2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /* initialise the auth_context for this server and return the cryptkey */
24 static void get_challenge(struct smbsrv_connection *smb_conn, char buff[8])
27 const uint8_t *cryptkey;
29 /* muliple negprots are not premitted */
30 if (smb_conn->negotiate.auth_context) {
31 DEBUG(3,("get challenge: is this a secondary negprot? auth_context is non-NULL!\n"));
32 smb_panic("secondary negprot");
35 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
37 nt_status = make_auth_context_subsystem(&smb_conn->negotiate.auth_context);
39 if (!NT_STATUS_IS_OK(nt_status)) {
40 DEBUG(0, ("make_auth_context_subsystem returned %s", nt_errstr(nt_status)));
41 smb_panic("cannot make_negprot_global_auth_context!\n");
44 DEBUG(10, ("get challenge: getting challenge\n"));
45 cryptkey = smb_conn->negotiate.auth_context->get_ntlm_challenge(smb_conn->negotiate.auth_context);
46 memcpy(buff, cryptkey, 8);
49 /****************************************************************************
50 Reply for the core protocol.
51 ****************************************************************************/
52 static void reply_corep(struct smbsrv_request *req, uint16_t choice)
54 req_setup_reply(req, 1, 0);
56 SSVAL(req->out.vwv, VWV(0), choice);
58 req->smb_conn->negotiate.protocol = PROTOCOL_CORE;
60 if (req->smb_conn->signing.mandatory_signing) {
61 smbsrv_terminate_connection(req->smb_conn,
62 "CORE does not support SMB signing, and it is mandetory\n");
68 /****************************************************************************
69 Reply for the coreplus protocol.
70 this is quite incomplete - we only fill in a small part of the reply, but as nobody uses
71 this any more it probably doesn't matter
72 ****************************************************************************/
73 static void reply_coreplus(struct smbsrv_request *req, uint16_t choice)
75 uint16_t raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
77 req_setup_reply(req, 13, 0);
79 /* Reply, SMBlockread, SMBwritelock supported. */
80 SCVAL(req->out.hdr,HDR_FLG,
81 CVAL(req->out.hdr, HDR_FLG) | FLAG_SUPPORT_LOCKREAD);
83 SSVAL(req->out.vwv, VWV(0), choice);
84 SSVAL(req->out.vwv, VWV(1), 0x1); /* user level security, don't encrypt */
86 /* tell redirector we support
87 readbraw and writebraw (possibly) */
88 SSVAL(req->out.vwv, VWV(5), raw);
90 req->smb_conn->negotiate.protocol = PROTOCOL_COREPLUS;
92 if (req->smb_conn->signing.mandatory_signing) {
93 smbsrv_terminate_connection(req->smb_conn,
94 "COREPLUS does not support SMB signing, and it is mandetory\n");
100 /****************************************************************************
101 Reply for the lanman 1.0 protocol.
102 ****************************************************************************/
103 static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
105 int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
107 time_t t = req->request_time.tv_sec;
109 req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords();
111 if (lp_security() != SEC_SHARE)
112 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
114 if (req->smb_conn->negotiate.encrypted_passwords)
115 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
117 req->smb_conn->negotiate.protocol = PROTOCOL_LANMAN1;
119 req_setup_reply(req, 13, req->smb_conn->negotiate.encrypted_passwords ? 8 : 0);
121 /* SMBlockread, SMBwritelock supported. */
122 SCVAL(req->out.hdr,HDR_FLG,
123 CVAL(req->out.hdr, HDR_FLG) | FLAG_SUPPORT_LOCKREAD);
125 SSVAL(req->out.vwv, VWV(0), choice);
126 SSVAL(req->out.vwv, VWV(1), secword);
127 SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv);
128 SSVAL(req->out.vwv, VWV(3), lp_maxmux());
129 SSVAL(req->out.vwv, VWV(4), 1);
130 SSVAL(req->out.vwv, VWV(5), raw);
131 SIVAL(req->out.vwv, VWV(6), req->smb_conn->pid);
132 srv_push_dos_date(req->smb_conn, req->out.vwv, VWV(8), t);
133 SSVAL(req->out.vwv, VWV(10), req->smb_conn->negotiate.zone_offset/60);
135 /* Create a token value and add it to the outgoing packet. */
136 if (req->smb_conn->negotiate.encrypted_passwords) {
137 SSVAL(req->out.vwv, VWV(11), 8);
138 get_challenge(req->smb_conn, req->out.data);
141 if (req->smb_conn->signing.mandatory_signing) {
142 smbsrv_terminate_connection(req->smb_conn,
143 "LANMAN1 does not support SMB signing, and it is mandetory\n");
149 /****************************************************************************
150 Reply for the lanman 2.0 protocol.
151 ****************************************************************************/
152 static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
154 int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
156 time_t t = req->request_time.tv_sec;
158 req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords();
160 if (lp_security() != SEC_SHARE)
161 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
163 if (req->smb_conn->negotiate.encrypted_passwords)
164 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
166 req->smb_conn->negotiate.protocol = PROTOCOL_LANMAN2;
168 req_setup_reply(req, 13, 0);
170 SSVAL(req->out.vwv, VWV(0), choice);
171 SSVAL(req->out.vwv, VWV(1), secword);
172 SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv);
173 SSVAL(req->out.vwv, VWV(3), lp_maxmux());
174 SSVAL(req->out.vwv, VWV(4), 1);
175 SSVAL(req->out.vwv, VWV(5), raw);
176 SIVAL(req->out.vwv, VWV(6), req->smb_conn->pid);
177 srv_push_dos_date(req->smb_conn, req->out.vwv, VWV(8), t);
178 SSVAL(req->out.vwv, VWV(10), req->smb_conn->negotiate.zone_offset/60);
180 /* Create a token value and add it to the outgoing packet. */
181 if (req->smb_conn->negotiate.encrypted_passwords) {
182 SSVAL(req->out.vwv, VWV(11), 8);
183 req_grow_data(req, 8);
184 get_challenge(req->smb_conn, req->out.data);
187 req_push_str(req, NULL, lp_workgroup(), -1, STR_TERMINATE);
189 if (req->smb_conn->signing.mandatory_signing) {
190 smbsrv_terminate_connection(req->smb_conn,
191 "LANMAN2 does not support SMB signing, and it is mandetory\n");
197 /****************************************************************************
198 Reply for the nt protocol.
199 ****************************************************************************/
200 static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
202 /* dual names + lock_and_read + nt SMBs + remote API calls */
205 time_t t = req->request_time.tv_sec;
207 BOOL negotiate_spnego = False;
209 unix_to_nt_time(&nttime, t);
212 CAP_NT_FIND | CAP_LOCK_AND_READ |
213 CAP_LEVEL_II_OPLOCKS | CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
215 req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords();
217 /* do spnego in user level security if the client
218 supports it and we can do encrypted passwords */
220 if (req->smb_conn->negotiate.encrypted_passwords &&
221 (lp_security() != SEC_SHARE) &&
223 (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
224 negotiate_spnego = True;
225 capabilities |= CAP_EXTENDED_SECURITY;
228 if (lp_unix_extensions()) {
229 capabilities |= CAP_UNIX;
232 if (lp_large_readwrite()) {
233 capabilities |= CAP_LARGE_READX | CAP_LARGE_WRITEX | CAP_W2K_SMBS;
236 capabilities |= CAP_LARGE_FILES;
238 if (lp_readraw() && lp_writeraw()) {
239 capabilities |= CAP_RAW_MODE;
242 /* allow for disabling unicode */
244 capabilities |= CAP_UNICODE;
247 if (lp_nt_status_support()) {
248 capabilities |= CAP_STATUS32;
251 if (lp_host_msdfs()) {
252 capabilities |= CAP_DFS;
255 if (lp_security() != SEC_SHARE) {
256 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
259 if (req->smb_conn->negotiate.encrypted_passwords) {
260 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
263 if (req->smb_conn->signing.allow_smb_signing) {
264 secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
267 if (req->smb_conn->signing.mandatory_signing) {
268 secword |= NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
271 req->smb_conn->negotiate.protocol = PROTOCOL_NT1;
273 req_setup_reply(req, 17, 0);
275 SSVAL(req->out.vwv, VWV(0), choice);
276 SCVAL(req->out.vwv, VWV(1), secword);
278 /* notice the strange +1 on vwv here? That's because
279 this is the one and only SMB packet that is malformed in
280 the specification - all the command words after the secword
281 are offset by 1 byte */
282 SSVAL(req->out.vwv+1, VWV(1), lp_maxmux());
283 SSVAL(req->out.vwv+1, VWV(2), 1); /* num vcs */
284 SIVAL(req->out.vwv+1, VWV(3), req->smb_conn->negotiate.max_recv);
285 SIVAL(req->out.vwv+1, VWV(5), 0x10000); /* raw size. full 64k */
286 SIVAL(req->out.vwv+1, VWV(7), req->smb_conn->pid); /* session key */
287 SIVAL(req->out.vwv+1, VWV(9), capabilities);
288 push_nttime(req->out.vwv+1, VWV(11), nttime);
289 SSVALS(req->out.vwv+1,VWV(15), req->smb_conn->negotiate.zone_offset/60);
291 if (!negotiate_spnego) {
292 /* Create a token value and add it to the outgoing packet. */
293 if (req->smb_conn->negotiate.encrypted_passwords) {
294 req_grow_data(req, 8);
295 /* note that we do not send a challenge at all if
296 we are using plaintext */
297 get_challenge(req->smb_conn, req->out.ptr);
299 SCVAL(req->out.vwv+1, VWV(16), 8);
301 req_push_str(req, NULL, lp_workgroup(), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
302 req_push_str(req, NULL, lp_netbios_name(), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
303 DEBUG(3,("not using SPNEGO\n"));
305 struct gensec_security *gensec_security;
306 DATA_BLOB null_data_blob = data_blob(NULL, 0);
308 NTSTATUS nt_status = gensec_server_start(&gensec_security);
310 if (req->smb_conn->negotiate.auth_context) {
311 smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot? auth_context is non-NULL!\n");
315 req->smb_conn->negotiate.auth_context = NULL;
317 if (!NT_STATUS_IS_OK(nt_status)) {
318 DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
319 smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
323 nt_status = gensec_start_mech_by_oid(gensec_security, OID_SPNEGO);
325 if (!NT_STATUS_IS_OK(nt_status)) {
326 DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status)));
327 smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO\n");
331 nt_status = gensec_update(gensec_security, req->mem_ctx, null_data_blob, &blob);
333 if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
334 DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
335 smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
339 req->smb_conn->negotiate.spnego_negotiated = True;
341 req_grow_data(req, blob.length + 16);
342 /* a NOT very random guid */
343 memset(req->out.ptr, '\0', 16);
346 memcpy(req->out.ptr, blob.data, blob.length);
347 SCVAL(req->out.vwv+1, VWV(16), blob.length + 16);
348 req->out.ptr += blob.length;
349 DEBUG(3,("using SPNEGO\n"));
352 req_send_reply_nosign(req);
355 /* these are the protocol lists used for auto architecture detection:
358 protocol [PC NETWORK PROGRAM 1.0]
359 protocol [XENIX CORE]
360 protocol [MICROSOFT NETWORKS 1.03]
362 protocol [Windows for Workgroups 3.1a]
365 protocol [NT LM 0.12]
368 protocol [PC NETWORK PROGRAM 1.0]
369 protocol [XENIX CORE]
370 protocol [MICROSOFT NETWORKS 1.03]
372 protocol [Windows for Workgroups 3.1a]
375 protocol [NT LM 0.12]
378 protocol [PC NETWORK PROGRAM 1.0]
380 protocol [Windows for Workgroups 3.1a]
383 protocol [NT LM 0.12]
386 protocol [PC NETWORK PROGRAM 1.0]
387 protocol [XENIX CORE]
394 * Modified to recognize the architecture of the remote machine better.
396 * This appears to be the matrix of which protocol is used by which
398 Protocol WfWg Win95 WinNT Win2K OS/2
399 PC NETWORK PROGRAM 1.0 1 1 1 1 1
401 MICROSOFT NETWORKS 3.0 2 2
403 MICROSOFT NETWORKS 1.03 3
406 Windows for Workgroups 3.1a 5 5 5 3
411 * tim@fsg.com 09/29/95
412 * Win2K added by matty 17/7/99
415 #define ARCH_WFWG 0x3 /* This is a fudge because WfWg is like Win95 */
416 #define ARCH_WIN95 0x2
417 #define ARCH_WINNT 0x4
418 #define ARCH_WIN2K 0xC /* Win2K is like NT */
419 #define ARCH_OS2 0x14 /* Again OS/2 is like NT */
420 #define ARCH_SAMBA 0x20
422 #define ARCH_ALL 0x3F
424 /* List of supported protocols, most desired first */
425 static const struct {
426 const char *proto_name;
427 const char *short_name;
428 void (*proto_reply_fn)(struct smbsrv_request *req, uint16_t choice);
430 } supported_protocols[] = {
431 {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
432 {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
433 {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
434 {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
435 {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
436 {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
437 {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
438 {"MICROSOFT NETWORKS 1.03", "COREPLUS", reply_coreplus, PROTOCOL_COREPLUS},
439 {"PC NETWORK PROGRAM 1.0", "CORE", reply_corep, PROTOCOL_CORE},
443 /****************************************************************************
445 ****************************************************************************/
447 void reply_negprot(struct smbsrv_request *req)
455 if (req->smb_conn->negotiate.done_negprot) {
456 smbsrv_terminate_connection(req->smb_conn, "multiple negprot's are not permitted");
458 req->smb_conn->negotiate.done_negprot = True;
460 p = req->in.data + 1;
462 while (p < req->in.data + req->in.data_size) {
464 DEBUG(3,("Requested protocol [%s]\n",p));
465 if (strcmp(p,"Windows for Workgroups 3.1a") == 0)
466 arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K );
467 else if (strcmp(p,"DOS LM1.2X002") == 0)
468 arch &= ( ARCH_WFWG | ARCH_WIN95 );
469 else if (strcmp(p,"DOS LANMAN2.1") == 0)
470 arch &= ( ARCH_WFWG | ARCH_WIN95 );
471 else if (strcmp(p,"NT LM 0.12") == 0)
472 arch &= ( ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K );
473 else if (strcmp(p,"LANMAN2.1") == 0)
474 arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
475 else if (strcmp(p,"LM1.2X002") == 0)
476 arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
477 else if (strcmp(p,"MICROSOFT NETWORKS 1.03") == 0)
479 else if (strcmp(p,"XENIX CORE") == 0)
480 arch &= ( ARCH_WINNT | ARCH_OS2 );
481 else if (strcmp(p,"Samba") == 0) {
491 set_remote_arch(req->smb_conn, RA_SAMBA);
494 set_remote_arch(req->smb_conn, RA_WFWG);
497 set_remote_arch(req->smb_conn, RA_WIN95);
500 if (req->flags2==FLAGS2_WIN2K_SIGNATURE)
501 set_remote_arch(req->smb_conn, RA_WIN2K);
503 set_remote_arch(req->smb_conn, RA_WINNT);
506 set_remote_arch(req->smb_conn, RA_WIN2K);
509 set_remote_arch(req->smb_conn, RA_OS2);
512 set_remote_arch(req->smb_conn, RA_UNKNOWN);
516 /* possibly reload - change of architecture */
517 reload_services(req->smb_conn, True);
519 /* Check for protocols, most desirable first */
520 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
523 if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) &&
524 (supported_protocols[protocol].protocol_level >= lp_minprotocol()))
525 while (p < (req->in.data + req->in.data_size)) {
526 if (strequal(p,supported_protocols[protocol].proto_name))
536 sub_set_remote_proto(supported_protocols[protocol].short_name);
537 reload_services(req->smb_conn, True);
538 supported_protocols[protocol].proto_reply_fn(req, choice);
539 DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
541 DEBUG(0,("No protocol supported !\n"));
544 DEBUG(5,("negprot index=%d\n", choice));