struct smbXcli_session *sessions;
};
+struct smb2cli_session {
+ uint64_t session_id;
+ uint16_t session_flags;
+ DATA_BLOB application_key;
+ DATA_BLOB signing_key;
+ bool should_sign;
+ bool should_encrypt;
+ DATA_BLOB encryption_key;
+ DATA_BLOB decryption_key;
+ uint64_t nonce_high;
+ uint64_t nonce_low;
+ uint16_t channel_sequence;
+};
+
struct smbXcli_session {
struct smbXcli_session *prev, *next;
struct smbXcli_conn *conn;
struct {
uint16_t session_id;
+ DATA_BLOB application_key;
+ bool protected_key;
} smb1;
+ struct smb2cli_session *smb2;
+
struct {
- uint64_t session_id;
- uint16_t session_flags;
- DATA_BLOB application_key;
DATA_BLOB signing_key;
- bool should_sign;
- bool should_encrypt;
- DATA_BLOB encryption_key;
- DATA_BLOB decryption_key;
- uint64_t channel_nonce;
- uint64_t channel_next;
- DATA_BLOB channel_signing_key;
- } smb2;
+ } smb2_channel;
+
+ /*
+ * this should be a short term hack
+ * until the upper layers have implemented
+ * re-authentication.
+ */
+ bool disconnect_expired;
};
struct smbXcli_tcon {
uint32_t flags;
uint32_t capabilities;
uint32_t maximal_access;
+ bool should_encrypt;
} smb2;
};
*/
struct iovec *recv_iov;
+ /*
+ * the expected max for the response dyn_len
+ */
+ uint32_t max_dyn_len;
+
uint16_t credit_charge;
bool should_sign;
bool should_encrypt;
+ uint64_t encryption_session_id;
bool signing_skipped;
bool notify_async;
status = NT_STATUS_INVALID_PARAMETER_MIX;
goto fail;
}
- ev = tevent_context_init(frame);
+ ev = samba_tevent_context_init(frame);
if (ev == NULL) {
goto fail;
}
return conn->smb1.max_xmit;
}
+bool smb1cli_conn_req_possible(struct smbXcli_conn *conn)
+{
+ size_t pending;
+ uint16_t possible = conn->smb1.server.max_mux;
+
+ pending = tevent_queue_length(conn->outgoing);
+ if (pending >= possible) {
+ return false;
+ }
+ pending += talloc_array_length(conn->pending);
+ if (pending >= possible) {
+ return false;
+ }
+
+ return true;
+}
+
uint32_t smb1cli_conn_server_session_key(struct smbXcli_conn *conn)
{
return conn->smb1.server.session_key;
bool smb1cli_conn_check_signing(struct smbXcli_conn *conn,
const uint8_t *buf, uint32_t seqnum)
{
- return smb_signing_check_pdu(conn->smb1.signing, buf, seqnum);
+ const uint8_t *hdr = buf + NBT_HDR_SIZE;
+ size_t len = smb_len_nbt(buf);
+
+ return smb_signing_check_pdu(conn->smb1.signing, hdr, len, seqnum);
}
bool smb1cli_conn_signing_is_active(struct smbXcli_conn *conn)
size_t num_pending = talloc_array_length(conn->pending);
uint16_t result;
+ if (conn->protocol == PROTOCOL_NONE) {
+ /*
+ * This is what windows sends on the SMB1 Negprot request
+ * and some vendors reuse the SMB1 MID as SMB2 sequence number.
+ */
+ return 0;
+ }
+
while (true) {
size_t i;
void smbXcli_conn_disconnect(struct smbXcli_conn *conn, NTSTATUS status)
{
+ struct smbXcli_session *session;
+
tevent_queue_stop(conn->outgoing);
if (conn->read_fd != -1) {
conn->read_fd = -1;
conn->write_fd = -1;
+ session = conn->sessions;
+ if (talloc_array_length(conn->pending) == 0) {
+ /*
+ * if we do not have pending requests
+ * there is no need to update the channel_sequence
+ */
+ session = NULL;
+ }
+ for (; session; session = session->next) {
+ smb2cli_session_increment_channel_sequence(session);
+ }
+
/*
* Cancel all pending requests. We do not do a for-loop walking
* conn->pending because that array changes in
frame = talloc_stackframe();
- buf = smbXcli_iov_concat(frame, iov, iov_count);
+ buf = smbXcli_iov_concat(frame, &iov[1], iov_count - 1);
if (buf == NULL) {
return NT_STATUS_NO_MEMORY;
}
*seqnum = smb_signing_next_seqnum(conn->smb1.signing,
one_way_seqnum);
- smb_signing_sign_pdu(conn->smb1.signing, buf, *seqnum);
- memcpy(iov[1].iov_base, buf+4, iov[1].iov_len);
+ smb_signing_sign_pdu(conn->smb1.signing,
+ buf, talloc_get_size(buf),
+ *seqnum);
+ memcpy(iov[1].iov_base, buf, iov[1].iov_len);
TALLOC_FREE(frame);
return NT_STATUS_OK;
if (subreq != conn->read_smb_req) {
DEBUG(1, ("Internal error: cli_smb_received called with "
"unexpected subreq\n"));
- status = NT_STATUS_INTERNAL_ERROR;
- smbXcli_conn_disconnect(conn, status);
+ smbXcli_conn_disconnect(conn, NT_STATUS_INTERNAL_ERROR);
TALLOC_FREE(frame);
return;
}
* tevent_req_done().
*/
return;
- } else if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
+ }
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
/*
* We got an error, so notify all pending requests
*/
uint8_t *hdr;
uint8_t cmd;
uint32_t wct_ofs;
+ NTSTATUS status;
+ size_t min_size = MIN_SMB_SIZE;
- buflen = smb_len_nbt(buf);
+ buflen = smb_len_tcp(buf);
taken = 0;
hdr = buf + NBT_HDR_SIZE;
- if (buflen < MIN_SMB_SIZE) {
+ status = smb1cli_pull_raw_error(hdr);
+ if (NT_STATUS_IS_ERR(status)) {
+ /*
+ * This is an ugly hack to support OS/2
+ * which skips the byte_count in the DATA block
+ * on some error responses.
+ *
+ * See bug #9096
+ */
+ min_size -= sizeof(uint16_t);
+ }
+
+ if (buflen < min_size) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
size_t needed;
/*
- * we need at least WCT and BCC
+ * we need at least WCT
*/
- needed = sizeof(uint8_t) + sizeof(uint16_t);
+ needed = sizeof(uint8_t);
if (len < needed) {
DEBUG(10, ("%s: %d bytes left, expected at least %d\n",
__location__, (int)len, (int)needed));
goto inval;
}
+ if ((num_iov == 1) &&
+ (len == needed) &&
+ NT_STATUS_IS_ERR(status))
+ {
+ /*
+ * This is an ugly hack to support OS/2
+ * which skips the byte_count in the DATA block
+ * on some error responses.
+ *
+ * See bug #9096
+ */
+ iov_tmp = talloc_realloc(mem_ctx, iov, struct iovec,
+ num_iov + 2);
+ if (iov_tmp == NULL) {
+ TALLOC_FREE(iov);
+ return NT_STATUS_NO_MEMORY;
+ }
+ iov = iov_tmp;
+ cur = &iov[num_iov];
+ num_iov += 2;
+
+ cur[0].iov_len = 0;
+ cur[0].iov_base = hdr + (wct_ofs + sizeof(uint8_t));
+ cur[1].iov_len = 0;
+ cur[1].iov_base = cur[0].iov_base;
+
+ taken += needed;
+ break;
+ }
+
+ /*
+ * we need at least BCC
+ */
+ needed += sizeof(uint16_t);
+ if (len < needed) {
+ DEBUG(10, ("%s: %d bytes left, expected at least %d\n",
+ __location__, (int)len, (int)needed));
+ goto inval;
+ }
+
/*
* Now we check if the specified bytes are there
*/
uint8_t cmd;
uint16_t mid;
bool oplock_break;
- const uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
+ uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
+ size_t len = smb_len_tcp(inbuf);
struct iovec *iov = NULL;
int num_iov = 0;
struct tevent_req **chain = NULL;
}
}
- state->smb1.recv_iov[0].iov_base = (void *)(inbuf + NBT_HDR_SIZE);
- state->smb1.recv_iov[0].iov_len = smb_len_nbt(inbuf);
+ state->smb1.recv_iov[0].iov_base = (void *)(inhdr);
+ state->smb1.recv_iov[0].iov_len = len;
ZERO_STRUCT(state->smb1.recv_iov[1]);
ZERO_STRUCT(state->smb1.recv_iov[2]);
nt_errstr(status)));
return status;
}
+ inhdr = inbuf + NBT_HDR_SIZE;
+ len = smb_len_nbt(inbuf);
}
mid = SVAL(inhdr, HDR_MID);
/*
* Paranoia checks that this is really an oplock break request.
*/
- oplock_break = (smb_len_nbt(inbuf) == 51); /* hdr + 8 words */
+ oplock_break = (len == 51); /* hdr + 8 words */
oplock_break &= ((CVAL(inhdr, HDR_FLG) & FLAG_REPLY) == 0);
oplock_break &= (CVAL(inhdr, HDR_COM) == SMBlockingX);
oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(6)) == 0);
if (!oplock_break /* oplock breaks are not signed */
&& !smb_signing_check_pdu(conn->smb1.signing,
- inbuf, state->smb1.seqnum+1)) {
+ inhdr, len, state->smb1.seqnum+1)) {
DEBUG(10, ("cli_check_sign_mac failed\n"));
return NT_STATUS_ACCESS_DENIED;
}
cmd = CVAL(inhdr, HDR_COM);
status = smb1cli_pull_raw_error(inhdr);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) &&
+ (state->session != NULL) && state->session->disconnect_expired)
+ {
+ /*
+ * this should be a short term hack
+ * until the upper layers have implemented
+ * re-authentication.
+ */
+ return status;
+ }
+
if (state->smb1.chained_requests == NULL) {
if (num_iov != 3) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
|| (talloc_array_length(conn->pending) != 0));
}
+bool smb2cli_conn_req_possible(struct smbXcli_conn *conn, uint32_t *max_dyn_len)
+{
+ uint16_t credits = 1;
+
+ if (conn->smb2.cur_credits == 0) {
+ if (max_dyn_len != NULL) {
+ *max_dyn_len = 0;
+ }
+ return false;
+ }
+
+ if (conn->smb2.server.capabilities & SMB2_CAP_LARGE_MTU) {
+ credits = conn->smb2.cur_credits;
+ }
+
+ if (max_dyn_len != NULL) {
+ *max_dyn_len = credits * 65536;
+ }
+
+ return true;
+}
+
uint32_t smb2cli_conn_server_capabilities(struct smbXcli_conn *conn)
{
return conn->smb2.server.capabilities;
tevent_req_data(req,
struct smbXcli_req_state);
uint32_t flags = IVAL(state->smb2.hdr, SMB2_HDR_FLAGS);
- uint32_t pid = IVAL(state->smb2.hdr, SMB2_HDR_PID);
uint64_t mid = BVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID);
uint64_t aid = BVAL(state->smb2.hdr, SMB2_HDR_ASYNC_ID);
struct smbXcli_tcon *tcon = state->tcon;
SMB2_OP_CANCEL,
flags, 0,
0, /* timeout */
- pid, tcon, session,
+ tcon, session,
fixed, fixed_len,
- NULL, 0);
+ NULL, 0, 0);
if (subreq == NULL) {
return false;
}
substate = tevent_req_data(subreq, struct smbXcli_req_state);
+ /*
+ * clear everything but the SMB2_HDR_FLAG_ASYNC flag
+ * e.g. if SMB2_HDR_FLAG_CHAINED is set we get INVALID_PARAMETER back
+ */
+ flags &= SMB2_HDR_FLAG_ASYNC;
+
if (flags & SMB2_HDR_FLAG_ASYNC) {
mid = 0;
}
SIVAL(substate->smb2.hdr, SMB2_HDR_FLAGS, flags);
- SIVAL(substate->smb2.hdr, SMB2_HDR_PID, pid);
SBVAL(substate->smb2.hdr, SMB2_HDR_MESSAGE_ID, mid);
SBVAL(substate->smb2.hdr, SMB2_HDR_ASYNC_ID, aid);
uint32_t additional_flags,
uint32_t clear_flags,
uint32_t timeout_msec,
- uint32_t pid,
struct smbXcli_tcon *tcon,
struct smbXcli_session *session,
const uint8_t *fixed,
uint16_t fixed_len,
const uint8_t *dyn,
- uint32_t dyn_len)
+ uint32_t dyn_len,
+ uint32_t max_dyn_len)
{
struct tevent_req *req;
struct smbXcli_req_state *state;
uint32_t flags = 0;
uint32_t tid = 0;
uint64_t uid = 0;
+ bool use_channel_sequence = false;
+ uint16_t channel_sequence = 0;
req = tevent_req_create(mem_ctx, &state,
struct smbXcli_req_state);
state->session = session;
state->tcon = tcon;
+ if (conn->smb2.server.capabilities & SMB2_CAP_PERSISTENT_HANDLES) {
+ use_channel_sequence = true;
+ } else if (conn->smb2.server.capabilities & SMB2_CAP_MULTI_CHANNEL) {
+ use_channel_sequence = true;
+ }
+
if (session) {
- uid = session->smb2.session_id;
+ uid = session->smb2->session_id;
- state->smb2.should_sign = session->smb2.should_sign;
- state->smb2.should_encrypt = session->smb2.should_encrypt;
+ if (use_channel_sequence) {
+ channel_sequence = session->smb2->channel_sequence;
+ }
+
+ state->smb2.should_sign = session->smb2->should_sign;
+ state->smb2.should_encrypt = session->smb2->should_encrypt;
if (cmd == SMB2_OP_SESSSETUP &&
- session->smb2.signing_key.length != 0) {
+ session->smb2->signing_key.length != 0) {
state->smb2.should_sign = true;
}
if (cmd == SMB2_OP_SESSSETUP &&
- session->smb2.channel_signing_key.length == 0) {
+ session->smb2_channel.signing_key.length == 0) {
state->smb2.should_encrypt = false;
}
}
if (tcon) {
tid = tcon->smb2.tcon_id;
- /* TODO: turn on encryption based on the tree connect. */
+ if (tcon->smb2.should_encrypt) {
+ state->smb2.should_encrypt = true;
+ }
}
if (state->smb2.should_encrypt) {
state->smb2.fixed_len = fixed_len;
state->smb2.dyn = dyn;
state->smb2.dyn_len = dyn_len;
+ state->smb2.max_dyn_len = max_dyn_len;
if (state->smb2.should_encrypt) {
SIVAL(state->smb2.transform, SMB2_TF_PROTOCOL_ID, SMB2_TF_MAGIC);
SIVAL(state->smb2.hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
SSVAL(state->smb2.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
SSVAL(state->smb2.hdr, SMB2_HDR_OPCODE, cmd);
+ SSVAL(state->smb2.hdr, SMB2_HDR_CHANNEL_SEQUENCE, channel_sequence);
SIVAL(state->smb2.hdr, SMB2_HDR_FLAGS, flags);
- SIVAL(state->smb2.hdr, SMB2_HDR_PID, pid);
+ SIVAL(state->smb2.hdr, SMB2_HDR_PID, 0); /* reserved */
SIVAL(state->smb2.hdr, SMB2_HDR_TID, tid);
SBVAL(state->smb2.hdr, SMB2_HDR_SESSION_ID, uid);
struct tevent_req *subreq;
struct iovec *iov;
int i, num_iov, nbt_len;
+ int tf_iov = -1;
+ const DATA_BLOB *encryption_key = NULL;
+ uint64_t encryption_session_id = 0;
/*
- * 1 for the nbt length
- * per request: TRANSFORM, HDR, fixed, dyn, padding
+ * 1 for the nbt length, optional TRANSFORM
+ * per request: HDR, fixed, dyn, padding
* -1 because the last one does not need padding
*/
- iov = talloc_array(reqs[0], struct iovec, 1 + 5*num_reqs - 1);
+ iov = talloc_array(reqs[0], struct iovec, 1 + 1 + 4*num_reqs - 1);
if (iov == NULL) {
return NT_STATUS_NO_MEMORY;
}
num_iov = 1;
nbt_len = 0;
+ /*
+ * the session of the first request that requires encryption
+ * specifies the encryption key.
+ */
+ for (i=0; i<num_reqs; i++) {
+ if (!tevent_req_is_in_progress(reqs[i])) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ state = tevent_req_data(reqs[i], struct smbXcli_req_state);
+
+ if (!smbXcli_conn_is_connected(state->conn)) {
+ return NT_STATUS_CONNECTION_DISCONNECTED;
+ }
+
+ if ((state->conn->protocol != PROTOCOL_NONE) &&
+ (state->conn->protocol < PROTOCOL_SMB2_02)) {
+ return NT_STATUS_REVISION_MISMATCH;
+ }
+
+ if (state->session == NULL) {
+ continue;
+ }
+
+ if (!state->smb2.should_encrypt) {
+ continue;
+ }
+
+ encryption_key = &state->session->smb2->encryption_key;
+ if (encryption_key->length == 0) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ encryption_session_id = state->session->smb2->session_id;
+
+ tf_iov = num_iov;
+ iov[num_iov].iov_base = state->smb2.transform;
+ iov[num_iov].iov_len = sizeof(state->smb2.transform);
+ num_iov += 1;
+
+ SBVAL(state->smb2.transform, SMB2_TF_PROTOCOL_ID, SMB2_TF_MAGIC);
+ SBVAL(state->smb2.transform, SMB2_TF_NONCE,
+ state->session->smb2->nonce_low);
+ SBVAL(state->smb2.transform, SMB2_TF_NONCE+8,
+ state->session->smb2->nonce_high);
+ SBVAL(state->smb2.transform, SMB2_TF_SESSION_ID,
+ encryption_session_id);
+
+ state->session->smb2->nonce_low += 1;
+ if (state->session->smb2->nonce_low == 0) {
+ state->session->smb2->nonce_high += 1;
+ state->session->smb2->nonce_low += 1;
+ }
+
+ nbt_len += SMB2_TF_HDR_SIZE;
+ break;
+ }
+
for (i=0; i<num_reqs; i++) {
- int tf_iov;
int hdr_iov;
size_t reqlen;
bool ret;
uint16_t credits;
uint64_t mid;
const DATA_BLOB *signing_key = NULL;
- const DATA_BLOB *encryption_key = NULL;
if (!tevent_req_is_in_progress(reqs[i])) {
return NT_STATUS_INTERNAL_ERROR;
}
if (state->conn->smb2.server.capabilities & SMB2_CAP_LARGE_MTU) {
- charge = (MAX(state->smb2.dyn_len, 1) - 1)/ 65536 + 1;
+ uint32_t max_dyn_len = 1;
+
+ max_dyn_len = MAX(max_dyn_len, state->smb2.dyn_len);
+ max_dyn_len = MAX(max_dyn_len, state->smb2.max_dyn_len);
+
+ charge = (max_dyn_len - 1)/ 65536 + 1;
} else {
charge = 1;
}
SBVAL(state->smb2.hdr, SMB2_HDR_MESSAGE_ID, mid);
skip_credits:
- if (state->session) {
+ if (state->session && encryption_key == NULL) {
/*
* We prefer the channel signing key if it is
* already there.
*/
if (state->smb2.should_sign) {
- signing_key = &state->session->smb2.channel_signing_key;
+ signing_key = &state->session->smb2_channel.signing_key;
}
/*
* signing key and try that one.
*/
if (signing_key && signing_key->length == 0) {
- signing_key = &state->session->smb2.signing_key;
+ signing_key = &state->session->smb2->signing_key;
}
/*
if (signing_key && signing_key->length == 0) {
signing_key = NULL;
}
-
- if (state->smb2.should_encrypt) {
- encryption_key = &state->session->smb2.encryption_key;
- }
- }
-
- if (encryption_key) {
- tf_iov = num_iov;
- iov[num_iov].iov_base = state->smb2.transform;
- iov[num_iov].iov_len = sizeof(state->smb2.transform);
- num_iov += 1;
}
hdr_iov = num_iov;
SIVAL(state->smb2.hdr, SMB2_HDR_NEXT_COMMAND, reqlen);
}
- if (encryption_key) {
- NTSTATUS status;
- uint8_t *buf;
- int vi;
-
- SBVAL(state->smb2.transform, SMB2_TF_NONCE, mid);
- SBVAL(state->smb2.transform, SMB2_TF_NONCE+8,
- state->session->smb2.channel_nonce);
- SBVAL(state->smb2.transform, SMB2_TF_MSG_SIZE,
- reqlen);
-
- buf = talloc_array(iov, uint8_t, reqlen);
- if (buf == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- reqlen += SMB2_TF_HDR_SIZE;
+ state->smb2.encryption_session_id = encryption_session_id;
- /*
- * We copy the buffers before encrypting them,
- * this is at least currently needed for the
- * to keep state->smb2.hdr.
- *
- * Also the callers may expect there buffers
- * to be const.
- */
- for (vi = hdr_iov; vi < num_iov; vi++) {
- struct iovec *v = &iov[vi];
- const uint8_t *o = (const uint8_t *)v->iov_base;
-
- memcpy(buf, o, v->iov_len);
- v->iov_base = (void *)buf;
- buf += v->iov_len;
- }
-
- status = smb2_signing_encrypt_pdu(*encryption_key,
- state->session->conn->protocol,
- &iov[tf_iov], num_iov - tf_iov);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- } else if (signing_key) {
+ if (signing_key != NULL) {
NTSTATUS status;
status = smb2_signing_sign_pdu(*signing_key,
iov[0].iov_base = state->length_hdr;
iov[0].iov_len = sizeof(state->length_hdr);
+ if (encryption_key != NULL) {
+ NTSTATUS status;
+ size_t buflen = nbt_len - SMB2_TF_HDR_SIZE;
+ uint8_t *buf;
+ int vi;
+
+ buf = talloc_array(iov, uint8_t, buflen);
+ if (buf == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /*
+ * We copy the buffers before encrypting them,
+ * this is at least currently needed for the
+ * to keep state->smb2.hdr.
+ *
+ * Also the callers may expect there buffers
+ * to be const.
+ */
+ for (vi = tf_iov + 1; vi < num_iov; vi++) {
+ struct iovec *v = &iov[vi];
+ const uint8_t *o = (const uint8_t *)v->iov_base;
+
+ memcpy(buf, o, v->iov_len);
+ v->iov_base = (void *)buf;
+ buf += v->iov_len;
+ }
+
+ status = smb2_signing_encrypt_pdu(*encryption_key,
+ state->conn->protocol,
+ &iov[tf_iov], num_iov - tf_iov);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
if (state->conn->dispatch_incoming == NULL) {
state->conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
}
uint32_t additional_flags,
uint32_t clear_flags,
uint32_t timeout_msec,
- uint32_t pid,
struct smbXcli_tcon *tcon,
struct smbXcli_session *session,
const uint8_t *fixed,
uint16_t fixed_len,
const uint8_t *dyn,
- uint32_t dyn_len)
+ uint32_t dyn_len,
+ uint32_t max_dyn_len)
{
struct tevent_req *req;
NTSTATUS status;
req = smb2cli_req_create(mem_ctx, ev, conn, cmd,
additional_flags, clear_flags,
timeout_msec,
- pid, tcon, session,
- fixed, fixed_len, dyn, dyn_len);
+ tcon, session,
+ fixed, fixed_len,
+ dyn, dyn_len,
+ max_dyn_len);
if (req == NULL) {
return NULL;
}
int num_iov = 0;
size_t taken = 0;
uint8_t *first_hdr = buf;
+ size_t verified_buflen = 0;
+ uint8_t *tf = NULL;
+ size_t tf_len = 0;
iov = talloc_array(mem_ctx, struct iovec, num_iov);
if (iov == NULL) {
}
while (taken < buflen) {
- uint8_t *tf = NULL;
- size_t tf_len = 0;
size_t len = buflen - taken;
uint8_t *hdr = first_hdr + taken;
struct iovec *cur;
uint16_t body_size;
struct iovec *iov_tmp;
+ if (verified_buflen > taken) {
+ len = verified_buflen - taken;
+ } else {
+ tf = NULL;
+ tf_len = 0;
+ }
+
if (len < 4) {
DEBUG(10, ("%d bytes left, expected at least %d\n",
(int)len, 4));
struct smbXcli_session *s;
uint64_t uid;
struct iovec tf_iov[2];
+ size_t enc_len;
NTSTATUS status;
if (len < SMB2_TF_HDR_SIZE) {
taken += tf_len;
hdr = first_hdr + taken;
- len = IVAL(tf, SMB2_TF_MSG_SIZE);
+ enc_len = IVAL(tf, SMB2_TF_MSG_SIZE);
uid = BVAL(tf, SMB2_TF_SESSION_ID);
+ if (len < SMB2_TF_HDR_SIZE + enc_len) {
+ DEBUG(10, ("%d bytes left, expected at least %d\n",
+ (int)len,
+ (int)(SMB2_TF_HDR_SIZE + enc_len)));
+ goto inval;
+ }
+
s = conn->sessions;
for (; s; s = s->next) {
- if (s->smb2.session_id != uid) {
+ if (s->smb2->session_id != uid) {
continue;
}
break;
tf_iov[0].iov_base = (void *)tf;
tf_iov[0].iov_len = tf_len;
tf_iov[1].iov_base = (void *)hdr;
- tf_iov[1].iov_len = len;
+ tf_iov[1].iov_len = enc_len;
- status = smb2_signing_decrypt_pdu(s->smb2.decryption_key,
+ status = smb2_signing_decrypt_pdu(s->smb2->decryption_key,
conn->protocol,
tf_iov, 2);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(iov);
return status;
}
+
+ verified_buflen = taken + enc_len;
+ len = enc_len;
}
/*
if (next_command_ofs > full_size) {
goto inval;
}
- if (tf && next_command_ofs < len) {
- goto inval;
- }
full_size = next_command_ofs;
}
if (body_size < 2) {
uint32_t new_credits;
struct smbXcli_session *session = NULL;
const DATA_BLOB *signing_key = NULL;
+ bool was_encrypted = false;
new_credits = conn->smb2.cur_credits;
new_credits += credits;
s = state->conn->sessions;
for (; s; s = s->next) {
- if (s->smb2.session_id != uid) {
+ if (s->smb2->session_id != uid) {
continue;
}
}
last_session = session;
- signing_key = &session->smb2.channel_signing_key;
+ signing_key = &session->smb2_channel.signing_key;
}
if (opcode == SMB2_OP_SESSSETUP) {
*/
if (signing_key && signing_key->length == 0 &&
!NT_STATUS_IS_OK(status)) {
- signing_key = &session->smb2.signing_key;
+ signing_key = &session->smb2->signing_key;
}
if (signing_key && signing_key->length == 0) {
}
}
+ if (cur[0].iov_len == SMB2_TF_HDR_SIZE) {
+ const uint8_t *tf = (const uint8_t *)cur[0].iov_base;
+ uint64_t uid = BVAL(tf, SMB2_TF_SESSION_ID);
+
+ /*
+ * If the response was encrypted in a SMB2_TRANSFORM
+ * pdu, which belongs to the correct session,
+ * we do not need to do signing checks
+ *
+ * It could be the session the response belongs to
+ * or the session that was used to encrypt the
+ * SMB2_TRANSFORM request.
+ */
+ if ((session && session->smb2->session_id == uid) ||
+ (state->smb2.encryption_session_id == uid)) {
+ signing_key = NULL;
+ was_encrypted = true;
+ }
+ }
+
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
/*
* if the server returns NT_STATUS_USER_SESSION_DELETED
* propagate the NT_STATUS_USER_SESSION_DELETED
* status to the caller.
*/
+ state->smb2.signing_skipped = true;
signing_key = NULL;
- } else if (state->smb2.should_encrypt) {
- if (cur[0].iov_len != SMB2_TF_HDR_SIZE) {
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+ /*
+ * if the server returns
+ * NT_STATUS_INVALID_PARAMETER
+ * the response might not be encrypted.
+ */
+ if (state->smb2.should_encrypt && !was_encrypted) {
+ state->smb2.signing_skipped = true;
+ signing_key = NULL;
+ }
+ }
+
+ if (state->smb2.should_encrypt && !was_encrypted) {
+ if (!state->smb2.signing_skipped) {
return NT_STATUS_ACCESS_DENIED;
}
}
}
}
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) &&
+ (session != NULL) && session->disconnect_expired)
+ {
+ /*
+ * this should be a short term hack
+ * until the upper layers have implemented
+ * re-authentication.
+ */
+ return status;
+ }
+
smbXcli_req_unset_pending(req);
/*
{PROTOCOL_SMB2_22, SMB2_DIALECT_REVISION_222},
{PROTOCOL_SMB2_24, SMB2_DIALECT_REVISION_224},
{PROTOCOL_SMB3_00, SMB3_DIALECT_REVISION_300},
+ {PROTOCOL_SMB3_02, SMB3_DIALECT_REVISION_302},
};
struct smbXcli_negprot_state {
if (server_security_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
server_signing = "supported";
server_allowed = true;
+ } else if (conn->mandatory_signing) {
+ /*
+ * We have mandatory signing as client
+ * lets assume the server will look at our
+ * FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED
+ * flag in the session setup
+ */
+ server_signing = "not announced";
+ server_allowed = true;
}
if (server_security_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
server_signing = "required";
state->conn, SMB2_OP_NEGPROT,
0, 0, /* flags */
state->timeout_msec,
- 0xFEFF, NULL, NULL, /* pid, tcon, session */
+ NULL, NULL, /* tcon, session */
state->smb2.fixed, sizeof(state->smb2.fixed),
- state->smb2.dyn, dialect_count*2);
+ state->smb2.dyn, dialect_count*2,
+ UINT16_MAX); /* max_dyn_len */
}
static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
/*
* we got an SMB2 answer, which consumed sequence number 0
- * so we need to use 1 as the next one
+ * so we need to use 1 as the next one.
+ *
+ * we also need to set the current credits to 0
+ * as we consumed the initial one. The SMB2 answer
+ * hopefully grant us a new credit.
*/
conn->smb2.mid = 1;
+ conn->smb2.cur_credits = 0;
tevent_req_set_callback(subreq, smbXcli_negprot_smb2_done, req);
conn->dispatch_incoming = smb2cli_conn_dispatch_incoming;
return smb2cli_conn_dispatch_incoming(conn, tmp_mem, inbuf);
status = NT_STATUS_INVALID_PARAMETER_MIX;
goto fail;
}
- ev = tevent_context_init(frame);
+ ev = samba_tevent_context_init(frame);
if (ev == NULL) {
goto fail;
}
if (session == NULL) {
return NULL;
}
+ session->smb2 = talloc_zero(session, struct smb2cli_session);
+ if (session->smb2 == NULL) {
+ talloc_free(session);
+ return NULL;
+ }
talloc_set_destructor(session, smbXcli_session_destructor);
DLIST_ADD_END(conn->sessions, session, struct smbXcli_session *);
return session;
}
+struct smbXcli_session *smbXcli_session_copy(TALLOC_CTX *mem_ctx,
+ struct smbXcli_session *src)
+{
+ struct smbXcli_session *session;
+
+ session = talloc_zero(mem_ctx, struct smbXcli_session);
+ if (session == NULL) {
+ return NULL;
+ }
+ session->smb2 = talloc_zero(session, struct smb2cli_session);
+ if (session->smb2 == NULL) {
+ talloc_free(session);
+ return NULL;
+ }
+
+ session->conn = src->conn;
+ *session->smb2 = *src->smb2;
+ session->smb2_channel = src->smb2_channel;
+ session->disconnect_expired = src->disconnect_expired;
+
+ DLIST_ADD_END(src->conn->sessions, session, struct smbXcli_session *);
+ talloc_set_destructor(session, smbXcli_session_destructor);
+
+ return session;
+}
+
+
+NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *key)
+{
+ const DATA_BLOB *application_key;
+
+ *key = data_blob_null;
+
+ if (session->conn == NULL) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+
+ if (session->conn->protocol >= PROTOCOL_SMB2_02) {
+ application_key = &session->smb2->application_key;
+ } else {
+ application_key = &session->smb1.application_key;
+ }
+
+ if (application_key->length == 0) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+
+ *key = data_blob_dup_talloc(mem_ctx, *application_key);
+ if (key->data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return NT_STATUS_OK;
+}
+
+void smbXcli_session_set_disconnect_expired(struct smbXcli_session *session)
+{
+ session->disconnect_expired = true;
+}
+
uint16_t smb1cli_session_current_id(struct smbXcli_session *session)
{
return session->smb1.session_id;
session->smb1.session_id = session_id;
}
+NTSTATUS smb1cli_session_set_session_key(struct smbXcli_session *session,
+ const DATA_BLOB _session_key)
+{
+ struct smbXcli_conn *conn = session->conn;
+ uint8_t session_key[16];
+
+ if (conn == NULL) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ if (session->smb1.application_key.length != 0) {
+ /*
+ * TODO: do not allow this...
+ *
+ * return NT_STATUS_INVALID_PARAMETER_MIX;
+ */
+ data_blob_clear_free(&session->smb1.application_key);
+ session->smb1.protected_key = false;
+ }
+
+ if (_session_key.length == 0) {
+ return NT_STATUS_OK;
+ }
+
+ ZERO_STRUCT(session_key);
+ memcpy(session_key, _session_key.data,
+ MIN(_session_key.length, sizeof(session_key)));
+
+ session->smb1.application_key = data_blob_talloc(session,
+ session_key,
+ sizeof(session_key));
+ ZERO_STRUCT(session_key);
+ if (session->smb1.application_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ session->smb1.protected_key = false;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS smb1cli_session_protect_session_key(struct smbXcli_session *session)
+{
+ if (session->smb1.protected_key) {
+ /* already protected */
+ return NT_STATUS_OK;
+ }
+
+ if (session->smb1.application_key.length != 16) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ smb_key_derivation(session->smb1.application_key.data,
+ session->smb1.application_key.length,
+ session->smb1.application_key.data);
+
+ session->smb1.protected_key = true;
+
+ return NT_STATUS_OK;
+}
+
uint8_t smb2cli_session_security_mode(struct smbXcli_session *session)
{
struct smbXcli_conn *conn = session->conn;
uint64_t smb2cli_session_current_id(struct smbXcli_session *session)
{
- return session->smb2.session_id;
+ return session->smb2->session_id;
}
uint16_t smb2cli_session_get_flags(struct smbXcli_session *session)
{
- return session->smb2.session_flags;
-}
-
-NTSTATUS smb2cli_session_application_key(struct smbXcli_session *session,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *key)
-{
- *key = data_blob_null;
-
- if (session->smb2.application_key.length == 0) {
- return NT_STATUS_NO_USER_SESSION_KEY;
- }
-
- *key = data_blob_dup_talloc(mem_ctx, session->smb2.application_key);
- if (key->data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
+ return session->smb2->session_flags;
}
void smb2cli_session_set_id_and_flags(struct smbXcli_session *session,
uint64_t session_id,
uint16_t session_flags)
{
- session->smb2.session_id = session_id;
- session->smb2.session_flags = session_flags;
+ session->smb2->session_id = session_id;
+ session->smb2->session_flags = session_flags;
+}
+
+void smb2cli_session_increment_channel_sequence(struct smbXcli_session *session)
+{
+ session->smb2->channel_sequence += 1;
}
NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
- if (session->smb2.session_flags & no_sign_flags) {
- session->smb2.should_sign = false;
+ if (session->smb2->session_flags & no_sign_flags) {
+ session->smb2->should_sign = false;
return NT_STATUS_OK;
}
- if (session->smb2.signing_key.length != 0) {
+ if (session->smb2->signing_key.length != 0) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
memcpy(session_key, _session_key.data,
MIN(_session_key.length, sizeof(session_key)));
- session->smb2.signing_key = data_blob_talloc(session,
+ session->smb2->signing_key = data_blob_talloc(session,
session_key,
sizeof(session_key));
- if (session->smb2.signing_key.data == NULL) {
+ if (session->smb2->signing_key.data == NULL) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(session_key, sizeof(session_key),
label.data, label.length,
context.data, context.length,
- session->smb2.signing_key.data);
+ session->smb2->signing_key.data);
}
- session->smb2.encryption_key = data_blob_dup_talloc(session,
- session->smb2.signing_key);
- if (session->smb2.encryption_key.data == NULL) {
+ session->smb2->encryption_key = data_blob_dup_talloc(session,
+ session->smb2->signing_key);
+ if (session->smb2->encryption_key.data == NULL) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(session_key, sizeof(session_key),
label.data, label.length,
context.data, context.length,
- session->smb2.encryption_key.data);
+ session->smb2->encryption_key.data);
}
- session->smb2.decryption_key = data_blob_dup_talloc(session,
- session->smb2.signing_key);
- if (session->smb2.decryption_key.data == NULL) {
+ session->smb2->decryption_key = data_blob_dup_talloc(session,
+ session->smb2->signing_key);
+ if (session->smb2->decryption_key.data == NULL) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(session_key, sizeof(session_key),
label.data, label.length,
context.data, context.length,
- session->smb2.decryption_key.data);
+ session->smb2->decryption_key.data);
}
- session->smb2.application_key = data_blob_dup_talloc(session,
- session->smb2.signing_key);
- if (session->smb2.application_key.data == NULL) {
+ session->smb2->application_key = data_blob_dup_talloc(session,
+ session->smb2->signing_key);
+ if (session->smb2->application_key.data == NULL) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(session_key, sizeof(session_key),
label.data, label.length,
context.data, context.length,
- session->smb2.application_key.data);
+ session->smb2->application_key.data);
}
ZERO_STRUCT(session_key);
- session->smb2.channel_signing_key = data_blob_dup_talloc(session,
- session->smb2.signing_key);
- if (session->smb2.channel_signing_key.data == NULL) {
+ session->smb2_channel.signing_key = data_blob_dup_talloc(session,
+ session->smb2->signing_key);
+ if (session->smb2_channel.signing_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
- status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
+ status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
session->conn->protocol,
recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ /*
+ * Sadly some vendors don't sign the
+ * final SMB2 session setup response
+ *
+ * At least Windows and Samba are always doing this
+ * if there's a session key available.
+ */
+ if (conn->mandatory_signing) {
+ return status;
+ }
}
- session->smb2.should_sign = false;
- session->smb2.should_encrypt = false;
+ session->smb2->should_sign = false;
+ session->smb2->should_encrypt = false;
if (conn->desire_signing) {
- session->smb2.should_sign = true;
+ session->smb2->should_sign = true;
}
if (conn->smb2.server.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
- session->smb2.should_sign = true;
+ session->smb2->should_sign = true;
}
- if (session->smb2.session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) {
- session->smb2.should_encrypt = true;
+ if (session->smb2->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) {
+ session->smb2->should_encrypt = true;
}
if (conn->protocol < PROTOCOL_SMB2_24) {
- session->smb2.should_encrypt = false;
+ session->smb2->should_encrypt = false;
}
if (!(conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
- session->smb2.should_encrypt = false;
+ session->smb2->should_encrypt = false;
}
- generate_random_buffer((uint8_t *)&session->smb2.channel_nonce,
- sizeof(session->smb2.channel_nonce));
- session->smb2.channel_next = 1;
+ generate_random_buffer((uint8_t *)&session->smb2->nonce_high,
+ sizeof(session->smb2->nonce_high));
+ session->smb2->nonce_low = 1;
return NT_STATUS_OK;
}
{
struct smbXcli_session *session2;
- if (session1->smb2.signing_key.length == 0) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
-
- if (session1->smb2.channel_next == 0) {
+ if (session1->smb2->signing_key.length == 0) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
if (session2 == NULL) {
return NT_STATUS_NO_MEMORY;
}
- session2->smb2.session_id = session1->smb2.session_id;
- session2->smb2.session_flags = session1->smb2.session_flags;
-
- session2->smb2.signing_key = data_blob_dup_talloc(session2,
- session1->smb2.signing_key);
- if (session2->smb2.signing_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- session2->smb2.application_key = data_blob_dup_talloc(session2,
- session1->smb2.application_key);
- if (session2->smb2.application_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- session2->smb2.should_sign = session1->smb2.should_sign;
- session2->smb2.should_encrypt = session1->smb2.should_encrypt;
-
- session2->smb2.channel_nonce = session1->smb2.channel_nonce;
- session2->smb2.channel_nonce += session1->smb2.channel_next;
- session1->smb2.channel_next++;
-
- session2->smb2.encryption_key = data_blob_dup_talloc(session2,
- session1->smb2.encryption_key);
- if (session2->smb2.encryption_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- session2->smb2.decryption_key = data_blob_dup_talloc(session2,
- session1->smb2.decryption_key);
- if (session2->smb2.decryption_key.data == NULL) {
+ session2->smb2 = talloc_reference(session2, session1->smb2);
+ if (session2->smb2 == NULL) {
+ talloc_free(session2);
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- if (session->smb2.channel_signing_key.length != 0) {
+ if (session->smb2_channel.signing_key.length != 0) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
memcpy(channel_key, _channel_key.data,
MIN(_channel_key.length, sizeof(channel_key)));
- session->smb2.channel_signing_key = data_blob_talloc(session,
+ session->smb2_channel.signing_key = data_blob_talloc(session,
channel_key,
sizeof(channel_key));
- if (session->smb2.channel_signing_key.data == NULL) {
+ if (session->smb2_channel.signing_key.data == NULL) {
ZERO_STRUCT(channel_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(channel_key, sizeof(channel_key),
label.data, label.length,
context.data, context.length,
- session->smb2.channel_signing_key.data);
+ session->smb2_channel.signing_key.data);
}
ZERO_STRUCT(channel_key);
- status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
+ status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
session->conn->protocol,
recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_OK;
}
+NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
+{
+ if (session->smb2->should_encrypt) {
+ return NT_STATUS_OK;
+ }
+
+ if (session->conn->protocol < PROTOCOL_SMB2_24) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ if (!(session->conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ if (session->smb2->signing_key.data == NULL) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+ session->smb2->should_encrypt = true;
+ return NT_STATUS_OK;
+}
+
struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx)
{
struct smbXcli_tcon *tcon;
}
void smb2cli_tcon_set_values(struct smbXcli_tcon *tcon,
+ struct smbXcli_session *session,
uint32_t tcon_id,
uint8_t type,
uint32_t flags,
tcon->smb2.flags = flags;
tcon->smb2.capabilities = capabilities;
tcon->smb2.maximal_access = maximal_access;
+
+ tcon->smb2.should_encrypt = false;
+
+ if (session == NULL) {
+ return;
+ }
+
+ tcon->smb2.should_encrypt = session->smb2->should_encrypt;
+
+ if (flags & SMB2_SHAREFLAG_ENCRYPT_DATA) {
+ tcon->smb2.should_encrypt = true;
+ }
}