source3/smbd/smb2_sesssetup.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Core SMB2 server
   4
   5    Copyright (C) Stefan Metzmacher 2009
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22 #include "smbd/globals.h"
  23 #include "../source4/libcli/smb2/smb2_constants.h"
  24
  25 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req,
  26                                         uint64_t in_session_id,
  27                                         DATA_BLOB in_security_buffer,
  28                                         DATA_BLOB *out_security_buffer,
  29                                         uint64_t *out_session_id);
  30
  31 NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *req)
  32 {
  33         const uint8_t *inhdr;
  34         const uint8_t *inbody;
  35         int i = req->current_idx;
  36         uint8_t *outhdr;
  37         DATA_BLOB outbody;
  38         DATA_BLOB outdyn;
  39         size_t expected_body_size = 0x19;
  40         size_t body_size;
  41         uint64_t in_session_id;
  42         uint16_t in_security_offset;
  43         uint16_t in_security_length;
  44         DATA_BLOB in_security_buffer;
  45         uint64_t out_session_id;
  46         uint16_t out_security_offset;
  47         DATA_BLOB out_security_buffer;
  48         NTSTATUS status;
  49
  50         inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
  51
  52         if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
  53                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  54         }
  55
  56         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
  57
  58         body_size = SVAL(inbody, 0x00);
  59         if (body_size != expected_body_size) {
  60                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  61         }
  62
  63         in_security_offset = SVAL(inbody, 0x0C);
  64         in_security_length = SVAL(inbody, 0x0E);
  65
  66         if (in_security_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
  67                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  68         }
  69
  70         if (in_security_length > req->in.vector[i+2].iov_len) {
  71                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  72         }
  73
  74         in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
  75         in_security_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
  76         in_security_buffer.length = in_security_length;
  77
  78         status = smbd_smb2_session_setup(req,
  79                                          in_session_id,
  80                                          in_security_buffer,
  81                                          &out_security_buffer,
  82                                          &out_session_id);
  83         if (!NT_STATUS_IS_OK(status) &&
  84             !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
  85                 status = nt_status_squash(status);
  86                 return smbd_smb2_request_error(req, status);
  87         }
  88
  89         out_security_offset = SMB2_HDR_BODY + 0x08;
  90
  91         outhdr = (uint8_t *)req->out.vector[i].iov_base;
  92
  93         outbody = data_blob_talloc(req->out.vector, NULL, 0x08);
  94         if (outbody.data == NULL) {
  95                 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
  96         }
  97
  98         SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id);
  99
 100         SSVAL(outbody.data, 0x00, 0x08 + 1);    /* struct size */
 101         SSVAL(outbody.data, 0x02, 0);           /* session flags */
 102         SSVAL(outbody.data, 0x04,
 103               out_security_offset);             /* security buffer offset */
 104         SSVAL(outbody.data, 0x06,
 105               out_security_buffer.length);      /* security buffer length */
 106
 107         outdyn = out_security_buffer;
 108
 109         return smbd_smb2_request_done_ex(req, status, outbody, &outdyn);
 110 }
 111
 112 static int smbd_smb2_session_destructor(struct smbd_smb2_session *session)
 113 {
 114         if (session->conn == NULL) {
 115                 return 0;
 116         }
 117
 118         /* first free all tcons */
 119         while (session->tcons.list) {
 120                 talloc_free(session->tcons.list);
 121         }
 122
 123         idr_remove(session->conn->smb2.sessions.idtree, session->vuid);
 124         DLIST_REMOVE(session->conn->smb2.sessions.list, session);
 125
 126         session->vuid = 0;
 127         session->status = NT_STATUS_USER_SESSION_DELETED;
 128         session->conn = NULL;
 129
 130         return 0;
 131 }
 132
 133 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req,
 134                                         uint64_t in_session_id,
 135                                         DATA_BLOB in_security_buffer,
 136                                         DATA_BLOB *out_security_buffer,
 137                                         uint64_t *out_session_id)
 138 {
 139         struct smbd_smb2_session *session;
 140         NTSTATUS status;
 141
 142         if (in_session_id == 0) {
 143                 int id;
 144
 145                 /* create a new session */
 146                 session = talloc_zero(req->conn, struct smbd_smb2_session);
 147                 if (session == NULL) {
 148                         return NT_STATUS_NO_MEMORY;
 149                 }
 150                 session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
 151                 id = idr_get_new_random(req->conn->smb2.sessions.idtree,
 152                                         session,
 153                                         req->conn->smb2.sessions.limit);
 154                 if (id == -1) {
 155                         return NT_STATUS_INSUFFICIENT_RESOURCES;
 156                 }
 157                 session->vuid = id;
 158
 159                 session->tcons.idtree = idr_init(session);
 160                 if (session->tcons.idtree == NULL) {
 161                         return NT_STATUS_NO_MEMORY;
 162                 }
 163                 session->tcons.limit = 0x00FFFFFF;
 164                 session->tcons.list = NULL;
 165
 166                 DLIST_ADD_END(req->conn->smb2.sessions.list, session,
 167                               struct smbd_smb2_session *);
 168                 session->conn = req->conn;
 169                 talloc_set_destructor(session, smbd_smb2_session_destructor);
 170         } else {
 171                 void *p;
 172
 173                 /* lookup an existing session */
 174                 p = idr_find(req->conn->smb2.sessions.idtree, in_session_id);
 175                 if (p == NULL) {
 176                         return NT_STATUS_USER_SESSION_DELETED;
 177                 }
 178                 session = talloc_get_type_abort(p, struct smbd_smb2_session);
 179         }
 180
 181         if (NT_STATUS_IS_OK(session->status)) {
 182                 return NT_STATUS_REQUEST_NOT_ACCEPTED;
 183         }
 184
 185         if (session->auth_ntlmssp_state == NULL) {
 186                 status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
 187                 if (!NT_STATUS_IS_OK(status)) {
 188                         return status;
 189                 }
 190         }
 191
 192         status = auth_ntlmssp_update(session->auth_ntlmssp_state,
 193                                      in_security_buffer,
 194                                      out_security_buffer);
 195         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 196                 /* nothing to do */
 197         } else if (NT_STATUS_IS_OK(status)) {
 198                 /* TODO: setup session key for signing */
 199                 session->status = NT_STATUS_OK;
 200                 /*
 201                  * we attach the session to the request
 202                  * so that the response can be signed
 203                  */
 204                 req->session = session;
 205         } else {
 206                 return status;
 207         }
 208
 209         *out_session_id = session->vuid;
 210         return status;
 211 }
 212
 213 NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req)
 214 {
 215         const uint8_t *inhdr;
 216         int i = req->current_idx;
 217         uint64_t in_session_id;
 218         void *p;
 219         struct smbd_smb2_session *session;
 220
 221         inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
 222
 223         in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
 224
 225         /* lookup an existing session */
 226         p = idr_find(req->conn->smb2.sessions.idtree, in_session_id);
 227         if (p == NULL) {
 228                 return NT_STATUS_USER_SESSION_DELETED;
 229         }
 230         session = talloc_get_type_abort(p, struct smbd_smb2_session);
 231
 232         if (!NT_STATUS_IS_OK(session->status)) {
 233                 return NT_STATUS_ACCESS_DENIED;
 234         }
 235
 236         req->session = session;
 237         return NT_STATUS_OK;
 238 }
 239
 240 NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
 241 {
 242         const uint8_t *inbody;
 243         int i = req->current_idx;
 244         DATA_BLOB outbody;
 245         size_t expected_body_size = 0x04;
 246         size_t body_size;
 247
 248         if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
 249                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
 250         }
 251
 252         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
 253
 254         body_size = SVAL(inbody, 0x00);
 255         if (body_size != expected_body_size) {
 256                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
 257         }
 258
 259         /*
 260          * TODO: cancel all outstanding requests on the session
 261          *       and delete all tree connections.
 262          */
 263         smbd_smb2_session_destructor(req->session);
 264         /*
 265          * we may need to sign the response, so we need to keep
 266          * the session until the response is sent to the wire.
 267          */
 268         talloc_steal(req, req->session);
 269
 270         outbody = data_blob_talloc(req->out.vector, NULL, 0x04);
 271         if (outbody.data == NULL) {
 272                 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
 273         }
 274
 275         SSVAL(outbody.data, 0x00, 0x04);        /* struct size */
 276         SSVAL(outbody.data, 0x02, 0);           /* reserved */
 277
 278         return smbd_smb2_request_done(req, outbody, NULL);
 279 }