2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../lib/tsocket/tsocket.h"
28 * this is the entry point if SMB2 is selected via
29 * the SMB negprot and the given dialect.
31 static void reply_smb20xx(struct smb_request *req, uint16_t dialect)
37 size_t len = 4 + SMB2_HDR_BODY + 0x24 + 2;
39 smb2_inbuf = talloc_zero_array(talloc_tos(), uint8_t, len);
40 if (smb2_inbuf == NULL) {
41 DEBUG(0, ("Could not push spnego blob\n"));
42 reply_nterror(req, NT_STATUS_NO_MEMORY);
45 smb2_hdr = smb2_inbuf + 4;
46 smb2_body = smb2_hdr + SMB2_HDR_BODY;
47 smb2_dyn = smb2_body + 0x24;
49 SIVAL(smb2_hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
50 SIVAL(smb2_hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
52 SSVAL(smb2_body, 0x00, 0x0024); /* struct size */
53 SSVAL(smb2_body, 0x02, 0x0001); /* dialect count */
55 SSVAL(smb2_dyn, 0x00, dialect);
59 smbd_smb2_first_negprot(req->sconn, smb2_inbuf, len);
64 * this is the entry point if SMB2 is selected via
65 * the SMB negprot and the "SMB 2.002" dialect.
67 void reply_smb2002(struct smb_request *req, uint16_t choice)
69 reply_smb20xx(req, SMB2_DIALECT_REVISION_202);
73 * this is the entry point if SMB2 is selected via
74 * the SMB negprot and the "SMB 2.???" dialect.
76 void reply_smb20ff(struct smb_request *req, uint16_t choice)
78 req->sconn->smb2.negprot_2ff = true;
79 reply_smb20xx(req, SMB2_DIALECT_REVISION_2FF);
82 NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
85 const uint8_t *inbody;
86 const uint8_t *indyn = NULL;
87 int i = req->current_idx;
90 DATA_BLOB negprot_spnego_blob;
91 uint16_t security_offset;
92 DATA_BLOB security_buffer;
93 size_t expected_dyn_size = 0;
95 uint16_t security_mode;
96 uint16_t dialect_count;
98 uint32_t capabilities;
99 enum protocol_types protocol = PROTOCOL_NONE;
101 uint32_t max_trans = lp_smb2_max_trans();
102 uint32_t max_read = lp_smb2_max_read();
103 uint32_t max_write = lp_smb2_max_write();
105 status = smbd_smb2_request_verify_sizes(req, 0x24);
106 if (!NT_STATUS_IS_OK(status)) {
107 return smbd_smb2_request_error(req, status);
109 inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
111 dialect_count = SVAL(inbody, 0x02);
112 if (dialect_count == 0) {
113 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
116 expected_dyn_size = dialect_count * 2;
117 if (req->in.vector[i+2].iov_len < expected_dyn_size) {
118 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
120 indyn = (const uint8_t *)req->in.vector[i+2].iov_base;
122 for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
123 if (lp_srv_maxprotocol() < PROTOCOL_SMB3_00) {
126 if (lp_srv_minprotocol() > PROTOCOL_SMB3_00) {
130 dialect = SVAL(indyn, c*2);
131 if (dialect == SMB3_DIALECT_REVISION_300) {
132 protocol = PROTOCOL_SMB3_00;
137 for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
138 if (lp_srv_maxprotocol() < PROTOCOL_SMB2_24) {
141 if (lp_srv_minprotocol() > PROTOCOL_SMB2_24) {
145 dialect = SVAL(indyn, c*2);
146 if (dialect == SMB2_DIALECT_REVISION_224) {
147 protocol = PROTOCOL_SMB2_24;
152 for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
153 if (lp_srv_maxprotocol() < PROTOCOL_SMB2_22) {
156 if (lp_srv_minprotocol() > PROTOCOL_SMB2_22) {
160 dialect = SVAL(indyn, c*2);
161 if (dialect == SMB2_DIALECT_REVISION_222) {
162 protocol = PROTOCOL_SMB2_22;
167 for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
168 if (lp_srv_maxprotocol() < PROTOCOL_SMB2_10) {
171 if (lp_srv_minprotocol() > PROTOCOL_SMB2_10) {
175 dialect = SVAL(indyn, c*2);
176 if (dialect == SMB2_DIALECT_REVISION_210) {
177 protocol = PROTOCOL_SMB2_10;
182 for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
183 if (lp_srv_maxprotocol() < PROTOCOL_SMB2_02) {
186 if (lp_srv_minprotocol() > PROTOCOL_SMB2_02) {
190 dialect = SVAL(indyn, c*2);
191 if (dialect == SMB2_DIALECT_REVISION_202) {
192 protocol = PROTOCOL_SMB2_02;
197 for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
198 if (lp_srv_maxprotocol() < PROTOCOL_SMB2_10) {
202 dialect = SVAL(indyn, c*2);
203 if (dialect == SMB2_DIALECT_REVISION_2FF) {
204 if (req->sconn->smb2.negprot_2ff) {
205 req->sconn->smb2.negprot_2ff = false;
206 protocol = PROTOCOL_SMB2_10;
212 if (protocol == PROTOCOL_NONE) {
213 return smbd_smb2_request_error(req, NT_STATUS_NOT_SUPPORTED);
216 if (get_remote_arch() != RA_SAMBA) {
217 set_remote_arch(RA_VISTA);
220 /* negprot_spnego() returns a the server guid in the first 16 bytes */
221 negprot_spnego_blob = negprot_spnego(req, req->sconn);
222 if (negprot_spnego_blob.data == NULL) {
223 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
226 if (negprot_spnego_blob.length < 16) {
227 return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
230 security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
231 if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
232 security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
236 if (lp_host_msdfs()) {
237 capabilities |= SMB2_CAP_DFS;
241 * 0x10000 (65536) is the maximum allowed message size
246 if (protocol >= PROTOCOL_SMB2_10) {
247 /* largeMTU is only available on port 445 */
249 tsocket_address_inet_port(req->sconn->local_address))
252 capabilities |= SMB2_CAP_LARGE_MTU;
253 req->sconn->smb2.supports_multicredit = true;
255 /* SMB2.1 has 1 MB of allowed size */
256 max_limit = 0x100000; /* 1MB */
261 * the defaults are 1MB, but we'll limit this to max_limit based on
262 * the dialect (64kb for SMB2.0, 1MB for SMB2.1 with LargeMTU)
264 * user configured values exceeding the limits will be overwritten,
265 * only smaller values will be accepted
268 max_trans = MIN(max_limit, lp_smb2_max_trans());
269 max_read = MIN(max_limit, lp_smb2_max_read());
270 max_write = MIN(max_limit, lp_smb2_max_write());
272 security_offset = SMB2_HDR_BODY + 0x40;
275 /* Try SPNEGO auth... */
276 security_buffer = data_blob_const(negprot_spnego_blob.data + 16,
277 negprot_spnego_blob.length - 16);
279 /* for now we want raw NTLMSSP */
280 security_buffer = data_blob_const(NULL, 0);
283 outbody = data_blob_talloc(req->out.vector, NULL, 0x40);
284 if (outbody.data == NULL) {
285 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
288 SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
289 SSVAL(outbody.data, 0x02,
290 security_mode); /* security mode */
291 SSVAL(outbody.data, 0x04, dialect); /* dialect revision */
292 SSVAL(outbody.data, 0x06, 0); /* reserved */
293 memcpy(outbody.data + 0x08,
294 negprot_spnego_blob.data, 16); /* server guid */
295 SIVAL(outbody.data, 0x18,
296 capabilities); /* capabilities */
297 SIVAL(outbody.data, 0x1C, max_trans); /* max transact size */
298 SIVAL(outbody.data, 0x20, max_read); /* max read size */
299 SIVAL(outbody.data, 0x24, max_write); /* max write size */
300 SBVAL(outbody.data, 0x28, 0); /* system time */
301 SBVAL(outbody.data, 0x30, 0); /* server start time */
302 SSVAL(outbody.data, 0x38,
303 security_offset); /* security buffer offset */
304 SSVAL(outbody.data, 0x3A,
305 security_buffer.length); /* security buffer length */
306 SIVAL(outbody.data, 0x3C, 0); /* reserved */
308 outdyn = security_buffer;
310 req->sconn->using_smb2 = true;
312 if (dialect != SMB2_DIALECT_REVISION_2FF) {
313 set_Protocol(protocol);
315 req->sconn->smb2.max_trans = max_trans;
316 req->sconn->smb2.max_read = max_read;
317 req->sconn->smb2.max_write = max_write;
320 return smbd_smb2_request_done(req, outbody, &outdyn);