source/smb_server/smb/sesssetup.c

   1
   2 /*
   3    Unix SMB/CIFS implementation.
   4    handle SMBsessionsetup
   5    Copyright (C) Andrew Tridgell                      1998-2001
   6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
   7    Copyright (C) Jim McDonough                        2002
   8    Copyright (C) Luke Howard                          2003
   9    Copyright (C) Stefan Metzmacher                    2005
  10
  11    This program is free software; you can redistribute it and/or modify
  12    it under the terms of the GNU General Public License as published by
  13    the Free Software Foundation; either version 3 of the License, or
  14    (at your option) any later version.
  15
  16    This program is distributed in the hope that it will be useful,
  17    but WITHOUT ANY WARRANTY; without even the implied warranty of
  18    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19    GNU General Public License for more details.
  20
  21    You should have received a copy of the GNU General Public License
  22    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  23 */
  24
  25 #include "includes.h"
  26 #include "version.h"
  27 #include "auth/credentials/credentials.h"
  28 #include "auth/gensec/gensec.h"
  29 #include "auth/auth.h"
  30 #include "smb_server/smb_server.h"
  31 #include "smbd/service_stream.h"
  32 #include "librpc/gen_ndr/nbt.h"
  33
  34 /*
  35   setup the OS, Lanman and domain portions of a session setup reply
  36 */
  37 static void sesssetup_common_strings(struct smbsrv_request *req,
  38                                      char **os, char **lanman, char **domain)
  39 {
  40         (*os) = talloc_asprintf(req, "Unix");
  41         (*lanman) = talloc_asprintf(req, "Samba %s", SAMBA_VERSION_STRING);
  42         (*domain) = talloc_asprintf(req, "%s", lp_workgroup());
  43 }
  44
  45 static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req,
  46                                           union smb_sesssetup *sess,
  47                                           NTSTATUS status)
  48 {
  49         if (NT_STATUS_IS_OK(status)) {
  50                 req->smb_conn->negotiate.done_sesssetup = True;
  51                 /* we need to keep the session long term */
  52                 req->session = talloc_steal(req->smb_conn, req->session);
  53         }
  54         smbsrv_reply_sesssetup_send(req, sess, status);
  55 }
  56
  57 static void sesssetup_old_send(struct auth_check_password_request *areq,
  58                                void *private_data)
  59 {
  60         struct smbsrv_request *req = talloc_get_type(private_data, struct smbsrv_request);
  61         union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
  62         struct auth_serversupplied_info *server_info = NULL;
  63         struct auth_session_info *session_info;
  64         struct smbsrv_session *smb_sess;
  65         NTSTATUS status;
  66
  67         status = auth_check_password_recv(areq, req, &server_info);
  68         if (!NT_STATUS_IS_OK(status)) goto failed;
  69
  70         /* This references server_info into session_info */
  71         status = auth_generate_session_info(req, server_info, &session_info);
  72         if (!NT_STATUS_IS_OK(status)) goto failed;
  73
  74         /* allocate a new session */
  75         smb_sess = smbsrv_session_new(req->smb_conn, req, NULL);
  76         if (!smb_sess) {
  77                 status = NT_STATUS_INSUFFICIENT_RESOURCES;
  78                 goto failed;
  79         }
  80
  81         /* Ensure this is marked as a 'real' vuid, not one
  82          * simply valid for the session setup leg */
  83         status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
  84         if (!NT_STATUS_IS_OK(status)) goto failed;
  85
  86         /* To correctly process any AndX packet (like a tree connect)
  87          * we need to fill in the session on the request here */
  88         req->session = smb_sess;
  89         sess->old.out.vuid = smb_sess->vuid;
  90
  91 failed:
  92         status = auth_nt_status_squash(status);
  93         smbsrv_sesssetup_backend_send(req, sess, status);
  94 }
  95
  96 /*
  97   handler for old style session setup
  98 */
  99 static void sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess)
 100 {
 101         struct auth_usersupplied_info *user_info = NULL;
 102         struct socket_address *remote_address;
 103         const char *remote_machine = NULL;
 104
 105         sess->old.out.vuid = 0;
 106         sess->old.out.action = 0;
 107
 108         sesssetup_common_strings(req,
 109                                  &sess->old.out.os,
 110                                  &sess->old.out.lanman,
 111                                  &sess->old.out.domain);
 112
 113         if (!req->smb_conn->negotiate.done_sesssetup) {
 114                 req->smb_conn->negotiate.max_send = sess->old.in.bufsize;
 115         }
 116
 117         if (req->smb_conn->negotiate.calling_name) {
 118                 remote_machine = req->smb_conn->negotiate.calling_name->name;
 119         }
 120
 121         remote_address = socket_get_peer_addr(req->smb_conn->connection->socket, req);
 122         if (!remote_address) goto nomem;
 123
 124         if (!remote_machine) {
 125                 remote_machine = remote_address->addr;
 126         }
 127
 128         user_info = talloc(req, struct auth_usersupplied_info);
 129         if (!user_info) goto nomem;
 130
 131         user_info->mapped_state = False;
 132         user_info->logon_parameters = 0;
 133         user_info->flags = 0;
 134         user_info->client.account_name = sess->old.in.user;
 135         user_info->client.domain_name = sess->old.in.domain;
 136         user_info->workstation_name = remote_machine;
 137         user_info->remote_host = talloc_steal(user_info, remote_address);
 138
 139         user_info->password_state = AUTH_PASSWORD_RESPONSE;
 140         user_info->password.response.lanman = sess->old.in.password;
 141         user_info->password.response.lanman.data = talloc_steal(user_info, sess->old.in.password.data);
 142         user_info->password.response.nt = data_blob(NULL, 0);
 143
 144         auth_check_password_send(req->smb_conn->negotiate.auth_context, user_info,
 145                                  sesssetup_old_send, req);
 146         return;
 147
 148 nomem:
 149         smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_NO_MEMORY);
 150 }
 151
 152 static void sesssetup_nt1_send(struct auth_check_password_request *areq,
 153                                void *private_data)
 154 {
 155         struct smbsrv_request *req = talloc_get_type(private_data, struct smbsrv_request);
 156         union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
 157         struct auth_serversupplied_info *server_info = NULL;
 158         struct auth_session_info *session_info;
 159         struct smbsrv_session *smb_sess;
 160         NTSTATUS status;
 161
 162         status = auth_check_password_recv(areq, req, &server_info);
 163         if (!NT_STATUS_IS_OK(status)) goto failed;
 164
 165         /* This references server_info into session_info */
 166         status = auth_generate_session_info(req, server_info, &session_info);
 167         if (!NT_STATUS_IS_OK(status)) goto failed;
 168
 169         /* allocate a new session */
 170         smb_sess = smbsrv_session_new(req->smb_conn, req, NULL);
 171         if (!smb_sess) {
 172                 status = NT_STATUS_INSUFFICIENT_RESOURCES;
 173                 goto failed;
 174         }
 175
 176         /* Ensure this is marked as a 'real' vuid, not one
 177          * simply valid for the session setup leg */
 178         status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
 179         if (!NT_STATUS_IS_OK(status)) goto failed;
 180
 181         /* To correctly process any AndX packet (like a tree connect)
 182          * we need to fill in the session on the request here */
 183         req->session = smb_sess;
 184         sess->nt1.out.vuid = smb_sess->vuid;
 185
 186         if (!session_info->server_info->authenticated) {
 187                 /* don't try signing as anonymous */
 188                 goto done;
 189         }
 190
 191         if (!smbsrv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) {
 192                 /* Already signing, or disabled */
 193                 goto done;
 194         }
 195
 196         /* Force check of the request packet, now we know the session key */
 197         smbsrv_signing_check_incoming(req);
 198 /* TODO: why don't we check the result here? */
 199
 200         /* Unfortunetly win2k3 as a client doesn't sign the request
 201          * packet here, so we have to force signing to start again */
 202
 203         smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2);
 204
 205 done:
 206         status = NT_STATUS_OK;
 207 failed:
 208         status = auth_nt_status_squash(status);
 209         smbsrv_sesssetup_backend_send(req, sess, status);
 210 }
 211
 212 /*
 213   handler for NT1 style session setup
 214 */
 215 static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
 216 {
 217         NTSTATUS status;
 218         struct auth_context *auth_context;
 219         struct auth_usersupplied_info *user_info = NULL;
 220         struct socket_address *remote_address;
 221         const char *remote_machine = NULL;
 222
 223         sess->nt1.out.vuid = 0;
 224         sess->nt1.out.action = 0;
 225
 226         sesssetup_common_strings(req,
 227                                  &sess->nt1.out.os,
 228                                  &sess->nt1.out.lanman,
 229                                  &sess->nt1.out.domain);
 230
 231         if (!req->smb_conn->negotiate.done_sesssetup) {
 232                 req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize;
 233                 req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities;
 234         }
 235
 236         if (req->smb_conn->negotiate.oid) {
 237                 if (sess->nt1.in.user && *sess->nt1.in.user) {
 238                         /* We can't accept a normal login, because we
 239                          * don't have a challenge */
 240                         status = NT_STATUS_LOGON_FAILURE;
 241                         goto failed;
 242                 }
 243
 244                 /* TODO: should we use just "anonymous" here? */
 245                 status = auth_context_create(req,
 246                                              req->smb_conn->connection->event.ctx,
 247                                              req->smb_conn->connection->msg_ctx,
 248                                              &auth_context);
 249                 if (!NT_STATUS_IS_OK(status)) goto failed;
 250         } else {
 251                 auth_context = req->smb_conn->negotiate.auth_context;
 252         }
 253
 254         if (req->smb_conn->negotiate.calling_name) {
 255                 remote_machine = req->smb_conn->negotiate.calling_name->name;
 256         }
 257
 258         remote_address = socket_get_peer_addr(req->smb_conn->connection->socket, req);
 259         if (!remote_address) goto nomem;
 260
 261         if (!remote_machine) {
 262                 remote_machine = remote_address->addr;
 263         }
 264
 265         user_info = talloc(req, struct auth_usersupplied_info);
 266         if (!user_info) goto nomem;
 267
 268         user_info->mapped_state = False;
 269         user_info->logon_parameters = 0;
 270         user_info->flags = 0;
 271         user_info->client.account_name = sess->nt1.in.user;
 272         user_info->client.domain_name = sess->nt1.in.domain;
 273         user_info->workstation_name = remote_machine;
 274         user_info->remote_host = talloc_steal(user_info, remote_address);
 275
 276         user_info->password_state = AUTH_PASSWORD_RESPONSE;
 277         user_info->password.response.lanman = sess->nt1.in.password1;
 278         user_info->password.response.lanman.data = talloc_steal(user_info, sess->nt1.in.password1.data);
 279         user_info->password.response.nt = sess->nt1.in.password2;
 280         user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data);
 281
 282         auth_check_password_send(auth_context, user_info,
 283                                  sesssetup_nt1_send, req);
 284         return;
 285
 286 nomem:
 287         status = NT_STATUS_NO_MEMORY;
 288 failed:
 289         status = auth_nt_status_squash(status);
 290         smbsrv_sesssetup_backend_send(req, sess, status);
 291 }
 292
 293 struct sesssetup_spnego_state {
 294         struct smbsrv_request *req;
 295         union smb_sesssetup *sess;
 296         struct smbsrv_session *smb_sess;
 297 };
 298
 299 static void sesssetup_spnego_send(struct gensec_update_request *greq, void *private_data)
 300 {
 301         struct sesssetup_spnego_state *s = talloc_get_type(private_data,
 302                                            struct sesssetup_spnego_state);
 303         struct smbsrv_request *req = s->req;
 304         union smb_sesssetup *sess = s->sess;
 305         struct smbsrv_session *smb_sess = s->smb_sess;
 306         struct auth_session_info *session_info = NULL;
 307         NTSTATUS status;
 308         NTSTATUS skey_status;
 309         DATA_BLOB session_key;
 310
 311         status = gensec_update_recv(greq, req, &sess->spnego.out.secblob);
 312         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 313                 goto done;
 314         } else if (!NT_STATUS_IS_OK(status)) {
 315                 goto failed;
 316         }
 317
 318         status = gensec_session_info(smb_sess->gensec_ctx, &session_info);
 319         if (!NT_STATUS_IS_OK(status)) goto failed;
 320
 321         skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key);
 322         if (NT_STATUS_IS_OK(skey_status) &&
 323             session_info->server_info->authenticated &&
 324             smbsrv_setup_signing(req->smb_conn, &session_key, NULL)) {
 325                 /* Force check of the request packet, now we know the session key */
 326                 smbsrv_signing_check_incoming(req);
 327
 328                 smbsrv_signing_restart(req->smb_conn, &session_key, NULL);
 329         }
 330
 331         /* Ensure this is marked as a 'real' vuid, not one
 332          * simply valid for the session setup leg */
 333         status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
 334         if (!NT_STATUS_IS_OK(status)) goto failed;
 335
 336         req->session = smb_sess;
 337
 338 done:
 339         sess->spnego.out.vuid = smb_sess->vuid;
 340 failed:
 341         status = auth_nt_status_squash(status);
 342         smbsrv_sesssetup_backend_send(req, sess, status);
 343         if (!NT_STATUS_IS_OK(status) &&
 344             !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 345                 talloc_free(smb_sess);
 346         }
 347 }
 348
 349 /*
 350   handler for SPNEGO style session setup
 351 */
 352 static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess)
 353 {
 354         NTSTATUS status;
 355         struct smbsrv_session *smb_sess = NULL;
 356         struct sesssetup_spnego_state *s = NULL;
 357         uint16_t vuid;
 358
 359         sess->spnego.out.vuid = 0;
 360         sess->spnego.out.action = 0;
 361
 362         sesssetup_common_strings(req,
 363                                  &sess->spnego.out.os,
 364                                  &sess->spnego.out.lanman,
 365                                  &sess->spnego.out.workgroup);
 366
 367         if (!req->smb_conn->negotiate.done_sesssetup) {
 368                 req->smb_conn->negotiate.max_send = sess->spnego.in.bufsize;
 369                 req->smb_conn->negotiate.client_caps = sess->spnego.in.capabilities;
 370         }
 371
 372         vuid = SVAL(req->in.hdr,HDR_UID);
 373
 374         /* lookup an existing session */
 375         smb_sess = smbsrv_session_find_sesssetup(req->smb_conn, vuid);
 376         if (!smb_sess) {
 377                 struct gensec_security *gensec_ctx;
 378
 379                 status = gensec_server_start(req,
 380                                              req->smb_conn->connection->event.ctx,
 381                                              req->smb_conn->connection->msg_ctx,
 382                                              &gensec_ctx);
 383                 if (!NT_STATUS_IS_OK(status)) {
 384                         DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
 385                         goto failed;
 386                 }
 387
 388                 gensec_set_credentials(gensec_ctx, req->smb_conn->negotiate.server_credentials);
 389
 390                 gensec_set_target_service(gensec_ctx, "cifs");
 391
 392                 gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
 393
 394                 status = gensec_start_mech_by_oid(gensec_ctx, req->smb_conn->negotiate.oid);
 395                 if (!NT_STATUS_IS_OK(status)) {
 396                         DEBUG(1, ("Failed to start GENSEC %s server code: %s\n",
 397                                   gensec_get_name_by_oid(req->smb_conn->negotiate.oid), nt_errstr(status)));
 398                         goto failed;
 399                 }
 400
 401                 /* allocate a new session */
 402                 smb_sess = smbsrv_session_new(req->smb_conn, req->smb_conn, gensec_ctx);
 403                 if (!smb_sess) {
 404                         status = NT_STATUS_INSUFFICIENT_RESOURCES;
 405                         goto failed;
 406                 }
 407         }
 408
 409         if (!smb_sess) {
 410                 status = NT_STATUS_ACCESS_DENIED;
 411                 goto failed;
 412         }
 413
 414         if (!smb_sess->gensec_ctx) {
 415                 status = NT_STATUS_INTERNAL_ERROR;
 416                 DEBUG(1, ("Internal ERROR: no gensec_ctx on session: %s\n", nt_errstr(status)));
 417                 goto failed;
 418         }
 419
 420         s = talloc(req, struct sesssetup_spnego_state);
 421         if (!s) goto nomem;
 422         s->req          = req;
 423         s->sess         = sess;
 424         s->smb_sess     = smb_sess;
 425
 426         gensec_update_send(smb_sess->gensec_ctx, sess->spnego.in.secblob,
 427                            sesssetup_spnego_send, s);
 428         return;
 429
 430 nomem:
 431         status = NT_STATUS_NO_MEMORY;
 432 failed:
 433         talloc_free(smb_sess);
 434         status = auth_nt_status_squash(status);
 435         smbsrv_sesssetup_backend_send(req, sess, status);
 436 }
 437
 438 /*
 439   backend for sessionsetup call - this takes all 3 variants of the call
 440 */
 441 void smbsrv_sesssetup_backend(struct smbsrv_request *req,
 442                               union smb_sesssetup *sess)
 443 {
 444         switch (sess->old.level) {
 445                 case RAW_SESSSETUP_OLD:
 446                         sesssetup_old(req, sess);
 447                         return;
 448
 449                 case RAW_SESSSETUP_NT1:
 450                         sesssetup_nt1(req, sess);
 451                         return;
 452
 453                 case RAW_SESSSETUP_SPNEGO:
 454                         sesssetup_spnego(req, sess);
 455                         return;
 456
 457                 case RAW_SESSSETUP_SMB2:
 458                         break;
 459         }
 460
 461         smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_INVALID_LEVEL);
 462 }