2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
27 #include "smbprofile.h"
28 #include "auth/gensec/gensec.h"
29 #include "../libcli/smb/smb_signing.h"
31 extern fstring remote_proto;
33 static void get_challenge(struct smbXsrv_connection *xconn, uint8_t buff[8])
37 /* We might be called more than once, multiple negprots are
39 if (xconn->smb1.negprot.auth_context) {
40 DEBUG(3, ("get challenge: is this a secondary negprot? "
41 "sconn->negprot.auth_context is non-NULL!\n"));
42 TALLOC_FREE(xconn->smb1.negprot.auth_context);
45 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
46 nt_status = make_auth4_context(
47 xconn, &xconn->smb1.negprot.auth_context);
48 if (!NT_STATUS_IS_OK(nt_status)) {
49 DEBUG(0, ("make_auth_context_subsystem returned %s",
50 nt_errstr(nt_status)));
51 smb_panic("cannot make_negprot_global_auth_context!");
53 DEBUG(10, ("get challenge: getting challenge\n"));
54 xconn->smb1.negprot.auth_context->get_ntlm_challenge(
55 xconn->smb1.negprot.auth_context, buff);
58 /****************************************************************************
59 Reply for the lanman 1.0 protocol.
60 ****************************************************************************/
62 static void reply_lanman1(struct smb_request *req, uint16_t choice)
65 time_t t = time(NULL);
66 struct smbXsrv_connection *xconn = req->xconn;
68 if (lp_async_smb_echo_handler()) {
71 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
74 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
76 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
77 if (xconn->smb1.negprot.encrypted_passwords) {
78 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
81 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
83 SSVAL(req->outbuf,smb_vwv0,choice);
84 SSVAL(req->outbuf,smb_vwv1,secword);
85 /* Create a token value and add it to the outgoing packet. */
86 if (xconn->smb1.negprot.encrypted_passwords) {
87 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
88 SSVAL(req->outbuf,smb_vwv11, 8);
91 smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
93 /* Reply, SMBlockread, SMBwritelock supported. */
94 SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
95 SSVAL(req->outbuf,smb_vwv2, xconn->smb1.negprot.max_recv);
96 SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
97 SSVAL(req->outbuf,smb_vwv4, 1);
98 SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
99 readbraw writebraw (possibly) */
100 SIVAL(req->outbuf,smb_vwv6, getpid());
101 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
103 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
108 /****************************************************************************
109 Reply for the lanman 2.0 protocol.
110 ****************************************************************************/
112 static void reply_lanman2(struct smb_request *req, uint16_t choice)
115 time_t t = time(NULL);
116 struct smbXsrv_connection *xconn = req->xconn;
118 if (lp_async_smb_echo_handler()) {
121 raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
124 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
126 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
127 if (xconn->smb1.negprot.encrypted_passwords) {
128 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
131 reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
133 SSVAL(req->outbuf,smb_vwv0, choice);
134 SSVAL(req->outbuf,smb_vwv1, secword);
135 SIVAL(req->outbuf,smb_vwv6, getpid());
137 /* Create a token value and add it to the outgoing packet. */
138 if (xconn->smb1.negprot.encrypted_passwords) {
139 get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
140 SSVAL(req->outbuf,smb_vwv11, 8);
143 smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
145 /* Reply, SMBlockread, SMBwritelock supported. */
146 SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
147 SSVAL(req->outbuf,smb_vwv2,xconn->smb1.negprot.max_recv);
148 SSVAL(req->outbuf,smb_vwv3,lp_max_mux());
149 SSVAL(req->outbuf,smb_vwv4,1);
150 SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
151 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
152 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
155 /****************************************************************************
156 Generate the spnego negprot reply blob. Return the number of bytes used.
157 ****************************************************************************/
159 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbXsrv_connection *xconn)
161 DATA_BLOB blob = data_blob_null;
162 DATA_BLOB blob_out = data_blob_null;
169 struct gensec_security *gensec_security;
171 /* See if we can get an SPNEGO blob */
172 status = auth_generic_prepare(talloc_tos(),
173 xconn->remote_address,
174 xconn->local_address,
179 * Despite including it above, there is no need to set a
180 * remote address or similar as we are just interested in the
181 * SPNEGO blob, we never keep this context.
184 if (NT_STATUS_IS_OK(status)) {
185 status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
186 if (NT_STATUS_IS_OK(status)) {
187 status = gensec_update(gensec_security, ctx,
188 data_blob_null, &blob);
189 /* If we get the list of OIDs, the 'OK' answer
190 * is NT_STATUS_MORE_PROCESSING_REQUIRED */
191 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
192 DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
193 blob = data_blob_null;
196 TALLOC_FREE(gensec_security);
199 xconn->smb1.negprot.spnego = true;
201 /* strangely enough, NT does not sent the single OID NTLMSSP when
202 not a ADS member, it sends no OIDs at all
204 OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
205 about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
207 Our sessionsetup code now handles raw NTLMSSP connects, so we can go
208 back to doing what W2K3 does here. This is needed to make PocketPC 2003
209 CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
214 if (blob.length == 0 || blob.data == NULL) {
215 return data_blob_null;
218 blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
219 if (blob_out.data == NULL) {
220 data_blob_free(&blob);
221 return data_blob_null;
224 memset(blob_out.data, '\0', 16);
226 checked_strlcpy(unix_name, lp_netbios_name(), sizeof(unix_name));
227 (void)strlower_m(unix_name);
228 push_ascii_nstring(dos_name, unix_name);
229 strlcpy((char *)blob_out.data, dos_name, 17);
232 /* Fix valgrind 'uninitialized bytes' issue. */
233 slen = strlen(dos_name);
235 memset(blob_out.data+slen, '\0', 16 - slen);
239 memcpy(&blob_out.data[16], blob.data, blob.length);
241 data_blob_free(&blob);
246 /****************************************************************************
247 Reply for the nt protocol.
248 ****************************************************************************/
250 static void reply_nt1(struct smb_request *req, uint16_t choice)
252 /* dual names + lock_and_read + nt SMBs + remote API calls */
253 int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
254 CAP_LEVEL_II_OPLOCKS;
257 bool negotiate_spnego = False;
260 struct smbXsrv_connection *xconn = req->xconn;
261 bool signing_desired = false;
262 bool signing_required = false;
264 xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
266 /* Check the flags field to see if this is Vista.
267 WinXP sets it and Vista does not. But we have to
268 distinguish from NT which doesn't set it either. */
270 if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
271 ((req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) == 0) )
273 if ((get_remote_arch() != RA_SAMBA) &&
274 (get_remote_arch() != RA_CIFSFS)) {
275 set_remote_arch( RA_VISTA );
279 reply_outbuf(req,17,0);
281 /* do spnego in user level security if the client
282 supports it and we can do encrypted passwords */
284 if (xconn->smb1.negprot.encrypted_passwords &&
286 (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
287 negotiate_spnego = True;
288 capabilities |= CAP_EXTENDED_SECURITY;
289 add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
290 /* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
291 (already partially constructed. */
292 SSVAL(req->outbuf, smb_flg2,
293 req->flags2 | FLAGS2_EXTENDED_SECURITY);
296 capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS;
299 capabilities |= CAP_UNICODE;
302 if (lp_unix_extensions()) {
303 capabilities |= CAP_UNIX;
306 if (lp_large_readwrite())
307 capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
309 capabilities |= CAP_LARGE_FILES;
311 if (!lp_async_smb_echo_handler() && lp_read_raw() && lp_write_raw())
312 capabilities |= CAP_RAW_MODE;
314 if (lp_nt_status_support())
315 capabilities |= CAP_STATUS32;
318 capabilities |= CAP_DFS;
320 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
321 if (xconn->smb1.negprot.encrypted_passwords) {
322 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
325 signing_desired = smb_signing_is_desired(xconn->smb1.signing_state);
326 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
328 if (signing_desired) {
329 secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
330 /* No raw mode with smb signing. */
331 capabilities &= ~CAP_RAW_MODE;
332 if (signing_required) {
333 secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
337 SSVAL(req->outbuf,smb_vwv0,choice);
338 SCVAL(req->outbuf,smb_vwv1,secword);
340 smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
342 SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
343 SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
344 SIVAL(req->outbuf,smb_vwv3+1,
345 xconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
346 SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
347 SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
348 SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
349 clock_gettime(CLOCK_REALTIME,&ts);
350 put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
351 SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
353 if (!negotiate_spnego) {
354 /* Create a token value and add it to the outgoing packet. */
355 if (xconn->smb1.negprot.encrypted_passwords) {
357 /* note that we do not send a challenge at all if
358 we are using plaintext */
359 get_challenge(xconn, chal);
360 ret = message_push_blob(
361 &req->outbuf, data_blob_const(chal, sizeof(chal)));
363 DEBUG(0, ("Could not push challenge\n"));
364 reply_nterror(req, NT_STATUS_NO_MEMORY);
367 SCVAL(req->outbuf, smb_vwv16+1, ret);
369 ret = message_push_string(&req->outbuf, lp_workgroup(),
370 STR_UNICODE|STR_TERMINATE
373 DEBUG(0, ("Could not push workgroup string\n"));
374 reply_nterror(req, NT_STATUS_NO_MEMORY);
377 ret = message_push_string(&req->outbuf, lp_netbios_name(),
378 STR_UNICODE|STR_TERMINATE
381 DEBUG(0, ("Could not push netbios name string\n"));
382 reply_nterror(req, NT_STATUS_NO_MEMORY);
385 DEBUG(3,("not using SPNEGO\n"));
387 DATA_BLOB spnego_blob = negprot_spnego(req, xconn);
389 if (spnego_blob.data == NULL) {
390 reply_nterror(req, NT_STATUS_NO_MEMORY);
394 ret = message_push_blob(&req->outbuf, spnego_blob);
396 DEBUG(0, ("Could not push spnego blob\n"));
397 reply_nterror(req, NT_STATUS_NO_MEMORY);
400 data_blob_free(&spnego_blob);
402 SCVAL(req->outbuf,smb_vwv16+1, 0);
403 DEBUG(3,("using SPNEGO\n"));
409 /* these are the protocol lists used for auto architecture detection:
412 protocol [PC NETWORK PROGRAM 1.0]
413 protocol [XENIX CORE]
414 protocol [MICROSOFT NETWORKS 1.03]
416 protocol [Windows for Workgroups 3.1a]
419 protocol [NT LM 0.12]
422 protocol [PC NETWORK PROGRAM 1.0]
423 protocol [XENIX CORE]
424 protocol [MICROSOFT NETWORKS 1.03]
426 protocol [Windows for Workgroups 3.1a]
429 protocol [NT LM 0.12]
432 protocol [PC NETWORK PROGRAM 1.0]
434 protocol [Windows for Workgroups 3.1a]
437 protocol [NT LM 0.12]
440 protocol [PC NETWORK PROGRAM 1.0]
442 protocol [Windows for Workgroups 3.1a]
445 protocol [NT LM 0.12]
449 protocol [PC NETWORK PROGRAM 1.0]
450 protocol [XENIX CORE]
456 protocol [NT LM 0.12]
462 * Modified to recognize the architecture of the remote machine better.
464 * This appears to be the matrix of which protocol is used by which
466 Protocol WfWg Win95 WinNT Win2K OS/2 Vista OSX
467 PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
469 MICROSOFT NETWORKS 3.0 2 2
471 MICROSOFT NETWORKS 1.03 3
474 Windows for Workgroups 3.1a 5 5 5 3 3
477 NT LM 0.12 6 8 6 6 6 1
482 * tim@fsg.com 09/29/95
483 * Win2K added by matty 17/7/99
486 #define PROT_PC_NETWORK_PROGRAM_1_0 0x0001
487 #define PROT_XENIX_CORE 0x0002
488 #define PROT_MICROSOFT_NETWORKS_3_0 0x0004
489 #define PROT_DOS_LM1_2X002 0x0008
490 #define PROT_MICROSOFT_NETWORKS_1_03 0x0010
491 #define PROT_DOS_LANMAN2_1 0x0020
492 #define PROT_LANMAN1_0 0x0040
493 #define PROT_WFWG 0x0080
494 #define PROT_LM1_2X002 0x0100
495 #define PROT_LANMAN2_1 0x0200
496 #define PROT_NT_LM_0_12 0x0400
497 #define PROT_SMB_2_001 0x0800
498 #define PROT_SMB_2_002 0x1000
499 #define PROT_SMB_2_FF 0x2000
500 #define PROT_SAMBA 0x4000
501 #define PROT_POSIX_2 0x8000
503 #define ARCH_WFWG ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_MICROSOFT_NETWORKS_3_0 | \
504 PROT_DOS_LM1_2X002 | PROT_DOS_LANMAN2_1 | PROT_WFWG )
505 #define ARCH_WIN95 ( ARCH_WFWG | PROT_NT_LM_0_12 )
506 #define ARCH_WINNT ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_XENIX_CORE | \
507 PROT_MICROSOFT_NETWORKS_1_03 | PROT_LANMAN1_0 | PROT_WFWG | \
508 PROT_LM1_2X002 | PROT_LANMAN2_1 | PROT_NT_LM_0_12 )
509 #define ARCH_WIN2K ( ARCH_WINNT & ~(PROT_XENIX_CORE | PROT_MICROSOFT_NETWORKS_1_03) )
510 #define ARCH_OS2 ( ARCH_WINNT & ~(PROT_MICROSOFT_NETWORKS_1_03 | PROT_WFWG) )
511 #define ARCH_VISTA ( ARCH_WIN2K | PROT_SMB_2_001 )
512 #define ARCH_SAMBA ( PROT_SAMBA )
513 #define ARCH_CIFSFS ( PROT_POSIX_2 )
514 #define ARCH_OSX ( PROT_NT_LM_0_12 | PROT_SMB_2_002 | PROT_SMB_2_FF )
516 /* List of supported protocols, most desired first */
517 static const struct {
518 const char *proto_name;
519 const char *short_name;
520 void (*proto_reply_fn)(struct smb_request *req, uint16_t choice);
522 } supported_protocols[] = {
523 {"SMB 2.???", "SMB2_FF", reply_smb20ff, PROTOCOL_SMB2_10},
524 {"SMB 2.002", "SMB2_02", reply_smb2002, PROTOCOL_SMB2_02},
525 {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
526 {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
527 {"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
528 {"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
529 {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
530 {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
531 {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
532 {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
533 {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
537 /****************************************************************************
539 conn POINTER CAN BE NULL HERE !
540 ****************************************************************************/
542 void reply_negprot(struct smb_request *req)
545 int chosen_level = -1;
552 size_t converted_size;
553 struct smbXsrv_connection *xconn = req->xconn;
554 struct smbd_server_connection *sconn = req->sconn;
555 bool signing_required = true;
559 START_PROFILE(SMBnegprot);
561 if (xconn->smb1.negprot.done) {
562 END_PROFILE(SMBnegprot);
563 exit_server_cleanly("multiple negprot's are not permitted");
565 xconn->smb1.negprot.done = true;
567 if (req->buflen == 0) {
568 DEBUG(0, ("negprot got no protocols\n"));
569 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
570 END_PROFILE(SMBnegprot);
574 if (req->buf[req->buflen-1] != '\0') {
575 DEBUG(0, ("negprot protocols not 0-terminated\n"));
576 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
577 END_PROFILE(SMBnegprot);
581 p = (const char *)req->buf + 1;
586 while (smbreq_bufrem(req, p) > 0) {
590 tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
593 DEBUG(0, ("talloc failed\n"));
594 TALLOC_FREE(cliprotos);
595 reply_nterror(req, NT_STATUS_NO_MEMORY);
596 END_PROFILE(SMBnegprot);
602 if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
604 DEBUG(0, ("pull_ascii_talloc failed\n"));
605 TALLOC_FREE(cliprotos);
606 reply_nterror(req, NT_STATUS_NO_MEMORY);
607 END_PROFILE(SMBnegprot);
611 DEBUG(3, ("Requested protocol [%s]\n",
612 cliprotos[num_cliprotos]));
618 for (i=0; i<num_cliprotos; i++) {
619 if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a")) {
620 protocols |= PROT_WFWG;
621 } else if (strcsequal(cliprotos[i], "DOS LM1.2X002")) {
622 protocols |= PROT_DOS_LM1_2X002;
623 } else if (strcsequal(cliprotos[i], "DOS LANMAN2.1")) {
624 protocols |= PROT_DOS_LANMAN2_1;
625 } else if (strcsequal(cliprotos[i], "LANMAN1.0")) {
626 protocols |= PROT_LANMAN1_0;
627 } else if (strcsequal(cliprotos[i], "NT LM 0.12")) {
628 protocols |= PROT_NT_LM_0_12;
629 } else if (strcsequal(cliprotos[i], "SMB 2.001")) {
630 protocols |= PROT_SMB_2_001;
631 } else if (strcsequal(cliprotos[i], "SMB 2.002")) {
632 protocols |= PROT_SMB_2_002;
633 } else if (strcsequal(cliprotos[i], "SMB 2.???")) {
634 protocols |= PROT_SMB_2_FF;
635 } else if (strcsequal(cliprotos[i], "LANMAN2.1")) {
636 protocols |= PROT_LANMAN2_1;
637 } else if (strcsequal(cliprotos[i], "LM1.2X002")) {
638 protocols |= PROT_LM1_2X002;
639 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03")) {
640 protocols |= PROT_MICROSOFT_NETWORKS_1_03;
641 } else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 3.0")) {
642 protocols |= PROT_MICROSOFT_NETWORKS_3_0;
643 } else if (strcsequal(cliprotos[i], "PC NETWORK PROGRAM 1.0")) {
644 protocols |= PROT_PC_NETWORK_PROGRAM_1_0;
645 } else if (strcsequal(cliprotos[i], "XENIX CORE")) {
646 protocols |= PROT_XENIX_CORE;
647 } else if (strcsequal(cliprotos[i], "Samba")) {
648 protocols = PROT_SAMBA;
650 } else if (strcsequal(cliprotos[i], "POSIX 2")) {
651 protocols = PROT_POSIX_2;
656 switch ( protocols ) {
657 /* Old CIFSFS can send one arch only, NT LM 0.12. */
658 case PROT_NT_LM_0_12:
660 set_remote_arch(RA_CIFSFS);
663 set_remote_arch(RA_SAMBA);
666 set_remote_arch(RA_WFWG);
669 set_remote_arch(RA_WIN95);
672 set_remote_arch(RA_WINNT);
675 set_remote_arch(RA_WIN2K);
678 set_remote_arch(RA_VISTA);
681 set_remote_arch(RA_OS2);
684 set_remote_arch(RA_OSX);
687 set_remote_arch(RA_UNKNOWN);
691 /* possibly reload - change of architecture */
692 reload_services(sconn, conn_snum_used, true);
694 /* moved from the netbios session setup code since we don't have that
695 when the client connects to port 445. Of course there is a small
696 window where we are listening to messages -- jerry */
698 serverid_register(messaging_server_id(sconn->msg_ctx),
699 FLAG_MSG_GENERAL|FLAG_MSG_SMBD
700 |FLAG_MSG_PRINT_GENERAL);
703 * Anything higher than PROTOCOL_SMB2_10 still
704 * needs to go via "SMB 2.???", which is marked
705 * as PROTOCOL_SMB2_10.
707 * The real negotiation happens via reply_smb20ff()
708 * using SMB2 Negotiation.
710 max_proto = lp_server_max_protocol();
711 if (max_proto > PROTOCOL_SMB2_10) {
712 max_proto = PROTOCOL_SMB2_10;
714 min_proto = lp_server_min_protocol();
715 if (min_proto > PROTOCOL_SMB2_10) {
716 min_proto = PROTOCOL_SMB2_10;
719 /* Check for protocols, most desirable first */
720 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
722 if ((supported_protocols[protocol].protocol_level <= max_proto) &&
723 (supported_protocols[protocol].protocol_level >= min_proto))
724 while (i < num_cliprotos) {
725 if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
727 chosen_level = supported_protocols[protocol].protocol_level;
738 DBG_NOTICE("No protocol supported !\n");
739 reply_outbuf(req, 1, 0);
740 SSVAL(req->outbuf, smb_vwv0, choice);
742 ok = srv_send_smb(xconn, (char *)req->outbuf,
743 false, 0, false, NULL);
745 DBG_NOTICE("srv_send_smb failed\n");
747 exit_server_cleanly("no protocol supported\n");
750 fstrcpy(remote_proto,supported_protocols[protocol].short_name);
751 reload_services(sconn, conn_snum_used, true);
752 supported_protocols[protocol].proto_reply_fn(req, choice);
753 DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
755 DEBUG( 5, ( "negprot index=%d\n", choice ) );
757 /* We always have xconn->smb1.signing_state also for >= SMB2_02 */
758 signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
759 if (signing_required && (chosen_level < PROTOCOL_NT1)) {
760 exit_server_cleanly("SMB signing is required and "
761 "client negotiated a downlevel protocol");
764 TALLOC_FREE(cliprotos);
766 if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
767 !fork_echo_handler(xconn)) {
768 exit_server("Failed to fork echo handler");
771 END_PROFILE(SMBnegprot);
git.samba.org / samba.git / blob