXcli_conn *conn;
+ struct iovec iov;
+ uint8_t buf[9];
+};
+
+static void smbXcli_conn_samba_suicide_done(struct tevent_req *subreq);
+
+struct tevent_req *smbXcli_conn_samba_suicide_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct smbXcli_conn *conn,
+ uint8_t exitcode)
+{
+ struct tevent_req *req, *subreq;
+ struct smbXcli_conn_samba_suicide_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct smbXcli_conn_samba_suicide_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->conn = conn;
+ SIVAL(state->buf, 4, 0x74697865);
+ SCVAL(state->buf, 8, exitcode);
+ _smb_setlen_nbt(state->buf, sizeof(state->buf)-4);
+
+ state->iov.iov_base = state->buf;
+ state->iov.iov_len = sizeof(state->buf);
+
+ subreq = writev_send(state, ev, conn->outgoing, conn->write_fd,
+ false, &state->iov, 1);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, smbXcli_conn_samba_suicide_done, req);
+ return req;
+}
+
+static void smbXcli_conn_samba_suicide_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct smbXcli_conn_samba_suicide_state *state = tevent_req_data(
+ req, struct smbXcli_conn_samba_suicide_state);
+ ssize_t nwritten;
+ int err;
+
+ nwritten = writev_recv(subreq, &err);
+ TALLOC_FREE(subreq);
+ if (nwritten == -1) {
+ NTSTATUS status = map_nt_error_from_unix_common(err);
+ smbXcli_conn_disconnect(state->conn, status);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS smbXcli_conn_samba_suicide_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS smbXcli_conn_samba_suicide(struct smbXcli_conn *conn,
+ uint8_t exitcode)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+ bool ok;
+
+ if (smbXcli_conn_has_async_calls(conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto fail;
+ }
+ ev = tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = smbXcli_conn_samba_suicide_send(frame, ev, conn, exitcode);
+ if (req == NULL) {
+ goto fail;
+ }
+ ok = tevent_req_poll(req, ev);
+ if (!ok) {
+ status = map_nt_error_from_unix_common(errno);
+ goto fail;
+ }
+ status = smbXcli_conn_samba_suicide_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
uint32_t smb1cli_conn_capabilities(struct smbXcli_conn *conn)
{
return conn->smb1.capabilities;
return conn->smb1.server.security_mode;
}
+bool smb1cli_conn_server_readbraw(struct smbXcli_conn *conn)
+{
+ return conn->smb1.server.readbraw;
+}
+
+bool smb1cli_conn_server_writebraw(struct smbXcli_conn *conn)
+{
+ return conn->smb1.server.writebraw;
+}
+
+bool smb1cli_conn_server_lockread(struct smbXcli_conn *conn)
+{
+ return conn->smb1.server.lockread;
+}
+
+bool smb1cli_conn_server_writeunlock(struct smbXcli_conn *conn)
+{
+ return conn->smb1.server.writeunlock;
+}
+
int smb1cli_conn_server_time_zone(struct smbXcli_conn *conn)
{
return conn->smb1.server.time_zone;
{
/* Replace the old state, if any. */
if (conn->smb1.trans_enc) {
- common_free_encryption_state(&conn->smb1.trans_enc);
+ TALLOC_FREE(conn->smb1.trans_enc);
}
conn->smb1.trans_enc = es;
}
void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status)
{
+ tevent_queue_stop(conn->outgoing);
+
if (conn->read_fd != -1) {
close(conn->read_fd);
}
uint16_t flags2;
uint32_t pid;
uint16_t tid;
- uint16_t uid;
uint16_t mid;
struct tevent_req *subreq;
NTSTATUS status;
pid = SVAL(state->smb1.hdr, HDR_PID);
pid |= SVAL(state->smb1.hdr, HDR_PIDHIGH)<<16;
tid = SVAL(state->smb1.hdr, HDR_TID);
- uid = SVAL(state->smb1.hdr, HDR_UID);
mid = SVAL(state->smb1.hdr, HDR_MID);
subreq = smb1cli_req_create(state, state->ev,
flags, 0,
flags2, 0,
0, /* timeout */
- pid, tid, uid,
+ pid, tid,
+ state->session,
0, NULL, /* vwv */
0, NULL); /* bytes */
if (subreq == NULL) {
uint32_t timeout_msec,
uint32_t pid,
uint16_t tid,
- uint16_t uid,
+ struct smbXcli_session *session,
uint8_t wct, uint16_t *vwv,
int iov_count,
struct iovec *bytes_iov)
struct smbXcli_req_state *state;
uint8_t flags = 0;
uint16_t flags2 = 0;
+ uint16_t uid = 0;
if (iov_count > MAX_SMB_IOV) {
/*
}
state->ev = ev;
state->conn = conn;
+ state->session = session;
+
+ if (session) {
+ uid = session->smb1.session_id;
+ }
state->smb1.recv_cmd = 0xFF;
state->smb1.recv_status = NT_STATUS_INTERNAL_ERROR;
uint32_t *seqnum,
bool one_way_seqnum)
{
+ TALLOC_CTX *frame = NULL;
uint8_t *buf;
/*
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- buf = smbXcli_iov_concat(talloc_tos(), iov, iov_count);
+ frame = talloc_stackframe();
+
+ buf = smbXcli_iov_concat(frame, iov, iov_count);
if (buf == NULL) {
return NT_STATUS_NO_MEMORY;
}
smb_signing_sign_pdu(conn->smb1.signing, buf, *seqnum);
memcpy(iov[1].iov_base, buf+4, iov[1].iov_len);
- TALLOC_FREE(buf);
+ TALLOC_FREE(frame);
return NT_STATUS_OK;
}
{
struct tevent_req *subreq;
NTSTATUS status;
+ uint8_t cmd;
uint16_t mid;
if (!smbXcli_conn_is_connected(state->conn)) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
+ cmd = CVAL(iov[1].iov_base, HDR_COM);
+ if (cmd == SMBreadBraw) {
+ if (smbXcli_conn_has_async_calls(state->conn)) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+ state->conn->smb1.read_braw_req = req;
+ }
+
if (state->smb1.mid != 0) {
mid = state->smb1.mid;
} else {
uint32_t timeout_msec,
uint32_t pid,
uint16_t tid,
- uint16_t uid,
+ struct smbXcli_session *session,
uint8_t wct, uint16_t *vwv,
uint32_t num_bytes,
const uint8_t *bytes)
additional_flags, clear_flags,
additional_flags2, clear_flags2,
timeout_msec,
- pid, tid, uid,
+ pid, tid, session,
wct, vwv, 1, &iov);
if (req == NULL) {
return NULL;
size_t num_chained = 0;
size_t num_responses = 0;
+ if (conn->smb1.read_braw_req != NULL) {
+ req = conn->smb1.read_braw_req;
+ conn->smb1.read_braw_req = NULL;
+ state = tevent_req_data(req, struct smbXcli_req_state);
+
+ smbXcli_req_unset_pending(req);
+
+ if (state->smb1.recv_iov == NULL) {
+ /*
+ * For requests with more than
+ * one response, we have to readd the
+ * recv_iov array.
+ */
+ state->smb1.recv_iov = talloc_zero_array(state,
+ struct iovec,
+ 3);
+ if (tevent_req_nomem(state->smb1.recv_iov, req)) {
+ return NT_STATUS_OK;
+ }
+ }
+
+ state->smb1.recv_iov[0].iov_base = (void *)(inbuf + NBT_HDR_SIZE);
+ state->smb1.recv_iov[0].iov_len = smb_len_nbt(inbuf);
+ ZERO_STRUCT(state->smb1.recv_iov[1]);
+ ZERO_STRUCT(state->smb1.recv_iov[2]);
+
+ state->smb1.recv_cmd = SMBreadBraw;
+ state->smb1.recv_status = NT_STATUS_OK;
+ state->inbuf = talloc_move(state->smb1.recv_iov, &inbuf);
+
+ tevent_req_done(req);
+ return NT_STATUS_OK;
+ }
+
if ((IVAL(inhdr, 0) != SMB_MAGIC) /* 0xFF"SMB" */
&& (SVAL(inhdr, 0) != 0x45ff)) /* 0xFF"E" */ {
DEBUG(10, ("Got non-SMB PDU\n"));
smbXcli_req_unset_pending(req);
+ if (state->smb1.recv_iov == NULL) {
+ /*
+ * For requests with more than
+ * one response, we have to readd the
+ * recv_iov array.
+ */
+ state->smb1.recv_iov = talloc_zero_array(state,
+ struct iovec,
+ 3);
+ if (tevent_req_nomem(state->smb1.recv_iov, req)) {
+ return NT_STATUS_OK;
+ }
+ }
+
state->smb1.recv_cmd = cmd;
state->smb1.recv_status = status;
state->inbuf = talloc_move(state->smb1.recv_iov, &inbuf);
continue;
}
+ if (state->smb1.recv_iov == NULL) {
+ /*
+ * For requests with more than
+ * one response, we have to readd the
+ * recv_iov array.
+ */
+ state->smb1.recv_iov = talloc_zero_array(state,
+ struct iovec,
+ 3);
+ if (tevent_req_nomem(state->smb1.recv_iov, req)) {
+ continue;
+ }
+ }
+
state->smb1.recv_cmd = cmd;
if (i == (num_responses - 1)) {
if (state->inbuf != NULL) {
recv_iov = state->smb1.recv_iov;
- hdr = (uint8_t *)recv_iov[0].iov_base;
- wct = recv_iov[1].iov_len/2;
- vwv = (uint16_t *)recv_iov[1].iov_base;
- vwv_offset = PTR_DIFF(vwv, hdr);
- num_bytes = recv_iov[2].iov_len;
- bytes = (uint8_t *)recv_iov[2].iov_base;
- bytes_offset = PTR_DIFF(bytes, hdr);
+ state->smb1.recv_iov = NULL;
+ if (state->smb1.recv_cmd != SMBreadBraw) {
+ hdr = (uint8_t *)recv_iov[0].iov_base;
+ wct = recv_iov[1].iov_len/2;
+ vwv = (uint16_t *)recv_iov[1].iov_base;
+ vwv_offset = PTR_DIFF(vwv, hdr);
+ num_bytes = recv_iov[2].iov_len;
+ bytes = (uint8_t *)recv_iov[2].iov_base;
+ bytes_offset = PTR_DIFF(bytes, hdr);
+ }
}
if (tevent_req_is_nterror(req, &status)) {
if (session) {
uid = session->smb2.session_id;
+
+ state->smb2.should_sign = session->smb2.should_sign;
+ state->smb2.should_encrypt = session->smb2.should_encrypt;
+
+ /* TODO: turn on encryption based on the tree connect. */
+
+ if (cmd == SMB2_OP_SESSSETUP &&
+ session->smb2.signing_key.length != 0) {
+ state->smb2.should_sign = true;
+ }
+
+ if (cmd == SMB2_OP_SESSSETUP &&
+ session->smb2.channel_signing_key.length == 0) {
+ state->smb2.should_encrypt = false;
+ }
+
+ if (state->smb2.should_encrypt) {
+ state->smb2.should_sign = false;
+ }
}
state->smb2.recv_iov = talloc_zero_array(state, struct iovec, 3);
state->smb2.dyn = dyn;
state->smb2.dyn_len = dyn_len;
+ if (state->smb2.should_encrypt) {
+ SIVAL(state->smb2.transform, SMB2_TF_PROTOCOL_ID, SMB2_TF_MAGIC);
+ SBVAL(state->smb2.transform, SMB2_TF_SESSION_ID, uid);
+ }
+
SIVAL(state->smb2.hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
SSVAL(state->smb2.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
SSVAL(state->smb2.hdr, SMB2_HDR_OPCODE, cmd);
state->smb2.notify_async = true;
}
-static void smb2cli_writev_done(struct tevent_req *subreq);
+static void smb2cli_req_writev_done(struct tevent_req *subreq);
static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
TALLOC_CTX *tmp_mem,
uint8_t *inbuf);
/*
* 1 for the nbt length
- * per request: HDR, fixed, dyn, padding
+ * per request: TRANSFORM, HDR, fixed, dyn, padding
* -1 because the last one does not need padding
*/
- iov = talloc_array(reqs[0], struct iovec, 1 + 4*num_reqs - 1);
+ iov = talloc_array(reqs[0], struct iovec, 1 + 5*num_reqs - 1);
if (iov == NULL) {
return NT_STATUS_NO_MEMORY;
}
nbt_len = 0;
for (i=0; i<num_reqs; i++) {
+ int tf_iov;
int hdr_iov;
size_t reqlen;
bool ret;
uint16_t charge;
uint16_t credits;
uint64_t mid;
- bool should_sign = false;
+ const DATA_BLOB *signing_key = NULL;
+ const DATA_BLOB *encryption_key = NULL;
if (!tevent_req_is_in_progress(reqs[i])) {
return NT_STATUS_INTERNAL_ERROR;
SBVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID, mid);
skip_credits:
+ if (state->session) {
+ /*
+ * We prefer the channel signing key if it is
+ * already there.
+ */
+ if (state->smb2.should_sign) {
+ signing_key = &state->session->smb2.channel_signing_key;
+ }
+
+ /*
+ * If it is a channel binding, we already have the main
+ * signing key and try that one.
+ */
+ if (signing_key && signing_key->length == 0) {
+ signing_key = &state->session->smb2.signing_key;
+ }
+
+ /*
+ * If we do not have any session key yet, we skip the
+ * signing of SMB2_OP_SESSSETUP requests.
+ */
+ if (signing_key && signing_key->length == 0) {
+ signing_key = NULL;
+ }
+
+ if (state->smb2.should_encrypt) {
+ encryption_key = &state->session->smb2.encryption_key;
+ }
+ }
+
+ if (encryption_key) {
+ tf_iov = num_iov;
+ iov[num_iov].iov_base = state->smb2.transform;
+ iov[num_iov].iov_len = sizeof(state->smb2.transform);
+ num_iov += 1;
+ }
+
hdr_iov = num_iov;
iov[num_iov].iov_base = state->smb2.hdr;
iov[num_iov].iov_len = sizeof(state->smb2.hdr);
}
SIVAL(state->smb2.hdr, SMB2_HDR_NEXT_COMMAND, reqlen);
}
- nbt_len += reqlen;
- if (state->session) {
- should_sign = state->session->smb2.should_sign;
- if (state->session->smb2.channel_setup) {
- should_sign = true;
+ if (encryption_key) {
+ NTSTATUS status;
+ uint8_t *buf;
+ int vi;
+
+ SBVAL(state->smb2.transform, SMB2_TF_NONCE, mid);
+ SBVAL(state->smb2.transform, SMB2_TF_NONCE+8,
+ state->session->smb2.channel_nonce);
+ SBVAL(state->smb2.transform, SMB2_TF_MSG_SIZE,
+ reqlen);
+
+ buf = talloc_array(iov, uint8_t, reqlen);
+ if (buf == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
- }
- if (should_sign) {
+ reqlen += SMB2_TF_HDR_SIZE;
+
+ /*
+ * We copy the buffers before encrypting them,
+ * this is at least currently needed for the
+ * to keep state->smb2.hdr.
+ *
+ * Also the callers may expect there buffers
+ * to be const.
+ */
+ for (vi = hdr_iov; vi < num_iov; vi++) {
+ struct iovec *v = &iov[vi];
+ const uint8_t *o = (const uint8_t *)v->iov_base;
+
+ memcpy(buf, o, v->iov_len);
+ v->iov_base = (void *)buf;
+ buf += v->iov_len;
+ }
+
+ status = smb2_signing_encrypt_pdu(*encryption_key,
+ state->session->conn->protocol,
+ &iov[tf_iov], num_iov - tf_iov);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ } else if (signing_key) {
NTSTATUS status;
- status = smb2_signing_sign_pdu(state->session->smb2.signing_key,
+ status = smb2_signing_sign_pdu(*signing_key,
+ state->session->conn->protocol,
&iov[hdr_iov], num_iov - hdr_iov);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
+ nbt_len += reqlen;
+
ret = smbXcli_req_set_pending(reqs[i]);
if (!ret) {
return NT_STATUS_NO_MEMORY;
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
- tevent_req_set_callback(subreq, smb2cli_writev_done, reqs[0]);
+ tevent_req_set_callback(subreq, smb2cli_req_writev_done, reqs[0]);
return NT_STATUS_OK;
}
return req;
}
-static void smb2cli_writev_done(struct tevent_req *subreq)
+static void smb2cli_req_writev_done(struct tevent_req *subreq)
{
struct tevent_req *req =
tevent_req_callback_data(subreq,
}
}
-static NTSTATUS smb2cli_inbuf_parse_compound(uint8_t *buf, TALLOC_CTX *mem_ctx,
+static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
+ uint8_t *buf,
+ size_t buflen,
+ TALLOC_CTX *mem_ctx,
struct iovec **piov, int *pnum_iov)
{
struct iovec *iov;
- int num_iov;
- size_t buflen;
- size_t taken;
- uint8_t *first_hdr;
-
- num_iov = 0;
+ int num_iov = 0;
+ size_t taken = 0;
+ uint8_t *first_hdr = buf;
iov = talloc_array(mem_ctx, struct iovec, num_iov);
if (iov == NULL) {
return NT_STATUS_NO_MEMORY;
}
- buflen = smb_len_tcp(buf);
- taken = 0;
- first_hdr = buf + NBT_HDR_SIZE;
-
while (taken < buflen) {
+ uint8_t *tf = NULL;
+ size_t tf_len = 0;
size_t len = buflen - taken;
uint8_t *hdr = first_hdr + taken;
struct iovec *cur;
uint16_t body_size;
struct iovec *iov_tmp;
+ if (len < 4) {
+ DEBUG(10, ("%d bytes left, expected at least %d\n",
+ (int)len, 4));
+ goto inval;
+ }
+ if (IVAL(hdr, 0) == SMB2_TF_MAGIC) {
+ struct smbXcli_session *s;
+ uint64_t uid;
+ struct iovec tf_iov[2];
+ NTSTATUS status;
+
+ if (len < SMB2_TF_HDR_SIZE) {
+ DEBUG(10, ("%d bytes left, expected at least %d\n",
+ (int)len, SMB2_TF_HDR_SIZE));
+ goto inval;
+ }
+ tf = hdr;
+ tf_len = SMB2_TF_HDR_SIZE;
+ taken += tf_len;
+
+ hdr = first_hdr + taken;
+ len = IVAL(tf, SMB2_TF_MSG_SIZE);
+ uid = BVAL(tf, SMB2_TF_SESSION_ID);
+
+ s = conn->sessions;
+ for (; s; s = s->next) {
+ if (s->smb2.session_id != uid) {
+ continue;
+ }
+ break;
+ }
+
+ if (s == NULL) {
+ DEBUG(10, ("unknown session_id %llu\n",
+ (unsigned long long)uid));
+ goto inval;
+ }
+
+ tf_iov[0].iov_base = (void *)tf;
+ tf_iov[0].iov_len = tf_len;
+ tf_iov[1].iov_base = (void *)hdr;
+ tf_iov[1].iov_len = len;
+
+ status = smb2_signing_decrypt_pdu(s->smb2.decryption_key,
+ conn->protocol,
+ tf_iov, 2);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(iov);
+ return status;
+ }
+ }
+
/*
* We need the header plus the body length field
*/
if (next_command_ofs > full_size) {
goto inval;
}
+ if (tf && next_command_ofs < len) {
+ goto inval;
+ }
full_size = next_command_ofs;
}
if (body_size < 2) {
}
iov_tmp = talloc_realloc(mem_ctx, iov, struct iovec,
- num_iov + 3);
+ num_iov + 4);
if (iov_tmp == NULL) {
TALLOC_FREE(iov);
return NT_STATUS_NO_MEMORY;
}
iov = iov_tmp;
cur = &iov[num_iov];
- num_iov += 3;
+ num_iov += 4;
- cur[0].iov_base = hdr;
- cur[0].iov_len = SMB2_HDR_BODY;
- cur[1].iov_base = hdr + SMB2_HDR_BODY;
- cur[1].iov_len = body_size;
- cur[2].iov_base = hdr + SMB2_HDR_BODY + body_size;
- cur[2].iov_len = full_size - (SMB2_HDR_BODY + body_size);
+ cur[0].iov_base = tf;
+ cur[0].iov_len = tf_len;
+ cur[1].iov_base = hdr;
+ cur[1].iov_len = SMB2_HDR_BODY;
+ cur[2].iov_base = hdr + SMB2_HDR_BODY;
+ cur[2].iov_len = body_size;
+ cur[3].iov_base = hdr + SMB2_HDR_BODY + body_size;
+ cur[3].iov_len = full_size - (SMB2_HDR_BODY + body_size);
taken += full_size;
}
NTSTATUS status;
bool defer = true;
struct smbXcli_session *last_session = NULL;
+ size_t inbuf_len = smb_len_tcp(inbuf);
- status = smb2cli_inbuf_parse_compound(inbuf, tmp_mem,
+ status = smb2cli_inbuf_parse_compound(conn,
+ inbuf + NBT_HDR_SIZE,
+ inbuf_len,
+ tmp_mem,
&iov, &num_iov);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- for (i=0; i<num_iov; i+=3) {
+ for (i=0; i<num_iov; i+=4) {
uint8_t *inbuf_ref = NULL;
struct iovec *cur = &iov[i];
- uint8_t *inhdr = (uint8_t *)cur[0].iov_base;
+ uint8_t *inhdr = (uint8_t *)cur[1].iov_base;
uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE);
uint32_t flags = IVAL(inhdr, SMB2_HDR_FLAGS);
uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
uint32_t new_credits;
struct smbXcli_session *session = NULL;
const DATA_BLOB *signing_key = NULL;
- bool should_sign = false;
new_credits = conn->smb2.cur_credits;
new_credits += credits;
}
last_session = session;
- if (session) {
- should_sign = session->smb2.should_sign;
- if (session->smb2.channel_setup) {
- should_sign = true;
- }
- }
-
- if (should_sign) {
+ if (state->smb2.should_sign) {
if (!(flags & SMB2_HDR_FLAG_SIGNED)) {
return NT_STATUS_ACCESS_DENIED;
}
}
last_session = session;
- signing_key = &session->smb2.signing_key;
+ signing_key = &session->smb2.channel_signing_key;
}
- if ((opcode == SMB2_OP_SESSSETUP) &&
- NT_STATUS_IS_OK(status)) {
+ if (opcode == SMB2_OP_SESSSETUP) {
/*
- * the caller has to check the signing
- * as only the caller knows the correct
- * session key
+ * We prefer the channel signing key, if it is
+ * already there.
+ *
+ * If we do not have a channel signing key yet,
+ * we try the main signing key, if it is not
+ * the final response.
*/
- signing_key = NULL;
+ if (signing_key && signing_key->length == 0 &&
+ !NT_STATUS_IS_OK(status)) {
+ signing_key = &session->smb2.signing_key;
+ }
+
+ if (signing_key && signing_key->length == 0) {
+ /*
+ * If we do not have a session key to
+ * verify the signature, we defer the
+ * signing check to the caller.
+ *
+ * The caller gets NT_STATUS_OK, it
+ * has to call
+ * smb2cli_session_set_session_key()
+ * or
+ * smb2cli_session_set_channel_key()
+ * which will check the signature
+ * with the channel signing key.
+ */
+ signing_key = NULL;
+ }
}
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
* propagate the NT_STATUS_USER_SESSION_DELETED
* status to the caller.
*/
- if (signing_key) {
- signing_key = NULL;
+ signing_key = NULL;
+ } else if (state->smb2.should_encrypt) {
+ if (cur[0].iov_len != SMB2_TF_HDR_SIZE) {
+ return NT_STATUS_ACCESS_DENIED;
}
}
}
if (signing_key) {
- status = smb2_signing_check_pdu(*signing_key, cur, 3);
+ status = smb2_signing_check_pdu(*signing_key,
+ state->conn->protocol,
+ &cur[1], 3);
if (!NT_STATUS_IS_OK(status)) {
/*
* If the signing check fails, we disconnect
* There might be more than one response
* we need to defer the notifications
*/
- if ((num_iov == 4) && (talloc_array_length(conn->pending) == 0)) {
+ if ((num_iov == 5) && (talloc_array_length(conn->pending) == 0)) {
defer = false;
}
}
/* copy the related buffers */
- state->smb2.recv_iov[0] = cur[0];
- state->smb2.recv_iov[1] = cur[1];
- state->smb2.recv_iov[2] = cur[2];
+ state->smb2.recv_iov[0] = cur[1];
+ state->smb2.recv_iov[1] = cur[2];
+ state->smb2.recv_iov[2] = cur[3];
tevent_req_done(req);
}
{PROTOCOL_SMB2_02, SMB2_DIALECT_REVISION_202},
{PROTOCOL_SMB2_10, SMB2_DIALECT_REVISION_210},
{PROTOCOL_SMB2_22, SMB2_DIALECT_REVISION_222},
+ {PROTOCOL_SMB2_24, SMB2_DIALECT_REVISION_224},
+ {PROTOCOL_SMB3_00, SMB3_DIALECT_REVISION_300},
};
struct smbXcli_negprot_state {
flags, ~flags,
flags2, ~flags2,
state->timeout_msec,
- 0xFFFE, 0, 0, /* pid, tid, uid */
+ 0xFFFE, 0, NULL, /* pid, tid, session */
0, NULL, /* wct, vwv */
bytes.length, bytes.data);
}
SSVAL(buf, 2, dialect_count);
SSVAL(buf, 4, state->conn->smb2.client.security_mode);
SSVAL(buf, 6, 0); /* Reserved */
- SSVAL(buf, 8, 0); /* Capabilities */
+ if (state->max_protocol >= PROTOCOL_SMB2_22) {
+ SIVAL(buf, 8, state->conn->smb2.client.capabilities);
+ } else {
+ SIVAL(buf, 8, 0); /* Capabilities */
+ }
if (state->max_protocol >= PROTOCOL_SMB2_10) {
NTSTATUS status;
DATA_BLOB blob;
/*
* send a SMB2 negprot, in order to negotiate
- * the SMB2 dialect. This needs to use the
- * message id 1.
+ * the SMB2 dialect.
*/
- state->conn->smb2.mid = 1;
subreq = smbXcli_negprot_smb2_subreq(state);
if (tevent_req_nomem(subreq, req)) {
return;
struct tevent_req *subreq;
struct smbXcli_req_state *substate;
struct tevent_req *req;
- uint32_t protocol_magic = IVAL(inbuf, 4);
+ uint32_t protocol_magic;
+ size_t inbuf_len = smb_len_nbt(inbuf);
if (num_pending != 1) {
return NT_STATUS_INTERNAL_ERROR;
}
+ if (inbuf_len < 4) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
subreq = conn->pending[0];
substate = tevent_req_data(subreq, struct smbXcli_req_state);
req = tevent_req_callback_data(subreq, struct tevent_req);
+ protocol_magic = IVAL(inbuf, 4);
+
switch (protocol_magic) {
case SMB_MAGIC:
tevent_req_set_callback(subreq, smbXcli_negprot_smb1_done, req);
substate->smb1.recv_iov = NULL;
}
+ /*
+ * we got an SMB2 answer, which consumed sequence number 0
+ * so we need to use 1 as the next one
+ */
+ conn->smb2.mid = 1;
tevent_req_set_callback(subreq, smbXcli_negprot_smb2_done, req);
conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
return smb2cli_conn_dispatch_incoming(conn, tmp_mem, inbuf);
return session;
}
+uint16_t smb1cli_session_current_id(struct smbXcli_session *session)
+{
+ return session->smb1.session_id;
+}
+
+void smb1cli_session_set_id(struct smbXcli_session *session,
+ uint16_t session_id)
+{
+ session->smb1.session_id = session_id;
+}
+
uint8_t smb2cli_session_security_mode(struct smbXcli_session *session)
{
struct smbXcli_conn *conn = session->conn;
return session->smb2.session_id;
}
+uint16_t smb2cli_session_get_flags(struct smbXcli_session *session)
+{
+ return session->smb2.session_flags;
+}
+
+NTSTATUS smb2cli_session_application_key(struct smbXcli_session *session,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *key)
+{
+ *key = data_blob_null;
+
+ if (session->smb2.application_key.length == 0) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+
+ *key = data_blob_dup_talloc(mem_ctx, session->smb2.application_key);
+ if (key->data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return NT_STATUS_OK;
+}
+
void smb2cli_session_set_id_and_flags(struct smbXcli_session *session,
uint64_t session_id,
uint16_t session_flags)
session->smb2.session_flags = session_flags;
}
-NTSTATUS smb2cli_session_update_session_key(struct smbXcli_session *session,
- const DATA_BLOB session_key,
- const struct iovec *recv_iov)
+NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
+ const DATA_BLOB _session_key,
+ const struct iovec *recv_iov)
{
struct smbXcli_conn *conn = session->conn;
uint16_t no_sign_flags;
- DATA_BLOB signing_key;
+ uint8_t session_key[16];
NTSTATUS status;
if (conn == NULL) {
return NT_STATUS_OK;
}
- if (session->smb2.signing_key.length > 0) {
- signing_key = session->smb2.signing_key;
- } else {
- signing_key = session_key;
+ if (session->smb2.signing_key.length != 0) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
}
- if (session->smb2.channel_setup) {
- signing_key = session_key;
+
+ ZERO_STRUCT(session_key);
+ memcpy(session_key, _session_key.data,
+ MIN(_session_key.length, sizeof(session_key)));
+
+ session->smb2.signing_key = data_blob_talloc(session,
+ session_key,
+ sizeof(session_key));
+ if (session->smb2.signing_key.data == NULL) {
+ ZERO_STRUCT(session_key);
+ return NT_STATUS_NO_MEMORY;
}
- status = smb2_signing_check_pdu(signing_key, recv_iov, 3);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+ const DATA_BLOB label = data_blob_string_const_null("SMB2AESCMAC");
+ const DATA_BLOB context = data_blob_string_const_null("SmbSign");
+
+ smb2_key_derivation(session_key, sizeof(session_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.signing_key.data);
}
- if (!session->smb2.channel_setup) {
- session->smb2.session_key = data_blob_dup_talloc(session,
- session_key);
- if (session->smb2.session_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ session->smb2.encryption_key = data_blob_dup_talloc(session,
+ session->smb2.signing_key);
+ if (session->smb2.encryption_key.data == NULL) {
+ ZERO_STRUCT(session_key);
+ return NT_STATUS_NO_MEMORY;
}
- if (session->smb2.channel_setup) {
- data_blob_free(&session->smb2.signing_key);
- session->smb2.channel_setup = false;
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+ const DATA_BLOB label = data_blob_string_const_null("SMB2AESCCM");
+ const DATA_BLOB context = data_blob_string_const_null("ServerIn ");
+
+ smb2_key_derivation(session_key, sizeof(session_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.encryption_key.data);
}
- if (session->smb2.signing_key.length > 0) {
- return NT_STATUS_OK;
+ session->smb2.decryption_key = data_blob_dup_talloc(session,
+ session->smb2.signing_key);
+ if (session->smb2.decryption_key.data == NULL) {
+ ZERO_STRUCT(session_key);
+ return NT_STATUS_NO_MEMORY;
}
- session->smb2.signing_key = data_blob_dup_talloc(session, signing_key);
- if (session->smb2.signing_key.data == NULL) {
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+ const DATA_BLOB label = data_blob_string_const_null("SMB2AESCCM");
+ const DATA_BLOB context = data_blob_string_const_null("ServerOut");
+
+ smb2_key_derivation(session_key, sizeof(session_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.decryption_key.data);
+ }
+
+ session->smb2.application_key = data_blob_dup_talloc(session,
+ session->smb2.signing_key);
+ if (session->smb2.application_key.data == NULL) {
+ ZERO_STRUCT(session_key);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+ const DATA_BLOB label = data_blob_string_const_null("SMB2APP");
+ const DATA_BLOB context = data_blob_string_const_null("SmbRpc");
+
+ smb2_key_derivation(session_key, sizeof(session_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.application_key.data);
+ }
+ ZERO_STRUCT(session_key);
+
+ session->smb2.channel_signing_key = data_blob_dup_talloc(session,
+ session->smb2.signing_key);
+ if (session->smb2.channel_signing_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
+ session->conn->protocol,
+ recv_iov, 3);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
session->smb2.should_sign = false;
+ session->smb2.should_encrypt = false;
if (conn->desire_signing) {
session->smb2.should_sign = true;
session->smb2.should_sign = true;
}
+ if (session->smb2.session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) {
+ session->smb2.should_encrypt = true;
+ }
+
+ if (conn->protocol < PROTOCOL_SMB2_24) {
+ session->smb2.should_encrypt = false;
+ }
+
+ if (!(conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
+ session->smb2.should_encrypt = false;
+ }
+
+ generate_random_buffer((uint8_t *)&session->smb2.channel_nonce,
+ sizeof(session->smb2.channel_nonce));
+ session->smb2.channel_next = 1;
+
return NT_STATUS_OK;
}
struct smbXcli_session **_session2)
{
struct smbXcli_session *session2;
- uint16_t no_sign_flags;
-
- no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
-
- if (session1->smb2.session_flags & no_sign_flags) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
- if (session1->smb2.session_key.length == 0) {
+ if (session1->smb2.signing_key.length == 0) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- if (session1->smb2.signing_key.length == 0) {
+ if (session1->smb2.channel_next == 0) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
session2->smb2.session_id = session1->smb2.session_id;
session2->smb2.session_flags = session1->smb2.session_flags;
- session2->smb2.session_key = data_blob_dup_talloc(session2,
- session1->smb2.session_key);
- if (session2->smb2.session_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
session2->smb2.signing_key = data_blob_dup_talloc(session2,
session1->smb2.signing_key);
if (session2->smb2.signing_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ session2->smb2.application_key = data_blob_dup_talloc(session2,
+ session1->smb2.application_key);
+ if (session2->smb2.application_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
session2->smb2.should_sign = session1->smb2.should_sign;
- session2->smb2.channel_setup = true;
+ session2->smb2.should_encrypt = session1->smb2.should_encrypt;
+
+ session2->smb2.channel_nonce = session1->smb2.channel_nonce;
+ session2->smb2.channel_nonce += session1->smb2.channel_next;
+ session1->smb2.channel_next++;
+
+ session2->smb2.encryption_key = data_blob_dup_talloc(session2,
+ session1->smb2.encryption_key);
+ if (session2->smb2.encryption_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ session2->smb2.decryption_key = data_blob_dup_talloc(session2,
+ session1->smb2.decryption_key);
+ if (session2->smb2.decryption_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
talloc_set_destructor(session2, smbXcli_session_destructor);
DLIST_ADD_END(conn->sessions, session2, struct smbXcli_session *);
*_session2 = session2;
return NT_STATUS_OK;
}
+
+NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
+ const DATA_BLOB _channel_key,
+ const struct iovec *recv_iov)
+{
+ struct smbXcli_conn *conn = session->conn;
+ uint8_t channel_key[16];
+ NTSTATUS status;
+
+ if (conn == NULL) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ if (session->smb2.channel_signing_key.length != 0) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ ZERO_STRUCT(channel_key);
+ memcpy(channel_key, _channel_key.data,
+ MIN(_channel_key.length, sizeof(channel_key)));
+
+ session->smb2.channel_signing_key = data_blob_talloc(session,
+ channel_key,
+ sizeof(channel_key));
+ if (session->smb2.channel_signing_key.data == NULL) {
+ ZERO_STRUCT(channel_key);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+ const DATA_BLOB label = data_blob_string_const_null("SMB2AESCMAC");
+ const DATA_BLOB context = data_blob_string_const_null("SmbSign");
+
+ smb2_key_derivation(channel_key, sizeof(channel_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.channel_signing_key.data);
+ }
+ ZERO_STRUCT(channel_key);
+
+ status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
+ session->conn->protocol,
+ recv_iov, 3);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx)
+{
+ struct smbXcli_tcon *tcon;
+
+ tcon = talloc_zero(mem_ctx, struct smbXcli_tcon);
+ if (tcon == NULL) {
+ return NULL;
+ }
+
+ return tcon;
+}
+
+uint16_t smb1cli_tcon_current_id(struct smbXcli_tcon *tcon)
+{
+ return tcon->smb1.tcon_id;
+}
+
+void smb1cli_tcon_set_id(struct smbXcli_tcon *tcon, uint16_t tcon_id)
+{
+ tcon->smb1.tcon_id = tcon_id;
+}
+
+bool smb1cli_tcon_set_values(struct smbXcli_tcon *tcon,
+ uint16_t tcon_id,
+ uint16_t optional_support,
+ uint32_t maximal_access,
+ uint32_t guest_maximal_access,
+ const char *service,
+ const char *fs_type)
+{
+ tcon->smb1.tcon_id = tcon_id;
+ tcon->smb1.optional_support = optional_support;
+ tcon->smb1.maximal_access = maximal_access;
+ tcon->smb1.guest_maximal_access = guest_maximal_access;
+
+ TALLOC_FREE(tcon->smb1.service);
+ tcon->smb1.service = talloc_strdup(tcon, service);
+ if (service != NULL && tcon->smb1.service == NULL) {
+ return false;
+ }
+
+ TALLOC_FREE(tcon->smb1.fs_type);
+ tcon->smb1.fs_type = talloc_strdup(tcon, fs_type);
+ if (fs_type != NULL && tcon->smb1.fs_type == NULL) {
+ return false;
+ }
+
+ return true;
+}
+
+uint32_t smb2cli_tcon_current_id(struct smbXcli_tcon *tcon)
+{
+ return tcon->smb2.tcon_id;
+}
+
+void smb2cli_tcon_set_values(struct smbXcli_tcon *tcon,
+ uint32_t tcon_id,
+ uint8_t type,
+ uint32_t flags,
+ uint32_t capabilities,
+ uint32_t maximal_access)
+{
+ tcon->smb2.tcon_id = tcon_id;
+ tcon->smb2.type = type;
+ tcon->smb2.flags = flags;
+ tcon->smb2.capabilities = capabilities;
+ tcon->smb2.maximal_access = maximal_access;
+}