2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../libcli/smb/smb2_negotiate_context.h"
26 #include "../lib/tsocket/tsocket.h"
27 #include "../librpc/ndr/libndr.h"
28 #include "../libcli/smb/smb_signing.h"
30 #include "auth/gensec/gensec.h"
31 #include "lib/util/string_wrappers.h"
32 #include "source3/lib/substitute.h"
33 #ifdef HAVE_VALGRIND_CALLGRIND_H
34 #include <valgrind/callgrind.h>
35 #endif /* HAVE_VALGRIND_CALLGRIND_H */
38 #define DBGC_CLASS DBGC_SMB2
41 * this is the entry point if SMB2 is selected via
42 * the SMB negprot and the given dialect.
44 static NTSTATUS reply_smb20xx(struct smb_request *req, uint16_t dialect)
50 size_t len = SMB2_HDR_BODY + 0x24 + 2;
52 smb2_inpdu = talloc_zero_array(talloc_tos(), uint8_t, len);
53 if (smb2_inpdu == NULL) {
54 DEBUG(0, ("Could not push spnego blob\n"));
55 reply_nterror(req, NT_STATUS_NO_MEMORY);
56 return NT_STATUS_NO_MEMORY;
58 smb2_hdr = smb2_inpdu;
59 smb2_body = smb2_hdr + SMB2_HDR_BODY;
60 smb2_dyn = smb2_body + 0x24;
62 SIVAL(smb2_hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
63 SIVAL(smb2_hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
65 SSVAL(smb2_body, 0x00, 0x0024); /* struct size */
66 SSVAL(smb2_body, 0x02, 0x0001); /* dialect count */
68 SSVAL(smb2_dyn, 0x00, dialect);
72 return smbd_smb2_process_negprot(req->xconn, 0, smb2_inpdu, len);
76 * this is the entry point if SMB2 is selected via
77 * the SMB negprot and the "SMB 2.002" dialect.
79 NTSTATUS reply_smb2002(struct smb_request *req, uint16_t choice)
81 return reply_smb20xx(req, SMB2_DIALECT_REVISION_202);
85 * this is the entry point if SMB2 is selected via
86 * the SMB negprot and the "SMB 2.???" dialect.
88 NTSTATUS reply_smb20ff(struct smb_request *req, uint16_t choice)
90 struct smbXsrv_connection *xconn = req->xconn;
91 xconn->smb2.allow_2ff = true;
92 return reply_smb20xx(req, SMB2_DIALECT_REVISION_2FF);
95 enum protocol_types smbd_smb2_protocol_dialect_match(const uint8_t *indyn,
96 const int dialect_count,
100 enum protocol_types proto;
103 { PROTOCOL_SMB3_11, SMB3_DIALECT_REVISION_311 },
104 { PROTOCOL_SMB3_02, SMB3_DIALECT_REVISION_302 },
105 { PROTOCOL_SMB3_00, SMB3_DIALECT_REVISION_300 },
106 { PROTOCOL_SMB2_10, SMB2_DIALECT_REVISION_210 },
107 { PROTOCOL_SMB2_02, SMB2_DIALECT_REVISION_202 },
111 for (i = 0; i < ARRAY_SIZE(pd); i ++) {
114 if (lp_server_max_protocol() < pd[i].proto) {
117 if (lp_server_min_protocol() > pd[i].proto) {
121 for (c = 0; c < dialect_count; c++) {
122 *dialect = SVAL(indyn, c*2);
123 if (*dialect == pd[i].dialect) {
129 return PROTOCOL_NONE;
132 static NTSTATUS smb2_negotiate_context_process_posix(
133 const struct smb2_negotiate_contexts *in_c,
136 struct smb2_negotiate_context *in_posix = NULL;
137 const uint8_t *inbuf = NULL;
139 bool posix_found = false;
145 if (!lp_smb3_unix_extensions(GLOBAL_SECTION_SNUM)) {
149 in_posix = smb2_negotiate_context_find(in_c,
150 SMB2_POSIX_EXTENSIONS_AVAILABLE);
151 if (in_posix == NULL) {
155 inbuf = in_posix->data.data;
156 inbuflen = in_posix->data.length;
159 * For now the server only supports one variant.
160 * Check it's the right one.
162 if ((inbuflen % 16) != 0) {
163 return NT_STATUS_INVALID_PARAMETER;
166 SMB_ASSERT(strlen(SMB2_CREATE_TAG_POSIX) == 16);
168 for (ofs = 0; ofs < inbuflen; ofs += 16) {
169 cmp = memcmp(inbuf+ofs, SMB2_CREATE_TAG_POSIX, 16);
177 DBG_DEBUG("Client requested unknown SMB3 Unix extensions:\n");
178 dump_data(10, inbuf, inbuflen);
182 DBG_DEBUG("Client requested SMB3 Unix extensions\n");
187 struct smbd_smb2_request_process_negprot_state {
188 struct smbd_smb2_request *req;
193 static void smbd_smb2_request_process_negprot_mc_done(struct tevent_req *subreq);
195 NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
197 struct smbd_smb2_request_process_negprot_state *state = NULL;
198 struct smbXsrv_connection *xconn = req->xconn;
199 struct tevent_req *subreq = NULL;
201 const uint8_t *inbody;
202 const uint8_t *indyn = NULL;
205 DATA_BLOB negprot_spnego_blob;
206 uint16_t security_offset;
207 DATA_BLOB security_buffer;
208 size_t expected_dyn_size = 0;
210 uint16_t security_mode;
211 uint16_t dialect_count;
212 uint16_t in_security_mode;
213 uint32_t in_capabilities;
214 DATA_BLOB in_guid_blob;
216 struct smb2_negotiate_contexts in_c = { .num_contexts = 0, };
217 struct smb2_negotiate_context *in_preauth = NULL;
218 struct smb2_negotiate_context *in_cipher = NULL;
219 struct smb2_negotiate_context *in_sign_algo = NULL;
220 struct smb2_negotiate_contexts out_c = { .num_contexts = 0, };
221 const struct smb311_capabilities default_smb3_capabilities =
222 smb311_capabilities_parse("server",
223 lp_server_smb3_signing_algorithms(),
224 lp_server_smb3_encryption_algorithms());
225 DATA_BLOB out_negotiate_context_blob = data_blob_null;
226 uint32_t out_negotiate_context_offset = 0;
227 uint16_t out_negotiate_context_count = 0;
228 uint16_t dialect = 0;
229 uint32_t capabilities;
230 DATA_BLOB out_guid_blob;
231 struct GUID out_guid;
232 enum protocol_types protocol = PROTOCOL_NONE;
234 uint32_t max_trans = lp_smb2_max_trans();
235 uint32_t max_read = lp_smb2_max_read();
236 uint32_t max_write = lp_smb2_max_write();
237 NTTIME now = timeval_to_nttime(&req->request_time);
241 status = smbd_smb2_request_verify_sizes(req, 0x24);
242 if (!NT_STATUS_IS_OK(status)) {
243 return smbd_smb2_request_error(req, status);
245 inbody = SMBD_SMB2_IN_BODY_PTR(req);
247 dialect_count = SVAL(inbody, 0x02);
249 in_security_mode = SVAL(inbody, 0x04);
250 in_capabilities = IVAL(inbody, 0x08);
251 in_guid_blob = data_blob_const(inbody + 0x0C, 16);
253 if (dialect_count == 0) {
254 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
257 status = GUID_from_ndr_blob(&in_guid_blob, &in_guid);
258 if (!NT_STATUS_IS_OK(status)) {
259 return smbd_smb2_request_error(req, status);
262 expected_dyn_size = dialect_count * 2;
263 if (SMBD_SMB2_IN_DYN_LEN(req) < expected_dyn_size) {
264 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
266 indyn = SMBD_SMB2_IN_DYN_PTR(req);
268 protocol = smbd_smb2_protocol_dialect_match(indyn,
272 for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
273 if (lp_server_max_protocol() < PROTOCOL_SMB2_10) {
277 dialect = SVAL(indyn, c*2);
278 if (dialect == SMB2_DIALECT_REVISION_2FF) {
279 if (xconn->smb2.allow_2ff) {
280 xconn->smb2.allow_2ff = false;
281 protocol = PROTOCOL_SMB2_10;
287 if (protocol == PROTOCOL_NONE) {
288 return smbd_smb2_request_error(req, NT_STATUS_NOT_SUPPORTED);
291 if (protocol >= PROTOCOL_SMB3_11) {
292 uint32_t in_negotiate_context_offset = 0;
293 uint16_t in_negotiate_context_count = 0;
294 DATA_BLOB in_negotiate_context_blob = data_blob_null;
297 in_negotiate_context_offset = IVAL(inbody, 0x1C);
298 in_negotiate_context_count = SVAL(inbody, 0x20);
301 ofs += SMBD_SMB2_IN_BODY_LEN(req);
302 ofs += expected_dyn_size;
303 if ((ofs % 8) != 0) {
304 ofs += 8 - (ofs % 8);
307 if (in_negotiate_context_offset != ofs) {
308 return smbd_smb2_request_error(req,
309 NT_STATUS_INVALID_PARAMETER);
312 ofs -= SMB2_HDR_BODY;
313 ofs -= SMBD_SMB2_IN_BODY_LEN(req);
315 if (SMBD_SMB2_IN_DYN_LEN(req) < ofs) {
316 return smbd_smb2_request_error(req,
317 NT_STATUS_INVALID_PARAMETER);
320 in_negotiate_context_blob = data_blob_const(indyn,
321 SMBD_SMB2_IN_DYN_LEN(req));
323 in_negotiate_context_blob.data += ofs;
324 in_negotiate_context_blob.length -= ofs;
326 status = smb2_negotiate_context_parse(req,
327 in_negotiate_context_blob,
328 in_negotiate_context_count,
330 if (!NT_STATUS_IS_OK(status)) {
331 return smbd_smb2_request_error(req, status);
334 status = smb2_negotiate_context_process_posix(&in_c, &posix);
335 if (!NT_STATUS_IS_OK(status)) {
336 return smbd_smb2_request_error(req, status);
340 if ((dialect != SMB2_DIALECT_REVISION_2FF) &&
341 (protocol >= PROTOCOL_SMB2_10) &&
342 !GUID_all_zero(&in_guid))
344 ok = remote_arch_cache_update(&in_guid);
346 return smbd_smb2_request_error(
347 req, NT_STATUS_UNSUCCESSFUL);
351 switch (get_remote_arch()) {
358 set_remote_arch(RA_VISTA);
366 (dialect >> 8) & 0xFF, dialect & 0xFF);
367 set_remote_proto(proto);
368 DEBUG(3,("Selected protocol %s\n", proto));
371 reload_services(req->sconn, conn_snum_used, true);
373 in_preauth = smb2_negotiate_context_find(&in_c,
374 SMB2_PREAUTH_INTEGRITY_CAPABILITIES);
375 if (protocol >= PROTOCOL_SMB3_11 && in_preauth == NULL) {
376 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
378 in_cipher = smb2_negotiate_context_find(&in_c,
379 SMB2_ENCRYPTION_CAPABILITIES);
380 in_sign_algo = smb2_negotiate_context_find(&in_c,
381 SMB2_SIGNING_CAPABILITIES);
383 /* negprot_spnego() returns the server guid in the first 16 bytes */
384 negprot_spnego_blob = negprot_spnego(req, xconn);
385 if (negprot_spnego_blob.data == NULL) {
386 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
389 if (negprot_spnego_blob.length < 16) {
390 return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
393 security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
394 if (xconn->smb2.signing_mandatory) {
395 security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
399 if (lp_host_msdfs()) {
400 capabilities |= SMB2_CAP_DFS;
403 if (protocol >= PROTOCOL_SMB2_10 &&
405 lp_oplocks(GLOBAL_SECTION_SNUM) &&
406 !lp_kernel_oplocks(GLOBAL_SECTION_SNUM))
408 capabilities |= SMB2_CAP_LEASING;
411 if ((protocol >= PROTOCOL_SMB3_00) &&
412 (lp_server_smb_encrypt(-1) != SMB_ENCRYPTION_OFF) &&
413 (in_capabilities & SMB2_CAP_ENCRYPTION)) {
414 capabilities |= SMB2_CAP_ENCRYPTION;
418 * 0x10000 (65536) is the maximum allowed message size
423 if (protocol >= PROTOCOL_SMB2_10) {
426 if (tsocket_address_is_inet(req->sconn->local_address, "ip")) {
427 p = tsocket_address_inet_port(req->sconn->local_address);
430 /* largeMTU is not supported over NBT (tcp port 139) */
431 if (p != NBT_SMB_PORT) {
432 capabilities |= SMB2_CAP_LARGE_MTU;
433 xconn->smb2.credits.multicredit = true;
436 * We allow up to almost 16MB.
438 * The maximum PDU size is 0xFFFFFF (16776960)
439 * and we need some space for the header.
441 max_limit = 0xFFFF00;
446 * the defaults are 8MB, but we'll limit this to max_limit based on
447 * the dialect (64kb for SMB 2.0, 8MB for SMB >= 2.1 with LargeMTU)
449 * user configured values exceeding the limits will be overwritten,
450 * only smaller values will be accepted
453 max_trans = MIN(max_limit, lp_smb2_max_trans());
454 max_read = MIN(max_limit, lp_smb2_max_read());
455 max_write = MIN(max_limit, lp_smb2_max_write());
457 if (in_preauth != NULL) {
460 uint16_t salt_length;
461 uint16_t selected_preauth = 0;
466 if (in_preauth->data.length < needed) {
467 return smbd_smb2_request_error(req,
468 NT_STATUS_INVALID_PARAMETER);
471 hash_count = SVAL(in_preauth->data.data, 0);
472 salt_length = SVAL(in_preauth->data.data, 2);
474 if (hash_count == 0) {
475 return smbd_smb2_request_error(req,
476 NT_STATUS_INVALID_PARAMETER);
479 p = in_preauth->data.data + needed;
480 needed += hash_count * 2;
481 needed += salt_length;
483 if (in_preauth->data.length < needed) {
484 return smbd_smb2_request_error(req,
485 NT_STATUS_INVALID_PARAMETER);
488 for (i=0; i < hash_count; i++) {
494 if (v == SMB2_PREAUTH_INTEGRITY_SHA512) {
495 selected_preauth = v;
500 if (selected_preauth == 0) {
501 return smbd_smb2_request_error(req,
502 NT_STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP);
505 SSVAL(buf, 0, 1); /* HashAlgorithmCount */
506 SSVAL(buf, 2, 32); /* SaltLength */
507 SSVAL(buf, 4, selected_preauth);
508 generate_random_buffer(buf + 6, 32);
510 status = smb2_negotiate_context_add(
513 SMB2_PREAUTH_INTEGRITY_CAPABILITIES,
516 if (!NT_STATUS_IS_OK(status)) {
517 return smbd_smb2_request_error(req, status);
520 req->preauth = &req->xconn->smb2.preauth;
523 if (protocol >= PROTOCOL_SMB3_00) {
524 xconn->smb2.server.sign_algo = SMB2_SIGNING_AES128_CMAC;
526 xconn->smb2.server.sign_algo = SMB2_SIGNING_HMAC_SHA256;
529 if ((capabilities & SMB2_CAP_ENCRYPTION) && (in_cipher != NULL)) {
530 const struct smb3_encryption_capabilities *srv_ciphers =
531 &default_smb3_capabilities.encryption;
532 uint16_t srv_preferred_idx = UINT16_MAX;
534 uint16_t cipher_count;
539 capabilities &= ~SMB2_CAP_ENCRYPTION;
541 if (in_cipher->data.length < needed) {
542 return smbd_smb2_request_error(req,
543 NT_STATUS_INVALID_PARAMETER);
546 cipher_count = SVAL(in_cipher->data.data, 0);
547 if (cipher_count == 0) {
548 return smbd_smb2_request_error(req,
549 NT_STATUS_INVALID_PARAMETER);
552 p = in_cipher->data.data + needed;
553 needed += cipher_count * 2;
555 if (in_cipher->data.length < needed) {
556 return smbd_smb2_request_error(req,
557 NT_STATUS_INVALID_PARAMETER);
560 for (i=0; i < cipher_count; i++) {
567 for (si = 0; si < srv_ciphers->num_algos; si++) {
568 if (srv_ciphers->algos[si] != v) {
573 * The server ciphers are listed
574 * with the lowest idx being preferred.
576 if (si < srv_preferred_idx) {
577 srv_preferred_idx = si;
583 if (srv_preferred_idx != UINT16_MAX) {
584 xconn->smb2.server.cipher =
585 srv_ciphers->algos[srv_preferred_idx];
588 SSVAL(buf, 0, 1); /* ChiperCount */
589 SSVAL(buf, 2, xconn->smb2.server.cipher);
591 status = smb2_negotiate_context_add(
594 SMB2_ENCRYPTION_CAPABILITIES,
597 if (!NT_STATUS_IS_OK(status)) {
598 return smbd_smb2_request_error(req, status);
602 if (capabilities & SMB2_CAP_ENCRYPTION) {
603 xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
606 if (in_sign_algo != NULL) {
607 const struct smb3_signing_capabilities *srv_sign_algos =
608 &default_smb3_capabilities.signing;
609 uint16_t srv_preferred_idx = UINT16_MAX;
611 uint16_t sign_algo_count;
615 if (in_sign_algo->data.length < needed) {
616 return smbd_smb2_request_error(req,
617 NT_STATUS_INVALID_PARAMETER);
620 sign_algo_count = SVAL(in_sign_algo->data.data, 0);
621 if (sign_algo_count == 0) {
622 return smbd_smb2_request_error(req,
623 NT_STATUS_INVALID_PARAMETER);
626 p = in_sign_algo->data.data + needed;
627 needed += sign_algo_count * 2;
629 if (in_sign_algo->data.length < needed) {
630 return smbd_smb2_request_error(req,
631 NT_STATUS_INVALID_PARAMETER);
634 for (i=0; i < sign_algo_count; i++) {
641 for (si = 0; si < srv_sign_algos->num_algos; si++) {
642 if (srv_sign_algos->algos[si] != v) {
647 * The server sign_algos are listed
648 * with the lowest idx being preferred.
650 if (si < srv_preferred_idx) {
651 srv_preferred_idx = si;
658 * If we found a match announce it
659 * otherwise we'll keep the default
660 * of SMB2_SIGNING_AES128_CMAC
662 if (srv_preferred_idx != UINT16_MAX) {
665 xconn->smb2.server.sign_algo =
666 srv_sign_algos->algos[srv_preferred_idx];
668 SSVAL(buf, 0, 1); /* SigningAlgorithmCount */
669 SSVAL(buf, 2, xconn->smb2.server.sign_algo);
671 status = smb2_negotiate_context_add(
674 SMB2_SIGNING_CAPABILITIES,
677 if (!NT_STATUS_IS_OK(status)) {
678 return smbd_smb2_request_error(req, status);
683 status = smb311_capabilities_check(&default_smb3_capabilities,
686 NT_STATUS_INVALID_PARAMETER,
689 xconn->smb2.server.sign_algo,
690 xconn->smb2.server.cipher);
691 if (!NT_STATUS_IS_OK(status)) {
692 return smbd_smb2_request_error(req, status);
695 if (protocol >= PROTOCOL_SMB3_00 &&
696 xconn->client->server_multi_channel_enabled)
698 if (in_capabilities & SMB2_CAP_MULTI_CHANNEL) {
699 capabilities |= SMB2_CAP_MULTI_CHANNEL;
703 security_offset = SMB2_HDR_BODY + 0x40;
706 /* Try SPNEGO auth... */
707 security_buffer = data_blob_const(negprot_spnego_blob.data + 16,
708 negprot_spnego_blob.length - 16);
710 /* for now we want raw NTLMSSP */
711 security_buffer = data_blob_const(NULL, 0);
715 /* Client correctly negotiated SMB2 unix extensions. */
716 const uint8_t *buf = (const uint8_t *)SMB2_CREATE_TAG_POSIX;
717 status = smb2_negotiate_context_add(
720 SMB2_POSIX_EXTENSIONS_AVAILABLE,
723 if (!NT_STATUS_IS_OK(status)) {
724 return smbd_smb2_request_error(req, status);
726 xconn->smb2.server.posix_extensions_negotiated = true;
729 if (out_c.num_contexts != 0) {
730 status = smb2_negotiate_context_push(req,
731 &out_negotiate_context_blob,
733 if (!NT_STATUS_IS_OK(status)) {
734 return smbd_smb2_request_error(req, status);
738 if (out_negotiate_context_blob.length != 0) {
739 static const uint8_t zeros[8];
743 outdyn = data_blob_dup_talloc(req, security_buffer);
744 if (outdyn.length != security_buffer.length) {
745 return smbd_smb2_request_error(req,
746 NT_STATUS_NO_MEMORY);
749 ofs = security_offset + security_buffer.length;
750 if ((ofs % 8) != 0) {
755 ok = data_blob_append(req, &outdyn, zeros, pad);
757 return smbd_smb2_request_error(req,
758 NT_STATUS_NO_MEMORY);
761 ok = data_blob_append(req, &outdyn,
762 out_negotiate_context_blob.data,
763 out_negotiate_context_blob.length);
765 return smbd_smb2_request_error(req,
766 NT_STATUS_NO_MEMORY);
769 out_negotiate_context_offset = ofs;
770 out_negotiate_context_count = out_c.num_contexts;
772 outdyn = security_buffer;
775 out_guid_blob = data_blob_const(negprot_spnego_blob.data, 16);
776 status = GUID_from_ndr_blob(&out_guid_blob, &out_guid);
777 if (!NT_STATUS_IS_OK(status)) {
778 return smbd_smb2_request_error(req, status);
781 outbody = smbd_smb2_generate_outbody(req, 0x40);
782 if (outbody.data == NULL) {
783 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
786 SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
787 SSVAL(outbody.data, 0x02,
788 security_mode); /* security mode */
789 SSVAL(outbody.data, 0x04, dialect); /* dialect revision */
790 SSVAL(outbody.data, 0x06,
791 out_negotiate_context_count); /* reserved/NegotiateContextCount */
792 memcpy(outbody.data + 0x08,
793 out_guid_blob.data, 16); /* server guid */
794 SIVAL(outbody.data, 0x18,
795 capabilities); /* capabilities */
796 SIVAL(outbody.data, 0x1C, max_trans); /* max transact size */
797 SIVAL(outbody.data, 0x20, max_read); /* max read size */
798 SIVAL(outbody.data, 0x24, max_write); /* max write size */
799 SBVAL(outbody.data, 0x28, now); /* system time */
800 SBVAL(outbody.data, 0x30, 0); /* server start time */
801 SSVAL(outbody.data, 0x38,
802 security_offset); /* security buffer offset */
803 SSVAL(outbody.data, 0x3A,
804 security_buffer.length); /* security buffer length */
805 SIVAL(outbody.data, 0x3C,
806 out_negotiate_context_offset); /* reserved/NegotiateContextOffset */
808 req->sconn->using_smb2 = true;
810 if (dialect == SMB2_DIALECT_REVISION_2FF) {
811 return smbd_smb2_request_done(req, outbody, &outdyn);
814 status = smbXsrv_connection_init_tables(xconn, protocol);
815 if (!NT_STATUS_IS_OK(status)) {
816 return smbd_smb2_request_error(req, status);
819 xconn->smb2.client.capabilities = in_capabilities;
820 xconn->smb2.client.security_mode = in_security_mode;
821 xconn->smb2.client.guid = in_guid;
822 xconn->smb2.client.num_dialects = dialect_count;
823 xconn->smb2.client.dialects = talloc_array(xconn,
826 if (xconn->smb2.client.dialects == NULL) {
827 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
829 for (c=0; c < dialect_count; c++) {
830 xconn->smb2.client.dialects[c] = SVAL(indyn, c*2);
833 xconn->smb2.server.capabilities = capabilities;
834 xconn->smb2.server.security_mode = security_mode;
835 xconn->smb2.server.guid = out_guid;
836 xconn->smb2.server.dialect = dialect;
837 xconn->smb2.server.max_trans = max_trans;
838 xconn->smb2.server.max_read = max_read;
839 xconn->smb2.server.max_write = max_write;
841 if (xconn->protocol < PROTOCOL_SMB2_10) {
843 * SMB2_02 doesn't support client guids
845 return smbd_smb2_request_done(req, outbody, &outdyn);
848 if (!xconn->client->server_multi_channel_enabled) {
850 * Only deal with the client guid database
851 * if multi-channel is enabled.
853 * But we still need to setup
854 * xconn->client->global->client_guid to
857 xconn->client->global->client_guid =
858 xconn->smb2.client.guid;
859 return smbd_smb2_request_done(req, outbody, &outdyn);
862 if (xconn->smb2.client.guid_verified) {
864 * The connection was passed from another
867 return smbd_smb2_request_done(req, outbody, &outdyn);
870 state = talloc_zero(req, struct smbd_smb2_request_process_negprot_state);
872 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
874 *state = (struct smbd_smb2_request_process_negprot_state) {
880 subreq = smb2srv_client_mc_negprot_send(state,
881 req->xconn->client->raw_ev_ctx,
883 if (subreq == NULL) {
884 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
886 tevent_req_set_callback(subreq,
887 smbd_smb2_request_process_negprot_mc_done,
892 static void smbd_smb2_request_process_negprot_mc_done(struct tevent_req *subreq)
894 struct smbd_smb2_request_process_negprot_state *state =
895 tevent_req_callback_data(subreq,
896 struct smbd_smb2_request_process_negprot_state);
897 struct smbd_smb2_request *req = state->req;
898 struct smbXsrv_connection *xconn = req->xconn;
901 status = smb2srv_client_mc_negprot_recv(subreq);
903 if (NT_STATUS_EQUAL(status, NT_STATUS_MESSAGE_RETRIEVED)) {
905 * The connection was passed to another process
907 smbd_server_connection_terminate(xconn,
908 "passed connection");
910 * smbd_server_connection_terminate() should not return!
912 smb_panic(__location__);
915 if (!NT_STATUS_IS_OK(status)) {
916 status = smbd_smb2_request_error(req, status);
917 if (NT_STATUS_IS_OK(status)) {
922 * The connection was passed to another process
924 smbd_server_connection_terminate(xconn, nt_errstr(status));
926 * smbd_server_connection_terminate() should not return!
928 smb_panic(__location__);
933 * We're the first connection...
935 status = smbd_smb2_request_done(req, state->outbody, &state->outdyn);
936 if (NT_STATUS_IS_OK(status)) {
938 * This allows us to support starting smbd under
939 * callgrind and only start the overhead and
940 * instrumentation after the SMB2 negprot,
941 * this allows us to profile only useful
942 * stuff and not all the smbd startup, forking
943 * and multichannel handling.
945 * valgrind --tool=callgrind --instr-atstart=no smbd
947 #ifdef CALLGRIND_START_INSTRUMENTATION
948 CALLGRIND_START_INSTRUMENTATION;
954 * The connection was passed to another process
956 smbd_server_connection_terminate(xconn, nt_errstr(status));
958 * smbd_server_connection_terminate() should not return!
960 smb_panic(__location__);
964 /****************************************************************************
965 Generate the spnego negprot reply blob. Return the number of bytes used.
966 ****************************************************************************/
968 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbXsrv_connection *xconn)
970 DATA_BLOB blob = data_blob_null;
971 DATA_BLOB blob_out = data_blob_null;
978 struct gensec_security *gensec_security;
980 /* See if we can get an SPNEGO blob */
981 status = auth_generic_prepare(talloc_tos(),
982 xconn->remote_address,
983 xconn->local_address,
988 * Despite including it above, there is no need to set a
989 * remote address or similar as we are just interested in the
990 * SPNEGO blob, we never keep this context.
993 if (NT_STATUS_IS_OK(status)) {
994 status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
995 if (NT_STATUS_IS_OK(status)) {
996 status = gensec_update(gensec_security, ctx,
997 data_blob_null, &blob);
998 /* If we get the list of OIDs, the 'OK' answer
999 * is NT_STATUS_MORE_PROCESSING_REQUIRED */
1000 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1001 DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
1002 blob = data_blob_null;
1005 TALLOC_FREE(gensec_security);
1008 #if defined(WITH_SMB1SERVER)
1009 xconn->smb1.negprot.spnego = true;
1012 /* strangely enough, NT does not sent the single OID NTLMSSP when
1013 not a ADS member, it sends no OIDs at all
1015 OLD COMMENT : "we can't do this until we teach our session setup parser to know
1016 about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
1018 Our sessionsetup code now handles raw NTLMSSP connects, so we can go
1019 back to doing what W2K3 does here. This is needed to make PocketPC 2003
1020 CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
1025 if (blob.length == 0 || blob.data == NULL) {
1026 return data_blob_null;
1029 blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
1030 if (blob_out.data == NULL) {
1031 data_blob_free(&blob);
1032 return data_blob_null;
1035 memset(blob_out.data, '\0', 16);
1037 checked_strlcpy(unix_name, lp_netbios_name(), sizeof(unix_name));
1038 (void)strlower_m(unix_name);
1039 push_ascii_nstring(dos_name, unix_name);
1040 strlcpy((char *)blob_out.data, dos_name, 17);
1043 /* Fix valgrind 'uninitialized bytes' issue. */
1044 slen = strlen(dos_name);
1046 memset(blob_out.data+slen, '\0', 16 - slen);
1050 memcpy(&blob_out.data[16], blob.data, blob.length);
1052 data_blob_free(&blob);
1058 * MS-CIFS, 2.2.4.52.2 SMB_COM_NEGOTIATE Response:
1059 * If the server does not support any of the listed dialects, it MUST return a
1060 * DialectIndex of 0XFFFF
1062 #define NO_PROTOCOL_CHOSEN 0xffff
1064 #define PROT_SMB_2_002 0x1000
1065 #define PROT_SMB_2_FF 0x2000
1067 /* List of supported SMB1 protocols, most desired first.
1068 * This is for enabling multi-protocol negotiation in SMB2 when SMB1
1071 static const struct {
1072 const char *proto_name;
1073 const char *short_name;
1074 NTSTATUS (*proto_reply_fn)(struct smb_request *req, uint16_t choice);
1076 } supported_protocols[] = {
1077 {"SMB 2.???", "SMB2_FF", reply_smb20ff, PROTOCOL_SMB2_10},
1078 {"SMB 2.002", "SMB2_02", reply_smb2002, PROTOCOL_SMB2_02},
1082 /****************************************************************************
1084 conn POINTER CAN BE NULL HERE !
1085 ****************************************************************************/
1087 NTSTATUS smb2_multi_protocol_reply_negprot(struct smb_request *req)
1090 bool choice_set = false;
1096 size_t converted_size;
1097 struct smbXsrv_connection *xconn = req->xconn;
1098 struct smbd_server_connection *sconn = req->sconn;
1103 START_PROFILE(SMBnegprot);
1105 if (req->buflen == 0) {
1106 DEBUG(0, ("negprot got no protocols\n"));
1107 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1108 END_PROFILE(SMBnegprot);
1109 return NT_STATUS_INVALID_PARAMETER;
1112 if (req->buf[req->buflen-1] != '\0') {
1113 DEBUG(0, ("negprot protocols not 0-terminated\n"));
1114 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1115 END_PROFILE(SMBnegprot);
1116 return NT_STATUS_INVALID_PARAMETER;
1119 p = (const char *)req->buf + 1;
1124 while (smbreq_bufrem(req, p) > 0) {
1128 tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
1131 DEBUG(0, ("talloc failed\n"));
1132 TALLOC_FREE(cliprotos);
1133 reply_nterror(req, NT_STATUS_NO_MEMORY);
1134 END_PROFILE(SMBnegprot);
1135 return NT_STATUS_NO_MEMORY;
1140 if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
1142 DEBUG(0, ("pull_ascii_talloc failed\n"));
1143 TALLOC_FREE(cliprotos);
1144 reply_nterror(req, NT_STATUS_NO_MEMORY);
1145 END_PROFILE(SMBnegprot);
1146 return NT_STATUS_NO_MEMORY;
1149 DEBUG(3, ("Requested protocol [%s]\n",
1150 cliprotos[num_cliprotos]));
1156 /* possibly reload - change of architecture */
1157 reload_services(sconn, conn_snum_used, true);
1160 * Anything higher than PROTOCOL_SMB2_10 still
1161 * needs to go via "SMB 2.???", which is marked
1162 * as PROTOCOL_SMB2_10.
1164 * The real negotiation happens via reply_smb20ff()
1165 * using SMB2 Negotiation.
1167 max_proto = lp_server_max_protocol();
1168 if (max_proto > PROTOCOL_SMB2_10) {
1169 max_proto = PROTOCOL_SMB2_10;
1171 min_proto = lp_server_min_protocol();
1172 if (min_proto > PROTOCOL_SMB2_10) {
1173 min_proto = PROTOCOL_SMB2_10;
1176 /* Check for protocols, most desirable first */
1177 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
1179 if ((supported_protocols[protocol].protocol_level <= max_proto) &&
1180 (supported_protocols[protocol].protocol_level >= min_proto))
1181 while (i < num_cliprotos) {
1182 if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
1196 DBG_NOTICE("No protocol supported !\n");
1197 reply_smb1_outbuf(req, 1, 0);
1198 SSVAL(req->outbuf, smb_vwv0, NO_PROTOCOL_CHOSEN);
1200 ok = smb1_srv_send(xconn, (char *)req->outbuf, false, 0, false);
1202 DBG_NOTICE("smb1_srv_send failed\n");
1204 exit_server_cleanly("no protocol supported\n");
1207 set_remote_proto(supported_protocols[protocol].short_name);
1208 reload_services(sconn, conn_snum_used, true);
1209 status = supported_protocols[protocol].proto_reply_fn(req, choice);
1210 if (!NT_STATUS_IS_OK(status)) {
1211 exit_server_cleanly("negprot function failed\n");
1214 DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
1216 DBG_INFO("negprot index=%zu\n", choice);
1218 TALLOC_FREE(cliprotos);
1220 END_PROFILE(SMBnegprot);
1221 return NT_STATUS_OK;